Category Archives: Encryption

Stop the Leak: An Admins Guide to Encryption for Gmail and Google Apps – gCON – Breakout 7 – Video

Posted on by


Stop the Leak: An Admins Guide to Encryption for Gmail and Google Apps - gCON - Breakout 7
Whether for regulatory requirements like HIPAA or simply to protect financial, legal, or intellectual property information, protection of corporate data has never been more important. As more...

By: Google Gooru

Original post:
Stop the Leak: An Admins Guide to Encryption for Gmail and Google Apps - gCON - Breakout 7 - Video

TorrentLocker unpicked: Crypto coding shocker defeats extortionists

Posted on by

Providing a secure and efficient Helpdesk

Crooks have borked the encryption behind the TorrentLocker ransomware, meaning victims can avoid paying the extortionists and unlock their data for free.

TorrentLocker was regarded as the demonic spawn of CryptoLocker and CryptoWall which made killings last year by encrypting valuable data owned by individuals and organisations.

Research trio Taneli Kaivola, Patrik Nisn and Antti Nuopponen of Finnish consultancy Nixu said victims could break the ransomware if they had a plaintext backup of any of their now encrypted files.

"In practice this means that if you have both the original and the encrypted version of a single file that is over 2MB in size, the entire keystream can be recovered which makes it possible to recover all your files encrypted by TorrentLocker," the trio write.

"As the encryption was done by combining the keystream with the plaintext file using the XOR operation, we were able to recover the keystream used to encrypt those files by simply applying XOR between the encrypted file and the plaintext file.

"We tested this with several samples of the affected files we had and realised that the malware program uses the same keystream to encrypt all the files within the same infection. This was a cryptographic mistake on the malware author's part, as you should never use the keystream more than once."

TorrentLocker appended 264 bytes of junk data to encrypted files and only locked down the first 2Mb of the files.

The researchers suspected the 2Mb limit was a deliberate strategy to make TorrentLocker faster, which the malware's developers may not have known would also weaken its security.

The mystery 264 bytes was unique for each infection meaning the researchers could write a tool to recognise the encryption keystream and decrypt the affected files.

Read more:
TorrentLocker unpicked: Crypto coding shocker defeats extortionists

Islamic State jihadists planning encryption-protected ‘cyber caliphate’

Posted on by

Islamic State boasting of its plans to create a sophisticated cyber army Plans to use 'cyber caliphate' to launch attacks on banks and governments British hacker once jailed for cyber attack on PM thought to be involved Comes as President Obama announces air strikes will extend into Syria

By Corey Charlton for MailOnline

Published: 05:41 EST, 11 September 2014 | Updated: 06:17 EST, 11 September 2014

85 shares

65

View comments

Islamic State militants are planning the creation of a 'cyber caliphate' protected by their own encryption software - from behind which they will launch massive hacking attacks on the U.S. and the West.

Both Islamic State and Al Qaeda claim to be actively recruiting skilled hackers in a bid to create a team of jihadist computer experts capable of causing devastating cyber disruptions to Western institutions.

They are now boasting it is only a matter of time before their plan becomes a reality.

Scroll down for video

View post:
Islamic State jihadists planning encryption-protected 'cyber caliphate'

Encryption failures fixed in popular PGP email security tool Enigmail

Posted on by

Developers of the popular Enigmail email security extension for Thunderbird have fixed several issues that could have exposed messages users believed to be encrypted.

Enigmail provides a graphical user interface in the Mozilla Thunderbird and SeaMonkey programs that allows users to digitally sign and encrypt email messages using the OpenPGP standard.

The Enigmail Project released version 1.7.2 of the extension on Aug. 29 and briefly noted that the release fixes several important bugs. The changelog did not contain additional details about the impact of the fixed issues, but included a link to the projects external bug tracker.

In addition to several non-security issues, the bug tracker lists a number of addressed bugs that could have serious security implications for users of the older Enigmail 1.7 version. One of them causes emails to be sent in unencrypted form when only BCC (blind carbon copy) recipients are specified.

Another issue causes drafts to be saved in plain text when writing a new email even when the email is marked for encryption automatically. If the IMAP protocol is used, the unencrypted drafts can be synchronized with the email server, exposing potentially sensitive information.

This behavior only happens when the system selects an email for encryption automatically based on an existing per-recipient rule or when the recipients public key exists in the local key store. If the email is manually marked to be encrypted (e.g. by clicking the yellow key symbol on the bottom-right) the drafts are correctly encrypted before being sent to the IMAP server, the bug entry notes.

Another bug can cause an incorrect encryption or signing status message to be displayed when composing a reply. This especially happens if the compose window is not opened for the first time, another entry on the bug tracker notes.

A fourth issue that has been addressed can cause an upgrade from Enigmail 1.6 to 1.7 to break encryption. Email messages wont be encrypted if the per recipient setting is disabled under Key Selection, despite other key selection mechanisms like by email and manual if missing being enabled.

When confirmation dialog is enabled you can even see that Enigmail wants to send an email unsigned/unencrypted despite having selected forced encryption, the corresponding bug entry says. Otherwise it is silently sent unencrypted.

An Enigmail user who reported one of the encryption failures in version 1.7 on the projects support forum described the situation as the biggest imaginable catastrophe.

See original here:
Encryption failures fixed in popular PGP email security tool Enigmail

Porticor and nScaled Deliver Secure and Compliant Business Continuity and Disaster Recovery …

Posted on by

Porticor Adds Software-Defined Encryption Key Management to nScaled's Leading IT BCDR Platform for Complete Protection of Replicated Data in the Cloud

CAMPBELL, Calif., and SAN FRANCISCO Porticor and nScaled today announced the industry's first joint solution integrating software-defined homomorphic encryption key management to protect customers' cloud information and applications replicated for IT Business Continuity and Disaster Recovery (BCDR).

Porticor is a leading cloud data security company delivering the only cloud-based key management and data encryption solution that infuses trust into the cloud and keeps cloud data confidential. nScaled is a provider of automated, integrated IT Business Continuity and Disaster Recovery (BCDR) solutions.

nScaled's Disaster Recovery as a Service (DRaaS) platform replicates data, servers, operating systems and applications to protect and deliver critical IT services to users in case of a man-made or natural disaster, equipment failure or data loss. nScaled's DRaaS hybrid cloud solution ensures that replicas are up to date at all times, including both the data and the "virtual machine images" of the code that runs the applications. Forrester Research, Inc., named nScaled a Leader in The Forrester Wave: Disaster-Recovery-As-A-Service Providers, Q1 2014.

Porticor adds key management and encryption to nScaled's solution. Integrated into nScaled's physical and virtual appliance, Porticor encrypts the data store of each application backed up by nScaled's solution seamlessly and transparently. Porticor is also implemented on nScaled's cloud, ensuring that any data replicated to the nScaled cloud is also encrypted. The result is multifaceted, data-at-rest and in-transmission encryption solution that protects information at the customer's data center and in the cloud.

"We are in the insurance business so clients share personal and account information about their employees with us," said Aatash Patel, IT Director at Covala Group, a leading enroller and administrator of voluntary, supplemental individual disability benefits for large employers. "With nScaled in place serving our disaster recovery needs, we needed a private cloud data encryption solution that was high performing and compatible with our VMware environment. Porticor has been our answer to protect clients' confidential information, and help us meet their compliance requirements. We spun up Porticor with nScaled in our cloud without any technical training, and support has been very helpful at both companies. I am very happy with what both vendors are doing together so far."

For a white paper on the partnership and joint solution now available, see http://www.porticor.com/porticor-nscaled-secure-dr/.

"Business continuity and disaster recovery have been one of the most successful services offered through the cloud model, and nScaled delivers the industry's leading automated and integrated solution," said Mark Jameson, VP of Worldwide Sales and Product Strategy at nScaled. "Together with Porticor we are providing the most secure and reliable Disaster Recovery as a Service (DRaaS) to protect customer's data and applications."

"Cloud providers, including providers delivering DRaaS, offer a shared responsibility' model for the security and protection of customer applications and data," said Gilad Parann-Nissany, Porticor founder and CEO. "Now that we have teamed with nScaled, customers can be assured that their applications and information will be available and safe from loss due to disasters and cloud data security threats."

Cloud data encryption provides an effective layer of protection against new cloud security challenges, including internal cloud data center threats, information protection in a shared environment, and compliance requirements which mandate information to be secured both on premises and in the cloud. The challenge created is not in encrypting the data, but with managing the encryption keys. To provide secure cloud management of encryption keys for outsourced data center services to the nScaled cloud, Porticor uses a highly sophisticated and patented approach split key encryption and homomorphic key management.

Continue reading here:
Porticor and nScaled Deliver Secure and Compliant Business Continuity and Disaster Recovery ...