Category Archives: Encryption

FBI’s Comey takes a shot at Apple, Google

Posted on by

Jose Luis Magana | AP Photo

FBI Director James Comey speaks about the impact of technology on law enforcement, Oct. 16, 2014, at Brookings Institution in Washington.

FBI Director James Comey publicly rebuked two of America's most prominent technology companies in a speech on encryption in Washington on Thursday, arguing that Apple and Google are potentially creating "a black hole for law enforcement."

At issue is the announcement by the two companies that new operating systems will encrypt data by defaultmeaning that Apple and Google could not respond to a legal warrant for access to a suspect's phone because they would not be able to break the encryption.

In remarks that were open to the public at the Brookings Institution, Comey said the heightened encryption is going to cause problems for the FBI as it tracks down criminals and terrorists.

"Both companies are run by good people, responding to what they perceive is a market demand," Comey said. "But the place they are leading us is one we shouldn't go to without careful thought and debate as a country."

Encryption, he said, "threatens to lead us all to a very dark place."

Read MoreGoogle discloses Web encryption vulnerability

Comey acknowledged that the companies are acting in the wake of the Edward Snowden disclosures about U.S. government spying by offering customers phones that will be resistant to the government's efforts to access data.

"Perhaps it's time to suggest that the post-Snowden pendulum has swung too far in one directionin a direction of fear and mistrust," Comey said. "Are we so mistrustful of governmentand of law enforcementthat we are willing to let bad guys walk away?"

See the original post:
FBI's Comey takes a shot at Apple, Google

Google exposes ‘Poodle’ flaw in Web encryption standard

Posted on by

Three Google security engineers uncover a major vulnerability in the older -- but still supported -- Web encryption standard SSL 3.0. Experts say fixing it is impossible and upgrading will be difficult.

A 15-year-old encryption protocol for browsers and websites is now too vulnerable to safely use. CNET

Older Web technology continues to be dogged by revelations that show how insecure it is. A trio of Google security engineers proved that the encryption standard Secure Socket Layer can be circumvented thanks to a new vulnerability they dubbed "POODLE."

POODLE is a new security hole in Secure Socket Layer (SSL) 3.0 that makes the 15-year-old protocol nearly impossible to use safely, said Google security engineers Bodo Mller, Krzysztof Kotowicz and Thai Duong in a new report published on Tuesday.

The vulnerability allows encrypted, ostensibly-secret information to be exposed by an attacker with network access. POODLE, which stands for Padding Oracle On Downgraded Legacy Encryption (PDF), is a problem because it's used by both websites and Web browsers. Both must be reconfigured to prevent using SSL 3.0, and POODLE will remain a problem as long as SSL 3.0 is supported.

While SSL 3.0 is no longer the most advanced form of Web encryption in use, Mller explained browsers and secure HTTP servers still need it in case they encounter errors in Transport Layer Security (TLS), SSL's more modern, less vulnerable younger sibling.

The good news is that not much of the Web relies on SSL 3.0 anymore. A study by the University of Michigan shows that few sites rely on SSL 3.0 for anything. Less than 0.3 percent of communication between site and server depends on SSL 3.0, while 0.42 percent of the top 1 million domains on Alexa use it in even partially.

The reason that POODLE is a problem is that attackers can force your browser to downgrade to SSL 3.0.

If either browser or server runs into problems connecting with TLS, sites and browsers will often fall back to SSL. The problem is that attackers can force a connection failure which would force a site to use SSL 3.0, which would then expose it to hackers.

Because disabling SSL 3.0 outright causes compatibility problems for sites and servers, Mller recommended that administrators for both add support for TLS_FALLBACK_SCSV, a TLS protocol that blocks attackers from conning browsers into downgrading to not only SSL 3.0, but TLS 1.0 and 1.1 as well. It "may help prevent future attacks," he wrote.

Read the rest here:
Google exposes 'Poodle' flaw in Web encryption standard

Google Reveals ‘Poodle’ Web-Encryption Bug

Posted on by

The bug affects a 15-year-old encryption standard known as SSL 3.0, but is less severe than Heartbleed or Shellshock.

Another week, another Internet vulnerability uncovered: Google researchers have reported a Web encryption bug that allows hackers to infiltrate email, banking, and other online accounts.

Dubbed Poodle (for "Padding Oracle On Downgraded Legacy Encryption"), the threat affects a 15-year-old encryption standard known as SSL 3.0. But it is reportedly less severe than Heartbleed or Shellshock.

Existing in old software and nearly all browsers, the bug is not easy to apply: It requires a hacker to tap into the connection between you and your browser, referred to as a man-in-the-middle exploit.

"If Heartbleed/Shellshock merited a 10, then this attack is only around a 5," said Errata Security's Robert Graham.

So while you have little to worry about surfing the Web on a secure home connection, using the local coffee shop's unencrypted Wi-Fi makes it simpler for a nearby hacker to take complete control of your accounts.

The good news is they won't be able to steal your password.

Google researchers Bodo Mller, Thai Duong, and Krzysztof Kotowicz discovered the vulnerability, which unfortunately does not come with a quick fix.

Your best bet is to avoid SSL 3.0 entirely, and add a second mechanism called TLS_FALLBACK_SCSV, which will help solve the immediate problem and prevent future attacks.

Chrome and Firefox users can visit Googler Adam Langley's blog for more details on how to implement the patches.

Read the rest here:
Google Reveals 'Poodle' Web-Encryption Bug

Apple, Google encryption should be within reach of law enforcement, says cyber czar – Video

Posted on by


Apple, Google encryption should be within reach of law enforcement, says cyber czar
Encryption is always a best practice, says White House cyber czar Michael Daniel, but it should never put information utterly beyond the reach of law enforce...

By: The Christian Science Monitor

Continued here:
Apple, Google encryption should be within reach of law enforcement, says cyber czar - Video

The North American hardware encryption display market is expected to reach $57,116.8 million by 2018 – New Report by …

Posted on by

(PRWEB) October 13, 2014

The North American hardware encryption display market report defines and segments the concerned market in North America with analysis and forecast of revenue. This market was valued $4,862.8 million in 2013, and is expected to reach $57,116.8 million by 2018, at a CAGR of 63.7% from 2013 to 2018.

Browse through the TOC of the North American hardware encryption market report, to get an idea of the in-depth analysis provided. This also provides a glimpse of the segmentation of the market, and is supported by various tables and figures.

http://www.micromarketmonitor.com/market/north-america-hardware-encryption-6963113786.html

Currently, the smartphones and tablets are the most widely used consumer electronics products, which have surpassed computer/desktop web users. Thus, it has become one of the emerging markets for hardware encryption. The hardware encryption enabled on smartphones and tablets are majorly devoid of any storage components, thus it cannot be considered as a separate product. Most enterprise-edition smartphones and tablets have a hardware encryption chip set in them, which does the encryption and decryption processes. The main strategy of the market leaders in the hardware encryption industry is to provide complete solution to protect data, which is not only limited to one product line, but is also solutions for management all sorts of devices that can store data, such as flash drives, smartphones, and tablets.

Speak to Analyst @

http://www.micromarketmonitor.com/contact/6963113786-speak_to_analyst.html

North America is the potential market for hardware encryption as it accounted for nearly 33% of the global hardware encryption market share in 2013. The technological innovations in the field of data security solutions have led to decreasing average costs of hardware encrypted products. The resultant cost differences between hardware and non-hardware encrypted products are expected to drive the concerned market in the region. The major countries contributing to the North American hardware encryption market are the U.S., Canada, and Mexico. The U.S. dominates the market, due to the top players, such as Seagate Technology Plc (U.S.) and Imitation Corporation (U.S.), who have collaborated with encryption software providers, encrypted USB flash drive players, and hardware encryption chip set manufacturers in this region.

Early buyers will receive 10% customization on this report.

http://www.micromarketmonitor.com/contact/6963113786-request_for_customization.html This market is segmented and forecast based on applications, products, and end-users. The market in terms of application comprises automotive, consumer electronics, emerging & next gen applications, medical, military, and networking/communication solutions. On the basis of products, the market is segmented into flash drive, hard disk drives, and in line encryptors. The market is further segmented and forecast based on end-users, covering building/infrastructure, consumer & commercial, industrial manufacturing, and other end-users.

Excerpt from:
The North American hardware encryption display market is expected to reach $57,116.8 million by 2018 - New Report by ...

How strong is Microsoft Excel encryption?

Posted on by

I use encrypted Excel 2007 documents to store some sensitive financial information on my Windows 7 laptop. To give me access to these off site I'm thinking of attaching a copy to an email message. How secure is the encryption?

Secondly: on opening the laptop I occasionally get a red tinge on the screen, which disappears when I move the screen slightly. Am I right in assuming that this is probably something to do with the flat cable that connects the screen to the body of the laptop?

Second question first, and yes, it sounds a lot like a connector problem. It will probably only get worse so it is worth getting it seen to ASAP, in case you lose the display altogether. If it is just a loose connector it should be a fairly quick and easy fix for an engineer; I would not attempt a DIY repair, though, as dismantling laptops, without the right tools and skills, can be a tricky and risky business.

Up to Excel 2000 encryption was weak and could be broken in a matter of seconds using widely available utilities on the web. It was strengthened significantly in Excel 2002/3, and changing from the default encryption method made it even stronger. Further improvements followed in Excel 2007 and the default settings, in conjunction with a long (9 or more alphanumeric characters and symbols), should be sufficient to keep your files safe from all but the most determined hackers, with access to powerful computers and a lot of time on their hands. Even so, you might want to rethink how you are going to access these files, especially if it is going to involve connecting to the Internet through potentially insecure public wireless networks and hotspots.

View original post here:
How strong is Microsoft Excel encryption?