Skip to main content

Encryption

New Bill Aims to Stop State-Level Decryption Before It Starts

posted onFebruary 11, 2016
by l33tdawg

Over the last several months, local legislators have embarked on a curious quest to ban encryption at a state level. For a litany of reasons, this makes no sense. And now, a new bill in Congress will attempt to stop the inanity before it becomes a trend.

California Congressman Ted Lieu has introduced the “Ensuring National Constitutional Rights for Your Private Telecommunications Act of 2016,” which we’ll call ENCRYPT. It’s a short, straightforward bill with a simple aim: to preempt states from attempting to implement their own anti-encryption policies at a state level.

Random ideas sought to improve cryptography

posted onFebruary 3, 2016
by l33tdawg

America's National Institute for Science and Technology (NIST) is looking for public input into its long-running project to improve cryptography.

The recommendation NIST's put up for discussion covers the design principles and requirements for random bit generators, and tests to validate entropy sources.

It's the entropy validation that NIST regards as most important in Special Publication 800-90B: rather than trying to tell crypto designers what crypto sources to use, it wants reliable ways to check the outputs.

NIST looks to strengthen crypto backbone

posted onJanuary 29, 2016
by l33tdawg

The National Institute of Standards and Technology is looking to make the backbone of cryptography -- random bit generators -- less predictable.

NIST has released the second draft of a publication that specifies design principles for sources of entropy, which measure the randomness of generated numbers. Without a reliably random RBG, hackers can slice through a user's communications.

New York is trying to force backdoors into phones with legislation

posted onJanuary 18, 2016
by l33tdawg

Cryptography has become popular in the post-Edward Snowden era. Everyone seems to be worried about being spied upon and is looking for ways to avoid it. While the majority of users likely have nothing to hide, it's still a creepy feeling to know that someone can, and possibly is, checking what you say and do.

There has been a lot of talk about adding backdoors, mostly from those who want to spy and those who simply don't understand the technology. The latest of this is currently taking place in New York.

The cunning way that hackers break so-called unbreakable encryption

posted onJanuary 12, 2016
by l33tdawg

As discussed in a recent Monday Note titled “Let’s Outlaw Math,” electronic messages that are encoded with modern encryption techniques are truly indecipherable by interlopers—it doesn’t matter whether they’re criminals or governments. The latter have attempted to legislate backdoors that only they can use (to protect us, of course), but there’s a danger: These “golden keys” could fall into the wrong hands. In any case, a backdoor only works where it’s been installed; unbreakable public domain encryption is available to everyone, terrorists and traffickers included.

After Paris Attacks, Here’s What the CIA Director Gets Wrong About Encryption

posted onNovember 17, 2015
by l33tdawg

It’s not surprising that in the wake of the Paris terrorist attacks last Friday, US government officials would renew their assault on encryption and revive their efforts to force companies to install backdoors in secure products and encryption software.

Just last month, the government seemed to concede that forced decryption wasn’t the way to go for now, primarily because the public wasn’t convinced yet that encryption is a problem. But US officials had also noted that something could happen to suddenly sway the public in their favor.

Cookies MONSTER your security, even with encryption

posted onSeptember 25, 2015
by l33tdawg

A whole lot of work rolling out HTTP security is being undermined by bad browser implementation that facilitates man-in-the-middle attacks.

CERT has warned that all of the major browser vendors have a basic implementation error that mean “cookies set via HTTP requests may allow a remote attacker to bypass HTTPS and reveal private session information”.

The Downside of Encrypting Everything: Virus-Filled Ads Are Harder to Track

posted onSeptember 17, 2015
by l33tdawg

During the last year, online crooks have realized that buying ads and lacing them with malicious code is an easy and cheap way of infecting victims with malware and get some money out of it.

As a result, “malvertising” in 2015 has almost tripled from the year prior, even if security firms have focused more on this threat, tracking down and reporting several cases of malvertising to the advertisers and publishers.

Now, the fight against malvertising is about to get tougher for internet defenders as criminal hackers have found an unlikely ally: web encryption.