News

Disk Encryption and File Encryption

• March 06, 2020 06 Mar'20

  Intel CSME flaw deemed 'unfixable' by Positive Technologies

  Positive Technologies researchers discovered a previously disclosed vulnerability in the Intel Converged Security and Management Engine is worse than originally reported.

• March 07, 2019 07 Mar'19

  Cryptography techniques must keep pace with threats, experts warn

  Cryptographers at RSAC 2019 discussed personal data protection laws and challenges, future threats and the pressure for tech companies to work with law enforcement on decryption.

• December 20, 2018 20 Dec'18

  McAfee: When quantum computing threats strike, we won't know it

  Quantum computing systems may not be powerful enough to break current encryption protocols, but McAfee CTO Steve Grobman says it will be tough to tell when that day arrives.

• November 12, 2018 12 Nov'18

  SSD encryption failures made worse by BitLocker settings

  Researchers discover major manufacturers poorly implemented SSD encryption, allowing easy access to data, and Microsoft BitLocker made the issue worse.

• October 03, 2018 03 Oct'18

  DigiCert, Gemalto and ISARA to provide quantum-proof certificates

  Quantum computing threats are on the horizon, but DigiCert, Gemalto and ISARA have teamed up to develop new quantum-proof digital certificates and remake the PKI industry.

• May 17, 2018 17 May'18

  Risk & Repeat: Why Ray Ozzie's Clear proposal isn't so clear

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss Ray Ozzie's solution for going dark, known as Clear, and what infosec experts are saying about it.

• May 16, 2018 16 May'18

  Efail disclosure troubles highlight branded vulnerability issues

  The Efail disclosure process was one day away from completion, but attempts to generate hype for the vulnerabilities led to details leaking earlier than researchers intended.

• May 14, 2018 14 May'18

  Efail flaws highlight risky implementations of PGP and S/MIME

  The messy disclosure of the Efail flaws raised questions about the security of email encryption, while experts said S/MIME may be more at risk than some PGP implementations.

• April 06, 2018 06 Apr'18

  Risk & Repeat: New revelations in San Bernardino iPhone case

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss the OIG report's findings on the FBI's effort to unlock the iPhone of one of the San Bernardino terrorists.

• March 20, 2018 20 Mar'18

  IBM outlines visions for crypto anchors, lattice cryptography

  At IBM's Think conference, Big Blue researchers discussed new security-centric projects around blockchain databases, crypto anchors and quantum-resilient encryption.

• January 26, 2018 26 Jan'18

  FBI encryption argument draws fire from senator

  Sen. Ron Wyden challenged the FBI encryption argument and asked the FBI director to be transparent about claims that lawful access could be provided securely.

• January 24, 2018 24 Jan'18

  Risk & Repeat: Backdoor access, strong encryption debate rolls on

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss the FBI's continued criticism of encrypted devices and the risks of vendor-created backdoor access points.

• November 01, 2017 01 Nov'17

  Risk & Repeat: Responsible encryption ramps up

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss the recent push from law enforcement officials for responsible encryption and what that may mean.

• October 31, 2017 31 Oct'17

  Is "responsible encryption" the new answer to "going dark"?

  "Three may keep a Secret, if two of them are dead." So wrote Benjamin Franklin, in Poor Richard's Almanack, in 1735. Franklin knew a thing or two about secrets, as well as about cryptography, given ...

• October 18, 2017 18 Oct'17

  ROCA RSA flaw unveils secret keys on wide range of devices

  Researchers disclosed the ROCA RSA vulnerability as a dangerous flaw in the cryptographic code of Infineon chips that could undermine encryption key security for a number of devices.

• October 13, 2017 13 Oct'17

  DOJ's 'responsible encryption' is the new 'going dark'

  News roundup: The DOJ calls for 'responsible encryption' to comply with court orders. Plus, there's more bad cybersecurity news for banks, and Accenture data in AWS gets exposed.

• April 07, 2017 07 Apr'17

  State Department hack and APT29 prove attacker resilience

  News Roundup: 'Hand-to-hand' combat in State Department hack, APT29 has a stealth backdoor, the creator of the internet backs strong encryption, and more.

• April 05, 2017 05 Apr'17

  Risk & Repeat: Strong encryption under fire again

  In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the latest round of the encryption debate and what it means for apps that use strong encryption.

• March 30, 2017 30 Mar'17

  Experts debunk strong encryption claims by FBI's Comey

  FBI Director James Comey clearly laid out his views on strong encryption and urged more conversation, but experts say his arguments fall flat and may even be misleading.

• March 24, 2017 24 Mar'17

  Encryption debate needs to be nuanced, FBI's Comey says

  FBI Director James Comey brought the encryption debate back to the forefront by asking for a 'nuanced and thoughtful' conversation on the topic before there is a serious attack.

• February 16, 2017 16 Feb'17

  Experts debate national cybersecurity policy suggestions at RSAC 2017

  Experts at RSAC 2017 discussed national cybersecurity policy suggestions for the new presidential administration, including what to do about encryption and the DHS mission.

• December 20, 2016 20 Dec'16

  Google Project Wycheproof offers testing suite for crypto libraries

  Google offers developers a new tool, Project Wycheproof, to strengthen crypto libraries with a testing suite to check libraries for known weaknesses.

• October 13, 2016 13 Oct'16

  Researchers demonstrate undetectable encryption backdoor in crypto keys

  Academic researchers show how to place undetectable encryption backdoors in cryptographic keys and passively decrypt data, which could undermine confidence in certain algorithms.

• September 13, 2016 13 Sep'16

  Burr-Feinstein bill still looks to force companies to break encryption

  Revisions to the Burr-Feinstein Compliance with Court Orders Act are allegedly circulating, but there are questions about how close the bill is to being resurrected.

• September 01, 2016 01 Sep'16

  FBI wants 'adult' conversation about 'going dark' encryption debate

  FBI Director James Comey wants to have an 'adult' conversation on the encryption debate, but many think that means ignoring experts and embracing the 'going dark' argument.

• July 01, 2016 01 Jul'16

  House Homeland Security Committee proposes encryption debate commission

  The House Homeland Security Committee officially proposed the creation of a commission to study both sides of the encryption debate and provide official recommendations.

• July 01, 2016 01 Jul'16

  Enterprise encryption strategies rise as firms' use of encryption grows

  Report: Enterprise encryption is on the rise as firms embrace use of encryption strategies; also, new Bart ransomware, IRS drops e-file PIN tool, and more.

• June 20, 2016 20 Jun'16

  CIA chief denies encryption backdoor effect on U.S. business

  The director of the CIA denied that a government-mandated encryption backdoor would have an effect on U.S. business, but experts said the statement ignores the global market.

• June 09, 2016 09 Jun'16

  Petraeus slams encryption backdoors, supports Apple

  Speaking at the Cloud Identity Summit, Gen. David H. Petraeus blasted the FBI's recent efforts to compel Apple to break the company's own encryption protection.

• June 02, 2016 02 Jun'16

  Crypto-confusion: The search for the real bitcoin creator continues

  In this Risk & Repeat podcast, SearchSecurity editors discuss Craig Wright's failed effort to prove he is bitcoin creator Satoshi Nakamoto and what that means for cryptocurrency.

• May 24, 2016 24 May'16

  Sorry Mr. Snowden -- encryption isn't the only path to security

  Encryption shouldn't be used to protect people from themselves, especially if it gets in the way of innovation.

• April 22, 2016 22 Apr'16

  'Going dark' battle moves to Congressional encryption hearing

  Experts face off in Congress over 'going dark' encryption debate, stake out positions on security, privacy and government access; polls show support for strong encryption.

• April 15, 2016 15 Apr'16

  Burr-Feinstein draft bill fuels encryption debate

  The encryption debate continues with release of the official draft of Burr-Feinstein 'Compliance with Court Orders Act of 2016' mandating court order compliance.

• April 08, 2016 08 Apr'16

  Encrypted messaging for all, as WhatsApp encryption announced

  WhatsApp encryption was turned on for all types of messaging, including group chats, which advanced the conversation on 'going dark,' as new encryption legislation draft goes public.

• April 01, 2016 01 Apr'16

  Apple-FBI suit dropped, but crypto wars continue

  Roundup: After the Apple-FBI suit, ACLU reports U.S. ramping up crypto wars with All Writs suits for at least 63 iOS, Android devices; Senator Wyden stands up for strong crypto.

• March 03, 2016 03 Mar'16

  DOD announces 'Hack the Pentagon' bug bounty program

  Defense Secretary Ashton Carter announces the 'Hack the Pentagon' bug bounty program and new Defense Innovation Advisory Board to be headed by Eric Schmidt.

• March 03, 2016 03 Mar'16

  Government encryption backdoor debate is more nuanced at RSAC

  RSAC panelists had a spirited and nuanced debate about government encryption backdoors, and the topic is more difficult to parse than expected.

• March 01, 2016 01 Mar'16

  Microsoft sounds the bell for strong encryption, privacy

  Microsoft's top lawyer criticized the U.S. government's efforts to undermine strong encryption, and called on the industry to support and defend the technology.

• February 24, 2016 24 Feb'16

  RSA Conference 2016: An opportunity to take a stand

  The technology industry has allowed the debate over encryption and "going dark" to get out of hand. But it can start to right that wrong at RSA Conference next week.

• February 17, 2016 17 Feb'16

  Court rules Apple needs iPhone backdoor; Tim Cook opposes

  A court order has ruled that Apple needs to create an iPhone backdoor to unlock the device used by the gunman in the San Bernardino killings, but Tim Cook opposed the ruling.

• February 04, 2016 04 Feb'16

  Former CIA/NSA director Hayden supports strong encryption

  Former CIA and NSA director General Michael Hayden came out in favor of strong encryption but representatives in Congress and the Senate are continuing to pursue encryption backdoor legislation.

• February 01, 2016 01 Feb'16

  Harvard report: Metadata means there is no 'going dark' for the FBI

  A new report from Harvard said data 'going dark' in the face of strong encryption shouldn't be a problem for law enforcement and intelligence agencies.

• December 17, 2015 17 Dec'15

  Experts: Lawmakers don't understand encryption backdoor problems

  Strong encryption and encryption backdoors have become hot topics in the world of lawmakers and politicians, but security experts said those people don't understand the problem.

• December 10, 2015 10 Dec'15

  FBI: Encryption backdoor laws are unnecessary, if companies comply

  FBI Director James Comey is sticking to the message that the FBI doesn't want encryption backdoor legislation, but one senator doesn't expect companies to comply without the legal impetus.

• November 18, 2015 18 Nov'15

  Going dark: FBI continues effort to bypass encryption

  The FBI's effort to gain access to encrypted devices and data has led to a standoff with technology companies, such as Apple. Here's where the 'going-dark' debate stands.

• October 09, 2015 09 Oct'15

  Safe Harbor agreement invalid: Privacy win or enterprise woe?

  News roundup: The EU Court has invalidated the Safe Harbor agreement, leaving companies scrambling to deal with overseas data transfers securely. Plus: SHA-1 collision attack; NIST email security initiatives; worry over cyberthreats.

• October 02, 2015 02 Oct'15

  As EMV adoption lags, industry remains optimistic

  News roundup: Despite a low adoption rate going into the liability shift, many in the industry are optimistic about the future of EMV use. Plus: TrueCrypt flaws; AWS crypto keys stolen; women in infosec.

• July 17, 2015 17 Jul'15

  Subway app reverse engineering highlights uptick in mobile app safety

  News roundup: Are the tides turning on mobile app safety? One white hat hacker's attempt to reverse-engineer the Subway app offers surprising results. Plus: CloudFlare Transparency Report; another call to eliminate RC4; Black Hat attendant survey.

• July 10, 2015 10 Jul'15

  FBI: We don't want a government backdoor, just access to encrypted data

  News roundup: Despite the benefits of encryption, FBI Director James Comey says it inhibits legal investigations. It's up to tech companies to help. Plus, read about major "computer glitches," Kali 2.0 and more.

• June 12, 2015 12 Jun'15

  White House, Apple join the fight for HTTPS encryption

  News roundup: The call for ubiquitous HTTPS has grown stronger as of late; the White House and Apple are hoping to help push the movement. Plus: The cost of cybersecurity management to rise 38%; a 165% ransomware increase; gender salary gap closes?

• June 05, 2015 05 Jun'15

  Facebook, Google, Mozilla raise the bar with new user privacy controls

  News roundup: New settings and options to boost user privacy and security are emerging on major websites, but is it enough?

• May 22, 2015 22 May'15

  Government backdoor security concerns prompt letter to president

  As privacy and security concerns rise, President Obama is urged to dismiss the call for government backdoors.

• February 10, 2015 10 Feb'15

  Voltage Security acquisition to bolster HP's data protection offerings

  HP has agreed to acquire encryption vendor Voltage Security. Gartner says the move will bolster HP's data protection and cloud security products.

• November 21, 2014 21 Nov'14

  Encryption everywhere: Debating the risks and rewards

  News roundup: As the industry responds to growing demand for end-to-end Internet encryption, some fear unintended consequences. Plus: Black hats wanted; Windows Phone survives Pwn2Own; webcam spying resurgence.

• July 02, 2014 02 Jul'14

  OpenSSL Project establishes roadmap for future OpenSSL security

  Heartbleed exposed a number of long-standing issues at OpenSSL, but the open source encryption project has laid out plans to improve the organization.

• June 10, 2014 10 Jun'14

  CryptoLocker takedown unlikely to deter growing ransomware

  CryptoLocker's infrastructure may be down for now, but experts say the easy money that can be made from ransomware means it is here to stay.

• May 30, 2014 30 May'14

  TrueCrypt shutdown: Little warning, explanation given by developers

  For enterprises, the sudden shuttering of the disk-encryption utility TrueCrypt highlights the risk of using open source security tools.

• April 10, 2014 10 Apr'14

  What are the effects of the ongoing NSA encryption-cracking scandal?

  Video: Cryptography Research Inc. president Paul Kocher details how the ongoing NSA encryption-cracking scandal affects trusted crypto algorithms.

• April 01, 2014 01 Apr'14

  Data encryption, notification and the NIST Cybersecurity Framework

  Awkward? The NIST Cybersecurity Framework arrives as the U.S. government struggles to counter negative reports on its data privacy and encryption standards.

• February 25, 2014 25 Feb'14

  RSA 2014: Coviello downplays relationship between RSA and NSA

  In his 2014 RSA Conference keynote, Art Coviello downplayed RSA's relationship with NSA, inferring different NSA groups cause perception problems.

• February 05, 2014 05 Feb'14

  Amid Microsoft MD5 deprecation, experts warn against SHA-1 algorithm

  With Microsoft's MD5 deprecation set for next week, experts say companies must be careful to avoid other weak protocols, like SHA-1.

• January 10, 2014 10 Jan'14

  Strikes, fouls aplenty in 2014 RSA Conference boycott, MLB HoF vote

  Executive Editor Eric B. Parizo explains why the 2014 RSA Conference boycott, like the MLB Hall of Fame voting, is driven by a crisis of conscience.

• December 18, 2013 18 Dec'13

  CloudFlare goes hunting for better server encryption with Red October

  CloudFlare hopes its open-sourced Red October server encryption software, based on the 'two-man rule,' can help thwart rogue insiders and secure Web.

• October 30, 2013 30 Oct'13

  P2PE milestone: PCI SSC OKs first point-to-point encryption product

  The PCI SSC says hardware-based point-to-point encryption (P2PE) will better secure merchant card data and make PCI DSS compliance easier.

• June 17, 2013 17 Jun'13

  Gary McGraw: NSA data collection programs demand discussion, scrutiny

  Opinion: Gary McGraw details the various and sundry NSA data collection programs and explains why all its efforts demand new discussion and scrutiny.

• March 20, 2013 20 Mar'13

  Certain Cisco IOS, IOS XE devices susceptible to brute-force attacks

  Cisco has issued a security advisory after Hashcat researchers disclosed a password flaw in IOS and IOS XE devices that enable brute-force attacks.

• December 19, 2012 19 Dec'12

  Dell acquires Credant Technologies for device encryption

  Dell said the addition of Credant bolsters its data protection strategy by adding encryption capabilities for laptops and mobile devices.

• November 15, 2012 15 Nov'12

  NASA to deploy whole-disk encryption following breach

  Stolen laptop contained the sensitive data on a large number of employees and contractors. The information was not encrypted.

• July 30, 2012 30 Jul'12

  Black Hat 2012: SSL handling weakness leads to remote wipe hack

  Researcher Peter Hannay's man-in-the-middle attack exploited an SSL handing flaw to remotely wipe Android and iOS mobile devices via Exchange server.

• May 02, 2012 02 May'12

  SSC's new PCI point-to-point encryption guidance outlines testing procedures

  New PCI DSS guidance on point-to-point encryption outlines product testing requirements, and urges more merchant-acquirer collaboration.

• October 25, 2011 25 Oct'11

  Researchers break W3C XML encryption algorithm, push for new standard

  Researchers in Germany have demonstrated weaknesses in the W3C XML encryption standard used to secure websites and other Web applications.

• September 16, 2011 16 Sep'11

  PCI Council issues point-to-point encryption validation requirements

  A new validation program will certify point-to-point encryption systems that use devices for encryption and decryption as well as hardware security modules.

• March 15, 2011 15 Mar'11

  Auditors choose encryption over tokenization for data security, survey finds

  A Ponemon Institute survey of more than 500 auditors finds most prefer data encryption over tokenization to protect sensitive data.

• June 23, 2010 23 Jun'10

  Tokenization vs encryption: RSA touts tokens to reduce PCI DSS pain

  Payment industry executives and security experts are currently debating over the right way to preserve and protect credit card data. Merchants can choose between a variety of formats, from format preserving encryption, which replaces the 16-digit ...

• April 29, 2010 29 Apr'10

  Symantec acquires PGP, GuardianEdge for encryption, key management

  Symantec said it would integrate PGP's key management platform into the Symantec Protection Center and add encryption capabilities to boost its endpoint protection offerings.

• March 04, 2010 04 Mar'10

  At RSA Conference, experts dismiss end-to-end encryption claims

  Payment industry "buzz" term isn't really reality, say some industry experts at RSA Conference 2010.

• March 02, 2010 02 Mar'10

  NSA, cryptoexperts jab at RSA Conference 2010 Cryptographers' Panel

  A good-natured spat between cryptography pioneers and a former NSA technical director spices up the annual Cryptographers' Panel at RSA Conference 2010.

• November 19, 2009 19 Nov'09

  Health Net healthcare data breach affects1.5 million

  A lost hard drive contained seven years of patient data including Social Security numbers and medical records of more than a million Health Net customers.

• October 26, 2009 26 Oct'09

  Heartland CIO is critical of First Data's credit card tokenization plan

  First Data Corp. uses RSA software for tokenization, providing a possible threat vector for attackers, says Heartland CIO Steven Elefant.

• October 26, 2009 26 Oct'09

  Heartland CIO on end-to-end encryption, credit card tokenization

  Steven Elefant, CIO of Princeton, NJ-based Heartland Payment Systems Inc., is leading development on the payment processor's E3 end-to-end encryption plan and new secure payment terminals. Elefant, who joined Heartland last year, said the payment ...

• October 02, 2009 02 Oct'09

  Voltage, RSA spar over tokenization, data protection

  Voltage cites performance issues and the creation of a repository of cardholder data an attractive target for attackers. RSA calls Voltage's claims unfounded.

• June 18, 2009 18 Jun'09

  Database monitoring, encryption vital in tight economy, Forrester says

  A new report from Forrester Research Inc. examines eight database and server data security technologies and recommends small steps that can make a big difference.

• April 29, 2009 29 Apr'09

  Encryption in data management should never be ignored, expert says

  It isn't always convenient to encrypt sensitive data as part of an e-discovery process, but a data management expert at the Computer Forensics Show said its use is essential.

• March 16, 2009 16 Mar'09

  Portable security storage device could replace OTP devices

  A new USB-like device, hardened with security features, could overtake one-time password devices and give end users flash memory to carry around encrypted data.

• February 13, 2009 13 Feb'09

  Massachusetts data protection, encryption law extended

  Law now taking effect Jan. 1, 2010 would require any business collecting information on Massachusetts residents to encrypt sensitive data, protecting it from data leakage.

• February 03, 2009 03 Feb'09

  Encrypt now to meet new Mass. data protection law

  A Massachusetts law taking effect in May requires encryption and could have organizations implementing the mandates across the board nationwide as the path of least resistance.

• September 29, 2008 29 Sep'08

  Oracle DBAs cite lack of security measures

  A new survey conducted by the Independent Oracle Users Group found that many organizations are failing to use database security tools and lock down critical systems.

• July 28, 2008 28 Jul'08

  Sophos to acquire mobile data protection company Utimaco

  The independent mobile data protection market continues to shrink with Sophos' endpoint encryption acquisition.

• June 12, 2008 12 Jun'08

  Websense, Reconnex top Forrester ranking of DLP vendors

  The data leakage prevention market is branching out into automating data classification, analysis and device management, according to a report from Forrester Research Inc.

• October 09, 2007 09 Oct'07

  McAfee acquires SafeBoot for endpoint encryption

  McAfee is acquiring endpoint encryption vendor SafeBoot Corp. in a $350 million deal to bolster the antivirus vendor's mobile device security software.

• May 22, 2007 22 May'07

  Database authentication, encryption getting priority in some businesses

  While more organizations are seeking database authentication and encryption technologies, others are turning to database monitoring to secure data.

• January 10, 2007 10 Jan'07

  Federal government pushes full disk encryption

  Businesses need to follow the federal government's lead in reducing data breaches by holding employees responsible and examining full disk encryption (FDE) products.

• October 12, 2006 12 Oct'06

  Utimaco strives for ultimate mobile encryption

  With new U.S. government initiatives to protect data, data encryption on mobile devices is becoming a must-have for many firms. As The 451 Group's Nick Selby writes, German vendor Utimaco Safeware is rapidly expanding its presence in the U.S. using ...

• October 13, 2005 13 Oct'05

  Symantec fixes 'critical' Veritas flaw

  Attackers could launch malicious code by exploiting a security hole in Veritas NetBackup servers and clients. But Symantec has released a fix.

• April 28, 2003 28 Apr'03

  Experts: Encryption not a security cure-all

  Enterprises have to understand what security problems they have before deciding whether to encrypt data or secure the network or system on which that data is traveling.