Category Archives: Encryption
With end-to-end encryption, we wouldn’t be able to listen in even if we wanted to, says Facebook’s Stan Chudnovsky – Mumbrella Asia
A recent study from Facebook and BCG said that awareness of conversational commerce is highest across Southeast Asia at 72% and that 94% of those surveyed plan to maintain or increase their spending. When did conversational commerce become a priority for Facebook Messenger?
When we started to see that people are finding ways to talk to businesses and vice versa on Messenger.
We had anticipated it would happen, but just didnt know when. Businesses invariably follow people whenever theres a shift to new media. It happened with messaging pretty much like it happened before with phones, radios or email.
Once we realised that people were cracking this, we thought of giving them the tools to do it better because if they can do it well, they will do more of it.
And so we introduced Click to Message ads that open out as a thread. That became one of the fastest growing ad product for us. To a large extent, it is happening in the Asia-Pacific region.
Considering how Messenger has developed and evolved: did it have more to do with sticking with a long term plan or being very adaptable?
It was probably a bit of both. We set up a few core principles and focused on them unless there was new information that presented itself. But on the peripheries, we tried to be nimble.
The main thesis for Messenger was that people want to communicate more privately and spend greater amounts of time in messaging apps.
And that they want to do more than just messaging in these apps. We stayed the course there and built features that allowed for that to happen. But there were other examples where we tried to learn quickly.
For instance, some of the things that people did when it came to messaging businesses we didnt know that would happen.
But once you give people the ability to communicate with businesses, you start to learn from those interactions in Singapore, Vietnam and other places in Asia. We have learnt from use cases that people have created which dont exist elsewhere. And then we try to turn those into products.
We focus on what people want to do and believe the rest will follow.
Is something like WeChat which had its origins in messaging but is now styling itself as a super app something that you would like Messenger to become?
We believe that there are many more things that you can build on top of messaging. I cant say we want to be everything and like WeChat, but I do want to say that a bunch of use cases that it has tackled are the use cases that we would want our people to tackle on Messenger as well.
Of the different sort of advertising options that exist for marketers within Messenger from bots to running ads within the messenger inbox what has got the most traction?
From the standpoint of ads, Click to Message has been doing amazingly well.
When it comes down to tools, the simple ones are the best liked. For instance, click replies when you can set up automated replies.
The ability to switch from automated conversation to actual conversation that transition to a human being who can receive your payment, or close a deal.
Different insurance and auto firms use it very well for lead generation. You see a car, watch the video and with a couple of clicks, set up an appointment for a test drive. It works for you, the dealership and the manufacturer.
Its the same with insurance quotes. Our platform has been able to deliver on that quite well.
One of the simple solutions I find very compelling are business oriented stickers that could say things like no discounts; or I dont want to negotiate. They communicate what needs to be said so much faster because you just tap on it. Those are the solutions that I find compelling and they can drive a lot of upside for advertisers.
There are persistent stories and lots of anecdotal evidence about ads being served up on Facebook based on conversations people have been having leading to the feeling among lots of people that Facebook is listening in. Considering Messenger chats are typically a lot more personal, dont you think the suspicion is going to be far greater? How do you draw the line between relevant and contextual, to something where people are conscious rightly or wrongly of a violation of privacy?
That is one of the reasons we want to be end-to-end encrypted. Then, we wouldnt have the ability to do that even if we wanted to.
Right now, we are saying no we are not doing it. But we want to get to the stage where we can say: We couldnt even if we wanted to and heres why. And we can show that to anyone who has any questions, because of the way we have architected ourselves.
Its been a rough two or more years for Facebook. What sort of an impact does the conversation and criticism around the brand have on the people working within? Is this an issue you have to contend with as the leader of a product?
It is something we constantly need to talk about since Facebook has an open culture. And so criticism from outside or raising concerns, affects everyone who works in the company. We constantly sit down and have these conversations.
People ask how do we address those concerns? We have been very open and public about how we are thinking about these critiques. We are addressing some of it because it is valid; others we are disagreeing with and pushing back on.
We are having conversations on this both internally and externally. Our key is to have the exact same conversation externally as we do internally. I think weve been doing a better job on that.
You were an entrepreneur who has been a part of a string of successful startups social networking site Tickle that was acquired by Monster, Goodreads, Iron Pearl that was acquired by PayPal. How did you come to join Facebook? Were there any other options you were evaluating at the time?
You are right in the sense that people usually dont do a bunch of successful startups and end up in big companies its generally the other way round.
I wouldnt have gone to any company other than Facebook. It was either Facebook or not working for a while or working with my friends or some investing vehicle and things in that space. It was very special in the sense that I was interested in working on networks that affect businesses.
In addition, it was obvious to me even six or seven years ago that messaging is where the whole world was headed. Messaging being a fundamental human need is something that I had been thinking about for a while, and so when the opportunity presented itself to work on the next frontier of a company that Id admired from a distance, it was difficult to say no.
Considering you moved from the Soviet Union, how did advertising in the United States strike you?
We didnt have much advertising in the Soviet Union. When I arrived in 1994, it was a whole new world for me that I didnt understand very well.
Over time, you learn and the most simple things end up working. It is just very straightforward: explaining the different upsides and downsides of different things.
Continue reading here:
With end-to-end encryption, we wouldn't be able to listen in even if we wanted to, says Facebook's Stan Chudnovsky - Mumbrella Asia
Global Mobile Encryption Technology Market 2018 Manufacturers, Types and Application, Analysis History and Forecast 2025 – Galus Australis
Innovate Insights unravels its new study titled Mobile Encryption Technology Market Growth, Trends, and Forecast (2017-2023). Effective exploratory techniques such as qualitative and quantitative analysis have been used to discover accurate data.
The Mobile Encryption Technology Market was estimated to be worth USD XXX billion in 2017 and is projected to reach USD XXX billion by the end of 2023, growing at a CAGR of XX% over the forecast period of 2018-2023. The Mobile Encryption Technology industry is highly competitive, due to a large degree of fragmentation in the market. Despite the fragmentation, the market is largely tied by the regulatory requirements for establishment and operation.
The scope of the report is limited to the application of the type, and distribution channel. The regions considered in the scope of the report include North America, Europe, Asia-Pacific, and Rest of the World. This report presents the worldwide Mobile Encryption Technology market size (value, production and consumption), splits the breakdown (data status 20142019 and forecast to 2025), by manufacturers, region, type and application.
We Have Recent Updates of Mobile Encryption Technology Market in Sample Copy: https://www.innovateinsights.com/report/global-mobile-encryption-technology-market-2018-manufacturers-types/12417/#requestsample
The major manufacturers covered in this report: McAfee(Intel Corporation), Blackberry, T-Systems International, ESET, Sophos, Symantec Corp, Check Point Software Technologies, Dell, IBM, Mobileiron, BeiJing Zhiyou Wangan Tech. Co. Ltd, CSG,Inc., Hewlett Packard Enterprise, Proofpoint, Silent Circle, Adeya SA
The prime objective of this Mobile Encryption Technology research report is to define the size of the different segments and the geographies as well as to forecast the trends that are likely to gain traction in the following couple of years.
Regional Analysis in the Mobile Encryption Technology Market
The biggest demand for Mobile Encryption Technology from North America, Europe, and countries, like China. Asia-Pacific is home to the worlds fastest-growing market for Mobile Encryption Technology, which is reflected in the size of its industry and the rapid rate of expansion in output over recent years. Currently, different companies are aiming to produce Mobile Encryption Technology in many other countries, with current and new areas and projects that are undergoing continuous exploration and feasibility tests.
Mobile Encryption Technology Market Report to grow your business needs and!!! Limited Time DISCOUNT Available!!! Get Your Copy at Discounted Price@ https://www.innovateinsights.com/report/global-mobile-encryption-technology-market-2018-manufacturers-types/12417/#buyinginquiry
Market segment by Type, can be split into: Disk Encryption, File/Folder Encryption, Communication Encryption, Cloud Encryption, Other
Market segment by Application, can be split into: BFSI, Healthcare & Retail, Government and Public Sector, Telecommunications and IT, Other
The Mobile Encryption Technology report highlights the most recent market trends. Mobile Encryption Technology report unveils vulnerabilities that may emerge because of changes in business activities or presentation of another item in the market. It is designed in such a way that it provides an evident understanding of industry. This Mobile Encryption Technology market report is generated with the combination of best industry insight, practical solutions, talent solutions and latest technology. It explains investigation of the existing scenario of the global market, which takes into account several market dynamics. Mobile Encryption Technology report also perceives the different drivers and limitations affecting the market amid the estimate time frame.
Browse Full Report with Facts and Figures of Mobile Encryption Technology Market Report at: https://www.innovateinsights.com/report/global-mobile-encryption-technology-market-2018-manufacturers-types/12417/
For the data information by region, company, type and application, 2018 is considered as the base year. Whenever data information was unavailable for the base year, the prior year has been considered.
The rest is here:
Global Mobile Encryption Technology Market 2018 Manufacturers, Types and Application, Analysis History and Forecast 2025 - Galus Australis
Microsoft Jumps on the DoH Train Company to Introduce Encrypted DNS – Computer Business Review
Add to favorites
Providing encrypted DNS support without breaking existing Windows device admin configuration wont be easy
Microsoft is set to start offering encrypted DNS resolution services (DNS-over-HTTPS, or DoH) joining Cloudflare and Google in introducing the service, which has drawn public policy maker ire for obfuscating/securing end-user traffic.
DoH encrypts DNS traffic and requires authentication of the server. As the Internet Engineering Task Force (IETF) notes, this mitigates both passive surveillance and active attacks that attempt to divert DNS traffic to rogue servers.
We are making plans to adopt DNS over HTTPS (or DoH) in the Windows DNS client, Microsoft said on Sunday. As a platform, Windows Core Networking seeks to enable users to use whatever protocols they need, so were open to having other options such as DNS over TLS (DoT) in the future. For now, were prioritizing DoH support as the most likely to provide immediate value to everyone.
The company did not specify when the service will be available.
We believe Windows adoption of encrypted DNS will help make the overall Internet ecosystem healthier, the company added in a networking blog.
The move comes six months after the Sunday Times reported that British government figures were in crisis talks over plans for the broad rollout of the technology by the leading DNS resolution service providers, which problematises the bulk surveillance allowed by the 2016 Snoopers Charter, or Investigatory Powers Act, which requires ISPs to store their customers internet activity for 12 months.
Mozilla said in September that its Firefox browser would start defaulting to Cloudflares DoH service, although initially just in a small-scale pilot.
Currently, even if users are visiting a site using HTTPS, their DNS query is sent over an unencrypted connection: anyone listening to packets on the network knows which website an internet user is attempting visit.
In the UK, this includes all internet service providers (ISPs).
Microsoft said: Well start with a simple change: use DoH for DNS servers Windows is already configured to use. There are now several public DNS servers that support DoH, and if a Windows user or device admin configures one of them today, Windows will just use classic DNS (without encryption) to that server.
However, since these servers and their DoH configurations are well known, Windows can automatically upgrade to DoH while using the same server the companys Tommy Jensen, Ivan Pashov, and Gabriel Montenegro said in a blog.
Microsoft will not be making any changes to which DNS server Windows was configured to use by the user or network they added.
Paul Gagliardi, Director of Threat Intelligence at SecurityScorecard told Computer Business Review in an earlier comment in response to Mozillas move: On one hand I dont want ISPs selling my internet behavior or censoring it, on the other it is currently hard to implement basic censoring. Ultimately, content (DNS in this case) cannot be secured/monitored without having the ability to observe it.
Just as companies/organizations inspect their HTTPS traffic, the same needs to happen with encrypted DNS/DoH. Decrypting DoH would be the exact same mechanism as observing HTTPS traffic, using a Man in the Middle proxy to decrypt traffic on the fly and implement security mechanisms. There are no shortage of commercial solutions for this, however, things get more complicated in BYOD environments.
He added: DoH forces the privacy vs security defense debate to be more localized. A company or organization can balance those decisions in their network differently than a private individual. Unfortunately for those organizations/companies, the ability to censor traffic is now more technical and requires more investment on their part. In short I think well see more HTTPS MiTM and prohibition of BYoD.
Microsofts networking team noted: Providing encrypted DNS support without breaking existing Windows device admin configuration wont be easy.
However, at Microsoft we believe that we have to treat privacy as a human right. We have to have end-to-end cybersecurity built into technology.
Go here to read the rest:
Microsoft Jumps on the DoH Train Company to Introduce Encrypted DNS - Computer Business Review
Hardware Encryption Market Growth Forecast Analysis by Top Manufacturers, Regions, Product Types and Application (2019 – 2026) – News Obtain
The Hardware Encryption Market report study gives comprehensive knowledge and valuable insights into the current market prospect and emerging growth scenarios. The report on the Hardware Encryption market also emphasizes on market players as well as the new entrants in the market landscape. In short, this report comprises of all the necessary details of the global Hardware Encryption markets such as value/volume data, marketing strategies, and expert views.
Request For Sample PDF Report (Kindly Use Your Bussiness/Corporate Email Id to Get Priority): https://www.esticastresearch.com/market-reports/hardware-encryption-market/#request-for-sample
About Hardware Encryption Market
Hardware Encryption Marketwas valued at $52.45 billion in 2016, and is projected to reach $1,085 billion by 2024, having a CAGR of 46.3% during the forecast period of 2017 to 2024. The technology which encrypts the data stored in a hard drive using appropriate and specific mathematical functions is called as hardware encryption. Hardware encryption restricts the unauthorized entities from accessing the important data. The hardware encryption market is majorly driven by reduced cost of encryption and increasing complexity & volume of data breaches.
The global Hardware Encryption market report offers an overall outlook of the market in a systemic pattern after a thorough evaluation of the growth drivers, restrictive factors, and future scope. The estimates for all segments including component, technology, type, application, services, and end-user industries have been provided on a regional basis for the forecast period 2019 2026. Further, a list of key players along with their detailed business strategies can also be witnessed in the comprehensive report.
Market Segmentation
On the basis of types, the global Hardware Encryption market is primarily split into
By UsageStorage DeviceNetwork
Based on application, the global Hardware Encryption market is primarily split into
Healthcare SectorMilitary & AerospaceAutomotive & TransportationBFSIIT & TelecomOthers (Retail, Education, Individual User)
The report provides market size with 2018 as the base year in consideration and a yearly forecast until 2026 in terms of Revenue (USD Million). Our analysts have implemented a mix of top-down and bottom-up approaches for market sizing, analyzing the key regional markets, dynamics, and trends for various types and applications.
Competitive Landscape
Key players profiled in the report include:
Certes Networks Inc.IBM CorporationImation Corp.Kingston Technology Corporation Inc.Maxim Integrated Products Inc.Micron Technology Inc.NetApp Inc.Samsung Electronics Co. Ltd.SanDisk CorporationSeagate Technology LLCToshiba Corporation
The prominent players operating in the market are profiled based on price, quality, brand, product differentiation, and product portfolio. They are extremely focusing on innovation in production technologies to enhance the efficiency and shelf life of the product and services.
The content of the study subjects includes a total of 8 chapters:
Enquire Here For Queries Or Report Customization: https://www.esticastresearch.com/market-reports/hardware-encryption-market/#customization
Global Hardware Encryption market research report can be used by the following group of people:
If you need specific information, which is not currently available in the Report of Scope, we will give it to you as a part of customization. To know more please Drop Down Your Inquiry(help@esticastresearch.com).
1055 West 7th Street,Los Angeles, CA 90017 (P) USphone 213-935-7207print (213) 935-7208Email help@esticastresearch.com
The Best Encryption Software for 2019 | PCMag.com
Encrypt Everything!
You've got a secret, perhaps the plan for a new business venture. It's complicated enough you can't just memorize it, so you write it down. But now you worry that someone else might get hold of your secret. What to do? Encrypt it! There are many paths to protect your sensitive files, and ways to share those encrypted files without compromising your security. Just which solution works for you depends on exactly how you'll use your encrypted files. We've rounded up a diverse collection of tools to help you no matter which path you take.
In this roundup, I'm specifically looking at products that encrypt files, not at whole-disk solutions like Microsoft's Bitlocker. Whole-disk encryption is an effective line of defense for a single device, but it doesn't help when you need to share encrypted data.
You can use a Virtual Private Network, or VPN, to encrypt your own internet traffic. From your PC to the VPN company's server, all your data is encrypted, and that's a great thing. However, unless you're connected to a secure HTTPS website, your traffic is not encrypted between the VPN server and the site. And of course the VPN's encryption doesn't just magically rub off on files you share. Using a VPN is a great way to protect your internet traffic when you're traveling, but it's not a solution for encrypting your local files.
When the FBI needed information from the San Bernardino shooter's iPhone, they asked Apple for a back door to get past the encryption. But no such back door existed, and Apple refused to create one. The FBI had to hire hackers to get into the phone.
Why wouldn't Apple help? Because the moment a back door or similar hack exists, it becomes a target, a prize for the bad guys. It will leak sooner or later. As my colleague Max Eddy pointed out in a recent article about Attorney General Barr's ignorance of encryption, "a backdoor is still a door and even a door with a lock on it can be opened."
All of the products in this roundup explicitly state that they have no back door, and that's as it should be. It does mean that if you encrypt an essential document and then forget the encryption password, you've lost it for good.
Back in the day, if you wanted to keep a document secret you could use a cipher to encrypt it and then burn the original. Or you could lock it up in a safe. The two main approaches in encryption utilities parallel these options.
One type of product simply processes files and folders, turning them into impenetrable encrypted versions of themselves. The other creates a virtual disk drive that, when open, acts like any other drive on your system. When you lock the virtual drive, all of the files you put into it are completely inaccessible.
Similar to the virtual drive solution, some products store your encrypted data in the cloud. This approach requires extreme care, obviously. Encrypted data in the cloud has a much bigger attack surface than encrypted data on your own PC.
Which is better? It really depends on how you plan to use encryption. If you're not sure, take advantage of the 30-day free trial offered by each of these products to get a feel for the different options.
After you copy a file into secure storage, or create an encrypted version of it, you absolutely need to wipe the unencrypted original. Just deleting it isn't sufficient, even if you bypass the Recycle Bin, because the data still exists on disk, and data recovery utilities can often get it back.
Some encryption products avoid this problem by encrypting the file in place, literally overwriting it on disk with an encrypted version. It's more common, though, to offer secure deletion as an option. If you choose a product that lacks this feature, you should find a free secure deletion tool to use along with it.
Overwriting data before deletion is sufficient to balk software-based recovery tools. Hardware-based forensic recovery works because the magnetic recording of data on a hard drive isn't actually digital. It's more of a waveform. In simple terms, the process involves nulling out the known data and reading around the edges of what's left. If you really think someone (the feds?) might use this technique to recover your incriminating files, you can set your secure deletion tool to make more passes, overwriting the data beyond what even these techniques can recover.
An encryption algorithm is like a black box. Dump a document, image, or other file into it, and you get back what seems like gibberish. Run that gibberish back through the box, with the same password, and you get back the original.
The U.S. government has settled on Advanced Encryption Standard (AES) as a standard, and all of the products gathered here support AES. Even those that support other algorithms tend to recommend using AES.
If you're an encryption expert, you may prefer another algorithm, Blowfish, perhaps, or the Soviet government's GOST. For the average user, however, AES is just fine.
Passwords are important, and you have to keep them secret, right? Well, not when you use Public Key Infrastructure (PKI) cryptography.
With PKI, you get two keys. One is public; you can share it with anyone, register it in a key exchange, tattoo it on your foreheadwhatever you like. The other is private, and should be closely guarded. If I want to send you a secret document, I simply encrypt it with your public key. When you receive it, your private key decrypts it. Simple!
Using this system in reverse, you can create a digital signature that proves your document came from you and hasn't been modified. How? Just encrypt it with your private key. The fact that your public key decrypts it is all the proof you need. PKI support is less common than support for traditional symmetric algorithms.
If you want to share a file with someone and your encryption tool doesn't support PKI, there are other options for sharing. Many products allow creation of a self-decrypting executable file. You may also find that the recipient can use a free, decryption-only tool.
Right now there are three Editors' Choice products in the consumer-accessible encryption field. The first is the easiest to use of the bunch, the next is the most secure, and the third is the most comprehensive.
AxCrypt Premium has a sleek, modern look, and when it's active you'll hardly notice it. Files in its Secured Folders get encrypted automatically when you sign out, and it's one of the few that support public key cryptography.
CertainSafe Digital Safety Deposit Box goes through a multistage security handshake that authenticates you to the site and authenticates the site to you. Your files are encrypted, split into chunks, and tokenized. Then each chunk gets stored on a different server. A hacker who breached one server would get nothing useful.
Folder Lock can either encrypt files or simply lock them so nobody can access them. It also offers encrypted lockers for secure storage. Among its many other features are file shredding, free space shredding, secure online backup, and self-decrypting files.
The other products here also have their merits, too, of course. Read the capsules below and then click through to the full reviews to decide which one you'll use to protect your files. Have an opinion on one of the apps reviewed here, or a favorite tool we didn't mention? Let us know in the comments.
Pros: Very easy to use. Handles editing encrypted files. Secure sharing using public key cryptography. Secure file deletion. Generates memorable passwords. Secure online password storage.
Cons: Can be risky if you don't ensure local security of your PC.
Bottom Line: AxCrypt Premium makes encryption simple enough for any user, and even offers public key cryptography for secure sharing of encrypted files.
Pros: Renders bulk data breach of cloud-stored files impossible. Authenticates user to server and vice versa. Secure file sharing. Retains past file versions. Secure chat.
Cons: Relatively expensive. If you forget password or security answers, you lose all access. Office integration currently unavailable.
Bottom Line: When storing your sensitive files in the cloud, CertainSafe Digital Safety Deposit Box makes security its top priority, without sacrificing ease of use.
Pros: Encrypted lockers protect files and folders. Secure online backup. Can lock files and folders, making them invisible. File shredding. Free space shredding. Self-decrypting files. Many useful bonus features.
Cons: Product serial number stands in for master password by default. Locked files are not encrypted. Secure backup requires separate subscription.
Bottom Line: Folder Lock can lock access to files for quick, easy protection, and also keep them in encrypted lockers for serious protection. It combines a wide range of features with a bright, easy-to-use interface.
Pros: Offers 17 encryption algorithms. Supports PKI. Secure deletion. Password generator. Encrypts text to/from the clipboard. Command-line operation.
Cons: Awkward, dated user interface. Password generator doesn't work well. Some features described in Help system are absent.
Bottom Line: InterCrypto's Advanced Encryption Package is by far the most feature-rich encryption tool we've tested. But its awkward and dated interface make it one that should be reserved for experts.
Pros: Very easy to use. Can securely share encrypted files. Feature-limited free edition available.
Cons: No secure deletion of unencrypted original files. Lacks a two-factor authentication option. Expensive.
Bottom Line: The new NordLocker encryption tool is an impressive debut from the makers of NordVPN. It's very easy to use, but so far lacks a few important features.
Pros: Can use one to four encryption algorithms. Simple, context-menu-based operation. Can keep passphrase in memory. Secure deletion. Text encryption. Filename encryption.
Cons: Passphrase memory can be a security risk for the careless. Fewer features than some competitors.
Bottom Line: CryptoForge offers a simple, context-menu-based approach to encryption and secure deletion, and it also handles text-only encryption. It's a fine choice for keeping your files safe.
Pros: Many options for hiding encrypted files. Easy to use. Two-factor authentication. Can hide existence of containers. Comprehensive secure-deletion file shredder. Trace remover. Price includes five licenses.
Cons: Combination of hidden container and two-factor authentication can destroy data. Portable encrypted containers only portable on systems with Steganos installed.
Bottom Line: Steganos Safe creates secure encrypted storage for your sensitive files. It's very easy to use, and it offers some unique options for maintaining privacy and secrecy.
Pros: Easy to encrypt file just by moving them into a secure volume. Password quality meter. Can share volumes. Mobile edition. Can encrypt files and folders for email.
Cons: Secure deletion doesn't handle unencrypted originals. Complicated creation of secure volumes, especially after the first. Expensive for what it does.
Bottom Line: Cypherix Cryptainer PE creates encrypted volumes for storing your sensitive files. Lock the volume and nobody can access the files. It does the job, but it's relatively expensive.
Pros: Encrypts files and folders with optional compression. Includes secure deletion. Straightforward user interface. Self-decrypting EXE option.
Cons: No filename encryption. Lacks advanced features.
Bottom Line: Cypherix SecureIT handles the basic task of encrypting and decrypting files and folders in a workmanlike fashion, but it lacks advanced features offered by the competition.
Pros: Creates secure storage for sensitive files. Easy to use. Two-factor authentication.
Cons: Lacks secure deletion. Displayed some odd error messages in testing.
Bottom Line: Any file you drop into InterCrypto CryptoExpert 8's secure storage vaults gets encrypted when you lock the vault. It's easy to use, but it lacks some features and we found some confusing errors in our testing.
Go here to read the rest:
The Best Encryption Software for 2019 | PCMag.com
What is data encryption?
DescriptionClassroom Ideas
Encryption is used to scramble information so that it can be sent safely without anyone else being able to read it. The information is encrypted with a password or key that is needed to read the information again. If you visit a website on the internet that starts with 'https://' then this means that all of the information you are looking at or sending is being securely encrypted. One of the oldest methods of encryption is the caesar cipher. This works by shifting each letter of the message forward a specific number of paces in the alphabet. To read the message you need to know how many places each letter was moved (this is called the key).
Can be used as an introduction to data encryption. A task could be set where students attempt to encrypt and send messages to each other. Other students attempt to break that encryption by working out the encryption key and pattern - have the letters been shifted or substituted?
See more here:
What is data encryption?
USB Enforced Encryption – Endpoint Protector
With accessibility and portability being an important part of our daily work, securing confidential data and transfers has shifted from a nice to have to a must have. Data stored on computers, on cloud storage or on USB devices can get into the wrong hands and therefore needs to be protected. An easy to use, cross-platform encryption solution is the best way to ensure confidential data will not fall into the wrong hands due to unauthorized access, lost or stolen devices.
EasyLock USB EnforcedEncryption combinedwith Endpoint Protector allows IT Administrators to extend their Device Control policy and make sure all confidential data transferred to USB storage devices is automatically encrypted. As a cross-platform solution, EasyLock can be used on both macOS and Windows computers. Via a secured password, users can safely transfer confidential data and access it on any computers or only on authorized ones. Moreover, some additional useful features are available for IT Administrators like remotely sending messages to the users, requesting a password change or wiping the confidential data in case the device is lost or stolen.
In addition to EasyLock Enforced Encryption for USB devices, Endpoint Protector allows IT Administrators to take advantage of FileVault and enforce encryption on enrolled macOS computers.
Authenticated encryption – Crypto++ Wiki
Authenticated Encryption provides both data confidentiality and data integrity assurances to the information being protected. The concept of data authentication appeared in the 1970s in the banking industry. The problem was studied in detail by the ANSI X9 committee. Banks did not want to transmit data and allow an attacker to flip a bit undetected. In this situation, the attacker would not decrypt the message, instead he or she would only flip a bit so that the encrypted message "Post $100" would be changed to "Post $800".
Many developers make the mistake of only encrypting data. For those who include integrity assurances, it can be difficult to incorporate correctly. The apparent reason for not including authentication data is that most sample code presented in technical sources only offers an example of the encryption (and perhaps decryption) function, void of any context. For those who are including authenticity assurances, the details and interaction can be tricky to implement correctly.
In 2001, Hugo Krawczyk published The Order of Encryption and Authentication for Protecting Communications. In the paper, Krawczyk examined three commonly used methods of combining confidentiality and authenticity. Each method was used in a well known protocol. Note that the list below does not include simple encryption.
The results of the paper showed that Encrypt then Authenticate (IPSec) was secure, as was Authenticate then Encrypt (SSL) under certain constructions as was Authenticate then Encrypt (SSL) when used with a stream cipher. Update: in 2014, Krawczyk revisited his results, and found that SSL with a block cipher in CBC mode was insecure due to a misunderstanding in the way the plaintext was encoded and padded. The paper also showed that Encrypt and Authenticate (SSH) was insecure.
The two provably safe Authenticate then Encrypt constructions are:
Note well: even though SSL uses a block cipher in CBC mode, it is not secure because of the way it applies padding to a message. Sapienti sat: POODLE and friends.
The operations performed by the protocols are listed below. Enc(x) is encryption, Hash(x) is a customary hash, and Auth(x) is a message authenticity code (also known as a MAC or keyed hash).
Handbook of Applied Cryptography, Section 9.6In 2014, Krawczyk revistied TLS CBC mode encryption and determined it was not secure due to the way the padding and MAC was applied. See Re: [TLS] Last Call:
In 2000, Bellare and Rogaway introduced a fourth way of achieving confidentiality and authenticity: Encode-then-Encipher (EtE). Historically EtE has been less popular than the other schemes, but that changed with the advent of the CAESAR Competition. There paper is available at Encode-then-encipher encryption: How to exploit nonces or redundancy in plaintexts for efficient cryptography.
In 1996, David Wagner and Bruce Schneier published Analysis of the SSL 3.0 Protocol. In the paper, Wagner and Schneier introduced the Horton Principal which is the notion of semantic authentication. Semantic authentication simply means to authenticate what was meant, and not what was said.
For example, suppose there is plain text which is to be protected. The plain text is padded to the size of the block cipher and then encrypted. The operation of padding begs the question, What should be authenticated? The plain text or plain text + padding? According to Wagner and Schneier, both the plain text and padding would be authenticated (what was meant), and not just the plain text (what was said).
NIST, through SP 800-38C and SP800-38D, specifies two block cipher modes of operation (CCM and GCM) which offer both confidentiality and authenticity. Additionally Crypto++ offers EAX which was a NIST candidate during the selection process. Finally the library offers both ChaCha20Poly1305 and XChaCha20Poly1305 from the RFCs.
Algorithms providing confidentiality and authenticity can be divided into two categories: authenticated encryption (AE) and authenticated encryption with additional data (AEAD). The two NIST modes, CCM and GCM, and the proposed mode, EAX are AEAD algorithms. Each encrypts and authenticates plain text data (in addition to authenticated-only data), which produces cipher text with an authentication code. If an attacker were to flip a bit, the decryption and verification routine would detect the modification using the authentication code.
The three modes offer to authenticate separate data, known as additional authenticated data or AAD. The additional authenticated data is not encrypted - it is only authenticated. The AAD can be persisted in clear text, or communicated unencrypted (for example, an IP Address and Port in a network data packet). Because the data will be authenticated, an attacker can flip a bit and the verification process will detect the modification.
Revisiting the original example, the improved version is as follows. The sample program performs authenticated encryption (not authentication over additional authenticated data). As with before, it is presumed that buffers will not be an issue. Note, however, that exception handling has been omitted for clarity.
After executing the sample code above, ciphertext is a concatenation of the encrypted data and the authenticator. Because the message is protected using AES and GCM, it will be safe for a very long time. To decrypt the data, the following would be performed.
The two samples demonstrate all that is required to ensure both data confidentiality and data authenticity. The implementation is orders of magnitude stronger than encryption alone. Full details of using Crypto++ objects such as EAX, CCM, GCM, AuthenticatedEncryptionFilter, AuthenticatedDecryptionFilter, and StringSink can be found through out the wiki.
The following demonstrates combining confidentiality and authenticity using a block cipher in CBC mode and an HMAC. Its the same Encrypt-then-Authenticate used by IPSec. The data is first encrypted, and then its authenticated. The authentication tag is placed at the end of the message. Its available for download at cryptopp-authenc.zip.
The program produces results similar to:
If you use the code in the authenticated encryption example, be sure each message gets a unique IV. The DeriveKeyAndIV produces predictable IVs for demonstration purposes, but it violates semantic security because two messages under the same key will produce the same ciphertext.
If you choose to generate a random IV and append it to the message, be sure to authenticate the {IV,Ciphertext} pair.
CCMTest.zip - Authenticated encryption and decryption using AES operated in CCM mode
GCMTest.zip - Authenticated encryption and decryption using AES operated in GCM mode
Blowfish-EAX-Filter.zip - Authenticated encryption and decryption using Blowfish in EAX mode with filters
Twofish-EAX-Filter.zip - Authenticated encryption and decryption using Twofish in EAX mode with filters
IDEA-EAX-Filter.zip - Authenticated encryption and decryption using IDEA in EAX mode with filters
Serpent-EAX-Filter.zip - Authenticated encryption and decryption using Serpent in EAX mode with filters
Camellia-EAX-Filter.zip - Authenticated encryption and decryption using Camellia in EAX mode with filters
Twofish-GCM-Filter.zip - Authenticated encryption and decryption using Twofish in GCM mode with filters
Serpent-GCM-Filter.zip - Authenticated encryption and decryption using Serpent in GCM mode with filters
Camellia-GCM-Filter.zip - Authenticated encryption and decryption using Camellia in GCM mode with filters
AES-GCM-Filter.zip - Authenticated encryption and decryption using AES in GCM mode with filters
cryptopp-authenc.zip - Authenticated encryption and decryption using a block cipher in CBC mode and a HMAC.
The rest is here:
Authenticated encryption - Crypto++ Wiki
Tinder’s Lack of Encryption Lets Strangers Spy on Your …
In 2018, you'd be forgiven for assuming that any sensitive app encrypts its connection from your phone to the cloud, so that the stranger two tables away at the coffee shop can't pull your secrets off the local Wi-Fi. That goes double for apps as personal as online dating services. But if you assumed that basic privacy protection for the world's most popular dating app, you'd be mistaken: As one application security company has found, Tinder's mobile apps still lack the standard encryption necessary to keep your photos, swipes, and matches hidden from snoops.
On Tuesday, researchers at Tel Aviv-based app security firm Checkmarx demonstrated that Tinder still lacks basic HTTPS encryption for photos. Just by being on the same Wi-Fi network as any user of Tinder's iOS or Android app, the researchers could see any photo the user did, or even inject their own images into his or her photo stream. And while other data in Tinder's apps are HTTPS-encrypted, Checkmarx found that they still leaked enough information to tell encrypted commands apart, allowing a hacker on the same network to watch every swipe left, swipe right, or match on the target's phone nearly as easily as if they were looking over the target's shoulder. The researchers suggest that lack of protection could enable anything from simple voyeuristic nosiness to blackmail schemes.
"We can simulate exactly what the user sees on his or her screen," says Erez Yalon, Checkmarx's manager of application security research. "You know everything: What theyre doing, what their sexual preferences are, a lot of information."
To demonstrate Tinder's vulnerabilities, Checkmarx built a piece of proof-of-concept software they call TinderDrift. Run it on a laptop connected to any Wi-Fi network where other connected users are tindering, and it automatically reconstructs their entire session.
[#video: https://www.youtube.com/embed/ZBTL1bmJ9o8
The central vulnerability TinderDrift exploits is Tinder's surprising lack of HTTPS encryption. The app instead transmits pictures to and from the phone over unprotected HTTP, making it relatively easy to intercept by anyone on the network. But the researchers used a few additional tricks to pull information out of the data Tinder does encrypt.
They found that different events in the app produced different patterns of bytes that were still recognizable, even in their encrypted form. Tinder represents a swipe left to reject a potential date, for instance, in 278 bytes. A swipe right is represented as 374 bytes, and a match rings up at 581. Combining that trick with its intercepted photos, TinderDrift can even label photos as approved, rejected, or matched in real time. "It's the combination of two simple vulnerabilities that create a major privacy issue," Yalon says. (Fortunately, the researchers say their technique doesn't expose messages Tinder users send to each other after they've matched.)
Checkmarx says it notified Tinder about its findings in November, but the company has yet to fix the problems.
'You know everything: What theyre doing, what their sexual preferences are, a lot of information.'
Erez Yalon, Checkmarx
In a statement to WIRED, a Tinder spokesperson wrote that "like every other technology company, we are constantly improving our defenses in the battle against malicious hackers," and pointed out that Tinder profile photos are public to begin with. (Though user interactions with those photos, like swipes and matches, are not.) The spokesperson added that the web-based version of Tinder is in fact HTTPS-encrypted, with plans to offer those protections more broadly. "We are working towards encrypting images on our app experience as well," the spokesperson said. "However, we do not go into any further detail on the specific security tools we use, or enhancements we may implement to avoid tipping off would be hackers."
For years, HTTPS has been a standard protection for just about any app or website that cares about your privacy. The dangers of skipping HTTPS protections were illustrated as early as 2010, when a proof-of-concept Firefox add-on called Firesheep, which allowed anyone to siphon unencrypted traffic off their local network, circulated online. Practically every major tech firm has since implemented HTTPSexcept, apparently, Tinder. While encryption can in some cases add to performance costs, modern servers and phones can easily handle that overhead, the Checkmarx researchers argue. "There's really no excuse for using HTTP these days," says Yalon.
Follow this link:
Tinder's Lack of Encryption Lets Strangers Spy on Your ...
‘Without Encryption, We Will Lose All Privacy’: Snowden …
In an op-ed published Tuesday by The Guardian, American whistleblower Edward Snowden expressed alarm over global governments' efforts to undermine encryption, highlighting a recent attempt by the United States, United Kingdom, and Australia to pressure Facebook to create a "backdoor" into its encrypted messaging applications.
"The true explanation for why the U.S., U.K., and Australian governments want to do away with end-to-end encryption is less about public safety than it is about power."Edward Snowden, whistleblower
"For more than half a decade, the vulnerability of our computers and computer networks has been ranked the number one risk in the U.S. Intelligence Community's Worldwide Threat Assessmentthat's higher than terrorism, higher than war," wrote Snowden.
"And yet, in the midst of the greatest computer security crisis in history, the U.S. government, along with the governments of the U.K. and Australia, is attempting to undermine the only method that currently exists for reliably protecting the world's information: encryption," he continued. "Should they succeed in their quest to undermine encryption, our public infrastructure and private lives will be rendered permanently unsafe."
As Snowden noted, "in the simplest terms, encryption is a method of protecting information, the primary way to keep digital communications safe." Messaging apps often use end-to-end encryption (E2EE)which, as the Electronic Frontier Foundation (EFF) explains, "ensures that a message is turned into a secret message by its original sender, and decoded only by its final recipient."
For six years straight, the vulnerability of our computer networks has been the top risk on the US Intelligence Communitys Worldwide Threat Assessment ranked higher than terrorism; higher than war.
This surveillance scheme will make it worse.https://t.co/MFZdRnCvTR
Edward Snowden (@Snowden) October 15, 2019
Facebook-owned WhatsApp already uses E2EE. The New York Times reported in January that Facebook CEO Mark Zuckerberg has ordered its implementation across all company messaging platforms, including Facebook Messenger and Instagram Direct. Acknowledging that encrypted apps could be used for "truly terrible things like child exploitation, terrorism, and extortion," Zuckerberg wrote in blog post on March 6 that "we've started working on these safety systems building on the work we've done in WhatsApp, and we'll discuss them with experts through 2019 and beyond before fully implementing end-to-end encryption."
SCROLL TO CONTINUE WITH CONTENT
On Oct. 4, four top officials from various countriesU.S. Attorney General William Barr, then-acting U.S. Homeland Security Secretary Kevin McAleenan, U.K. Home Secretary Priti Patel, and Australian Minister for Home Affairs Peter Duttonsent an open letter (pdf) to Zuckerberg requesting that "Facebook does not proceed with its plan to implement end-to-end encryption across its messaging services without ensuring that there is no reduction to user safety and without including a means for lawful access to the content of communications to protect our citizens."
Facebook responded by reiterating the company's commitment to its E2EE plans and opposition to backdoors. "We believe people have the right to have a private conversation online, wherever they are in the world," the company said in a statement. "End-to-end encryption already protects the messages of over a billion people every day... We strongly oppose government attempts to build backdoors because they would undermine the privacy and security of people everywhere."
Encryption is a human right in the digital society. Full stop. We should have it by design and default in the technology we use. I agree with @Snowden "Without encryption, we will lose all privacy. This is our new battleground" https://t.co/9YhAh0UsWn
Francesca Bria (@francesca_bria) October 15, 2019
Although Facebook has thus far resisted government pressure, Snowden warned Tuesday that "if Barr's campaign is successful, the communications of billions will remain frozen in a state of permanent insecurity: users will be vulnerable by design. And those communications will be vulnerable not only to investigators in the U.S., U.K., and Australia, but also to the intelligence agencies of China, Russia, and Saudi Arabianot to mention hackers around the world."
Snowden, who worked for CIA and NSA, is now president of the board of directors of the nonprofit Freedom of the Press Foundation. Last month, the whistleblower published a memoir entitled Permanent Record about his experience leaking classified U.S. government documents to the press in 2013, which sparked global discussions about privacy rights and mass surveillance, and led Snowden to seek asylum in Russia.
"When I came forward in 2013, the U.S. government wasn't just passively surveilling internet traffic as it crossed the network, but had also found ways to co-opt and, at times, infiltrate the internal networks of major American tech companies. At the time, only a small fraction of web traffic was encrypted: six years later, Facebook, Google, and Apple have made encryption-by-default a central part of their products, with the result that today close to 80 percent of web traffic is encrypted," Snowden wrote. "Barr, who authorized one of the earliest mass surveillance programs without reviewing whether it was legal, is now signalling an intention to haltor even roll backthe progress of the last six years."
While Barr and his co-signers "invoked the spectre of the web's darkest forces" to justify their opposition to E2EE, Snowden argued that "the true explanation for why the U.S., U.K., and Australian governments want to do away with end-to-end encryption is less about public safety than it is about power: E2EE gives control to individuals and the devices they use to send, receive, and encrypt communications, not to the companies and carriers that route them. This, then, would require government surveillance to become more targeted and methodical, rather than indiscriminate and universal."
Read the original here:
'Without Encryption, We Will Lose All Privacy': Snowden ...