By Crime and Justice News | 9 hours ago

A Justice Department official hinted that a yearslong fight over encrypted communications could become part of a sweeping investigation of big tech companies, reports the New York Times. A speech Monday by Deputy Attorney General Jeffrey Rosen pointed toward heightened interest in end-to-end encryption, which makes it nearly impossible for law enforcement and spy agencies to get access to peoples digital communications. Law enforcement and technologists have been arguing over encryption for more than two decades. Privacy advocates and tech bosses like Apple chief executive Timothy Cook believe people should be able to have online communications free of snooping. Law enforcement and some lawmakers believe tough encryption makes it impossible to track child predators, terrorists and other criminals.

Attorney General William Barr, joined by his British and Australian counterparts, have pressed Facebook chief executive Mark Zuckerberg to abandon plans to embed end-to-end encryption in services like Messenger and Instagram. Companies should not deliberately design their systems to preclude any form of access to content even for preventing or investigating the most serious crimes, Barr said. End-to-end encryption scrambles messages so they can be deciphered only by the sender and the intended recipient. Last year, Australia enacted a law requiring technology companies to provide law enforcement and security agencies with access to encrypted communications. The measure allowed the government to get a court order allowing it to secretly order technology companies to re-engineer software and hardware so that it can be used to spy on users.

Read more:
DOJ Hints At Probe of Big Tech on Encryption - Crime Report

By: Jonathan Gross

Last week, Jacob Tullos released the first major collection of tunes since taking theMoniker project solo.

Returning to his home label of Saturate Records, which has treated the duo well since shortly after its inception, Tullos releasesThe Encryption EP, a collection of five originals with four remixes from HUMORME, JuJu Beats, DRANQ, and Message North.

Moniker returns to its west coast bass roots with some thumping beats on Permaban and Encryption. Fans get a different look on Flight, which demonstrates Tullos' ability to craft a truly beautiful and haunting piece of music. Forever and Never and Corruption return to the bouncy and glitchy sound we're used to from Moniker, and each subsequent remixer takes the tracks to new heights.

Tullos has been in the midwest of a widespread west coast tour over the past couple of weeks. Encryption Tour has been a jointly promoted effort between Saturate and Sleeveless Records, another supporter of Moniker and frequent collaborator.We love it when labels play nice with one another. You can catchMoniker on his final dates of the tour tonight in San Francisco at Soundpieces at The Monarch, or this Saturday in South Lake Tahoe at So Much Fam.

It's a new era for Jacob Tullos and the Moniker project, but the fan response has been enough to let us know that they're here for this new chapter, and you bet your ass we are, too.

Moniker - The Encryption EP [Saturate Records]

See the rest here:
Moniker makes a statement with The Encryption EP - The Untz

Attorney General William Barr and his Australian and British counterparts made headlines recently when they wrote an open letter urging Facebook to create backdoors in its encryption. Not content with open letters, the FBI has drafted a resolution for Interpol to release urging companies to create methods that would allow access to encrypted data.

Sources told Reuters the resolution would be released without a formal vote by representatives of the roughly 60 countries in attendance. A draft of the resolution seen by Reuters uses the threat of child exploitation as the reason behind the need for weakened encryption.

Service providers, application developers and device manufacturers are developing and deploying products and services with encryption which effectively conceals sexual exploitation of children occurring on their platforms.

Tech companies should include mechanisms in the design of their encrypted products and services whereby governments, acting with appropriate legal authority, can obtain access to data in a readable and useable format.

According to Nicole Perloth at the New York Times, however Interpol is denying the resolution was ever considered:

There is no doubt the resolution was drafted, with both Reuters and Ars Technica having seen a copy of it. The only question is whether Reuters sources about Interpols intentions were incorrect, or whether Interpol is attempting to backpedal after the news broke.

Either way, its another disturbing escalation of attempts to weaken end-to-end encryption. The draft resolution itself is misleading in nature. Ars reports the resolution claims technologists agree that creating systems that [allow] for lawful access to data, while maintaining customer privacycan be implemented in a way that would enhance privacy while maintaining strong cyber security.

In point of fact, nothing could be further from the truth. As previously highlighted, mathematicians, cryptologist and privacy experts all agree there is no silver bullet. It is simple maththere is no way for encryption to be strong and protect its users, while simultaneously having backdoors or other means for companies or governments to access the encrypted data.

If Interpol could be persuaded to condemn strong encryption, it would make it easier for countries around the world to pass laws requiring companies to create backdoors. Such a result would be disastrous for journalists, whistleblowers, political dissidents, refugees and anyone else who values their privacy.

Read more here:
FBI Recruits Interpol to Condemn End-to-End Encryption - WebProNews

SAN FRANCISCO, Nov. 19, 2019 /PRNewswire/ -- Corelight, provider of the most powerful network traffic analysis (NTA) solutions for cybersecurity, today launched the Corelight Encrypted Traffic Collection (ETC) empowering threat hunters and security analysts with rich and actionable insights for encrypted traffic.

"As the use of encryption continues to rise, defenders need some light in the darkness to separate legitimate behavior from malicious activity when decryption is not an option," said Brian Dye, chief product officer for Corelight. "This is not simply about detections, this is about a layering of data and insights that our customers need to access in order to make critical security decisions."

Corelight's ETC expands defenders' incident response, threat hunting and forensics capabilities in encrypted environments by generating insights around SSH and TLS traffic that indicate potential security risk. The collection contains numerous packages developed by Corelight's Research Team as well as curated packages from the open-source Zeek community.

This collection builds on Zeek's already extensive capabilities for analyzing encrypted traffic, such as certificate metadata, JA3/HASSH fingerprints, and dedicated SSL/x.509 logs. Features, and the relevant MITRE ATT&CK category each covers, include:

"The Corelight Encrypted Traffic Collection originated through deep customer partnerships that have allowed us access to real world network environments," said Dr. Vern Paxson, creator of Zeek and co-founder of Corelight. "With this data, we can now offer a collection of insights that will help to better inform our customers on the right steps to take in their threat hunting and in their security incident response."

The Encrypted Traffic Collection is available in the Corelight version 18 update, which begins rolling out to customers today. This new version also includes a new sensor management interface (UI) that incorporates new features that make internal compliance reviews easier and accelerate troubleshooting. The new UI mirrors the interface used in the Corelight Fleet Manager product for multi-sensor environments, making retraining unnecessary as a customer's sensor footprint grows.

The company also released a new version of Corelight App for Splunk to better facilitate network-based threat hunting in Splunk. The free app analyzes Corelight logs to surface leading indicators of security risk across dozens of protocols such as DNS and SSL and aggregate Zeek notices and intel hits in a central dashboard.

Today's launch also extends Corelight Cloud Sensor support to Microsoft Azure environments. Similar to the Corelight Cloud Sensor for AWS launched earlier this year, Corelight's new sensor transforms Microsoft Azure cloud traffic into high-fidelity data for incident response, intrusion detection, forensics and more. It parses dozens of network protocols and generates a much richer, more actionable picture of Azure traffic than low-fidelity flow logs, accelerating security analysts' ability to make sense of traffic and respond to attacks.

"Whether with Microsoft's upcoming Azure Virtual network TAP or agent-based packet brokers, the Corelight Cloud Sensor for Microsoft Azure brings a common data format across all customer environments, whether they are operating with on-prem, virtual or cloud networks," said Dye. "This enables security teams to use a consistent downstream analytics stack and find attackers regardless of environment."

Availability

Corelight software version 18 is now available to customers. More information on each of today's enhancements can be found in the product section of Corelight's website.

The Corelight Research Team has issued a blog post with more details on the technical benefits of the Corelight Encrypted Traffic Collection.

The new Corelight for Splunk app is now available to customers via Splunkbase. More information about the new Corelight for Splunk App is available on the Corelight blog.

About Corelight

Corelight makes powerful network traffic analysis (NTA) solutions that transform network traffic into rich logs, extracted files, and security insights for more effective incident response, threat hunting, and forensics. Corelight Sensors run on Zeek (formerly called "Bro"), the open-source network security monitoring tool used by thousands of organizations. Corelight Sensors simplify Zeek deployment and expand its performance and capabilities. Corelight's global customers include Fortune 500 companies, major government agencies, and large research universities. Corelight is based in San Francisco, Calif. For more information, visit https://www.corelight.com or follow @corelight_inc.

SOURCE Corelight

https://www.corelight.com/

Read more here:
Corelight Expands Threat Hunting Capabilities with New Encrypted Traffic Insights - PRNewswire

The report IoT Security Solution for Encryption recently added to researchunt.com provides a new perspective into the components and workings of the global IoT Security Solution for Encryption market on global as well as regional levels. The report serving as an invaluable source of guidance for readers covers an analysis overview of the industry chain of the global IoT Security Solution for Encryptionand discusses key elements associated with it, including consumers, leading raw material suppliers of the manufacturing department.

Order a copy of sample report @researchunt.com/report/global-iot-security-solution-for-encryption-market-size-status-and-forecast-2019-2025/#Free-Sample-Report

This research report categorized the global IoT Security Solution for Encryption market by players/brands/regions type application. This report also studies the global market status, completion landscape, market share, growth rate, future trends, and sales channels.

The various contributors involved in the value chain of IoT Security Solution for Encryption include manufacturers, suppliers and customers.

Read Detailed Index of full Research Study at @ https://researchunt.com/report/global-iot-security-solution-for-encryption-market-size-status-and-forecast-2019-2025/

The key manufacturing in the IoT Security Solution for Encryption:-

Market size split by type:-

Market size split by application:-

Market size split by regions:-

The studies objectives of the report are:

The studies analyze the global IoT Security Solution for Encryption size by company, key, regions, countries product, applications. History data from 2013 to 2017.

To understand the structure of IoT Security Solution for Encryption by identifying its various subsegments to share detailed information about the key factors and growth of the markets.

Focus on the key markets IoT Security Solution for Encryption to define, describe and analyze the sales market volume, value, market share, and developments plan in the next few years.

The reports include the estimation of the market size of value and volume. Both top-down and bottom-up approaches have been used to estimates and validate the market size of IoT Security Solution for Encryption key plan in the market have been identifying through 2nd research and their market shares have been determined through primary and secondary research. All the percentage share, splits, and breakdown have been determined using secondary source-verified primary sources.

Check here for the [emailprotected] https://researchunt.com/report/global-iot-security-solution-for-encryption-market-size-status-and-forecast-2019-2025/#Buying-Enquiry

Customization of the Report:This report can be customized to meet the clients requirements. Please connect with our sales team ([emailprotected]), who will ensure that you get a report that suits your needs.

See the article here:
IoT Security Solution for Encryption Market Size, Growth, Analysis Of Key- players Types And Application, Outlook 2025 - VaporBlash

Microsoft Windows 10 will natively and intrinsically support DNS over HTTPS protocol. It is an important privacy protection methodology, which makes it near impossible for even Internet Service Providers (ISP) to monitor internet traffic. DNS over HTTPS is an intensely contested technology, but is being increasingly taken into consideration by Google, and is already existent in the Mozilla Firefox web browser.

Microsoft appears to have taken a rather big pro-privacy and consumer rights issue. The companys latest operating system, Windows 10, would soon have one of the biggest internet privacy technologies. The hotly debated DNS Over HTTPS encryption methodology successfully encrypts, hides or obfuscates internet traffic in such a way that even the last-mile internet connectivity provider cannot snoop on the internet traffic. Google is currently testing the same for its Chrome web browser, while Mozilla has already implemented the same within the Firefox web browser.

DNS Over HTTPS is a rather new technology that is quickly emerging as one of the most important last-mile defensive techniques to protect the privacy of internet users. Technical jargon aside, the privacy technology effectively encrypts DNS connections and hides them in the common HTTPS traffic. Simply put, the DNS request made by internet users too is relayed or transmitted through the secure HTTPS protocol. DNS requests are basically any attempt by internet users to reach a website.

Despite significant improvements in online security and privacy, DNS requests are still sent over plaintext UDP connections. This means the ISPs can easily monitor internet traffic and deploy multiple techniques to either block traffic or monitor the websites visited by users. The data relayed over the internet is significantly encrypted as the majority of websites are quickly opting for HTTPS over traditional and less secure HTTP protocol. Hence it makes perfect sense that even the initial DNS request be made over the same highly secure HTTPS standard.

DNS over HTTPS is different from a VPN. Firefox web browser users can set Cloudflare as their DNS over HTTPS provider. Currently, only companies that offer a legally binding DNS resolver policy which stipulates a limit on their data use and retention policies, are able to join the list. On the other hand, users can disable or not activate DoH in Firefox to handle situations such as enterprise split-horizon DNS where a domain resolves differently depending on where the query originates from.

The DNS over HTTPS protocol (IETF RFC8484) can be built directly into apps. In other words, each application can choose to deploy its own DNS resolvers rather than depend on the operating system. But with Microsoft embedding the encryption methodology directly into Windows 10, any and all applications and web browsers installed on the PC should gain the ability to mask or encrypt DNS requests.

Given the nature and abilities of DNS over HTTPS protocol to completely obfuscate online behavior and data, it has come under heavy scrutiny and resistance from ISPs and security services. Many from the legal community claim the protocol could be used to bypass filtering obligations and parental controls, thereby impeding safety standards and possibly, investigations. It is quite likely that DNS over HTTPS could be extensively used by criminals or even everyday users to visit banned or censored websites.

Despite the controversy, Microsoft has indicated that they will be doing the hard work themselves and building the technology directly into Windows 10.Speaking about the same, Windows Core Networking engineers Tommy Jensen, Ivan Pasho, and Gabriel Montenegro said DoH in Windows will close one of the last remaining plain-text domain name transmissions in common web traffic. Microsoft added that it was worth the price [of courting controversy], saying it has to treat privacy as a human right and has to have end to end cybersecurity built into products.

Owing to the very nature of the encryption technology, and its abilities, it will be interesting to see how Microsoft moves ahead to implement DNS over HTTPS within Windows 10. The company has been making some rather interesting choices lately, and this is certainly one of them.

Original post:
Microsoft Windows 10 To Natively Support DNS Over HTTPS Encryption And Obfuscation Technique Making Internet Traffic Monitoring Near Impossible -...

The National Security Agency (NSA) published an advisory that addresses the risks behind Transport Layer Security Inspection (TLSI) and provides mitigation measures for weakened security in organizations that use TLSI products.

TLSI(akaTLS break and inspect) is the process through which enterprises can inspect encrypted traffic with the help of a dedicated product such as a proxy device, a firewall, intrusion detection orprevention systems (IDS/IPS)that can decrypt and re-encrypt traffic encrypted with TLS.

While some enterprises use this technique for monitoring potential threats such as data exfiltration, active command and control (C2) communication channels, or malware delivery via encrypted traffic, this will also introduce risks.

Enterprise TLSI products that don't properly validatetransport layer security (TLS) certificates, for instance, will weaken the end-to-end protection provided by the TLS encryption to the end-users, drastically increasingthe likelihood that threat actors will target them in man-in-the-middle attack (MiTMP) attacks.

The use of a not properly functioning forwardproxy with TLSI capabilities can lead to unexpected consequences such as rerouting decrypted network traffic to an external network, traffic that can be intercepted by third party inspection devices that can get unauthorized access to sensitive data.

"Deploying firewalls and monitoring network traffic flow on all network interfaces to the forward proxy helps protect a TLSI implementation from potential exploits," the NSA says.

"Implementing analytics on the logs helps ensure the system is operating as expected. Both also help detect intentional and unintentional abuse by security administrators as well as misrouted traffic."

When it's essential to use a TLSI product, the NSA recommends independently validated products that can properly implement data flow, TLS, and CA functions.

Moreover,products validated by the National Information Assurance Partnership (NIAP) "and configured according to the vendors instructions used during validation" should meet the requirements.

Since TLSI will take place in real-time and, to work, TLSI products have to manage two separate TLS connections, this could and will, in most cases, lead to TLS chaining issues that cause TLS protection downgrade problems, eventually leading to potential exploitation of weaker cipher suites and TLS versions.

TLSI forward proxy devices also come with a built-incertification authority (CA) function used for creating and signing new certificates, an embedded and trusted CA that could be used by bad actors "to sign malicious code to bypass host IDS/IPSs or to deploy malicious services that impersonate legitimate enterprise services to the hosts" upon a successful attack.

Attackers could also directly exploit the TLSI devices where the traffic is decrypted thus gaining access to plaintext traffic, while an insider threat such as anauthorized security admin "could abuse their access to capture passwords or other sensitive data visible in the decrypted traffic."

"To minimize the risks described above, breaking and inspecting TLS traffic should only be conducted once within the enterprise network," the NSA advisory adds.

"Redundant TLSI, wherein a client-server traffic flow is decrypted, inspected, and re-encrypted by one forward proxy and is then forwarded to a second forward proxy for more of the same, should not be performed."

More measures to mitigate risks stemming from the use of TLSI devices in an enterprise network are provided by the NSA as part of its security advisory on Managing risk from Transport Layer Security Inspection[PDF].

"The mitigations described above can reduce the risks introduced by a TLSI capability, provide indicators that alert administrators if the TLSI implementation may have been exploited, and minimize unintended blocking of legitimate network activity," the NSA adds.

"In this way, security administrators can successfully add TLSI to their arsenal and continue to step up their methods to combat todays adversaries and TTPs."

The Cybersecurity and Infrastructure Security Agency (CISA) also issued an alert onrisks associated with HTTPS inspection in March 2017, stating that "in general, organizations considering the use of HTTPS inspection should carefully consider the pros and cons of such products before implementing."

"Organizations should also take other steps to secure end-to-end communications, as presented in US-CERT Alert TA15-120A" onsecuring end-to-end communicationsCISA says.

A list of potentially affected software used for TLSIcompiled by CERT/CC vulnerability analystWill Dormann is available herewhilea simple tool for checking if aTLSI productis correctly verifying certificate chains can be found atbadssl.com.

Originally posted here:
NSA Publishes Advisory Addressing Encrypted Traffic Inspection Risks - BleepingComputer

Add to favorites

Providing encrypted DNS support without breaking existing Windows device admin configuration wont be easy

Microsoft is set to start offering encrypted DNS resolution services (DNS-over-HTTPS, or DoH) joining Cloudflare and Google in introducing the service, which has drawn public policy maker ire for obfuscating/securing end-user traffic.

DoH encrypts DNS traffic and requires authentication of the server. As the Internet Engineering Task Force (IETF) notes, this mitigates both passive surveillance and active attacks that attempt to divert DNS traffic to rogue servers.

We are making plans to adopt DNS over HTTPS (or DoH) in the Windows DNS client, Microsoft said on Sunday. As a platform, Windows Core Networking seeks to enable users to use whatever protocols they need, so were open to having other options such as DNS over TLS (DoT) in the future. For now, were prioritizing DoH support as the most likely to provide immediate value to everyone.

The company did not specify when the service will be available.

We believe Windows adoption of encrypted DNS will help make the overall Internet ecosystem healthier, the company added in a networking blog.

The move comes six months after the Sunday Times reported that British government figures were in crisis talks over plans for the broad rollout of the technology by the leading DNS resolution service providers, which problematises the bulk surveillance allowed by the 2016 Snoopers Charter, or Investigatory Powers Act, which requires ISPs to store their customers internet activity for 12 months.

Mozilla said in September that its Firefox browser would start defaulting to Cloudflares DoH service, although initially just in a small-scale pilot.

Currently, even if users are visiting a site using HTTPS, their DNS query is sent over an unencrypted connection: anyone listening to packets on the network knows which website an internet user is attempting visit.

In the UK, this includes all internet service providers (ISPs).

Microsoft said: Well start with a simple change: use DoH for DNS servers Windows is already configured to use. There are now several public DNS servers that support DoH, and if a Windows user or device admin configures one of them today, Windows will just use classic DNS (without encryption) to that server.

However, since these servers and their DoH configurations are well known, Windows can automatically upgrade to DoH while using the same server the companys Tommy Jensen, Ivan Pashov, and Gabriel Montenegro said in a blog.

Microsoft will not be making any changes to which DNS server Windows was configured to use by the user or network they added.

Paul Gagliardi, Director of Threat Intelligence at SecurityScorecard told Computer Business Review in an earlier comment in response to Mozillas move: On one hand I dont want ISPs selling my internet behavior or censoring it, on the other it is currently hard to implement basic censoring. Ultimately, content (DNS in this case) cannot be secured/monitored without having the ability to observe it.

Just as companies/organizations inspect their HTTPS traffic, the same needs to happen with encrypted DNS/DoH. Decrypting DoH would be the exact same mechanism as observing HTTPS traffic, using a Man in the Middle proxy to decrypt traffic on the fly and implement security mechanisms. There are no shortage of commercial solutions for this, however, things get more complicated in BYOD environments.

He added: DoH forces the privacy vs security defense debate to be more localized. A company or organization can balance those decisions in their network differently than a private individual. Unfortunately for those organizations/companies, the ability to censor traffic is now more technical and requires more investment on their part. In short I think well see more HTTPS MiTM and prohibition of BYoD.

Microsofts networking team noted: Providing encrypted DNS support without breaking existing Windows device admin configuration wont be easy.

However, at Microsoft we believe that we have to treat privacy as a human right. We have to have end-to-end cybersecurity built into technology.

See the original post:
Microsoft Jumps on the DoH Train Company to Introduce Encrypted DNS - Computer Business Review