• Encryption for the masses

    In the wake of the revelations that intelligence agencies have engaged in mass surveillance, both industry and society at large are looking for practicable encryption solutions which protect businesses and individuals. Previous technologies have failed in practice because they were too expensive or not user-friendly enough. German scientists have launched an open initiative called Volksverschlüsselung, which aims to bring end-to-end encryption to people.

  • Hackers exploit 1990s-era weak-encryption mandate

    Researchers have an old-new computer security vulnerability — the Factoring Attack on RSA-EXPORT Keys (FREAK), which affects SSL/TLS protocols used to encrypt data as it is transmitted over the Internet. The FREAK vulnerability goes back to an early 1990s U.S. restriction which limited software sold abroad to a maximum 512-bit code encryption. The mandate was set to allow U.S. federal intelligence agencies easily to spy on foreign software users.

  • Growing demand for cyber insurance, especially by small and mid-size businesses

    Technology startup firms are leading the way in ensuring not only the security of their customers, but their own security as well. American businesses are expected to pay $2 billion for cyber insurance premiums in 2014, a 67 percent increase from just one year earlier. More than fifty U.S. insurance carriers are now offering cyber insurance policies. Even more impressively, many of these are focusing on small and mid-size businesses.

  • Protecting the security for networks of the future

    Today’s company networks comprise hundreds of devices: routers for directing data packets to the right receiver, firewall components for protecting internal networks from the outside world, and network switches. Such networks are extremely inflexible because every component, every router and every switch can carry out only the task it was manufactured for. If the network has to be expanded, the company has to integrate new routers, firewalls or switches and then program them by hand. This is why experts worldwide have been working on flexible networks of the future for the last five years or so, developing what is known as software-defined networking (SDN). It presents one disadvantage, however; it is susceptible to hacker attacks. Researchers have now developed a way to protect these future networks.

  • The encryption debate is heating up

    The privacy vs. security debate is heating up. Should messages on private devices be encrypted to protect our privacy? Will this dangerously hamper national and international security efforts? If we go the encryption route, are technologies being implemented fast enough to protect sensitive data from criminals?

  • New Chinese cyber rules aim to facilitate intellectual property theft: U.S. tech companies

    The Chinese government’s cyberspace policy group in late 2014 approved a 22-page document which contained strict procurement rules for technology vendors. Those rules would require U.S. firms selling computer equipment in China to turn over sensitive intellectual property — including source codes — submit their products for “intrusive security testing,” and use Chinese encryption algorithms. U.S. companies selling equipment to Chinese banks will be required to set up research and development centers in China, get permits for workers servicing technology equipment, and build “ports” which allow Chinese officials to manage and monitor data processed by their hardware. U.S. tech companies charge that the new rules would make it easier for China to steal U.S. companies’ intellectual property.

  • If you seek to “switch off” encryption, you may as well switch off the whole Internet

    Prime Minister David Cameron has stated that the U.K. government will look at “switching off” some forms of encryption in order to make society safer from terror attacks. This might make a grand statement but it is impossible to implement and extremely technologically naïve. Encryption is a core part of the Internet; its use is increasing every day — Google’s services, including search and e-mail, use encrypted streams, as do Facebook and Twitter and many other widely used sites. Encryption makes it almost impossible for eavesdroppers to read the contents of the traffic. It is the foundation upon which all e-commerce is based. The technical case for switching off encryption is thus simply a non-starter. In fact we are moving in the opposite direction, replacing the old, open Internet with one that incorporates security by design. If you wish to switch off encryption, it will unpick the stitching that holds the Internet together.

  • Obama to unveil several cybersecurity initiatives this week

    President Barack Obama, in anticipation of the 20 January State of the Union address, has been sharing details of his address to a generate buzz. This week, Obama will focus on cybersecurity initiatives, including identity theft and electronic privacy laws, aimed at protecting citizens and the private sector. Obama will also announce a policy package designed to provide affordable access to broadband Internet nationwide.

  • Quantum physics makes fraud-proof credit cards possible

    Credit card fraud and identify theft are serious problems for consumers and industries. Corporations and individuals work to improve safeguards, but it has become increasingly difficult to protect financial data and personal information from criminal activity. Fortunately, new insights into quantum physics may soon offer a solution, as a team of researchers has harnessed the power of quantum mechanics to create a fraud-proof method for authenticating a physical “key” which is virtually impossible to thwart.

  • FIDO 1.0 specifications published aiming to promote stronger authentication

    The FIDO (Fast IDentity Online) Alliance, an open industry consortium promoting standards for simpler, stronger authentication, the other day published final 1.0 drafts of its two specifications — Universal Authentication Framework (UAF) and Universal 2nd Factor (U2F).

  • Scientist develops uncrackable security code for nuclear weapons

    Nuclear weapons exist, so control of nuclear weapons is essential. Intrinsic Use Control (IUC) is a concept which is capable of providing improved quantifiable safety and use control within a nuclear weapon. As a basic concept, use control is best accomplished in the weapon itself rather than depending on administrative controls, fences, and guards. Using established technology, IUC uses passive use control to resist any attacks or unauthorized use of a weapon at either the component or the fully assembled levels.

  • U.S. spends about $10 billion a year to protect the nation's digital infrastructure

    U.S. intelligence agencies have designated cyberattacks as the most alarming threat to national security. The federal government is spending roughly $10 billion a year to protect the nation’s digital infrastructure, but hackers, some sponsored by nation-states, are successfully infiltrating civilian and military networks.Professionals from DHS, the Pentagon, and private contractors all work together in U.S. cyber centers to detect, prevent, respond, and mitigate incoming and existing cyberattacks. Several of the U.S. top cybersecurity labs are housed in nondescript office buildings with no government seals or signs.

  • Lapses in Heartbleed bug fix discovered

    First disclosed in April 2014, Heartbleed presents a serious vulnerability to the popular OpenSSL (Secure Sockets Layer) software, allowing anyone on the Internet to read the memory of systems that are compromised by the malicious bug. A detailed analysis by cybersecurity experts found that Web site administrators nationwide tasked with patching security holes exploited by the Heartbleed bug may not have done enough.

  • FBI: Lawmakers should mandate surveillance “backdoors” in apps, operating systems

    FBI director James Comey said that the agency was pushing lawmakers to mandate surveillance functions in apps, operating systems, and networks, arguing that privacy and encryption prevent or disrupt some of the agency’s investigations. According to Comey, new privacy features implemented by Google and Apple in the wake of the Snowden revelations, automatically encrypt user communication and data, making it difficult for law enforcement to gather evidence and connect links among suspected criminals and terrorists.

  • Government tries better to define cybersecurity needs

    In a science advisory board meeting on 23 October at the White House Office of Science and Technology Policy (OSTP), officials attempted to glean just where the government cybersecurity workforce stood in terms of talent and hiring necessity. There is currently no government-wide federal job description in the cybersecurity field, and that has led to meetings similar to the October summit.