The work-from-home shift driven by the Covid-19 crisis has opened the door to a fresh round of cyber attacks. With so many government, military, and private sector employees working from home and using VPNs or remote desktops, the incidence of attacks has increased significantly. In an effort to improve government and military teleworkers cyber hygiene, the NSA recently issued guidelines for using collaboration services. At the top of the NSAs list is the recommendation that collaboration services employ end-to-end encryption.The value of end-to-end encryption has long been known. However, its inclusion in the NSAs list highlights its shift to the mainstream by an organization known to seek the highest levels of security for themselves and their technologies. The NSA notes that by following the guidelines it defines, users can reduce their risk exposure and become harder targets for bad actors.

End-to-end encryption is the gold standard for protecting email and file storage/sharing. Thats why the NSAs recently released guidance on telework focuses on it. According to the NSA, the top criterion for selecting and safely using collaboration services for telework should be:

Does the service implement end-to-end encryption?

PreVeils end-to-end encrypted email and file sharing platform solidly meets this standard. PreVeils security model assumes cyberattacks will occur and focuses on ensuring that any attacks are futile. With PreVeil, data is never decrypted on any server anywhere; if attackers successfully breach a server, all they will see is useless gibberish. PreVeil can be used seamlessly in conjunction with VPNs or remote desktops but is capable of securing data transmissions over any wireless or wired connection due to the power of end-to-end encryption. to secure files, data, and communications.

The NSAs second recommendation is to:

Use strong well-known and testable encryption standards

PreVeils architecture is built on NIST FIPS 140-2 certified encryption algorithms. The algorithm defines the critical security standards that the private sector must use for encryption in order to work with the U.S. government.

PreVeils use of end-to-end encryption along with strong algorithms ensures a secure alternative to VPNs and remote desktop. These solutions are relatively insecure methods for collaboration because they are vulnerable to password and admin attacks. End-to-end encryption provides an ideal alternative to passwords by ensuring authentication through cryptographic private keys stored only on users devices. These keys reside only on the users device and cannot be phished, guessed, or spoofed.Moreover, PreVeils Approval Group feature prevents admins from becoming central points of attack. By requiring several people to approve an administrators sensitive activities, such as exporting corporate data, invasive actions by a single admin are not possible. Similar to nuclear launch keys, this strategy prevents malicious activity by requiring more than one person to authorize critical actions. Trust is distributed among approvers instead of being centralized within one admin.

Flattening the curve of the spread of the coronavirus is crucial to limiting potentially dire effects of the pandemic. Working from home is the right thing to do for those for whom it is possible. But, as the NSA directive makes clear, protecting our collaborations is also vital.With PreVeil, your enterprise can quickly transition to remote work without sacrificing the security you need to minimize business risk and continue the important work you do.Read our updated Work from Home whitepaper to learn more.

Download the whitepaper

The post NSA guidance to teleworkers: rely on end-to-end encryption appeared first on PreVeil.

Recent Articles By Author

*** This is a Security Bloggers Network syndicated blog from Blog PreVeil authored by Orlee Berlove. Read the original post at: https://www.preveil.com/blog/nsa-guidance-to-teleworkers-rely-on-end-to-end-encryption/

Here is the original post:
NSA guidance to teleworkers: rely on end-to-end encryption - Security Boulevard

Rising Demand for Cloud Encryption Market during 2020-2027 Profiling Leading Players

Cloud Encryption Market analysis on global market is a thorough study that offers a select combination of skillful market realities. The study shows changing market trends as well as the size of individual segments in this market. This report mentions various top players involved in this market. Analysis of the Global Cloud Encryption Market begins with a market-based outline and underlines the current information on the global market, complemented by data on the current situation.

Global Cloud Encryption Market report is a comprehensive study of the global market and has been recently added by QYReports to its extensive database. Augmented demand for the global market has been increased in the last few years. This informative research report has been scrutinized by using primary and secondary research. The Global Cloud Encryption Market is a valuable source of reliable data including data of the current market.

Ask for Sample Copy of This Report: https://www.qyreports.com/request-sample/?report-id=92231

Top Key Players Profiled in This Report: Ciphercloud, Gemalto N.V., Hytrust, Inc, International Business Machines Corporation, Netskope, Inc, Secomba GmbH, Skyhigh Networks, Sophos Group PLC, Symantec Corporation, Thales E-Security, Trend Micro Incorporated, Vaultive, Inc., TWD Industries AG, Parablu Inc.

The key questions answered in the report:

Across the globe, different regions such as North America, Latin America, Asia-Pacific, Europe, and Africa have been examined on the basis of productivity and manufacturing base. Researchers of this report throw light on different terminologies of the Global Cloud Encryption Market.

This research report represents a 360-degree overview of the competitive landscape of the Global Cloud Encryption Market. Furthermore, it offers massive data relating to the recent trends, technological advancements, tools, and methodologies. The research report analyzes the Global Cloud Encryption Market in a detailed and concise manner for better insights into the businesses.

The research study has taken the help of graphical presentation techniques such as info graphics, charts, tables, and pictures. It provides guidelines for both established players and new entrants in the Global Cloud Encryption Market.

The detailed elaboration of the Global Cloud Encryption Market has been provided by applying industry analysis techniques such as SWOT and Porters five-technique. Collectively, this research report offers a reliable evaluation of the global market to present the overall framework of businesses.

Get Discount on This Report: https://www.qyreports.com/ask-for-discount/?report-id=92231

Table of Contents:

Reasons for Buying this Report

This report provides pin-point analysis for changing competitive dynamics

It provides a forward looking perspective on different factors driving or restraining market growth

It provides a six-year forecast assessed on the basis of how the market is predicted to grow

It helps in understanding the key product segments and their future

It provides pin point analysis of changing competition dynamics and keeps you ahead of competitors

It helps in making informed business decisions by having complete insights of market and by making in-depth analysis of market segments

About Us:

We at QYReports(qyreports.com), a leading market research report publisher cater to more than 4,000 prestigious clients worldwide meeting their customized research requirements in terms of market data size and its application. Our list of customers include renouned Chinese companies multinational companies, SMEs and private equity firms.

our business study covers a market size of over 30 industries offering you accurate, in depth and reliable market insight, industry analysis and structure. QYReports specialize in forecasts needed for investing in an and execution of a new project globally and in Chinese markets.

Contact:

204, Professional Center,

7950 NW 53rd Street,

Miami, Florida 33166,

Phone number : +1-510-560-6005

[emailprotected]

https://www.qyreports.com/

Read more:
Cloud Encryption Market with (Covid-19) Impact Analysis: In-depth Analysis, Global Market Share, Top Trends, and Professional & Technical Industry...

Volterra, an innovator in distributed cloud services, announced the launch of VoltShare to radically simplify the process of securely encrypting confidential data end-to-end.

VoltShare is available as downloadable software (or an API and SDK) that operates locally on a laptop or mobile device to easily encrypt sensitive data for sharing with target recipients through email or existing collaboration platforms such as Slack, Teams, Dropbox, etc.

It is a simpler and more secure approach than traditional file sharing and encryption solutions since it does not require sending passwords or managing complex public-key cryptography.

The dramatic rise in remote work is here to stay for the long term. With so many employees working at home, its more important than ever that they can securely share data and leverage the leading collaboration platforms without having to worry about their data being compromised, said Manish Mehta, Chief Security Architect at Volterra.

Unfortunately, this market has been stagnant, with organizations never moving beyond the use of passwords and public keys. By eliminating them both, VoltShare provides the safest method for end-to-end encryption in a way thats very simple for end users to adopt.

File and data encryption is normally performed using one of two traditional workflows and technologies. The most common approach is a sender encrypts information using a high-strength algorithm and generates a unique password for decryption by the recipient.

This creates a key security gap as now the password must be securely shared with the same recipient as the encrypted data, which usually is not possible in a secure manner. As a result, the password is often sent via a second email or other communication.

A more secure, but much more complicated, method is to use an enterprise-grade encryption technology like PGP or other public-key cryptography along with complex enterprise vaults.

This workflow is both complex and costly to implement and operate, and thus is only used by larger organizations with significant IT and security resources. It also lacks the ability to create custom security policy attributes like a deadline after which the data cannot be decrypted.

Volterras VoltShare provides end users and organizations of all sizes with a simple and highly secure workflow for sharing their confidential data using our patent-pending end-to-end encryption technology with built-in policy controls. End users simply:

When the target recipients receive the encrypted data, they simply have to decrypt the data using VoltShare. Assuming they are using the email address specified by the sender and are within the specified timeframe, the data automatically decrypts.

In contrast to traditional encryption techniques for data sharing, VoltShare doesnt create or send any passwords. Nor does it burden the enterprise with the cost and complexity of deploying public-key cryptography for signing, encrypting and decrypting data.

VoltShare complements a wide range of collaboration tools and platforms like Slack, Teams, Box and Dropbox by adding an additional layer of encryption and protection for stored and shared data. If the collaboration platform were ever breached, the content protected by VoltShare would not be readable by the perpetrator.

VoltShare is available as a free software download for base users and a paid enterprise subscription for increased security and compliance.

The VoltShare enterprise subscription provides an expanded set of control and reporting capabilities including full integration with single sign-on (SSO) systems, the ability to override policies, audit logs and real-time alerting.

The enterprise edition also provides enterprises with the ability to build end-to-end encryption in their own applications using VoltShares SDK and APIs.

Both versions provide the same easy-to-use workflow that dont use passwords or public keys.

Read more:
Volterra launches VoltShare to simplify the process of securely encrypting confidential data end-to-end - Help Net Security

Cary Wright, vice-president of product management at Endace, discusses the barrier for network security that is encryption

Encryption has its drawbacks as well as benefits when it comes to securing network data.

While we want encryption because it protects data as it travels across networks, encryption is actually a significant obstacle to strong network security, and we are living in a world of encryption. The most recent Google transparency report shows that 94% of its traffic is now encrypted, while the 2019 Mary Meeker Internet Trends report shows that 87% of global web traffic is now encrypted. This is significant and good for data privacy since its now very difficult or near impossible for an outsider to snoop in on our communications.

However, security teams need to see into data-in-flight in order to analyse it and look for potential threats. There is no doubt that encryption improves privacy, but it does so at the risk of making it easy for attackers to hide their activity inside encrypted conversations.

For robust security, you need to be able to analyse full packet data unencrypted. If organisations cant see exactly whats going inside their networks, it seriously limits their ability to detect and act upon threats. With access to decrypted packet contents, security teams can detect and investigate a range of important events, such as an executed vulnerability, malicious payload delivery, or data exfiltration. Without decryption, security teams remain blind to critical security threats such as these, rendering threat detection and investigation near impossible.

If traffic can be decrypted on-demand, and in a safe and secure environment with access restricted to only the tools and individuals that need it, organisations are much more secure and able to respond to and investigate threats. But decryption done poorly becomes a security and privacy risk in itself, should the decrypted information get into the wrong hands. Organisations need to decrypt network traffic for robust security, but they need to do it in a way that does not compromise privacy or security of the data itself.

Before ephemeral key encryption, SecOps had an advantage if it controlled the network infrastructure. By owning or knowing the static private key held on each server, it was possible to passively tap and decrypt information for security analytics and packet capture. With TLS 1.1 and earlier, encryption is always done using static private keys residing on the server, and with access to the private key, network traffic can be decrypted either in real time or after the fact based on recorded traffic. However, if the private key becomes known by a threat actor, any traffic in the past, present and future can be decrypted.

In 2019 there have been an estimated six-and-a-half billion data breaches. A data-centric approach to security and homomorphic encryption is required to solve this problem and give companies the confidence to move to the cloud. Read here

This has changed completely with ephemeral key cryptography, which is optional in TLS 1.2 and mandatory in TLS 1.3. Now, every conversation between many clients and a server will each use a unique session key to encrypt the data for that session. This means that if a private session key is leaked, it only compromises one session, which is great for privacy. However, in making encryption stronger to better protect privacy, it means security teams can no longer passively tap and decrypt traffic to look for possible threats. The only way to decrypt traffic is to do so in real-time.

SecOps teams and the security tools they use need to be able to analyse traffic in decrypted form, both to detect possible threats and for forensic analysis such as quantifying a potential breach. This means having a reliable architecture for encrypting and decrypting traffic is key. Teams need to record a decrypted copy of the traffic and have the ability to go back in time to see the full extent of any threats that have been detected.

It is possible to decrypt traffic in real-time, but you must have the right architecture in place to enable this. The solution is to deploy a decryption solution (such as a Network Packet Broker with decryption capability) in-line with the traffic flow. These solutions act as man-in-the-middle or TLS proxy devices. Instead of a single TLS session between client and server, two TLS connections are made, one between the client and proxy, and another between the proxy and server. The proxy is responsible for maintaining strong encryption on both connections to protect privacy. Since the proxy also has access to all the decrypted traffic, this traffic can then be sent to analytics tools for real-time analysis and/or to packet capture appliances for recording, and safely storing, unencrypted traffic for post-event forensic analysis.

With this architecture in place, threats can no longer hide within encrypted traffic, and network security tools gain a newfound efficacy with the ability to see the vital clues and indicators of compromise (IoCs) that signal threats or potential breaches. And by recording the decrypted traffic, security analysts have access to the definitive evidence they need to analyse security threats and data breaches quickly, see exactly what happened, and respond appropriately. With strong TLS 1.3 encryption, data privacy is not compromised, ensuring that strong security can be achieved without impacting privacy or data security.

Charles Eagan, the CTO at BlackBerry, gives his impression of the cyber security market and what organisations can do to get ahead. Read here

This best practice approach will help you to re-gain visibility and security with fully integrated decryption, traffic analysis, and packet recording. By implementing reliable, tiered network monitoring to decrypt both TLS 1.3 with emphemeral keys and legacy encryption for both active inbound and outbound SSL traffic, you will have always-on full capture of decrypted traffic, giving full visibility of your network to detect all threats and maintain optimal network performance.

View post:
Network security in a world of encryption - Information Age

Encryption Key Management Market report is to help the user to understand the Coronavirus (COVID19) Impact analysis on market in terms of its Definition, Segmentation, Market Potential, Influential Trends, and the Challenges that the Encryption Key Management market is facing. The Encryption Key Management industry profile also contains descriptions of the leading topmost manufactures/players like (Thales Group, IBM, Egnyte, Google, Alibaba Cloud Computing, Box, Amazon, Ciphercloud, Unbound Tech, Keynexus) which including Capacity, Production, Price, Revenue, Cost, Gross, Gross Margin, Growth Rate, Import, Export, Market Share and Technological Developments. COVID-19 can affect the global economy in three main ways: by directly affecting Production and Demand, By Creating Supply Chain and Encryption Key Management Market Disruption, and by its financial impact on firms and financial markets.

Get Free Sample PDF (including COVID19 Impact Analysis, full TOC, Tables and Figures)of Encryption Key Management[emailprotected]https://www.researchmoz.us/enquiry.php?type=S&repid=2644661

Some of the Major Highlights of TOC covers in Encryption Key Management Market Report:Chapter 1: Methodology & Scope of Encryption Key Management Market; Chapter 2: Executive Summary of Encryption Key Management Market; Chapter 3: Encryption Key Management Industry Insights; Chapter 4: Encryption Key Management Market, By Region; Chapter 5: Company Profile; And Continue

Summary of Encryption Key Management Market:Since the COVID-19 virus outbreak in December 2019, the disease has spread to almost 100 countries around the globe with the World Health Organization declaring it a public health emergency. The global impacts of the coronavirus disease 2019 (COVID-19) are already starting to be felt, and will significantly affect the Encryption Key Management market in 2020. COVID-19 can affect the global economy in three main ways: by directly affecting production and demand, by creating supply chain and market disruption, and by its financial impact on firms and financial markets. The outbreak of COVID-19 has brought effects on many aspects, like flight cancellations; travel bans and quarantines; restaurants closed; all indoor events restricted; over forty countries state of emergency declared; massive slowing of the supply chain; stock market volatility; falling business confidence, growing panic among the population, and uncertainty about future. This report also analyses the impact of Coronavirus COVID-19 on the Encryption Key Management industry. Based on our recent survey, we have several different scenarios about the Encryption Key Management YoY growth rate for 2020. The probable scenario is expected to grow by a xx% in 2020 and the revenue will be xx in 2020 from US$ xx million in 2019. The market size of Encryption Key Management will reach xx in 2026, with a CAGR of xx% from 2020 to 2026. With industry-standard accuracy in analysis and high data integrity, the report makes a brilliant attempt to unveil key opportunities available in the global Encryption Key Management market to help players in achieving a strong market position. Buyers of the report can access verified and reliable market forecasts, including those for the overall size of the global Encryption Key Management market in terms of revenue.

On the basis on the end users/applications,this report focuses on the status and outlook for major applications/end users, shipments, revenue (Million USD), price, and market share and growth rate foreach application.

Enterprise Personal

On the basis of product type, this report displays the shipments, revenue (Million USD), price, and market share and growth rate of each type.

Folders/Files SaaS App

Do You Have Any Query Or Specific Requirement? Ask to Our Industry[emailprotected]https://www.researchmoz.us/enquiry.php?type=E&repid=2644661

Geographically, the report includes the research on production, consumption, revenue, Encryption Key Management market share and growth rate, and forecast (2020-2026) of the following regions:

Key Market Related Questions Addressed In The Report:

Important Information That Can Be Extracted From the Report:

Assessment of the COVID-19 impact on the growth of the Encryption Key Management market.

Successful market entry strategies formulated by emerging market players.

Pricing and marketing strategies adopted by established Encryption Key Management market players.

Country-wise assessment of the Encryption Key Management market in key regions.

Year-on-Year growth of each market segment over the forecast period.

To Get Discount of Encryption Key Management Market:https://www.researchmoz.us/enquiry.php?type=D&repid=2644661

Contact:

ResearchMozMr. Rohit Bhisey,Tel: +1-518-621-2074USA-Canada Toll Free: 866-997-4948Email:[emailprotected]

Browse More Reports Visit @https://www.mytradeinsight.blogspot.com/

Original post:
Encryption Key Management Market 2020-2026: Analysed By Business Growth, Development Factors, Applications, And Future Prospects - Jewish Life News

Previously, my colleague Tanya Forsheit wrote a cautionary tale, A Big Zooming Mess, about the Zoom video conferencing service whose rise in popularity also brought increased scrutiny of its privacy and data security practices. That scrutiny came not just from media outlets and consumers, but also from government agencies such as the New York Attorney General and New York City Department of Education. The entire FKKS Privacy and Data Security team even had a round-table discussion (over WebEx) to unpack all the issues (recording available here). Now, both the New York Attorney General and the New York City Department of Education announced that they reached coordinated but independent agreements with Zoom to address various privacy and security issues, and paving the way for NYC DOE educators to resume using Zoom for virtual classroom instruction. This post looks at the terms of the NY AG agreement and discusses some of its key takeaways.

With the caveat that Zoom is neither admitting nor denying any of the allegations, many of the issues that caused the NY AG to open an investigation appear to have been addressed, including Zooms disclosures regarding the Facebook SDK, its representations regarding encryption, and issues arising from Zoombombing and childrens use of the platform. The AG declined to commence a statutory proceeding, recognizing the unusual circumstances of the pandemic as well as the role that Zooms services have played in connecting people despite social distancing measures. The form of the agreement, a letter, as well as the absence of any civil penalty, suggests that the interest of the Attorney General here was to address quickly any privacy or security issues. That being said, Zoom isnt entirely out of the woods, as the agreement is voidable in the sole discretion of the NY AG if it comes to light that Zoom made any inaccurate or misleading statements in the course of the inquiry.

So what is Zoom actually agreeing to do? In substance, the agreement has Zoom committing to: general compliance obligations, a comprehensive information security program, additional security measures, privacy and privacy controls, protection of users from abuse, and audit and testing. The general compliance obligations require Zoom to comply with New York General Business Law 349 and 350, the Childrens Online Privacy Protection Act (COPPA), and New York Education laws and regulations.As a part of the security measures, Zoom has essentially agreed to the requirements of the SHIELD Act amendments to New Yorks General Business Law 899-bb, which became effective in late March. Accordingly, Zoom will continue to designate a head of information security, who will be responsible for overseeing the implementation of a comprehensive information security program and report to the CEO and Board of Directors periodically. The information security program will require organizational changes, including a security team that reports to the head of information security, a risk assessment identifying material internal and external risks to the security, confidentiality, and integrity of personal information, and controls designed to mitigate those risks.

Beyond those obligations that Zoom might otherwise incur under the SHIELD Act, the company has also agreed to encrypt personal information it stores in the cloud, as well as data transmitted over the Zoom app. Recall that Zoom publicly admitted that, despite representations that it used end-to-end encryption, its actual method of encryption was not what most people would consider end-to-end. Despite the apparent misrepresentation, the encryption obligations of the agreement dont explicitly commit Zoom to implementing end-to-end encryption. However, Zoom is committing to updating and upgrading its security and encryption as industry standards evolve, so its encryption practices may (have to) change over time. Zoom has also agreed to produce a SOC 2 report to the NY AG, and to continue to conduct pen tests of its systems, including at least one annual white box penetration test.

As to the Privacy and Privacy Controls provisions, much of the agreement seems aimed at addressing how Zoom is used among educational institutions, with Zoom committing to provide educational materials for consumers, K-12 students, and universities or other institutions, instructing those users how to enable Zooms privacy-enabling features. Zoom is obligated to maintain or implement some of the controls, including default password-protected meetings, limiting meetings to users with a specific email domain, and allowing hosts to limit participants. These controls are geared toward preventing Zoombombing incidents and therefore specifically tailored to Zoom.

Zoom voluntarily disabled the Facebook SDK prior to the agreement, and the agreement doesnt specifically address the SDK going forward (beyond the general obligation that Zoom not misrepresent its practices).

Though Zooms lack of a bug bounty program did not appear to be an issue leading up to the investigation, this agreement requires Zoom to implement one in order to facilitate external monitoring of the Zoom platform. To that end, Zoom has also agreed to create a portal for users, consumer advocates, and watchdog groups to submit complaints involving privacy and data security and to review any complaints within a reasonable time after receipt. Its common for technology companies to implement bug bounty programs, but no U.S. law actually requires it.

Several other attorneys general announced investigations into Zoom and the company may yet face further consequences. We will continue to monitor those developments.

Read this article:
Zoom Reaches Agreement with New York Attorney General to Resolve Privacy and Security Issues - Lexology

All plans will include new encryption protocols by the end of May

Steve Hill, Times StaffMay 17, 2020

Zoom Video Communications, Inc., added security measures to its basic (free) plan default settings May 9 in an effort to curtail gate-crashing of online conferences.

Passwords will now be required for Zoom sessions and waiting rooms will be automatically enabled for personal meeting IDs (user IDs), and use of screen sharing will be limited to the host by default.

Zoom CEO Eric Yuan told CNN on April 5 that during the COVID crisis the company grew too fast, but Zoom users connections were encrypted.

We should have enforced some passwords, waiting rooms and double-checked every sources settings, but over the past one or two weeks we already took action to fix those missteps, Yuan said.

According to an April 2 article in the Washington Post, Zooms recent dramatic growth revealed security flaws that could leave users computers exposed to breaches.

One of these security flaws led to the phenomenon of zoombombing where unwanted guests infiltrate an online Zoom meeting.

The zoombombers took over the screen and drew a swastika.

Lieutenant Gov. of Vermont candidate Brenda Siegel

These intruders expose users to benign interruptions such as advertisements and jokes, but there are also cases of racism, use of obscenities and pornographic images.

The most important thing is to make sure you send invitations only to people that you want to attend your class, said Frank Rosales, SJCC Helpdesk IT technician. Once a bomber gets that link, they have access to your session.

Brenda Siegel, who is running for lieutenant governor of Vermont, said in a Twitter video posted May 3 that she hoped Zoom would require registration and waiting rooms and restricted screen sharing.

On Wednesday our campaign went to a Lieutenant Governors Forum, and we were zoombombed, Siegel said. The zoombombers took over the screen and drew a swastika. As a Jewish woman, after that, that was all I could see.

Users at San Jose City College have also experienced zoombombing, although of a more benign nature than Siegels.

SJCC instructor Shelley Giacalone wrote in an email that she was cohosting a class via Zoom on April 22 with over 60 students logged in to the session at the time of the zoombombing.

During the last 20 minutes of an almost two-hour session, we heard a recorded male voice talking about some video we should watch, Giacalone said. We did not see anyone on video, just heard the advertisement.

Giacalone wrote that both instructors approved each participant for the session, but as they were co-hosting, they did not necessarily know their cohosts students names.

During the zoombombing incident, a student recommended that she mute everyone in the session so they would not hear the voice anymore, and that solved the problem.

If there was an instructor hosting a class meeting and they were zoombombed, they could also cancel that meeting and just send out another invitation, so basically start a new meeting, Rosales said. Its a lot more effort on the instructors now because they have to cancel that one and generate a new Zoom meeting.

The Intercept news site wrote in a March 31 article that a major security flaw is Zooms lack of end-to-end encryption, which video services such as FaceTime already employ.

Zoom claimed on its website to be using end-to-end encryption, but it was using transport encryption, or TLS, which is the same standard that many HTTPS sites use, according to the Intercept.

So when you have a Zoom meeting, the video and audio content will stay private from anyone spying on your Wi-Fi, but it wont stay private from the company, the Intercept wrote.

Zoom introduced version 5.0 of its software on April 27, nearly 45 days after the shelter-in-place order, to beef up its security. However, the upgrade is optional for current users until the end of May.

The new encryption protocol will now block Zoom from eavesdropping on any Zoom meetings.

After May 30, all Zoom clients on older versions (of Zoom) will receive a forced upgrade when trying to join meetings as GCM (Galois/counter mode) encryption will be fully enabled across the Zoom platform, according to the Zoom website.

An investigation into Zoom by the Connecticut attorney general is still ongoing, as is a lawsuit against the company by investors and shareholders who accuse Zoom of failing to disclose security flaws.

Read more:
Zoom to add security measures to its basic plan in attempt to prevent - City College Times

Google has officially adopted the next-gen RCS text messaging protocol - and you can get it on your phone right now. The company is currently pushing every single carrier to move to RCS from SMS a much-needed upgrade and that will have a significant impact on your texting, selfie-sending, and GIF-blasting going forward. Here's everything you need to know.

Its been a while since Google announced plans to push RCS adoption so that Android users could finally move on from the outdated SMS technology, but most users are stuck waiting for their mobile carriers to flip the switch at some point in 2020that is, unless you decide to take matters into your own hands and flip those switches yourself.

Read more

RCS (short for Rich Communication Services) is the next iteration of carrier text messaging technology, but its actually been around in one form or another since it was first proposed in 2007. The originally agreed-upon RCS standard, known as Universal Profile, included a number of enhancements over SMS messaging:

8,000 character limits per message (versus SMSs 160 limit)

Supports read receipts and displays when the other person is typing

Web-based chat and cross-platform message syncing

Uses WiFi and mobile data to send messages

Group chat

Native audio messaging support

End-to-end message encryption

While those features might look like standard offerings in todays most popular messaging apps, theyre a massive upgrade over SMS basically, bringing an iMessage-like service to the ancient format.

Unfortunately, adoption of RCS by mobile carriers, developers, and phone manufacturers hasnt really taken off due to the network and software updates required to implement it. Since RCS recently received an enthusiastic backing from Google mighty arbiter of Android OS, a phone manufacturer, and a service provider itself change is coming, but Googles version of RCS differs a bit from Universal Profile.

You may have seen Googles new text-messaging technology referred to as Chat. Despite the name sounding like a dedicated app, Chat is actually the RCS protocol developed by Google in cooperation with several other manufacturers and carriers. Its basically identical to Universal Profile, save for one major difference: Chat does not support end-to-end encryption (though messages sent through Universal Profile-based services/apps will be, provided users meet the requirements).

The lack of end-to-end encryption is a glaring omission, but its not that surprising. Google has been axing or repurposing its first-party messaging apps with encryption, including Allo and Hangouts, and instead suggesting that users migrate to the the Chat-based Android Messages app. Additionally, Android Messages will soon be the standard texting app on all Google phones and many other Android devices.

In order to send and receive RCS messages, all participants in the conversation must be using:

If either requirement is missing, your messages will be converted to SMS instead.

If you need to know whether your carrier supports RCS messaging or your favourite app we recommend bookmarking this handy guide that a number of Redditors from /r/UniversalProfile have been working on. Its a great way to see, at a glance, what you need to do to get RCS messaging working on your device/carrier/app combination (if it does).

Finally, a quick word on Apples RCS support. iOS cannot currently support RCS. However, iMessage includes many of the same features as RCS, but (obviously) only works when youre texting between Apple devices. Apple has recently signalled an interest in future RCS support, but the companys timeline for rolling it out (if it does) is anyones guess right now.

This article has been updated since its original publication.

Go here to see the original:
What's RCS Messaging And Why Should You Care? - Lifehacker Australia

Five tips to keep your WhatsApp chats safe and secure 

One of the most popular social messaging platforms right now, WhatsApp has over a billion number of users. The social messaging app is used even more during the times of quarantine and lockdowns. The app can be used to share information and connect with your families and loved ones. The social messaging app comes with a number of security features like end-to-end encryption, lock code, face unlock and more.

WhatsApp says, "WhatsApp's end-to-end encryption is available when you and the people you message use our app. Many messaging apps only encrypt messages between you and them, but WhatsApp's end-to-end encryption ensures only you and the person you're communicating with can read what is sent, and nobody in between, not even WhatsApp. This is because your messages are secured with a lock, and only the recipient and you have the special key needed to unlock and read them. For added protection, every message you send has its own unique lock and key. All of this happens automatically: no need to turn on settings or set up special secret chats to secure your messages."

WhatsApp Calling lets you talk to your friends and family, even if they're in another country. Just like your messages, WhatsApp calls are end-to-end encrypted so WhatsApp and third parties can't listen to them.

WhatsApp doesn't store your messages on their servers once they are delivered and end-to-end encryption means that WhatsApp and third parties can't read them anyway.

Security Code Change Notification

Each of your chats has its own security code used to verify that your calls and the messages you send to that chat are end-to-end encrypted. This code can be found in the contact info screen, both as a QR code and a 60-digit number. These codes are unique to each chat and can be compared between people in each chat to verify that the messages you send to the chat are end-to-end encrypted. Security codes are just visible versions of the special key shared between you - and don't worry, it's not the actual key itself, that's always kept secret.

At times, the security codes used in end-to-end encryption might change. This is likely because you or your contact reinstalled WhatsApp or changed phones.

Fingerprint lock

As an additional privacy measure, you can prompt fingerprint lock when you open WhatsApp on your phone. When this is enabled, you'll have to use your fingerprint to access the app.

Two-factor authentication

Two-step verification is an optional feature that adds more security to your account. When you have two-step verification enabled, any attempt to verify your phone number on WhatsApp must be accompanied by the six-digit PIN that you created using this feature.

Hide Last Seen

By default, WhatsApp allows any WhatsApp user to see your read receipts, last seen, about, and profile photo. To change these settings, you can simply go to More Options which is a horizontal triple dot, Settings > Account > Privacy.

Suspicious Links

On WhatsApp, there are a number of links which you receive in a chat which may flash a suspicious link indicator. This indicator may appear when a link contains a combination of characters that is considered unusual. Spammers may use these character combinations to trick you into tapping on links that appear to go to a legitimate website, but actually take you to a malicious site.

When receiving links, carefully review the content of the message. If a link is marked suspicious, you can tap the link and a pop-up message will appear, highlighting the unusual characters within the link. Then you can choose to open the link or go back to the chat.

Read this article:
WhatsApp security features: Five tips to keep your WhatsApp chats safe and secure - Times Now

When we talk about secure messaging apps, the names that sound louder are Signal, Telegram, and WhatsApp. Today we face them face to face to see what is the safest messaging application for Android.

Therefore, we will leave in the background design, functionalities, number of users, and other important factors when comparing messaging applications to focus solely on the security and privacy of these three applications. Which will be the best stop?

The first thing you should consider when installing an application if you are concerned about your privacy is the permissions they require althoughit is true that this has changed a lot since Marshmallow and its permissions at runtime arrived. With them, the permissions are only asked if they are necessary, and you are free not to grant them if you dont want to use that function.

Telegram and WhatsApp have almost the same permissions except that of access to SMS (used for account verification), which is no longer necessary in Telegram but is still present in WhatsApp. Signal has the same Telegram permissions but adds one more: the calendar one. This permission is used to share your calendar events with other people in Signal.

All three apps make reasonable use of permissions

All three applications make reasonable use of permissions, asking for them only when necessary. Thus, you only need to grant the camera permission to send photos, or the storage permission to send files and photos saved on the mobile. In this regard, all applications behave the same.

Where there are some differences are in what permissions are really necessary for the basic use of the application. Telegram insists enough during the initial setup to grant you access to the call log, though you can use it without granting single permission. The same with Signal: your life will be easier if you add permission to contacts, although technically you can do it without them, adding by username in Telegram or by phone number in Signal.

WhatsApp is the only one that forces you to grant access permission to contacts. Without it, you cant start a conversation with the app on its own, although you could use this method to talk to someone with their phone number. In summary, the three applications handle permissions with sanity, although WhatsApp makes it a little more difficult for you. Point for Telegram and Signal.

Before worrying about what happens to your data in transit from your mobile to the receiver (i.e. encryption), you should also take into account the security of your data on the phone itself. What if someone has physical access, even if momentary, to your phone?

I am sure that if you are concerned about the privacy of your data you will have established an unlock protection for your mobile, but perhaps Smart Unlock or other technology relaxes security. If a person has access to your phone, can they read your chats from Telegram, WhatsApp, and Signal?

Fortunately, all three applications include a native function for protecting chats from outside eyes, after WhatsApp added fingerprint protection. In none of the cases, the protection comes active from home, but it is you who must activate it from the settings.

There are some differences between the available options, however. Signal uses the Android lock and can be activated automatically after a period of time, while on Telegram you have a little more control, being able to use a PIN or password and block the application at any time with the padlock icon. WhatsApp has the protection with fewer options since it can only be through a fingerprint. More options, more points. Point for Telegram.

All three applications use end-to-end encryption (WhatsApp is signed by the creators of Signal, to be exact) although I already anticipate that Telegram will not take any point in this section. Not because your home-cooked MTProto encryption is insecure, but because not activated in all chats by default (normal chats are encrypted, but not end-to-end).

While WhatsApp and Signal use end-to-end encryption for all communications, in Telegram it is only used in secret chats, which add other extra security features like protection against screenshots and self-destructing messages.

Without secret chats, Telegram continues to encrypt messages between the client and cloud and there is only evidence of a vulnerability in the implementation, which dates from 2013. Although the experts are not very enthusiastic about the fact that Telegram uses its own implementation, on paper, it seems that in terms of security it has everything tied and well tied.

However, it is obvious that those who care about their safety prefer that encryption occurs entirely on the sender and receiver, without servers in between. Although all three applications can potentially do it, only WhatsApp and Signal do it in a transparent way for the user, who should not take any additional steps.

For example,someone calls a pizzeria and orders a pizza, whoever listens to the conversation will know what has happened, but the same can also be deduced through metadata. This person called this phone that belongs to a pizzeria at lunchtime he will have ordered a pizza. Something similar happens with our conversations.With encryption, nobody can read your messages, but they can know who you are talking to and from where, by the metadata

WhatsApp collects a good amount of metadata of your users such as IP addresses, dates of use, phone and model, network operator, phone number, unique device identifier, location, and contacts. By crossing this information, even without being able to read the content of the messages, you can make pretty rough assumptions about who youre talking to and in some cases what.

Telegram It is based on the cloud so technically all your messages, photos, and files sent in non-private conversations are stored (encrypted, yes) on their servers, although in terms of metadata it is not very clear what other data they collect besides your contacts, devices and IP addresses. These data are stored for a maximum period of one year.

The signal is the only app on our list that minimizes metadata that saves. It only archives the last time you connected (the day, not even the time) and the phone number of your account. So, point for Signal.

Now that we have covered the most important thing is time to assess the additional merits of each of the applications. Do they have added functions for improving your privacy and security that others do not have?

In the case of WhatsApp, the most relevant are the privacy options with which you can hide profile picture, connection time, info, and status of some or all people, who can add you to groups and verification in two steps. There really isnt much else to catch the attention of privacy lovers.

Signal it does not let you choose who can see your name and profile photo (it is shown to all the contacts you have in your account) but otherwise, it also includes two-step verification (call here with more success) Registration lock PIN), self-destructing messages, notifications without messages, incognito keyboard and blocking (optional) against screenshots.

Signal adds to this the possibility of masking your IP address in calls and the self-deletion of old messages after exceeding a certain amount. With the advantage that all of the above is available in all conversations.

Considering that Signal was born as a secure messaging app, it should come as no surprise to anyone that it brings quite a few privacy options as standard. It has some more than Telegram, although in exchange Telegram gives you more control over who can and cannot contact you or see your information. The last point is shared for Signal and Telegram.

We have reached the end of the comparison and the time has come to count the votes. In case you dont feel like going back over your steps to add up the points of each application, here is a summary table.

WhatsApp

Telegram

Signal

So that, Signal is the best messaging application in terms of privacy and security, scoring a point against WhatsApp and Telegram on practically all the fronts that we have analyzed previously. The only thing he doesnt take home about is access protection that, although it has it, it is not as complete as that of Telegram.

WhatsApp only excels in encryption, at a point that it shares with Signal as it is powered by the same Open Whisper encryption. By last, Telegram is in the second position with three points thanks to its padlock to protect chats, the precision of its privacy options, and the fact that you can technically use it without granting single permission.

WhatsApp

Telegram

Signal

View post:
What is the safest messaging app? - Asap Land