Encryptik- User based encryption within the object
Encryptik allows records to be encrypted as per user/profile and have other records stored in clear text format.
By: harish kumar
Continue reading here:
Encryptik- User based encryption within the object - Video
Q_A Session 20th Episode - Best WiFi encryption, Youtube video rig, Win 32 vs 64 bit_gogodroid
Q_A Session 20th Episode - Best WiFi encryption, Youtube video rig, Win 32 vs 64 bit_gogodroid.
By: GameAndroid
The rest is here:
Q_A Session 20th Episode - Best WiFi encryption, Youtube video rig, Win 32 vs 64 bit_gogodroid - Video
If the NSA did have the keys to the backdoor in a random number generator it could break some encryption without trouble.
The security of a data connection protected using a flawed U.S. encryption standard promoted by the National Security Agency could be broken in under 16 seconds using a single computer processor. Thats according to the first in-depth study of how easily encryption systems that use the now deprecated Dual_EC random number generator could be defeated by an attacker that had backdoored the standard.
The flawed standard has never been widely used to protect Internet communications, even though the security company RSA got $10 million from the NSA to make it the default random number generator in one of its software packages. It is not known whether the NSA or anyone else knows the crucial mathematical relationship needed to exploit the flaw and undo encryption based on Dual_EC.
However, the study conclusively shows that an attacker that did know the key to the Dual_EC backdoor could put it to practical use. Not all of the six different encryption software packages tested could be defeated in seconds: half took a 16-processor cluster between 60 and 80 minutes of work to break. But a national intelligence agency could significantly improve on those times by devoting more computing power to the problem.
Documents leaked by Edward Snowden, and published in September 2013, do indicate that the NSA has tried to influence standards on encryption, and to encourage commercial companies to make security products more susceptible to U.S. surveillance. Both the National Institute of Standards and Technology (NIST) and RSA withdrew their endorsement for Dual_EC after the Snowden documents were published last year.
The new study was carried out by researchers from Johns Hopkins University, the University of Wisconsin, the Technical Univesity of Eindhoven, the University of Illinois at Chicago, and the University of California San Diego.
NIST first proposed Dual_EC in 2006. Months later two researchers from Microsoft found a mathematical flaw that resembled an intentional backdoor that could be used to undo encryption based on the standard.
The weakness centers on two constants, known as P and Q, that function as kind of default settings for the generator and are supposed to be randomly chosen and unrelated to one another. However if there is some mathematical relationship between the two, it can be used to predict the output of the generator based on seeing one of its past outputs.
Some security experts have long suspected that the versions of P and Q in NISTs version of Dual_EC are linked in some way, and that the NSA knows exactly how, allowing it to undo encryption based on the standard. Those fears gained credence in light of the fact that the Snowden documents showed that the agency did have a policy of trying to influence new standards.
To test what a key to the backdoor in Dual_EC might allow, the researchers set values of P and Q that were linked. They then played the role of an attacker trying to break encrypted TLS connections made by software in use today that supports Dual_EC or once used it by default. TLS connections are widely used to secure Internet data, such as Web browsing, e-mail, and VoIP.
The rest is here:
Study Shows Flawed U.S. Encryption Standard Could Be Broken in Seconds
Google recently trumpeted that it now encrypts Gmail messages while shuffling them among its data centers, an extra security layer aimed at thwarting government and criminal snoops, but didnt say if it applies this protection to its other applications.
Asked for clarification, the company declined to comment. We dont have more details to share beyond the Gmail news, but were always working in strengthening and encrypting across more services and links, a spokeswoman said via email.
Googles reluctance to clarify the scope of its internal encryption is baffling and does a disservice to enterprise customers who rely on the Apps suite for workplace communication, cloud storage and collaboration, according to analysts.
When confronted with the evidenceof a compromise, and asked for an explanation as to how it happened and what they are doing about it, Google is dissembling. This is no basis for trust, said Jay Heiser, a Gartner analyst.
Edward Snowden
At issue are reports from last year, based on leaks from former National Security Agency (NSA) contractor Edward Snowden, that the agency snooped on users of online services in part by intercepting data Internet companies transmitted unencrypted in plain text among their own servers and data centers.
Back in September, Google officials told The Washington Post that the company was accelerating efforts to encrypt communications between its data centers as a result of these reports.
Its an arms race, Eric Grosse, vice president for security engineering at Google, said at the time.
About two weeks ago, Google announced it had turned on this internal encryption for Gmail, but glaringly neglected to address if and when this will be done for its other services and applications.
Every single email message you send or receive100 percent of themis encrypted while moving internally. This ensures that your messages are safe not only when they move between you and Gmails servers, but also as they move between Googles data centerssomething we made a top priority after last summers revelations, the Google post reads.
View original post here:
Google trumpets extra encryption for Gmail, but stays mum on other apps
News
By Juan Carlos Perez
April 1, 2014 03:14 PM ET
IDG News Service - Google recently trumpeted that it now encrypts Gmail messages while shuffling them among its data centers, an extra security layer aimed at thwarting government and criminal snoops, but didn't say if it applies this protection to its other applications.
Asked for clarification, the company declined to comment. "We don't have more details to share beyond the Gmail news, but we're always working in strengthening and encrypting across more services and links," a spokeswoman said via email.
Google's reluctance to clarify the scope of its internal encryption is baffling and does a disservice to enterprise customers who rely on the Apps suite for workplace communication, cloud storage and collaboration, according to analysts.
"When confronted with the evidence of a compromise, and asked for an explanation as to how it happened and what they are doing about it, Google is dissembling. This is no basis for trust," said Jay Heiser, a Gartner analyst.
At issue are reports from last year, based on leaks from former National Security Agency (NSA) contractor Edward Snowden, that the agency snooped on users of online services in part by intercepting data Internet companies transmitted unencrypted in "plain text" among their own servers and data centers.
Back in September, Google officials told The Washington Post that the company was accelerating efforts to encrypt communications between its data centers as a result of these reports.
"It's an arms race," Eric Grosse, vice president for security engineering at Google, said at the time.
Visit link:
Google touts extra encryption for Gmail, remains mum on other apps
Open Source Software and the X1000 3D Printer
Learn how easily accessible and easy to use open source software solutions help 3DP Unlimited lower the cost barriers to owning and speed up the learning cur...
By: 3DP Unlimited
Security provider RSA endowed its BSAFE cryptography toolkit with a second NSA-influenced random number generator (RNG) that's so weak it makes it easier for eavesdroppers to decrypt protected communications, Reuters reported Monday.
Citing soon-to-be-published research from several universities, Reuters said the Extended Random extension for secure websites allows attackers to work tens of thousands of times faster when breaking cryptography that uses the Dual EC_DRBG algorithm to generate the random numbers that populate a specific cryptographic key. Dual EC_DRBG is a pseudo-random number generator that was developed by cryptographers from the National Security Agency and was the default RNG in BSAFE even after researchers demonstrated weaknesses so severe that many suspected they were introduced intentionally so the US spy agency could exploit them to crack encrypted communications of people it wanted to monitor. In December, Reuters reported that the NSA paid RSA $10 million to give Dual EC_DRBG its favored position in BSAFE.
Extended Random was a second RNG that would presumablymake cryptographic keys more robust by adding a second source of randomness. In theory, the additional RNG should increase the entropy used when constructing a new key. In reality, the algorithm made protected communications even easier for attackers to decrypt by reducing the time it takesto predict the random numbers generated by Dual EC_DRBG, which is short for Dual Elliptic Curve, Reuters reported Monday.
"If using Dual Elliptic Curve is like playing with matches, then adding Extended Random is like dousing yourself with gasoline," Matt Green, a professor specializing in cryptography at Johns Hopkins University and one of the authors of the upcoming academic report, told Reuters. Monday's report continued:
The NSA played a significant role in the origins of Extended Random. The authors of the 2008 paper on the protocol were Margaret Salter, technical director of the NSA's defensive Information Assurance Directorate, and an outside expert named Eric Rescorla.
Rescorla, who has advocated greater encryption of all Web traffic, works for Mozilla, maker of the Firefox Web browser. He and Mozilla declined to comment. Salter did not respond to requests for comment.
Though few companies appear to have embraced Extended Random, RSA did. The company built in support for the protocol in BSafe toolkit versions for the Java programming language about five years ago, when a preeminent Internet standards groupthe Internet Engineering Task Forcewas considering whether to adopt Extended Random as an industry standard. The IETF decided in the end not to adopt the protocol.
The researchers said it took them about an hour to crack a free version of BSAFE for Java using about $40,000 worth of computer gear, Reuters reported. Cracking was 65,000 times faster when BSAFE used Extended Random, an improvement that reduced attacks to seconds.
Read more from the original source:
Report: RSA endowed crypto product with second NSA-influenced code
BlackBerry has announced that it has secured US government security approval for its Secure Work Space for iOS and Android a multi platform containerization solution managed through BlackBerry Enterprise Service 10 (BES10).
Considered a critical benchmark for security in government, FIPS validation assures users that a given encryption technology has passed rigorous testing in order to be used to encrypt and secure sensitive information.
With Secure Work Space, BES10 protocols for data-at-rest and data-in-transit are extended to iOS and Android devices. This means data is protected while traversing networks as well as within the walls of the enterprise. Administrators can configure, secure, wipe and interact within the Secure Work Space on a device, while employees can use the device for personal use.
"BlackBerry is considered the most trusted and secure mobile platform and we continue to provide customers with choice and flexibility without compromising security," said Scott Totzke, Senior Vice President, Security Group at BlackBerry.
FIPS 140-2 is issued by the National Institute of Standards and Technology (NIST) to coordinate the requirements and standards for certifying cryptographic modules. In addition to U.S. government recognition, the certification is accepted and supported by the Communications Security Establishment Canada (CSEC) for government use.
BlackBerry products and solutions are protected by AES 256-bit encryption, a highly secure, internationally recognized data protection standard. In addition to FIPS certification, BlackBerry 10 smartphones are also approved by NATO for use in classified communications up to the level of "Restricted." Additionally, BlackBerry was the first MDM vendor to achieve "Authority to Operate" on the U.S. Department of Defense's secure networks.
Continued here:
BlackBerry Approved for New Cryptography Certification
Julian Assange leaks Narendra Modi #39;s lie
Narendra Modi Feku may think that he will be able to get away with his lies and fake facts! But one thing he did not realize is that little get hidden from W...
By: True Lies NoMo
Continued here:
Julian Assange leaks Narendra Modi's lie - Video
High performance access to file storage
Julian Assange will not, as previously indicated, run for Australia Senate again.
The part-time Ecuadorian ran as a candidate for The Wikileaks Party at Australia's general election last year, hoping to win a Senate seat in the State of Victoria. Doing so probably would not have allowed him safe passage from Ecuadors London embassy, but might have given him some new legal arguments to pursue.
A second candidacy was raised as a possibility after the Senate election was botched in the State of Western Australia. Last November, the Wikileaks Party announced it would once again seek to install Assange as its main candidate for any re-run election.
Subsequent decisions mean that election has been ordered for April 5th, when Western Australia will return to the polls to elect six Senators.
But Assange is not on the ballot paper because, says Wikileaks Party's campaign manager Gerry Georgatos, Australia's Electoral Commission deemed he is ineligible to run.
Australian citizens are eligible to run as candidate if they are over 18 years of age and are either enrolled or eligible to be enrolled on the Commonwealth electoral roll. Would-be candidates must also satisfy the provisions of Section 44 of Australia's Constitution , that rules out criminals, bankrupts, those accused of treason, foreign citizens and those who work for or profit from Commonwealth enterprises.
Tempting as it is to imagine Assange has become an Ecuadorian citizen or been charged with treason, a stuff-up looks the likely reason for the the leaker-in-chief's failure to appear on the ballot paper.
"He may not have enrolled in Western Australia on time," Georgatos told The Reg. Once Assange's candidature was untenable, WikiLeaks party's 2600-strong membership elected two new candidates: TV producer Tibor Meszaros and journalist Lucy Nicol.
Georgatos but is not optimistic about their prospects, fearing the taint of what he said were incorrect reports of the party's intention to direct preferences to right-wing parties at Australia's September 2013 election.
Continue reading here:
Assange not running in new Australian election