Don’t Wait: Get Into the Encryption Habit Now – Williston Daily Herald

Country

United States of AmericaUS Virgin IslandsUnited States Minor Outlying IslandsCanadaMexico, United Mexican StatesBahamas, Commonwealth of theCuba, Republic ofDominican RepublicHaiti, Republic ofJamaicaAfghanistanAlbania, People's Socialist Republic ofAlgeria, People's Democratic Republic ofAmerican SamoaAndorra, Principality ofAngola, Republic ofAnguillaAntarctica (the territory South of 60 deg S)Antigua and BarbudaArgentina, Argentine RepublicArmeniaArubaAustralia, Commonwealth ofAustria, Republic ofAzerbaijan, Republic ofBahrain, Kingdom ofBangladesh, People's Republic ofBarbadosBelarusBelgium, Kingdom ofBelizeBenin, People's Republic ofBermudaBhutan, Kingdom ofBolivia, Republic ofBosnia and HerzegovinaBotswana, Republic ofBouvet Island (Bouvetoya)Brazil, Federative Republic ofBritish Indian Ocean Territory (Chagos Archipelago)British Virgin IslandsBrunei DarussalamBulgaria, People's Republic ofBurkina FasoBurundi, Republic ofCambodia, Kingdom ofCameroon, United Republic ofCape Verde, Republic ofCayman IslandsCentral African RepublicChad, Republic ofChile, Republic ofChina, People's Republic ofChristmas IslandCocos (Keeling) IslandsColombia, Republic ofComoros, Union of theCongo, Democratic Republic ofCongo, People's Republic ofCook IslandsCosta Rica, Republic ofCote D'Ivoire, Ivory Coast, Republic of theCyprus, Republic ofCzech RepublicDenmark, Kingdom ofDjibouti, Republic ofDominica, Commonwealth ofEcuador, Republic ofEgypt, Arab Republic ofEl Salvador, Republic ofEquatorial Guinea, Republic ofEritreaEstoniaEthiopiaFaeroe IslandsFalkland Islands (Malvinas)Fiji, Republic of the Fiji IslandsFinland, Republic ofFrance, French RepublicFrench GuianaFrench PolynesiaFrench Southern TerritoriesGabon, Gabonese RepublicGambia, Republic of theGeorgiaGermanyGhana, Republic ofGibraltarGreece, Hellenic RepublicGreenlandGrenadaGuadaloupeGuamGuatemala, Republic ofGuinea, RevolutionaryPeople's Rep'c ofGuinea-Bissau, Republic ofGuyana, Republic ofHeard and McDonald IslandsHoly See (Vatican City State)Honduras, Republic ofHong Kong, Special Administrative Region of ChinaHrvatska (Croatia)Hungary, Hungarian People's RepublicIceland, Republic ofIndia, Republic ofIndonesia, Republic ofIran, Islamic Republic ofIraq, Republic ofIrelandIsrael, State ofItaly, Italian RepublicJapanJordan, Hashemite Kingdom ofKazakhstan, Republic ofKenya, Republic ofKiribati, Republic ofKorea, Democratic People's Republic ofKorea, Republic ofKuwait, State ofKyrgyz RepublicLao People's Democratic RepublicLatviaLebanon, Lebanese RepublicLesotho, Kingdom ofLiberia, Republic ofLibyan Arab JamahiriyaLiechtenstein, Principality ofLithuaniaLuxembourg, Grand Duchy ofMacao, Special Administrative Region of ChinaMacedonia, the former Yugoslav Republic ofMadagascar, Republic ofMalawi, Republic ofMalaysiaMaldives, Republic ofMali, Republic ofMalta, Republic ofMarshall IslandsMartiniqueMauritania, Islamic Republic ofMauritiusMayotteMicronesia, Federated States ofMoldova, Republic ofMonaco, Principality ofMongolia, Mongolian People's RepublicMontserratMorocco, Kingdom ofMozambique, People's Republic ofMyanmarNamibiaNauru, Republic ofNepal, Kingdom ofNetherlands AntillesNetherlands, Kingdom of theNew CaledoniaNew ZealandNicaragua, Republic ofNiger, Republic of theNigeria, Federal Republic ofNiue, Republic ofNorfolk IslandNorthern Mariana IslandsNorway, Kingdom ofOman, Sultanate ofPakistan, Islamic Republic ofPalauPalestinian Territory, OccupiedPanama, Republic ofPapua New GuineaParaguay, Republic ofPeru, Republic ofPhilippines, Republic of thePitcairn IslandPoland, Polish People's RepublicPortugal, Portuguese RepublicPuerto RicoQatar, State ofReunionRomania, Socialist Republic ofRussian FederationRwanda, Rwandese RepublicSamoa, Independent State ofSan Marino, Republic ofSao Tome and Principe, Democratic Republic ofSaudi Arabia, Kingdom ofSenegal, Republic ofSerbia and MontenegroSeychelles, Republic ofSierra Leone, Republic ofSingapore, Republic ofSlovakia (Slovak Republic)SloveniaSolomon IslandsSomalia, Somali RepublicSouth Africa, Republic ofSouth Georgia and the South Sandwich IslandsSpain, Spanish StateSri Lanka, Democratic Socialist Republic ofSt. HelenaSt. Kitts and NevisSt. LuciaSt. Pierre and MiquelonSt. Vincent and the GrenadinesSudan, Democratic Republic of theSuriname, Republic ofSvalbard & Jan Mayen IslandsSwaziland, Kingdom ofSweden, Kingdom ofSwitzerland, Swiss ConfederationSyrian Arab RepublicTaiwan, Province of ChinaTajikistanTanzania, United Republic ofThailand, Kingdom ofTimor-Leste, Democratic Republic ofTogo, Togolese RepublicTokelau (Tokelau Islands)Tonga, Kingdom ofTrinidad and Tobago, Republic ofTunisia, Republic ofTurkey, Republic ofTurkmenistanTurks and Caicos IslandsTuvaluUganda, Republic ofUkraineUnited Arab EmiratesUnited Kingdom of Great Britain & N. IrelandUruguay, Eastern Republic ofUzbekistanVanuatuVenezuela, Bolivarian Republic ofViet Nam, Socialist Republic ofWallis and Futuna IslandsWestern SaharaYemenZambia, Republic ofZimbabwe

Originally posted here:
Don't Wait: Get Into the Encryption Habit Now - Williston Daily Herald

An encrypted ZIP file can have two correct passwords here’s why – BleepingComputer

Password-protected ZIP archives are common means of compressing andsharing sets of filesfrom sensitive documents to malware samples to even malicious files (i.e. phishing "invoices" in emails).

But, did you know it is possible for an encrypted ZIP file to have two correct passwords, with both producing the same outcome when the ZIP is extracted?

Arseniy Sharoglazov, a cybersecurityresearcher at Positive Technologies shared over the weekend a simple experiment where he produced a password-protected ZIP file called x.zip.

The passwordSharoglazov picked for encrypting his ZIP was a pun on the 1987 hitthat's become a popular tech meme:

Nev1r-G0nna-G2ve-Y8u-Up-N5v1r-G1nna-Let-Y4u-D1wn-N8v4r-G5nna-D0sert-You

But the researcher demonstrated that when extracting x.zipusing a completely differentpassword, he receivedno error messages.

In fact, using the different passwordresulted in successful extraction of the ZIP, with original contents intact:

pkH8a0AqNbHcdw8GrmSp

BleepingComputer was able to successfully reproduce the experiment using different ZIP programs. We used both p7zip (7-Zip equivalent for macOS) andanother ZIP utility calledKeka.

Like the researcher's ZIP archive, ours was created with the aforementioned longer password, and with AES-256 encryption mode enabled.

While the ZIP was encrypted with the longerpassword, using either password extracted the archive successfully.

Responding toSharoglazov'sdemo, a curious reader,Rafaraised an important question, "How????"

Twitter userUnblvrseems to have figured out the mystery:

When producing password-protected ZIP archives with AES-256 mode enabled, the ZIPformat uses the PBKDF2 algorithm andhashes the passwordprovided by the user, ifthepassword is too long. By too long, we mean longer than 64 bytes (characters), explains the researcher.

Instead of the user's chosen password (in this case "Nev1r-G0nna-G2ve-...")this newly calculatedhash becomes the actual password to the file.

When the user attempts to extract the file, and enters apassword that is longer than 64 bytes ("Nev1r-G0nna-G2ve-..."), the user's input willonce again be hashed by the ZIP application and compared against the correct password (which is now itself a hash). Amatch would lead to a successful file extraction.

The alternative password used in this example("pkH8a0AqNbHcdw8GrmSp") is in fact ASCII representation of the longer password's SHA-1 hash.

SHA-1 checksum of "Nev1r-G0nna-G2ve-..." =706b4838613041714e62486364773847726d5370.

This checksum when converted to ASCII produces:pkH8a0AqNbHcdw8GrmSp

Note, however, that when encrypting or decrypting a file,the hashing process only occurs if the length of the password is greater than 64 characters.

In other words,shorter passwords will not be hashed at either stageof compressing or decompressing the ZIP.

This is why when picking the long "Nev1r-G0nna-G2ve-..." string as the password at the encryption stage, the actualpassword being set by the ZIP program is effectively the (SHA1) hash of this string.

At the decryption stage, if you were to enter "Nev1r-G0nna-G2ve-...," it will be hashed and compared against the previously stored password (which is the SHA1 hash). However, entering the shorter "pkH8a0AqNbHcdw8GrmSp" password at the decryption stage will have the application directly compare this value to the stored password (which is, again the SHA1 hash).

TheHMAC collisions subsection of PBKDF2 on Wikipedia provides some more technical insight to interested readers.

"PBKDF2 has an interesting property when using HMAC as its pseudo-random function. It is possible to trivially construct any number of different password pairs with collisions within each pair,"notes the entry.

"If a supplied password is longer than the block size of the underlying HMAC hash function, the password is first pre-hashed into a digest, and that digest is instead used as the password."

But, the fact that there are nowtwo possible passwords to the same ZIP does not represent a security vulnerability,"as one still must know the original password in order to generate the hash of the password," the entry further explains.

An interesting key aspect to note here is, ASCII representationsof every SHA-1 hash need not be alphanumeric.

In other words,let's assume we had chosen the following password for ourZIP file during this experiment.The password is longerthan 64 bytes:

Bl33pingC0mputer-Sh0w-M3-H0W-t0-pR0Duc3-an-eNcRyPT3D-ZIP-File-in-the-simplest-way

Its SHA-1 checksum comes out to be:bd0b8c7ab2bf5934574474fb403e3c0a7e789b61

And the ASCII representation of this checksum looks like a gibberish set of bytesnot nearly elegant as the alternative password generated by the researcher for his experiment:

BleepingComputer askedSharoglazov how was he able to pick a password whose SHA-1 checksum would be such that its ASCII representation yields a clean, alphanumeric string.

"That's why hashcat was used," the researcher tells BleepingComputer.

By using a slightly modified version of the open source password recovery tool, hashcat, the researcher generated variations of the "Never Gonna Give You Up..." string using alphanumeric characters until he arrived at a perfect password.

"I tested Nev0r, Nev1r, Nev2r and so on... And I found the password I need."

And, that'showSharoglazov arrived at a password that roughly reads like "Never Gonna Give You Up...," but the ASCII representation of itsSHA-1 checksum is oneneatalphanumeric string.

For most users, creating a password-protected ZIP file with a choice of their password should be sufficient and that is all they would need to know.

But should you decide to get adventurous, this experiment providesa peek into one of the many mysteries surroundingencrypted ZIPs, like having two passwords to your guarded secret.

Read more here:
An encrypted ZIP file can have two correct passwords here's why - BleepingComputer

Apples CSAM approach is the right one, says British government, as it attacks Facebook – 9to5Mac

The British government has backed a call by the countrys security services for client-side scanning for child sexual abuse material aka Apples CSAM approach.

Home Secretary Priti Patel has written an op-ed in which she indicates government support for the stance, while also attacking Facebooks plans to make all Messenger chats end-to-end encrypted by default

Apples CSAM scanning plans were first announced a year ago. Instead of scanning photos stored on iCloud, which is the approach taken by other companies with cloud storage services, the iPhone maker wanted a more privacy-respecting approach. This is based on what are known as hashes unique digital signatures of CSAM files, using client-side scanning (on the device, rather than in the cloud):

While the approach was indeed better than that of other companies, Apples plans quickly came under fire fromcybersecurity experts,human rights organizations,governments, andApples own employees. Four main concerns have been raised,explained here. Apple subsequently addressed the first two.

We argued that such a backlash was inevitable, given the years Apple has spent touting its privacy credentials. The company hasput up huge billboards. It hasrun amusing ads. It hasan entire privacy microsite. Its CEOtalks about privacyinevery interviewandpublic appearance. The companyattacks other tech giantsover privacy. Itfought the entire ad industryover a new privacy feature.

Last month, the UKs NSA equivalent, GCHQ, wrote a white paper in partnership with the National CyberSecurity Centre. The paper argued that Apple-style client-side scanning offered the right balance of security and privacy.

Ian Levy, the NCSCs technical director, and Crispin Robinson, the technical director of cryptanalysis codebreaking at GCHQ, said the technology could protect children and privacy at the same time.

Weve found no reason why client-side scanning techniques cannot be implemented safely in many of the situations one will encounter, they wrote in a discussion paper published on Thursday, which the pair said was not government policy.

It appears that this is now government policy, as Patel has written an op-ed piece for The Telegraph in which she endorses this.

Some of our foremost cyber security experts have published a paper setting out a range of safeguarding options that could be implemented by companies to reduce the prevalence of child sexual abuse online while maintaining the privacy benefits of end-to-end encryption.

The piece represents a softening of previous statements by the British government, which have attacked end-to-end encryption as enabling child abusers and terrorists. Patel now argues that it would be irresponsible to launch a new E2E encryption service without such a system in place.

The specific target of her ire is Facebook.

Meta has recently announced that it is beginning to test end-to-end encryption on its platforms, which include Facebook and Instagram. The company plans to make end-to-end encryption the default system for all personal calls and messages next year.

But parents need to know that their kids will be safe online. The consequences of inadequate protections especially for end-to-end encrypted social media platforms would be catastrophic. A great many child predators use social media platforms such as Facebook to discover, target and sexually abuse children. These protections need to be in place before end-to-end encryption is rolled out around the world. Child safety must never be an afterthought.

Currently, users have the ability to start a Secret Message, which is E2E encrypted, but the default is for encryption to which Facebook holds the key.

Patel refers to the Online Safety Bill, which would enforce client-side scanning, as if it were certain to pass. The reality is that this legislation has now been put on hold, and there is no certainty that it will proceed.

If client-side scanning does become a legal requirement, it will put Apple right back in the spotlight. The Cupertino company has gone silent on the issue, seemingly hoping that it can quietly drop its plans to avoid the controversy.

Photo:Dan Gold/Unsplash

FTC: We use income earning auto affiliate links. More.

Check out 9to5Mac on YouTube for more Apple news:

See the rest here:
Apples CSAM approach is the right one, says British government, as it attacks Facebook - 9to5Mac

How to enable end-to-end encrypted chat backup on WhatsApp, here’s how – Gearrice

Tech News Desk WhatsApp has a feature that prevents people from accessing users chats through their chat backups. Let us tell you that a feature called Encrypted Chat Backup was announced last year, which has become stronger with end-to-end encryption of WhatsApp chat backup. This is the same encryption technology that the Meta messaging app uses to secure conversations on its platform. Chats are backed up to either Google Drive or Apple iCloud. These chat backups are not protected by any encryption technology and hence are prone to hack or access by hackers. Whereas end-to-end encryption can mitigate this risk by encoding the content in the backup. That is, no one can access it. However, this feature is not enabled by default. WhatsApp users need to enable this functionality to keep their chat backups secure with end-to-end encryption. Users can use a password or a 64-digit encryption code to decrypt the encryption while restoring the last saved WhatsApp chat backup on their Android smartphone or iPhone.

First of all open Settings in WhatsApp. After that go to the Chats sub-section and then go to Chat Backup. Now tap on End-to-End Encrypted Backup option. Now tap on Turn on option and then follow on-screen prompts to generate password. Finally, tap on Create option and then wait for WhatsApp to create your end-to-end encrypted backup. That WhatsApp users will not be able to restore the backup if they forget the password. Also, if you forget the WhatsApp password, it cannot be reset.

Go here to read the rest:
How to enable end-to-end encrypted chat backup on WhatsApp, here's how - Gearrice

The 4 Best Open Source PKI Software Solutions (And Choosing the Right One) – Security Boulevard

Contact Sales[emailprotected]+1-216-931-0465

There are many reasons why you may be looking for open-source public key infrastructure (PKI) software. Maybe you need to enable authentication and encryption for IoT products you deliver to the market. Or maybe youre issuing certificates into a microservices environment to secure machine-to-machine connections. In any case, youve got options.

This blog will discuss the best open-source PKI software tools available today and provide tips on choosing the right tool for your needs.

First off, lets begin with a few definitions. PKI is used to issue certificates that enable authentication, encryption, and digital signatures for multiple use cases.

Authentication: proving your identity to a website or other entity

Encryption: protecting data from unauthorized access

Digital signatures: verifying the authenticity of a message or document

Open-source PKI solutions are a type of CA software that is available for anyone to use, modify and distribute. Open source software could be used for publicly trusted SSL/TLS certificates or, more commonly, as a private certificate authority (CA) for internal trust within an enterprise.

The code for these tools is typically published under an open-source license, allowing anyone to view, edit and redistribute the software.

Developers and engineers increasingly leverage PKI to embed security into their products or application development and delivery pipelines. Open source certificate authority (CA) software is a great way to get started with PKI.

There are many different open-source PKI software tools available today. Here weve broken down the four most common open source PKI solutions, including key considerations and recommendations when choosing the right fit for your use case.

EJBCA is a Java-based PKI solution that offers both enterprise and community editions. EJBCA Community Edition (CE) is free to download and has all the core features needed for certificate issuance and management. It includes multiple certificate enrollment methods, as well as a REST API. EJBCA was developed by PrimeKey, now a part of Keyfactor, and it is the most widely trusted and adopted solution for open-source PKI CA today.

Core capabilities include:

EJBCA Enterprise Edition (EE) includes features for production-ready environments, including high availability, clustering, authentication, advanced protocol and HSM support, professional support and services, and deployment flexibility. EJBCA Enterprise can be deployed as a turnkey hardware appliance, software appliance, cloud-based, or SaaS-delivered PKI.

Dogtag Certificate System (also known as Dogtag PKI) is an open-source certificate authority (CA) that supports many common PKI use cases. It offers a web-based management interface that allows you control over your certificates while also supporting multiple formats so that they can easily fit different use cases.

Core capabilities include:

The OpenXPKI is a toolkit based on OpenSSL and Perl that can create, manage, and deploy digital certificates. It includes support for multiple certificate formats and an online interface to help you oversee your PKI workloads.

Core capabilities include:

Step-ca is a simple yet flexible CLI-based open-source PKI tool that can create and manage digital certificates. It similarly includes support for multiple certificate formats and integrates with tools like Kubernetes, Nebula, and Envoy.

Core capabilities include:

When choosing an open source PKI management tool, there are several factors you will want to consider based on your specific use case and requirements.

Setting up and running a PKI isnt for the faint of heart. Even the best tools can create vulnerabilities if they are not properly configured and deployed. Open-source PKI solutions should be easy to deploy, with published containers offering the simplest method. They should also provide an easy-to-use interface for configuration, reporting, and management.

Once you have your PKI up and running, youll need to integrate certificate issuance and management workflows with your tools and applications. Industry-standard protocols such as ACME, SCEP, EST, and CMP provide certificate lifecycle management and enrollment capabilities. A REST API is also important to offer additional extensibility and functionality specific to the tool you choose.

Good documentation is essential for any PKI solution. Be sure to check that the documentation is up-to-date and easy to understand. Support typically isnt available with open-source projects, so youll need to ensure that you can set up and deploy the solution independently.

You should also ensure that theres a solid community to provide support and guidance when you need it. A good indicator of an active community is to check the number of downloads, discussions, and online forums where end users can discuss features and assist one another.

Security isnt static, and your PKI shouldnt be either. Ensure that your open source PKI solution is actively developed and maintained by the community and project owner. This ensures that vulnerabilities are addressed swiftly, and new features and functionality are continuously available as the PKI landscape evolves.

If something goes wrong with your PKI implementation, youll need access to troubleshooting documentation. Make sure the supplier you choose offers thorough documentation and a commercial/premium support agreement available from the vendor with an enterprise version, should the need arise to upgrade.

If you need enterprise-grade features, be sure to choose a tool that offers a simple path to upgrade. A full-featured enterprise PKI should be able to handle the increased load of large-scale production environments without compromising performance or security. To support these requirements, youll need capabilities like high availability, multi-node clustering, compliance certifications, advanced protocols, and hardware security module (HSM).integrations.

EJBCA CE is a powerful, flexible, and easy-to-use PKI solution used by everyone from developers and engineers to IAM and security teams to issue trusted identities for all of their devices and workloads. Here are just a few of the key reasons why teams choose EJBCA CE over open source PKI alternatives:

EJBCA provides a complete PKI solution that includes everything you need to get started. It supports CA, RA, and OCSP functionality out of the box and can easily scale to meet even the most demanding transaction workloads for certificate issuance and validation.

EJBCA is extremely flexible and can be easily extended to meet your specific needs. It supports pre-built plugins with other open-source tools such as HashiCorp Vault and Kubernetes, and it also supports SCEP, CMP, and REST API protocols. Advanced protocols such as ACME and EST are available with EJBCA Enterprise.

EJBCA is readily available for download from GitHub and Sourceforge. Its also available as a published container via Docker Hub, making it easy to deploy quickly and securely. It also offers a web-based GUI for centralized administration of CAs, audit logs, templates and policies, and more.

EJBCA is one of the longest-running CA software projects, with millions of downloads and time-proven robustness and reliability. Its built on open standards and a Common-Criteria certificate open-source platform.

EJBCA is supported by comprehensive documentation, including how-to guides, tutorial videos, troubleshooting guides, and use cases. This makes it incredibly easy for end-users to get up and running quickly and to get the most out of their PKI.

If you need an enterprise-grade PKI solution, EJBCA offers an easy path to upgrade from the community edition to the enterprise edition. EJBCA Enterprise is available in many different forms and flavors to meet your specific requirements for simplicity, availability, and compliance.

There are many reasons why you may be looking for open-source public key infrastructure (PKI) software. Maybe you need to enable authentication and encryption for IoT products you deliver to the market. Or maybe youre issuing certificates into a microservices environment to secure machine-to-machine connections. In any case, youve got options.

This blog will discuss the best open-source PKI software tools available today and provide tips on choosing the right tool for your needs.

First off, lets begin with a few definitions. PKI is used to issue certificates that enable authentication, encryption, and digital signatures for multiple use cases.

Authentication: proving your identity to a website or other entity

Encryption: protecting data from unauthorized access

Digital signatures: verifying the authenticity of a message or document

Open-source PKI solutions are a type of CA software that is available for anyone to use, modify and distribute. Open source software could be used for publicly trusted SSL/TLS certificates or, more commonly, as a private certificate authority (CA) for internal trust within an enterprise.

The code for these tools is typically published under an open-source license, allowing anyone to view, edit and redistribute the software.

Developers and engineers increasingly leverage PKI to embed security into their products or application development and delivery pipelines. Open source certificate authority (CA) software is a great way to get started with PKI.

There are many different open-source PKI software tools available today. Here weve broken down the four most common open source PKI solutions, including key considerations and recommendations when choosing the right fit for your use case.

EJBCA is a Java-based PKI solution that offers both enterprise and community editions. EJBCA Community Edition (CE) is free to download and has all the core features needed for certificate issuance and management. It includes multiple certificate enrollment methods, as well as a REST API. EJBCA was developed by PrimeKey, now a part of Keyfactor, and it is the most widely trusted and adopted solution for open-source PKI CA today.

Core capabilities include:

EJBCA Enterprise Edition (EE) includes features for production-ready environments, including high availability, clustering, authentication, advanced protocol and HSM support, professional support and services, and deployment flexibility. EJBCA Enterprise can be deployed as a turnkey hardware appliance, software appliance, cloud-based, or SaaS-delivered PKI.

Dogtag Certificate System (also known as Dogtag PKI) is an open-source certificate authority (CA) that supports many common PKI use cases. It offers a web-based management interface that allows you control over your certificates while also supporting multiple formats so that they can easily fit different use cases.

Core capabilities include:

The OpenXPKI is a toolkit based on OpenSSL and Perl that can create, manage, and deploy digital certificates. It includes support for multiple certificate formats and an online interface to help you oversee your PKI workloads.

Core capabilities include:

Step-ca is a simple yet flexible CLI-based open-source PKI tool that can create and manage digital certificates. It similarly includes support for multiple certificate formats and integrates with tools like Kubernetes, Nebula, and Envoy.

Core capabilities include:

When choosing an open source PKI management tool, there are several factors you will want to consider based on your specific use case and requirements.

Setting up and running a PKI isnt for the faint of heart. Even the best tools can create vulnerabilities if they are not properly configured and deployed. Open-source PKI solutions should be easy to deploy, with published containers offering the simplest method. They should also provide an easy-to-use interface for configuration, reporting, and management.

Once you have your PKI up and running, youll need to integrate certificate issuance and management workflows with your tools and applications. Industry-standard protocols such as ACME, SCEP, EST, and CMP provide certificate lifecycle management and enrollment capabilities. A REST API is also important to offer additional extensibility and functionality specific to the tool you choose.

Good documentation is essential for any PKI solution. Be sure to check that the documentation is up-to-date and easy to understand. Support typically isnt available with open-source projects, so youll need to ensure that you can set up and deploy the solution independently.

You should also ensure that theres a solid community to provide support and guidance when you need it. A good indicator of an active community is to check the number of downloads, discussions, and online forums where end users can discuss features and assist one another.

Security isnt static, and your PKI shouldnt be either. Ensure that your open source PKI solution is actively developed and maintained by the community and project owner. This ensures that vulnerabilities are addressed swiftly, and new features and functionality are continuously available as the PKI landscape evolves.

If something goes wrong with your PKI implementation, youll need access to troubleshooting documentation. Make sure the supplier you choose offers thorough documentation and a commercial/premium support agreement available from the vendor with an enterprise version, should the need arise to upgrade.

If you need enterprise-grade features, be sure to choose a tool that offers a simple path to upgrade. A full-featured enterprise PKI should be able to handle the increased load of large-scale production environments without compromising performance or security. To support these requirements, youll need capabilities like high availability, multi-node clustering, compliance certifications, advanced protocols, and hardware security module (HSM).integrations.

EJBCA CE is a powerful, flexible, and easy-to-use PKI solution used by everyone from developers and engineers to IAM and security teams to issue trusted identities for all of their devices and workloads. Here are just a few of the key reasons why teams choose EJBCA CE over open source PKI alternatives:

EJBCA provides a complete PKI solution that includes everything you need to get started. It supports CA, RA, and OCSP functionality out of the box and can easily scale to meet even the most demanding transaction workloads for certificate issuance and validation.

EJBCA is extremely flexible and can be easily extended to meet your specific needs. It supports pre-built plugins with other open-source tools such as HashiCorp Vault and Kubernetes, and it also supports SCEP, CMP, and REST API protocols. Advanced protocols such as ACME and EST are available with EJBCA Enterprise.

EJBCA is readily available for download from GitHub and Sourceforge. Its also available as a published container via Docker Hub, making it easy to deploy quickly and securely. It also offers a web-based GUI for centralized administration of CAs, audit logs, templates and policies, and more.

EJBCA is one of the longest-running CA software projects, with millions of downloads and time-proven robustness and reliability. Its built on open standards and a Common-Criteria certificate open-source platform.

EJBCA is supported by comprehensive documentation, including how-to guides, tutorial videos, troubleshooting guides, and use cases. This makes it incredibly easy for end-users to get up and running quickly and to get the most out of their PKI.

If you need an enterprise-grade PKI solution, EJBCA offers an easy path to upgrade from the community edition to the enterprise edition. EJBCA Enterprise is available in many different forms and flavors to meet your specific requirements for simplicity, availability, and compliance.

There are many reasons why you may be looking for open-source public key infrastructure (PKI) software. Maybe you need to enable authentication and encryption for IoT products you deliver to the market. Or maybe youre issuing certificates into a microservices environment to secure machine-to-machine connections. In any case, youve got options.

This blog will discuss the best open-source PKI software tools available today and provide tips on choosing the right tool for your needs.

First off, lets begin with a few definitions. PKI is used to issue certificates that enable authentication, encryption, and digital signatures for multiple use cases.

Authentication: proving your identity to a website or other entity

Encryption: protecting data from unauthorized access

Digital signatures: verifying the authenticity of a message or document

Open-source PKI solutions are a type of CA software that is available for anyone to use, modify and distribute. Open source software could be used for publicly trusted SSL/TLS certificates or, more commonly, as a private certificate authority (CA) for internal trust within an enterprise.

The code for these tools is typically published under an open-source license, allowing anyone to view, edit and redistribute the software.

Developers and engineers increasingly leverage PKI to embed security into their products or application development and delivery pipelines. Open source certificate authority (CA) software is a great way to get started with PKI.

There are many different open-source PKI software tools available today. Here weve broken down the four most common open source PKI solutions, including key considerations and recommendations when choosing the right fit for your use case.

EJBCA is a Java-based PKI solution that offers both enterprise and community editions. EJBCA Community Edition (CE) is free to download and has all the core features needed for certificate issuance and management. It includes multiple certificate enrollment methods, as well as a REST API. EJBCA was developed by PrimeKey, now a part of Keyfactor, and it is the most widely trusted and adopted solution for open-source PKI CA today.

Core capabilities include:

EJBCA Enterprise Edition (EE) includes features for production-ready environments, including high availability, clustering, authentication, advanced protocol and HSM support, professional support and services, and deployment flexibility. EJBCA Enterprise can be deployed as a turnkey hardware appliance, software appliance, cloud-based, or SaaS-delivered PKI.

Dogtag Certificate System (also known as Dogtag PKI) is an open-source certificate authority (CA) that supports many common PKI use cases. It offers a web-based management interface that allows you control over your certificates while also supporting multiple formats so that they can easily fit different use cases.

Core capabilities include:

The OpenXPKI is a toolkit based on OpenSSL and Perl that can create, manage, and deploy digital certificates. It includes support for multiple certificate formats and an online interface to help you oversee your PKI workloads.

Core capabilities include:

Step-ca is a simple yet flexible CLI-based open-source PKI tool that can create and manage digital certificates. It similarly includes support for multiple certificate formats and integrates with tools like Kubernetes, Nebula, and Envoy.

Core capabilities include:

When choosing an open source PKI management tool, there are several factors you will want to consider based on your specific use case and requirements.

Setting up and running a PKI isnt for the faint of heart. Even the best tools can create vulnerabilities if they are not properly configured and deployed. Open-source PKI solutions should be easy to deploy, with published containers offering the simplest method. They should also provide an easy-to-use interface for configuration, reporting, and management.

Once you have your PKI up and running, youll need to integrate certificate issuance and management workflows with your tools and applications. Industry-standard protocols such as ACME, SCEP, EST, and CMP provide certificate lifecycle management and enrollment capabilities. A REST API is also important to offer additional extensibility and functionality specific to the tool you choose.

Good documentation is essential for any PKI solution. Be sure to check that the documentation is up-to-date and easy to understand. Support typically isnt available with open-source projects, so youll need to ensure that you can set up and deploy the solution independently.

You should also ensure that theres a solid community to provide support and guidance when you need it. A good indicator of an active community is to check the number of downloads, discussions, and online forums where end users can discuss features and assist one another.

Security isnt static, and your PKI shouldnt be either. Ensure that your open source PKI solution is actively developed and maintained by the community and project owner. This ensures that vulnerabilities are addressed swiftly, and new features and functionality are continuously available as the PKI landscape evolves.

If something goes wrong with your PKI implementation, youll need access to troubleshooting documentation. Make sure the supplier you choose offers thorough documentation and a commercial/premium support agreement available from the vendor with an enterprise version, should the need arise to upgrade.

If you need enterprise-grade features, be sure to choose a tool that offers a simple path to upgrade. A full-featured enterprise PKI should be able to handle the increased load of large-scale production environments without compromising performance or security. To support these requirements, youll need capabilities like high availability, multi-node clustering, compliance certifications, advanced protocols, and hardware security module (HSM).integrations.

EJBCA CE is a powerful, flexible, and easy-to-use PKI solution used by everyone from developers and engineers to IAM and security teams to issue trusted identities for all of their devices and workloads. Here are just a few of the key reasons why teams choose EJBCA CE over open source PKI alternatives:

EJBCA provides a complete PKI solution that includes everything you need to get started. It supports CA, RA, and OCSP functionality out of the box and can easily scale to meet even the most demanding transaction workloads for certificate issuance and validation.

EJBCA is extremely flexible and can be easily extended to meet your specific needs. It supports pre-built plugins with other open-source tools such as HashiCorp Vault and Kubernetes, and it also supports SCEP, CMP, and REST API protocols. Advanced protocols such as ACME and EST are available with EJBCA Enterprise.

EJBCA is readily available for download from GitHub and Sourceforge. Its also available as a published container via Docker Hub, making it easy to deploy quickly and securely. It also offers a web-based GUI for centralized administration of CAs, audit logs, templates and policies, and more.

Read the original:
The 4 Best Open Source PKI Software Solutions (And Choosing the Right One) - Security Boulevard

What is Telegram? What you need to know about the messaging app – TrustedReviews

If youve been thinking about downloading a new messaging app, youve more than likely come across Telegram.

Heres everything you need to know about Telegram, including what it is, what features it offers, how encrypted it is, how much it costs and who owns the app.

Telegram is a free, cloud-based instant messaging app available across a range of mobile and desktop platforms, including Android, iOS, Windows, macOS and Linux.

The app saw a sudden surge in popularity in 2021 after WhatsApp announced changes to its privacy policy that would allow it to share data with parent company Meta.

Telegram offers its users a number of features, including no limits on media sizes, end-to-end encryption in secret chats and a huge 200,000-person capacity for group chats.

Theres also a Bot API to encourage developers to create their own bots for Telegram.

Alongside Signal, the app has a reputation as one of the most privacy-forward messaging apps. Telegrams code is also open source and the app supports reproducible builds.

All Telegram chats are encrypted, but the amount of encryption you get depends on what type of chat you make. This can lead users to believe their chats are more protected than they actually are.

Private chat and group chats are protected by server-client encryption, allowing them to live on the cloud, while secret chats benefit from more robust client-client encryption or end-to-end encryption. This means that only the sender and the receiver can read your messages and not even Telegram can decipher them. If you want the best level of privacy, you should communicate via secret chats.

Unfortunately, this also means that end-to-end encryption is limited to one-on-one chats and is not available in group chats.

If youre interested in reading more about Telegrams encryption and how the app deals with your data, we spoke to a number of security experts in our guide to Is Telegram Safe?

Yes, Telegram is free to download and use.

Telegram was founded by Nikolai and Pavel Durov, who are also the creators of Russian social network VK.

While Telegram was originally founded in St. Petersburg, the brothers have relocated the company a number of times and are currently based in Dubai.

Visit link:
What is Telegram? What you need to know about the messaging app - TrustedReviews

Passenger data will be encrypted before being shared with consultant: IRCTC officials – Moneycontrol

IRCTC | CMP: Rs 735.15 | The stock price added over 9 percent last week. The Railways' catering and ticketing arm IRCTC floated a tender to engage a consultant for monetisation of its "digital data", including the bank of passenger data, the railway ministry is now reviewing the revenue generation plan. The IRCTC's plan to generate Rs 1,000 crore revenue from two sets of monetisation of data came under criticism amid concerns over data privacy, according to media reports. Sources in the ministry said the government would prefer to wait for the passage of the Data Protection Bill in Parliament before going ahead with this plan.

Days after privacy concerns were raised regarding the Indian Railways Catering and Tourism Corporation's tender to monetise its digital data, IRCTC officials told Moneycontrol that the company would encrypt data before sharing it with consultants.

"A unique identification code with travel patterns will be shared with a consultant," a senior company official said.

The official added that the unique identification code will not let consultants identify customers or have access to any sensitive customer information.

"Only IRCTC will have access to customers' sensitive information and the company will not let consultants have access to our encryption software," the official added.

Another source said that many data points in the tender such as name, login and password will be removed from the list of data points that may be used for studying and coming up with monetisation plans.

"There is no need for name. Data such as how many have travelled to a certain place; how many people between a certain age group travel in trains can be shared with the consultant, who will then provide products based on this data," another source said.

At the time of publishing, queries over email and texts sent to IRCTC remained unanswered.

A rethink?

The second official also clarified that IRCTC is bound to follow laws such as the IT Act 2000, European Union's General Data Protection Rules (GDPR) and other regulations as required. The consultant will be guiding IRCTC in this regard.

On its portal, IRCTC also offers options to book hotels, buses and so on.

"For offerings such as this, data is shared with service providers after signing an NDA that the shared data will not be reshared anywhere else," the second source added.

Moneycontrol has also learnt that IRCTC will rework the tender based on responses received in the pre-bid meeting.

As of now, further action on the tender (in its present form) has been postponed. A pre-bid meeting planned for August 24 has been delayed "till further advice" from IRCTC.

Privacy worries

In July, IRCTC floated an expression of interest for appointing a consultant who will study customer data including "name, age, mobile number, gender, address, email-id, no. of passenger, class of journey, payment mode, login/password" and identify a business model for monetisation of railways data.

This move raised concerns of privacy, with digital advocacy groups decrying the move. Recently, the Parliamentary Standing Committee on IT also summoned the IRCTC in this regard.

A notice issued by the Lok Sabha Secretariat saidIRCTC officials would brief members of the Standing Committee on Communications and Information Technology on August 26.

The call for the briefing comes days after the Indian railway's ticketing arm floated a tender to generate Rs 1,000 crore from the monetisation ofits data assets.

The plan tomonetise customer data led to outcry and invited criticism from expertsgiven theabsence of rules regarding personal data protection.

Lawyers also pointed out that the personal data provided by customers to IRCTC at the time of booking their rail tickets "was not explicitly for the purpose of monetisation".

Since then, it has been reported that IRCTC will allow passengers to opt out of the data monetisation plan, with The Economic Times reporting on August 23 that the process was only at a preliminary stage and any decision would bestrictly within "the confines of the law".

It is to be noted that India has no data protection rules and a draft Bill was recently withdrawn by the government from Parliament.

The data protection Bill that IRCTC has mentioned in the tender document is not even the latest version of the Bill that was withdrawn. The Ministry of Electronics and IT (MeitY) did not respond to a query on the potential privacy risks of IRCTCs proposal.

In a statement, digital rights group Internet Freedom Foundation last week had said that IRCTC, a government-controlled monopoly, must not prioritise perverse commercial interests over the rights and interests of citizens. And given the recent withdrawal of the Data Protection Bill, 2021, such monetisation becomes even more concerning.

Originally posted here:
Passenger data will be encrypted before being shared with consultant: IRCTC officials - Moneycontrol

Lane Renews Years-Long Partnership With etherFAX to Continue to Deliver Secure Messaging for Enterprise Organizations – GlobeNewswire

SAN ANTONIO, Aug. 23, 2022 (GLOBE NEWSWIRE) -- Lane is pleased to announce its continued partnership of nearly four years with etherFAX. By extending this well-established partnership, enterprise organizations across a wide range of industries can continue to take advantage of secure and rapid document transmission with the world's largest fax network.

etherFAX's Secure Exchange Network (SEN) has more connected endpoints than any other fax service. Providing end-to-end encryption and hybrid-cloud technology, the exchange of sensitive and unstructured data is impenetrable and highly protected. In addition, etherFAX supports every major fax server, application, and fax-enabled device for universal advantage.

"Lane has always taken immense pride in our partnership with etherFAX, as it allows us to deliver superior messaging solutions with the support of the secure exchange network," Liz Maya, CEO of Lane, stated. "By renewing our partnership, enterprise organizations across a wide range of industries can continue to enjoy the benefits of some of the fastest, most secure faxing solutions available."

Lane's partnership with etherFAX continues to enable the 100% secure document transfer through SENx, which is built upon etherFAX's end-to-end encryption technology. Providing reliable and speedy transmission of high-resolution digital content, SENx ascertains the communication between two parties is decipherable while using ECIES to ensure the integrity of the cryptogram. In doing so, unique keying material is generated that seeds the encryption, with information being validated through signature and authentication mechanisms.

HIPPA- and PCI DSS-compliant, as well as HITRUST-certified, SENx never compromises on document integrity or security.

"We're proud to extend our partnership with Lane and provide their customers with the most secure and reliable document delivery solution in the industry," said Quinn Corey, Director of Sales at etherFAX. "In addition to digital data and document exchange, etherFAX SEN enables enterprise organizations to optimize business processes, improve interoperability, and mitigate risk."

Lane's renewed partnership with etherFAX also allows Lane to continue to be a proud reseller of the etherFAX Remote Integration Service (ERIS). ERIS is completely scalable with simplified configuration and eliminates the need for outdated and expensive on-site fax servers that are difficult to maintain, set up, configure, and operate. As a stand-alone and fully customizable solution, ERIS can replace many local fax functions for businesses.

About etherFAX

Founded in 2009, etherFAX offers a secure document delivery platform and suite of applications widely used across a broad range of industries to digitize workflows and optimize business processes. As a leading provider of hybrid-cloud fax solutions supporting healthcare enterprises, etherFAX securely transmits protected health information and high-resolution, color documents directly to applications and devices with end-to-end encryption and ultra-fast transmission speeds. With more than six million connected endpoints, etherFAX is the world's largest document exchange network, supporting every major fax server, application, and fax-enabled device. The etherFAX partner network continues to grow and evolve to strengthen platform-agnostic document delivery to and from fax providers, fax servers, EHRs, and Health Information Exchanges, etherFAX services operate in a HIPAA and SOC 2-compliant environment that is both HITRUST CSF and PCI DSS-certified. For more information, visithttp://www.etherfax.net, call us at 877-384-9866, or emailsales@etherfax.net.

About Lane

Lane is recognized globally as a leader in secure messaging communications and fax integration across a wide range of industries. Lane aims to exceed expectations by applying robust and tailored solutions that yield tangible results for their clients. With a strong track record of implementing systems across 50 countries, Lane's team possesses extensive knowledge and experience in developing solutions from the largest financial institutions to healthcare companies, as well as other public and private enterprises.

This content was issued through the press release distribution service at Newswire.com.

Continued here:
Lane Renews Years-Long Partnership With etherFAX to Continue to Deliver Secure Messaging for Enterprise Organizations - GlobeNewswire

More users want encryption, but the transition can be complicated for messaging apps – Marketplace

End-to-end encryption is a way to keep messages private. Its sometimes used by apps, which basically turn those messages into unintelligible chunks of data as soon as a user hits Send.

The idea is that no one except sender and recipient can access that message. Not hackers, not third parties, not even the app platform itself. And you have to have special keys stored on an individual device to decrypt it.

But many messaging platforms dont have this kind of encryption, and some provide it only as an option.

Kimberly Adams of Marketplace Tech spoke with Matthew Green, a professor at the Johns Hopkins Information Security Institute, about why more apps dont have end-to-end encryption by default. The following is an edited transcript of their conversation.

Matthew Green: One of the problems is that that services like Facebook Messenger, theyre designed to work across multiple different devices, right? And getting all of that to work with encryption is hard because it means you have to have encryption keys delivered to all those different phones. Thats challenging. And then law enforcement and platform abuse teams, theyre worried that people will break laws, send abusive pictures and so on. And end-to-end encryption is very nerve-wracking for those interests because they cant see the images.

Kimberly Adams: From a design standpoint, does it matter when you add encryption to a messaging service?

Green: Yes, it makes much more sense to add encryption from the beginning. If you design a new messaging service and it has encryption right from the start, like Signal, for example, then its really easy to deploy that. You can figure out each time you add a new feature, you say, How does this fit into the encryption? How do I do things? In the other direction, when youre basically going backwards to a very popular service that already does not use encryption, adding encryption can be challenging because you have to think about all these features you support, like multiple devices, working on arbitrary web browsers, bots, things like that. Each of those services has to be adapted to use encryption. And thats why Facebook Messenger in particular Facebook is now deploying encryption across all of its existing services its taking them a long time to figure out all those details.

Adams: How does money factor into the encryption debate? Because, I mean, these messaging services could potentially provide a lot of useful user data that could be monetized or used to create targeted ads. And I imagine if you have really good end-to-end encryption, that ability to monetize that content theoretically goes away, right?

Green: My impression is that a lot of these advertising-supported networks like Google and Facebook, they have more user data about you than they know what to do with. So for them, theres actually kind of a balance where, hey, yes, we could have access to all your private conversations and thoughts. But we already have so much data, do we really want to be the people who are mining your private conversations to get that? And thats why I think so many of these providers, particularly Facebook, are moving to encryption, is they just dont need that private conversation data. They already have enough.

Adams: What do you see as the demand moving forward by users, at least, for encrypted messaging apps and services?

Green: Well, one of the things thats been amazing to me is over the last year or so I use this app called Signal, which is a great thing. And I get notifications saying, So-and-so is on Signal. And it used to be that so-and-so was some computer scientist or technical person I work with. And nowadays, so-and-so is my neighbor who I dont even think knows how to use a computer. The impression I get is that people genuinely feel that private messages should be private. And so I think that now they know that the older systems arent very private, theyre happy to switch to these newer technologies that doesnt cause them any controversy or any pain.

Adams: As somebody who studies this all the time, how have you noticed, sort of, the public perception and knowledge around issues of encryption change?

Green: Encryption used to be one of those science fiction things. Youd see it on TV, you know, Star Trek, or youd see it on cop shows occasionally. But it was always a criminal using encryption. I think that whats really changed is that encryption has gone from this thing that was mostly used by mobsters or the bad guys on TV to something that everyone just kind of takes for granted. And we understand why, right? Because were all carrying our entire lives around with us, all our private conversations on this little computer in our pocket. And we really, really are sensitive to the fact, even if not consciously, were sensitive to the fact that all of our private information could go so easily. And I think nowadays, the people who think about this stuff, they think about encryption as basically the only antidote against, you know, losing everything that you care about. And so encryption has gone from being kind of an exotic, dirty word, to just being a technology that is there and protects us.

You may have heard last week that Meta is testing new encryption features in its Messenger app. The company has said it would take years to add more secure encryption to Messenger by default.

Meta made the announcement after it complied with court orders and released chat histories between a Nebraska woman and her teenage daughter. The messages are allegedly about the daughter seeking abortion services more than 20 weeks into her pregnancy, which is illegal in that state.

Meta has said its decision to roll out additional encryption features in Messenger is not related to that court order.

If you want to know how to test that new end-to-end encryption feature on your Messenger app, The Verge has a handy summary.

But if youre in the market to try an app thats already encrypted, PC mag published its take on the best, most secure messaging apps of 2022.

Theyre in no specific order: WhatsApp, Telegram and a favorite here in Washington, D.C. Signal.

Originally posted here:
More users want encryption, but the transition can be complicated for messaging apps - Marketplace

Bellabeat is First Period and Pregnancy Tracking App and Wearable to Implement Private Key Encryption (AES-256) Security Feature to Protect Women’s…

PopularPeriod and Pregnancy Tracking Wearable for Women is One of Safest Cyber Security and Data Wise

SILICON VALLEY, Calif., Aug. 18, 2022 /PRNewswire/ --In early July,Bellabeatwas the first pregnancy tracker to roll out a new layer of data security to protect their base of all female end users' data in the wake of the United States Supreme Court overturning Roe Vs. Wade. Like many mobile apps, they had been using full end-to-end encryption of their Bellabeat mobile app for users of all of their Bellabeat wearable products, with end-to-end encryption being the common and secure way to protect customers' data. The company determined that to protect their health data, it is necessary to take data their security a step further without haste. As of August 17th, 2022, eighteen out of 25 reproductive health apps and wearable devices that Mozilla investigated for privacy and security practices received a*Privacy Not Includedwarning label. Bellabeat did not receive a warning label as they have been exceptionally public in immediately taking the following steps after the newest Roe vs. Wade ruling.

The newly implemented Private Key Encryption (AES-256) feature will enable all Bellabeat users to access and decrypt her data using a private key via her Bellabeat smartphone app. Any data stored on the Bellabeat servers will be in an encrypted form only. Thus, no one can access the Bellabeat servers (lawfully or unlawfully). Also, adding the extra layer of security where data stored on the company's servers cannot be read without holding an individual user's private key. The only person that can access the confidential health data and info in its decrypted form will be the Bellabeat customer herself. The private key is a password or a pin code that only the user herself knows or stores on her private device. Without that key, her data is unreadable. Ideally, implementing the new security feature gives full control and ownership of data to Bellabeat's end users. The company will therefore not be able to benefit from collecting end-user data in any shape or form, including for internal research or product improvements. Bellabeat executives determined that there was not a question in options and that users' safety at this time is of the utmost importance. The feature is currently in testing and will be rolled out within all Bellabeat products having women's' reproductive health tracking features (period and pregnancy data tracking) by end of July.

Story continues

The decision for the exceptional layer of data security comes in the wake of the U.S. Supreme Courts June 24th, 2022, ruling to overturn the landmark case Roe v. Wade, in which the Court ruled thatthe Constitution of the United States generally protects a pregnant woman's liberty to choose to have an abortion. The overturning of Roe Vs. wade now gives states a license to ban abortion. Thirteen U.S. states, mainly within the south and midwest, had trigger bans to be activated upon supreme court decision and will now start taking effect. Some immediately upon the ruling being released. As Bellabeat is a Women's health tracker with a specific focus on menstrual, reproductive, and fertility tracking, end-to-end encryption was determined to be of the utmost importance to protect the fast-growing companies' customers.

"Our business is helping women to track and understand their cycles and bodies. The Overturning of Roe Vs. Wade is a tremendous blow to women's rights. It is an incredibly sad and terrifying day for Women's health and Women's rights. Many women are now in fear of exactly what to share and where to share it. This ruling will change how health data and records are maintained offline with OBGYNs and primary care physicians, what women feel safe to disclose, and will grossly change how women will choose to share their reproductive information online. We will continue to be a safe and progressive space for women to track their cycles, fertility, and all wellness concerns," states Urska Sren Co-Founder of Bellabeat. "Incorporating the Private Key encryption feature means an extra layer of security designed to ensure our users' safety. This also means our end users can be sure that we are unable to leak or sell their data and that a breach or break within Bellabeat's servers will never mean a threat to their personal safety."

In a recentWall Street Journal articlelegal experts are quoted to say that in a scenario where Roe is overturned, your digital breadcrumbsincluding the kind that come from period trackerscould be used against you in states where laws criminalize aiding in or undergoing abortion.

"It is a horrific idea that your health data and digital breadcrumbs could be used against you to criminalize women making life-changing reproductive choices. It's not a sentiment reflected anywhere in healthcare or health rights for the male body. We stand with women everywhere and have taken the necessary steps End-to-end. We also do not sell or share our customer info," states Sandro Mur, CoFounder of Bellabeat. "The implementation of the Private Key Encryption ensures that we will never be placed in a position, as a company, where we could be forced to submit user's private health data in its readable form."

Bellabeat is a leader in creating wellness technology whose products include wearables are specifically made for women that track health, wellness, and reproductive info via The Bellabeat Ivy, Leaf Urban, and Leaf Chakra. Bellabeat is aimed exclusively at women and recently announced that they have started the process of submitting an official application to the FDA for their product, the Bellabeat Ivy. Obtaining a license from the U.S. Food and Drug Administration (FDA) would allow doctors and clinicians to officially use the Ivy wearable technology to monitor the menstrual cycle in the treatment of women. The Bellabeat Ivy is specifically made for women. In recent coverage, it has been seen as an outstanding health tracker to monitor and track a woman's menstrual cycle, fertility, postpartum depression symptoms, menopause symptoms, and more.

For media inquiries on the Bellabeat mobile app or additional quotes or interviews surroundingBellabeat data protectionupon the overturning of Roe Vs. Wade, please emailmtatum@bpm-prfirm.comor call 877.841.7244.

About Bellabeat

Bellabeat Inc. is a Silicon Valley company building tech-powered wellness products for women. The Bellabeat team previously released the Bellabeat Ivy and disruptive Leaf health tracking jewelry for women and the first smart water bottle powered by A.I. Bellabeat is now revolutionizing the FemTech space by taking natural cycles into account when creating its guided programs and Ivy Smart Bracelet, helping women reach their health goals more effectively and enjoyably. Visithttps://bellabeat.com/for additional information.

Media Contact:Monique Tatum877.841.7244342922@email4pr.com

Cision

View original content to download multimedia:https://www.prnewswire.com/news-releases/bellabeat-is-first-period-and-pregnancy-tracking-app-and-wearable-to-implement-private-key-encryption-aes-256-security-feature-to-protect-womens-data-in-the-wake-of-roe-vs-wade-overturn-301608919.html

SOURCE Bellabeat

Read the original post:
Bellabeat is First Period and Pregnancy Tracking App and Wearable to Implement Private Key Encryption (AES-256) Security Feature to Protect Women's...