• Stealing encryption keys on Amazon’s Cloud servers

    Cloud computing is a service that enables companies and organizations to store information and run computer applications without making their own investments in actual computer hardware or employing IT staff. Researchers have demonstrated that RSA encryption keys, which are used by thousands of companies and organizations to protect the data and processes they entrust to cloud-based services, can be obtained using a sophisticated side-channel attack — despite recent efforts by cloud service providers and cryptography software developers to eliminate such vulnerabilities.

  • White House will not seek law allowing law enforcement access to encrypted messages

    The Obama administration has decided not to seek legislation which would require tech companies to design their devices in a way which would give law enforcement agencies access to individuals’ encrypted messages, the White House said on Saturday. The tech industry, led by giants Apple, Google, Facebook, IBM, and Microsoft, has mounted a vigorous campaign opposing any administration moves to weaken ever-more-sophisticated encryption systems which are designed to protect consumers’ privacy.

  • Supposedly encrypted national identifying numbers easily decrypted

    Studies raise questions about the use of national identifying numbers by showing that Resident Registration Numbers (RRN) used in South Korea can be decrypted to reveal a host of personal information. A team of researchers in two experiments was able to decrypt more than 23,000 RRNs using both computation and logical reasoning. The findings suggest that, while such identifiers are encrypted to protect privacy, they remain vulnerable to attack and must be designed to avoid such weaknesses.

  • Apple's encryption prevents it from complying with U.S. court order

    Apple said it could not comply with a court order to hand over texts sent using iMessage between two iPhones because the company’s encryption system makes it impossible to do so. The Justice Department persuaded the court to issue the order to facilitate an investigation involving guns and drugs. Legal experts say this is the first known direct face-off between the U.S. government and Apple over encryption. The FBI contends that such encryption puts the American public at risk because it makes it harder, if not impossible, to track and catch terrorists, pedophiles, and other criminals.

  • Smartphone encryption will deter criminals more than it would impede the police

    In the debate over default encryption of smartphones, top law enforcement officials have been vocal in their opposition. Law enforcement and intelligence agencies argue that encryption obstructs investigations and hampers efforts to track criminals and solve crimes. Other argue that strong, default encryption could actually deter crimes, because protecting a smartphone with a password is just another obstruction to criminals, and default encryption would be a deterrent to crime in the industry by saving sensitive information even in the event of a theft.

  • Securing data from attacks by ever more powerful supercomputers

    For the powerful quantum computers that will be developed in the future, cracking online bank account details and credit cards number will be a cinch. But a team of cryptographers is already working at future-proofing the privacy of today’s Internet communications from tomorrow’s powerful computers. The researchers have developed upgrades to the Internet’s core encryption protocol that will prevent quantum computer users from intercepting Internet communications.

  • Improving the security of data transfer

    Georgia Tech researchers were awarded $4.2 million from the Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory (AFRL) to improve how data is tracked between computers, Internet hosts, and browsers for better cyber security. The four-year project, titled “THEIA” after the Greek goddess of shining light, attempts to shed light on exactly where data moves as it is routed from one Internet host to another and whether any malicious code, for example, is attached to data during transfer.

  • N.Y. village pays ransom to regain access to hacker-encrypted files

    The village Ilion in central New York paid ransom twice last year — $300 and $500 — to have access to its computers two official-looking e-mails planted malware throughout the village’s computer system. The New York State comptroller’s office has audited 100 municipal computer systems the past three years, and said the experience of Ilion should serve as a warning to others municipalities of the growing cyberthreat – especially attempts by hackers to infiltrate computer systems to make them inaccessible unless ransom is paid.

  • Shoring up Tor

    With 2.5 million daily users, the Tor network is the world’s most popular system for protecting Internet users’ anonymity. For more than a decade, people living under repressive regimes have used Tor to conceal their Web-browsing habits from electronic surveillance, and Web sites hosting content that’s been deemed subversive have used it to hide the locations of their servers. Researchers have now demonstrated a vulnerability in Tor’s design, mounting successful attacks against popular anonymity network — and show how to prevent them.

  • Giving government special access to data poses major security risks

    In recent months, government officials in the United States, the United Kingdom, and other countries have made repeated calls for law-enforcement agencies to be able to access, upon due authorization, encrypted data to help them solve crimes. Beyond the ethical and political implications of such an approach, though, is a more practical question: If we want to maintain the security of user information, is this sort of access even technically possible? A report by cybersecurity and encryption experts says that whether “backdoor” or “front-door,” such mechanisms “pose far more grave security risks, imperil innovation on which the world’s economies depend, and raise more thorny policy issues than we could have imagined when the Internet was in its infancy.”

  • Privacy vs. security debate intensifies as more companies offer end-to-end-encryption

    A long running debate has now come to the fore with greater urgency. The tension between the privacy that encryption offers, and the need for law enforcement and national security agencies to have access to secured and encrypted e-mail, has become more acute in the last two years. The revelations of Edward Snowden about the post-9/11 reach and scope of surveillance by intelligence agencies and law enforcement, have caused some tech giants to offer encrypted services to their customers – encrypted services which enhance customers’ privacy protection, but which at the same time make it impossible for law enforcement and intelligence services to track and monitor terrorists and criminals. “Our job is to find needles in a nationwide haystack, needles that are increasingly invisible to us because of end-to-end encryption,” FBI director James Comey told lawmakers in recent hearing on the Hill.

  • New encryption method emulates the way parents talk to their children

    Encrypting e-mails can be tedious, difficult, and very confusing. Even for those who have mastered the process, it is useless unless the intended recipient has the correct software to decode the message. A researcher has now created an easier method — one that sounds familiar to parents who try to outsmart their 8-year-old child. The new technique gets rid of the complicated, mathematically generated messages that are typical of encryption software. Instead, the method transforms specific e-mails into ones that are vague by leaving out key words.

  • “Dark Internet” inhibits law enforcement’s ability to identify, track terrorists

    For several months, Islamic State militants have been using instant messaging apps which encrypt or destroy conversations immediately. This has inhibit U.S. intelligence and law enforcement agencies from identifying and monitoring suspected terrorists, even when a court order is granted, because messaging companies and app developers say they are unable to unlock the coded conversations and/or do not have a record of the conversations. “We’re past going dark in certain instances,” said Michael B. Steinbach, the FBI’s top counterterrorism official. “We are dark.”

  • USMobile launches Scrambl3 mobile, Top Secret communication-standard app

    Irvine, California-based USMobile, a developer of private mobile phone services, yesterday launched Scrambl3, a smartphone app that enables users to create their own Private Mobile Network. When Scrambl3 users communicate with each other, Scrambl3 creates a Dark Internet Tunnel between their smartphones. This Tunnel cloaks the calls and texts by making them invisible on the Internet. Scrambl3 App for Android-based phones is available for a 60-day free beta offering from the Google Play Store.

  • Tech companies urge rejection of push by FBI, DOJ for electronic devices “backdoors”

    In a 19 May letter to President Barack Obama, a group of Silicon Valley tech companies, cyber-security experts, and privacy advocacy groups urged the president to reject the implementation of “backdoors” in smartphone and computer encryption. The letter offered evidence of the  strong objection of the tech industry to demands from the Justice Department and the Federal Bureau of Investigation (FBI) to allow secret backdoor passages into consumer electronics, which would make it possible for law enforcement to read encrypted private communications and data.