from the don't-let-them dept

Senator Lindsey Graham very badly wants to push the extremely dangerous EARN IT Act across the finish line. He's up for re-election this fall, and wants to burnish his "I took on big tech" creds, and sees EARN IT as his path to grandstanding glory. Never mind the damage it will do to basically every one. While the bill was radically changed via his manager's amendment last month, it's still an utter disaster that puts basically everything we hold dear about the internet at risk. It will allow for some attacks on encryption and (somewhat bizarrely) will push other services to more fully encrypt. For those that don't do that, there will still be new limitations on Section 230 protections and, very dangerously, it will create strong incentives for internet companies to collect more personal information about every one of their users to make sure they're complying with the law.

It's a weird way to "attack" the power of big tech by forcing them to collect and store more of your private info. But, hey, it's not about what's actually in the bill. It's about whatever bullshit narrative Graham and others know the press will say is in the bill.

Either way, we've heard that Graham and his bi-partisan supporter for EARN IT, Senator Richard Blumenthal, are looking to rush EARN IT through with no debate, via a process known as hotlining. Basically, it's a way to try to get around any floor debate, by asking every Senator's office (by email, apparently!) if they would object to a call for unanimous consent. If no Senator objects, then they basically know they can skip debate and get the bill approved. If Senators object, then (behind the scenes) others can start to lean on (or horse trade) with the Senators to get the objections to go away without it all having to happen on the floor of the Senate. In other words, Graham and Blumenthal are recognizing that they probably can't "earn" the EARN IT Act if it has to go through the official process to have it debated and voted on on the floor, and instead are looking to sneak it through when no one's looking.

While Senator Wyden (once again) has said he'll do whatever he can to to block this, it would help if other Senators would stand up as well. Here's what Wyden had to say about it:

The EARN IT Act will not protect children. It will not stop thespread of child sexual abuse material, nor target the monsters whoproduce and share it, and it will not help the victims of these evilcrimes. What it will do is threaten the free speech, privacy, andsecurity of every single American. This is because, at its core, theamended EARN IT Act magnifies the failures of the Stop Enabling SexTraffickers Act--SESTA--and its House companion, the Fight Online SexTrafficking Act--FOSTA. Experts believe that SESTA/FOSTA has donenothing to help victims or stop sex trafficking, while creatingcollateral damage for marginalized communities and the speech of allAmericans. A lawsuit challenging the constitutionality of FOSTA onFirst Amendment grounds is proceeding through the courts, and there isbicameral Federal legislation to study the widespread negative impactsof the bill on marginalized groups.

Yet, the authors of the EARN IT Act decided to take this kind ofcarveout and expand it further to State civil and criminal statutes. Byallowing any individual State to set laws for internet content, thisbill would create massive uncertainty, both for strong encryption andconstitutionally protected speech online. What is worse, the flood ofState laws that could potentially arise under the EARN IT Act raisesstrong Fourth Amendment concerns, meaning that any CSAM evidencecollected could be rendered inadmissible in court and accused CSAMoffenders could get off scot-free. This is not a risk that I am willingto take.

Let me be clear: The proliferation of these heinous crimes againstchildren is a serious problem. However, for these reasons and more, theEARN IT Act is not the solution. Moreover, it ignores what Congress canand should be doing to combat this heinous crime. The U.S. has a numberof important evidence-based programs in existence that are proven tokeep kids safe, and they are in desperate need of funding to do theirgood work. Yet the EARN IT Act doesn't include a single dollar offunding for these important programs. It is time for the U.S.Government to spend the funds necessary to save children's lives now.

While a Wyden hold would block any attempt to get unanimous consent via the hotlining process, it would help quite a lot if other Senators were willing to speak up and stand with him as well. If it's just Wyden, then he'll face tremendous pressure to remove the hold. If more Senators join Wyden in saying this isn't okay, then Graham and Blumenthal will realize they have a bigger challenge in front of them.

Again, if you haven't been following this debate closely, everything that Wyden says above is accurate. EARN IT is an attack on both free speech and privacy (a twofer) without doing anything to actually deal with the problem of child sexual abuse material online. That is very much a law enforcement issue, and it's one which Congress has failed to provide the funds to law enforcement that it promised on this issue, and (even worse) the DOJ has simply ignored its requirement mandates to deal with this issue as required by Congress. The DOJ seems more focused on attacking tech companies and blaming them for its own failure to do its job.

The EARN IT Act is an incredibly dangerous piece of legislation, but it's also a complicated one -- one that many people don't understand. But Senators see something that says "protect the children" and they immediately think "well, of course we support that." But this bill doesn't protect children. It attacks free speech and privacy online in very insidious ways. Please call your Senators and ask them not to let this through.

Filed Under: debate, earn it, earn it act, encryption, free speech, lindsey graham, privacy, richard blumenthal, section 230, senate

Read this article:
Senators Graham And Blumenthal Can't Even 'Earn' The EARN IT Act: Looking To Sneak Vote Through Without Debate - Techdirt

Mobile Encryption Market report tracks the data since 2015 and is one of the most detailed reports. It also contains data varying according to region and country. The insights in the report are easy to understand and include pictorial representations.

Get Free Sample PDF Copy of Mobile Encryption Market with Figures, Graphs and Tocs:www.reportsnreports.com/contactme=2846113

The report also includes the impact of ongoing global crisis i.e.COVID-19on the Mobile Encryption Market and what the future holds for it.

The published report is designed using a vigorous and thorough research methodology andReportsnReportsis also known for its data accuracy and granular market reports.

Summary

Market OverviewThe global Mobile Encryption market size is expected to gain market growth in the forecast period of 2020 to 2025, with a CAGR of 17.7% in the forecast period of 2020 to 2025 and will expected to reach USD 2698.6 million by 2025, from USD 1405.9 million in 2019.The Mobile Encryption market report provides a detailed analysis of global market size, regional and country-level market size, segmentation market growth, market share, competitive Landscape, sales analysis, impact of domestic and global market players, value chain optimization, trade regulations, recent developments, opportunities analysis, strategic market growth analysis, product launches, area marketplace expanding, and technological innovations.

Market segmentationMobile Encryption market is split by Type and by Application. For the period 2015-2025, the growth among segments provide accurate calculations and forecasts for sales by Type and by Application in terms of volume and value.

This analysis can help you expand your business by targeting qualified niche markets.By Type, Mobile Encryption market has been segmented into Disk Encryption, File/Folder Encryption, Communication Encryption, Cloud Encryption, Other,.By Application, Mobile Encryption has been segmented into BFSI, Healthcare & Retail, Government and Public Sector, Telecommunications and IT, Other,.

Regions and Countries Level AnalysisRegional analysis is another highly comprehensive part of the research and analysis study of the global Mobile Encryption market presented in the report. This section sheds light on the sales growth of different regional and country-level Mobile Encryption markets.

For the historical and forecast period 2015 to 2025, it provides detailed and accurate country-wise volume analysis and region-wise market size analysis of the global Mobile Encryption market.The report offers in-depth assessment of the growth and other aspects of the Mobile Encryption market in important countries (regions), including United States, Canada, Mexico, Germany, France, United Kingdom, Russia, Italy, China, Japan, Korea, India, Southeast Asia, Australia, Brazil and Saudi Arabia,. It also throws light on the progress of key regional Mobile Encryption markets such as North America, Europe, Asia-Pacific, South America and Middle East & Africa.

Competitive Landscape and Mobile Encryption Market Share AnalysisMobile Encryption competitive landscape provides details by vendors, including company overview, company total revenue (financials), market potential, global presence, Mobile Encryption sales and revenue generated, market share, price, production sites and facilities, SWOT analysis, product launch. For the period 2015-2020, this study provides the Mobile Encryption sales, revenue and market share for each player covered in this report.The major players covered in Mobile Encryption are: McAfee(Intel Corporation), Dell, ESET, Blackberry, Check Point Software Technologies, Ltd., T-Systems International, Mobileiron, Symantec Corp, Sophos, IBM, Silent Circle, BeiJing Zhiyou Wangan Tech. Co. Ltd, Adeya SA, Proofpoint, Inc., CSG,Inc., Hewlett Packard Enterprise,.

Among other players domestic and global, Mobile Encryption market share data is available for global, North America, Europe, Asia-Pacific, Middle East & Africa and South America separately. Global Info Research analysts understand competitive strengths and provide competitive analysis for each competitor separately.

Enquire for More Information Mobile Encryption Market:www.reportsnreports.com/contactme=2846113

The global Mobile Encryption Market is expected to witness a promising growth in the next few years. The rising level of competition among the leading players and the rising focus on the development of new products are likely to offer promising growth opportunities throughout the forecast period.

The research study on the global Mobile Encryption Market offers a detailed overview, highlighting the key aspects that are expected to enhance the growth of the market in the near future. The key segmentation and the competitive landscape of the market have also been mentioned at length in the research study.

This report studies the Mobile Encryption Market status and outlook of Global and major regions, from angles of players, countries, product types and end industries; this report analyzes the top players in global market, and splits the Mobile Encryption Market by product type and applications/end industries. These details further contain a basic summary of the company, merchant profile, and the product range of the company in question.

The report analyzes data regarding the proceeds accrued, product sales, gross margins, price patterns, and news updates relating to the company.

Full Report available @www.reportsnreports.com/purchasme=2846113

The report helps to identify the main Mobile Encryption Market players. It assists in analyzing Mobile Encryption Market competitive environment, including company overview, company total revenue, market opportunities, value, production sites and facilities, SWOT analysis, product details.

The study also reveals the sales, revenue and market share for each market player included in this report for the period of 2015-2020. It also helps to ascertain the growth drivers and future prospects for the forecast timeline.

Conclusively, this report is a one stop reference point for the industrial stakeholders to get Mobile Encryption Market forecast of till 2025. This report helps to know the estimated market size, market status, future development, growth opportunity, challenges, growth drivers of by analyzing the historical overall data of the considered market segments.

This email address is being protected from spambots. You need JavaScript enabled to view it.

The rest is here:
Mobile Encryption Market Various Important Aspects of COVID 19 outbreak, growth by manufacturers, countries, types and application, end users and...

The ' Cloud Encryption Service market' research report is latest addition by Market Study Report, LLC, that elucidates relevant market and competitive insights as well as regional and consumer information. In a nutshell, the research study covers every pivotal aspect of this business sphere that influences the existing trends, profitability position, market share, market size, regional valuation, and business expansion plans of key players in the Cloud Encryption Service market.

The research report on Cloud Encryption Service market exhaustively analyzes this business space with focus on overall renumeration over the assessment period, alongside the detailed scrutiny of various industry segments. The report entails information pertaining to the current position and industry size based on volume. The overview of various drivers, restraints, and opportunities defining the business scenario of Cloud Encryption Service market is presented in the study. It also focuses on insights about the regional outlook of the market, coupled with an elaborate study of companies with prominent stake in the Cloud Encryption Service market.

Request a sample Report of Cloud Encryption Service Market at:https://www.marketstudyreport.com/request-a-sample/2786563?utm_source=groundalert&utm_medium=RV

Unraveling the key pointer from the study of the Cloud Encryption Service market:

A summary of the regional landscape of the Cloud Encryption Service market:

Elaborating on the competitive aspect of the Cloud Encryption Service market:

Ask for Discount on Cloud Encryption Service Market Report at:https://www.marketstudyreport.com/check-for-discount/2786563?utm_source=groundalert&utm_medium=RV

Other inferences which will impact the revenue patterns of the Cloud Encryption Service market:

For More Details On this Report:https://www.marketstudyreport.com/reports/global-cloud-encryption-service-market-size-status-and-forecast-2020-2026

Related Reports:

1. Global Machine Translation Market Size, Status and Forecast 2020-2026Read More: https://www.marketstudyreport.com/reports/global-machine-translation-market-size-status-and-forecast-2020-2026

2. Global Machine Learning Courses Market Size, Status and Forecast 2020-2026Read More: https://www.marketstudyreport.com/reports/global-machine-learning-courses-market-size-status-and-forecast-2020-2026

Contact Us:Corporate Sales,Market Study Report LLCPhone: 1-302-273-0910Toll Free: 1-866-764-2150 Email: [emailprotected]

Read the original here:
Trends of Cloud Encryption Service Market Reviewed for 2020 with Industry Outloo - GroundAlerts.com

Ransomware attacker tactics have shifted sometimes drastically over the past ten months. In order to evade detection by increasingly effective endpoint security, nearly every attack involves a live engagement on the part of one or more attackers, who first surveil and inventory the targets network and then focus their attention on shutting down or disabling various protective layers. These interactive sessions have become de rigeur in virtually all successful attacks against well-defended targets.

Over the same time period, the average ransom demand amounts also increased, and criminals expanded their attack portfolio to include the theft of highly sensitive information stolen from the targets network, usually done at an early phase of the attack. This increases the chances a target would pay a ransom even if they have perfect backups and could restore from those backups immediately.

These two factors the need to evade detection, and the need to strengthen the criminals hand in ransom negotiations have been the dominant factors driving the most dramatic behavior changes, some of which well discuss in this article. They also indicate the increasingly strenuous degree of effort it now requires to pull off a successful attack, a positive sign that the work defenders do has measurable effect on the attackers workloads.

What follows are an unscientifically chosen list of some of those escalations we found most interesting. We think these indicate a level of frustration on the part of the ransomware criminals at their inability to terminate or disable these security controls.

In the fall of 2019, a ransomware named Snatch began doing something we dont normally see happen during ransomware attacks: The infected computers rebooted into Windows Safe Mode, then began encrypting their hard drive.

The trick with Safe Mode in Windows is that it is designed to run with a minimal set of drivers and programs running in order to troubleshoot software problems. Booting into Safe Mode can inhibit endpoint protection, as that protection normally isnt operational in Safe Mode.

There are certain situations where a PC needs a specific driver or file to run, even during Safe Mode, in order to do something critical (for example, have a working display). Snatch unexpectedly took advantage of this intentional feature of Safe Mode. During its infection process, the malware sets the registry keys that need to be there in order to run a particular file in Safe Mode. It plants its payload (the encrypting component), points the registry keys at it, and reboots the machine.

When the computer comes back up in Safe Mode, with the endpoint protection not loaded, the ransomware can launch its encrpytion payload and proceed to seal up key files on the hard drive unimpeded.

Retrospective analysis of attacks by a ransomware known as Robbinhood revealed that the attackers installed an otherwise benign third-party device driver in order to leverage a vulnerability in that driver. The vulnerable driver provided a stepping stone to the rest of the attack.

In the case of the attacks we analyzed, the attackers behind Robbinhood loaded a long-disused motherboard driver digitally signed by Gigabyte, the hardware manufacturer. Recent updates to Windows 10 mean that only these kinds of digitally signed drivers can run under normal circumstances.

The attackers use the Gigabyte driver, ironically, to turn off this feature in Windows that prevents the installation of hardware drivers that havent been cryptographically signed. Gigabyte withdrew the driver from the public several years ago and replaced it with newer software that isnt vulnerable to the same types of abuse. But the Robbinhood operators found a copy and used it anyway.

Once RobbinHood disables this Driver Signature Enforcement feature, the attackers then deliver yet another driver (this one unsigned) to the infected computer. The malware uses this second driver to load itself at an operational level low enough that, the attackers believed, they were able to make an end-run around endpoint protection tools. Using the cover of this driver, the Robbinhood attackers attempted to either terminate or hobble a large number of files and processes associated with a wide variety of security software.

All this effort took place before the ransomware begins encrypting files on the computer.

Several ransomware gangs have begun to leverage their presence on an enterprise network to steal sensitive corporate data at an early stage of the attack. Later, the attackers extort the victims with the threat of releasing of this stolen information to the public. Maze, REvil/sodinokibi, and Lockbit ransomware all engage in this secondary method of victimizing their targets.

As novel ransomware tends to appear at a regular pace, weve observed that most ransomware creators who launch a new ransomware family go through a similar set of growth stages over the first 6-9 months of operation, slowly escalating the feature set to incorporate a variety of techniques the attackers use to establish their persistence and move undetected within the network. Extortion is just the latest additional behavior we see from the more mature ransomware families.

Lockbit further thwarts analysis by not only deleting its own executable binaries, but also overwriting the space occupied by those files on the hard drive so they arent recoverable using data recovery software. It also had a long list of software it tries to terminate, including some programs with no security function: The malware simply wanted to make sure these programs were closed so any open documents could be overwritten more effectively during the encryption phase.

One ransomware evasion technique that really stood out was attempted by Ragnar Locker: The malware could not perform its encryption while Intercept X was loaded, so the attackers built a headless Windows image for a VirtualBox hypervisor, and put the VM on every box they wanted to attack.

It was a devious ploy, since it appeared that any actions taken by the ransomware running inside the guest operating system had been taken by the process running the hypervisor. Since this is a trusted application, endpoint protection didnt immediately kick in when the attackers executed all their commands from inside the VM guest.

The virtual machine was comparatively huge, with an installer of more than 122MB, given that ransomware binaries arent usually more than a few MB in size. This was a real chonk. The attackers bundled an installer for an old copy of VirtualBox and the guest operating system disk image into an MSI file then tried to download a copy and launch it on every infected endpoint.

Only when the virtual environment was set up did the malware begin attempting to prepare its environment and then begin encrypting the hard drive. Initially, it appeared that the trusted VirtualBox process was the origin of the ransomwares file encrypting behavior on the host computer, which was confusing for a number of reasons.

Discovering the malware repository used by the attackers behind the Netwalker ransomware gave us a lot of insight into the planning and technique required to carry out an attack. One thing it revealed was just how many free or open source tools the attackers needed to use throughout the attack.

The attackers library contained a comprehensive set of tools used to perform reconnaissance on targeted networks; privilege-elevation and other exploits against Windows computers; and utilities that can steal, sniff, or brute-force their way to valuable information (including Mimikatz, and variants called Mimidogz and Mimikittenz, designed around avoiding detection by endpoint security) from a machine or network.

We also found a nearly complete set of the Microsoft SysInternals PsTools package, a copy of NLBrute (which attempts to brute-force passwords), installers for the commercial TeamViewer and AnyDesk remote support tools, and a number of utilities created by endpoint security vendors that are designed to remove their (and other companies) endpoint security and antivirus tools from a computer.

Once inside the network of their target, the attackers apparently use the SoftPerfect Network Scanner to identify and create target lists of computers with open SMB ports, and subsequently may have used Mimikatz, Mimidogz, or Mimikittenz to obtain credentials.

The files we recovered also revealed their preferred collection of exploits. Among them, we found variations on theEternalDarkness SMBv3 exploit (CVE-2020-0796), aCVE-2019-1458 local privilege exploit against Windows, theCVE-2017-0213 Windows COMprivilege escalation exploit published on the Google Security Github account, and theCVE-2015-1701 RussianDollprivilege escalation exploit.

This years outbreaks of the WastedLocker ransomware brought attention to this newcomer. The malware has already been implicated in some serious attacks, including against GPS device manufacturer Garmin, who reportedly paid a hefty ransom in order to re-enable business operations. WastedLocker has taken a different approach to the ransomware detection-evasion playbook by performing most of its malicious operations within volatile system memory. The technique is called memory mapped I/O.

This behavior has some benefits. With traditional ransomware, the malwares behavior is observable because a binary executable makes a large number of file reads and writes as it encrypts the victims important data. Behavioral detection engines that look for this type of unusual activity would otherwise alert the user and/or halted the operation, limiting the damage. Because WastedLocker reduces the number of detectable reads and writes by a significant percentage, it may fall below the thresholds that govern suspicious activity in some behavioral detection rules.

In addition, WastedLocker takes advantage of an unintended consequence of how Windows manages memory, using a component called the Cache Manager. The Cache Manager is a kernel component that sits between the file system and the Memory Manager. The Memory Manager keeps an eye on memory that has been modified (known as dirty pages).

If a process encrypts the mapped memory, the Memory Manager knows which pages need to be written back to disk. This writing is done by the Cache Managers Lazy Writer component; Dirty pages are allowed to accumulate for a short time, and are then flushed to disk all at once, reducing the overall number of disk I/O operations.

As a secondary unintended consequence of this, the writing of the modified files from their dirty pages back to the filesystem is done in the context of the system (PID 4), rather than the ransomware process, which then further complicates behavioral detection. After all, nobody wants to cause a victims computer to crash because an antimalware utility decided that the operating system itself was harming the computer. This technique also can hamstring less well qualified behavioral detection.

Prevention is the best defense

With all of these innovations in such a short period of time, its not hard to see why ransomware has been going through a renaissance. At the root of many, if not most, ransomware infections is the core issue that plagues so many organizations: A lack of due diligence and effort made towards reducing the attack surface available to malware. Weve summed up many of these in the related article Ransomware attacks from the victims perspective.

If you work in IT security, your organization is relying on you to close the most obvious loopholes and back doors into the network. Basic PC hygiene, including installing all the latest patches, shutting down Remote Desktop entirely (or putting it behind a VPN), and applying multifactor authentication to services hosting the most sensitive data in the organization are just some of these fundamental steps you can take to protect yourself and your network today. If endpoint protection tools are the metaphorical net below the High Wire Act, applying patches and shutting down unnecessary holes in the firewall are the daily practice routines that will keep you out of the net when it matters most.

View post:
The realities of ransomware: The evasion arms race - Naked Security

The importance of hardware security is ever-growing, and designers are continually developing new ways to implement such measures. What is on-the-fly RAM encryption, and what problems can it solve?

For the longest time, attacks on devices often came from a software point of view whereby an attacker would use code exploits, or bugs in an OS to gain access to sensitive data. While hardware attacks have existed for as long as hardware has been around, they were far rarer than their software counterparts. A classic example of a simple hardware attack on older Windows machines is when an attacker can reboot the machine, gain entry into the Windows boot menu, and start-up in an admin account with full privileges. While some may consider this an OS exploit (which it is), it requires access to the physical computer. This type of attack is known as a side-channel attack as it bypasses security measures without needing to interact with them.

However, the increase of IoT devices sees a whole new range of hardware attacks thanks to poor design and high payoffs. But hardware attacks are often about gaining entry to protected data or taking control of software via the use of hardware. These types of attacks are particularly difficult to stop as software-based security can do very little against them. Software is not real and cannot affect the world outside it, whereas hardware is real. As a result, designers have begun integrating hardware security into CPUs, SoCs, microcontrollers, and boards to protect devices from hardware attacks.

Read More

The hardware security field is still in its infancy (when compared to software security), but has already made leaps and bounds. The most basic form of hardware security comes in the form of tamper pins which detect when an attacker has attempted to demount an IC. Once identified, a software subroutine can be called, which could be made to wipe all internal data. Another form of hardware security comes in the form of cryptographic accelerators which are special units that perform specialised encryption algorithms. These units are immutable, and as a result, can defend against hardware attacks that may try to monitor buses. But one emerging technology that could see use in the future is the use of on-the-fly RAM encryption. What does this do, and what attacks can it defend against?

Read More

Random Access Memory, or RAM, is an area of memory in a computer that is used to hold temporary data. However, the term temporary is incredibly loose, as RAM is used to keep everything from running programs to sensitive data. Because of this, many CPUs deploy privilege levels that prevent an application from accessing the RAM of other processes. Therefore, an operation launched by an attacker cannot peek into the RAM contents of a bank app and obtain usernames, passwords, and additional personal information. However, RAM is incredibly weak against hardware attacks, and attackers can get around privilege levels using such an attack.

When RAM is turned off, it loses the contents of its memory, but this can take minutes depending on its temperature. To make matters worse, most processors do not wipe RAM when rebooting which means that a computer which is quickly turned off and on forces it to reboot, but preserves the contents of RAM. Therefore, an attacker can reduce the temperature of RAM (using compressed air), increase the longevity of the memory, load a custom OS on a flash drive, and have it dump the contents of RAM (which are now entirely unprotected), and store it into a text file. Since RAM can be used to hold private keys, passwords, and much more, the attacker has a wealth of potentially sensitive information with minimal effort. How can such a system be protected against?

Read More

One method to protect against such an attack is to implement on-the-fly RAM encryption. While this is still incredibly rare in the industry (but does exist), the contents of RAM are encrypted meaning that even if an attacker can dump the contents into a file, the results would be encrypted. Specialised cryptographic accelerators can load bytes from RAM and decode them in real-time for the CPU to read.

The use of memory encryption requires the use of a private key that should change on each boot of the CPU. Storing this key in RAM would be counter-intuitive, which is why such a system could utilise internal registers instead. The advantage of this is that most CPUs reset all their registers when they first boot meaning that an attacker could not retrieve the encryption key used to encrypt the RAM. However, on-the-fly encryption does have its shortfalls; the strong the encryption the longer it takes to read from RAM. This is also problematic for systems needing DMA as all data needs to be encrypted/decrypted before being transferred.

Read More

On-the-fly encryption of RAM could provide future systems with high-degrees of security that not only prevent processes from accessing areas of RAM that they shouldnt but wouldnt even be able to decode the data if they did. However, it may be a form of protection that is far too complex for most applications, including IoT, where price and size are essential.

Read more:
What is On-the-Fly Memory Encryption? - Electropages

Apricorn has released its new Aegis Secure Key 3NXC drive that features robust security, a rugged chassis, and a USB Type-C connector.

The ApricornAegis Secure Key 3NXCdrive, which is fast enough to run an operating system, features its own AES-XTS 256-bit encryption chip as well as a keypad to enter numerical PINs. At present, the storage device isFIPS 140-2 level 3 validation pending and the company expects to get it in Q3 2020.

The USB-C Aegis Secure Key 3NXC drive supports read-only mode for those who need to carry sensitive data and do not need to alter it anyhow as well as a read-write mode for those who may need to change the data on the drive or boot an operating system from it. Since encryption is hardware-based, it is seamless for OS and therefore the Aegis Secure Key 3NXC devices are compatible with virtually all operating systems available today, including Apples MacOS, Googles Android, Microsofts Windows, and even Symbian.

The firmware of the drive is locked down and cannot be altered by malware or exploits (e.g., BadUSB), which means that thedriveitself is secure. Furthermore, the drive has its own battery that charges when it is plugged to a host, so an unlock pin can be entered while the drive is not plugged.

The Aegis Secure Key 3NXC drive comes in an aluminum chassis and is IP68-rated against water and dust. It also comes in an enclosure for extra protection. Measuring 81mm x 18.4mm x 9.5mm, the device weighs 22 grams.

Apricorn, which specializes in hardware-encrypted storage devices, offers multiple versions of its Aegis Secure Key 3NXC drives featuring capacities ranging from 4GB to 128GB. The company does not disclose performance of the storage device and only mentions a 5Gbps theoretical throughput of a USB 3.2 Gen 1 interface, but higher-end Aegis Secure Key 3NXC are probably fast enough to boot an operating system in a reasonable amount of time.

There is one caveat with using Apricorns Aegis Secure Key 3NXC drive as a boot drive. Microsoft recentlycanned Windows To Goin Windows 10 Enterprise and Windows 10 Education (version 2004 and later) that enabled the creation of a Windows To Go workspace that could be booted from a USB drive. To that end, those who would like to use an Aegis Secure Key 3NXC to boot an OS will have to use an outdated version of Windows, or go with a Linux OS.

Apricorns Aegis Secure Key 3NXC drive are available directly from the company. A 4GB model costs $59 or 52.45, whereas a 128GB is priced at $179 or 159.13 depending where are you at. Considering the fact that the devices are aimed at various government and corporate personnel who have access to sensitive data as well as hardware encryption, metallic chassis, and other sophisticated features, prices of these drives look justified.

Source:Apricorn

Go here to see the original:
This hardware-encrypted USB-C drive is rugged, inexpensive, and can run Windows - TechRadar

The news a couple of months ago that Postbank has to replace 12 million bank cards due to a major data breach is an excellent case study in the risks of poor security processes and the reality that the human element remains a weak link in the security chain.

The breach resulted from Postbank's encrypted master key being printed in a plain, unencrypted format at its old data centre in Pretoria, and then being stolen by staff members.

The breach might appear to be a stroke of hacking genius, but, in truth, its just a case of inadequate security practices and seemingly rogue and corrupt individuals who stole the 36-digit (encryption) master key, says Karl Nimmo, CEO and founder of InTouch.

Manual key management is fraught with difficulties, says IT security expert Ian Farquhar, a director of Worldwide Security Architecture Team at Gigamon in Australia. In Postbanks case, its going to cost them far more to fix this than the actual fraud, he adds.

People routinely underestimate the cost of getting key management wrong. Theres another risk involved here, too. Not only financial loss, but poor key management can actually lead to outages that can cost as much if not more than fraud. Hopefully, this will be a wake-up call for other regional banks, so that they can improve their technology and processes around keys.

According to Farquhar, its a credit to the payment card industry that they have, in the vast majority of cases, properly implemented controls around the cryptographic keys used to protect electronic financial transactions (EMV). However, it seems that in the Postbank case, a key was exposed during a data centre migration, and rather than being managed properly, it was seriously mishandled by those involved. This fraud was the result, he says.

Farquhar stresses that most organisations don't rely on EMV keys alone. EMV, which originally stood for Europay, Mastercard, and Visa, is a payment method based upon a technical standard for smart payment cards and for payment terminals and ATMs that are able to accept them.

I was recently speaking to a large international financial organisation that was managing 170 000 different keys. While an extreme example, even small financial institutions will be managing 1 000 or 2 000 keys, far more than can be reliably handled with manual processes.

In the Postbank case, breaking the 36-character key using a brute force hacking technique would be practically impossible, based on the current state of modern supercomputers, adds Nimmo.

The most sophisticated hackers in the world would consider this a non-trivial task with a very low likelihood of success, which is why this breach was not the work of sophisticated attackers, but, rather, the result of bad security practices and dishonestindividuals who had access to the physical systems. This breach is a reminder that hacking isnt always done by someone sitting on the other side of the world, but often employs clever social engineering where the attacker has access to physical devices. The best way to protect against this is to strictly adhere to best security practices and processes.

According to Nimmo, there are several encryption methods to protect data to ensure it remains safe and private to the intended parties, who should have access to the encrypted data.

End-to-end encryption is a robust asymmetric encryption technique for encrypting data where the keys are stored by both the sender and the recipient with public and private keys. This form of encryption puts the key in the hands of the end-user. A breach would require the attacker to breach either the senders or the receiver's device.

The concept of a master key to protect all the other cryptographic keys is another well-known implementation of encryption, adds Nimmo.

Typically, these master keys are very strong and would be nearly impossible to break using even the most powerful supercomputers in existence. Using a master key has the advantage that only one piece of plaintext material needs to be protected and stored.

The flip side of the coin and the inherent disadvantage of this single point of failure is that if this key is breached, then the entire system is breached, as in the case of Postbank.

The good news, says Farquahar, is that there are solutions in this space: hardware security modules (HSMs) for securely storing keys and enterprise key management systems, as well as associated technologies such as enterprise certificate lifecycle management systems.

These all help to secure and automate key management, removing the need for problematic manual processes. Im seeing a lot of organisations, inside as well as outside the financial services industryimplement these. They need to be backed up with strong operational processes supported by standards published by organisations like the ISO and NIST, Farquahar adds.

The Postbank breach is a reminder that information security has many idiosyncratic foibles that do not always rely on a technical solution. It is a collective engagement of technical best practices as well as real-world physical security. `Do not allow your master key to be printed would be a sound security starting point, Nimmo concludes.

Attempts by ITWeb to get further details from Postbank went unanswered.

Read more:
Avoid bad security practices that caused Postbank's breach - ITWeb

Global Network Encryption Market Research Report 2020: COVID-19 Outbreak Impact Analysis

The Network Encryption market research report drafted by Brand Essence Market Research elucidates relevant market and competitive insights as well as regional and consumer information. In a nutshell, the research study covers every pivotal aspect of this business sphere that influences the existing trends, profitability position, market share, market size, regional valuation, and business expansion plans of key players in the Network Encryption market.

Download Premium Sample of the Report: https://brandessenceresearch.biz/Request/Sample?ResearchPostId=166064&RequestType=Sample

Network Encryption Market unveils a succinct analysis of the market size, regional spectrum and revenue forecast about the Network Encryption market. Furthermore, the report points out major challenges and latest growth plans embraced by key manufacturers that constitute the competitive spectrum of this business domain.

Network encryption (sometimes called network layer, or network level encryption) is a network security process that applies crypto services at the network transfer layer above the data link level, but below the application level. The network transfer layers are layers 3 and 4 of the Open Systems Interconnection (OSI) reference model, the layers responsible for connectivity and routing between two end points. Using the existing network services and application software, network encryption is invisible to the end user and operates independently of any other encryption processes used. Data is encrypted only while in transit, existing as plaintext on the originating and receiving hosts.

This report focuses on the global Network Encryption status, future forecast, growth opportunity, key market and key players. The study objectives are to present the Network Encryption development in United States, Europe and China.

The key players covered in this study Cisco Thales Esecurity Atos Juniper Networks Certes Networks Rohde & Schwarz Cybersecurity Adva Gemalto Nokia Colt Technology Services Aruba Huawei Ciena Eci Telecom Senetas Viasat F5 Networks Raytheon Arris Stormshield Atmedia Securosys Packetlight Networks Quantum Corporation Technical Communication Corporation

Market segment by Type, the product can be split into Hardware Platform Services

Market segment by Application, split into Large Enterprises Small and Medium-Sized Enterprises

Network Encryption market report consists of the worlds crucial region market share, size (volume), trends including the product profit, price, value, production, capacity, capability utilization, supply, and demand. Besides, market growth rate, size, and forecasts at the global level have been provided. The geographic areas covered in this report:North America (United States, Canada and Mexico), Europe (Germany, France, UK, Russia and Italy), Asia-Pacific (China, Japan, Korea, India and Southeast Asia), South America (Brazil, Argentina, Colombia etc.), Middle East and Africa (Saudi Arabia, UAE, Egypt, Nigeria and South Africa).

This research study involved the extensive usage of both primary and secondary data sources. The research process involved the study of various factors affecting the industry, including the government policy, market environment, competitive landscape, historical data, present trends in the market, technological innovation, upcoming technologies and the technical progress in related industry, and market risks, opportunities, market barriers and challenges. Top-down and bottom-up approaches are used to validate the global market size market and estimate the market size for manufacturers, regions segments, product segments and applications (end users). All possible factors that influence the markets included in this research study have been accounted for, viewed in extensive detail, verified through primary research, and analyzed to get the final quantitative and qualitative data. The market size for top-level markets and sub-segments is normalized, and the effect of inflation, economic downturns, and regulatory & policy changes or other factors are not accounted for in the market forecast. This data is combined and added with detailed inputs and analysis from BrandEssenceResearch and presented in this report.

After complete market engineering with calculations for market statistics; market size estimations; market forecasting; market breakdown; and data triangulation, extensive primary research was conducted to gather information and verify and validate the critical numbers arrived at. In the complete market engineering process, both top-down and bottom-up approaches were extensively used, along with several data triangulation methods, to perform market estimation and market forecasting for the overall market segments and sub segments listed in this report. Extensive qualitative and further quantitative analysis is also done from all the numbers arrived at in the complete market engineering process to list key information throughout the report.

The study objectives of this report are: To analyze global Network Encryption status, future forecast, growth opportunity, key market and key players. To present the Network Encryption development in United States, Europe and China. To strategically profile the key players and comprehensively analyze their development plan and strategies. To define, describe and forecast the market by product type, market and key regions.

In this study, the years considered to estimate the market size of Network Encryption are as follows: History Year: 2014-2018 Base Year: 2018 Estimated Year: 2019 Forecast Year 2019 to 2025

For the data information by region, company, type and application, 2018 is considered as the base year. Whenever data information was unavailable for the base year, the prior year has been considered.

>>>>Get Full Customize report@ https://brandessenceresearch.biz/Request/Sample?ResearchPostId=166064&RequestType=Customization

Our industry professionals are working reluctantly to understand, assemble and timely deliver assessment on impact of COVID-19 disaster on many corporations and their clients to help them in taking excellent business decisions. We acknowledge everyone who is doing their part in this financial and healthcare crisis.

The Essential Content Covered in the Global Network Encryption Market Report:

* Top Key Company Profiles.* Main Business and Rival Information* SWOT Analysis and PESTEL Analysis* Production, Sales, Revenue, Price and Gross Margin* Market Share and Size

The report provides a 6-year forecast (2020-2026) assessed based on how the Network Encryption market is predicted to grow in major regions like USA, Europe, Japan, China, India, Southeast Asia, South America, South Africa, Others.

Strategic Points Covered in TOC:

Chapter 1:Introduction, market driving force product scope, market risk, market overview, and market opportunities of the global Network Encryption market.

Chapter 2:Evaluating the leading manufacturers of the global Network Encryption market which consists of its revenue, sales, and price of the products.

Chapter 3: the competitive nature among key manufacturers, with market share, revenue, and sales.

Chapter 4:Presenting global Network Encryption market by regions, market share and revenue and sales for the projected period.

Chapters 5, 6, 7, 8 and 9:To evaluate the market by segments, by countries and by manufacturers with revenue share and sales by key countries in these various regions.

Read More: https://brandessenceresearch.biz/ICT-and-Media/Top-Growth-OnNetwork-Encryption-Market-Size-and-Share/Summary

About us: Brandessence Market Research and Consulting Pvt. ltd.

Brandessence market research publishes market research reports & business insights produced by highly qualified and experienced industry analysts. Our research reports are available in a wide range of industry verticals including aviation, food & beverage, healthcare, ICT, Construction, Chemicals and lot more. Brand Essence Market Research report will be best fit for senior executives, business development managers, marketing managers, consultants, CEOs, CIOs, COOs, and Directors, governments, agencies, organizations and Ph.D. Students. We have a delivery center in Pune, India and our sales office is in London.

Contact us at: +44-2038074155 or mail us at[emailprotected]

Original post:
Europe Network Encryption Market 2020 Top Manufactures, Growth Opportunities and Investment Feasibility 2025 - Research Newspaper

NEWARK, N.J., Aug. 3, 2020 /PRNewswire/ -- Duality Technologies, a leading provider of Privacy-Enhancing Technologies (PETs) enabling collaboration between organizations on sensitive data, announced today a new partnership with NumFOCUS, a non-profit organization which sponsors the use of open-source software in research, data science and scientific computing. The partnership between Duality and NumFOCUS is aimed at creating a privacy-preserving collaboration platform enabling academic institutions and public agencies to evaluate the effects of grant-making, scholarships and other financial support on students' performance, future occupations and contributions to academic research.

In cooperation with the Institute for Research on Innovation and Science (IRIS) at the University of Michigan, Duality will develop a privacy-preserving data science framework based on the PALISADE open-source Homomorphic Encryption (HE) library in order to carry out secure analysis of sensitive student data while keeping Personally Identifiable Information (PII) private.

The new framework offers academic institutions and public agencies tools to conduct privacy-preserving research on the impact and the societal benefit of financial support for students. Previously, researchers had not been able to comprehensively analyze relevant data held by different public agencies due to data privacy regulations and agencies' reluctance to share such sensitive information. Socio-economic data indicative of scholarship recipients' lifestyles and occupations are inherently sensitive and until now, researchers had to undertake cumbersome anonymization processes with available data, limiting the studies' scope and reliability.

The development of the framework is also supported by the Albert P. Sloan Foundation, which issued a grant to NumFOCUS to promote the development of the open-source software for scientific research based on the PALISADE library.

"We are excited to launch this new collaboration with the remarkable people at NumFOCUS and the University of Michigan's IRIS research group, one of the leading institutions in its field," said Dr. Kurt Rohloff, Co-Founder and CTO of Duality Technologies. "Together, we are enabling academic teams to leverage sensitive data held by a variety of public agencies. Highly sensitive personal data must be protected, and now research teams can collaborate with public agencies on such rich data in order to glean important insights without compromising on data privacy."

The framework utilizes Homomorphic Encryption (HE), an advanced encryption method that protects data during computation, allowing multiple parties to run privacy-preserving analytics on encrypted data. Already deployed and proven in the financial industry, this will enable academic institutions and public agencies for the first time to comprehensively measure the impact of their grant-making and to maximize the impact of such support for students.

"Homomorphic Encryption is a secure and standardized method which is being used more and more frequently to conduct privacy-preserving data analytics in a wide variety of disciplines," said Leah Silen, Executive Director of NumFOCUS. "The framework under development by Duality represents a real breakthrough in research on social data, and we are proud to make the open-source PALISADE library widely available to the research community. Our heartfelt appreciation to the Sloan Foundation for its grant, which will allow more academic teams to engage in collaborative analytics on such sensitive data."

The PALISADE open-source HE library, which forms the basis for the new framework, was co-founded by Dr. Kurt Rohloff with Dr. Yuriy Polyakov and Dr. Dave Cousins, both Principal Scientists at Duality Technologies, with initial funding from DARPA and additional sponsorship by NumFOCUS.

"The privacy-preserving framework being developed by Duality will include interfaces and tools that integrate seamlessly with our current research environments," said Prof. Jason Owen-Smith, Executive Director of the Institute for Research on Innovation and Science (IRIS) at the University of Michigan. "It will enable our teams to utilize proven methods while facilitating access to sensitive data, which will translate into greater efficiency and deeper insights, all while preserving individual privacy. This project fits perfectly into our mission to understand, explain and improve the public value of research and higher education."

About Duality Technologies

Founded by world-renowned data scientists and cryptographers, Duality Technologies is at the forefront of Privacy Enhancing Technologies (PETs), setting a new standard for privacy-preserving data collaborations. Duality SecurePlus, a leading PET platform, uniquely combines advanced Homomorphic Encryption and data science, enabling organizations to derive insights without exposing their sensitive data. Duality's products are used by companies across regulated industries including financial services, healthcare, telecommunications and more. Duality was recently listed on Fast Company's 2020 Most Innovative Companies List in the Data Science category. Duality has also been recognized as a Gartner "Cool Vendor" for Privacy Preservation in Analytics. For more information, please visit dualitytech.com.

About NumFocus

NumFOCUS is a 501(c)3 public charity in the United States. The mission of NumFOCUS is to promote sustainable high-level programming languages, open code development, and reproducible scientific research. We accomplish this mission through our educational programs and events as well as through fiscal sponsorship of open source scientific computing projects.

NumFOCUS envisions an inclusive scientific and research community that utilizes actively supported open source software to make impactful discoveries for a better world.

Duality Technologies Media Contact: Brandon Weinstock Headline Media +1 (914) 336-4878 brandon@headline.media

View original content:http://www.prnewswire.com/news-releases/duality-technologies-and-numfocus-partner-to-develop-platform-for-privacy-preserving-analysis-of-the-real-impact-of-academic-scholarships-301104743.html

SOURCE Duality Technologies

Continue reading here:
Duality Technologies and NumFOCUS Partner to Develop Platform for Privacy-Preserving Analysis of the Real Impact of Academic Scholarships - Stockhouse

The latest addition to the MarketsandResearch.biz entitled Global IoT Security Solution for Encryption Market 2020 by Company, Regions, Type and Application, Forecast to 2026 explores the essential factors of the global market such as industry situations, market demands, market players, and their growth scenario. The report serves market analysis that comprises present and traditional growth analysis, competitive analysis, as well as the growth prospects of the central regions. The report offers a thorough evaluation of the driving forces of the global IoT Security Solution for Encryption market. The report is monitored based on separation by type, application, key players, and end-user.

Enumerating Some of The Most Important Pointers Addressed In The Report:

The report sheds light on core business values, market trends, revenue growth patterns market shares, and demand and supply, production, key regions, revenue rate, and key players. After reading this report, the key stakeholders can know about the major trends, drivers, investments, vertical players initiatives toward the segment in the upcoming years along with details of the companies entering the global IoT Security Solution for Encryption market. The report demonstrates product launches, promotional activities, and brand tendencies, as well as ventures, acquisitions, and mergers and consolidation.

DOWNLOAD FREE SAMPLE REPORT: https://www.marketsandresearch.biz/sample-request/58642

NOTE: Our report highlights the major issues and hazards that companies might come across due to the unprecedented outbreak of COVID-19.

Market Competition By Top Manufacturers:

The competitors are segmented into the size of their individual enterprise, buyers, products, raw material usage, and consumer base. The raw material chain and the supply chain are described to make the user aware of the prevailing costs in the market. The market research report classifies the competitive spectrum of this global IoT Security Solution for Encryption industry in a comprehensive manner. These details help the companies to garner market revenue by understanding strategies and approaches.

According to the document, the competitive spectrum of the market comprises of companies including: Cisco Systems, Intel Corporation, IBM Corporation, Symantec Corporation, Trend Micro, Digicert, Infineon Technologies, ARM Holdings, Gemalto NV, Kaspersky Lab, CheckPoint Software Technologies, Sophos Plc, Advantech, Verizon Enterprise Solutions, Trustwave, INSIDE Secure SA, PTC Inc., AT&T Inc.,

Segment by product type, this report focuses on consumption, market share, and growth rate of the market in each product type and can be divided into: Software Platforms, Service

Segment by application, this report focuses on consumption, market share, and growth rate of the market in each application and can be divided into: Healthcare, Information Technology (IT), Telecom, Banking, Financial Services, And Insurance (BFSI), Automotive, Others

Further, each regional market is comprehensively studied with a key focus on import and export, leading players, production value growth rate, and production growth rate: North America (United States, Canada and Mexico), Europe (Germany, France, UK, Russia and Italy), Asia-Pacific (China, Japan, Korea, India and Southeast Asia), South America (Brazil, Argentina, Colombia etc.), Middle East and Africa (Saudi Arabia, UAE, Egypt, Nigeria and South Africa)

ACCESS FULL REPORT: https://www.marketsandresearch.biz/report/58642/global-iot-security-solution-for-encryption-market-2020-by-company-regions-type-and-application-forecast-to-2026

This Study Will Address Following Critical Questions:

Customization of the Report:

This report can be customized to meet the clients requirements. Please connect with our sales team (sales@marketsandresearch.biz), who will ensure that you get a report that suits your needs. You can also get in touch with our executives on +1-201-465-4211 to share your research requirements.

About Us

Marketsandresearch.biz is a leading global Market Research agency providing expert research solutions, trusted by the best. We understand the importance of knowing what global consumers watch and buy, further using the same to document our distinguished research reports. Marketsandresearch.biz has worldwide presence to facilitate real market intelligence using latest methodology, best-in-class research techniques and cost-effective measures for worlds leading research professionals and agencies. We study consumers in more than 100 countries to give you the most complete view of trends and habits worldwide. Marketsandresearch.biz is a leading provider of Full-Service Research, Global Project Management, Market Research Operations and Online Panel Services.

Contact UsMark StoneHead of Business DevelopmentPhone: +1-201-465-4211Email: sales@marketsandresearch.bizWeb: http://www.marketsandresearch.biz

Global Cleaning and Disinfection Robots Market 2020 Industry Analysis by Manufacturers, End-User, Type, Application, Regions and Forecast to 2025

Global Community Acquired Pneumonia (CAP) Market 2020 Potential Growth, Competitive Landscape and Development of Industry by 2025

Global Condition Monitoring and Maintenance Services Market 2020 Status and Outlook, Industry Growth Rate, Opportunities and Challenges to 2025

Global Corticosteroid-Responsive Dermatoses Market 2020 Segmentation Analysis, Key Players, Industry Share and Forecast by 2025

Global Clean Room Technology Market 2020 Report Presents Complete Summary, Marketplace Shares and Growth Opportunities by 2025

Global Colocation and Managed Hosting (CMH) Market 2020 by Key Players, Regions, Type and Application, Forecast to 2025

Visit link:
Global IoT Security Solution for Encryption Market 2020 by Key Players, Regions, Type and Application, Forecast to 2026 - The Diamond Report