Category Archives: Encryption
Encryption technique based on chaotic neural network space shift and color-theory-induced distortion | Scientific Reports – Nature.com
Acla, H. B. & Gerardo, B. D. Security analysis of lightweight encryption based on advanced encryption standard for wireless sensor networks. In 2019 IEEE (6^{th})International conference on engineering technologies and applied sciences (ICETAS), 16 (2019).
Singh, P. & Kumar, S. Study & analysis of cryptography algorithms: RSA, AES, DES, T-DES, blowfish. Int. J. Eng. Technol. 7(15), 221225 (2018).
Google Scholar
Al-Muhammed, M. J. & Abuzitar, R. Mesh-Based Encryption Technique Augmented with Effective Masking and Distortion Operations. In Intelligent Computing (eds Arai, K. et al.) 771796 (Springer, Cham, 2019).
Niu, Y., Zhao, K., Zhang, X. & Cui, G. Review on DNA Cryptography. In Bio-inspired Computing: Theories and Applications (BIC-TA 2019) Vol. 1160 (eds Pan, L. et al.) 134148 (Springer, Singapore, April 2020).
Moe, K. S. M. & Win, T. Enhanced honey encryption algorithm for increasing message space against brute force attack. In 2018 15th international conference on electrical engineering/electronics, computer, telecommunications and information technology (ECTI-CON), pages 8689, (2018).
Juels, A. & Ristenpart, T. Honey Encryption: Security beyond the brute-force bound. In Advances in Cryptology-EUROCRYPT 2014 Vol. 8441 (eds Nguyen, P. Q. & Oswald, E.) 293310 (Springer, Berlin, Heidelberg, May 2014).
Chen, Y. The existence of homoclinic orbits in a 4D Lorenz-type hyperchaotic system. Nonlinear Dyn. 87(3), 14451452 (2017).
MathSciNet Article Google Scholar
Kondrashov, A. V., Grebnev, M. S., Ustinov, A. B. & Perepelovskii, V. V. Application of hyperchaotic Lorenz system for data transmission. J. Phys. 1400(4), 044033 (2019).
Wang, X. et al. A chaotic image encryption algorithm based on perceptron model. Nonlinear Dyn. 62, 615621 (2010).
Article Google Scholar
Zhang, Y., Wang, Z., Liu, X. & Yuan, X. A DNA-based encryption method based on two biological axioms of DNA chip and polymerase chain reaction (PCR) amplification techniques. Chemistry 23, 1338713403 (2017).
CAS Article Google Scholar
Wang, X. & Wang, M. A hyperchaos generated from Lorenz system. Physica A 387, 37513758 (2008).
ADS MathSciNet Article Google Scholar
Zhang, F. & Zhang, G. Dynamical analysis of the hyperchaos Lorenz system. Complexity 21, 440445 (2016).
ADS MathSciNet Article Google Scholar
Yong, Z. A chaotic system based image encryption scheme with identical encryption and decryption algorithm. Chin. J. Electron. 26(5), 10221031 (2017).
Article Google Scholar
Li, W., Wang, C., Feng, K., Huang, X. & Ding, Q. A multidimensional discrete digital chaotic encryption system. Int. J. Distrib. Sens. Netw. 14(9), 18 (2018).
Google Scholar
Marsaglia, G. Xorshift RNGs. J. Stat. Softw., 8(14), (2003).
Stallings, W. Cryptography and network security: Principles and practice. Pearson, (8^{th}) edition, (July 2019).
Thoms, G. R. W., Muresan, R. & Al-Dweik, A. Chaotic encryption algorithm with key controlled neural networks for intelligent transportation systems. IEEE Access 7, 158697158709 (2019).
Article Google Scholar
Al-Muhammed, M. J. A novel key expansion technique augmented with an effective diffusion method. J. Comput. Fraud Secur. 2018(3), 1220 (2018).
Article Google Scholar
Daemen, J. & Rijmen, V. The design of Rijndael: AESthe advanced encryption standard. Springer-Verlag,(2002).
Federal Information Processing Standards Publication 180-3. Secure Hash Standard, (2008). http://csrc.nist.gov/publications/fips/fips180-3/fips180-3_final.pdf.
Gueron, S., Johnson, S. & Walker, J. SHA-512/256. In Proceedings of the eighth international conference on information technology: New generations, pages 354358, Las Vegas, NV, USA, (2011). IEEE.
Anderson, M., Motta, R., Chandrasekar, S. & Stokes, M. Proposal for a standard default color space for the internet-sRGB. In Proceeddings of(4^{th})Color and imaging conference final program 238245 (Scottsdale, Arizona, 1996).
Stokes, M., Anderson, M., Chandrasekar, S. & Motta, R. A Standard default color space for the internetsRGB, version 1.10. Technical report, HewlettPackard, (1996).
Walker, J. ENT: A pseudorandom number sequence test program, Fourmilab: Switzerland, (2008). https://www.fourmilab.ch/random/.
Soto, J. et al. Randomness testing of the AES candidate algorithms, (1999).
Lawrence, E., Andrew, L., Rukhin, J. S, Nechvatal, J. R., Smid, M. E., Leigh, S. D., Levenson, M., Vangel, M., Heckert, N. A. & Banks, D. L. A Statistical test suite for random and pseudorandom number generators for cryptographic applications. Special Publication (NIST SP) - 800-22 Rev 1a, September (2010).
Wang, X. & Gao, S. Image encryption algorithm ased on the matrix semi-tensor product with a compound secret key produced by a Boolean network. Inf. Sci. 539, 195214 (2020).
Article Google Scholar
Khalid, B. K., Guohui, L., Sajid, K. & Sohaib, M. Fast and efficient image encryption algorithm based on modular addition and SPD. Entropy, 22(1), (2020).
Wang, X., Feng, L. & Zhao, H. Fast image encryption algorithm based on parallel computing system. Inf. Sci. 486, 340358 (2019).
Article Google Scholar
Wang, X., Teng, L. & Qin, X. A novel colour image encryption algorithm based on chaos. Signal Process. 92(4), 11011108 (2012).
MathSciNet Article Google Scholar
Patil, P., Narayankar, P., Narayan, D. G. & Meena, S. M. A comprehensive evaluation of cryptographic algorithms: DES, 3DES, AES, RSA and Blowfish. Proc. Comput. Sci. 78, 617624 (2016).
Article Google Scholar
Kumar, M., Saxena, A. & Vuppala, S. S. A survey on chaos based image encryption techniques Vol. 884 (Springer, Cham, 2020).
Su, Z., Zhang, G. & Jiang, J. Multimedia security: A survey of chaosbased encryption technology, pages 99124. Multimedia-A Multidisciplinary Approach to Complex Issues. InTech, (2012).
Wang, X. Y. & Gu, S. X. New chaotic encryption algorithm based on chaotic sequence and plaintext. ET Inform. Secur. 8(3), 213216 (2014).
Article Google Scholar
Nesa, N., Ghosh, T. & Banerjee, I. Design of a chaos-based encryption scheme for sensor data using a novel logarithmic chaotic map. J. Inform. Secur. Appl. 47, 320328 (2019).
Google Scholar
Wu, X., Zhu, B., Hu, Y. & Ran, Y. A novel color image encryption scheme using rectangular transform-enhanced chaotic tent maps. IEEE Access 5, 64296436 (2017).
Google Scholar
Abanda, Y. & Tiedeu, A. Image encryption by chaos mixing. IET Image Process 10(10), 742750 (2016).
Article Google Scholar
Kocarev, L., Makraduli, J. & Amato, P. Public-key encryption based on Chebyshev polynomials. Circ. Syst. Signal Process. 24(5), 497517 (2005).
MathSciNet Article Google Scholar
Amani, H. R. & Yaghoobi, M. A new approach in adaptive encryption algorithm for color images based on DNA sequence operation and hyper-chaotic system. Multimed. Tools Appl. 78, 2153721556 (2019).
Article Google Scholar
Babaei, M. A novel text and image encryption method based on chaos theory and DNA computing. Nat. Comput. 12, 101107 (2013).
MathSciNet CAS Article Google Scholar
Liu, H. & Wang, X. Color image encryption based on one-time keys and robust chaotic maps. Comput. Math. Appl. 59(10), 33203327 (2010).
MathSciNet Article Google Scholar
Wang, X. & Yang, J. A privacy image encryption algorithm based on piecewise coupled map lattice with multi dynamic coupling coefficient. Inf. Sci. 569, 217240 (2021).
MathSciNet Article Google Scholar
Wang, X. & Gao, S. Image encryption algorithm based on the matrix semi-tensor product with a compound secret key produced by a Boolean network. Inf. Sci. 539, 195214 (2020).
MathSciNet Article Google Scholar
Xian, Y. & Wang, X. Fractal sorting matrix and its application on chaotic image encryption. Inf. Sci. 547, 11541169 (2021).
MathSciNet Article Google Scholar
Wang, X., Liu, L. & Zhang, Y. A novel chaotic block image encryption algorithm based on dynamic random growth technique. Opt. Lasers Eng. 66, 1018 (2015).
Article Google Scholar
Belazi, A. et al. Efficient cryptosystem approaches: S-boxes and permutation-substitution-based encryption. Nonlinear Dyn. 87, 337361 (2017).
Article Google Scholar
Ren, W. & Miao, Z. A Hybrid Encryption Algorithm Based on DES and RSA in bluetooth communication. In Proceedings of the(2^{nd})international conference on modeling, simulation and visualization methods, pages 221225, Sanya, China, (May 2010). IEEE.
Schneier, B. Description of a new variable-length key, 64-bit block cipher (Blowfish). In Fast Software encryption, Cambridge security workshop, Cambridge, UK, December 9-11, 1993, Proceedings, volume 809 of Lecture Notes in Computer Science, pages 191204. Springer, (1993).
Modi, B. & Gupta, V. A Novel security mechanism in symmetric cryptography using MRGA. In Progress in intelligent computing techniques: Theory (eds Sa, P. et al.) 195202 (Springer, Singapore, 2018).
Weiping, P., Danhua, C. & Cheng, S. One-time-pad cryptography scheme based on a three-dimensional DNA Self-assembly pyramid structure. PLoS One 13(11), 124 (2018).
Google Scholar
Cui, G., Han, D., Wang, Y. & Wang, Z. An improved method of DNA information encryption. In Bio-inspired computing-theories and applications Vol. 472 (eds Pan, L. et al.) 7377 (Springer, Berlin, Heidelberg, 2014).
Chapter Google Scholar
Kals, S., Kaur, H. & Chang, V. DNA cryptography and deep learning using genetic algorithm with NW algorithm for key generation. J. Med. Syst. 42(1), 17 (2018).
Article Google Scholar
Liu, H., Wang, X. & Kadir, A. Image encryption using DNA complementary rule and chaotic maps. Appl. Soft Comput. 12(5), 14571466 (2012).
Article Google Scholar
Wang, X.-Y., Zhang, Y.-Q. & Bao, X.-M. A novel chaotic image encryption scheme using DNA sequence operations. Opt. Lasers Eng. 73, 5361 (2015).
CAS Article Google Scholar
Man, Z., Li, J., Di, X., Sheng, Y. & Liu, Z. Double image encryption algorithm based on neural network and chaos. Chaos, Solit. & Fract. 152, 111318 (2021).
MathSciNet Article Google Scholar
Shi, J. et al. An approach to cryptography based on continuous-variable quantum neural network. Sci. Rep. 10, 2107 (2020).
ADS CAS Article Google Scholar
Yin, W., Indulska, J. & Zhou, H. Protecting private data by honey encryption. Security and communication networks, 2017:9 pages, (2017).
Yoon, J. W., Kim, H., Jo, H. J., Lee, H. & Lee, K. Visual honey encryption: Application to steganography. In Proceedings of the(3^{rd})ACM workshop on information hiding and multimedia security, pages 6574, Portland, Oregon, USA, (2015). ACM.
Juels, A. & Ristenpart, T. Honey encryption: Security Beyond the BruteForce Bound. In Q. Nguyen Phong and O. Elisabeth, editors, Advances in CryptologyEUROCRYPT, volume 8441 of Lecture Notes in Computer Science, pages 293310. Springer, (2014).
Here is the original post:
Encryption technique based on chaotic neural network space shift and color-theory-induced distortion | Scientific Reports - Nature.com
How to Disable BitLocker Encryption on Windows 10 and 11 – How-To Geek
Ar_TH/Shutterstock.com
Windows 10 and 11s BitLocker feature, for Professional and Enterprise editions, encrypts your drive to help keep your data secure. If you dont want this encryption for some reason, its easy to disable BitLocker and decrypt your drive. Well show you how to do that.
If youre concerned about privacy and security, know that removing BitLocker encryption makes your drive data more accessible in certain situations. For example, if you use a dual-boot PC, the other operating system can access the data stored on your drive if youve disabled BitLocker. Also, if your laptop gets stolen or you lose it, whoever has it can access the unencrypted data on your machines drive.
If your concern is with remote hackers and thieves accessing your drives data while youre connected to the internet, keep in mind that BitLocker doesnt protect against that; your data is already decrypted while youre using the machine. Its the job of your firewall, yourantivirus software, and yourself as the user to protect you from online threats. Aperson or another operating system with physical access to your device will be your main concern if you choose to proceed.
RELATED: The Best Antivirus Software of 2022
To disable BitLocker on Windows 10 or Windows 11, youll follow these steps. We used a Windows 11 PC below to demonstrate the steps, but Windows 10 is virtually the same.
To get started, open the Start menu, search for Control Panel, and select Control Panel in the search results.
When Control Panel opens, click System and Security.
On the System and Security page, choose BitLocker Drive Encryption.
Next to the drive where youve enabled BitLocker, click Turn Off BitLocker.
Select the Turn Off BitLocker option.
Windows will now start decrypting the contents of your drive, which can take quite some time, especially if your drive has a lot of content on it. In the meantime, you can continue to work with your files as usual.
Your drive is now decrypted and you can access the data on it however you want.
If youre looking for an alternative to BitLocker, consider using Veracrypt, which is a free and open-source encryption tool.
RELATED: How to Secure Sensitive Files on Your PC with VeraCrypt
See original here:
How to Disable BitLocker Encryption on Windows 10 and 11 - How-To Geek
Bill to remove police radio encryption faces pushback – The Almanac Online
An effort by state Sen. Josh Becker to restore media access to police radio communications encountered resistance Tuesday, with several members of the state Assembly Public Safety Committee warning him that the measure is unlikely to win passage without stronger support from law enforcement agencies and backing from the state Department of Justice.
Becker's bill, Senate Bill 1000, is a response to the recent trend of police departments across the state fully encrypting their radio communications, thereby blocking the media or the public from monitoring police activities. In adopting the encryption policies, law enforcement agencies point to an October 2020 memo from the state Department of Justice, which ordered them to protect personally identifiable information such as Social Security numbers, license plate numbers and criminal records from radio transmission.
The DOJ memo allowed law enforcement agencies to meet the memo's objective by either encrypting their radio communications or adopting policies that protect private information but transmit most other communications through open channels. The Palo Alto Police Department is one of dozens around the state that chose full encryption.
While Palo Alto has publicly supported SB 1000, other law enforcement agencies are fiercely opposing the bill. The Riverside County Sheriff's Department is among them. Sgt. Julio de Leon said his department had spent millions of dollars to encrypt its radio communications and thousands of personnel hours.
"Now with this bill, the legislation will be forcing us to decrypt communications once again, which will cost us several millions of dollars to accomplish this task and thousands of hours," de Leon said. "This is simply unfair."
The two Republicans on the committee, Vice Chair Tom Lackey and Assembly member Kelly Seyarto both said they will oppose the bill. Lackey noted that the push to encrypt was prompted by a state Department of Justice mandate and argued that the remedy must similarly come from the state department. Proponents of the bill, he said, need to work out the solution with the DOJ.
"I understand their frustrations but I totally believe (what is) being proposed here creates a greater problem in compliance, and I believe law enforcement is truly caught in the middle on this thing and it's unfair to them, as an agency, to comply with privacy (requirements) and also reach out and engage in transparency," Lackey said.
Seyarto argued that requiring police officers to add additional frequency just for sharing information could create a barrier for their safety if they have to switch frequency while under duress.
"For me, paramount in all of this is the safety of the police officers," Seyarto said.
Though similar arguments came up during Senate hearings, SB 1000 enjoyed a relatively smooth path through the Legislature's upper chamber, which on May 26 voted to approve the bill by a 25-8 vote, largely along party lines. The Tuesday meeting suggested that getting through the Assembly level may prove to be tougher.
Even though the committee voted 3-2 along party lines to advance SB 1000, those who supported it suggested that the bill's proponents need to work closer with law enforcement agencies to reach a compromise.
Assembly member Reggie Jones-Sawyer, who chairs the Public Safety Committee, told Becker that his biggest challenge will probably be getting the bill out of the Appropriations Committee and resolving whether the legislation will cost millions of dollars for law enforcement to implement.
"Hopefully, you can get there, otherwise you'll have a difficult time to get out of Appropriations and get off the floor," Jones-Sawyer said.
Becker emphasized at Tuesday's hearing that SB 1000 provides a host of options for law enforcement agencies wishing to transmit private information over secure channels to ensure officer safety. They could, for example, follow the lead of the California Highway Patrol, which adopted a "hybrid" approach in which personally identifiable information gets transmitted through secure channels while other communication remains publicly accessible. He argued that the law is necessary to ensure transparency.
"Law enforcement can in fact protect private information without putting the public in the dark," Becker said at Tuesday's hearing.
SB 1000 states that agencies may comply with the confidentiality requirement by using an encrypted channel for dissemination of confidential information; by transmitting the information by a mobile data terminal, tablet or other text display device; or by communicating it through a telephone or other private device-to-device communication.
Jennifer Seelig, director of news and programming at KCBS and board member at the Radio Television Digital News Association, called Becker's bill "critically important to the safety, security and well-being of the public" because it restores an essential tool that journalists rely on to provide information.
"Journalists have a responsibility to inform the public in real time," Seelig said. "The decision by a number of law enforcement agencies to fully encrypt their scanner communication greatly limits the ability of journalists to serve the public during natural disasters, evacuations, mass casualty incidents and other news events."
Read more here:
Bill to remove police radio encryption faces pushback - The Almanac Online
Encryption Key Management Software Market Trends, Size, Share, Growth, Industry Analysis, Product, Application, Advance Technology and Forecast 2030 …
The Encryption Key Management Software Market researchexamines market estimates and predictions innicedetail. Itadditionallyaidswithin theexecutionof thosefindings by demonstrating tangiblebenefitsto business stakeholders andbusinessleaders.eachcompanyshouldanticipatehowevertheir productare going to beutilized inthe longer term. Giventhislevel of uncertainty caused by the COVID-19state of affairs, thisanalysisisessentialforhigherunderstanding previous disruptions and increasing readiness forsuccessivesteps in decision-making.the foremostrecent studymakes an attempttoaltertheadvancedmarketplace forcompanyexecutives by providing strategic insights and exhibiting resiliency insuddenconditions. The insightswillassist all potential readers indistinguishingnecessarybusinessbottlenecks.
The primary objective of the report is to educate business owners and assist them in making an astute investment in the market. The study highlights regional and sub-regional insights with corresponding factual and statistical analysis. The report includes first-hand, the latest data, which is obtained from the company website, annual reports, industry-recommended journals, and paid resources. The Encryption Key Management Software report will facilitate business owners to comprehend the current trend of the market and make profitable decisions.
Market Leaders Profiled:
Report Analysis & Segments:
The Encryption Key Management Software is segmented as per the type of product, application, and geography. All of the segments of the Encryption Key Management Software are carefully analyzed based on their market share, CAGR, value and volume growth, and other important factors. We have also provided Porters Five Forces and PESTLE analysis for a deeper study of the Encryption Key Management Software.The report also constitutes recent development undertaken by key players in the market which includes new product launches, partnerships, mergers, acquisitions, and other latest developments.
Based on Product Type Encryption Key Management Software is segmented into
Based on the Application Encryption Key Management Software is segmented into
The report provides insights on the following pointers:
1 Market Penetration: Comprehensive information on the product portfolios of the top players in the Encryption Key Management Software.
2 Product Development/Innovation: Detailed insights on the upcoming technologies, R&D activities, and product launches in the market.
3 Competitive Assessment: In-depth assessment of the market strategies, and geographic and business segments of the leading players in the market.
4 Market Development: Comprehensive information about emerging markets. This report analyzes the market for various segments across geographies.
5 Market Diversification: Exhaustive information about new products, untapped geographies, recent developments, and investments in the Encryption Key Management Software.
Schedule a Consultation Call With Our Analysts / Industry Experts to Find a Solution For Your Business @ https://www.marketresearchintellect.com/ask-for-discount/?rid=182608
Various Analyses Covered:
Regional assessment of the Encryption Key Management Software has been carried out over six key regions which include North America, Asia-pacific, Europe, Latin America, Middle East, and Africa. Moreover, the report also delivers deep insights on the ongoing research & development activities, revenue, innovative services, the actual status of demand and supply, and pricing strategy. In addition to this, this report also delivers details on consumption figures, export/import supply, and gross margin by region. In short, this report provides a valuable source of guidance and clear direction for the marketer and the part interested in the market.
North America(United States, Canada)Asia Pacific(China, Japan, India, South Korea, Australia, Indonesia, Others)Europe(Germany, France, United Kingdom, Italy, Spain, Russia, Others)Latin America(Brazil, Mexico, Others) The Middle East and Africa
Frequently Asked Questions:
About Us:Market Research Intellect
Market Research Intellect provides syndicated and customized research reports to clients from various industries and organizations with the aim of delivering functional expertise. We provide reports for all industries including Energy, Technology, Manufacturing and Construction, Chemicals and Materials, Food and Beverage, and more. These reports deliver an in-depth study of the market with industry analysis, the market value for regions and countries, and trends that are pertinent to the industry.
Contact Us:Mr. Steven FernandesMarket Research IntellectNew Jersey (USA)Tel: +1-650-781-4080
Email:sales@marketresearchintellect.com
Website: https://www.marketresearchintellect.com/
See the original post here:
Encryption Key Management Software Market Trends, Size, Share, Growth, Industry Analysis, Product, Application, Advance Technology and Forecast 2030 ...
MongoDB 6.0 Offers Client-Side End-to-End Encryption The New Stack – thenewstack.io
Developers arent cryptographers. We can only do so much security training, and frankly, they shouldnt have to make hard choices about this encryption mode or that encryption mode. It should just, like, work, said Kenneth White, a security principal at MongoDB, explaining the need for MongoDBs new Queryable Encryption feature.
In this latest edition of The New Stack Makers podcast, we discuss MongoDBs new end-to-end client-side encryption, which allows an application to query an encrypted database and keep the queries in transit encrypted, an industry first, according to the company.
MongoDB 6.0 Offers Client-Side End-to-End Encryption
Also available on Apple Podcasts, Google Podcasts, Overcast, PlayerFM, Pocket Casts, Spotify, Stitcher, TuneIn
White discussed this technology in depth to TNS publisher Alex Williams, in a conversation recorded at MongoDB World, held last week in New York.
MongoDB has offered the ability to encrypt and decrypt documents since MongoDB 4.2, though this release is the first to allow an application to query the encrypted data. Developers with no expertise in encryption can write apps that use this capability on the client-side, and the capability itself (available in preview mode for MongoDB 6.0) adds no noticeable overhead to application performance, so claims the company.
Data remains encrypted all times, even in memory and in the CPU; The keys never leave the application and cannot be accessed by the server. Nor can the database or cloud service administrator be able to look at the raw data.
For organizations, queryable encryption greatly expands the utility of using MongoDB for all sorts of sensitive and secret data. Customer service reps, for instance, could use the data to help customers with issues around sensitive data, such as social security numbers or credit card numbers.
In this podcast, White also spoke about the considerable engineering effort to make this technology possible and make it easy to use for developers.
In terms of how we got here, the biggest breakthroughs werent cryptography, they were the engineering pieces, the things that make it so that you can scale to do key management, to do indexes that really have these kinds of capabilities in a practical way, White said.
It was necessary to serve a user base that needs maximum scalability in their technologies. Many have monster workloads, he notes.
Weve got some customers that have over 800 shards, meaning 800 different physical servers around the world for one system. I mean, thats massive, he said. So it was a lot of the engineering over the last year and a half [has been] to sort of translate those math and algorithm techniques into something thats practical in the database.
See the rest here:
MongoDB 6.0 Offers Client-Side End-to-End Encryption The New Stack - thenewstack.io
Elasticsearch server with no password or encryption leaks a million records – The Register
Researchers at security product recommendation service Safety Detectives claim theyve found almost a million customer records wide open on an Elasticsearch server run by Malaysian point-of-sale software vendor StoreHub.
Safety Detectives report states it found a StoreHub sever that stored unencrypted data and was not password protected. The security companys researchers were therefore able to waltz in and access 1.7 billion records describing the affairs of nearly a million people, in a trove totalling over a terabyte.
StoreHubs wares offer point of sale and online ordering, and the vendor therefore stores data about businesses that run its product and individual buyers activities.
Safety Detectives wrote that full names, phone numbers, physical addresses, email addresses, and even device types were among the exposed data.
Customers orders, plus the locations they ordered from and the times at which they ordered, were also open to the world. Safety Detectives asserts that order details included partially masked credit card information.
Information about StoreHub users staff was also exposed.
So were access tokens that could allow miscreants to alter users StoreHub-powered sites.
Safety Detectives post says it found the exposed server on January 12th and promptly reported it, then followed up but StoreHub did not respond. On January 27th the security company decided to contact StoreHubs host AWS and Malaysias Computer Emergency Response Team. The server was secured by February 2nd.
A statement from StoreHub sent to The Register disputes Safety Detectives' timeline - the company says it was alerted on February 3rd - but does not dispute the existence of the unsecured server.
"Upon being informed of the occurrence on an Amazon Web Services (AWS) Elasticsearch instance, StoreHub took immediate action to patch and rectify the vulnerability within 24 hours." The company also revoked tokens in the dataset.
The company conducted an investigation it states revealed "that no sensitive financial data or passwords were contained in the vulnerability." The statement is silent on whether the exposed data was accessed.
StoreHub has now engaged a security consultancy to "verify and prevent future potential vulnerabilities" and has pledged to do much better in future.
Safety Detectives has generously described the cause of this mess as a misconfigured server.
Malaysian law may be less lenient, as it provides for substantial fines for non-compliance with data protection laws.
StoreHub could also find itself in trouble beyond its home country, as it operates across several South-East Asian nations.
Go here to read the rest:
Elasticsearch server with no password or encryption leaks a million records - The Register
Rocket.Chat vs. Slack: Choosing the Perfect Team Collaboration App – It’s FOSS
Slack is arguably the most popular team messaging/collaboration application out there.
While it is not an open-source solution, it is available for Linux, Windows, macOS, Android, and iOS.
Rocket.Chat, on the other hand, is one of the best open-source Slack alternatives. It is also available across all major platforms.
We at Its FOSS use Rocket.Chat (Self-hosted) for internal team communication. But, we have also had a fair share of experiences with Slack.
Is Rocket.Chat better than Slack? What benefits do you get if you use Slack over Rocket.Chat?
If you are on the fence about deciding on a good team communication app, let me compare the offerings to help you explore more about them.
An essential factor for picking a team communication application includes the pricing.
Open-source or not, not everyone wants to invest in getting started. Of course, it depends on your preferences, but most users will prefer something free.
Slack, in this case, is free to get started with limited features. We also have a guide on installing Slack on Linux to give you a head start.
In comparison, Rocket.Chat is not entirely free to set up. Technically, you dont need to pay a dime to use it. However, it would help if you had a server to deploy it to.
So, considering you already have an infrastructure in place, it should be free for you without any limit to its available features.
But, if you would rather not invest in a server to host it yourself, Slack gives you the free option.
Furthermore, Slack does present you with some special regional pricing, which is not the case with Rocket.Chat.
Generally, the pricing for premium subscriptions is almost similar, but it will differ per your organizations requirements. You might want to check out Slacks and Rocket.Chats pricing page to learn more about it.
Rocket.Chat offers a straightforward interface that is easy to use. It does provide a good user experience, but as per my usage (for a few years now), I wouldnt rate it as the best experience.
Things like searching for a particular message and a few subtle interactions arent the strongest points of Rocket.Chat.
But, if you like a simple and effective user interface that keeps up with the modern standards, Rocket.Chat is your friend. It does not have any significant issues, but it may not be the most engaging experience for some.
With Slack, the user interface takes a modern approach (in other words, a feature-filled user experience).
Considering the mobile and desktop experience of Slack, it works great with its subtle animations and works pretty much flawlessly.
With that being said, I would recommend trying both of them to check your preferences. Just for my opinion, I give Slack a bit of an edge here.
While it can be a hassle to self-host it, if you are someone who values data privacy more than the setup convenience, Rocket.Chat can be the perfect fit.
Fret not, we have a guide to help you self-host Rocket.Chat, if you prefer doing that.
Of course, Slack does not wildly steal any of your data, but technically, your data resides on someone elses server. You do not get control of it, but get access to some toggles to manage the workspace.
With Rocket.Chat lets you control the data and any practices that help you secure your communications.
Note that for some users, securing and deploying proper practices to secure their server can be a headache (if you are not experienced). So, you might have to end up hiring an expert to set it up and maintain it for you.
Fortunately, Rocket.Chat also offers you a hosted option like Slack for a premium giving access to certain enterprise-grade features.
Overall, with Rocket.Chat allows you to opt between a self-hosted option and a managed hosted plan. But, with Slack, you only have the option to rely on a managed hosting option.
Rocket.Chat supports end-to-end encryption out of the box using the Off the record feature conversations. So, you can toggle it in every conversation when needed.
The feature is still in its beta phase and does not support sharing files when writing this. Hence, it isnt as pleasant as using some of the best WhatsApp alternatives for instant messaging.
The enterprise edition, mentions that it offers end-to-end encryption by default. Of course, with the self-hosted option, you get more control, so you get to decide what you want to do with it.
Slack encrypts the data at rest and data in transit for all users. With its enterprise edition, you get an Enterprise Key Management feature to take control of your encryption keys for sensitive conversations.
Overall, both Slack and Rocket.Chat offers options for encryption and security. It all depends on what your organization needs or what you need as an individual.
Numerous brands aim to customize every service/app experience they use by incorporating the companys theme/name/color/logo.
And, Rocket.Chat gives you total freedom to customize the experience.
Ranging from color changes to full CSS customization to help an organization tailor the collaboration/messaging experience for their employees. Just like we have a few things customized in our case.
You can even choose to customize from the source code for advanced tweaks.
Unfortunately, Slack falls short on this. Whether an individual or an enterprise, you must stick to Slacks default themes/color choices.
You should get all the essential messaging features with both of them.
Message reactions, threaded replies, the recipients time zone, notification controls, etc. Several such features can make a difference.
To make things simpler, here, I highlight some of the key feature differences (and similarities) that could help you decide whats better for you:
Common Features
Now that you know some of the fundamental similarities. It would help if you also looked at some of the introductory videos embedded that give you an overview of both.
In either case, let us take a look at some of the important differences:
In addition to some key points, you should find many other subtle differences making up the entire user experience.
Regarding third-party integrations, none of the choices should disappoint you.
All the major services like Outlook, Zoom and Google Drive work well with both Rocket.Chat and Slack.
However, Rocket.Chat offers some extras that can have the edge over Slack:
Rocket.Chat already offers some good perks as an open-source solutionfor instance, the option to self-host, the freedom to customize the source code, and more.
So, if you prefer an open-source software for its transparency, privacy benefits, and more, Rocket.Chat is the easy pick.
If you do not care about any of the perks that come with an open-source tool, you can pick Slack for some of its convenient features and a slightly better user experience.
Rocket.Chat gives you more control of your data and the freedom to customize things. So, if you have no issues with a self-hosted solution, Rocket.Chat is a clear choice.
However, if you do not want to set it up yourself and want an enterprise (managed) offering, you might want to try them first to evaluate the user experience and its features per your preferences.
And, if you are just getting started and do not want to invest in a server/premium subscription, Slack should be a good start.
What would you pick? Let me know your thoughts in the comments below.
Like what you read? Please share it with others.
Read the original:
Rocket.Chat vs. Slack: Choosing the Perfect Team Collaboration App - It's FOSS
Quantum Cryptography and Encryption Market Is Expected to Boom | ID Quantique,Qrypt,Single Quantum,Post-Quantum,Crypto Quantique,CryptoNext – Digital…
Global Quantum Cryptography and Encryption Size, Status and Forecast 2022-2028
This report studies the Quantum Cryptography and Encryption with many aspects of the industry like the market size, market status, market trends and forecast, the report also provides brief information of the competitors and the specific growth opportunities with key market drivers. Find the complete Quantum Cryptography and Encryption analysis segmented by companies, region, type and applications in the report.
New vendors in the market are facing tough competition from established international vendors as they struggle with technological innovations, reliability and quality issues. The report will answer questions about the current market developments and the scope of competition, opportunity cost and more.
Some of the key players Analysis in Global Quantum Cryptography and Encryption @ ID Quantique,Qrypt,Single Quantum,Post-Quantum,Crypto Quantique,CryptoNext Security,Quantum Resistant Ledger,InfiniQuant,Agnostiq,ISARA Corporation,KETS Quantum Security
GET SAMPLE COPY OF THIS REPORT: https://www.reportsandmarkets.com/sample-request/global-quantum-cryptography-and-encryption-market-4454500?utm_source=dj&utm_medium=6
It is our aim to provide our readers with report for Global Quantum Cryptography and Encryption, which examines the industry during the period 2022 2028. One goal is to present deeper insight into this line of business in this document. The first part of the report focuses on providing the industry definition for the product or service under focus in the Global Quantum Cryptography and Encryption report. Next, the document will study the factors responsible for hindering and enhancing growth in the industry. After covering various areas of interest in the industry, the report aims to provide how the Global Quantum Cryptography and Encryption will grow during the forecast period.
One of the crucial parts of this report comprises Global Quantum Cryptography and Encryption industry key vendors discussion about the brands summary, profiles, market revenue, and financial analysis. The report will help market players build future business strategies and discover worldwide competition. A detailed segmentation analysis of the market is done on producers, regions, type and applications in the report.
On the basis of geographically, the market report covers data points for multiple geographies such as United States, Europe, China, Japan, Southeast Asia, India, and Central& South America
Analysis of the market:
Other important factors studied in this report include demand and supply dynamics, industry processes, import & export scenario, R&D development activities, and cost structures. Besides, consumption demand and supply figures, cost of production, gross profit margins, and selling price of products are also estimated in this report.
Frequently Asked Questions
Which product segment grabbed the largest share in the Quantum Cryptography and Encryption?
How is the competitive scenario of the Quantum Cryptography and Encryption?
Which are the key factors aiding the Quantum Cryptography and Encryption growth?
Which are the prominent players in the Quantum Cryptography and Encryption?
Which region holds the maximum share in theQuantum Cryptography and Encryption?
What will be the CAGR of the Quantum Cryptography and Encryption during the forecast period?
Which application segment emerged as the leading segment in the Quantum Cryptography and Encryption?
What key trends are likely to emerge in the Quantum Cryptography and Encryption in the coming years?
What will be the Quantum Cryptography and Encryption size by 208?
Which company held the largest share in the Quantum Cryptography and Encryption?
The conclusion part of their report focuses on the existing competitive analysis of the market. We have added some useful insights for both industries and clients. All leading manufacturers included in this report take care of expanding operations in regions. Here, we express our acknowledgment for the support and assistance from the High-speed and Intercity Trains industry experts and publicizing engineers as well as the examination groups survey and conventions. Market rate, volume, income, demand and supply data are also examined.
To inquire about the Global Quantum Cryptography and Encryption report, click here: https://www.reportsandmarkets.com/sample-request/global-quantum-cryptography-and-encryption-market-4454500?utm_source=dj&utm_medium=6
Table of contents:
Quantum Cryptography and Encryption Global Market Research Report 2021
1 Market Overview
2 Manufacturers Profiles
3 Global Quantum Cryptography and Encryption Sales, Revenue, Market Share and Competition by Manufacturer
4 Global Quantum Cryptography and Encryption Analysis by Regions
5 North America Quantum Cryptography and Encryption by Country
6 Europe Quantum Cryptography and Encryption by Country
7 Asia-Pacific Quantum Cryptography and Encryption by Country
8 South America Quantum Cryptography and Encryption by Country
9 Middle East and Africa Quantum Cryptography and Encryption by Countries
10 Global Quantum Cryptography and Encryption Segment by Type
11 Global Quantum Cryptography and Encryption Segment by Application
12Quantum Cryptography and Encryption Forecast (2021-2027)
13 Sales Channel, Distributors, Traders and Dealers
14 Research Findings and Conclusion
15 Appendix
If you have any special requirements, please let us know and we will offer you the report as you want.
About Us:
Our marketing research reports comprise of the best market analysis along with putting the right statistical and analytical information on the markets, applications, industry analysis, market shares, technology and technology shifts, important players, and the developments in the market. If you require any specific company, then our company reports collection has countless profiles of all the key industrial companies. All these reports comprise of vital information including the company overview, the company history, the business description, the key products & services, the SWOT analysis, the crucial facts, employee details, the locations and subsidiaries to name a few.
Contact Us:
Sanjay Jain
Manager Partner Relations & International Marketing
http://www.reportsandmarkets.com
Ph: +1-352-353-0818 (US)
The post Quantum Cryptography and Encryption Market Is Expected to Boom | ID Quantique,Qrypt,Single Quantum,Post-Quantum,Crypto Quantique,CryptoNext appeared first on Agency.
What Is End-to-End Call Encryption? – UC Today
End-to-end call encryption (E2EE) is a secure communication method that prevents third parties from accessing data transferred via VoIP calls.
Most popular messaging and call service providers use this technology including Facebook, WhatsApp, and Zoom to prevent the exposure of user information. While data is transferred from one end system or device to another, the data is encrypted on the senders system or device and in motion. Only the intended endpoint can decrypt the data, with unauthorized third parties unable to listen in.
How Does End-to-end Call Encryption Work?
The technology keeps the content you share private and secure from one endpoint to another. The shared content will be unreadable if intercepted in transit. VoIP phones use digital, encrypted communication between your phone and the cellular telephone base station. Your voice is decrypted at the base station and sent over the telephone network.
End-to-end encrypted calls provide the gold standard for protecting communication.
The security behind end-to-end encryption is enabled by creating a public-private key pair. This process is also known as asymmetric cryptography, which employs separate cryptographic keys for securing and decrypting the data. Public keys encrypt the data, while private keys decrypt data. For each person that joins, individual keys are generated. The public key will be stored on a server while the private key is stored on the device.
In online communication, there is an ISP, an intermediary, or various other organizations. Their server delivers data between both parties involved in an exchange. These intermediaries cannot decrypt and eavesdrop on the data. Only recipients can decrypt data with the matching key when end-to-end call encryption is in place.
Benefits of End-to-End Call Encryption
Personal data security and sensitive information are always an issue in online communication. E2EE completely encodes data, improving the security of calling services.
It prevents unauthorized access to personal conversations. Although authorities may try to access personal or private spaces, E2EE makes it impossible because the keys to decrypt them are missing. Digital signatures can detect content manipulation during transmission or whether the recipient has authorized access.
2. It facilitates secure data exchange
A crucial advantage of end-to-end encryption is that unauthorized persons cannot access personal data. Only unidentifiable numbers and letters can be recognized if a hacker circumvents the encryption. If intercepted by hackers or service providers, private communication and other details are not easily read.
3. It maintains data integrity
Data integrity is maintained because the key system prevents unauthorized devices from gaining access. Without E2EE, outside users can gain access to a piece of data and manipulate it before it reaches the recipient. End-to-end encryption denies them this access because they do not have the necessary key to access data in transit.
4. It makes calls tamper-proof
The decryption key is not transmitted; the recipient has it already. If an encrypted data gets tampered with in transit, the recipient will not be able to decrypt or tamper with it. End-to-end encryption can help organizations protect data by making it inaccessible to those who want to tamper with information.
Example of End-to-End Call Encryption: Microsoft Teams Calling
Teams support both cell and landline calls, with built-in online meetings and audio and video calling for individuals and groups. It has a cloud-based phone system with advanced features, including call transfer, multilevel auto attendants, and a call queue. Teams secures the following features during an end-to-end encrypted call audio, video, and screen sharing content. Call participants at both ends of the Teams session must turn on the E2EE setting, and the app will secure users presence status.
Keep in mind that several advanced features are not available during end-to-end encrypted calls, such as live captions and transcription, call transfer, merge and park, call companion and transfer to another device, etc.
For end-to-end encrypted calls on Teams, an administrator must first turn on the feature, and then device users must activate the settings locally. It is also possible to configure Teams E2EE using PowerShell.
Importance of End-to-end Call Encryption for Collaboration
E2EE is designed to protect users and their privacy by default using the highest grade end-to-end encryption. End-to-end call encryption keeps communication secure by ensuring that only those in the conversation can decrypt data, even if a server or network is compromised.
As VoIP calls become increasingly important for internal and external (i.e., customer-facing) communication, maintaining data privacy is essential. Sensitive information is often shared during these exchanges, and E2EE increases stakeholder confidence in communication systems while allowing flexible information sharing from any location. For these reasons, Zoom, too, launched end-to-end encrypted phone calls in September 2021 in addition to a Bring Your Own Key (BYOK) offering that allows users to choose their encryption keys.
HelloXD ransomware bulked up with better encryption, nastier payload – The Register
Windows and Linux systems are coming under attack by new variants of the HelloXD ransomware that includes stronger encryption, improved obfuscation and an additional payload that enables threat groups to modify compromised systems, exfiltrate files and execute commands.
The new capabilities make the ransomware, first detected in November 2021 - and the developer behind it even more dangerous - according to researchers with Palo Alto Networks' Unit 42 threat intelligence group. Unit 42 said the HelloXD ransomware family is in its initial stages but it's working to track down the author.
"While the ransomware functionality is nothing new, during our research, following the lines, we found out the ransomware is most likely developed by a threat actor named x4k," the researchers wrote in a blog post.
"This threat actor is well known on various hacking forums, and seems to be of Russian origin. Unit 42 was able to uncover additional x4kactivity being linked to malicious infrastructure, and additional malware besides the initial ransomware sample, going back to 2020."
The analysts wrote that the malware author, or authors, are "now expanding into the ransomware business to capitalize on some of the gains other ransomware groups are making."
This comes as that both the ransom demands and the ransoms paid are increasing a 144 percent year-to-year increase in demanded ransom in 2021, reaching about $2.2 million, while the average ransom paid jumped 78 percent between 2020 and 2021, to $541,010 according to Unit 42's latest annual ransomware report. The incidence of stolen data being released publicly climbed 85 percent year-over-year, the report found.
The ransomware family is based on the Babuk (or Babyk) source code that was leaked on a Russian-language forum in September 2021. The group runs double extortion campaigns, exfiltrating the corporate data before encrypting it. Rather than threatening to release the files on a public leak site if the ransom isn't paid, the attackers instead directs victims to negotiate via the aTox chat service.
However, in the newer variants, the ransomware note also links to an onion domain for messaging. That said, the researchers wrote that as of now, the onion site is down, which could mean that it's currently under construction.
"The ransomware creates an ID for the victim which has to be sent to the threat actor to make it possible to identify the victim and provide a decryptor," they wrote. "The ransom note also instructs victims to download Toxand provides a Tox Chat ID to reach the threat actor. Tox is a peer-to-peer instant messaging protocol that offers end-to-end encryption."
Other ransomware groups, including those using LockBit 2.0, also use Tox Chat to communicate, they noted.
A key change to the latest version of Hello XD is the change in encryption algorithm. Unit 42 researchers wrote that they have seen two publicly available versions of HelloXD, an indication that the code is still under development. The first version uses Curve25519-Donna and a modified HC-128 algorithm to encrypt data in the files and is the least modified of the two versions from the original Babuk code.
In the most recent version dubbed by Unit 42 as HelloXD version 2 they changed the encryption algorithm, exchanging the modified HC-128 with the high-speed Rabbit symmetric cipher, also along with Curve25519-Donna. In addition, the developer changed the file marker, from a coherent string to random bytes.
"Both versions have been compiled with the same compiler (believed to be GCC 3.x and above based on the mangling of export names), resulting in very similar exports between not only the ransomware variants, but also other malware that we have linked to the potential author," the researchers wrote.
The most significant change between the two version was the introduction of the additional payload within version 2 that is a variant of the open-source MicroBackdoor and is encrypted with the WinCrypt API. The malware enables an attack to browse through the compromised file system, upload and download files and remote code execution (RCE). The malware also can remove itself from the system. The fact that the backdoor is delivered with the ransomware also is unusual.
"As the threat actor would normally have a foothold into the network prior to ransomware deployment, it raises the question of why this backdoor is part of the ransomware execution," they wrote. "One possibility is that it is used to monitor ransomed systems for blue team and incident response (IR) activity, though even in that case it is unusual to see offensive tools dropped at this point in the infection."
The researchers were able to see a hardcoded IP address that was used as the command-and-control (C2) to accelerate their hunt for the probable bad actor behind HelloXD. Through the IP address, they were able to see an email address that they linked to other domains and continued to follow the breadcrumbs through other malicious IPs, VirusTotal graphs and additional infrastructure and malware hosted on other domains, many of which used the x4k name.
The path followed through various graphs to a GitHub account, Russian-language hacking forums, other sites that referred to x4k and other aliases such as uKn0wn seen in the HelloXD samples. That was followed by the discovery of other GitHub accounts, another alias (Ivan Topor) and a YouTube account with another alias (Vanya Topor) that linked to videos in which the miscreant showed how he performed particular actions.
"The videos found gave us insight into x4koperations before moving into ransomware activity specifically," the researchers wrote. "We learned how this threat actor leverages Cobalt Strike for his operations, including how to set up Beacons as well as how to send files to compromised systems. In one of the videos, we actually observed the threat actor performing a DNS leak test on his Android phone."
The bad actor also often alluded to a "ghost" theme, similar to what the researchers saw in some earlier HelloXD ransomware samples. Most of the videos and written content are in Russian. Given that and some mistakes that he made convinced Unit 42 that the x4k is from Russia.
The rest is here:
HelloXD ransomware bulked up with better encryption, nastier payload - The Register