Category Archives: Encryption
Malware and HTTPS a growing love affair – Naked Security
If youre a regular Naked Security reader, youll know that weve been fans of HTTPS for years.
In fact, its nearly nine years since we published an open letter to Facebook urging the social networking giant to adopt HTTPS everywhere.
HTTPS is short for HTTP-with-Security, and it means that your browser, which uses HTTP (hypertext transport prototol) for fetching web pages, doesnt simply hook up directly to a web server to exchange data.
Instead, the HTTP information that flows between your browser and the server is wrapped inside a data stream that is encrypted using TLS, which stands for Transport Layer Security.
In other words, your browser first sets up a secure connection to-and-from the server, and only then starts sending requests and receiving replies inside this secure data tunnel.
As a result, anyone in a position to snoop on your connection another user in the coffee shop, for example, or the Wi-Fi router in the coffee shop, or the ISP that the coffee shop is connected to, or indeed almost anyone in the network path between you and the other end just sees shredded cabbage instead of the information youre sending and receiving.
But why HTTPS everywhere?
Nine years ago, Facebook was already using HTTPS at the point where you logged in, thus keeping your username and password unsnoopable, and so were many other online services.
The theory was that it would be too slow to encrypt everything, because HTTPS adds a layer of encryption and decryption at each end, and therefore just encrypting the important stuff would be good enough.
We disagreed.
Even if you didnt have an account on the service you were visiting, and therefore never needed to login, eavesdroppers could track what you looked at, and when.
As a result, theyd end up knowing an awful lot about you just the sort of stuff, in fact, that makes phishing attacks more convincing and identity theft easier.
Even worse, without any encryption, eavesdroppers can not only see what youre looking at, but also tamper with some or all of your traffic, both outbound and inbound.
If you were downloading a new app, for example, they could sneakily modify the download in transit, and thereby infect you with malware.
Anyway, all those years ago, we were pleasantly surprised to find that many of the giant cloud companies of the day including Facebook, and others such as Google seemed to agree with our disagreement.
The big players ended up switching all their web traffic from HTTP to HTTPS, even when you were uploading content that you intended to publish for the whole world to see anyway.
Fast forward to 2020, and youll hardly see any HTTP websites left at all.
Search engines now rate unencrypted sites lower than encrypted equivalents, and browsers do their best to warn you away from sites that wont talk HTTP.
Even the modest costs associated with acquiring the cryptographic certificates needed to convert your webserver from HTTP to HTTPS have dwindled to nothing.
These days, many hosting providers will set up encryption at no extra charge, and services such as Lets Encrypt will issue web certificates for free for web servers youve set up yourself.
HTTP is no longer a good look, even for simple websites that dont have user accounts, logins, passwords or any important secrets to keep.
Of course, HTTPS only applies to the network traffic it doesnt provide any sort of warranty for the truth, accuracy or correctness of what you ultimately see or download. An HTTPS server with malware on it, or with phishing pages, wont be prevented from committing cybercrimes by the presence of HTTPS. Nevertheless, we urge you to avoid websites that dont do HTTPS, if only to reduce the number of danger-points between the server and you. In an HTTP world, any and all downloads could be poisoned after they leave an otherwise safe site, a risk that HTTPS helps to minimise.
Sadly, whats good for the goose is good for the gander.
As you can probably imagine, the crooks are following where Google and Facebook led, by adopting HTTPS for their cybercriminality, too.
In fact, SophosLabs set out to measure just how much the crooks are adopting it, and over the past six months have kept track of the extent to which malware uses HTTPS.
Well, the results are out, and it makes for interesting and useful! reading.
In the paper, we didnt look at how many download sites or phishing pages are now using HTTPS, but instead at how widely malware itself is using HTTPS encryption.
Ironically, perhaps, as fewer and fewer legitimate sites are left behind to talk plain old HTTP (usually done on TCP port 80), the more and more suspicious that traffic starts to look.
Indeed, the time might not be far off where blocking plain HTTP entirely at your firewall will be a reliable and unexceptionable way of improving cybersecurity.
The good news is that by comparing malware traffic via port 80 (usually allowed through firewalls and almost entirely used for HTTP connections) and port 443 (the TCP port thats commonly used for HTTPS traffic), SophosLabs found that the crooks are still behind the curve when it comes to HTTPS adoption
but the bad news is theyre already using HTTPS for nearly one-fourth of their malware-related traffic.
Malware often uses standard-looking web connections for many reasons, including:
Go here to see the original:
Malware and HTTPS a growing love affair - Naked Security
Hardware-based Full Disk Encryption Market To Witness Growth Acceleration During 2020-2026 | Western Digital Corp, Samsung Electronics, Toshiba,…
The Global North America Hardware-based Full Disk Encryption Market Research Report gives an in-depth assessment of the market to provide accurate insights into its expected growth in the forecast duration from 2019 to 2026. The primary applications of the North America Hardware-based Full Disk Encryption have also been discussed in the report. The research study also offers an all-inclusive assessment of the Global North America Hardware-based Full Disk Encryption market demand, implementation, standardization, challenges, threats, growth opportunities, and historical analysis backed by expert opinions.
Get a Sample Copy of this Report for [emailprotected] https://www.marketexpertz.com/sample-enquiry-form/29961
The market report evaluates the market size, recent trends, and development status of the North America Hardware-based Full Disk Encryption market, along with the investment opportunities, government policies, regional analysis, market dynamics, drivers, constraints, opportunities, growth trajectory of the North America Hardware-based Full Disk Encryption market, value chain analysis, and a competitive analysis. Technological innovations will boost the output of the product, expanding its downstream applications. Furthermore, Porters Five Forces Analysis, which includes emerging players, suppliers, available alternatives, customers, and leading companies, offers critical data that helps readers get a holistic outlook of the North America Hardware-based Full Disk Encryption market.
In market segmentation by manufacturers, the report covers the following companies-
Seagate Technology PLCWestern Digital CorpSamsung ElectronicsToshibaKingstonMicron Technology IncIntel
In market segmentation by types of North America Hardware-based Full Disk Encryption, the report covers-
Hard Disk Drive (HDD) FDESolid State Drives (SSD) FDE
The evaluation also includes the rates of production and consumption, gross revenue, and average product price and market shares of key players. The information gathered is further broken down by including regional markets, production plants, and product types available in the market. Other key points, like competitive analysis and trends, concentration rate, mergers & acquisitions, expansion tactics, which are vital to establishing a business in the sector, have also been included in the report.
In market segmentation by applications of the North America Hardware-based Full Disk Encryption, the report covers the following uses-
IT & TelecomBFSIGovernment & Public UtilitiesManufacturing EnterpriseOthers
Ask for a Discount on the Global North America Hardware-based Full Disk Encryption Market Report @ https://www.marketexpertz.com/discount-enquiry-form/29961
Geographically, the report includes the research on production, consumption, revenue, market share, CAGR, and forecast (2019-2026) of the following regions:
North America
Europe
Asia Pacific
Latin America
Middle East and Africa
Chapters Covered in this report:
Chapter 1gives an overview of the North America Hardware-based Full Disk Encryption market, along with a global revenue, global production, sales, and CAGR. This chapter provides a forecast and overall assessment of the market based on product types, applications, and regions.
Chapter 2discusses the market landscape and the major players involved. It offers a competitive analysis of the global market while focusing on the essential information pertaining to the leading companies operating in the industry.
Chapter 3gives an extensive analysis of the key companies engaged in the North America Hardware-based Full Disk Encryption industry. The vital information offered in the report includes company profiles, product range, specifications, applications, end uses, and their market standing, along with an elaborate business outlook.
Chapter 4provides a global assessment of the North America Hardware-based Full Disk Encryption sector by evaluating the overall market share, gross revenue, cost structure, production, and CAGR by product types.
Chapter 5includes the applications of North America Hardware-based Full Disk Encryption by looking at the rate of consumption as well as the growth trajectory of each application in recent years.
Chapter 6looks at the rate of production, consumption, export/import status, and the demand-supply dynamics, as observed in the regional markets of the North America Hardware-based Full Disk Encryption sector.
Chapter 7focuses on the revenue generation, production, pricing volatility, cost structure, and profit margin of North America Hardware-based Full Disk Encryption in the leading regions. The analysis of production, revenue, price, and gross margin of the different regions has also been included in this chapter.
Chapter 8performs a production analysis, including raw material analysis, process analysis, and cost analysis, to give an exhaustive assessment of the manufacturing cost.
Chapter 9elaborates on the industrial chain of North America Hardware-based Full Disk Encryption. This chapter gives value chain analysis, raw material availability, and downstream customers.
Chapter 10gives accurate insights into the current and future market dynamics.
Chapter 11gives a 360 view of the North America Hardware-based Full Disk Encryption market, including the inspection of the global production, revenue forecast, and regional landscape. It also predicts the development of the North America Hardware-based Full Disk Encryption market by type and application.
Chapter 12concludes the report with the highlights and detailed findings of the research study.
Chapter 13lists the research methodologies adopted, and the sources of the information referred to in the study.
Get Your Copy Now For USD 3200 @ https://www.marketexpertz.com/checkout-form/29961
In conclusion, the North America Hardware-based Full Disk Encryption Market report is a reliable source for accessing the Market data that will exponentially accelerate your business. The report provides the principal locale, economic scenarios with the item value, benefit, supply, limit, generation, request, Market development rate, and figure and so on. Besides, the report presents a new task SWOT analysis, speculation attainability investigation, and venture return investigation.
Read the original here:
Hardware-based Full Disk Encryption Market To Witness Growth Acceleration During 2020-2026 | Western Digital Corp, Samsung Electronics, Toshiba,...
Proposed Bill Could Threaten Apple, Facebook Messaging Platforms – MSSP Alert
by DH Kass Feb 22, 2020
A bipartisan bill aimed at preventing online child exploitation could also blunt end-to-end encryption for messaging platforms and potentially strip tech companies of protection from prosecution for publishing certain content.
The Eliminating Abuse and Rampant Neglect of Interactive Technologies Act of 2019 (EARN IT Act) is co-sponsored by Senators Lindsey Graham (R-SC), chairman of the Senate Judiciary Committee, and Richard Blumenthal (D-CT). The senators have reportedly been quietly circulating a draft version of the bill to other lawmakers.
EARN IT would establish a 15-member National Commission on Online Child Exploitation Prevention to include the Chairman of the Federal Trade Commission, the Attorney General and the Secretary of Homeland Security, tasked with determining a set of best practices for providers of online services to battle child exploitation. Tech companies would have to comply with the best practices to retain Section 230 protection that shield them from prosecution for posting controversial content such as crimes, hate speech and extremism. Those that failed to adhere would be stripped of their Section 230 immunity and potentially prosecuted. The measure could affect a wide range of social media platforms and cloud service providers, including Apples iCloud and Facebooks WhatsApp, which together have nearly 2.5 billion users.
Its important to note that while Section 230 protects companies that host third-party content from legal liability for what their users say and do, it doesnt provide immunity against prosecutions under federal criminal law, or liability based on intellectual property law, communications privacy law, or certain sex trafficking laws.
The Electronic Frontier Foundation (EFF) is highly critical of the proposed bills impact, particularly its potential to undermine Section 230, which is widely regarded as a core tenet of Internet free speech. The EARN IT Act grants sweeping powers to the Executive Branch [and] opens the door for the government to require new measures to screen users speech and even backdoors to read your private communications, the EFF wrote in a blog post. Congress must forcefully reject this dangerous bill before it is introduced, the blog said.
In a Senate Judiciary hearing last December, a bipartisan group of senators signaled their intention to press tech companies to design product encryption to comply with court orders mandating access by authorized officials. Graham, in particular, warned Apple and Facebook: My advice to you is to get on with it, because this time next year, if we havent found a way that you can live with, we will impose our will on you.
So far, no solution has emerged that reconciles privacy with national security concerns. In 2016, a skirmish erupted between Apple and the Federal Bureau of Investigation when the iPhone maker refused to comply with a court order to unlock a terrorists device for law enforcement to view. Apple feared that an unlocked iPhone could compromise the security of millions of its users worldwide. In the incidents wake, both lawmakers and tech executives called for new legislation that would protect users privacy and assist law enforcement where none now exist.
EARN IT could be referenced to force providers of end-to-end encrypted messaging services to build in backdoors to their products, the EFF said. These demands would put encryption providers like WhatsApp and Signal in an awful conundrum: either face the possibility of losing everything in a single lawsuit or knowingly undermine their own users security, making all of us more vulnerable to criminals, the blog said.
More:
Proposed Bill Could Threaten Apple, Facebook Messaging Platforms - MSSP Alert
Zettaset to Participate in Cybersecurity Forum at Annual HIMSS 2020 Conference – Business Wire
ORLANDO, Fla.--(BUSINESS WIRE)--Zettaset, a leading provider of software-defined encryption solutions, today announced that CEO Tim Reilly will be featured as a guest speaker during the HIMSS 2020 Cybersecurity Forum a designated venue where attendees will learn how leading provider organizations are protecting healthcares expanding digital footprint and securing data inside and outside the hospital. Reillys session titled, Breach. Theft. Disaster: Protecting the Digital Transformation from Itself, will be taking place on March 9 at 11:40am ET at the Hyatt/Plaza International Ballroom H.
The healthcare industry continues to be a primary target for cybercriminals looking to capture and expose sensitive information. However, despite healthcare organizations best efforts, sensitive data continues to remain unencrypted and left exposed. Whether its protected health information, medical records, data stored in containers or even wireless IoT medical devices, healthcare leaders continue to struggle with implementing cybersecurity best practices.
For healthcare entities striving for a more comprehensive cybersecurity solution, encryption is an essential element to a data protection strategy. It addresses data privacy and protection needs, and provides scalability within the dynamic, high-volume data environments that exist within this industry. In his session, Reilly will examine why encryption acts as a critical component of any healthcare cybersecurity strategy.
Who:
Tim Reilly, CEO, Zettaset
What:
Breach. Theft. Disaster: Protecting the Digital Transformation from Itself. The rapid adoption of new technologies such as DevOps, IoT and Containers along with the further reliance on cloud infrastructures has created new exposure points for cyberattacks. The digital transformation initiatives being implemented to improve the customer experience leverage these emerging technologies, but comprehensive protection of the sensitive data at the core of these security solutions is lacking. Encryption plays a key role in any security strategy, but lags behind in its application.
The defenses against a cyberattack will continue to be tested and the inevitable will happen. Its not if, but when a data breach or theft occurs. Encryption provides that last line of defense and protects the data in whatever environment a new technology is deployed.
When:
Monday, March 9, 2020 at 11:40 a.m. ET
Where:
HIMSS-CHIME Cybersecurity ForumHyatt Regency Orlando | Plaza International Ballroom H9801 International DriveOrlando, FL
The HIMSS Global Health Conference & Exhibition brings together nearly 45,000 health information and technology professionals, clinicians, executives and market suppliers from around the world. Exceptional education, world-class speakers, cutting-edge products and powerful networking are hallmarks of this industry-leading conference.
Visit the Zettaset team at Booth 400-43 to learn more about its software-based encryption solutions that are optimized for petabyte-scale data center, virtual, and cloud deployments during HIMSS 20.
About ZettasetZettaset is a software-defined encryption solution that can be transparently deployed across all physical and virtual enterprise environments. Unlike traditional solutions that are appliance-based, Zettaset is a cost-effective, software-only solution that is easy to deploy, does not impact performance, and scales with your business from on premise to the cloud. Learn more at zettaset.com.
More here:
Zettaset to Participate in Cybersecurity Forum at Annual HIMSS 2020 Conference - Business Wire
Encryption Software Market are anticipated to lucrative growth opportunities in the future by Product Type, Structure, End-user and Geography to 2027…
A leading research firm, Zion Market Research added a latest industry report onGlobal Encryption Software Market Is Set for a Rapid Growth and is Expected to Reach USD 7.17 Billion by 2021, (Sample Copy Here) consisting of 110+ pages during the forecast period and Encryption Software Marketreport offers a comprehensive research updates and information related to market growth, demand, opportunities in the global Encryption Software Market.
The Encryption Software Marketreport provides in-depth analysis and insights into developments impacting businesses and enterprises on global and regional level. The report covers the global Encryption Software Marketperformance in terms of revenue contribution from various segments and includes a detailed analysis of key trends, drivers, restraints, and opportunities influencing revenue growth of the global consumer electronics market.This report studies the global Encryption Software Market size, industry status and forecast, competition landscape and growth opportunity. This research report categorizes the global Encryption Software Market by companies, region, type and end-use industry.
This Research Help Grow Your Business [Download Sample PDF Of Research Report]
Our Free Complimentary Sample Report Accommodate a Brief Introduction of the research report, TOC, List of Tables and Figures, Competitive Landscape and Geographic Segmentation, Innovation and Future Developments Based on Research Methodology
The Encryption Software Market report provides company market size, share analysis in order to give a broader overview of the key players in the market. Additionally, the report also includes key strategic developments of the market including acquisitions & mergers, new product launch, agreements, partnerships, collaborations & joint ventures, research & development, product and regional expansion of major participants involved in the market on the global and regional basis.
The Encryption Software Market is widely partitioned reliant on the predictable updates in the enhancement of parameters, for example, quality, trustworthiness, end customer solicitations, applications, and others. The Encryption Software Market report contains general successful parameters, confinements, and besides has in detail illumination of the noteworthy data close by the present and future examples that may concern the advancement. The comprehensive Encryption Software Market report elucidates within and outside representation of current advancements, parameters, and establishments.
Get Free Brochure of Encryption Software MarketReport:https://www.zionmarketresearch.com/requestbrochure/encryption-software-market
he Leading Market Players Covered in this Report are : BM, Microsoft, Sophos ltd, Gemalto, Net App Inc, Hewlett- Packard, Vormetric, Oracle, Intel and Symantec
The global Encryption Software Market report also delivers the accurately estimated pattern of CAGR to be followed by the market in the future. The numerous highlighted features and enactment of the Encryption Software Market are examined based on the qualitative and quantitative technique to deliver the whole scenario of the current and future evaluation in a more-effective and better understandable way.
At last, the global Encryption Software Market gives the readers a complete view of the market during the forecast period from 2016-2025 which will assist them in making right business choices that will lead to development the development of their company.
Browse Press Release@https://www.zionmarketresearch.com/news/global-encryption-software-market
Worldwide Encryption Software Market Report Provides Comprehensive Analysis of:
This report focuses on price, sales, revenue and growth rate of each type, as well as the types and each type price of key manufacturers, through interviewing key manufacturers. Second on basis of segments by manufacturers, this report focuses on the sales, price of each type, average price of Encryption Software Market, revenue and market share, for key manufacturers.
The classification of the global Encryption Software Market is done based on the product type, segments, and end-users. The report provides an analysis of each segment together with the prediction of their development in the upcoming period. Additionally, the latest research report studies various segments of the global Encryption Software Market in the anticipated period.
Thanks for reading this article; you can also get individual chapter wise section or region wise report version like North America, Europe or Asia.
Go here to see the original:
Encryption Software Market are anticipated to lucrative growth opportunities in the future by Product Type, Structure, End-user and Geography to 2027...
Cloud Encryption Technology Market Analysis with Key Players, Applications, Trends and Forecasts to 2025 | Gemalto, Sophos, Symantec – Nyse Nasdaq…
Reports Monitors report on the global Cloud Encryption Technology market studies past as well as current growth trends and opportunities to gain valuable insights of the same indicators for the Cloud Encryption Technology market during the forecast period from 2019 to 2024. The report provides the overall global market statistics of the global Cloud Encryption Technology market for the period of 20192024, with 2018 as the base year and 2024 as the forecast year. The report also provides the compound annual growth rate (CAGR) for the global Cloud Encryption Technology market during the forecast period.
SWOT Analysis of Leading Contenders covered in this report:- Gemalto, Sophos, Symantec, SkyHigh Networks, Netskope and more.
Get access to sample report, Click here @https://www.reportsmonitor.com/request_sample/480068
The global Cloud Encryption Technology market was xx million US$ in 2018 and is expected to xx million US$ by the end of 2024, growing at a CAGR of xx% between 2019 and 2024.
This report studies the Cloud Encryption Technology market size (value and volume) by players, regions, product types and end industries, history data 2014-2018 and forecast data 2019-2024; This report also studies the global market competition landscape, market drivers and trends, opportunities and challenges, risks and entry barriers, sales channels, distributors and Porters Five Forces Analysis.
Product Type Segmentation:-
SolutionServices
Industry Segmentation:-
BFSIHealthcare and LifesciencesMedia and EntertainmentRetail and E commerceAutomotive and ManufacturingIT and Telecom
The Cloud Encryption Technology market report includes an elaborate executive summary, along with a snapshot of the growth behavior of various segments included in the scope of the study. Furthermore, the report sheds light on changing competitive dynamics in the global Cloud Encryption Technology market. These indices serve as valuable tools for existing market players as well as for entities interested in entering the global Cloud Encryption Technology market.
Get a discount on this report@https://www.reportsmonitor.com/check_discount/480068
The report reaches inside into the competitive landscape of the global Cloud Encryption Technology market. Key players operating in the global Cloud Encryption Technology market have been identified, and each one of them has been profiled for their distinguishing business attributes. Company overview, financial standings, recent developments, and SWOTs are some of the attributes of players in the global Cloud Encryption Technology market that have been profiled in this report.
Regional Coverage:-
The report has been prepared after extensive primary and secondary research. Primary research involves the bulk of research efforts wherein, analysts carry out interviews with industry leaders and opinion-makers. Extensive secondary research involves referring to key players product literature, annual reports, press releases, and relevant documents to understand the global Cloud Encryption Technology market.
Secondary research also includes Internet sources, statistical data from government agencies, websites, and trade associations. Analysts have employed a combination of top-down and bottom-up approaches to study various phenomena in the global Cloud Encryption Technology market.
Key Questions Answered in Cloud Encryption Technology Market Report
View this report with a detailed description and TOC @ https://www.reportsmonitor.com/report/480068/Cloud-Encryption-Technology-Market
Contact UsJay MatthewsDirect: +1 513 549 5911 (U.S.)+44 203 318 2846 (U.K.)Email: [emailprotected]
Go here to read the rest:
Cloud Encryption Technology Market Analysis with Key Players, Applications, Trends and Forecasts to 2025 | Gemalto, Sophos, Symantec - Nyse Nasdaq...
US legislation to fend off end-to-end encryption of Facebook, Google and others – Financial World
As a number of tech conglomerates including industry Goliaths such as Google LLC. alongside Facebook Inc., had been setting their eyes on an end-to-end encryption of their users messages and data, US congress has been set to introduce a bill over the coming weeks that would prevent the tech tycoons from offering end-to-end encryption as it looks to limit the scale of "children sexually abusive content" distributions through such platforms, at least two people familiar with the matter had unveiled late on Friday, the 21st of February 2020, on condition of anonymity as the sources were not authorized to speak publicly over the issue.
In point of fact, latest move of the US cabinet in effect would dilute impacts of a law called section 230 that had been safeguarding the tech tycoons from lawsuits related to distribution of potentially harmful contents as under the Section 230 law, certain online platforms could not be held liable for the contents posted, published delivered through their online platforms.
Concomitantly, the bill, which would be proposed by the Chair of Senate Judiciary Committee Lindsey Graham alongside a Democratic Senator Richard Blumenthal, would be duelling against the tech tycoons to hold them liable for the contents published and posted on their online platforms and to make them subjects to state prosecution alongside civil lawsuits, said the sources.
Read the original post:
US legislation to fend off end-to-end encryption of Facebook, Google and others - Financial World
Encryption on Facebook, Google, others threatened by planned new bill – Reuters
WASHINGTON (Reuters) - U.S. legislation will be introduced in the coming weeks that could hurt technology companies ability to offer end-to-end encryption, two sources with knowledge of the matter said, and it aims to curb the distribution of child sexual abuse material on such platforms.
FILE PHOTO: FILE PHOTO: An encryption message is seen on the WhatsApp application on an iPhone, March 27, 2017. REUTERS/Phil Noble
The bill, proposed by the Chairman of the Senate Judiciary Committee Lindsey Graham and Democratic Senator Richard Blumenthal, aims to fight such material on platforms like Facebook and Alphabets Googles by making them liable for state prosecution and civil lawsuits. It does so by threatening a key immunity the companies have under federal law called Section 230.
This law shields certain online platforms from being treated as the publisher or speaker of information they publish, and largely protects them from liability involving content posted by users.
The bill, titled The Eliminating Abuse and Rampant Neglect of Interactive Technologies Act of 2019, or the EARN IT Act, threatens this key immunity unless companies comply with a set of best practices, which will be determined by a 15-member commission led by the Attorney General.
The move is the latest example of how regulators and lawmakers in Washington are reconsidering the need for incentives that once helped online companies grow, but are increasingly viewed as impediments to curbing online crime, hate speech and extremism.
The sources said the U.S. tech industry fears these best practices will be used to condemn end-to-end encryption - a technology for privacy and security that scrambles messages so that they can be deciphered only by the sender and intended recipient. Federal law enforcement agencies have complained that such encryption hinders their investigations.
Online platforms are exempted from letting law enforcement access their encrypted networks. The proposed legislation provides a workaround to bypass that, the sources said.
This a deeply dangerous and flawed piece of legislation that will put every Americans security at risk... it is deeply irresponsible to try to undermine security for online communications, said Jesse Blumenthal, who leads technology and innovation at Stand Together, also known as the Koch network -funded by billionaire Charles Koch. The group sides with tech companies that have come under fire from lawmakers and regulators in Washington.
There is no such thing as a back door just for good guys that does not create a front door for bad guys, Blumenthal said.
On Wednesday, U.S. Attorney General William Barr questioned whether Facebook, Google and other major online platforms still need the immunity from legal liability that has prevented them from being sued over material their users post.
During a Senate Judiciary hearing on encryption in December, a bipartisan group of senators warned tech companies that they must design their products encryption to comply with court orders. Senator Graham issued a warning to Facebook and Apple: This time next year, if we havent found a way that you can live with, we will impose our will on you.
A spokeswoman for Senator Graham said on timing, other details, we dont have anything more to add right now. She pointed Reuters to recent comments by the senator saying the legislation is not ready but getting close.
A spokeswoman for Senator Blumenthal said he was encouraged by the progress made by the bill.
A discussion draft of the EARN IT Act has been doing the rounds and has been criticized by technology companies.
Facebook and Google did not respond to requests for comment.
Reporting by Nandita Bose in Washington; Editing by Bernadette Baum
Read the original here:
Encryption on Facebook, Google, others threatened by planned new bill - Reuters
What Is an Encryption Backdoor? – How-To Geek
deepadesigns/Shutterstock
You might have heard the term encryption backdoor in the news recently. Well explain what it is, why its one of the most hotly contested topics in the tech world, and how it could affect the devices you use every day.
Most of the systems consumers use today have some form of encryption. To get past it, you have to provide some kind of authentication. For example, if yourphone is locked, you have to use a password, your fingerprint, or facial recognition to access your apps and data.
These systems generally do an excellent job of protecting your personal data. Even if someone takes your phone, he cant gain access to your information unless he figures out your passcode. Plus, most phones can wipe their storage or become unusable for a time if someone tries to force them to unlock.
A backdoor is a built-in way of circumventing that type of encryption. It essentially allows a manufacturer to access all the data on any device it creates. Andits nothing newthis reaches all the way back to the abandoned Clipper chip in the early 90s.
Many things can serve as a backdoor. It can be a hidden aspect of the operating system, an external tool that acts as a key for every device, or a piece of code that creates a vulnerability in the software.
RELATED: What Is Encryption, and How Does It Work?
In 2015, encryption backdoors became the subject of a heated global debate when Apple and the FBI wereembroiled in a legal battle. Through a series of court orders, the FBI compelled Apple to crack an iPhone that belonged to a deceased terrorist. Apple refused to create the necessary software and a hearing was scheduled. However, the FBI tapped a third-party (GrayKey), which used a security hole to bypass the encryption and the case was dropped.
The debate has continued among technology firms and in the public sector. When the case first made headlines, nearly every major technology company in the U.S. (including Google, Facebook, and Amazon) supported Apples decision.
Most tech giants dont want the government to compel them to create an encryption backdoor. They argue that a backdoor makes devices and systems significantly less secure because youre designing the system with a vulnerability.
While only the manufacturer and the government would know how to access the backdoor at first, hackers and malicious actors would eventually discover it. Soon after, exploits would become available to many people. And if the U.S. government gets the backdoor method, would the governments of other countries get it, too?
This creates some frightening possibilities. Systems with backdoors would likely increase the number and scale of cybercrimes, from targeting state-owned devices and networks to creating a black market for illegal exploits. As Bruce Schneier wrote in The New York Times,it also potentially opens up critical infrastructure systems that manage major public utilities to foreign and domestic threats.
Of course, it also comes at the cost of privacy. An encryption backdoor in the hands of the government allows them to look at any citizens personal data at any time without their consent.
Government and law enforcement agencies that want an encryption backdoor argue that the data shouldnt be inaccessible to law enforcement and security agencies. Some murder and theft investigations have stalled because law enforcement was unable to access locked phones.
The information stored in a smartphone, like calendars, contacts, messages, and call logs, are all things a police department might have the legal right to search with a warrant. The FBI said it faces a Going Dark challenge as more data and devices become inaccessible.
Whether companies should create a backdoor in their systems remains a significant policy debate. Lawmakers and public officials frequently point out that what they really want is a front door that allows them to request decryption under specific circumstances.
However, a front door and encryption backdoor are largely the same. Both still involve creating an exploit to grant access to a device.
Until an official decision is rendered, this issue will likely continue to pop up in the headlines.
Read the original here:
What Is an Encryption Backdoor? - How-To Geek
Sophos Takes On Encrypted Network Traffic With New XG Firewall 18 – CRN: Technology news for channel partners and solution providers
Sophos has debuted a new version of its XG Firewall that provides visibility into previously unobservable transport mechanisms while retaining high levels of performance.
The Oxford, U.K.-based platform security vendor will make it more difficult for adversaries to hide information in different protocols by inspecting all encrypted traffic with the XG Firewall 18, according to Chief Product Officer Dan Schiappa. Adversaries are turning to encryption in their exploits, with 23 percent of malware families using encrypted communication for command and control or installation.
Weve kind of turned the light on in a kitchen full of roaches, Schiappa told CRN.
[Related: 10 Things To Know About The Planned $3.82 Billion Thoma Bravo-Sophos Deal]
Pricing for the Sophos XG Firewall starts at $359 per year and scales based on term length and model, according to the company. The performance of the XG Firewall has been vastly improved by better determining which applications and traffic should go through the companys deep packet inspection engine, according to Schiappa.
By leveraging SophosLabs intelligence, the company is able to rapidly push safe or known traffic through while quarantining only the unknown or unsafe traffic for deep packet inspection, he said. The XG Firewall will also be easier to manage in Sophos Central with better alert engines and reporting capabilities, according to Schiappa.
Sophos Central now has full firewall management capabilities, meaning that customers can apply policies universally across multiple firewalls from the central dashboard and granularly adjust settings for a specific firewall from the same location. In addition, synchronized app control has strengthened the sharing of information between the endpoint and the firewall, Schiappa said.
The company has been working on the XG Firewall 18 for more than two years, he said, and considers it to be the most transformative version of the XG thanks to the new Xstream architecture.
We really wanted to build the firewall without any historical backdrop, Schiappa said. Well have the most next-gen and recent firmware OS on the market, and that was something that was important to us.
The improvements Sophos has made around security and performance combined with the vast gains in its natural rules engine will make the XG Firewall much more credible to enterprises, according to Schiappa. Adding enterprise management functionality also will help Sophos attract larger customers at a much higher rate than in the past, Schiappa said.
We now have an enterprise-credible firewall, but were never going to abandon our sweet spot in the SMB and midmarket, he said.
Existing Sophos customers will get the XG Firewall 18 as part of the normal upgrade process without any type of new license required, according to Schiappa. Customers will be notified when the Xstream architecture is available for their model of firewall.
The growth of Sophos Central and embrace of synchronized security have dramatically increased the number of Sophos products being used by the average customer, according to Schiappa. Although the XG Firewall 18 is a great stand-alone product, it also represents a golden opportunity for channel partners to expand their footprint with endpoint-focused customers into the network.
This was a big effort, and I think its going to be worth it, he said.