Encryption

Activists just got another reason to worry about what spooks might be able to learn about them, with boffins demonstrating that a decent traffic fingerprint can tell an attacker what's going on, even if an app is defended by encryption.

The researchers from the Universities of Padua and Rome have found that for activities like posting messages on a friend's Facebook wall, browsing a profile on a social network, or sending an e-mail, there's no need to decrypt an encrypted data flow.

Nearly all of Facebook’s outbound notification emails are now encrypted while traveling the Internet, a collaborative feat that comes from the technology industry’s push to thwart the NSA’s spying programs.

In May, only 58 percent of the social networking site’s email was encrypted when it was sent since the receiving entity must have the technology, called STARTTLS, enabled, wrote Michael Adkins, a messaging integrity engineer at Facebook, on a company blog.

Synolocker crypto-malware affecting Synology network access (NAS) devices in particular, has hit the Faculty of Medicine of Chinese University and took hostage no less than 10,000 patient records.

It appears that the affected data belongs to the Centre for Liver Health and Institute of Digestive Disease at the Prince of Wales Hospital in Sha Tin, and the police confirmed that the crooks used Synolocker for the deed.

Yahoo users may have benefited most from the “Snowden effect.” The tech company was a laggard when it came to security practices until the NSA leaker’s disclosures made clear the extent to which weak security practices by tech companies are being exploited by talented hackers.

Until today, Microsoft Windows users who’ve been unfortunate enough to have the personal files on their computer encrypted and held for ransom by a nasty strain of malware called CryptoLocker have been faced with a tough choice: Pay cybercrooks a ransom of a few hundred to several thousand dollars to unlock the files, or kiss those files goodbye forever. That changed this morning, when two security firms teamed up to launch a free new online service that can help victims unlock and recover files scrambled by the malware.

An open-source project has released the first free application for the iPhone that scrambles voice calls, which would thwart government surveillance or eavesdropping by hackers.

Signal comes from Open Whisper Systems, which developed RedPhone and TextSecure, both Android applications that encrypt calls and text messages.

Intel has announced the Drive Pro 2500 series of solid state disk (SSD) drives that are "self encrypting", which the firm says makes them more secure against data breaches.

Aimed at businesses, the Intel SSD Pro 2500 series will come in a 2.4in 7mm form factor with 120GB, 180GB, 240GB, 360GB and 480GB capacities, M.2 80mm size with 180GB, 240GB and 360GB capacities, and M.2 60mm size with 180GB or 240GB capacities.

All data sent via the Internet of Things (IoT) needs to be secured with encryption, according to the findings of recent INQUIRER research.

The research, carried out in conjunction with Intel, revealed that 44 percent of INQUIRER readers believe that data encryption is the best way to ensure the IoT is secure. 23 percent would prefer to see users being given full control over their own data, while 10 percent believe the best IoT security option is to not store any usage data at all.

In the latest cautionary tale involving the so-called Internet of things, white-hat hackers have devised an attack against network-connected lightbulbs that exposes Wi-Fi passwords to anyone in proximity to one of the LED devices.

Cisco Systems has released a security update that closes a backdoor allowing attackers to control software that large organizations use to manage voice over IP (VoIP) calls and messaging over their networks.