PM Theresa May has proposed tougher measures to tackle militants online activities

Reuters | London August 12, 2017 Last Updated at 20:39 IST

Evans views echo those of Robert Hannigan, the former head of the UKs eavesdropping spy agency GCHQ, who said in July that the government should work with companies for access to messages to ensure that systems were not weakened.

A suicide bomb at a pop concert in Manchester and three attacks in London which used cars to drive into pedestrians have killed 36 people in the last six months.

Evans said that while he thought that the threat from Islamic militants was on the decline when he left his role in 2013, the rise of Islamic State had fuelled a new generation of militants which could pose a threat for decades in the future.

Were at least 20 years into this. My guess is that we will still be dealing with the long tail in another 20 years time, he said. I think we are going to be facing 20, 30 years of terrorist threats, and therefore we need absolutely critically to persevere.

Read the rest here:
Encryption 'very positive' despite attacks, says former UK spy chief - Business Standard

Your daily round-up of some of the other stories in the news

Civil liberties groups have protested at plans by Londons Metropolitan Police to use facial recognition software to scan the faces of people partying at this years Notting Hill Carnival.

Tens of thousands of people party in the streets of west Londons Notting Hill Gate on the last weekend of August, and the civil rights group Liberty has challenged the decision to use the technology to spot troublemakers, saying its racist, as the carnival is rooted in the capitals African-Caribbean community.

The police force trialled facial recognition last year, saying at the time that the technology involves the use of overt cameras which scan the faces of those passing by and flag up potential matches against a database of custody images. The database has been populated with images of individuals who are forbidden from attending Carnival, as well as individuals wanted by police who it is believed may attend Carnival to commit offences.

Nobody was arrested as a result of the trial, said the Met after the event. Stafford Scott of The Monitoring Group, an anti-racism charity, echoed Libertys concerns, saying: It is racial profiling. They are coming and putting everyones face in the system. A technique they use for terrorists is going to be used against young black people enjoying themselves.

Jonathan Evans, a former British spy chief, has come out strongly in favour of encryption, despite the fact that widespread use of encryption has reduced the ability of the agencies to police, to access the content of materials shared by terrorists.

Evans, who led the UKs MI5 spy service between 2007 and 2013, told the BBCs Today programme on Radio 4 that Im not personally one of those who believes we should weaken encryption. He was referring to the calls from Amber Rudd, the home secretary to weaken encryption: just last week she said that real people didnt always want end-to-end encryption.

In his interview, Evans said that he was concerned about cybersecurity more broadly, and particularly mentioned the Internet of Things, the security of which we regularly despair about here at Naked Security. He said: As our vehicles, air transport, our critical infrastructure is resting critically on the internet, we need to be really confident we have that secured because our economic and daily lives are going to be dependent on the security we can put in to protect us from cyberattack.

At Naked Security were very encouraged by Evans words: we are opposed to backdoors and anything that would weaken encryption.

Emojis we love them. And were also keen on equality here at Naked Security, so we very pleased to see that a ginger-haired emoji was among the options in the latest recommendations from Unicodes emoji subcommittee.

As well as our titian-headed friends, silver foxes, the bald and those blessed with curls will also be represented in emojis from June next year if the draft candidates included in the recommendations from the subcommittee are adopted.

The emoji subcommittee meets weekly, by phone, and also holds a week-long meeting every quarter to discuss and advance or reject proposals.

The next stage for gingers, silver foxes, bald folk and curly-topped people is the final quarterly meeting of this year, when the list of final candidates for encoding in Unicode 11.0 will be decided, with the final code points and names for the new emojis being decided at the first quarterly meeting next year.

Catch up with all of todays stories on Naked Security

Go here to see the original:
News in brief: facial recognition planned for Carnival; spy chief backs encryption; ginger emoji planned - Naked Security

Jonathan Evans, former director general of the British security service, says Islamist terrorism will remain a threat for another 20-30 years. Photograph: PA

A former head of MI5 has spoken out against curtailing use of encryption in messaging apps despite warning that Islamist terrorism will remain a threat for up to another 30 years.

Jonathan Evans said the terrorist threat to Britain was a generational problem, and suggested the Westminster Bridge attack in March may have had an energising effect on extremists.

Without encryption, everything sent over the internet from credit card details to raunchy sexts is readable by anyone who sits between you and the information's recipient. That includes your internet service provider, and all the other technical organisations between the two devices, but it also includes anyone else who has managed to insert themselves into the chain, from another person on the same insecure wireless network to a state surveillance agency in any country the data flows through.

With encryption, that data is scrambled in such a way that it can only be read by someone with the right key. While some older and clumsier methods of encryption have been broken, modern standards are generally considered unbreakable even by an attacker possessing a vast amount of computer power.

But while encryption can protect data that it is vital to keep secret (which is why the same technology that keeps the internet encrypted is used by militaries worldwide), it also frustrates efforts by law enforcement to eavesdrop on terrorists, criminals and spies.

That's particularly true for end-to-end encryption, where the two devices communicating are not a user and a company (who may be compelled to turn over the information once it has been decrypted), but two individual users.

Thank you for your feedback.

But Lord Evans, who retired from the security service in 2013, told BBC Radio 4s Today programme that he would not support a clampdown on use of encryption.

His comments came after Amber Rudd, the home secretary, argued that internet companies were not doing enough to tackle extremism online. She has previously singled out the use of encryption as a problem.

Acknowledging that use of encryption had hampered security agencies efforts to access the content of communications between extremists, Evans added: Im not personally one of those who thinks we should weaken encryption because I think there is a parallel issue, which is cybersecurity more broadly.

While understandably there is a very acute concern about counter-terrorism, it is not the only threat that we face. The way in which cyberspace is being used by criminals and by governments is a potential threat to the UKs interests more widely.

Its very important that we should be seen and be a country in which people can operate securely thats important for our commercial interests as well as our security interests, so encryption in that context is very positive.

After the home secretarys intervention at the Global Internet Forum to Counter Terrorism in California this month, the companies taking part said they were cooperating to substantially disrupt terrorists ability to use the internet in furthering their causes, while also respecting human rights.

Looking ahead, Evans warned of the threat of a cyber-attack against the internet of things the networking of physical devices, ranging from cars to lightbulbs to TVs as a major issue.

As our vehicles, air transport, our critical infrastructure is resting critically on the internet, we need to be really confident that we have secured that because our economic and daily lives are going to be dependent on the security we can put in to protect us from cyber-attack, he said.

But the threat of Islamist terrorism was likely to remain at the fore for 20-30 years, he warned.

Were at least 20 years into this. My guess is that we will still be dealing with the long tail in another 20 years time I think this is genuinely a generational problem, Evans said.

I think that we are going to be facing 20 or 30 years of terrorist threats and therefore we need absolutely critically to persevere.

He said the London bombings in July 2005 triggered an energising effect on the extremist networks in the UK, and thought there would be a similar feeling after the Westminster Bridge attack.

We did see a huge upsurge in threat intelligence after 7 July and I suspect that theres the same sort of feeling in the period after the Westminster Bridge attack that a lot of people who thought Id like to do this suddenly decided Yep, if they can do it, then I can do it.

Since the atrocity in March, there have been attacks in Manchester, London Bridge and Finsbury Park.

Evans, now an independent crossbencher in the House of Lords, also told the programme he would be surprised if Russia had not attempted to interfere with British democracy, after repeated allegations of Kremlin interference in foreign elections.

He said: It would be extremely surprising if the Russians were interested in interfering in America and in France and in various other European countries but were not interested in interfering with the UK, because traditionally I think we have been seen as quite hawkish and therefore I would be surprised if there had not been attempts to interfere with the election.

Visit link:
Ex-MI5 chief warns against crackdown on encrypted messaging apps - The Guardian

ASHBURN, Va., Aug. 10, 2017 /PRNewswire/ -- Fornetix, LLC today announced the issuance of patent number 9,729,577 from the US Patent Office which covers breakthrough solutions for the management of encryption keys and other security objects. The inventors listed on the patent are Charles White, Joseph Brand, and Stephen Edwards.

"The issuance of this patent, the first of many to come, highlights the disruptive role Key Orchestration will play in the encryption key management market," said Steve Philson, Chief Operating Officer of Fornetix. "It's a great way to protect our Intellectual Property and identify how truly groundbreaking this solution can be for an organization's data security efforts."

The Key Orchestration ecosystem gives organizations a new level of control over their encryption by combining a powerful policy engine, scalability for hundreds of millions of keys, automation of the key lifecycle, and a commitment to interoperability, extensibility, and industry standards.

Instead of relying on outdated perimeter defenses that are ripe for data breaches, Key Orchestration has the critical combination of speed, capacity, and management tools that allow an enterprise to encrypt vastly more data than previously possible. When the entire network is encrypted, it leaves nothing of value for hackers to steal in the event of a breach.

"The award of this patent validates the hard work, innovation, and vision of the Fornetix Team," said Charles White, Chief Technology Officer of Fornetix and one of the creators of Key Orchestration. "As the first of many patents, this sets the stage for driving encryption key management to encompass everything from the data center to the individual. Ultimately, this patent helps validate the broader Orchestration ecosystem and its impact in delivering interoperability, agility, and resilience to our partners and our customers."

About Fornetix

Fornetix is helping organizations unleash the full potential of encryption by conquering the key management bottleneck. Our Key Orchestration ecosystem automates the key lifecycle across the entire enterprise with groundbreaking precision and speed. Policy-driven automation of the key rotation lifecycle reduces human error and empowers your organization to remain secure and avoid costly data breaches. As global use of encryption rapidly expands, you can be prepared for the future with unparalleled scalability. Please call 1-844-KEY-ORCH or visit http://www.fornetix.comfor more information.

View original content with multimedia:http://www.prnewswire.com/news-releases/fornetix-awarded-patent-for-breakthroughs-in-encryption-key-management-300502661.html

SOURCE Fornetix

Read this article:
Fornetix Awarded Patent for Breakthroughs in Encryption Key Management - Markets Insider

Encryption can be the answer to many data security issues faced by small and medium businesses.Not onlycan it protect sensitive information from unauthorized use and minimize the risks arising from data breaches, implementing this technology can also represent another step towards compliance with legislation, especially with respect to the General data protection regulation (GDPR).

But in cybersecurity, there isno silver bullet meaning that no single product or service can handle all the potential threats out there. This applies to encryption also, as even this technology despite its many advantages still has limitations that you need to take into consideration. So before opting for a specific product, be sure you know the one that best fits your needs.

According to a recent study on data breaches carried out by the Ponemon Institute, human error is second only to malicious actors when it comes to the most commonly cited root cause of data leaks. However, these can be avoided by deploying a solution that is easy to use.

There will always be the need for some encryption to be carried out by the user, based on policy and training. If these actions require expert knowledge and the product are not user-friendly, employees might try to find the easy way out and companyrules could be broken. With a simple user-friendly solution, this can be avoided.

A recent IDC survey on ESETs behalf has also shown that ease of management and ability to recover a lost access key are among the most important criteria when a business is in the process of choosing an encryption solution.

To avoid cases where employees are unable to decrypt their data because they have forgotten their keys, search for solutions that use a system of shared encryption keys, managed by on-site system administrators.

This is similar to the use of actual keys, something we all understand before starting elementary school. On top of that, it also makes sharing encrypted data within a predefined group quick, easy and in many cases, transparent for the user.

The solution you choose should be scalable and flexible, so that you can easily add advanced features if necessary, enabling you to vary enforced policies and keys remotely helping you to keep a strong default configuration

Select a product that doesnt require reinstallation for upgrades or renewals. In addition, dont forget that if an encryption solution is available as a perpetual license, including annual maintenance and support, or as a subscription license, it can enable you to manage costsand improve your financial flexibility.

Select a solution that employs industry-standard encryption algorithms that you can trust, and a sophisticated key-sharing system for secure data exchange among all users.

Check if the encryption solution you are considering meets the rigorous FIPS-140-2 standard in the US and is validated by the National Institute of Standards and Technology (NIST). Also verify if it has been certified by key players on the market (i.e. OPSWAT) and has performed well in independent tests.

Set your data protection strategy carefully and choose the encryption solution that helps you fulfill it in a way that suits you best. To make the right decision, dont shy away from any questions you might have about usability and features of the product, even if they sound obvious to you. You might be surprised how many encryption solutions on the market dont cover the basics.

If you want to know which questions you should ask and what answers to seek, we will help you in our next blogpost, so stay tuned and read more on WeLiveSecurity.com.

Author Ondrej Kubovi, ESET

Continued here:
Avoid getting lost in encryption with these easy steps - We Live Security (blog)

China has demonstrated a world first by sending data over long distances using satellites which is potentially unhackable, laying the basis for next generation encryption based on so-called "quantum cryptography.

Last August, China launched a quantum satellite into space, a move which was called a "notable advance" by the Pentagon.

Using this satellite, Chinese researchers at the Quantum Experiments at Space Scale (QUESS) project, were able to transmit secret messages from space to Earth at a further distance than ever before.

The technology is called quantum key distribution (QKD). Typical encryption relies on traditional mathematics and while for now it is more or less adequate and safe from hacking, the development of quantum computing threatens that. Quantum computing refers to a new era of faster and more powerful computers, and the theory goes that they would be able to break current levels of encryption.

That's why China is looking to use quantum cryptography for encryption. QKD works by using photons the particles which transmit light to transfer data.

"QKD allows two distant users, who do not share a long secret key initially, to produce a common, random string of secret bits, called a secret key," the researchers explained in a paper published in the journal Nature on Wednesday.

"Using the one-time pad encryption this key is proven to be secure to encrypt (and decrypt) a message, which can then be transmitted over a standard communication channel."

State news agency Xinhua called the encryption "unbreakable" and that's mainly because of the way data is carried via the photon. A photon cannot be perfectly copied and any attempt to measure it will disturb it. This means that a person trying to intercept the data will leave a trace.

"Any eavesdropper on the quantum channel attempting to gain information of the key will inevitably introduce disturbance to the system, and can be detected by the communicating users," the researchers said.

The implications could be huge for cybersecurity, making businesses safer, but also making it more difficult for governments to hack into communication.

China successfully sent the data over a distance of 1,200 kilometers from space to Earth, which is up to 20 orders of magnitudes more efficient than that expected using an optical fiber of the same length, the researchers claimed. It's also further than the current limits of a few hundred kilometers.

"That, for instance, can meet the demand of making an absolute safe phone call or transmitting a large amount of bank data," Pan Jianwei, lead scientist of QUESS, told Xinhua.

The Chinese government has made the development of the space sector a key priority. For example, it has laid out plans to get to Mars by 2020 and become a major space power by 2030.

And China has global ambitions for its QKD. It sees its satellite system interacting with ground-based QKD networks to create a global secure network.

"We can thus envision a space-ground integrated quantum network, enabling quantum cryptography most likely the first commercial application of quantum information useful at a global scale," the researchers said.

Original post:
China uses a quantum satellite to transmit potentially unhackable data - CNBC

Windows Central

Best Encryption Software Windows Central Folder Lock (about $40) is like the Swiss Army knife of encryption apps. It can encrypt files and folders, it has encrypted cloud storage, and it can even be used to create encrypted save locations that you can dump files and folders into before ...

The rest is here:
Best Encryption Software - Windows Central

"The issuance of this patent, the first of many to come, highlights the disruptive role Key Orchestration will play in the encryption key management market," said Steve Philson, Chief Operating Officer of Fornetix. "It's a great way to protect our Intellectual Property and identify how truly groundbreaking this solution can be for an organization's data security efforts."

The Key Orchestration ecosystem gives organizations a new level of control over their encryption by combining a powerful policy engine, scalability for hundreds of millions of keys, automation of the key lifecycle, and a commitment to interoperability, extensibility, and industry standards.

Instead of relying on outdated perimeter defenses that are ripe for data breaches, Key Orchestration has the critical combination of speed, capacity, and management tools that allow an enterprise to encrypt vastly more data than previously possible. When the entire network is encrypted, it leaves nothing of value for hackers to steal in the event of a breach.

"The award of this patent validates the hard work, innovation, and vision of the Fornetix Team," said Charles White, Chief Technology Officer of Fornetix and one of the creators of Key Orchestration. "As the first of many patents, this sets the stage for driving encryption key management to encompass everything from the data center to the individual. Ultimately, this patent helps validate the broader Orchestration ecosystem and its impact in delivering interoperability, agility, and resilience to our partners and our customers."

About Fornetix

Fornetix is helping organizations unleash the full potential of encryption by conquering the key management bottleneck. Our Key Orchestration ecosystem automates the key lifecycle across the entire enterprise with groundbreaking precision and speed. Policy-driven automation of the key rotation lifecycle reduces human error and empowers your organization to remain secure and avoid costly data breaches. As global use of encryption rapidly expands, you can be prepared for the future with unparalleled scalability. Please call 1-844-KEY-ORCH or visit http://www.fornetix.comfor more information.

View original content with multimedia:http://www.prnewswire.com/news-releases/fornetix-awarded-patent-for-breakthroughs-in-encryption-key-management-300502661.html

SOURCE Fornetix

Home

View original post here:
Fornetix Awarded Patent for Breakthroughs in Encryption Key Management - PR Newswire (press release)

MOUNTAIN VIEW, Calif.--(BUSINESS WIRE)--Symantec Corp. (NASDAQ:SYMC), one of the worlds leading cyber security companies, today announced that Plesk, a leading WebOps platform, will now incorporate Symantecs Encryption Everywhere security offerings into its website management platform and control panel, giving web professionals, small businesses, and cloud service providers one-click access to website encryption and customized security offerings. Symantec Encryption Everywhere is a website security solution that enables web hosting providers to seamlessly integrate security into every website. The newest version of Symantec Encryption Everywhere includes secure email and award-winning anti-virus and spyware removal from Norton.

Small businesses, web professionals and cloud service providers want better security for their websites, but are often intimidated by the complexities of online security and encryption, said Roxane Divol, executive vice president and general manager for Website Security at Symantec. Yet, browsers have begun flagging unencrypted websites as unsafe, causing businesses to lose brand trust, increase abandoned cart rates and find themselves open to hacking. Symantec and partners like Plesk are natively integrating basic encryption into websites and applications for easy compliance with browser security requirements, and options to expand beyond encryption as security needs grow.

Plesk will make it easy to manage and activate Symantec security packages within their website management platform and control panel. Plesk services over 11 million websites and 19 million mail boxes in 140 countries. Plesk enables all features deeply integrated and offering all available security offerings from Symantec at your fingertips. Hosting partners of Plesk will be able to resell these as well.

Encryption is no longer a nice-to-have for websites, but a must-have, said Nils Hueneke, CEO at Plesk. Our goal with all our WebOps solutions is to simplify the life of small businesses, web professionals and cloud service providers. By partnering with Symantec, we can offer the worlds most trusted security solutions to our customers seamlessly within our platform. In addition, the Symantec Encryption Everywhere program gives our partners a range of upsell opportunities that not only add value and brand differentiation, but also additional revenue streams.

For more information, visit https://www.symantec.com/theme/encryption-everywhere.

About Symantec Website Security

Symantec Website Security provides industry-leading security for websites, data, and applications with SSL/TLS, certificate management, vulnerability assessment, WAF/DDoS, malware scanning, etc. The Norton Secured Seal and Symantec Seal-in-Search assure customers they are safe to search, browse, interact, and buy. Symantec Website Securitys sophisticated solutions offer the promise of a safe and trusted internet experience across all websites and applications.

About Symantec

Symantec Corporation (NASDAQ: SYMC), a world leading cyber security company, helps organizations, governments and people secure their most important data wherever it lives. Organizations across the world look to Symantec for strategic, integrated solutions to defend against sophisticated attacks across endpoints, cloud and infrastructure. Likewise, a global communityofmore than 50 million people and familiesrely on Symantecs NortonandLifeLockproduct suitesto protect their digital lives at home and acrosstheirdevices. Symantec operates one of the worlds largest civilian cyber intelligence networks, allowing it to see and protect against the most advanced threats. For additional information, please visitwww.symantec.comor connect with us on Facebook, Twitter, and LinkedIn.

Symantec, the Symantec Logo and the Checkmark logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

Read more:
Symantec Announces Plesk Will Integrate Symantec Encryption Everywhere Security Into Its Website Management ... - Business Wire (press release)

IBMs new approach to fight cyber criminals is a mainframe that enables encryption of an entire dataset and renders it useless to hackers.

Hackers are everywhere and even ships in high seas can be compromised by their malicious deeds.

According to IBM X-Force Threat Intelligence Index, more than 4 billion records were leaked in 2016 alone, which is over a 500% increase from the previous year.

As cyber criminals keep on keeping up with security companies, theres urgent need to find novel approaches and countermeasures.

Think about it: if all sensitive data is efficiently encrypted and hackers cant decrypt it, they wouldnt be able to take advantage. Their attempts to breach security systems would be pointless.

A recent study by thePonemon Institute reveals that, after using effective incident response teams, the extensive use of encryption is the second factor in reducing the cost of data breach (by anaverage of $16 USD per record).

However some companies show passivity when it comes to data encryption; some just dont bother, while others cant afford to encrypt everything.

Current data encryption solutions (on-premises or cloud-based) can degrade systems performance, aside from being too complex and costly to deploy in the first place.

As a result, IBM estimates that, since 2013, of over 9 billion data records stolen, only 4% of the data was ever encrypted, and the company wants to remedy this.

IBMs security solutions span the whole spectrum, from hardware and software to web services, but the company has a universal encryption approach to the problem of data protection.

As a leading tech company, IBM wants to put an end to the global pandemic of security breaches and to do that it is betting on full encryption of sensitive data.

IBM has been making significant progress in cryptographic technology, mainly with its Z series mainframes. We just witnessed the introduction of the 14th generation of thesystem.

Called IBM Z, or z14, the mainframe is a system that enables the encryption of all data contained in databases, apps or the cloud, at any time, with just one-click.

Powered with a novel encryption engine, IBM Z is much faster and can run 12 billion encrypted transactions per day, without being a detriment to performance.

The IBM Z boasts many other features, including Blockchain technology, for businesses of any scale to make use of it.

Nevertheless, IBMs full encryption system might not keep hackers totally at bay. Cyber attacks can still target sensitive encrypted data and steal it.

It remains to be seen if hackers would ever be able to decrypt it.

Excerpt from:
Here's why IBM Z Mainframe Wants to Encrypt the World - Edgy Labs (blog)