« First...102030...2,3572,3582,3592,3602,361...2,3702,3802,390...Last »

Google reportedly wants to make email encryption easier, but don’t hold your breath

Posted on by

Still responding to the National Security Agency surveillance revelations, Google is reportedly preparing to help users beef up Gmail security with end-to-end encryption. The search giant is working on a way to make Pretty Good Privacy (PGP) encryption easier to use for Gmail fans, according to a report by Venture Beat.

The idea that Google would be working on email encryption is surprising since that would threaten the company's ability to scan email messages for keywords to insert adsa fact the Venture Beat report acknowledges.

Perhaps the company merely wants to make PGP easier to use for the small sliver of people who might actually want more privacy with their email. But as a regular feature for all? Not likely.

PGP relies on public-private encryption key pairings that make it all but impossible for someone other than the intended recipient to read an encrypted message.

Say Sally wants to send Bob a message. Once she's done composing it, Sally uses Bob's public encryption key to encrypt the message turning it into a bunch of garbled nonsense. Then only Bob can decrypt the message using his private key.

An attacker would have to spend an impossibly long time guessing combinations to decrypt the message, making it, as we said, nearly impossible.

There are ways around decryption such as stealing private keys or hacking into a PC once the message has been decrypted. But for the most part, public-private keys offer a reasonable amount of privacy.

The only problem is that employing PGPor its open source alternative GNU Privacy Guard (GPG)is not at all user friendly.

There are attempts to make encryption easier already such as the Thunderbird extension Enigmail and the browser plug-in Mailvelope. But so far only a relatively small number of users have been willing to try these easier solutions.

With millions of Gmail users, Google could widen the PGP/GPG user base considerably if it wanted tobut end-to-end encryption offers some big problems for a mainstream service like Gmail.

See original here:
Google reportedly wants to make email encryption easier, but don't hold your breath

Dell partners with DataMotion to offer email encryption

Posted on by

When Dell acquired SonicWALL in 2012 it was heralded as a significant step in providing greater security to the company's enterprise customers.

It's now announced a partnership with email encryption specialist DataMotion to allow users of SonicWALL email security to encrypt their sensitive emails and attachments.

The alliance will provide compliance-grade encryption capabilities for all emails and file attachments with just a simple mouse-click from within the Outlook client. The combined DataMotion-Dell SonicWALL solution helps prevent confidential data leaks and regulatory violations thanks to advanced compliance scanning, management and email encryption thus ensuring the secure exchange of email containing sensitive customer data or confidential information.

"We were very focused on partnering with a cloud-based email encryption solution that offered the best end-user experience on both desktop and mobile platforms. After evaluating the leading email encryption providers, it was clear that the DataMotion solution was the best choice for us," says Patrick Sweeney, executive director of product management at Dell. "Their encryption technology complements our existing email security portfolio very well, and the DataMotion team was really easy to work with and willing to accommodate our specific needs and requirements".

Encrypted email is now a legal requirement for some organizations in order to comply with privacy regulations like HIPAA (Health Insurance Portability and Accountability Act). The DataMotion platform allows Dell to offer its customers a powerful but easy to use, cloud-hosted service that can guard emails and attachments against data theft or accidental exposure.

"It is extremely satisfying to have our cloud-based email encryption technology recognized and adopted by a world leader in email security appliance solutions," says Bob Bales, CEO of DataMotion. "I am particularly pleased that Dell recognized not only our technical prowess, but also our agility and strength as an organization to support their offer worldwide. We are thrilled to be a part of the Dell Software partner family".

You can find out more about SonicWALL security products on the Dell website.

Image Credit:Pixel-3D / Shutterstock

Read more:
Dell partners with DataMotion to offer email encryption

Morse View – 5 WPM and 15 WPM real-time Morse code decoding – Video

Posted on by


Morse View - 5 WPM and 15 WPM real-time Morse code decoding
Morse View is an open source software project to convert audible Morse codes to text messages. This application is capable to convert Morse codes from wave files or from the audio line/microphone...

By: Dilshan Jayakody

Read the original post:
Morse View - 5 WPM and 15 WPM real-time Morse code decoding - Video

How Heartbleed transformed HTTPS security into the stuff of absurdist theater

Posted on by

Aurich Lawson / Thinkstock

If you want to protect yourself against the 500,000 or so HTTPS certificates that may have been compromised by the catastrophic Heartbleed bug, don't count on the revocation mechanism built-in to your browser. It doesn't do what its creators designed it to do, and switching it on makes you no more secure than leaving it off, one of the Internet's most respected cryptography engineers said over the weekend.

Four people have been able to see server keys and certificates in a test.

Certificate revocation is the process of a browser or other application performing an online lookup to confirm that a TLS certificate hasn't been revoked. The futility of certificate revocation was most recently discussed in a blog post published Saturday by Adam Langley, an engineer who was writing on his own behalf but who also handles important cryptography and security issues at Google. In the post, Langley recites a litany of technical considerations that have long prevented real-time online certificate revocations from thwarting attackers armed with compromised certificates, even when the digital credentials have been recalled. Some of the considerations include:

"That's why I claim that revocation checking is uselessbecause it doesn't stop attacks," Langley wrote. "Turning it on does nothing but slow things down. You can tell when something is security theater because you need some absurdly specific situation in order for it to be useful."

Langley's blog post helps explain why Google Chrome by default doesn't have online revocation enabled. In the aftermath of Heartbleed, many people have counseled turning it on. That's because the OpenSSL bug allows attackers to pluck passwords, authentication cookies, and even private encryption keys out of the computer memory of vulnerable servers. In many cases, there is no way to know if the two-year-old flaw has been exploited. As a result, security experts have counseled people administering vulnerable websites to assume the key bound to their old TLS certificate is compromised. That has meant getting a new certificate and revoking the old one.

Online certificate checking is the mechanism many have assumed would prevent end users from trusting revoked credentials. Certificate revocation by sites remains a good idea, but in light of this weekend's post, end users shouldn't assume OCSP will do much to flag old compromised keys that may be presented by attackers.

An IETF proposal hopes to mend cracks in the Internet's foundation of trust.

The Heartbleed debacle is by no means the first event to underscore the inadequacy of current TLS revocation. A variety of researchers have proposed alternatives. One such fix, devised by cryptography experts Moxie Marlinspike and Trevor Perrin, is known as TACK. Another one was created by a developer from Red Hat and is dubbed Mutually Endorsing CA Infrastructure. Langley, meanwhile, held out something called OCSP Must Staple.

Those proposals and several others like them have largely languished in inertia. If there's a silver lining to Heartbleed, it may be that it provides the catalyst that the huge number of the world's engineers will need to finally fix one of the Internet's biggest security holes.

More:
How Heartbleed transformed HTTPS security into the stuff of absurdist theater

Assange at SXSW: ‘Who really wears the pants in the administration?’

Posted on by

Julian Assange doesn't use the blustering rhetoric you might expect from the founder of the activist publishing groupWikiLeaks. Assange is responsible for leaking documents that have changed America's political landscape-- State Department cables and Iraq War logs--yet to a South by Southwest audience on Saturday, he spoke quietly and matter-of-factly even when uttering the most inflammatory statements.

"Who really wears the pants in the [Obama] administration?" Assange asked during a Skype call with the SXSW audience. "Is it the intelligence agencies or is it the civilian part of that administration?"

The obvious answer from Assange's perspective: The National Security Agency runs the show and would dig up any and all of President Obama's buried skeletons to force him out of office if he tried to disband the surveillance agency.

Assange, speaking from his home at the Ecuadorean embassy in London, said the NSA shouldn't be considered a rogue agency that will be reigned in. When an agency or individual goes against the grain, there are typically consequences handed down by the government. In the case of the NSA, however, this has yet to take place.

"Somebody is fired, somebody is forced to resign, somebody is prosecuted, an investigation is launched, or the budget is cut--none of those things has happened since the Edward Snowden revelations," Assange said.

Surveillance at the forefront of SXSW

NSA whistleblower Edward Snowden's revelations about the agency's surveillance programs are top of mind at this year's SXSW, which is typically a more lighthearted affair best known for helping Twitter and Foursquare to explode into the mainstream. Last year's highlights included a grumpy-looking cat. But along with Assange, this year's festival also featured Google executive chairman Eric Schmidt's thoughts on the NSA's fiber-optic wiretapping of Google data.

Snowden and reporter Glenn Greenwald are both scheduled to speak at the festival on Monday, though Snowden obviously won't be appearing in person.

Surveillance is a pervading theme at SXSW, but if the NSA runs the show and its data collection dragnet is inescapable, as Assange believes, then what hope do any Americans have of fighting back or changing the system?

But Assange still seems optimistic that change is possible. He pointed to journalists like Greenwald and Laura Poitras, who have worked with Edward Snowden to expose programs like PRISM and MUSCULAR and continue to carry out their journalistic duty even though they are essentially in exile.

Read the original here:
Assange at SXSW: 'Who really wears the pants in the administration?'


« First...102030...2,3572,3582,3592,3602,361...2,3702,3802,390...Last »