Last year, Ars documented how Skype encryption posed little challenge to Microsoft abuse filters that scanned instant messages for potentially abusive Web links. Within hours of newly created, never-before-visited URLs being transmitted over the service, the scanners were able to pluck them out of a cryptographically protected stream and test if they were malicious. Now comes word that the National Security Agency is also able to work around Skype crypto—so much so that analysts have deemed the Microsoft-owned service "vital" to a key surveillance regimen known as PRISM.
On Monday, after seven months of discussion and planning, the first-phase of a two-part audit of TrueCrypt was released.
The results? iSEC, the company contracted to review the bootloader and Windows kernel driver for any backdoor or related security issue, concluded (PDF) that TrueCrypt has: “no evidence of backdoors or otherwise intentionally malicious code in the assessed areas.”
In December 2013, RSA was accused – based on documents leaked by Edward Snowden – of entering into a secret $10 million agreement with the NSA to use a flawed encryption formula in its products, but a backdoor may not be all that was snuck in, according to researchers from various universities.
“Evidence of an implementation of a non-standard TLS extension called “Extended Random” was discovered in the RSA BSAFE products,” according to researchers from Johns Hopkins University, University of Wisconsin, Eindhoven University of Technology, and University of California, San Diego.
The latest Crypto ransomware scam – CryptoDefense – leaves victims with a key to unlock their own PC, according to security researchers.
The aggressive CryptoLocker ransomware appeared last year, locking files on victims' computers and only offering a decryption key in return for payment of a ransom.
Facebook has built its business upon the sharing of content between people worldwide, but protecting that data is a gargantuan responsibility -- one that demands an increasing amount of transparency.