• Telegram IM app recalibrates policies after Paris attacks

    Pavel Durov, the creator of the popular instant messaging app Telegram, has said that following the Paris terrorist attacks, his company has blocked dozens of accounts associated with the jihadist Islamic State group. As is the case with other technology companies, Telegram is trying to negotiate the balance between privacy and security: the same privacy-enhancing technology which keeps customers’ communication private, also helps terrorists communicate with each other and plot attacks safe from monitoring and surveillance by intelligence agencies and law enforcement.

  • Paris terrorist attacks reignite debate over end-to-end encryption, back doors

    The exact way the terrorists who attacked France last Friday communicated with each other, and their handlers, in the run-up to the attack is not yet clear, but the attack has prompted law enforcement and intelligence agencies in Europe and the United States to renew their call to regulate the use of new encryption technologies which allow users to “go dark” and make it difficult, if not altogether impossible, to retrieve the contents of communication.

  • view counter
  • Forge-proof authentication method to revolutionize security

    Scientists have discovered a way to authenticate or identify any object by generating an unbreakable ID based on atoms. The technology uses next-generation nanomaterials to enable the unique identification of any product with guaranteed security. uses atomic-scale imperfections which are impossible to clone as they comprise the unmanipulable building blocks of matter. The researchers used atomic-scale imperfections which are impossible to clone as they comprise the unmanipulable building blocks of matter. 

  • Vulnerabilities found in use of certificates for Web security

    Consumers use the Internet for banking, e-mailing, shopping, and much more nowadays. With so much personal and private information being transmitted over the Web, Internet users must be able to rely on and trust the sites they are accessing. For security purposes, Web sites use certificates to establish encrypted communications. When a site becomes compromised, its certificate should be revoked. Astudy finds that Web site administrators are providing a large number of revoked certificates, certificate authorities are not using newer processes for distributing revocations, and Web browsers are not checking whether certificates have been revoked.

  • Stealing encryption keys on Amazon’s Cloud servers

    Cloud computing is a service that enables companies and organizations to store information and run computer applications without making their own investments in actual computer hardware or employing IT staff. Researchers have demonstrated that RSA encryption keys, which are used by thousands of companies and organizations to protect the data and processes they entrust to cloud-based services, can be obtained using a sophisticated side-channel attack — despite recent efforts by cloud service providers and cryptography software developers to eliminate such vulnerabilities.

  • White House will not seek law allowing law enforcement access to encrypted messages

    The Obama administration has decided not to seek legislation which would require tech companies to design their devices in a way which would give law enforcement agencies access to individuals’ encrypted messages, the White House said on Saturday. The tech industry, led by giants Apple, Google, Facebook, IBM, and Microsoft, has mounted a vigorous campaign opposing any administration moves to weaken ever-more-sophisticated encryption systems which are designed to protect consumers’ privacy.

  • Supposedly encrypted national identifying numbers easily decrypted

    Studies raise questions about the use of national identifying numbers by showing that Resident Registration Numbers (RRN) used in South Korea can be decrypted to reveal a host of personal information. A team of researchers in two experiments was able to decrypt more than 23,000 RRNs using both computation and logical reasoning. The findings suggest that, while such identifiers are encrypted to protect privacy, they remain vulnerable to attack and must be designed to avoid such weaknesses.

  • Apple's encryption prevents it from complying with U.S. court order

    Apple said it could not comply with a court order to hand over texts sent using iMessage between two iPhones because the company’s encryption system makes it impossible to do so. The Justice Department persuaded the court to issue the order to facilitate an investigation involving guns and drugs. Legal experts say this is the first known direct face-off between the U.S. government and Apple over encryption. The FBI contends that such encryption puts the American public at risk because it makes it harder, if not impossible, to track and catch terrorists, pedophiles, and other criminals.

  • Smartphone encryption will deter criminals more than it would impede the police

    In the debate over default encryption of smartphones, top law enforcement officials have been vocal in their opposition. Law enforcement and intelligence agencies argue that encryption obstructs investigations and hampers efforts to track criminals and solve crimes. Other argue that strong, default encryption could actually deter crimes, because protecting a smartphone with a password is just another obstruction to criminals, and default encryption would be a deterrent to crime in the industry by saving sensitive information even in the event of a theft.

  • Securing data from attacks by ever more powerful supercomputers

    For the powerful quantum computers that will be developed in the future, cracking online bank account details and credit cards number will be a cinch. But a team of cryptographers is already working at future-proofing the privacy of today’s Internet communications from tomorrow’s powerful computers. The researchers have developed upgrades to the Internet’s core encryption protocol that will prevent quantum computer users from intercepting Internet communications.

  • Improving the security of data transfer

    Georgia Tech researchers were awarded $4.2 million from the Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory (AFRL) to improve how data is tracked between computers, Internet hosts, and browsers for better cyber security. The four-year project, titled “THEIA” after the Greek goddess of shining light, attempts to shed light on exactly where data moves as it is routed from one Internet host to another and whether any malicious code, for example, is attached to data during transfer.

  • N.Y. village pays ransom to regain access to hacker-encrypted files

    The village Ilion in central New York paid ransom twice last year — $300 and $500 — to have access to its computers two official-looking e-mails planted malware throughout the village’s computer system. The New York State comptroller’s office has audited 100 municipal computer systems the past three years, and said the experience of Ilion should serve as a warning to others municipalities of the growing cyberthreat – especially attempts by hackers to infiltrate computer systems to make them inaccessible unless ransom is paid.

  • Shoring up Tor

    With 2.5 million daily users, the Tor network is the world’s most popular system for protecting Internet users’ anonymity. For more than a decade, people living under repressive regimes have used Tor to conceal their Web-browsing habits from electronic surveillance, and Web sites hosting content that’s been deemed subversive have used it to hide the locations of their servers. Researchers have now demonstrated a vulnerability in Tor’s design, mounting successful attacks against popular anonymity network — and show how to prevent them.

  • Giving government special access to data poses major security risks

    In recent months, government officials in the United States, the United Kingdom, and other countries have made repeated calls for law-enforcement agencies to be able to access, upon due authorization, encrypted data to help them solve crimes. Beyond the ethical and political implications of such an approach, though, is a more practical question: If we want to maintain the security of user information, is this sort of access even technically possible? A report by cybersecurity and encryption experts says that whether “backdoor” or “front-door,” such mechanisms “pose far more grave security risks, imperil innovation on which the world’s economies depend, and raise more thorny policy issues than we could have imagined when the Internet was in its infancy.”

  • Privacy vs. security debate intensifies as more companies offer end-to-end-encryption

    A long running debate has now come to the fore with greater urgency. The tension between the privacy that encryption offers, and the need for law enforcement and national security agencies to have access to secured and encrypted e-mail, has become more acute in the last two years. The revelations of Edward Snowden about the post-9/11 reach and scope of surveillance by intelligence agencies and law enforcement, have caused some tech giants to offer encrypted services to their customers – encrypted services which enhance customers’ privacy protection, but which at the same time make it impossible for law enforcement and intelligence services to track and monitor terrorists and criminals. “Our job is to find needles in a nationwide haystack, needles that are increasingly invisible to us because of end-to-end encryption,” FBI director James Comey told lawmakers in recent hearing on the Hill.