Archive for the ‘encryption’ Category

Google Created Faster Storage Encryption for All Low-End Devices

February 8th, 2019
Google has launched a new encryption algorithm that has been built specifically to run on mobile phones and smart IoT devices that don't have the specialized hardware to use current encryption methods to encrypt locally stored data efficiently. Encryption has already become an integral part of our everyday digital activities. However, it has long been known that encryption is expensive, as

Posted in #opGreece, Android encryption, data encryption, Disk encryption, encryption, encryption algorithm, encryption software, file encryption, IoT security | Comments (0)

Digital exchange loses $137 million as founder takes passwords to the grave

February 2nd, 2019
Black-and-white photo of a human skull in a graveyard.

Enlarge (credit: Jakub T. Jankiewicz / Flickr)

A cryptocurrency exchange in Canada has lost control of at least $137 million of its customers’ assets following the sudden death of its founder, who was the only person known to have access the the offline wallet that stored the digital coins. British Columbia-based QuadrigaCX is unable to access most or all of another $53 million because it’s tied up in disputes with third parties.

The dramatic misstep was reported in a sworn affidavit that was obtained by CoinDesk. The affidavit was filed Thursday by Jennifer Robertson, widow of QuadrigaCX’s sole director and officer Gerry Cotten. Robertson testified that Cotten died of Crohn’s disease in India in December at the age of 30.

Following standard security practices by many holders of cryptocurrency, QuadrigaCX stored the vast majority of its cryptocurrency holdings in a “cold wallet,” meaning a digital wallet that wasn’t connected to the Internet. The measure is designed to prevent hacks that regularly drain hot wallets of millions of dollars (Ars has reported on three such thefts here, here, and here.)

Read 6 remaining paragraphs | Comments

Posted in Biz & IT, cold wallet, cryptocurrency, encryption, passwords | Comments (0)

Signal app to Australia: Good luck with that crypto ban

December 15th, 2018
Grafitti urging people to use Signal, a highly-enctypted messaging app, is spray-painted on a wall during a protest on February 1, 2017 in Berkeley, California.

Enlarge / Grafitti urging people to use Signal, a highly-enctypted messaging app, is spray-painted on a wall during a protest on February 1, 2017 in Berkeley, California. (credit: Elijah Nouvelage/Getty Images)

Signal, one of the most secure messaging apps, essentially told Australia this week that its attempts to thwart strong crypto are rather cute.

"By design, Signal does not have a record of your contacts, social graph, conversation list, location, user avatar, user profile name, group memberships, group titles, or group avatars," Joshua Lund, a Signal developer wrote. "The end-to-end encrypted contents of every message and voice/video call are protected by keys that are entirely inaccessible to us. In most cases now we don’t even have access to who is messaging whom."

Lund is referring to a recent law passed in Australia that will fine companies that do not comply with government demands for encrypted data up to AUS$10 million.

Read 3 remaining paragraphs | Comments

Posted in crypto, encryption, Policy, Signal | Comments (0)

Australia passes new law to thwart strong encryption

December 6th, 2018
Large room full of well-dressed men and women.

Enlarge / The Member for Sydney Tanya Plibersek speaks as the Labor party stay for the end of parliament in the House of Representatives at Parliament House on December 06, 2018, in Canberra, Australia. (credit: Tracey Nearmy/Getty Images)

On Thursday, the Australian parliament approved a measure that critics say will weaken encryption in favor of law enforcement and the demands of government.

The new law, which has been pushed for since at least 2017, requires that companies provide a way to get at encrypted communications and data via a warrant process. It also imposes fines of up to A$10 million for companies that do not comply and A$50,000 for individuals who do not comply. In short, the law thwarts (or at least tries to thwart) strong encryption.

Companies who receive one of these warrants have the option of either complying with the government or waiting for a court order. However, by default, the orders are secret, so companies would not be able to tell the public that they had received one.

Read 13 remaining paragraphs | Comments

Posted in apple, australia, encryption, Policy | Comments (0)

Sennheiser discloses monumental blunder that cripples HTTPs on PCs and Macs

November 28th, 2018
Sennheiser discloses monumental blunder that cripples HTTPs on PCs and Macs

Enlarge (credit: Sennheiser)

Audio device maker Sennheiser has issued a fix for a monumental software blunder that makes it easy for hackers to carry out man-in-the-middle attacks that cryptographically impersonate any big-name website on the Internet. Anyone who has ever used the company’s HeadSetup for Windows or macOS should take action immediately, even if users later uninstalled the app.

To allow Sennheiser headphones and speaker phones to work seamlessly with computers, HeadSetup establishes an encrypted Websocket with a browser. It does this by installing a self-signed TLS certificate in the central place an operating system reserves for storing browser-trusted certificate authority roots. In Windows, this location is called the Trusted Root CA certificate store. On Macs, it’s known as the macOS Trust Store.

A few minutes to find, years to exploit

The critical HeadSetup vulnerability stems from a self-signed root certificate installed by version 7.3 of the app that kept the private cryptographic key in a format that could be easily extracted. Because the key was identical for all installations of the software, hackers could use the root certificate to generate forged TLS certificates that impersonated any HTTPS website on the Internet. Although the self-signed certificates were blatant forgeries, they will be accepted as authentic on computers that store the poorly secured certificate root. Even worse, a forgery defense known as certificate pinning would do nothing to detect the hack.

Read 8 remaining paragraphs | Comments

Posted in audio, Biz & IT, encryption, HTTPS, Sennheiser, Superfish, TLS, transport layer security | Comments (0)

Police decrypt 258,000 messages after breaking pricey IronChat crypto app

November 7th, 2018
Police decrypt 258,000 messages after breaking pricey IronChat crypto app

Enlarge (credit: Brian Smithson / Flickr)

Police in the Netherlands said they decrypted more than 258,000 messages sent using IronChat, an app billed as providing end-to-end encryption that was endorsed by National Security Agency leaker Edward Snowden.

In a statement published Tuesday, Dutch police said officers achieved a “breakthrough in the interception and decryption of encrypted communication” in an investigation into money laundering. The encrypted messages, according to the statement, were sent by IronChat, an app that runs on a device that cost thousands of dollars and could send only text messages.

“Criminals thought they could safely communicate with so-called crypto phones which used the application Ironchat,” Tuesday’s statement said. “Police experts in the east of the Netherlands have succeeded in gaining access to this communication. As a result, the police have been able to watch live the communication between criminals for some time.”

Read 10 remaining paragraphs | Comments

Posted in Biz & IT, cryptography, encryption, messengers, Policy | Comments (0)