encryption

Auto Added by WPeMatico

Tinder Embraces Encryption

Tinder Embraces Encryption

Senator Ron Wyden (D-OR) has managed to get Tinder to encrypt the photos sent between its servers and its app. The 69-year-old Senator wrote a letter to Tinder back in February requesting that the company encrypt photos. They apparently already implemented the feature, but “waited to write back to Wyden until it also adjust a separate security feature that makes all swipe data the same size,” reports The Verge. “The size of the swipe data was used by security researchers to differentiate actions from one another. That change wasn’t implemented until June 19th.”

Read more of this story at Slashdot.

Go to Source

Posted by amiller in Blog, encryption
Russia Demands Apple Remove Telegram From Russian App Store

Russia Demands Apple Remove Telegram From Russian App Store

The Russian government is asking Apple to help it block Telegram by removing it from the country’s App Store. Mac Rumors reports: A Russian court in April ordered carriers and internet providers in the country to block Telegram back in April, after Telegram refused to provide Russia with backdoor access to user messages. Despite issuing the block order back in April, Russia has only been able to disrupt Telegram’s operations in the country by 15 to 30 percent. Given the government’s inability to block the app, Roskomnadzor, the division of the government that controls media and telecommunications, has demanded that Apple remove the Telegram app from the Russian App Store. The group first asked Apple to remove the app in April, but is appealing to Apple again.

“In order to avoid possible action by Roskomnadzor for violations of the functioning of the above-mentioned Apple Inc. service, we ask you to inform us as soon as possible about your company’s further actions to resolve the problematic issue,” the regulator wrote. Roskomnadzor has given Apple one month to remove the Telegram app from the App Store. Roskomnadzor’s director Alexander Zharov said he did not want to “forecast further actions” should Apple not comply with the request following the 30 day period.

Read more of this story at Slashdot.

Go to Source

Posted by amiller in Blog, encryption
FBI Repeatedly Overstated Encryption Threat Figures To Congress, Public

FBI Repeatedly Overstated Encryption Threat Figures To Congress, Public

mi shares a report from The Washington Post (Warning: source may be paywalled; alternative source): The FBI has repeatedly provided grossly inflated statistics to Congress and the public about the extent of problems posed by encrypted cellphones, claiming investigators were locked out of nearly 7,800 devices connected to crimes last year when the correct number was much smaller, probably between 1,000 and 2,000.

Over a period of seven months, FBI Director Christopher A. Wray cited the inflated figure as the most compelling evidence for the need to address what the FBI calls “Going Dark” — the spread of encrypted software that can block investigators’ access to digital data even with a court order. “The FBI’s initial assessment is that programming errors resulted in significant over-counting of mobile devices reported,” the FBI said in a statement Tuesday. The bureau said the problem stemmed from the use of three distinct databases that led to repeated counting of phones. Tests of the methodology conducted in April 2016 failed to detect the flaw, according to people familiar with the work.

Read more of this story at Slashdot.

Go to Source

Posted by amiller in Blog, encryption
FBI Reportedly Overstated Encryption Threat Figures To Congress, Public

FBI Reportedly Overstated Encryption Threat Figures To Congress, Public

mi shares a report from The Washington Post (Warning: source may be paywalled; alternative source): The FBI has repeatedly provided grossly inflated statistics to Congress and the public about the extent of problems posed by encrypted cellphones, claiming investigators were locked out of nearly 7,800 devices connected to crimes last year when the correct number was much smaller, probably between 1,000 and 2,000.

Over a period of seven months, FBI Director Christopher A. Wray cited the inflated figure as the most compelling evidence for the need to address what the FBI calls “Going Dark” — the spread of encrypted software that can block investigators’ access to digital data even with a court order. “The FBI’s initial assessment is that programming errors resulted in significant over-counting of mobile devices reported,” the FBI said in a statement Tuesday. The bureau said the problem stemmed from the use of three distinct databases that led to repeated counting of phones. Tests of the methodology conducted in April 2016 failed to detect the flaw, according to people familiar with the work.

Read more of this story at Slashdot.

Go to Source

Posted by amiller in Blog, encryption
IBM Warns Quantum Computing Will Break Encryption

IBM Warns Quantum Computing Will Break Encryption

Long-time Slashdot reader CrtxReavr shares a report from ZDNet:
Quantum computers will be able to instantly break the encryption of sensitive data protected by today’s strongest security, warns the head of IBM Research. This could happen in a little more than five years because of advances in quantum computer technologies. “Anyone that wants to make sure that their data is protected for longer than 10 years should move to alternate forms of encryption now,” said Arvind Krishna, director of IBM Research… Quantum computers can solve some types of problems near-instantaneously compared with billions of years of processing using conventional computers… Advances in novel materials and in low-temperature physics have led to many breakthroughs in the quantum computing field in recent years, and large commercial quantum computer systems will soon be viable and available within five years… In addition to solving tough computing problems, quantum computers could save huge amounts of energy, as server farms proliferate and applications such as bitcoin grow in their compute needs. Each computation takes just a few watts, yet it could take several server farms to accomplish if it were run on conventional systems.

The original submission raises another possibility. “What I wonder is, if encryption can be ‘instantly broken,’ does this also mean that remaining crypto-coins can be instantly discovered?”

Read more of this story at Slashdot.

Go to Source

Posted by amiller in Blog, encryption
Encrypted Email Has a Major, Divisive Flaw

Encrypted Email Has a Major, Divisive Flaw

An anonymous reader quotes a report from Wired: The ubiquitous email encryption schemes PGP and S/MIME are vulnerable to attack, according to a group of German and Belgian researchers who posted their findings on Monday. The weakness could allow a hacker to expose plaintext versions of encrypted messages — a nightmare scenario for users who rely on encrypted email to protect their privacy, security, and safety. The weakness, dubbed eFail, emerges when an attacker who has already managed to intercept your encrypted emails manipulates how the message will process its HTML elements, like images and multimedia styling. When the recipient gets the altered message and their email client — like Outlook or Apple Mail — decrypts it, the email program will also load the external multimedia components through the maliciously altered channel, allowing the attacker to grab the plaintext of the message.

The eFail attack requires hackers to have a high level of access in the first place that, in itself, is difficult to achieve. They need to already be able to intercept encrypted messages, before they begin waylaying messages to alter them. PGP is a classic end-to-end encryption scheme that has been a go-to for secure consumer email since the late 1990s because of the free, open-source standard known as OpenPGP. But the whole point of doing the extra work to keep data encrypted from the time it leaves the sender to the time it displays for the receiver is to reduce the risk of access attacks — even if someone can tap into your encrypted messages, the data will still be unreadable. eFail is an example of these secondary protections failing.

Read more of this story at Slashdot.

Go to Source

Posted by amiller in Blog, encryption
Lawmakers Move To Block Government From Ordering Digital 'Back Doors'

Lawmakers Move To Block Government From Ordering Digital 'Back Doors'

A bipartisan group of House lawmakers have introduced legislation that would block the federal government from requiring technology companies to design devices with so-called “back doors” to allow law enforcement to access them. From a report: The bill represents the latest effort by lawmakers in Congress to wade into the battle between federal law enforcement officials and tech companies over encryption, which reached a boiling point in 2015 as the FBI tussled with Apple over a locked iPhone linked to the San Bernardino terror attack case. Top FBI and Justice Department officials have repeatedly complained that they have been unable to access devices for ongoing criminal investigations because of encryption. FBI Director Christopher Wray has suggested that devices could be designed to allow investigators to access them, though he insists the bureau is not looking for a “back door.” The bipartisan bill introduced Thursday would prohibit federal agencies from requiring or requesting that firms “design or alter the security functions in its product or service to allow the surveillance of any user of such product or service, or to allow the physical search of such product” by the government.

Read more of this story at Slashdot.

Go to Source

Posted by amiller in Blog, encryption
Tech Giants Hit by NSA Spying Slam Encryption Backdoors

Tech Giants Hit by NSA Spying Slam Encryption Backdoors

A coalition of Silicon Valley tech giants has doubled down on its criticism of encryption backdoors following a proposal that would give law enforcement access to locked and encrypted devices. From a report: The group, which focuses on efforts to reform government surveillance, said in a statement that it continues to advocate for strong encryption, and decried attempts to undermine the technology. “Recent reports have described new proposals to engineer vulnerabilities into devices and services — but they appear to suffer from the same technical and design concerns that security researchers have identified for years,” the statement read. The renewed criticism follows a lengthy Wired article, in which former Microsoft software chief Ray Ozzie proposed a new spin on key escrow. Device encryption has hampered police investigations, and law enforcement officials have pushed tech companies to fix the problem — even by way of suing them.

Read more of this story at Slashdot.

Go to Source

Posted by amiller in Blog, encryption
Russia Begins Blocking Telegram Messenger

Russia Begins Blocking Telegram Messenger

Russia’s state telecommunications regulator said on Monday it had begun blocking access to Telegram messenger after the company refused to comply with an order to give Russian state security access to its users’ secret messages (encryption keys). From a report: The watchdog, Roskomnadzor, said in a statement on its website that it had sent telecoms operators a notification about blocking access to Telegram inside Russia. The service, set up by a Russian entrepreneur, has more than 200 million global users and is ranked as the world’s ninth most popular mobile messaging app.

Read more of this story at Slashdot.

Go to Source

Posted by amiller in Blog, encryption
Former FBI Director James Comey Reveals How Apple and Google's Encryption Efforts Drove Him 'Crazy'

Former FBI Director James Comey Reveals How Apple and Google's Encryption Efforts Drove Him 'Crazy'

An anonymous reader shares a report: In his explosive new book, A Higher Loyalty, fired FBI director James Comey denounces President Trump as “untethered to the truth” and likens him to a “mob boss,” but he also touches on other topics during his decades-long career in law enforcement — including his strong objection to the tech industry’s encryption efforts. When Apple and Google announced in 2014 that they would be moving their mobile devices to default encryption, by emphasizing that making them immune to judicial orders was good for society, “it drove me crazy,” he writes. He goes on to lament the lack of “true listening” between tech and law enforcement, saying that “the leaders of the tech companies don’t see the darkness the FBI sees,” such as terrorism and organized crime. He writes, “I found it appalling that the tech types couldn’t see this. I would frequently joke with the FBI ‘Going Dark’ team assigned to seek solutions, ‘Of course the Silicon Valley types don’t see the darkness — they live where it’s sunny all the time and everybody is rich and smart.” But Comey understood it was an unbelievably difficult issue and that public safety had to be balanced with privacy concerns.

Read more of this story at Slashdot.

Go to Source

Posted by amiller in Blog, encryption