Heres what you need to know about the debate overend-to-end encryption

Its that time of the year when we grab ourpopcorn and witness another chapter in the age-old battle between governmentsand tech companies. Once again, governments are attacking tech companies forgiving criminals a safe place for their communication, while thecompanies say they are protecting privacy.

After Apple and WhatsApp, Facebook is the latest platform to make the headlines in the ongoing encryption debate end-to-end encryption to be precise. In an open letter addressed to Mark Zuckerberg, co-founder & CEO of Facebook, the governments of the U.S., U.K. and Australia have asked the social networking giant not to proceed with its plans to implement end-to-end encryption across Facebooks messaging services. And not only that, theyve also reaffirmed their request for a backdoor in the encryption of messaging services.

But before you form any opinions on this situation, its essential to know what end-to-end encryption is and what it does.

Lets hash it out.

Well get to end-to-end encryption in abit but before that, lets first understand what encryption is and what itdoes.

Consciously or unconsciously, we all sendand receive a lot of information when we use the internet through our devices.And some of this information is confidential (passwords, financial information,personal photographs, etc.) and could cause a lot of damage if someone stealsor tampers with it. So, how do we make sure that no one does that? Well, thisis where encryption comes in.

Encryption is the technique that turns ourdata into an undecipherable format so that no third party can read or alter it.Its what keeps us safe in the ocean of the internet.

Heres an example of a phrase of textthats been encrypted:

As you can see, theres no way to figureout what the encrypted text means unless, of course, you have the private keyto decrypt it.

Facebook Messenger already uses encryption just not end-to-end encryption. Normal encryption (a.k.a. link encryption)works like this:

Note that in this scenario, Facebookcontrols the encryption/decryption, and Facebook has access to the decryptedmessage.

Now, lets get to end-to-end encryption. Its precisely what it sounds like end-to-end encryption facilitates the type of encrypted communication that only the sender and receiver can read/see. No one in the middle including Facebook, the government, or another messaging service provider can read/decrypt messages being sent from one device to another.

In other words, the messages you send aredecrypted at the endpoint of the communication the device youre sendingmessages to. The server youre sending the data through (i.e. Facebook) wontbe able to decrypt or view your messages.

The distinction between the two is that while normal or link encryption encrypts the data, the server transmitting information between two devices has the ability to decrypt the encrypted data. End-to-end encryption, on the other hand, uses the server to transmit the data (how else would the data transfer take place?), but it doesnt allow the server to decrypt the data. Therefore, the server is just a medium that facilitates data transfer of encrypted information. Hence, WhatsApp or any other end-to-end encrypted app wont be able to read your information (even if they want to).

Security professionals and privacy experts largelysupport the idea of end-to-end encryption because it better protects your datafrom hackers and other parties who may want spy on you. When you allow the datatransmitter (the messaging service provider in this case) to decrypt yourmessages, youre leaving a significant potential security hole that could causeproblems if the server is compromised, hacked, or surveilled.

If the information is protected end to end,though, theres no point in intercepting information halfway down the line asits in an encrypted format. Thus, it protects the privacy of millions ofpeople and assures them that no one not even the messaging service itself could read their private information. For this reason, experts (includingorganizations such as the Electronic Frontier Foundation (EFF), the Center forDemocracy & Technology, and others) are advocating for the use ofend-to-end encryption in messaging apps.

The main argument against end-to-endencryption (and in favor of link encryption) is that end-to-end encryption createsa safe space for criminals to communicate where theres no thirdparty who can read and perform security checks on their messages. In otherwords, the technology thats supposed to protect the privacy of millions ofpeople and businesses protects the confidentiality of criminals as well.

Im not saying that Im in favor of thisargument, but it undeniably does hold some water. If the server was able to decryptthe data, we can have a system that would help in catching the bad guys. In thecase of end-to-end encryption, this option is gone. I dont know what othermotives they may have, but this is the argument that the governments of the U.S.,U.K., and Australia are using to do away with end-to-end encryption.

While the argument made by variousgovernments might make sense to a certain extent, theres always a questionmark regarding their full intentions. Do they care about the crimes that may behidden because of end-to-end encryption, or are they crying foul in order toserve a bigger agenda: having the power to easily spy on people?

So far, seeing the evidence thatsavailable to us, both seem likely to be true.

And its worth noting here that EdwardSnowden, the famous National Security Agency whistle-blower, previouslyrevealed that the intelligence services in the U.K. and U.S. had beenintercepting communications through various channels for many years on a massscale. So, where do you draw the line as far as governments interference isconcerned? Encryption can be used for good and for bad, but so cansurveillance!

If youve been following this entire encryption saga, you must have stumbled across the term backdoor.

Basically, a backdoor is a mathematical feature of the encryption key exchange that could decrypt the end-to-end encryption, and no one knows about this except the ones who made it (the messaging service). In popular words, its like a secret key. So when, lets say, a judge orders a warrant to hand over certain information in a decrypted format to the government, the messaging app (or the government agency) could use this backdoor to give your decrypted information to the government.

But, again, this comes with a danger a massive one. What if this powerful tool falls into the wrong hands? If a cybercriminal somehow gets hold of this secret key, they could have access to all of your private pictures, messages, etc. and do who knows what with them! And thats why creating a backdoor could be even more dangerous than concerns about standard encryption.

Dont Get Breached

91% of cyber attacks start with an email. 60% of SMBs are out of business within six months of a data breach. Not securing your email is like leaving the front door open for hackers.

Implementing end-to-end encryption wouldmean that even Facebook itself wont have access to the information beingshared through its messaging service. This seems quite contrary to the businessmodel that Facebook has built around data monetization.

So, why doesnt Facebook want the data? Doesit really care about privacy, or is there something else hiding behind thecurtain?

One possible reason why Facebook plans to implement end-to-end encryption is to simply move away from the pressure of law enforcement, court orders, warrants, and controversies. Currently, Facebook uses artificial intelligence (AI) and a team of human moderators to monitor the content and messages sent via its platform. They then report suspicious communication/content to authorities. This content moderation system is the source of a lot of expense, negative news coverage and even lawsuits for Facebook.

With end-to-end encryption in place, this couldall go away because Facebook wont be able to decipher the communication. Theycan simply say sorry, we cant access the content even if we want to. Thatcould save Facebook a lot of time, money, and hassle.

Considering that Facebook has already implemented end-to-end encryption in WhatsApp, the most extensively used messaging service that it owns, it seems likely that end-to-end encryption will be implemented in Facebooks other services as well. The question is what happens next? I expect the governments championing the call to eliminate end-to-end encryption to shift gears and attack the tech companies with more ferocity. Further down the road, this never-ending battle could spark into a fire, and ordinary users could be its witnesses or become engulfed in it.

As always, leave any comments or questions below

Read more from the original source:
End-to-End Encryption: The Good, the Bad and the Politics - Hashed Out by The SSL Store - Hashed Out by The SSL Store

By

Special to The Seattle Times

Q:Heres my problem. Whenever I open a Word document, I get this message: The command cannot be performed because a dialog box is open. Click OK, then close open dialog boxes to continue. I dont know what a dialog box is so how can I close one?

Gerald D. Boyd, Anacortes

A:A dialog box is a small window that a program pops open to request input from the user. For example, in Word if you click on the Save icon and the document hasnt already been named, Word will pop open a dialog box that prompts you to name the file and tell the program where to save it.

Generally, if a program has responded to a users action by opening such a dialog box nothing else can be done in that program until the dialog box has been closed. Since you say that you get this message when you open a Word document, Im guessing that another Word document must be open on your computer that has a dialog box awaiting your input.

Heres how you can check: Hover your mouse over the Word icon in the system tray at the bottom of the screen. Youll then see thumbnails pop up that will show you all open documents. You can then click on each one to see if any have open dialog boxes.

Q:In a recent column you make the following statement: The safest thing to do is to use a virtual private network, which encrypts ALL traffic between you and all websites.

VPN encryption may not have the reach that you are stating. A VPN can only encrypt the transmission between the client and the service provider. The communication between the VPN service provider and the destination of the transmission is likely to be unencrypted.

Morey Behrens

A:Yes, you caught me there. I should have written that a VPN encrypts all traffic between you and the VPN server. The traffic between the VPN server and the destination website would only be encrypted if that destination website supports secure connections.

But even if a hacker was to intercept communications between the VPN server and the destination website the hacker would not know the point of origin of that communication. In short, they wouldnt know it was you.

That said, a hacker accessing traffic between the VPN server and a destination website could potentially see a login and password entered at the destination site.

Accordingly, you want to be sure that youre using a secure connection if youre accessing a website with sensitive information, such as a bank or an e-commerce site.

Check to see that the site address shows https and not http. The https stands for HyperText Transfer Protocol secure and it indicates that all communications with the site are encrypted.

Follow this link:
Can we talk about dialog boxes? Heres how to hunt this problem down - Seattle Times

New York City, NY: November 08, 2019 Published via (Wired Release) Global Encryption Software Market 2019: Top Key Players, Regions, Type, Application Outlook, Spectacular Deal, Investment Opportunity, Aspirant Execution And Competition Analysis 2028

The MarketResearch.Biz report offers a holistic summary of the Encryption Software Market with the assistance of application segments and geographical regions(United States, Europe, China, Japan, geographical area, India, Central & South America, ROW) that govern the market presently.

Global Encryption Software market report 2019 offers a specialist and in-depth investigation on the current situation with global Encryption Software industry along the edge of the aggressive scene, Market share and revenue forecast 2028. The report originally presented the basics: definitions, groupings, applications, and business chain overview; industry strategies and plans; product particulars; delivering forms; value structures so on. At that point, it investigated the worlds fundamental locale economic situations, together with the product value, benefit, capacity, creation, ability use, supply, request, and business rate, and so on. At last, the report presented a fresh out of the box new task SWOT investigation, speculation attainability examination, and venture return investigation. Inside meanwhile, an essential examination is done in parallel to the optional research, with respect to conveyance channel, region, and product kind.

Access PDF version of this Report at:https://marketresearch.biz/report/encryption-software-market/request-sample

The Encryption Software Market research report covers major industry player profiles that include:

Microsoft, Sophos Ltd., Check Point Software Technologies Ltd., Trend Micro Inc., Symantec Corporation, IBM Corporation, SAS Institute Inc., Intel Security Group (McAfee), EMC Corporation, WinMagic Inc.

This report utilizes the SWOT investigation method for the evaluation of the advancement of the most striking market sector players. It also thinks about the most recent overhauls while evaluating the improvement of driving business sector players. In addition, in the global Encryption Software Market report, the key item classifications of the global Encryption Software Market are included. The report comparatively shows strong information identified with the predominant players in the market, for example, item contributions, income, division, and business outline. The global Encryption Software Market is as well analyzed on the basis of numerous regions.

The Segmentation for the report:

Global encryption software market segmentation by application: Disk encryption, File/folder encryption, Database encryption, Communication encryption, Cloud encryption. Global encryption software market segmentation by deployment: Cloud, On-Premise. Global encryption software market segmentation by industry type: Banking, financial services and insurance (BFSI), Healthcare, Government & public sector, Telecom & retail, Aerospace & defense, Others

To comprehend the aggressive scene in the market, the investigation envelops a market engaging quality examination, wherein all portions are benchmarked dependent on their market size, development rate, and general appeal. This report is readied utilizing information sourced from in-house databases, auxiliary and essential research group of industry specialists.

The report addresses significant inquiries that organizations may have while working in the Global Encryption Software Market. A portion of the inquiries are given underneath:

What will be the growth rate and the market size of the Encryption Software industry for the forecast period 2019-2028?

What are the major driving forces expected to impact the development of the Encryption Software market across different regions?

Who are the major driving forces expected to decide the fate of the industry worldwide?

Which industry trends are likely to shape the future of the industry during the forecast period 2019-2028?

What are the key barriers and threats believed to hinder the development of the industry?

What are the future opportunities in the Encryption Software market?

For More Actionable Insights Into The Competitive Landscape Of Global Market, Get A Customized Report Herehttps://marketresearch.biz/report/encryption-software-market/#inquiry

This content has been distributed viaWired Releasepress release distribution service. For press release service inquiry, please reach us at[emailprotected].

To Get More Information:

Mr. Benni Johnson

MarketResearch.Biz (Powered By Prudour Pvt. Ltd.)

420 Lexington Avenue, Suite 300

New York City, NY 10170,

United States

Tel: +1 347 826 1876

Website :https://marketresearch.biz

Email ID :[emailprotected]

Originally posted here:
Global Encryption Software Market 2019 To 2028 Geographical Segmentation, Key Players, Key Topics Industry Value And Demand Analysis - The State News...

TLS or Transport Layer Security is an encryption protocol. It is designed such that communication through TLS remains secure and private. In this post, I will explain what TLS handshake is and how to fix the TLS handshake if you face issues.

Before we go ahead and talk about the TLS handshake, lets understand when TLS occurs. Every time you access a website or application over HTTPS, TLS is used. When you access emails, messages, and even VOIP, it uses TLS. You should know that HTTPS is an implementation of TLS encryption.

A handshake is a form of negotiation between two ends. Just like when we meet people, we shake hands, and then go ahead with anything else. On similar lines, the TLS handshake is a form of acknowledgment between two servers.

During the TLS handshake, the servers verify each other and establish encryption, and also exchange keys. If everything is authentic, and as expected, more data exchange will take place. There are four major steps:

In laymans word, they first say hello, then the server offers a certificate that the client needs to verify. Once the verification is complete, a session is generated. A key is created through which data is exchanged through the session.

You cannot do anything if there is a server-side issue but you are having a problem with the browser, it can be fixed. For example, if the server offers a certificate that cannot be authenticated, then you cannot do anything about it. However, if the problem is a mismatch of the TLS protocol, then you can change it from the browser.

There are many more reasons why the TLS handshake can fail, and it depends on the scenario. So here some ways to fix TLS, but before that, always use these rules to filter out the problem.

It is the top reason why the TLS handshake has failed most of the time. The system time is used to test whether the certificate valid or expired. If there is a mismatch between the time on your computer and the server, it can make certificates look expired. Fix the time by setting it to automatic.

Now visit the website again, and check if has fixed the TLS handshake

There is one rule if its happening for one site, then its security software problem, but if its happening for all the websites, then its a system problem.

The security software or browser extension on your computer may be intercepting the TLS connections and changing something which results in problematic TSL handshake. It is also possible that a virus on the system is causing all the TLS problem.

Some browser extensions change proxy settings, and it may cause this problem.

In either case, you need to fix your computer or security software. The best way to further verify this is by using another computer and open the same website or application, which was causing the problem.

Windows 10 and earlier versions of Windows centralize the protocol settings in the system. If you need to change the TLS version, you can do it using Internet Properties.

While Chrome, IE, and Edge use Windows features, Firefox, like its certificate database, manages on its own. Here is how to change the TLS protocol in Firefox:

Every browser maintains a database for certificates. For example, every Firefox profile has a cert8.db file. If you delete that file, and a restart fixes it, then the issue is related to the local certificate database.

Similarly, in Windows, when using IE or Edge, the Certificate Manager is responsible, or you can go to the edge://settings/privacy and click onManage HTTPS/SSL certificates and settings. Delete certificates and try again

If you cannot find the database, delete the profile, and try again.

Its the last resort if you are having the issue with one of the browsers. You can choose to uninstall completely and then reinstall or reset the browser using the inbuilt feature. Follow the links to reset Chrome, Microsoft Edge, and Firefox.

Lastly, while you can browse a website even if the certificate is invalid, make sure not to perform any kind of a transaction with the website. Neither you should use a credit card, nor you should enter your account password.

We hope these tips were easy to follow, and you were able to resolve the TLS issue on your browser or your computer. I have tried my best to offer you enough solution, but honestly, TLS is extremely vast, and more solutions may be available.

Go here to see the original:
What is TLS handshake? How to fix TLS handshake? - TWCN Tech News

Image: jules_88 on Pixabay

Security experts don't recommend that users reboot their computers after suffering a ransomware infection, as this could help the malware in certain circumstances.

Instead, experts recommend that victims hibernate the computer, disconnect it from their network, and reach out to a professional IT support firm. Powering down the computer is also an alternative, but hibernating it is better because it saves a copy of the memory, where some shoddy ransomware strains may sometimes leaves copies of their encryption keys [1, 2].

Experts are recommending against PC reboots because a recent survey of 1,180 US adults who fell victim to ransomware in the past years has shown that almost 30% of victims chose to reboot their computers as a way to deal with the infection.

But while rebooting in safe mode is a good way of removing older screenlocker types of ransomware, it is not recommended when dealing with modern ransomware versions that encrypt files.

"Generally, the [ransomware] executable that actually encrypts your data is designed to crawl through attached, mapped and mounted drives to a given machine. Sometimes it trips, or is blocked by a permission issue and will stop encrypting," Bill Siegel, CEO & Co-Founder of Coveware, a company that provides ransomware data recovery services told ZDNet in an email this week.

"If you reboot the machine, it will start back up and try to finish the job," Siegel said.

"A partially encrypted machine is only partially encrypted due to some fortunate error or issue, so victims should take advantage and NOT let the malware finish its job...don't reboot!"

Siegel told ZDNet the advice applies to both enterprise and home users alike.

Further, ransomware victims should also take note that there are two stages of a ransomware recovery process they have to go through.

The first is finding the ransomware's artifacts -- such as processes and boot persistence mechanisms -- and removing them from an infected host.

Second is restoring the data if a backup mechanism is available.

Siegel warns that when companies miss or skip on the first step, rebooting the computer often restarts the ransomware's process and ends up encrypting the recently-restored files, meaning victims will have to restart the data recovery process from scratch.

In the case of enterprises, this increases downtime and costs the company operating profits.

To learn more about dealing with ransomware attacks, you can check out the Emsisoft guide on how to remove ransomware and Coveware's first response guide on dealing with a ransomware attack.

Article updated shortly after publication to recommend hibernating computer instead of powering down.

Originally posted here:
Experts: Don't reboot your computer after you've been infected with ransomware - ZDNet

There's a saying that the biggest security vulnerability is located between the keyboard and the chair, highlighting human fallibility. It's true, we're easily tricked, and we're lazy as a rule. Human failings also bring down perfect systems of security and privacy, which is why clear, moral codes are required to protect those systems. When Apple agreed to remove the Hkmap.live app from the App Store under pressure from the Chinese government in Beijing, it illustrated just how tenuous even the most robust security and privacy systems can be.

What is security and privacy without morality? It's just a selling point.

For those who missed the story, pro-democracy protestors in Hong Kong have been using an app called HKmap.live to warn other protestors about police moving through the city. Apple first approved the app, and then banned it, claiming that it was being used to perpetrate crimes. Given the increasing violence amidst an intense government crackdown, it's easy to assume that protestors have an even more existential concern regarding the app's availability.

This reminded me how, not long ago, Apple squared off against the full force of the FBI and DOJ as the US government pushed for the company to grant it access to an iPhone belonging to the San Bernardino shooters. In that case, Apple refused. While the company had cooperated with law enforcement in the past, the request to essentially build a special backdoor into its operating system so the law enforcement could examine a device was more than Apple could bear.

Apple, along with a host of other companies, didn't budge on the issue. They even got support from former NSA types. In the end, Apple won out and the FBI ended up paying a third-party company a rumored one million dollars for a way into the phone.

It wasn't Apple's security practices, encryption systems, or engineering prowess that stood between investigators and the data within an iPhone. It was Apple's laudable willingness to stand by its stated beliefs and refuse to cooperate. The company could easily have stepped aside, but by choosing not to, it protected its devices and its users.

How could Beijing pressure Apple so effectively? NPR reports that last year, Apple sold $52 billion of products in China that last year. Maybe that has something to do with it.

Along with the code and the engineering that goes into protecting iOS, the App Store is the other mechanism Apple has for ensuring the safety and security of its users. Apple is able to extend security and privacy protections through its hardware and OS, but it's by managing its app store that it has the biggest impact on users. If any app attempts to circumvent Apple's privacy protections, it can be removed. Conversely, Apple can also choose to keep apps available despite controversy. The App Store supports many encrypted messaging apps, whose data cannot be read by law enforcement or even Apple itself.

Unfortunately, the company has a more mixed record on this front.

Apple has used its ban hammer to protect its walled garden from apps that slurped your personal information, unfairly tricked users, or were outright malicious. These actions have kept users safe, and encouraged good behavior among developers.

The company has also made controversial decisions about which apps to ban. It has kicked out apps that too closely replicate functions of the iPhone, that track drone strikes, or that grant access to so-called "adult content." This last one has always struck me as particularly odd, considering that the best app for porn on an iPhone is Safari.

Now imagine that it wasn't a crowd-sourced map that Apple banned at the behest of a government, but Signal or any other encrypted messenger apps, or the Tor app, or VPNs. (Actually, Apple has banned some of those apps in China before.) Those tools can also be used for bad thingsin fact, that's always law enforcement's argument against such appsbut they also protect individuals from harm, and afford them the privacy they desire.

I won't call Apple's decision to remove the HKmap.live the company's first, or even its greatest, moral failing. There have been others before this, and there will likely be more to come. It's also not the only company to have similarly failed. Google was criticized for removing a game where you played as a Hong Kong protestor, and various social media platforms are embroiled in roiling controversy over how they present information to users, and for what lengths they are willing to go to appease the Chinese government in exchange for access to its markets. Perhaps we shouldn't be looking to any for-profit corporations to fight our moral battles for usbut I digress.

What this sad drama does highlight is the tenuousness of privacy and security. A company can earn a sterling record of protecting its users and fostering exactly the kind of environment that makes people safer and allows them the freedom to speak their minds without fear of reprisal. Our connected devices, we're told by companies, aren't just products; they're supposed to make the world better. But even when a company, or an individual, uses all the right code and follows all the best practices, none of that matters if there aren't unwavering morals to back that up. It's deciding what is right and using the code to enforce those decisions that makes it all work.

I argued that the feds should let math be math. That's true as far as mechanics go, but it also a firm moral stance. Without the courage of your convictions, math is meaningless.

Excerpt from:
Apple Caving on Hong Kong Shows the Limits of Security as a Sales Tool - PCMag