WhatsApp, the electronic messaging service app announces a press release recently informative that end-to-end encrypted chats on the platform are powerfully protected. The Narcotics management Bureau (NCB) appearance to research the names that emerged within the alleged drug nexus. This gave rise to queries around the privacy and security of WhatsApp.

It is vital to recollect that individuals register on WhatsApp mistreatment solely a sign, and WhatsApp does not have access to your message content, a WhatsApp advocate told IANS. WhatsApp follows few important operation systems like sturdy passwords or biometric IDs to stop third parties from accessing content keep on the device.

The backup to Google Drive could be a straightforward manner of backing up chat history therefore if you alter devices or get a replacement once the info isnt lost. Thus our chats will be private to our drive and will not spread across other public sites or even WhatsApp team.

See original here:
WhatsApp says end-to-end encryption to protects chats among app however not cloud backups - Stanford Arts Review

Fort Collins, Colorado Reports Globe recently added the Cloud Encryption Technology Market Research Report that provides a thorough investigation of the market scenario of the market size, share, demand, growth, trends, and forecast from 2020-2027. The report covers the impact analysis of the COVID-19 pandemic. COVID-19 pandemic has affected the export-import, demands, and trends of the industry and is expected to have some economic impact on the market. The report provides a comprehensive analysis of the impact of the pandemic on the overall industry and offers insights into a post-COVID-19 market scenario.

The report primarily mentions definitions, classifications, applications, and market overview of the Cloud Encryption Technology industry. It also covers product portfolios, manufacturing processes, cost analysis, structures, and gross margin of the industry. It also provides a comprehensive analysis of the key competitors and their regional spread and market size.

Global Cloud Encryption Technology Market valued approximately USD 529.5 million in 2016 is anticipated to grow with a healthy growth rate of more than 30.3% over the forecast period 2017-2025.

Get a sample of the report @ https://reportsglobe.com/download-sample/?rid=8177

Competitive Analysis:

The report provides a comprehensive analysis of the companies operating in the Cloud Encryption Technology market, along with their overview, business plans, strengths, and weaknesses to provide a substantial analysis of the growth through the forecast period. The evaluation provides a competitive edge and understanding of their market position and strategies undertaken by them to gain a substantial market size in the global market.

Key features of the Report:

The report covers extensive analysis of the key market players in the market, along with their business overview, expansion plans, and strategies. The key players studied in the report include:

Request a Discount on the report @ https://reportsglobe.com/ask-for-discount/?rid=8177

Additionally, the report is furnished by the advanced analytical data from SWOT analysis, Porters Five Forces Analysis, Feasibility Analysis, and Investment Return Analysis. The report also provides a detailed analysis of the mergers, consolidations, acquisitions, partnerships, and government deals. Along with this, an in-depth analysis of current and emerging trends, opportunities, threats, limitations, entry-level barriers, restraints and drivers, and estimated market growth throughout the forecast period are offered in the report.

Market Breakdown:

The market breakdown provides market segmentation data based on the availability of the data and information. The market is segmented on the basis of types and applications.

By Component:

By Service Model:

By Cloud Deployment:

By Organizational size

By Vertical:

Request customization of the report @https://reportsglobe.com/need-customization/?rid=8177

The report provides additional analysis about the key geographical segments of the Cloud Encryption Technology Market and provides analysis about their current and previous share. Current and emerging trends, challenges, opportunities, and other influencing factors are presented in the report.

Regional analysis includes an in-depth study of the key geographical regions to gain a better understanding of the market and provide an accurate analysis. The regional analysis coversNorth America, Latin America, Europe, Asia-Pacific, and the Middle East & Africa.

Objectives of the Report:

To learn more about the report, visit @ https://reportsglobe.com/product/global-cloud-encryption-technology-market-size-study/

Thank you for reading our report. To learn more about report details or for customization information, please contact us. Our team will ensure that the report is customized according to your requirements.

How Reports Globe is different than other Market Research Providers

The inception of Reports Globe has been backed by providing clients with a holistic view of market conditions and future possibilities/opportunities to reap maximum profits out of their businesses and assist in decision making. Our team of in-house analysts and consultants works tirelessly to understand your needs and suggest the best possible solutions to fulfill your research requirements.

Our team at Reports Globe follows a rigorous process of data validation, which allows us to publish reports from publishers with minimum or no deviations. Reports Globe collects, segregates, and publishes more than 500 reports annually that cater to products and services across numerous domains.

Contact us:

Mr. Mark Willams

Account Manager

US: +1-970-672-0390

Email:[emailprotected]

Web:reportsglobe.com

Go here to see the original:
Cloud Encryption Technology Market Size, Analytical Overview, Key Players, Growth Factors, Demand, Trends And Forecast to 2027 - The Daily Chronicle

getty

There was an awkward twist to last weeks news that WhatsApp users are being targeted with text bomb messagescrafted character strings that crash the app. An awkward twist for WhatsApp, that is, quite apart from the pain for impacted users. The Facebook-owned messaging platform has assured that the vulnerability is being fixed, that updates will be rolled out to users worldwide.

But its not that simplethere are two serious issues with WhatsApp, both of which make this text bomb attack more serious than it need be, both of which are reportedly being fixed, both of which will be a radical update for 2 billion WhatsApp users.

The warning about this latest spate of dangerous messages has been widely covered in the media. The coded messages throw WhatsApp into an infinite crash cycle that requires a user to delete and reinstall the app. The text strings cannot be rendered by the appit crashes each time it tries. So, as soon as you receive and open the message, its game over. The only get-out is to use something other than your smartphone to delete the message and block the sender. And here we find problem number one.

WhatsApp doesnt have an independent desktop appits just a scrape of your smartphone app. Thats why you need to keep your smartphone app connected. If your smartphone app cannot open, then the desktop app is useless. All of which means you need to realize youve been attacked with a text bomb message, and turn to your desktop app to delete it and block the sender, without using your smartphone app until thats done. Thats both inconvenient and impracticalbut its the only way.

WhatsApp now has linked devices in late-stage development. This is critical for WhatsApp as it plays catch up with the features already offered by competitors such as Signal, iMessage and even Facebook Messenger. Once released, this will mean you should be able to delete the message and block the sender and then reopen the apppushing it into the background, which should be able to sync its database without trying to render the dangerous message. Linked devices are not yet available, which means that if you throw your smartphone app into an infinite crash you have no option but to delete and reinstall the app. And that leads to problem number two.

If you want to restore your chat history and media when you reinstall WhatsApp, you need to use the cloud backup available from within the app itself. WhatsApp gives iPhone and Android users the option to send a daily, weekly, or monthly backup to Apple AAPL or Googles GOOGL respective cloud services. The problem is that those backups undermine the entire basis for WhatsApps trademark security.

WhatsApp/iOS

Were talking about end-to-end encryption, of course. This means that the key to decrypt your messages is held only by you and the person or people youre messaging. As WhatsApp itself says, some of your most personal moments are shared with WhatsApp, which is why we built end-to-end encryption into our app. When end-to-end encrypted, your messages, photos, videos, voice messages, documents, and calls are secured from falling into the wrong hands.

According to WhatsApps owner, Facebook, such encryption not only mitigates the risk of messages being intercepted in transit, but also the compromise of server and networking infrastructure, their own included. Thats somewhat ironic, given that Facebook Messenger is not currently end-to-end encrypted, except where users elect to send secret messages, albeit it plans to rectify this at some point.

All of which leads to that problemWhatsApp is end-to-end encrypted, but those cloud backups are not. Media and messages you back up, it warns iPhone users, are not protected by WhatsApp end-to-end encryption while in iCloud. The same issue impacts Android users backing up to Googles cloud. Your device hosts a decrypted messaging database, that is then backed up from your device to the cloud service, wrapped by standard (not end-to-end) encryption, nothing more than that.

Signal, the best alternative to WhatsApp, does not offer a cloud backup of any sort. Letting the data out of a users control, it says, is a material security risk and one it does not enable. Whereas a WhatsApp user transitioning to a new phone does so by way of the cloud backup, restoring to the new device, Signal offers a direct, wireless device to device transfer or a specially encrypted backup file, one that can be copied onto the new device and then used to restore the messaging history.

U.S. lawmakers are currently pushing for warranted access to encrypted messaging platforms, to enable investigators to access user content, something that is blocked when only the sender and recipient have those decryption keys. Clearly, when the data is on a cloud backup service, without that end-to-end encryption, then law enforcement and security agencies can access that data through the cloud providerApple or Googlewhen a jurisdictional warrant allows them to do so.

Just as with linked devices, WhatsApp appears to be developing an extension to its end-to-end encryption, enabling this protection to extend to these cloud backups. Until then, thoughand theres no confirmed timing on any release, users will have to make a choice between protecting their apps, in case they lose their phone or fall victim to a text bomb type attack, or to protect their data from the risk that it becomes exposed without the encryption it enjoyed when transmitted.

If the thought of exposing years of messages to potential scrutiny by others, stripping it of the encryption it enjoys in WhatsApp worries you, then perhaps you should trust that this latest text bomb issue will be patched by WhatsApp. Thats what were being told. But there was a similar issue raised by the cyber research team at Check Point last year, one that manipulated message metadata to send the app into an infinite crash in the same way, one that was apparently fixed, and yet here we are again.

As now, part of the advice to mitigate such threats is to prevent your number being added to groups by those you do not know. You can make that change within the apps privacy settings. You should limit all privacy settings to your contacts.

WhatsApp/iOS

Ive commented before that of all the new functionality reportedly coming from WhatsApp, it is linked devices and encrypted backups that trump all others for their importance. Hardly a coincidence then, that this latest issue with the so-called travazap crash code messages that originated from Brazil would highlight both those issues. WhatsApps 2 billion users need to be given these updates. And fast.

Go here to read the rest:
WhatsApp Users To Get Radical New Update: Heres Why You Need It - Forbes

Getty/SOPA Images

ByteDance's TikTok and Tencent's WeChat apps will be banned from US app stores starting Sunday, the Trump administration said Friday, as part of the president's campaign to protect American consumers and businesses from "the threats of the Chinese Communist Party," according to a statement from US Commerce Secretary Wilbur Ross.

If you've already downloaded WeChat, you can still use the messaging, social media and mobile payment app without penalty, according to a US Justice Department court filing. However, the US servers carrying your data will no longer work, so sending a message or a photo will have to go through one overseas -- meaning it will take a lot longer to send or receive anything. It's not a complete shutdown, but it'll likely make your experience much more frustrating.

Subscribe to the Mobile newsletter, receive notifications and see related stories on CNET.

While WeChat isn't a household name in the US, it's a massive social network with more than 1.2 billion monthly active users. Because it's such a widely used app, many Americans use WeChat to keep in touch with friends and family overseas -- particularly in China. People often turn to the app because it gets around pricey international fees for traditional phone calls and text messages.

Until the legal situation is sorted out, here are a few WeChat alternatives that you can switch to for your messaging needs -- many of which have a strong presence internationally. A caveat: Most of these apps, including Facebook Messenger, Line, WhatsApp and Telegram, are banned in China.

Sina Weibo -- China's equivalent to Twitter -- may be the closest you can get to a WeChat replacement in China. You can sign up for an account in the US and several other countries, too. On Weibo, you can post messages publicly or send them privately to other users (though these messages are not encrypted), and livestream videos or post short videos, similar to Instagram Stories.

The Facebook-owned WhatsApp is a chat app that lets you share messages, pictures and videos with others on the platform from your phone or desktop. You can also video chat with up to eight people. A big privacy plus to using WhatsApp is that all messages and calls are end-to-end encrypted, and Facebook says that "no one else can view or listen to your private conversation, not even WhatsApp."

WhatsApp is available in several countries and territories, including the US, Singapore, Malaysia and Hong Kong.

The Japanese-based messaging app Line offers free messaging, voice and video calls across iPhones, Androids, PCs and Macs. You can also livestream video, post videos and photos to your timeline, add photo filters, search through the daily news and, in some countries, join groups. You can also enable Line's end-to-end encryption feature, called Letter Sealing.

Telegram is a messaging app available on Android, iOS, Windows and Mac, as well as through a web browser. It recently added one-on-one video calls (which are end-to-end encrypted), and plans to roll out group video calling in the coming months. There's also a "secret chat" option for encrypted messages, too.

For more, you can read our explainer about what's been going on with TikTok in the US. You can also check out our list of the best free video chat apps.

Now playing: Watch this: TikTok expert says whoever buys it is playing with fire

15:18

See the original post:
WeChat is getting banned: Here are the best messaging app alternatives - CNET

WhatsApp is a really popular chat app they recently crossed the 2 billion user mark. The Android app also crossed the 5 billion install mark on the Google Play Store and follows in the footsteps of its owner, Facebook its the tenth app to reach that spot.

Facebook had bought it for $19 billion when it had 450 million users.

WhatsApp has had it fair share of security issues with the recent and major one that Jeff Bezos phone was hacked through an infected WhatsApp file.

The app isnt the safest among its peers such as Telegram whose founder, Pavel has openly said is dangerous to use.

For encryption, WhatsApp uses the Signal Protocol that was developed by Open Whisper Systems -an open-source software ran by entrepreneur, security researcher and cryptographer Mathew Rosenfield(he goes by the pseudonym Moxie Marlinspike)

He was a former head of the security team at Twitter.

This same protocol is used by Signal, another privacy-focused messaging app, Allo, Facebook Messenger and Skype.

Facebook cant read your WhatsApp messages thanks to this end-to-end encryption.

WhatsApp collects alot of data and this includes information users provide, information the app collects and third-party information.

Its worth stressing that WhatsApp doesnt store your messages, only the undelivered ones that are stored in their servers for up to 30 days as they try to deliver them.

Information you provide includes your account information, your messages, your connections and customer support. Information WhatsApp collects automatically include usage and log information, transactional information, device and connection information, cookies and status information.

Third-party information inlcude information other people provide about you, third-party providers and third-party services.

Facebook, the company that owns WhatsApp has come under intense scrutiny now that they intend to merge its messaging platforms between WhatsApp, Instagram messaging and Facebook Messenger.

The European Union recently fined Facebook after it told regulators that it couldnt share WhatsApp phone numbers and Facebook data and they went ahead and did it.

Cloud backups are allowed on the app and are helpful when you get a new phone and want to keep your previous chats.

The reason why youd want to disable cloud backups either on Google Drive on Android or Apple iCloud on iPhones is that these cloud services can handover your data when law enforcement request for it.

Its unclear if WhatsApp informs a user when their account is being searched its parent company Facebook lets know their account is being searched unless when theyre ordered not to.

These backups arent encrypted very well and thus your messages can easily be read.

There is no middle ground: if law enforcement is allowed to circumvent encryption, then anybody can, said Amnesty International in an open letter to Facebook.

Its worth noting that WhatsApp doesnt have open law enforcement guidelines like Facebook. WhatsApp can be ordered to install a pen device that provides metadata which WhatsApps encryption doesnt keep private. Other pen registers can collect more information such as device identifiers and IP addresses.

The metadata WhatsApp collects is enough to help federal agencies figure out the behavior of a person of interest.

Signal doesnt store any such metadata however, contact numbers are shared with Signal servers. Signal then uses hash encryption algorithms to bruteforce these hashes.

The best practise is to purge this information(metadata),said Neema Singh Guliani, legislative counsel with the American Civil Liberties Union (ACLU).

Early this year, it was revealed that WhatsApp was working on password protected backups.

Two-factor authentication is a very important feature that you should not only enable on WhatsApp but also on all your online accounts.

You can either choose text based, app based or hardware based(physical security key) 2FA methods.

SMS based is easiest to setup and more adaptable for most users.

Each time you want to verify your phone number on WhatsApp, youll be required to create a six-digit pin created with two-step verification on the app.

Simply, open WhatsApp then head to Settings>Account>Two-step verification>Enable.

You can then opt to add your email address so that WhatsApp sends you link via email to disable two step verificatuon in case you forget your PIN.

Once setup, WhatsAp will irregularly prompting you to reenter the PIN. These prompts will come in handy especially if another perosn is trying to add your number to a new device without your knowledge.

One of the first steps is to disable read receipts. Heres a handy guide on how to do that for WhatsApp and other social media apps.

Control who adds you to Groups by heading to Settings > Account & Privacy > Groups and then opt out of the Everyone option which has been enabled by default to either All of your Contacts or All of your contacts except the people youve blocked.

This ensures that people who want to add you to groups randomly will have to send you a text message for your consent.

You can also limit who sees your profile photo, about section, last seen, live location and the about section too.

Another step you can take is disable notifications for both that appear on the lockscreen or the notification shade so nobody reads the message preview without having to open the phone or the app itself.

Heres a step by step guide on how to do that.

You should do this on per app basis and not just WhatsApp only.

Heres how to protect your privacy and stay secure on:

See original here:
WhatsApp: How to Protect Your Privacy and Stay Secure on the Popular Chat App - Techweez

Photo: Lionel Bonaventure (Getty Images)

Among the sprawl of properties in the Facebook family, WhatsApps perhaps the only one thats preached preserving user privacy and actually followed through. But that hasnt stopped bad actors from finding new ways to spy and snoop without the platformsor any userssay-so.

As a new investigation from Business Insider details, apps promising to probe the platformand its usersfor sometimes sensitive intel have come cropping up across the Apple and Android ecosystems. And while this might not be a great look for a trio of companies that have spent the past year trying to one-up their promises to protect their users privacy, none of them appear too motivated to snuff out this new form of stalkerware.

Its worth clarifying here that these apps arent magic. WhatsApps spent the past six years staunchly setting end-to-end encryption as the default for all messages sent over its pipes. And save for the occasional oopsie, that encryption does its job, which means that no third party is going to decipher the messages or pictures being sent back and forth over the platform unless they can actually get their hands on your physical device and pump it full of malware.

Instead, these stalkerware services seem to rely on the one public-facing bit of user information that WhatsApp actually allows to be accessed: an innocuous widget that notifies users when someone is on the app or off. Its a ho-hum piece of data thats typically used to know, say, whether your uncle overseas is around for a call. But data, even tiny breadcrumbs like this, never exists in a vacuum, which is why its a disappointing inevitability that something so simple could be used for tracking something like when your ex-girlfriend is sleeping.

The way this sort of sorta-stalkerware operates is pretty simple. A person just downloads one of these apps and plugs in the phone number of the other person theyre looking to track, and then that phone is monitored round the clock for any online or offline signals. Over the next few days, weeks, or months, this builds up a pretty good picture of the targets typical schedulewhen theyre waking up, when theyre sleeping, and when theyre most likely to be hanging out in-app. Some of the apps Business Insider dug up bragged about the ability to track whether or not two contacts were likely to be talking to each other at any given time, based on how often theyre online simultaneously. Naturally, this all happens without that targets consent.

G/O Media may get a commission

The efficacy of these apps is questionable, given that this single bit of Whatsapp data is binary: either the app is open or not, theres not idle state. People who choose to leave Whatsapp open while not actively texting or calling are, in a way, foiling this script kiddie-level stalkerware by transmitting functionally incorrect data. Still, the fact that anyone would want to snoop on strangers this way and that a willing network of enablers would build the tools to let them, regardless of the validity of their findings isto use the technical termfucking gross.

Some of these apps sneak manage to slide by under the guise of being handy tools to monitor whether your kids are getting up to some funny business when theyre not supposed to be, while others are more upfront about exactly how slimy they are. One of the webpages for the programs that Gizmodo found pitches itself as a way for parents to get notifications about their kids whereabouts even if they block you, while elsewhere describing how the same could be done for your friends, lover, [or] wife. Another app found in the initial report is even more explicit about what its there to snoop on:

Something is up. Maybe your significant other keeps texting under the covers late at night or taking suspicious trips to the bathroom at all hours with their phone in their hand. Maybe one of your employees is acting strangely every time you catch them sending a Whatsapp message during work hours, and you want to know what it is theyre sending. Or perhaps its even your teenager, who has been refusing to tell you who theyve been sending messages to in the dead of night and why theyre staying out so late after school. Either way, something isnt right, and you know it.

WhatsApp reps told Business Insider that the platforms terms bar this sort of tampering outright, and that the company [requests] that app stores remove apps that abuse our brand and violate those terms in the process. They also confirmed that disabling the online notification for a given user is functionally impossiblemeaning that theyre offering little protection beyond this sort of verboten tampering beyond politely asking Apple and Google to knock it off.

Meanwhile, both app store companies are stuck in a game of whack-a-mole with these programs as they arise. Thus far, it looks like theyre each doing a fairly shitty job: while Google does take its policies prohibiting ads or promotions for spyware pretty seriously, those policies are lackluster at best, with the latest update explicitly allowing this sort of tech if it was marketed to parents, rather than jealous exes. Apples own policies touch on malware, but not spyware, which means these apps are also free to proliferate across that ecosystem.

In other words, it seems like all of these companies have regarded this gross invasion of privacy as something thats either entirely kosher, or just not their problem to solve. Were reached out to Whatsapp, Apple, and Google for comment and will update if we hear back.

Read the original here:
WhatsApp's Encryption Hasn't Kept It Safe From Stalkerware - Gizmodo

The big news this week is the huge flaw in Microsofts Active Directory, CVE-2020-1472 (whitepaper). Netlogon is a part of the Windows domain scheme, and is used to authenticate users without actually sending passwords over the network. Modern versions of Windows use AES-CFB8 as the cryptographic engine that powers Netlogon authentication. This peculiar mode of AES takes an initialization vector (IV) along with the key and plaintext. The weakness here is that the Microsoft implementation sets the IV to all zeros.

Its worth taking a moment to cover why IVs exist, and why they are important. The basic AES encryption process has two inputs: a 128 bit (16 byte) plaintext, and a 128, 192, or 256 bit key. The same plaintext and key will result in the same ciphertext output every time. Encrypting more that 128 bits of data with this naive approach will quickly reveal a problem Its possible to find patterns in the output. Even worse, a clever examination of the patterns could build a decoding book. Those 16 byte patterns that occur most often would be guessed first. It would be like a giant crossword puzzle, trying to fill in the gaps.

This problem predates AES by many years, and thankfully a good solution has been around for a long time, too. Cipher Block Chaining (CBC) takes the ciphertext output of each block and mixes it (XOR) with the plaintext input of the next block before encrypting. This technique ensures the output blocks dont correlate even when the plaintext is the same. The downside is that if one block is lost, the entire rest of the data cannot be decrypted Update: [dondarioyucatade] pointed out in the comments that its just the next block that is lost, not the entire stream. You may ask, what is mixed with the plaintext for the first block? There is no previous block to pull from, so what data is used to initialize the process? Yes, the name gives it away. This is an initialization vector: data used to build the initial state of a crypto scheme. Generally speaking, an IV is not secret, but it should be randomized. In the case of CBC, a non-random IV value like all zeros doesnt entirely break the encryption scheme, but could lead to weaknesses.

Netlogon, on the other hand, uses a Cipher FeedBack (CFB8) mode of AES. This mode takes a 16 byte IV, and prepends that value to the data to be encrypted. The basic AES operation is performed on the first 16 bytes of this message (just the IV). The first byte of the output is XORd with the 17th byte of the combined string, and then the 16 byte window slides one byte to the right. When the last byte of the plaintext message has been XORed, the IV is dropped and the process is finished. The peculiar construction of AES-CFB8 means that a random IV is much more important to strong encryption.

Remember the actual flaw? Microsofts implementation sets that IV value as all zeros. The encryption key is generated from the password, but the plaintext to be encrypted can be specified by the attacker. Its fairly simple to manipulate the situation such that the entire IV + Plaintext string consists of zeros. In this state, 1-in-256 keys will result in an all-zero ciphertext. Put another way, the 128-bit security of AES is reduced to 8-bit. Within just a handful of guesses, an attacker can use Netlogon to authenticate as any user.

Microsoft has patched the issue in their August security updates. While its true that exploiting this issue does require a toehold in a network, the exploitation is simple and proof of concept code is already available. This is definitely an issue to go patch right away.

Via Ars Technica

Few security truisms are as universal as Enable two factor authentication. There is a slight gotcha there. 2FA adds an extra attack surface. Palo Alto found this out the hard way with their PAN-OS systems. With 2FA or the captive portal enabled, its possible to exploit a buffer overflow and execute code as root. Because the interface to be exploited is often exposed to the public, this vulnerability scored a 9.8 critical rating.

Magento is an e-commerce platform, owned by Adobe since 2018. To put that more simply, its a shopping cart system for websites. In the last few days, it seems that nearly 2,000 Magento v1 instances were compromised, with a digital skimmer installed on those sites. The rapid exploitation would suggest that someone had a database of Magento powered sites, and acquired a zero-day exploit that could be automated.

Its been the fodder of pundits and politicians for years now, to talk about hacking elections, particularly by a particularly large country in northern Asia. Be it bravery or foolishness, were actually going to take a brief look at some real stories of political hacking.

First up, A trio of Dutch hackers managed to break into Donald Trumps twitter account back in 2016, just before the election. How? The same story were all familiar with: password re-use and a LinkedIn database dump. Fun fact, Donald Trumps favorite password was yourefired.

A successful break-in is often accompanied by a moment of terror. Did I do everything right, or am I going to jail for this? Its not an unfounded fear. Breaking into a corporation is one thing, but what happens to the guys that hacked the president of the US? The moment their long-shot attempts paid off, they went into defensive mode, and documented everything. Once they had their documentation safely secured, an email was sent off to USCERT (United States Computer Emergency Readiness Team) informing them of what was found. Our Dutch friends havent been arrested or disappeared, so it seems their responsible disclosure was well received.

In a similar story, a former Australian prime minister posted a picture online containing his boarding pass, and a resourceful researcher managed to use that information to recover his passport and telephone number. Did you know that a boarding pass is considered sensitive information? To authenticate with an airline, all that is needed is a last name and matching booking reference number. This gets you access to a very uninteresting page, but when you have access to 1337 hackor tools (like Google Chromes page inspector), the sky is the limit. Apparently the Qantas website backend was sending everything in the database about the given customer, and only a few bits of that information was being shown to the user. Far more information was just waiting to be sniffed out.

The whole story is a trip, and ends with a phone call with the politician in question. Go read it, you wont regret it.

[Dr. Neal Krawetz] runs a TOR hidden service, and found himself the victim of a DDoS attack over the TOR network. He called up a friend who did network security professionally, and asked for help. After reading out half of the public IP address where the hosting server lived, his friend told him the rest of the address. Lets think through that process. Hidden TOR service under attack, someone with access to a big enough Network Operations Center (NOC) can tell what the Public IP address of that service is. This is a fundamental break in TORs purpose.

In retrospect, its pretty obvious that if you can watch traffic on a large chunk of the internet, or enough of the TOR nodes, you can figure out what service is running where. The surprise is how small the percentage needs to be, and that there are already companies (and certainly three-letter agencies) that casually have the capability to make those connections. [Krawetz] calls these flaws 0-days, which is technically correct, because there are no real mitigations in place to protect against them. Really, it should serve as a reminder of the limitations of the TOR model.

Read the rest here:
This Week In Security: AD Has Fallen, Two Factor Flaws, And Hacking Politicians - Hackaday

Global Data Encryption Market is enduring an exacting period with its robust growth coming to an abrupt halt in light of the COVID-19 pandemic. MRFR report on Data Encryption Industry highlights the future prediction and the growth alternatives that can be created

The global data encryption market is expected to exhibit strong growth over the forecast period till 2023, according to the latest research report from Market Research Future (MRFR). The report presents a detailed overview of the global data encryption market by profiling the historical data about the market and providing detailed forecasts regarding the markets likely growth trajectory over the forecast period. Primary as well as secondary data about the market is presented in full detail in the report. Future forecasts for every aspect of the global data encryption market are presented in detail in the report. Leading players in the global data encryption market are also profiled in detail in the report. The report also profiles the impact of the global COVID-19 pandemic on the global data encryption market.

Leading Players in Global Data Encryption Market Include:

FireEye Inc., Vormetric Inc., Gemalto, Netapp Inc., Oracle Corporation, Intel Security, HP, Symantec Corporation, Microsoft Corporation, and IBM Corporation.

Covid19 Pandemic Crisis on Data Encryption Market with Complete Table of Content and Free Sample at:

https://www.marketresearchfuture.com/sample_request/1733

Data encryption is the process of converting data from a readable format to an encoded format which can only be deciphered with a decryption key. Data encryption protects the data in a fairly simple manner and provides data security for data transferred over networks. The growing threat of data breaches and cyber attacks in the modern world has been the major driver for the global data encryption market over the last few years. Thousands of organizations across various sectors have been attacked digitally over the last few years, with the complexity of cyber attacks increasing over time. With increasing refinement in cyber protection tools, cyber attackers have improved their sophistication, with increasingly sophisticated cyber attack tools being used to breach networks and gain confidential information. This has led to a growing demand for data encryption protocols over the last few years.

The BFSI sector has emerged as a major end user of data encryption tools over the last few years. The increasing adoption of online and mobile banking has led to a growing demand for data security tools in the BFSI sector. The convenience of online and mobile banking comes at the price of the online information being prone to attacks from cyber attacks. This has led to a growing demand for data encryption technology from the BFSI sector. The increasing complexity of online and mobile banking operations has made data encryption technology a must-have for BFSI entities. This is likely to remain a major driver for the global data encryption market over the forecast period. The defense sector has also been a major end user of data encryption technology over the last few years.

Segmentation:

The global data encryption market is segmented on the basis of method, deployment, organization size, end user, and region.

By method, the global data encryption market is segmented into symmetric and asymmetric. Symmetric data encryption uses the same key to encrypt and decrypt the data, whereas asymmetric data encryption uses a different key to decrypt the data. This makes asymmetric data encryption more secure than symmetric data encryption.

By deployment, the global data encryption market is segmented into cloud and on-premise. The demand for cloud data encryption technology is increasing due to the increasing usage of cloud architecture for data storage in the commercial sector.

By organization size, the global data encryption market is segmented into large organizations, and small and midsized organizations.

By end user, the global data encryption market is segmented into government, BFSI, healthcare, manufacturing, automotive, IT and telecom, aerospace and defense, and others.

Regional Analysis:

North America is likely to dominate the global data encryption market over the forecast period due to the presence of several leading players in the region. Awareness about data security protocols is also high in the region, leading to a growing demand for data encryption technology.

Asia Pacific is expected to exhibit the highest growth rate over the forecast period.

Table of Content:

1 Executive Summary

.

.

.

4 Market Landscape

4.1 Porters Five Forces Analysis

4.1.1 Threat Of New Entrants

4.1.2 Bargaining Power Of Buyers

4.1.3 Threat Of Substitutes

4.1.4 Rivalry

4.1.5 Bargaining Power Of Suppliers

4.2 Value Chain Of Global Data Encryption Market

5 Market Overview Of Global Data Encryption Market

5.1 Introduction

5.2 Growth Drivers

5.3 Impact Analysis

5.4 Market Challenges

6 Market Trends

6.1 Introduction

6.2 Growth Trends

6.3 Impact Analysis

Continued.

Browse More Details on Report at:

https://www.marketresearchfuture.com/reports/data-encryption-market-1733

About Market Research Future:

AtMarket Research Future (MRFR), we enable our customers to unravel the complexity of various industries through our Cooked Research Report (CRR), Half-Cooked Research Reports (HCRR), Raw Research Reports (3R), Continuous-Feed Research (CFR), and Market Research & Consulting Services.

MRFR team have supreme objective to provide the optimum quality market research and intelligence services to our clients.

Media ContactCompany Name: Market Research FutureContact Person: Abhishek SawantEmail: Send EmailPhone: +1 646 845 9312Address:Market Research Future Office No. 528, Amanora Chambers Magarpatta Road, HadapsarCity: PuneState: MaharashtraCountry: IndiaWebsite: https://www.marketresearchfuture.com/reports/data-encryption-market-1733

Read the rest here:
Data Encryption Market 2020| Opportunity Assessments, Covid-19 Analysis, Growth Opportunities, Business Trends, Key Players Overview, Industry Size,...

Unstoppable Domains co-founder Bradley Kam believes that neither the anti-encryption bills nor the technology giants present a real threat to the future of the Internet. In his opinion, both, the governments and the giant platforms are helping to usher the era of the decentralized web, he told Cointelegraph:

Technology platforms like Facebook and Twitter have been criticized simultaneously for censorship and not enough censorship. Kam said that the decentralized web will be able to solve both issues. In his opinion, in the future, there will be dozens of DApps like Facebook, which will compete with each other. One of the differentiation points between them will be the different ways they will be handling freedom of speech:

He thinks this may lead to chaos, but it is essential to securing the future of freedom of speech:

However, one thing to consider is that one of the reasons why Facebook, Twitter, Instagram, Google have become, in essence, monopolists network effect. The more people were joining those platforms, the more useful they were becoming. A new social network similar to Facebook with better technology cannot compete with the original because no matter what incredible features it would offer if no one is using it, it is useless. That is why decentralized clones like Steem have struggled mightily to escape the confines of the crypto ghetto. Thus, in order for those 40 Facebooks to dethrone the original, at the very least, they would have to be interoperable.

Recently, Unstoppable Domains has introduced a few new features like dChat and Unstoppable email.

See original here:
Unstoppable Domains co-founder had this to say about Facebook and the future of free speech - Cointelegraph

September16, 20206 min read

Opinions expressed by Entrepreneur contributors are their own.

In the past few months, amassive change in working dynamics has fueled an uptick in a kind of infection that's not constantly in the newsthe type that affects computers.Malware attacks, phishing attemptsand other types of cyber crime are reaching record heights in 2020. Unfortunately, these latest developments are only the tip of the iceberg, as the rapid expansion of digitalization has already radically increased the exposure to virtual threats in the past few years.

As a consequence, more than 70 percent of in-house cybersecurity managers plan to request a significant budget increase during the next year. Therefore, its about time to take a look at the driving forces behind the need for IT security solutions in the current decade.

Although working from home has helped stem the spread of the coronavirus, computer virus infections are now on the rise as opportunistic hackers and cyber criminals look to take advantage of the situation to fill their pockets. As a result, the number of malware and ransomware attacks spiked by 25 percent between Q4 2019 and Q1 2020 as a wave ofattacks hit a range of victims.

Related: Cyber Threats On the Rise Amid Outbreak

Criminals are increasingly incorporating coronavirus themes into their attacks, using lures about vaccine information, masksand short-supply items to help snare victims. According to KPMG, a large chunk of these attacks are financial scams that promise government assistance or payment but actually intend to scam the victim out of their personal information and/or money.

It isnt just ransomware attacks on the rise either. There has been a stark uptick in the number of phishing attacks in recent months, with criminals now posing as trustworthy sources of information, like the World Health Organization (WHO), to trick victims into handing over money usually by offering virus testing kits, critical informationor coronavirus-related investment schemes in return.

Based on data released by the UK tax authority HM Revenue and Customs (HMRC) and reported by ITProPortal, the number of coronavirus-related phishing attacks reached a peak in May more than double that seen the month prior. Phishing attacks also saw one of the worlds most popular social networks, Twitter, suffer a significant breach in July, as over 130 influential accounts were hacked after Twitter's internal systems were compromised.

Related: Top Five Sectors Prone To Cyber Threat Amid COVID-19 Lockdown

As a fallout from the Twitter breach and the general uptick in malware attacks, firms both small and large are now beginning to double-down on IT securityto keep both their employees and customers safe from attacks. Based on the latest forecasts by Gartner, the cloud security market is expected to grow by 33 percent during 2020, while the data security market will grow by 7.2 percent over the same period to become a $2.8 trillion industry.Much of this is owed to institutional security spending.

When GDPR came into force in 2018, it was supposed to be the dawn of a new era of privacy in the European Union and the European Economic Area at least. The recently enforceable piece of legislation severely restricts what data organizations are able to harvest about EU citizens while providing users with more control over their data.

Despite this, the number of data leaks has skyrocketed in 2020, and several massive data breaches have already occurred this year. Back in March, the hotel chain Marriott announced that the private information of over fivemillion of its loyalty program users had been leaked. This is the second time in two years that the hotel chain has suffered from a devastating breach.

In addition, the popular video conferencing app Zoom also suffered from a breach that saw the login credentials and private information from half a million users exfiltrated and advertised for sale on the dark web.

Related: 4 Strategies Small Businesses Can Use To Avoid a Data Breach

Oleksandr Senyuk, who launched a smart yet cloud-free password manager with his company KeyReel, believes that recent trends in corporate culture, such as the use of private rather than corporate phones and use of home offices have dramatically increased security breaches in the business world. Remote access to internal systems from laptops and desktops located in insecure environments pose a serious threat to businesses, regardless of size," he says."The solution is to concentrate around the security of individuals rather than companies.

Senyukurges companies to invest in cybersecurity software solutions and, most importantly, in employee education and annual training. Surprisingly, even employees of large technology powerhouses seem to lack basic IT security skills. Senyuk recounts an embarrassing 2016 incident in which a DropBox employee used the same password for a corporate network account and his personal LinkedIn account, resulting in the theft of north of 60 million user credentials.

Related: How Social Media Jeopardizes Data Security

Overall, as per data from Security Boulevard, 2020 is already well on its way to setting a new record for data breaches, with around 16 billion records already leaked this year. Likewise, according to the 2020 Verizon Data Breach Investigations Report (DBIR), there were at least 3,950 data breaches in 2020 alone, with almost half of these being the result of a hack, while 86 percent were financially motivated.

It isnt just cyber criminals that are targeting peoples data either. With the Eliminating Abusive and Rampant Neglect of Interactive Technologies (EARN IT) act now weaving its way through Congress, it might not be long before anybody who uses encryption-based communication services could be eavesdropped on by the U.S. government, because companies would be forced to weaken their encryption and essentially provide the government with a backdoor to user data.

Related: 4 Ways Businesses and Consumers Can Take Back Their Data in 2019

"Many governments are working towards banning or weakening end-to-end encryption, like the U.S. EARN IT act," Senyuk says."This would allow governments to force any cloud provider to break the system and quietly acquire and monitor data. LavaBit and EncroChat are two examples of direct government involvement in the services of cloud service providers. While many users and companies don't have any major concerns regarding government intervention, security experts warn that weakening encryption would hurt the security of all individuals."

Understandably, the EARN IT act has received significant pushback from the cyber community, prompting an uptick in the use of encrypted messaging apps like status, crypto currencies like Bitcoin (BTC), and Ethereum (ETH), and security tools that prevent eavesdropping and theft.

With similar efforts to undermine encryption now underway in several countries, and the "Five Eyes" security alliance now looking to implement backdoors in popular apps, privacy is a bigger concern than ever before.

Read the original post:
Why IT Security Will be a Prime Concern for Businesses in the Next Decade - Entrepreneur