Getty Images

The world's biggest tech companies could soon be compelled to weaken encryption in the name of national security if Australia gets its way.

Australia is making the calls ahead of a summit of the Five Eyes, the intelligence alliance it operates under with the US, UK, Canada and New Zealand. Leaders and officials from the five countries are descending on Ottawa this week to discuss the threat of terrorism and the growing need for security in a digital world.

And when it comes to terrorists in "cyberspace," Australia wants a crackdown.

On the eve of the conference, Australian Attorney-General George Brandis said tech companies need to play a part in foiling terrorist communications, and that could mean a weakening of encryption.

"The use by terrorists of cyberspace is an issue of critical concern to intelligence and law enforcement agencies," said Brandis in a statement ahead of the conference.

"Australia will lead the discussion of ways to address this issue; in particular the involvement of industry in thwarting the encryption of terrorist messaging."

Attorney-General Brandis said Australia wanted to cooperate with service providers to "ensure reasonable assistance is provided to law enforcement and security agencies" when it comes to getting past encryption methods used by suspected terrorists.

The comments call to mind similar rhetoric from the FBI, which faced off against Apple last year over its attempts to access the locked iPhone of suspected terrorist, Syed Farook. More than one year on, and the questions over individual privacy versus national security is still driving political debate across the world.

Australian Prime Minister Malcolm Turnbull added his voice to a growing chorus of international leaders over the weekend, calling for a crackdown on "ungoverned spaces" online, pointing to US tech companies.

"We cannot continue to allow terrorists and extremists to use the internet and the big social media and messaging platforms -- most of which are hosted in the United States I should say -- to spread their poison," the prime minister said.

"The rule of law must prevail everywhere online was well as it does today in the analogue, offline world."

Prime Minister Turnbull's words followed similar tough talk from British Prime Minister Theresa May, who has called on tech companies to develop better measures to remove extremist content from online platforms, and former US National Director of Intelligence, James Clapper, who has called on tech companies to allow law enforcement "access to encryption."

CNET Magazine: Check out a sample of the stories in CNET's newsstand edition.

Virtual reality 101: CNET tells you everything you need to know about VR.

The rest is here:
Australia pushes for weaker encryption at 'Five Eyes' meeting - CNET

SOME DUTCH RESEARCHERS have discovered a way of cracking AES-256 encryption using reasonably cheap gear and wireless tech.

Fox-IT, which is the Dutch company, calls the attack 'Tempest' and explains that it is enabled through proximity and relies on the monitoring of electromagnetic signals in what is known as a side channel attack.

Researchers put together a piece of kit worth less than $200 and were able to wirelessly extract secret AES-256 encryption keys from a distance of one metre. They said that the attack can be carried out by people on all budgets and with all kinds of means.

"The recording hardware can range from extremely high-end radio equipment, down to 20 USB SDRs. We have found that even the cheap USB dongles can be used to attack software implementations!" they said. "This is not a game exclusively for nation states, but also anyone with pocket money and some free time (PDF)."

Usually, such an attack would require direct access and manipulation, but Fox-IT found that it was possible just to swan past the target with a bag of wires and small screws and catch a winner in record time.

"Using this approach only requires us to spend a few seconds guessing the correct value for each byte in turn (256 options per byte, for 32 bytes so a total of 8192 guesses)," boasts the firm.

"In contrast, a direct brute-force attack on AES-256 would require 2256 guesses and would not complete before the end of the universe"

The next challenge is distance. Currently, Fox-IT has met reached a goal of 30cm but says that afull meter is a possibility given the right circumstances.

"Our work here has shown a proof of concept for TEMPEST attacks against symmetric crypto such as AES-256. To the best of our knowledge, this is the first public demonstration of such attacks. The low bandwidth requirements have allowed us to perform the attack with surprisingly cheap equipment (20 radio, modest amplifiers and filters) at significant distances," it added.

"In practice this setup is well suited to attacking network encryption appliances. Many of these targets perform bulk encryption (possibly with attacker controlled data) and the ciphertext is often easily captured from elsewhere in the network."

See more here:
AES-256 encryption keys cracked by hands-off hack - The INQUIRER

The Bundestag (pictured) voted to grant the police the powers last Thursday

German law enforcement has been be granted vast new hacking powers. The Bundestag - the German legislature - voted on June 22 to grant law enforcement the powers it needs to hack into, and spy on, smartphones and computers.

The ruling coalition government, made up of the conservative Christian Democrats and the centre-left Social Democrats, pushed hard for the law, arguing that the police will need to get around encryption if they are to do their job.

Existing law allows law enforcement to tap a phone, but not actually hack an electronic device in any other case than one where lives are directly threatened. With the expansion of of their powers, law officers will now be able use malware - state trojans', or Bundestrojaner - to watch the real time communications of suspects and view a device's saved files and data. The new law expands the cases in which such measures can be used to include nearly 40 offences, such as murder, drug trafficking, money-laundering and illegal pornography.

With the passage of the law, Germany enters further into the group of western states who use hacking technology in police work. While this is not an attempt to break encryption' as per the desire of so many states, it does allow law enforcement to circumvent it and read the encrypted communications of those it chooses to surveil.

Germany has traditionally held a liberal stance on policing powers, mindful of a return to the authoritarian governments that ruled the country for much of the twentieth century.

When the state trojan', R2D2, was first discovered by the Berlin-based Chaos Computer Club (CCC), it prompted a public outcry. At the time the CCC offered an analysis which may be considered prescient: "this refutes the claim that an effective separation of just wiretapping internet telephony and a full-blown trojan is possible in practice - or even desired. Our analysis revealed once again that law enforcement agencies will overstep their authority if not watched carefully.

Germany has some of the strongest data protection laws in the world and has often eschewed the kinds of mass surveillance regimes that have emerged in the UK and the US, going so far as to publicly condemn them.

When it was discovered that German Chancellor Angela Merkel's phone was being monitored by the US National Security Agency, Germany vowed to ban tech companies that worked with the NSA from being granted Federal contracts. In 2016, German courts ruled heavily against mass surveillance programmes, declaring many of its allies' projects as well its own, unlawful.

That legacy of liberalism now clashes with resurgent terrorist campaigns across Europe and the transformation of crime in cyber-space. In 2016 alone, the German public were subject to three separate terrorist attacks culminating in a truck attack on a Christmas market in December, which left 12 dead. In direct response to the atrocity, the German government proposed the expansion of CCTV monitoring to a variety of new public spaces.

Go here to read the rest:
Encryption-dodging hacking powers expanded for German law enforcement - SC Magazine UK

In a statement that brings to mind the valour of Don Quixote, Australian Prime Minister Malcolm Turnbull has flagged "a crackdown on ungoverned spaces online".

According to another report from The Age similar to some of the others that one has quoted in the past Australia plans to pressure "social media companies pressure social media companies to do more to co-operate with governments to combat would-be terrorists who are organising online".

If this were not fanciful enough, Turnbull wants the rule of law to apply online as it does in what The Age calls the "analogue, offline world".

Remember, this comes from a man who claims to be digitally aware, one who has used the words "innovation" and "agile" more times in the last year than any other politician, and one who has repeatedly let slip little hints like his use of an encrypted app for messaging to give the impression that he knows his ones and zeroes.

As usual, there are no specifics. Last time I looked, Facebook, Twitter, and their ilk were all based in the US, a country which is highly unlikely to do anything to disturb them. So what Turnbull has in mind is mystifying.

That Turnbull continues to make such statements, putting himself very much on part with some of the pronouncements that have emanated from Attorney-General George Brandis, is surprising, considering that he has an educated adviser in the shape of Alistair MacGibbon to brief him on the basics of encryption.

But if all that Turnbull is seeking is to pass the time of day by making pronouncements as nonsensical as those uttered by his British counterpart, Theresa May, then he is going about things the right way.

Encryption has taken centrestage ever since the world became aware in 2013 that the NSA was conducting surveillance of man+dog. Since then, companies have been trying to guarantee clients that their data will be safe in order to attract more sales.

Microsoft has even gone to the extent of offering its American clients cloud storage in Germany, a country where data security is taken a little more seriously given its past.

The genie is well and truly out of the bottle and politicians who promise security measures which do not take reality into account are doing just one thing: telling porkies to score political points.

The only point at which this mess will be resolved is when politicians are willing to admit that terrorism is a political problem and requires a political solution. It is not a law and order issue.

View original post here:
Encryption: Turnbull tilts at windmills again - iTWire

Symantec Endpoint Encryption provides encryption and centralized management to protect sensitive information while ensuring regulatory compliance.

Bottom Line Symantec Endpoint Encryption protects sensitive information and ensures regulatory compliance with both full-disk and removable-data encryption. It encrypts each drive, sector by sector, ensuring all files are encrypted. It also supports various types of removable media. It also allows removable data users to access their data on any machine, even if its not encrypted.

BitLocker Drive Encryption is an encryption feature that works to provide your operating system and any other drives with increased protection.

Bottom Line BitLocker Drive Encryption is an encryption feature available for recent Windows operating systems and intended to increase the security surrounding your computers drives. Offering increased functionality with a Trusted Platform Module (TPM), BitLocker can generate comprehensive protection for your operating system itself or for any drives that are attached to your computer. BitLocker uses encryption techniques, alongside any additional security measures you choose, to protect sensitive data from hackers.

East-tec InvisibleSecrets is a steganography and file-encryption tool that encrypts confidential file and folder structures and allows users to hide files from other users.

Bottom Line InvisibleSecrets encrypts data and files and keeps them safe for secure transfer in emails or across the internet. The file encryption lets users encrypt and hide files directly from Windows Explorer and automatically transfer them by email or via the internet. Users can also hide files in places that appear innocent, such as pictures, sound files, or webpages.

Cypherix Cryptainer is a data-encryption solution that allows users to encrypt files and protect sensitive data on their hard drives, memory sticks, or other storage media.

Bottom Line Cypherix Cryptainer is an encryption solution for Windows PCs. The software encrypts files and folders, and allows for the creation of multiple encrypted virtual hard drives. Cryptainer is offered in several versions, including the free Cryptainer LE version and a premium Cryptainer SE.

Voltage HPE SecureData Enterprise is a data-protection platform that provides end-to-end encryption for sensitive company data.

Bottom Line Voltage HPE SecureData Enterprise is a data-protection solution that allows companies to ensure that all of their sensitive data is encrypted and kept out of the hands of potentially malicious entities. The software works by continually encrypting and protecting data even as the data is being captured, processed, and stored, so that no vulnerabilities can be exploited. Voltage HPE SecureData Enterprise provides stateless key management, an extremely flexible application programming interface (API) that can integrate with nearly any application, and support for various operating systems and devices.

DriveCrypt data encryption provides secure 1344-bit disk encryption for desktop computers and laptops.

Bottom Line DriveCrypt is a disk encryption product that automatically encrypts data on desktop and laptop personal computers (PCs), as well as universal serial bus (USB) storage devices. The secure 1344-bit encryption is done automatically on the fly, so users do not have to change their workflow.

CipherShed is a free, open-source program that can be used to create encrypted files or to encrypt entire drives including universal serial bus (USB) flash drives and external hard disk drives (HDDs).

Bottom Line CipherShed is a free, open-source program intended to be used to create encrypted files or to encrypt entire drives. This includes being able to encrypt thumb/flash drives and external removable (and back-up) hard disk drives (HDDs). The program is designed to be simple to use and includes a wizard that provides simple step-by-step instructions for users to follow.

MiniLock is simple file-encryption and transfer tool that makes it easier and more convenient to securely send files from one person to another.

Bottom Line MiniLock is a miniature file-encryption and transfer solution that works toward simplifying the process of sending encrypted files from one person to another. By generating unique MiniLock identities for each user and requiring strong passphrases, MiniLock establishes multiple layers of protection to guarantee the security of your files. MiniLock makes it easy to send an encrypted file to someone through a process as simple as sharing a tweet.

Kryptel encryption software allows Windows personal computer (PC) users to encrypt and decrypt one to thousands of files and folders with a single click for secure file storage.

Bottom Line Kryptel encryption software for Windows allows users to encrypt and decrypt files and folders with just a click of the mouse. All editions also include right-click-integration with Explorers browser to look inside encrypted containers and include a data shredder with a variety of settings to increase data-wiping security during encryption and decryption. Upgraded versions add encrypted backups, script-driven encryption, and a command-line interface.

Vormetric Transparent Encryption encrypts data, enables privileged user access control, and creates activity logs.

Bottom Line Vormetric Transparent Encryption encrypts databases and files and removes data access rights from administrators. When integrated with a security information and event management system, it can generate extremely detailed reports.

Gpg4win is open-source solution that encrypts and digitally signs files and emails.

Bottom Line Gpg4win encrypts emails and files with military-grade security. You can also use it to digitally sign your messages and files. The software is open source and free to use even commercially.

Boxcryptor provides encryption for files stored within various platforms the cloud.

Bottom Line With Boxcryptor, users can encrypt any files they plan to store in a cloud-based repository (i.e., Dropbox, Google Drive, Microsoft OneDrive, or any other common cloud-storage provider). Boxcryptor provides applications for all major operating systems and mobile platforms, allowing users to access their encrypted files anywhere at any time regardless of where the files are stored.

VeraCrypt is open-source disk-encryption software (from IDRIX) that protects files and systems and prevents data leaks and data theft.

Bottom Line VeraCrypt open-source disk-encryption software adds enhanced security to the encryption algorithms used for systems and partitions. It makes systems and partitions immune to the latest developments in brute-force attacks and solves many of the security issues and vulnerabilities found in TrueCrypt.

Jeticos BestCrypt products offer comprehensive military-standard data protection for sensitive information in files and/or on hard drives.

Bottom Line Jeticos BestCrypt software products deliver military-standard data protection for active computers, shared workstations, or network storage and for lost or stolen computers and laptops.

Digital Guardian is data-centric encryption and protection software, with a wide array of tools and system coverage.

Bottom Line Digital Guardian is data-centric encryption and protection software, with a wide array of tools and system coverage. Its protection extends to your sensitive files no matter where they are on the network, endpoints, and cloud. With detailed reports on data activity and user policy enforcement, Digital Guardian will provide you with the tools and means to protect your valuable data.

Original post:
Top Encryption Software for 2016 - PCMag

More companies are now using team chat applications, such as Atlassian HipChat, Cisco Spark, Microsoft Teams, RingCentral...

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Glip and Slack. As a result, IT leaders are moving from debating the merits of adopting such applications to practical concerns around security and information protection of corporate data stored within the apps.

Vendors in the team messaging space are increasingly differentiating themselves on the basis of security. For example, Cisco, ClearChat and Symphony tout their end-to-end messaging encryption models as superior to other vendors that only provide messaging encryption at rest or in motion.

The issue of messaging encryption has also spilled into the consumer world, with the European Union recently issuing draft legislation mandating end-to-end encryption for all messaging services.

As team chat applications gain traction in the enterprise, IT leaders should familiarize themselves with the various flavors of messaging encryption:

For IT leaders evaluating various team messaging applications, let risk be your guide.

Consumer messaging services, such as Kik, and many popular business-focused apps, such as Slack, do not yet offer end-to-end encryption, meaning messages are only encrypted at rest and in motion. Therefore, messaging providers could be compelled by court order to decrypt and turn over message data.

In a worst-case scenario, messaging systems could be hacked, resulting in the release of messaging data out into the wild.

Providers offering end-to-end messaging encryption -- with user-held keys -- offer an added layer of security by enabling customers to control access to message stores. With end-to-end encryption, even if a government agency were to show up at the provider's door with a warrant, the provider could only turn over encrypted message data to the agency. The only way of decrypting messages -- short of hacking encryption algorithms -- is by obtaining the keys from the customer of the messaging provider.

Most organizations can accept the risk of not using end-to-end encryption. But for companies in regulated industries or organizations looking for an extra level of protection, evaluate end-to-end encrypted services with a self-owned key management capability.

Take these steps to secure your messaging applications.

Team chat apps see huge growth and fierce competition.

Are business chat apps becoming the next UC platforms?

View original post here:
End-to-end messaging encryption gives customers key controls - TechTarget

German police may now hack into messengers like WhatsApp using state trojans to intercept user communications before they are encrypted on their devices, according to a new law swiftly passed by the parliament.

The new legislation allows police investigators to use a state trojan to hack into a suspects mobile device, tablet, or computer, and get full access to their chat messages, video recordings, or other private data, German media reported.

Read more

The state trojans could make it easier to bypass the encryption employed by popular messaging services, including WhatsApp, as they can gain access to data straight from the source, well before it is secured by the messengers.

The Bundestag voted the bill into law during the second and third readings on Thursday, Spiegel reported. The ruling coalition of conservative CDU/CSU and the Social Democrats overwhelmingly supported the measure, saying it will ensure more efficient execution of criminal proceedings. The Greens and the Left Party rejected it, however.

The new legislation will allow German law enforcement agencies to obtain a copy of a devices hard drive or remotely search it in specific cases.

The use of the state malware will not be restricted to terrorism-related cases, however, German media reported. Surveillance of encrypted communications in cases involving suspected tax evasion, drug trafficking, and sports betting fraud is also expected to be considered legal under the new legislation.

Until now, German law enforcement could only wiretap a suspects SMS communications and regular phone conversations in specific serious cases. Looking at messages sent through encrypted services has been prohibited by law.

Facebook-owned WhatsApp updated its messenger service in April last year with end-to-end encryption, enabling a lock to secure communications between individual users or in a group chat.

Amid a heated debate on finding the balance between privacy and security concerns, Facebook CEO Mark Zuckerberg praised the update as an important milestone for the WhatsApp community.

Advocating the new surveillance amendment, the German government argued it would help authorities tackle rising security threats.

Read more

We often see that criminals communicate using encrypted ways, Interior Minister Thomas de Maiziere said, as cited by Rheinische Post. Encryption protects a right for private communication. But it is not a carte blanche for criminals.

This is how we facilitate efficient, cutting-edge law enforcement that's keeping us all safe, Michael Frieser, domestic policy expert of the CSU party, said in the Bundestag on Thursday, according to Deutsche Welle.

However, critics within and outside government circles have doubted the law is constitutional.

State-sponsored hacking is much worse than a big malware attack, because nowadays the entire private life is stored on mobile devices, including photos, contacts, SMS, emails as well as location and movement data, said Jan Korte MP (Left Party) as cited by Spiegel.

The one who surveils computers and smartphones can also activate microphones and data storage, allowing him to know nearly everything on the target person, Judge Ulf Buermeyer, head of the German Society for Civil Rights, wrote in a statement for Handelsblatt daily.

Opponents of the surveillance amendment have also lambasted the way the bill was pitched to the Bundestag. Hans-Christian Stroebele, member of the parliaments Judiciary Committee for the Green Party, told Deutsche Welle MPs were informed about the amendment on very short notice and had almost no time to prepare for a meaningful discussion.

The amendment itself has been part of a large document proposing changes to German criminal law.

One can't help but get the impression that this serious infraction of civil liberties was deliberately hidden in a regular adjustment bill to push it through quickly and without discussion, the president of the German Lawyers Association, Ulrich Schellenberg, wrote in an email to the news agency.

See the rest here:
'State trojans': New German law enables police to hack into ... - RT

By EP (Mariya Gabriel) [CC BY-SA 4.0], via Wikimedia Commons

The European Commission's (EC) incoming digital commissioner, Mariya Gabriel, has failed to share specifics of her position on encryption in a hearing which confirms her into the role.

Soon to be in charge of the EC's digital economy and society portfolio, she was asked questions by MEPs on the topic in a two-and-a-half hour long session but failed to make her position clear.

Encryption has been a very hot topic recently. The UK government for one has often called for ways to bypass encryption as it sees it as giving terrorists a space space to hide.

Other countries are looking to do the same, for much of the same reasons, including France, Spain, and joined last week by Germany.

Earlier this week, the European Parliament's civil liberties and justice committee unveiled plans as part of the ePrivacy regulation to enforce end-to-end encryption on electronic communications.

Not wishing to step on the toes of law enforcement, the committee said it recognised the level of personal data EU citizens were sharing via such communications, such as private medical records and online banking statements, so decided that communications deserved a strong level of encryption to ensure no information is lost.

Commissioner Gabriel was a member of the same committee many years during her time in the EU Parliament. She is expected to play an influential role in the discussions on this, so her words were watched carefully.

The proposals brought forward by the committee will need the support of the EU Parliament and Council to make it into law.

Gabriel was questioned on whether she wishes to see digital services have this extra level of protection; she initially appeared to be on the side of encryption, saying, At the moment it's important to have encryption, adding It's a guarantee for security without any possible backdoors. We've already seen member states' initiatives where they've used the deciphering of the encryption and we've seen the results of that. So we need to move forward. Trust, confidence and security for citizens will come from a number of measures, but that's a principle where I propose that we move along the same lines.

When questioned again on whether there will be no government backdoors, she seemed to backtrack saying, Legal access can only take place within very strict conditions, as we have for other legislative measures. And only where it concerns reasons of national security of the highest rank.

It's important because we need to give our own institutions the means to move forward, but we also need to make sure that those very same instruments are not being used by others for purposes other than the positive purposes that we had in mind.

The current EC vice president Andrus Ansip, who is the current commissioner of the digital economy and society brief agrees. Ansip tweeted in March that weakening encryption is not an option and has rejected the idea of government backdoors.

However, when it comes to encryption he also said the interests of law enforcement are not black and white also demonstrating an ambiguous view.

Follow this link:
New EU digital commissioner fails to clarify position on encryption - SC Magazine UK

Outloud Audio Adopts Fortium's MediaSeal File Level Encryption to Meet Heightened Security Threats SHOOT Online Fortium, a leading provider of digital content security solutions for media and entertainment, today announces Outloud Audio, Los Angeles and New York, as a new customer for MediaSeal, its file encryption software, which protects unaired TV and movie ...

Read the original post:
Outloud Audio Adopts Fortium's MediaSeal File Level Encryption to Meet Heightened Security Threats - SHOOT Online

All Skype-to-Skype voice, video, file transfers and instant messages are encrypted. This protects you from potential eavesdropping by malicious users.

If you make a call from Skype to mobile and landline phones, the part of your call that takes place over the PSTN (the ordinary phone network) is not encrypted.

For example, in the case of group calls involving two users on Skype-to-Skype and one user on PSTN, then the PSTN part is not encrypted, but the Skype-to-Skype portion is.

For instant messages, we use TLS (transport-level security) to encrypt your messages between your Skype client and the chat service in our cloud, or AES (Advanced Encryption Standard) when sent directly between two Skype clients. Most messages are sent both ways, but in the future it will only be sent via our cloud to provide the optimal user experience.

Voice messages are encrypted when they're delivered to you. However, after you have listened to a voice message, it is transferred from our servers to your local machine, where it is stored as an unencrypted file.

Skype uses the AES (Advanced Encryption Standard*), also known as Rijndael, which is used by the US Government to protect sensitive information, and Skype has for some time always used the strong 256-bit encryption. User public keys are certified by the Skype server at login using 1536 or 2048-bit RSA certificates.

*Skype is not responsible for the content of external sites.

To learn more about encryption, please visit our Security Center.

See the rest here:
Does Skype use encryption?