Skip to main content

Encryption

Serious Android crypto key theft vulnerability affects 86% of devices

posted onJune 30, 2014
by l33tdawg

Researchers have warned of a vulnerability present on an estimated 86 percent of Android phones that may allow attackers to obtain highly sensitive credentials, including cryptographic keys for some banking services and virtual private networks, and PINs or patterns used to unlock vulnerable devices.

Trojan app encrypts files on Android devices and asks for ransom

posted onJune 5, 2014
by l33tdawg

The ransomware model is increasingly being adopted by cybercriminals who target mobile users, one of their latest creations being able to encrypt files stored on the SD memory cards of Android devices.

A new threat dubbed Android/Simplock.A was identified by researchers from antivirus firm ESET over the weekend and while it’s not the first ransomware program for Android, it is the first one seen by the company that holds files hostage by encrypting them.

TrueCrypt Lives On as New Team Relocates to Switzerland

posted onJune 2, 2014
by l33tdawg

A group of developers has decided to continue supporting free encryption tool TrueCrypt which appeared to have suddenly closed its doors last week, leaving customers angry and confused.
 
A new website has been created at truecrypt.ch where Thomas Bruderer and Joseph Doekbrijder are co-ordinating efforts to make existing versions of the product available again and eventually to fork the code for future development.
 

128-bit crypto scheme allegedly cracked in two hours

posted onMay 26, 2014
by l33tdawg

Crypto researchers are preparing to scatter the ashes of a class of Discrete Logarithm Problems (DLPs) as the future of security, following a claim by Swiss researchers to have cracked a 128-bit crypto scheme in two hours.

So as not to frighten the horses, The Register will start by pointing out that our understanding of this paper at Arxiv doesn't mean the schemes you're now using have been broken. Rather, the work by researchers at EPFL in Switzerland excludes crypto based on “supersingular curves” from future consideration.

Edward Snowden had a 'crypto party' before he blew his NSA whistle

posted onMay 22, 2014
by l33tdawg

It was December 11, 2012, and in a small art space behind a furniture store in Honolulu, NSA contractor Edward Snowden was working to subvert the machinery of global surveillance.

Snowden was not yet famous. His blockbuster leaks were still six months away, but the man destined to confront world leaders on a global stage was addressing a much smaller audience that Sunday evening. He was leading a local “Crypto Party,” teaching less than two dozen Hawaii residents how to encrypt their hard drives and use the internet anonymously.

Edward Snowden sent Glenn Greenwald this video guide about encryption for journalists

posted onMay 14, 2014
by l33tdawg

Before Laura Poitras brought Glenn Greenwald into the story about former National Security Agency contractor Edward Snowden, Greenwald received messages from a mysterious contact calling himself Cincinnatus. The source urged Greenwald to learn how to protect his e-mail with encryption so he could receive sensitive information.

Encrypted or not, Skype communications prove "vital" to NSA surveillance

posted onMay 13, 2014
by l33tdawg

Last year, Ars documented how Skype encryption posed little challenge to Microsoft abuse filters that scanned instant messages for potentially abusive Web links. Within hours of newly created, never-before-visited URLs being transmitted over the service, the scanners were able to pluck them out of a cryptographically protected stream and test if they were malicious. Now comes word that the National Security Agency is also able to work around Skype crypto—so much so that analysts have deemed the Microsoft-owned service "vital" to a key surveillance regimen known as PRISM.

TrueCrypt audit finds "no evidence of backdoors" or malicious code

posted onApril 15, 2014
by l33tdawg

On Monday, after seven months of discussion and planning, the first-phase of a two-part audit of TrueCrypt was released.

The results? iSEC, the company contracted to review the bootloader and Windows kernel driver for any backdoor or related security issue, concluded (PDF) that TrueCrypt has: “no evidence of backdoors or otherwise intentionally malicious code in the assessed areas.”

Researchers uncover NSA tool, enables faster cracking of flawed RSA algorithm

posted onApril 2, 2014
by l33tdawg

In December 2013, RSA was accused – based on documents leaked by Edward Snowden – of entering into a secret $10 million agreement with the NSA to use a flawed encryption formula in its products, but a backdoor may not be all that was snuck in, according to researchers from various universities.

“Evidence of an implementation of a non-standard TLS extension called “Extended Random” was discovered in the RSA BSAFE products,” according to researchers from Johns Hopkins University, University of Wisconsin, Eindhoven University of Technology, and University of California, San Diego.

Dumb hackers leave encryption keys on victims' PCs

posted onApril 2, 2014
by l33tdawg

The latest Crypto ransomware scam – CryptoDefense – leaves victims with a key to unlock their own PC, according to security researchers.

The aggressive CryptoLocker ransomware appeared last year, locking files on victims' computers and only offering a decryption key in return for payment of a ransom.