• Bypassing encryption: “Lawful hacking” is the next frontier of law enforcement technology

    The discussion about how law enforcement or government intelligence agencies might rapidly decode information someone else wants to keep secret is – or should be – shifting. One commonly proposed approach, introducing what is called a “backdoor” to the encryption algorithm itself, is now widely recognized as too risky to be worth pursuing any further. The scholarly and research community, the technology industry and Congress appear to be in agreement that weakening the encryption that in part enables information security – even if done in the name of public safety or national security – is a bad idea. Backdoors could be catastrophic, jeopardizing the security of billions of devices and critical communications. A lawful hacking approach offers a solution that appears to gain greater favor with experts than encryption backdoors. A group of scholars proposed some ways we should begin thinking about how law enforcement could hack. Agencies are already doing it, so it’s time to turn from the now-ended debate about encryption backdoors and engage in this new discussion instead.

  • Cyber Security R&D Showcase coming in July

    The 2017 Cyber Security R&D Showcase and Technical Workshop is scheduled for 11-13 July at Washington, D.C.’s Mayflower Hotel. In all, fifteen research areas will be featured: mobile security, cyber-physical system security, software assurance, data privacy, identity management, distributed denial of service defense, next generation cyber infrastructure, technology transition, cyber risk economics, cybersecurity research infrastructure, modeling of internet attacks, support for law enforcement, moving-target defense, cloud security and insider threats. During the conference, attendees can choose from more than 115 technical presentations representing a combined $250 million of federally funded R&D.

  • Russia’s used “active measures” in 2016 U.S. election, and will do more in future, experts tell lawmakers

    The Senate Select Committee on Intelligence on Wednesday launched its investigation into Russian interference in the 2016 U.S. election. Expert witnesses told the senators that decades of Russian covert attempts to undermine confidence in Western institutions will only accelerate in the future unless the United States confronts Russia’s “active measures.” Since 2009, Russia has built a vast information warfare infrastructure, which now involves at least 15,000 operatives worldwide writing and spreading false news stories and conspiracy theories online. Russia created fake social media accounts by mimicking profiles of voters in key election states and precincts in the 2016 election, and used a mix of bots and real people to push propaganda from state-controlled media outlets like Russia Today (RT) and Sputnik. The FSB and the GRU, the two Russian intelligence agencies, created nearly 1,200 websites (“trolls”) which disseminated the fake news to help the Trump campaign. One experts told the senators that the material published by Wikileaks and Guccifer 2.0 “is probably under 1 percent of what we’d attribute to the Russian government stealing,” and that Russia will use the rest of the material to try and blackmail American politicians in the future.

  • Encryption requirements to change P25 CAP approved equipment list

    On Monday announced a change in the Project 25 Compliance Assessment Program (P25 CAP) listing of grant-eligible radio equipment for first responders. In order to be fully compliant with all P25 CAP requirements, radio equipment that requires encryption must use Advanced Encryption Standard (AES) 256. Equipment that uses proprietary or other non-standard encryption capabilities without also providing the standard encryption (AES 256) capability does not meet the requirement specified in the Project 25 Compliance Assessment Program Encryption Requirements Compliance Assessment Bulletin (CAB).

  • How WhatsApp encryption works – and why there shouldn’t be a backdoor

    A battle between national security and privacy is brewing. Governments and secret services are asking encrypted messaging services such as WhatsApp to allow them access to users’ data, arguing that access to messages will allow authorities to thwart future terror attacks. Ultimately, though, if someone thinks that removing WhatsApp encryption would be the solution to the problem of terrorism or crime, then they don’t understand the actual problem. Even if you were to remove the end-to-end encryption from WhatsApp, criminals could create their own, similar, software that would allow them to communicate securely, while ordinary users would lose the ability to send genuinely private messages.

  • Global entities come shopping for Israeli cybersecurity

    As computer devices and Internet of Things (IoT) connectivity continue to break new boundaries and create changes to our lifestyle, new cybersecurity technologies to defend our tech-savvy lives are crucial. “We’re still at the beginning for the cyber arena. We still need the security solution for smart homes, we still don’t have security solutions for autonomous cars, or for connected medical devices or MRI machines, or for connected kitchen appliances. Every technology that will be introduced to our lives in the coming years will need a cyber solution,” says one expert.

  • “Anonymized” Web browsing history may not be anonymous after all

    Raising further questions about privacy on the internet, researchers have released a study showing that a specific person’s online behavior can be identified by linking anonymous Web browsing histories with social media profiles. The new research shows that anyone with access to browsing histories — a great number of companies and organizations —can identify many users by analyzing public information from social media accounts.

  • Creating safer, less vulnerable software

    We can create software with 100 times fewer vulnerabilities than we do today, according to computer scientists at the National Institute of Standards and Technology (NIST). To get there, they recommend that coders adopt the approaches they have compiled in a new publication.

  • Ben-Gurion University, PayPal join forces in cybersecurity research

    Ben-Gurion University of the Negev (BGU) and PayPal announced a new partnership this morning in order to conduct joint research and development in the fields of big data, machine learning and cyber security. It is the first such collaboration between PayPal and an Israeli university. PayPal’s involvement in big-data and machine learning technology has been supported by its significant R&D activity in Israel, starting with the acquisition of Fraud Sciences in 2008 and the establishment of a global risk and data sciences R&D center in Tel-Aviv.

  • U.K. police charges man with terrorism over researching, using encryption

    Samata Ullah, a 33-year old Briton, earlier this month was charged in a London court with six counts of terrorism, one of which related to researching and using encryption. Privacy advocates say that a controversial statute under British law criminalizes, in the name of combatting terrorism, actions which, on their own, are perfectly legal.

  • China’s quantum satellite could make data breaches a thing of the past

    China recently launched a satellite into orbit with a unique feature: it has the ability to send information securely, not with mathematical encryption but by using the fundamental laws of physics. China will be the first country to achieve this feat, and it marks a milestone in the development of quantum technologies. The next revolution in technology promises to embrace fundamental laws of physics to enable devices to perform operations that are beyond the bounds of current electronics. For practical quantum communications we need devices integrated into our computers and smartphones that exchange data in a similar way to the quantum satellite. These devices are thankfully just around the corner. In a few years we may look back on digital eavesdropping and massive information breaches from databases as a problem buried in the past.

  • “Security fatigue” may cause computer users to feel hopeless and act recklessly

    After updating your password for the umpteenth time, have you resorted to using one you know you’ll remember because you’ve used it before? Have you ever given up on an online purchase because you just didn’t feel like creating a new account? If you have done any of those things, it might be the result of “security fatigue.” It exposes online users to risk and costs businesses money in lost customers.

  • NIST patented single-photon detector for potential encryption, sensing apps

    Individual photons of light now can be detected far more efficiently using a device patented by a team including NIST, whose scientists have overcome longstanding limitations with one of the most commonly used type of single-photon detectors. Their invention could allow higher rates of transmission of encrypted electronic information and improved detection of greenhouse gases in the atmosphere.

  • New encryption method improves privacy protection

    VTT Technical Research Center of Finland has developed a new kind of encryption method for improving the privacy protection of consumers to enable safer, more reliable, and easier-to-use user authentication than current systems allow. The method combines safety, usability, and privacy protection — until now, implementing all three at the same time has been a challenge.

  • Secure passwords can be sent through the human body, instead of air

    Sending a password or secret code over airborne radio waves like WiFi or Bluetooth means anyone can eavesdrop, making those transmissions vulnerable to hackers who can attempt to break the encrypted code. Now, computer scientists and electrical engineers have devised a way to send secure passwords through the human body — using benign, low-frequency transmissions generated by fingerprint sensors and touchpads on consumer devices.