encryption – Page 8 – SSL and internet security news

Eavesdropping on SMS Messages inside Telco Networks

November 7, 2019 infossl

eavesdropping, encryption, espionage, malware, Security technology, sms

Fireeye reports on a Chinese-sponsored espionage effort to eavesdrop on text messages: FireEye Mandiant recently discovered a new malware family used by APT41 (a Chinese APT group) that is designed to monitor and save SMS traffic from specific phone numbers, IMSI numbers and keywords for subsequent theft. Named MESSAGETAP, the tool was deployed by APT41 … Read More “Eavesdropping on SMS Messages inside Telco Networks” »

Former FBI General Counsel Jim Baker Chooses Encryption Over Backdoors

October 28, 2019 infossl

backdoors, cryptography, cryptowars, cybersecurity, encryption, fbi, lawenforcement, nationalsecuritypolicy, nsa, Security technology

In an extraordinary essay, the former FBI general counsel Jim Baker makes the case for strong encryption over government-mandated backdoors: In the face of congressional inaction, and in light of the magnitude of the threat, it is time for governmental authorities — including law enforcement — to embrace encryption because it is one of the … Read More “Former FBI General Counsel Jim Baker Chooses Encryption Over Backdoors” »

NordVPN Breached

October 23, 2019 infossl

breaches, certificates, cryptography, disclosure, encryption, keys, Security technology, vpn

There was a successful attack against NordVPN: Based on the command log, another of the leaked secret keys appeared to secure a private certificate authority that NordVPN used to issue digital certificates. Those certificates might be issued for other servers in NordVPN’s network or for a variety of other sensitive purposes. The name of the … Read More “NordVPN Breached” »

More on Law Enforcement Backdoor Demands

September 11, 2019 infossl

backdoors, encryption, lawenforcement, reports, Security technology, smartphones

The Carnegie Endowment for International Peace and Princeton University’s Center for Information Technology Policy convened an Encryption Working Group to attempt progress on the “going dark” debate. They have released their report: “Moving the Encryption Policy Conversation Forward. The main contribution seems to be that attempts to backdoor devices like smartphones shouldn’t also backdoor communications … Read More “More on Law Enforcement Backdoor Demands” »

The Myth of Consumer-Grade Security

August 28, 2019 infossl

consumerization, encryption, nationalsecuritypolicy, nsa, Security technology, securityengineering, vulnerabilities

The Department of Justice wants access to encrypted consumer devices but promises not to infiltrate business products or affect critical infrastructure. Yet that’s not possible, because there is no longer any difference between those categories of devices. Consumer devices are critical infrastructure. They affect national security. And it would be foolish to weaken them, even … Read More “The Myth of Consumer-Grade Security” »

Facebook Plans on Backdooring WhatsApp

August 1, 2019 infossl

backdoors, encryption, facebook, Security technology, whatsapp

This article points out that Facebook’s planned content moderation scheme will result in an encryption backdoor into WhatsApp: In Facebook’s vision, the actual end-to-end encryption client itself such as WhatsApp will include embedded content moderation and blacklist filtering algorithms. These algorithms will be continually updated from a central cloud service, but will run locally on … Read More “Facebook Plans on Backdooring WhatsApp” »

ACLU on the GCHQ Backdoor Proposal

July 30, 2019 infossl

aclu, backdoors, encryption, gchq, Security technology, uk

Back in January, two senior GCHQ officials proposed a specific backdoor for communications systems. It was universally derided as unworkable — by me, as well. Now Jon Callas of the ACLU explains why. Powered by WPeMatico

Attorney General William Barr on Encryption Policy

July 24, 2019 infossl

backdoors, cryptowars, encryption, essays, lawenforcement, nationalsecuritypolicy, Security technology

Yesterday, Attorney General William Barr gave a major speech on encryption policy — what is commonly known as “going dark.” Speaking at Fordham University in New York, he admitted that adding backdoors decreases security but that it is worth it. Some hold this view dogmatically, claiming that it is technologically impossible to provide lawful access … Read More “Attorney General William Barr on Encryption Policy” »

Presidential Candidate Andrew Yang Has Quantum Encryption Policy

July 12, 2019 infossl

blockchain, cryptography, encryption, nationalsecuritypolicy, quantumcomputing, Security technology

At least one presidential candidate has a policy about quantum computing and encryption. It has two basic planks. One: fund quantum-resistant encryption standards. (Note: NIST is already doing this.) Two, fund quantum computing. (Unlike many far more pressing computer security problems, the market seems to be doing this on its own quite nicely.) Okay, so … Read More “Presidential Candidate Andrew Yang Has Quantum Encryption Policy” »

Google Releases Basic Homomorphic Encryption Tool

July 2, 2019 infossl

cryptography, encryption, google, Security technology

Google has released an open-source cryptographic tool: Private Join and Compute. From a Wired article: Private Join and Compute uses a 1970s methodology known as “commutative encryption” to allow data in the data sets to be encrypted with multiple keys, without it mattering which order the keys are used in. This is helpful for multiparty … Read More “Google Releases Basic Homomorphic Encryption Tool” »