Disk Encryption and File Encryption
- March 06, 2020
Positive Technologies researchers discovered a previously disclosed vulnerability in the Intel Converged Security and Management Engine is worse than originally reported.
- March 07, 2019
Cryptographers at RSAC 2019 discussed personal data protection laws and challenges, future threats and the pressure for tech companies to work with law enforcement on decryption.
- December 20, 2018
Quantum computing systems may not be powerful enough to break current encryption protocols, but McAfee CTO Steve Grobman says it will be tough to tell when that day arrives.
- November 12, 2018
Researchers discover major manufacturers poorly implemented SSD encryption, allowing easy access to data, and Microsoft BitLocker made the issue worse.
- October 03, 2018
Quantum computing threats are on the horizon, but DigiCert, Gemalto and ISARA have teamed up to develop new quantum-proof digital certificates and remake the PKI industry.
- May 17, 2018
In this week's Risk & Repeat podcast, SearchSecurity editors discuss Ray Ozzie's solution for going dark, known as Clear, and what infosec experts are saying about it.
- May 16, 2018
The Efail disclosure process was one day away from completion, but attempts to generate hype for the vulnerabilities led to details leaking earlier than researchers intended.
- May 14, 2018
The messy disclosure of the Efail flaws raised questions about the security of email encryption, while experts said S/MIME may be more at risk than some PGP implementations.
- April 06, 2018
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the OIG report's findings on the FBI's effort to unlock the iPhone of one of the San Bernardino terrorists.
- March 20, 2018
At IBM's Think conference, Big Blue researchers discussed new security-centric projects around blockchain databases, crypto anchors and quantum-resilient encryption.
- January 26, 2018
Sen. Ron Wyden challenged the FBI encryption argument and asked the FBI director to be transparent about claims that lawful access could be provided securely.
- January 24, 2018
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the FBI's continued criticism of encrypted devices and the risks of vendor-created backdoor access points.
- November 01, 2017
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the recent push from law enforcement officials for responsible encryption and what that may mean.
- October 31, 2017
"Three may keep a Secret, if two of them are dead." So wrote Benjamin Franklin, in Poor Richard's Almanack, in 1735. Franklin knew a thing or two about secrets, as well as about cryptography, given ...
- October 18, 2017
Researchers disclosed the ROCA RSA vulnerability as a dangerous flaw in the cryptographic code of Infineon chips that could undermine encryption key security for a number of devices.
- October 13, 2017
News roundup: The DOJ calls for 'responsible encryption' to comply with court orders. Plus, there's more bad cybersecurity news for banks, and Accenture data in AWS gets exposed.
- April 07, 2017
News Roundup: 'Hand-to-hand' combat in State Department hack, APT29 has a stealth backdoor, the creator of the internet backs strong encryption, and more.
- April 05, 2017
In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the latest round of the encryption debate and what it means for apps that use strong encryption.
- March 30, 2017
FBI Director James Comey clearly laid out his views on strong encryption and urged more conversation, but experts say his arguments fall flat and may even be misleading.
- March 24, 2017
FBI Director James Comey brought the encryption debate back to the forefront by asking for a 'nuanced and thoughtful' conversation on the topic before there is a serious attack.
- February 16, 2017
Experts at RSAC 2017 discussed national cybersecurity policy suggestions for the new presidential administration, including what to do about encryption and the DHS mission.
- December 20, 2016
Google offers developers a new tool, Project Wycheproof, to strengthen crypto libraries with a testing suite to check libraries for known weaknesses.
- October 13, 2016
Academic researchers show how to place undetectable encryption backdoors in cryptographic keys and passively decrypt data, which could undermine confidence in certain algorithms.
- September 13, 2016
Revisions to the Burr-Feinstein Compliance with Court Orders Act are allegedly circulating, but there are questions about how close the bill is to being resurrected.
- September 01, 2016
FBI Director James Comey wants to have an 'adult' conversation on the encryption debate, but many think that means ignoring experts and embracing the 'going dark' argument.
- July 01, 2016
The House Homeland Security Committee officially proposed the creation of a commission to study both sides of the encryption debate and provide official recommendations.
- July 01, 2016
Report: Enterprise encryption is on the rise as firms embrace use of encryption strategies; also, new Bart ransomware, IRS drops e-file PIN tool, and more.
- June 20, 2016
The director of the CIA denied that a government-mandated encryption backdoor would have an effect on U.S. business, but experts said the statement ignores the global market.
- June 09, 2016
Speaking at the Cloud Identity Summit, Gen. David H. Petraeus blasted the FBI's recent efforts to compel Apple to break the company's own encryption protection.
- June 02, 2016
In this Risk & Repeat podcast, SearchSecurity editors discuss Craig Wright's failed effort to prove he is bitcoin creator Satoshi Nakamoto and what that means for cryptocurrency.
- May 24, 2016
Encryption shouldn't be used to protect people from themselves, especially if it gets in the way of innovation.
- April 22, 2016
Experts face off in Congress over 'going dark' encryption debate, stake out positions on security, privacy and government access; polls show support for strong encryption.
- April 15, 2016
The encryption debate continues with release of the official draft of Burr-Feinstein 'Compliance with Court Orders Act of 2016' mandating court order compliance.
- April 08, 2016
WhatsApp encryption was turned on for all types of messaging, including group chats, which advanced the conversation on 'going dark,' as new encryption legislation draft goes public.
- April 01, 2016
Roundup: After the Apple-FBI suit, ACLU reports U.S. ramping up crypto wars with All Writs suits for at least 63 iOS, Android devices; Senator Wyden stands up for strong crypto.
- March 03, 2016
Defense Secretary Ashton Carter announces the 'Hack the Pentagon' bug bounty program and new Defense Innovation Advisory Board to be headed by Eric Schmidt.
- March 03, 2016
RSAC panelists had a spirited and nuanced debate about government encryption backdoors, and the topic is more difficult to parse than expected.
- March 01, 2016
Microsoft's top lawyer criticized the U.S. government's efforts to undermine strong encryption, and called on the industry to support and defend the technology.
- February 24, 2016
The technology industry has allowed the debate over encryption and "going dark" to get out of hand. But it can start to right that wrong at RSA Conference next week.
- February 17, 2016
A court order has ruled that Apple needs to create an iPhone backdoor to unlock the device used by the gunman in the San Bernardino killings, but Tim Cook opposed the ruling.
- February 04, 2016
Former CIA and NSA director General Michael Hayden came out in favor of strong encryption but representatives in Congress and the Senate are continuing to pursue encryption backdoor legislation.
- February 01, 2016
A new report from Harvard said data 'going dark' in the face of strong encryption shouldn't be a problem for law enforcement and intelligence agencies.
- December 17, 2015
Strong encryption and encryption backdoors have become hot topics in the world of lawmakers and politicians, but security experts said those people don't understand the problem.
- December 10, 2015
FBI Director James Comey is sticking to the message that the FBI doesn't want encryption backdoor legislation, but one senator doesn't expect companies to comply without the legal impetus.
- November 18, 2015
The FBI's effort to gain access to encrypted devices and data has led to a standoff with technology companies, such as Apple. Here's where the 'going-dark' debate stands.
- October 09, 2015
News roundup: The EU Court has invalidated the Safe Harbor agreement, leaving companies scrambling to deal with overseas data transfers securely. Plus: SHA-1 collision attack; NIST email security initiatives; worry over cyberthreats.
- October 02, 2015
News roundup: Despite a low adoption rate going into the liability shift, many in the industry are optimistic about the future of EMV use. Plus: TrueCrypt flaws; AWS crypto keys stolen; women in infosec.
- July 17, 2015
News roundup: Are the tides turning on mobile app safety? One white hat hacker's attempt to reverse-engineer the Subway app offers surprising results. Plus: CloudFlare Transparency Report; another call to eliminate RC4; Black Hat attendant survey.
- July 10, 2015
News roundup: Despite the benefits of encryption, FBI Director James Comey says it inhibits legal investigations. It's up to tech companies to help. Plus, read about major "computer glitches," Kali 2.0 and more.
- June 12, 2015
News roundup: The call for ubiquitous HTTPS has grown stronger as of late; the White House and Apple are hoping to help push the movement. Plus: The cost of cybersecurity management to rise 38%; a 165% ransomware increase; gender salary gap closes?
- June 05, 2015
News roundup: New settings and options to boost user privacy and security are emerging on major websites, but is it enough?
- May 22, 2015
As privacy and security concerns rise, President Obama is urged to dismiss the call for government backdoors.
- February 10, 2015
HP has agreed to acquire encryption vendor Voltage Security. Gartner says the move will bolster HP's data protection and cloud security products.
- November 21, 2014
News roundup: As the industry responds to growing demand for end-to-end Internet encryption, some fear unintended consequences. Plus: Black hats wanted; Windows Phone survives Pwn2Own; webcam spying resurgence.
- July 02, 2014
Heartbleed exposed a number of long-standing issues at OpenSSL, but the open source encryption project has laid out plans to improve the organization.
- June 10, 2014
CryptoLocker's infrastructure may be down for now, but experts say the easy money that can be made from ransomware means it is here to stay.
- May 30, 2014
For enterprises, the sudden shuttering of the disk-encryption utility TrueCrypt highlights the risk of using open source security tools.
- April 10, 2014
Video: Cryptography Research Inc. president Paul Kocher details how the ongoing NSA encryption-cracking scandal affects trusted crypto algorithms.
- April 01, 2014
Awkward? The NIST Cybersecurity Framework arrives as the U.S. government struggles to counter negative reports on its data privacy and encryption standards.
- February 25, 2014
In his 2014 RSA Conference keynote, Art Coviello downplayed RSA's relationship with NSA, inferring different NSA groups cause perception problems.
- February 05, 2014
With Microsoft's MD5 deprecation set for next week, experts say companies must be careful to avoid other weak protocols, like SHA-1.
- January 10, 2014
Executive Editor Eric B. Parizo explains why the 2014 RSA Conference boycott, like the MLB Hall of Fame voting, is driven by a crisis of conscience.
- December 18, 2013
CloudFlare hopes its open-sourced Red October server encryption software, based on the 'two-man rule,' can help thwart rogue insiders and secure Web.
- October 30, 2013
The PCI SSC says hardware-based point-to-point encryption (P2PE) will better secure merchant card data and make PCI DSS compliance easier.
- June 17, 2013
Opinion: Gary McGraw details the various and sundry NSA data collection programs and explains why all its efforts demand new discussion and scrutiny.
- March 20, 2013
Cisco has issued a security advisory after Hashcat researchers disclosed a password flaw in IOS and IOS XE devices that enable brute-force attacks.
- December 19, 2012
Dell said the addition of Credant bolsters its data protection strategy by adding encryption capabilities for laptops and mobile devices.
- November 15, 2012
Stolen laptop contained the sensitive data on a large number of employees and contractors. The information was not encrypted.
- July 30, 2012
Researcher Peter Hannay's man-in-the-middle attack exploited an SSL handing flaw to remotely wipe Android and iOS mobile devices via Exchange server.
- May 02, 2012
New PCI DSS guidance on point-to-point encryption outlines product testing requirements, and urges more merchant-acquirer collaboration.
- October 25, 2011
Researchers in Germany have demonstrated weaknesses in the W3C XML encryption standard used to secure websites and other Web applications.
- September 16, 2011
A new validation program will certify point-to-point encryption systems that use devices for encryption and decryption as well as hardware security modules.
- March 15, 2011
A Ponemon Institute survey of more than 500 auditors finds most prefer data encryption over tokenization to protect sensitive data.
- June 23, 2010
Payment industry executives and security experts are currently debating over the right way to preserve and protect credit card data. Merchants can choose between a variety of formats, from format preserving encryption, which replaces the 16-digit ...
- April 29, 2010
Symantec said it would integrate PGP's key management platform into the Symantec Protection Center and add encryption capabilities to boost its endpoint protection offerings.
- March 04, 2010
Payment industry "buzz" term isn't really reality, say some industry experts at RSA Conference 2010.
- March 02, 2010
A good-natured spat between cryptography pioneers and a former NSA technical director spices up the annual Cryptographers' Panel at RSA Conference 2010.
- November 19, 2009
A lost hard drive contained seven years of patient data including Social Security numbers and medical records of more than a million Health Net customers.
- October 26, 2009
First Data Corp. uses RSA software for tokenization, providing a possible threat vector for attackers, says Heartland CIO Steven Elefant.
- October 26, 2009
Steven Elefant, CIO of Princeton, NJ-based Heartland Payment Systems Inc., is leading development on the payment processor's E3 end-to-end encryption plan and new secure payment terminals. Elefant, who joined Heartland last year, said the payment ...
- October 02, 2009
Voltage cites performance issues and the creation of a repository of cardholder data an attractive target for attackers. RSA calls Voltage's claims unfounded.
- June 18, 2009
A new report from Forrester Research Inc. examines eight database and server data security technologies and recommends small steps that can make a big difference.
- April 29, 2009
It isn't always convenient to encrypt sensitive data as part of an e-discovery process, but a data management expert at the Computer Forensics Show said its use is essential.
- March 16, 2009
A new USB-like device, hardened with security features, could overtake one-time password devices and give end users flash memory to carry around encrypted data.
- February 13, 2009
Law now taking effect Jan. 1, 2010 would require any business collecting information on Massachusetts residents to encrypt sensitive data, protecting it from data leakage.
- February 03, 2009
A Massachusetts law taking effect in May requires encryption and could have organizations implementing the mandates across the board nationwide as the path of least resistance.
- September 29, 2008
A new survey conducted by the Independent Oracle Users Group found that many organizations are failing to use database security tools and lock down critical systems.
- July 28, 2008
The independent mobile data protection market continues to shrink with Sophos' endpoint encryption acquisition.
- June 12, 2008
The data leakage prevention market is branching out into automating data classification, analysis and device management, according to a report from Forrester Research Inc.
- October 09, 2007
McAfee is acquiring endpoint encryption vendor SafeBoot Corp. in a $350 million deal to bolster the antivirus vendor's mobile device security software.
- May 22, 2007
While more organizations are seeking database authentication and encryption technologies, others are turning to database monitoring to secure data.
- January 10, 2007
Businesses need to follow the federal government's lead in reducing data breaches by holding employees responsible and examining full disk encryption (FDE) products.
- October 12, 2006
With new U.S. government initiatives to protect data, data encryption on mobile devices is becoming a must-have for many firms. As The 451 Group's Nick Selby writes, German vendor Utimaco Safeware is rapidly expanding its presence in the U.S. using ...
- October 13, 2005
Attackers could launch malicious code by exploiting a security hole in Veritas NetBackup servers and clients. But Symantec has released a fix.
- April 28, 2003
Enterprises have to understand what security problems they have before deciding whether to encrypt data or secure the network or system on which that data is traveling.