Sources on this Page

> Headlines by Category

 Home / Technology / Security / Authentication & Encryption

You are using the plain HTML view, switch to advanced view for a more complete experience.

Google shifts on email encryption tool, leaving its fate unclear

Google is asking developers to take over its effort to make end-to-end email encryption more user-friendly, raising questions over whether it'll ever become an official feature in the company’s browser.

On Friday, the search giant said its email encryption tool, originally announced in 2014, was no longer a Google product. Instead, it's become a "full community-driven open source project," the company said in a blog post.

The tool is designed to work as an extension to Google's Chrome browser that uses the OpenPGP standard to encrypt emails, ensuring that only the recipient can read them, and not the email provider or a government.  

To read this article in full or to leave a comment, please click here

SHA-1 collision can break SVN code repositories

A recently announced SHA-1 collision attack has the potential to break code repositories that use the Subversion (SVN) revision control system. The first victim was the repository for the WebKit browser engine that was corrupted after someone committed two different PDF files with the same SHA-1 hash to it.

The incident happened hours after researchers from Google and Centrum Wiskunde & Informatica (CWI) in the Netherlands announced the first practical collision attack against the SHA-1 hash function on Thursday. Their demonstration consisted of creating two PDF files with different contents that had the same SHA-1 digest.

To read this article in full or to leave a comment, please click here

SK Telecom pushes for interoperable quantum crypto systems

SK Telecom and Nokia have developed a prototype quantum cryptography system that combines the South Korean company's quantum key server with an encryption device from Nokia.

The system, shown Monday at Mobile World Congress in Barcelona, was put together to demonstrate interoperability between the two vendors and comes as SK Telecom kicks off a push to get telecom carriers and equipment vendors working together on next-generation quantum-secured networks.

Quantum cryptography involves the transmission of encryption keys across fiber optic networks. It relies on the principles of quantum mechanics to detect if an eavesdropper has viewed a key en route.

To read this article in full or to leave a comment, please click here

By virtualizing the Android OS, Cog Systems says it adds more security to smartphones

It sounds like a smartphone user's worst fear: Software that starts up before the phone's operating system, intercepting and encrypting every byte sent to or from the flash memory or the network interface.

This is not some new kind of ransomware, though. This is the D4 Secure Platform from Cog Systems.

The product grew out of custom security software the company developed for governments, and which it saw could also be put to use in the enterprise as a way to make smartphones more productive while still maintaining a high level of security.

It includes a Type 1 hypervisor, a virtualized VPN and additional storage encryption that wrap the standard Android OS in additional layers of protection largely invisible to the end user.

To read this article in full or to leave a comment, please click here

IDG Contributor Network: February Patch Tuesday updated

Microsoft released a single update last week with this February Patch Tuesday, after a week's delay. Or, perhaps MS17-005 is considered an out-of-band update from Microsoft?

I am not sure, as it does not look like we will see the usual accompanying updates to Microsoft, .NET and the Windows (desktop and server) platforms. This sole update to Adobe Flash Player is worth deploying immediately. Evergreen browsers such as Microsoft Edge and Google Chrome will automatically update (using the default settings) and so will patch this serious memory-related vulnerability in Flash Player. 

To read this article in full or to leave a comment, please click here

MWC 2017: Avast finds over 5.3 million hackable smart devices in Spain

Since Mobile World Congress takes place in Barcelona, security product vendor Avast took aim at the Internet of Things there. Among the findings in this latest research experiment, Avast discovered there were more than 22,000 webcams and baby monitors which are vulnerable to attack. Of course this is not a problem only in Spain, but hacking vulnerable baby monitors and webcams to spy on unsuspecting people in their homes is especially creepy and invasive.

Avast has a habit of conducting Wi-Fi experiments at big events such as the Republican National Convention and Mobile World Congress 2016. The research for MWC 2017 dived deeper than IoT flaws in Barcelona as Avast also took a look at IoT security in Spain and found it lacking. It found more than 5.3 million vulnerable smart devices in Spain, 493,000 of those in Barcelona.

To read this article in full or to leave a comment, please click here

RSA Conference is a timesaver

I spent several days in San Francisco on my annual pilgrimage to the RSA security conference.

This year, I attended a few sessions related to cloud security, privacy and compliance, since my world these days is consumed with enhancing the security of our cloud platform and addressing the never-ending burden of maintaining compliance with the likes of PCI, SSAE 16, SOC 2 and HIPAA, and the recent changes related to Privacy Shield, which is the replacement for the European Union’s Safe Harbor.

To read this article in full or to leave a comment, please click here

Now THAT'S secure!

When it comes to website security questions, this pilot fish has a bad attitude -- and that's "bad" spelled P-R-A-C-T-I-C-A-L.

"When they let me write my own questions, I write stuff like 'Top line of the Spanish text on the control box of the computer speakers,'" says fish.

"It's easy enough for me to find that answer -- just look down and read it -- but unless you're in my house or know exactly what speakers I bought five years ago, you aren't gonna get it.

"Otherwise, I usually type in nonsense, because I don't forget my passwords.

"Then sometimes the company has a security breach, locks every affected account and says, 'You'll need to reset your password using your security questions.'

To read this article in full or to leave a comment, please click here

Post Selected Items to:

Showing 10 items of 157

home  •   advertising  •   terms of service  •   privacy  •   about us  •   contact us  •   press release design by Popshop •   © 1999-2017 NewsKnowledge