Privacy, Secure Sharing and the Holy Grail of Encryption - HackSurfer Hangout
Peter Long, the CEO of ARKpX (formerly Lockbox) is joining us this Thursday to chat about the world of mobile and the cloud when it comes to cybercrime and cybersecurity. We #39;ll be chatting...
By: HackSurfer
More here:
Privacy, Secure Sharing and the Holy Grail of Encryption - HackSurfer Hangout - Video
In many industries, cloud computing is now vital to remaining competitive. The cloud typically offers superior flexibility, scalability, accessibility, and high availability, enabling businesses to grow more agile and responsive. Regulatory compliance concerns often make banks and other financial service providers slower to adopt the cloud, but even in the financial services industry, the cloud will soon become a necessity.
Banks are already seeing attractive use cases for cloud computing, as Bank Systems & Technology's Bryan Yurcan and Jonathan Camhi pointed out late last year. Cloud-based payment processing is one hot topic. Cloud-based document management is another. Analytics for business insight and fraud detection are also growing popular. However, all of these applications will require a thorough understanding of the regulatory restrictions and how to comply with them. One of the most essential tools to make sure your cloud adoption meets regulatory requirements is cloud data encryption.
What to Protect PCI DSS mandates the protection of customer account data, which you'll need in order to process payments in the cloud. Per PCI DSS 3.0, that data includes:
PCI DSS requires organizations to "use strong cryptography and security protocols" for the transmission of sensitive cardholder information. Some of these fields are more sensitive than others, however. PANs are more sensitive than expiration dates, for example, while verification codes and PINs are so sensitive that PCI DSS outright forbids the storage of them after the transaction is completed. Your cloud data encryption strategy should include the ability to apply varying strengths of encryption at a granular, policy-based level so that you can apply the appropriate amount of protection to each data type.
Here are some best practices that can help you use cloud data encryption to safely make the most of the cloud.
Cloud Data Encryption Best Practices
Use cloud data encryption that preserves your cloud application functionality To enjoy the benefits of cloud computing, develop a cloud data encryption strategy that secures your data but also preserves the functionality of the cloud applications you've chosen. Tools like CipherCloud's Searchable Strong Encryption can help, as can encryption and tokenization schemes that retain the original format of the data while hiding the actual values.
How does your organization use cloud encryption to remain compliant? Let us know your thoughts in the comments
Paige Leidig is SVP at CipherCloud. He has 20 years of experience in technology, marketing, and selling enterprise application solutions and managing trusted customer relationships. As SVP of Marketing, he is responsible for all aspects of marketing at CipherCloud. Paige was previously in the Office of the CEO at SAP, where he was responsible for leading and coordinating SAPs acquisition and integration activities on a global basis. He has managed a number of marketing initiatives at SAP, including responsibility for all go-to-market activities for SAPs Cloud applications portfolio. Preceding his SAP career, Paige held senior management positions with Ariba, Elance, and E*Trade.
See more here:
Cloud Encryption Best Practices for Financial Services
Research suggests that surveillance agencies could use statistical tricks to peek through the encryption that protects Web browsing.
Stung by revelations about mass government surveillance, consumer Web companies are expanding their use of encryption and releasing more details of those protections to reassure wary customers. Earlier this year, for instance, Apple released details of how communications sent via its iMessage service are encrypted.
New research suggests that the U.S. National Security Agency, or any other organization capable of collecting large quantities of Web traffic, could extract private information from encrypted communications by searching for patterns in that data stream. In tests, analysis of encrypted Internet traffic could reveal the health conditions a person was researching online. Similar techniques could glean information about use of iMessage such as when a person starts typing or what language they wrote a message in. That research focuses on an approach known as traffic analysis, which involves using statistical techniques to find patterns in encrypted communications.
Researchers at the University of California, Berkeley, and Intel developed a particularly effective version targeted against HTTPS, the form of encryption used to protect websites and visible to Web surfers as a padlock in a browsers address bar. The technique involves having software visit the websites of interest and using machine-learning algorithms to learn the traffic patterns associated with different pages. Those patterns are then looked for in a victims traffic trace.
The approach proved capable of identifying the pages for specific medical conditions a person was looking at on the Planned Parenthood and Mayo Clinic websites even though both sites encrypt connections with HTTPS. It could also identify what services a person accessed when he or she logged onto financial sites including Wells Fargo and Bank of America. On average, the technique was about 90 percent accurate at identifying Web pages. A paper on the Berkeley research will be presented at the Privacy Enhancing Technologies Symposium in Amsterdam next month.
Traffic analysis would be a useful tool for surveillance by government programs, such as those used by the NSA to collect and analyze encrypted Internet traffic (see NSA Leak Leaves Crypto Math Intact but Highlights Known Workarounds). Corporations with access to Internet traffic might also have motivation to use it, says Brad Miller, the PhD candidate at Berkeley who led the research.
There are very valid use cases of this type of analysis for companies, he says. For example, an ISP might want to gain information about its customers online activity that could be used to target ads, even if those customers have encrypted their browsing or communications. Some ISPs, such as Verizon Wireless, already sell data on their customers browsing to third parties for such purposes.
Scott Coull, a researcher with the security company RedJack, says the Berkeley work is the latest in a series of papers showing how traffic analysis could be used against consumers. When you look at the worst case for this kind of attack, things dont look very good, he says.
Coull recently found that traffic analysis can be very effective against messages sent via Apples iMessage, which are encrypted from the moment they are sent to the moment they are received. iMessage is by far the worst thing Ive seen, he says. Coull was able to identify when users started or stopped typing, were sending or opening a message, the language a message was written in, and its length, with 96 percent accuracy or higher.
That, combined with the fact that the iMessage protocol transmits a unique identifier for a device, adds up to similar metadata to what has been controversially collected by the NSA on U.S. phone calls, says Coull. If I had the ability to monitor a big chunk of traffic to and from the iMessage servers, I could come up with a social network of whom is messaging whom, and the language theyre using and the approximate size of the messages, he says.
The rest is here:
Statistical Tricks Extract Sensitive Data from Encrypted Communications
Interview with Steve Hernandez, lead developer for #39;Creation Workshop #39;
In this episode we talk with +Steve Hernandez lead developer for the open source software application #39;Creation Workshop #39; that was specifically made to control SLA/DLP printers like the B9...
By: All Things 3D
View original post here:
Interview with Steve Hernandez, lead developer for 'Creation Workshop' - Video
We looked at some excellent open source security applications for small businesses in our article, 5 Open Source Security Tools for Small Business. This roundup includes more open source tools to protect your online privacy, evade snoops and censors, protect your passwords, and protect your data.
TheHeartbleed bugin OpenSSL was alarming, but does it mean that open source software is unreliable? A single incident hardly constitutes an indictment of a huge and diverse software ecosystem. In the open source world, "given enough eyeballs, all bugs are shallow" is a cherished belief. It means that open code is stronger because anyone can examine the code and find and fix flaws. Security expert Bruce Schneier, inSecrecy, Security, and Obscurity, explains how the open source development model produces stronger code.
How did a serious bug in an essential technology go undetected for more than two years? The short answer: cryptography is very difficult to implement correctly, and OpenSSL was maintained by overworked and underfunded developers. Open source worked as intended because, once discovered, the flaw was publicly announced and a fix quickly released. In addition, theLinux Foundation is allocating funds and developersto OpenSSL. While nothing is ever 100 percent certain, open source has a long record of reliability.
If you spend any amount of time online you have an unwieldy number of logins and passwords to manage.KeePassis a super-nice, free password creator, manager and encrypted locker that stores your logins securely. You only need to remember a single master password. For extra-strong security you can also secure it with an encryption key. KeePass runs on Mac OS X, Linux, and Windows. There are also portable versions that run from a USB stick, and mobile versions for Android, iPhone, iPad, Blackberry, and Windows Phone 7.
Figure 1: KeePass, an open source encrypted password locker.
Online security is very difficult, because the Internet was not designed for security and secrecy. Powerful commercial and government interests invest enormous resources into poking their noses into every nook and cranny of our online activities. You'll find a number of open source tools to protect you from online snoops and censors, such as Tor (a.k.a., the onion router), and strong encryption for documents and your online sessions.
Invented by the U.S. Naval Research Laboratory, Tor protects online communications. It routes your Internet travels through a twisty global network of encrypted routers to foil traffic analysis, and to get around online censors. Anyone with access to the wires, routers, or servers that your traffic passes through can eavesdrop with trivial ease, unless you foil them by encrypting your Internet communications.
Figure 2: Tails can look like Windows XP operating system.
Continued here:
Open Source Security & Privacy Apps for Small Business
Cryptography Video by Taiga Yokoyama (Refined)
I created this video with the YouTube Video Editor (http://www.youtube.com/editor) This is the video with a very minor ending slide edit. Please watch this one.
By: MrTaiga0011
Read the original post:
Cryptography Video by Taiga Yokoyama (Refined) - Video
Animation: The WikiLeaks, Julian Assange Diplomatic Standoff
Animation created by Infobytes to explain the diplomatic situation involving WikiLeaks and Julian Assange, including the Swedish case and his political asylum.
By: FreeJANow
See the original post:
Animation: The WikiLeaks, Julian Assange Diplomatic Standoff - Video
Two years of being trapped inside an Ecuadorian embassy has not sweetened WikiLeaks wizard Julian Assange's disposition.
Assange has vowed to post more diplomatic dirt online Thursday to mark the second anniversary of his imprisonment at the embassy in London.
Earlier, Assange hinted at what's to come, saying the soon-to-be-leaked documents are "in the field of international negotiations" involving some 50 countries.
Assange did not elaborate, but they are sure to include the U.S. and reportedly Canada and Australia as well.
In a conference call on Wednesday, Assange sent a message to President Obama and U.S Attorney General Eric Holder.
"Mr. Obama, you must surely now start to reflect on what your legacy will be after two presidential terms," he said. "It must be at odds with a former professor of constitutional law to have a legacy of being the President that conducted more espionage investigations against journalists than all Presidents going back to 1917 and the original issuance of the Espionage Act."
Obama taught constitutional law at the University of Chicago.
Assange also called former Australian foreign minister Bob Carr a liar and said he's been watching the World Cup soccer tournament.
The WikiLeaks founder has been holed up in the embassy because he is wanted in Sweden for questioning about sexual abuse allegations.
Assange claims he is being persecuted for releasing a treasure trove of classified documents about NSA surveillance and military documents detailing U.S. actions in Afghanistan and elsewhere.
Here is the original post:
Julian Assange to mark two years in Ecuadorian embassy ...
LONDON (AP) Julian Assange is marking the second anniversary of his stay in the Ecuadorean Embassy in London, saying he has no intention of returning to Sweden where he faces allegations of sexual misconduct.
As supporters chanted slogans outside the embassy, Assange maintained he didn't want to go to Sweden because he had no guarantee he wouldn't subsequently be sent to the United States, where an investigation into WikiLeaks' dissemination of hundreds of thousands of classified U.S. documents remains live.
Ecuador's Foreign Minister Ricardo Patino said Thursday Assange can stay at the embassy "for as long as necessary" and there would be no attempt to force him back to Sweden.
Assange fled to the cramped building in 2012 after losing his battle against extradition to Sweden in Britain's highest court.
-----
Original headline: Julian Assange marks 2nd year in Ecuador's embassy
UK: Julian Assange, a modern day hero and enemy of state, is preparing to mark two years in captivity inside the Ecuadorian embassy in London, with another major leak of state secrets and a fresh challenge to escape legal limbo.
Having spent two years inside a small ground-floor apartment in the heart of Knightsbridge, London, the 42-year-old year old founder of WikiLeaks is still making his presence felt with a new batch of documents implicating Canada and 49 other countries, it's expected to be released later on Thursday.
On the eve of the two year anniversary of captivity, Assange in a phone interview with journalists has once again stressed that the US Department of Justice is engaged in a witch hunt investigation of a publisher - the longest since the introduction of the Espionage Act of 1917.
"It is against the stated principles of the United States and the values supported by its people to have a four-year pre-law investigation against a publisher," Assange said.
Meanwhile his UK-based lawyer Jennifer Robinson told reporters the defense team plans to file a legal challenge with the Swedish courts next Tuesday, based on "new information gathered in Sweden".
She said further details of the "information" would be revealed next week. The announcement is the first sign of a possible route out of captivity that has entered its third year.
The WikiLeaks founder, in his latest interview, said next week's challenge could be a first step in annulling the Swedish detention order, to face "the larger problem of the US and its pending prosecution and perhaps extradition warrant."
Assange, whose services exposed more than 8 million anonymously leaked documents since 2006, continues to crave freedom.
"He craves freedom, he can't buy his own food and he would love to have the chance to have a normal walk in the fresh air," journalist Vaughan Smith, who gave refuge to Assange back in 2010, told UK's Channel 4 news.
Denial of fresh air has so far caused the British taxpayers more than 6 million for security services to prevent Assange from escaping the Ecuadorian premises. The bill will further grow, Ecuadorean officials warned, as Assange was welcome to stay in the embassy as long as it was required.
View post:
Assange marks two years in legal limbo