• Web security protocol TLS compromised

    In one third of all servers, the security protocol TLS and encrypted data transfer can be compromised. All types of online communication that deal with sensitive data are affected. The researchers discovered the flaw by launching a DROWN (Decrypting RSA with Obsolete and Weakened eNcryption) attack – which they will demonstrate and discuss at a forthcoming security conference in Germany.

  • French law would penalize encrypted phone makers who refuse to help police probes

    French lawmakers on Thursday voted for a measure which would impose penalties on manufacturers of smartphone who refuse to cooperate with law enforcement in inquiries of terrorism cases. The measure stipulates that a private manufacturer of smartphones, which refuses to hand over encrypted data to an investigating authority, would face up to five years in jail and a 350,000 euro ($380,000) fine.

  • App warns users when they are about to give away sensitive information online

    Researchers are seeing potential in a software application which could effectively warn users when they are about to give away sensitive personal information online. The eye tracker detects where a user’s eyes are at the computer screen and records how long they gazed at that spot. The app uses these two functions to find when a user’s eyes remain on a request for sensitive personal information.

  • Smartphones now account for 60% of infections in the mobile network

    Nokia Security Center Berlin the other day released research findings showing that in the mobile networks, smartphones pulled ahead of Windows-based computers and laptops, now accounting for 60 percent of the malware activity observed in the mobile space. The Nokia Threat Intelligence Report also reveals an increase in iOS-based malware, growing sophistication of Android malware and the rising threat of mobile ransomware.

  • Three “twisted” photons in 3 dimensions for quantum encryption

    Researchers have achieved a new milestone in quantum physics: they were able to entangle three particles of light in a high-dimensional quantum property related to the “twist” of their wave-front structure. Multi-photon entangled states such as these have applications ranging from quantum computing to quantum encryption. Along these lines, the authors of this study have developed a new type of quantum cryptographic protocol using their state that allows different layers of information to be shared asymmetrically among multiple parties with unconditional security.

  • FBI cannot force Apple to unlock iPhone in drug case: Judge

    Magistrate Judge James Orenstein in Brooklyn on Monday ruled that the U.S. government cannot force Apple to unlock an iPhone in a New York drug case. The ruling strengthens the company’s arguments in its landmark legal confrontation with the Justice Department over encryption and privacy. The government sought access to the drug dealer’s phone months before a California judge ordered Apple to give access to the San Bernardino terrorist’s handset.

  • Using device “fingerprints” to protect power grid, industrial systems

    Human voices are individually recognizable because they are generated by the unique components of each person’s voice box, pharynx, esophagus and other physical structures. Researchers are using the same principle to identify devices on electrical grid control networks, using their unique electronic “voices” — fingerprints produced by the devices’ individual physical characteristics — to determine which signals are legitimate and which signals might be from attackers. A similar approach could also be used to protect networked industrial control systems in oil and gas refineries, manufacturing facilities, wastewater treatment plants and other critical industrial systems.

  • In FBI versus Apple, government strengthened tech’s hand on privacy

    The ongoing fight between Apple and the FBI over breaking into the iPhone maker’s encryption system to access a person’s data is becoming an increasingly challenging legal issue. This case is very specific, and in this narrow case, Apple and law enforcement agencies will likely find a compromise. However, this question is not going away anywhere. With the “Internet of things” touted as the next big revolution, more and more devices will capture our very personal data – including our conversations. This case could be a precedent-setting event that can reshape how our data are stored and managed in the future.

  • Hackers hold hospitals’ medical data hostage

    Hackers attacked several hospitals in Germany with ransomware – locking medical files and demanding ransom payment for releasing the encrypted data. The blackmailing of hospitals by encrypting their medical file has become a growing problem around the world. In California, for example, a Hollywood hospital earlier this month had to pay about $17,000 in the digital currency bitcoins to hackers in order to regain access to medical files.

  • “Magic wand” to improve healthcare, cybersecurity

    Wireless and mobile health technologies have great potential to improve quality and access to care, reduce costs. and improve health. But these new technologies, whether in the form of software for smartphones or specialized devices to be worn, carried or applied as needed, also pose risks if they’re not designed or configured with security and privacy in mind. Researchers have developed a digital “magic wand” to improve home healthcare and to prevent hackers from stealing your personal data.

  • Pro-ISIS hackers issue threats to Facebook, Twitter founders

    Pro-ISIS hackers have released a video threatening the founders of Facebook and Twitter in retaliation for the two social media giants’ campaign to take down ISIS-related accounts. The threat was issued in a 25-minute video, uploaded on Tuesday to social networks by a group calling itself “Sons Caliphate Army” – which experts say is the latest “rebrand” of ISIS’s supporters online.

  • Do-it-yourself encryption

    Sending e-mails is easy. However, until now a lot of know-how has been required to securely encrypt them. This is bound to change: Deutsche Telekom and the Fraunhofer Institute for Secure Information Technology (SIT) in Darmstadt will be making encryption easy — with a popular encryption named Volksverschlüsselung. The Volksverschlüsselung software provides the required keys and configures the existing e-mail programs for the users to be able to encrypt and decrypt.

  • Cybersecurity “Rosetta Stone” marks two years of success

    Two years ago this month, the National Institute of Standards and Technology (NIST) released a document designed to help strengthen cybersecurity at organizations that manage critical national infrastructure such as banking and the energy supply. Produced after a year of intensive collaboration with industry, the Cybersecurity Framework is now a tool used by a wide variety of public and private companies and organizations, from retail chains to state governments.

  • More Americans support Justice Dept. than Apple in locked iPhone dispute

    As the standoff between the Department of Justice and Apple Inc. continues over an iPhone used by one of the suspects in the San Bernardino terrorist attacks, 51 percent say Apple should unlock the iPhone to assist the ongoing FBI investigation. Fewer Americans (38 percent) say Apple should not unlock the phone to ensure the security of its other users’ information; 11 percent do not offer an opinion on the question.

  • Passwords, privacy and protection: can Apple meet FBI’s demand without creating a ‘backdoor’?

    The point of encryption is to make decryption hard. However, hard does not mean impossible. The FBI could decrypt this data, with sufficient effort and computational power, and they could do this with no help from Apple. However, this route would be expensive, and would take some time. In effect, what they’re requesting of Apple is to make their job easier, cheaper and faster. Ultimately, how this matter gets resolved may depend more on the big-picture question of what privacy rights we as a society want for the data we record on our personal devices. Understanding the technical questions can inform this discussion.