Transportation and Encryption
Episode 8 of #39;iOS App-To-Date #39; - 8 Oct 14.

By: 3Deal Studio

Read more:
Transportation and Encryption - Video

Google has quietly backed away from a pledge that new Android devices running Lollipop would have full-disk encryption enabled by default.

According to an Ars Technica report, multiple devices are shipping without the encryption enabled by default, like the new Moto E. A subtle change has been introduced to Android's documentedencryption requirements, stating that it's "very strongly recommended, as we expect this to change to must in the future versions of Android." (See section 9.9 of the linked PDF.)

This indicates that Google still intends to make device encryption a requirement at some point, but there is some kind of engineering issue that makes the company feel it can't force all its hardware partners to get on board.

Testing from AnandTech in November showed that encryption devastated the Nexus 6's storage performance, with encrypted devices being anywhere from 50.5 to 80.7 percent slower than an unencrypted Nexus 6, depending on what was being measured. That sort of performance drop-off may have spurred Google's softened stance on device encryption, at least for now.

We'll keep an eye on all the new phones coming out of Mobile World Congress and elsewhere this year to see how this plays out.

Why this matters: Device encryption is an important security matter, especially in the post-Snowden era, and it's disappointing to see Google backtrack on this. At the very least the Android documentation indicates the company is still committed to making this happen, as full-disk encryption protects your data from unauthorized entry by hacking or other government agencies. It also makes it unreadable when it's time to sell off your phone for the latest and greatest device.

Derek Walter is a freelance technology writer based in Northern California. He is the author of Learning MIT App Inventor, a hands-on guide to building your own Android apps. More by Derek Walter

Your message has been sent.

There was an error emailing this page.

Read more from the original source:
Google relaxes mandatory encryption requirement for Android Lollipop devices

It turns out there was something to the report thathardware performance was to blame for Google backing off its encryption requirement for new Lollipop devices.

Google issued a statement to Engadget, confirming that many phones wont come with encryption turned on, a reversal of the companys original plans:

In September, we announced that all new Android Lollipop devices would be encrypted by default. Due to performance issues on some Android partner devices we are not yet at encryption by default on every new Lollipop device. That said, our new Nexus devices are encrypted by default and Android users (Jelly Bean and above) have the option to encrypt the data on their devices in Settings -> Security - >Encryption. We remain firmly committed to encryption because it helps keep users safe and secure on the web.

Such problems started showing up as early as November, when a test showed flipping on encryption tanked Nexus 6 storage performance. This issue has clearly hit enough Android devices to compel Google to back off from its original plan to require encryption in all new phones running Lollipop.

Fortunately, you can turn this security feature on yourself by following our encryption guide.

Why this matters:Encryption-by-default is long overdue for Android devices. When its upgrade time, youre likely to sell off or trade in your phone, meaning someone else will be using your old device. If your data isnt encrypted, someone with nefarious motives could possibly gain access to your old stuff.

For comprehensive coverage of the Android ecosystem, visit Greenbot.com.

Derek Walter is a freelance technology writer based in Northern California. He is the author of Learning MIT App Inventor, a hands-on guide to building your own Android apps. More by Derek Walter

Your message has been sent.

There was an error emailing this page.

Continue reading here:
Google confirms poor performance is to blame for reneged Android Lollipop encryption pledge

The NSA and GCHQ probably hacked SIM card maker Gemalto, but didn't nab any encryption keys, the firm said.

SIM card maker Gemalto today said it believes the NSA and GCHQ did indeed breach its systems, but the firm found that the agencies were unable to swipe any encryption keys.

The news comes after a recent report, based on documents leaked by Edward Snowden, said that the NSA and its U.K. counterpart hacked Gemalto in order to steal encryption keys and spy on wireless communications.

A multinational chipmaker based in The Netherlands, Gemalto supplies SIM cards used by all four of the top U.S. carriers and 450 wireless network providers around the world. Access by intelligence agencies, therefore, would allow the monitoring of mobile communications without approval, warrant, or wiretap.

Gemalto's subsequent investigation found that the agencies' "intrusions only affected the outer parts of our networksour office networks," Gemalto said. SIM encryption keys and customer data is stored on other networks.

The Dutch tech giant said its networks are frequently under attack, but that very few efforts actually succeed. Two sophisticated attacks in 2010 and 2011, however, caught Gemalto's eye and "could be related" to the reported NSA and GCHQ breaches.

One of those attacks focused on suspicious activity on one of its French sites, while another involved fake emails sent to mobile operator customers. At the same time, Gemalto detected numerous attempts to access the employees' PCs.

Though unable to identify the intruders at the time, the company now believes the NSA and GCHQ were behind the breaches. "An operation by NSA and GCHQ probably happened," it said.

"It is important to understand that our network architecture is designed like a cross between an onion and an orange," the report said. "It has multiple layers and segments which help to cluster and isolate data."

The breach was allegedly detailed in a "secret" 2010 GCHQ document, but was only just made public via the Snowden data dump.

The rest is here:
Gemalto: Spy Agencies 'Probably' Hacked Us, But Encryption Keys Secure

SIM card maker Gemalto has dismissed recent reports that U.K. and U.S. spies obtained encryption keys protecting millions of mobile phones by hacking its network.

Secret documents revealed last week suggested that spies from the U.S. National Security Agency and the U.K. Government Communications Headquarters had stolen SIM card encryption keys from Gemalto, allowing them to intercept the conversations of millions of mobile phone users. The GCHQ documents, dating from 2010, were among those leaked by former NSA contractor Edward Snowden.

On Wednesday, though, Gemalto said that while it had detected sophisticated attacks on its office networks in 2010 and 2011 that it now believed were probably conducted by the NSA and GCHQ, these could not have led to the massive theft of SIM encryption keys.

While the leaked documents showed the spies boasting (We) believe we have their entire network, Gemalto said that its internal investigation showed that the intrusions only breached its office network, and not the entirely separate infrastructure used for generating and transmitting the SIM card encryption keys.

By 2010 those keys were being exchanged with its network operator customers by secure means in all but a few cases, making the wholesale theft of the keys unlikely and meaning that Gemalto could not have been the source of the massive leaks reported, it said.

Furthermore, Gemalto had never sold SIM cards to four of the 12 networks named in the leaked documents, so it could not have been the source of, for example, 300,000 SIM encryption keys stolen from a Somali carrier, it said.

That doesnt exclude the possibility that the keys were stolen from other SIM manufacturers, though: Gemalto is the largest, but not the only, supplier of the devices.

Even if the spy agencies had somehow stolen SIM encryption keys from Gemalto, only communications on second-generation mobile networks such as GSM would be vulnerable, not the newer 3G and 4G networks introduced by many operators after 2010, the company said.

Gemalto assumed for the purposes of its investigation that the leaked documents were genuine and accurate, but did not seek to confirm or refute the documents claims, it said.

Outsiders regularlyand unsuccessfullytry to hack its networks, it said, and only a few attempts breach even the outer levels of its network.

Here is the original post:
World's top SIM maker says NSA spies hacked in, but didn't steal encryption keys

If the app crash, don't delete it, because the data are stored in it. Please contact technical support immediately:wangping_app@sina.com or qq:673368731.The best and most powerful privacy protection app, encrypted storage for your photo, video, account, diary and contact.How does it work?First, as a encryption app, you most care about the security issues, SafeBoxPro provides multiple protection mechanisms to ensure the safe storage of your secret: Support login password - login password needed to enter the app Support folder password - each folder can set a special password Support photo file encryption - even if others copy your photos, they can't see Support pseudo password - when you enter the pseudo password, only show some irrelevant photo and videoSecond as a good tool for everyone commendable, how can everywhere restrictions, charges? Unlimited storage: no number and capacity constraints Completely free: no functional limitations, enjoy all the thoughtful design Thirdly, as a powerful privacy protection tool, there are many of unexpected features: Support encrypted storage: photos, videos, accounts, diaries, contacts Supports import and export photos and videos Supports sending photos with Email and MMS Support sharing photos to social networking sites: such as weibo, facebook, twitter Support slide show photos Support beautify photo feature Support play videos Support encrypted storage account, so you dont have to worry about remembering passwords What are you waiting for? Just download you can have such a powerful, feature-rich free encryption App, no longer afraid of privacy photos, videos, accounts, diaries, contacts be seen by others!

Go here to see the original:
SafeBoxPro-Encryption to protect your secrets

The White House heads west to Silicon Valley on Friday looking for ideas on how to improve the nations cybersecurity, and members of President Barack Obamas administration are likely to get an earful.

The White Houses first-of-its-kind cybersecurity summit at Stanford University will feature remarks from Obama and from Apple CEO Tim Cook, but participants are likely to hear a range of ideas about how to improve cybersecurity at U.S. businesses.

Scheduled panel discussions will focus on improving cybersecurity practices at consumer-facing businesses, on using cybersecurity as a business advantage, and on promoting secure payments.

The use of encryption could be a sticking point during discussions. Obama administration members have voiced concerns in recent months about Apple and Google adding encryption functionality to smartphones running their operating systems. Officials at the FBI and Department of Justice say a larger number of encrypted smartphones will allow criminals to hide their activities from police.

Its unlikely that the Obama administration will push for encryption workarounds at the summit, said Kevin Bankston, policydirector at theNew America Foundations OpenTechnology Institute digital rights group. Instead, Bankston said he expects Obama to promote encryption.

We do hope he will use it as an opportunity to reaffirm the White Houses recognition of encryption technology as a cornerstone of the modern Internet economy and a critical tool for the protection of privacy and cybersecurity, Bankston said.

Other cybersecurity experts and summit participants hope a variety of security tools will be highlighted there.

Participants need to focus on how to improve the sharing of cyberthreat information between businesses and government agencies, said Phil Smith, senior vice president of government solutions and special investigations at cybersecurity vendor Trustwave.

Some U.S. lawmakers and tech trade groups have pushed Congress for years to pass legislation that would protect from customer lawsuits businesses that share this data. But privacy groups have objected to past bills like the Cyber Intelligence Sharing and Protection Act [CISPA], saying it would allow businesses to share too much personal information with the government.

Sharing cyberthreat information between law enforcement, government agencies and the private sector is imperative to protecting the citizens of our country against the latest cyberthreats and I hope the summit will focus on that message, Smith said by email.

Read more:
Groups to push for encryption, secure payments at White House cyber summit

Snowden Advocates for Encryption at the Harvard Data Privacy Symposium

By: Datamotion, Inc.

Read the original post:
Snowden Advocates for Encryption at the Harvard Data Privacy Symposium - Video

#39;FREAK #39; Alert: Mega Encryption Bug Now Affects Microsoft Windows
#39;FREAK #39; Alert: Mega Encryption Bug Now Affects Microsoft Windows Microsoft has issued a security warning about a bug that could let attackers spy on supposedly secure communications. Called...

By: Innovative Technology

Continue reading here:
'FREAK' Alert: Mega Encryption Bug Now Affects Microsoft Windows - Video

Summary:The Cryptocat developer's new team aims to get easy file and message encryption into everyone's hands, which could give Gmail and Dropbox (and the NSA) a run for their money.

Peerio's core development team, including cryptography head Nadim Kobeissi (back-left) (Image: Peerio)

NEW YORK -- Encryption to most people either just happens, or it doesn't. A select few have the skills to fiddle with keys, code, and command prompts needed to secure emails and documents, but the vast majority rely on tech titans like Google and Dropbox instead to do the hard work.

In the aftermath of the global surveillance leaks, Nadim Kobeissi wants to give ordinary people on the street the keys to their own kingdoms: by making encryption easier to use.

The 24-year-old developer, now living in Paris for his PhD program, spent most of his formative teenage years working on end-to-end secure chat client Cryptocat, as well as miniLock, a passphrase-based encryption standard. A little less than a year ago, Montreal-based tech investor Vincent Drouin tasked him to forge something out of the fire of his previous successes. After Kobeissi carefully crafted an eight-person team, the Peerio app was born.

Peerio is an encrypted messaging and file storage app for Windows, Mac, and the Chrome browsers that takes the likes of Gmail and Outlook, HipChat, and Dropbox to task. The app puts its users in the privacy driving seat, clearly marking for the lay user when something is encrypted.

On Monday, the team unveiled a significant update: a revamped, cleaner user interface, improved synchronization across devices, and an early-April timeframe for its mobile apps. Since launch, the company has seen extraordinary growth, from 50 users in initial testing to 15,000 users in a month after its mid-January debut.

"We're offering all the tools you need to get work done, but also doing so with a level of encryption that most services just simply do not bother to implement," Kobeissi said on the phone.

The app aims to be simple. According to Kobeissi, "There's nothing new to learn," Indeed, the user interface is easy -- with features like Gmail's "compose" window and Dropbox's drag-and-drop functionality included. The user interface and overall experience is a particular focus for the team. Security and privacy shouldn't be difficult, but encryption software has a bad rap for making it so.

Read the rest here:
Meet the free encryption app that promises to put your privacy first