Encryption news, trends, analysis and practical advice

Digital Key
internet of things

150902 encrypt android

Harvard study refutes 'going dark' argument against encryption

A study from Harvard released Monday largely refutes claims that wider use of encryption in software products will hamper investigations into terrorism and crime.


Encryption bills pose challenges for Congress

Breaking encryption technology used by terrorists and criminals poses a frustrating dilemma for intelligence agencies and, most recently, congressional lawmakers.


New Android ransomware uses clickjacking to gain admin privileges

A new Android ransomware app called Lockdroid.E is abusing system dialogs to hijack user clicks and grant itself administrator privileges.

tor logo

Privacy-conscious users rejoice: You can now use Facebook's Android app over Tor

Facebook has added the option to route traffic from its Android mobile app over the Tor anonymity network.

smartphone encryption

Update: Congress eyes commission to tackle encryption debate

Bipartisan congressional legislation is on the way that would create a national commission on security and technology to addresses the growing debate over encryption technology used by terrorists.

Digital Key

OpenSSH patches leak that could expose private SSH keys

A vulnerability in OpenSSH clients could expose users' private SSH keys to rogue or compromised servers.

blue security padlock among circuitry

Google's Go upgrade fixes bug that could leak RSA private key

The flaw is tied to RSA computations in 32-bit systems

Mozilla Firefox browser

Unlike Mozilla, Google anticipated SHA-1 errors from HTTPS traffic inspection systems

Unlike Mozilla, Google plans to ban only SHA-1 certificates that were issued after Jan. 1 by public certificate authorities, not self-generated ones too.

Digital Key

Ongoing MD5 support endangers cryptographic protocols

Researchers from the INRIA institute in France have devised several attacks that prove the continued support for MD5 in cryptographic protocols is much more dangerous than previously believed.

Digital Key

Third time is no charm for failed Linux ransomware creators

Researchers found a flaw that allows them to decrypt files affected by a new version of Linux.Encoder, a file-encrypting ransomware program that infects Linux Web servers.

juniper netscreen 5200 firewall

The Juniper VPN backdoor: Buggy code with a dose of shady NSA crypto

Juniper was using a known flawed random number generator as the foundation for cryptographic operations in NetScreen's ScreenOS -- and the safeguards it put in place were ineffective.

Security online

Google joins Mozilla, Microsoft in pushing for early SHA-1 crypto cutoff

Google is considering banning certificates signed with the SHA-1 hashing function in Google Chrome starting Jul. 1.

Obama in white house speech

President Obama calls again for tech help to spot terrorist messages

But he also discussed the obstacles in doing so, in an era of encrypted smartphone apps and private social networking chats.

Digital Key

Microsoft move to revoke trust in 20 root certificates could wreak havoc on sites

Tens of thousands of secure websites might start to display certificate errors to their visitors in January, when Microsoft plans to stop trusting 20 certificate authorities (CAs) from around the world.

tim cook cybersecurity

Apple CEO defends privacy, encryption amidst terrorist concerns

Apple CEO Tim Cook staunchly defended personal privacy and the use of encryption on iPhones amidst renewed concerns about terrorists hiding covert electronic messages when they plan deadly attacks.

Easy Everyday Encryption

To break terrorist encryption, pay off Apple and Google, expert urges

Other approaches might also work. By studying a suspicious person’s handset behaviors, credit card purchases and other electronic footprints -- and even voice calls -- investigators can glean a lot about a suspicious person without...

Security online

TeslaCrypt ransomware attacks are increasing

Over the past two weeks security researchers have seen a surge in attacks using a file-encrypting ransomware program called TeslaCrypt that's known for targeting gamers in the past.

Digital Key

Google to revoke trust in a Symantec root certificate

Very soon, the Android OS, Chrome browser and other Google products will stop trusting all digital certificates that are linked to a 20-year-old Verisign root certificate that's now controlled by Symantec.

Load More