Category Archives: Encryption
Hacking group says it has found encryption keys needed to unlock the PS5 [Updated] – Ars Technica
Enlarge / Decrypting the PS5 kernel doesn't involve opening the hardware like this, but it still serves as a good visual metaphor for how the system is now being "exposed."
Hacking group Fail0verflow announced Sunday evening that it had obtained the encryption "root keys" for the PlayStation 5, an important first step in any effort to unlock the system and allow users to run homebrew software.
The tweeted announcement includes an image of what appears to be the PS5's decrypted firmware files, highlighting code that references the system's "secure loader." Analyzing that decrypted firmware could let Fail0verflow (or other hackers) reverse engineer the code and create custom firmware with the ability to load homebrew PS5 software (signed by those same symmetric keys to get the PS5 to recognize them as authentic).
[Update (Nov. 9): Aside from the symmetric encryption/decryption keys that have apparently been discovered, separate asymmetric keys are needed to validate any homebrew software to be seen as authentic by the system. The private portion of those authentication keys does not seem to have been uncovered yet, and probably won't be found on the system itself. Still, the symmetric keys in question should prove useful for enabling further analysis of the PS5 system software and discovering other exploits that could lead to the execution of unsigned code. Ars regrets the error.]
Extracting the PS5's system software and installing a replacement both require some sort of exploit that provides read and/or write access to the PS5's usually secure kernel. Fail0verflow's post does not detail the exploit the group used, but the tweet says the keys were "obtained from software," suggesting the group didn't need to make any modifications to the hardware itself.
Separately this weekend, well-known PlayStation hacker theFlow0 tweeted a screenshot showing a "Debug Settings" option amid the usual list of PS5 settings. As console-hacking news site Wololo explains, this debug setting was previously only seen on development hardware, where the GUI looks significantly different. But TheFlow0's tweet appears to come from the built-in sharing function of a retail PS5, suggesting he has also used an exploit to enable the internal flags that unlock the mode on standard consumer hardware.
TheFlow0 adds that he has "no plans for disclosure" of his PS5 exploit at this point. In recent years, TheFlow0 has taken part in Sony bug-bounty programs that reward the responsible disclosure of security flaws in PlayStation hardware.
It remains to be seen if and when similar exploits for the PS5 will become public and if Sony will be able to temporarily cut them off with firmware updates as it has in the past.
Read the original here:
Hacking group says it has found encryption keys needed to unlock the PS5 [Updated] - Ars Technica
Opposition Parties ‘Surprised’ by Lack of Encryption Amid Cyber Attack – VOCM
The Opposition parties say theyre surprised that the personal information accessed during the recent cyberattack was not protected by encryption software.
That was revealed during Wednesdays briefing on the attack that affects thousands of patients and staff of Eastern Health and Labrador-Grenfell Health.
Both the Tories and NDP held media briefings this morning to discuss the situation.
NDP interim leader Jim Dinn notes the simplest online transactions are safeguarded by encryption, which scrambles algorythms, making it harder to hack.
He notes online payments, for example, do have that extra layer of protection, adding hes concerned that wasnt the case here.
Meanwhile, PC interim leader David Brazil says while the province wont say which world-class experts theyre dealing with, its curious that local firm Verafin isnt among them.
He says hes surprised and disappointed that the government didnt reach out to Verafin, or at least consult them on the best immediate course of action, given their status in the world of cyber-security.
The government says anyone who registered at a hospital in the Eastern Health region in the past 14 years could be affected by the privacy breach.
It goes back nine years for anyone in the Labrador-Grenfell Health region.
Officials are urging people to check bank accounts, change passwords and consult with credit reporting agencies to ensure they have not been victimized.
The Leader of the provincial PC Party says the primary objective right now is about addressing the backlog in the provinces healthcare system.
David Brazil says the investigation into the cyber attack should be left to professionals both nationally and internationally, but with first Snowmaggeddon, then the COVID-19 pandemic, and now the cyber attack, the backlogs in healthcare must be addressed.
He says right now, the Opposition is not here to oppose in any way, shape or form.
(Brazil explains that they are there to support whatever needs to be done with the health authorities and for government. He says if they want to go back into the House of Assembly to discuss additional funds to ensure people have access to treatments like cancer and cardiovascular interventions.
He says their priority is to work with all the entities involved to make sure the healthcare system gets up and running as normal as it can.
The PC Party leader says theyll get back to politics when its time, but right now its about ensuring the people of the province are safe and have access to healthcare.
Follow this link:
Opposition Parties 'Surprised' by Lack of Encryption Amid Cyber Attack - VOCM
Everything Blockchain Announces OEM License of Its Zero Trust Data Access Platform – GlobeNewswire
Jacksonville, Florida, Nov. 15, 2021 (GLOBE NEWSWIRE) -- Everything Blockchain, Inc., (OTCMKTS: OBTX), an advanced platform architect, development and services company and software foundry, specializing in blockchain technologies, decentralized processing, and zero trust applications announced today that its subsidiary, Vengar Technologies, has entered into a perpetual OEM license agreement with Alamo City Engineering Services (ACES), a Government Service Administration (GSA) vendor, on October 26, 2021 for its Zero Trust Data Access (ZTDA) platform.
ACES will integrate our ZTDA platform into ACESs product its produces for the Department of Defense, civilian federal agencies, and state and local governments under its multiple service and supplier award contracts. Under terms of the agreement the Company is to receive a $250K non-refundable prepayment licensing fee that will be offset by the 25% licensing fee of gross revenue generated on all sales in which the ZTDA platform is included. The Company will provide engineering assistance and technical support to the ACES team.
The ZTDA platform allows users and organizations to have perpetual control of their data. Even when a user has sent or shared files to someone else, and that data is on someone else's system, access can be revoked at any time. With data protected through an end-to-end zero knowledge encryption architecture, only the creator of the data can grant permission for others to view their pictures, files, and other data. With this platform, users can:
The user experience is easy, with just a simple click within your email and messaging apps or desktop environment. The user doesn't need to understand encryption or keep track of encryption keys. Advanced patent-pending key management is integrated and self-managing.
Mr. Jennings, Everything Blockchains COO and Vengars CEO stated, Licensing agreements such as this are a key component of our go-to-market strategy. The decision to grant a perpetual OEM license to ACES in support of the Department of Defense and other government agencies stems from managements commitment to security and protection of American technology and advancements. We look forward to our continued partnership with the ACES team and are delighted to extend an unprecedented level of data protection and control to the ACES solutions and markets.
Craig Stephens, ACES Chief Executive Officer stated, The ZTDA platform is the first of its kind. When we were introduced to its capabilities, we immediately understood that this solution had to be a part of our product solutions. The data approach versus network approach to data security is phenomenal and on point. We are very excited to integrate the ZTDA platform into our solution and look forward to the many years of a successful future.
About Everything Blockchain:
Headquartered in Fleming Island, Florida, Everything Blockchain, Inc., (OTCMKTS: OBTX) is a platform developer, specializing in systems architecture, and a software foundry of blockchain technologies, decentralized processing, Internet of Things (IoT), and Zero Trust.
About Alamo City Engineering Services, Inc.
Headquartered in San Antonio, Texas, Alamo City Engineering Services specialize in Cyber Security, Comply to Connect Zero Trust as well as SAP Solutions, Program and Project Management, Compliance, Information and Communications Security, Operations and Asset Management. ACES is a Service-Disabled Veteran Owned, SBA Certified HUB Zone Small Business. ACES created the ForeScout Comply to Connect solution promoted by the Office of the Secretary of Defense. GSA SCHEDULE HOLDER: GS-35F-0598S
Forward Looking Statements
This news release contains forward-looking statements which are not purely historical and may include any statements regarding beliefs, plans, expectations or intentions regarding the future. Such forward-looking statements include, among other things, the development, costs and results of new business opportunities and words such as anticipate, seek, intend, believe, estimate, expect, project, plan, or similar phrases may be deemed forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. Actual results could differ from those projected in any forward-looking statements due to numerous factors. Such factors include, among others, the inherent uncertainties associated with new projects, the future U.S. and global economies, the impact of competition, and the Companys reliance on existing regulations regarding the use and development of blockchain and zero trust based products. These forward-looking statements are made as of the date of this news release, and we assume no obligation to update the forward-looking statements, or to update the reasons why actual results could differ from those projected in the forward-looking statements. Although we believe that any beliefs, plans, expectations and intentions contained in this press release are reasonable, there can be no assurance that any such beliefs, plans, expectations or intentions will prove to be accurate.
Visit link:
Everything Blockchain Announces OEM License of Its Zero Trust Data Access Platform - GlobeNewswire
Alexander: Turn off the more complex encryption in Windows 11 Pro – Minneapolis Star Tribune
Several readers responded to last week's column about how Windows 11 automatically encrypts PC data without telling consumers (see tinyurl.com/yv2w9fy4).
Those who responded agreed with my suggestion that readers turn off this automatic encryption, which could cause data to be lost if a PC failed with its information locked in.
For example, a repair shop would be unable to copy encrypted data from a damaged PC unless the owner knew where to find an "encryption key." Microsoft has so far done a poor job explaining the existence and location of this key.
But some readers pointed out that turning off encryption is sometimes easier said than done. That's because the two versions of Windows 11 most used by consumers Home and Pro turn off encryption differently. Last week's column explained how to turn off encryption on Windows 11 Home, but it turns out that those directions don't work for Windows 11 Pro.
Why is encryption different on the Pro and Home versions? More than 20 years ago, Microsoft began offering a form of voluntary encryption on some versions of Windows. Since then, security on the Home and Pro versions has evolved separately. Today, Windows 11 Home encrypts data using "device encryption" and Windows 11 Pro typically uses "BitLocker."BitLocker uses the more elaborate encryption method and is more complicated to turn off.
Here's how to turn off BitLocker on Windows 11 Pro: Open the Settings app (press the Windows and letter "I" keys simultaneously.) Click "System" on the left, then "Storage" on the right. Scroll to the bottom of the resulting menu and click "Advanced storage settings." In the next menu, click "Disks & volumes."
You'll then see a list of the storage "drives" on your PC. In fact, you'll see more drives than you thought you had, because a single hard drive or SSD (a chip-based substitute for a hard drive) is typically "partitioned" into separate segments that each has its own drive name. Some or all of these "drives" may be encrypted, and each will need to have its encryption turned off separately.
Check the list under each "drive" to see if it is "BitLocker encrypted." If it is, click "Properties" under the list. In the next menu, scroll to the bottom and click "Turn off BitLocker." In the next menu, find the same drive, and on the right click "Turn off BitLocker." You will get a warning message that says it may take a long time to "decrypt" the drive. Click "Turn off BitLocker" again. BitLocker will be disabled for that "drive" (which means its data won't be automatically encrypted in the future) and the drive will be unencrypted. Follow the same steps for any other encrypted "drive."
Q: I have an older HP DeskJet All-in-One printer that still works great. But the HP software that ran the printer no longer works because it was based on the now-discontinued Adobe Flash program. What can I do?
KATHLEEN KRAMER, Midlothian, Va.
A: The HP Solution Center, a management program for HP printers, was discontinued because it depended heavily on the Adobe Flash animation program that Adobe dropped earlier this year. But HP has suggested several workarounds that will allow you to keep an older printer working, such as using the Windows built-in print driver software, or downloading the free "HP Scan and Capture" app (see tinyurl.com/a3d3ccxb) (For more details, see tinyurl.com/yjx5pa8d).
E-mail tech questions to steve.j.alexander@gmail.com or write to Tech Q&A, 650 3rd Av. S., Suite #1300, Minneapolis, MN 55488. Include name, city and telephone number.
View post:
Alexander: Turn off the more complex encryption in Windows 11 Pro - Minneapolis Star Tribune
Encryption, inequality and Zero DOM: 6 pocket listing takeaways – Inman
This is the final in Inmans five-part series on pocket listings in todays market. Click here for the first installment,here for the second,here for the third, andhere for the fourth.
Pocket listings are a lightning rod.
Though the practice of withholding a listing from the broader community and only showing it to a select group of consumers has been around literally since the beginning of real estate, the last several years have seen the concept become one of the most debated in the business. On the one side, agents and (often wealthier) consumers have argued that pocket listings ensure privacy and that people should be allowed to sell their homes however they want. On the other, critics of the practice say it perpetuates segregation and hurts minority homebuyers.
The debate has prompted new industry rules, mostly notably include the Clear Cooperation Policy from the National Association of Realtors (NAR). The rule went into effect last year and was meant to crack down on the practice though the debate rages on to this day.
In recent days, Inman dove into the history of pocket listings, the reasons they remain popular, their impacts and much more. Here are the biggest takeaways from this weeks pocket listing series:
Despite the Clear Cooperation Policy, the practice is still thriving.
Perhaps most notably, a controversial new study from the Broker Resource Network (BRN) found that after Clear Cooperation went into effect network members immediately recognized an unexpected shift.
In every market reviewed across the United States, brokerages recognized double and triple digit increases in Zero Days On Market listings across firms of all sizes and business models, the report states. In one market, the increase was a whopping 844 percent.
The report goes on to note thatthe enormous increase in the number of homes selling for zero days on market indicates that there is a growth in the number of properties that are not being widely disseminated through the MLS.
Further more, data from Redfin suggested that in November of 2019 pocket listings appeared to represent 2.4 percent of the total market.
Jonathan Miller
However, by May of 2021 well after Clear Cooperation was in effect that share had actually risen to 4 percent.
In some areas, pocket listings represent an even larger share of the market. For instance, Jonathan Miller president and CEO of Miller Samuel Inc., a real estate appraisal and consulting firm told Inman that in the second quarter of this year, pocket listings appeared to represent 21.4 percent of all homes that sold in a selection of high-priced Los Angeles-area neighborhoods.
All of which is to say, the data suggests pocket listings are getting more popular, not less.
See also:
Pocket listings are still around, but the off-market landscape is evolving
Zero Days on Market: New study highlights controversial metric
One big question this raises is what is driving the popularity of pocket listings.
And the answer appears to be the market.
Russ Cofano
I think it has to do with the fact that it has been a long-standing sellers market, which has gotten even more seller-oriented over the last five or six years, Russ Cofano, a long-time industry veterancurrently serving as the CEO of Collabra Technology, recently told Inman.
The idea here is that when theres a strong sellers market, agents are able to sell homes without casting as wide a net. The market has been strong for years now, so agents are increasingly able to market their properties to a smaller group of people.
Recent apparent increases in the popularity of pocket listings have also coincided with the explosive price appreciation that took place during the coronavirus pandemic, lending further support to the thesis that pocket listings are connected to the presence of a strong sellers market.
See also:
Pocket listings are still around, but the off-market landscape is evolving
How pocket listings cast aside minority homebuyers
The market may be driving pocket listings, but that doesnt explain how agents are still using them despite Clear Cooperation and other local rules that effectively ban them.
Kate Wood
But according to sociologist and Nerdwallet mortgage and housing expert Kate Wood, the continued existence of pocket listings is in part thanks to less scrupulous agents abusing loopholes.
Something that I have heard from agents is that less scrupulous real estate agents will stretch [one business day rule] as far as possible by basically having client wait until the last minute on Friday to sign the contract, so the home is now officially for sale with that listing agent, Wood said. Then the next business day is Monday evening.
Other practices including limiting the information released to the public, for example by publishing few photos, and playing fast and loose with office exclusive policies.
See also:
How pocket listings cast aside minority homebuyers
While loopholes have allowed pocket listings to flourish even amid growing regulation, they arent solely responsible for the continue viability of the practice.
Matthew Martinez
In reality, technology is also playing a major role. For example, Matthew Martinez, a broker in the San Francisco Bay Area with Diamond Real Estate Group, told Inman in an email that he has closed nine deals so far in 2021 by networking with real estate agent and investor groups through WhatsApp and Telegram (a similar encrypted instant messaging app).
Ive helped form several groups of brokers, agents, investors and wholesale flippers on both WhatsApp and Telegram, Martinez told Inman.
A number of other brokers shared similar experiences, and the takeaway is that Facebook-owned WhatsApp which among other things enables private group chats is a powerful tool for agents doing off-market business.
See also:
How agents use encrypted apps to scout off-market listings
Bryan Greene
One of the major drivers of pocket listing regulation in recent years has been a growing recognition that the practice can sideline certain buyers and agents. Case in point, National Association of Realtors (NAR) Vice President of Policy Advocacy Bryan Greene recently told Inman pocket listings perpetuate segregation.
Pocket listings can limit opportunities for agents in all communities. An agent whos resorting to a pocket listing is choosing to narrow the market, Greene said. Regardless of your background, it narrows your market, restricts an opportunity, it provides less transparency.
See also:
How pocket listings cast aside minority homebuyers
Rene Galicia
Industry experts have indicated that there are a few different ways to tackle the issue. For example, Bright MLS Executive Vice President of Customer Advocacy Rene Galicia suggested agents themselvesbegin the self-examination process by asking a few important questions.
Holding a listing for a day for no purpose certainly makes a huge difference, he said. Ask yourself, Why am I holding it? Is this a broker decision? Is this a sellers instruction? Whose benefit is this for?
Redfin Chief Economist Daryl Fairweather also said that agents could encourage consumers who have privacy concerns to place their property in a trust, which would protect their personal information.
Daryl Fairweather
There are other ways to have that privacy, Fairweather said. But I think putting it on the MLS is really important so that at least everybody can see that the home is for sale.
On the policy front, BRNs report on homes that sell after zero days on market calls for a reevaluation of Clear Cooperation.
When policy has the opposite outcome of what is expected, the policy and the problem need to be readdressed, the report said.
Greene also said industry professionals need to educate consumers about the existence of and potential drawbacks of pocket listings so they can make more informed decisions.
I think consumers would want to advocate for listing their homes to the widest possible market, he said. I think the more people hear about the limitations of pocket listings, more people will recognize that they may be leaving money on the table.
See also:
How pocket listings cast aside minority homebuyers
Zero Days on Market: New study highlights controversial metric
Email Jim Dalrymple II
See the original post here:
Encryption, inequality and Zero DOM: 6 pocket listing takeaways - Inman
Apple Can Secretly Read Your WhatsApp MessagesThis Is How To Stop It – Forbes
Apples iPhone has broken Facebooks business model this year, stripping billions in ad revenue from the social media giant. Now it seems the iPhone can also break WhatsApps huge new security update, unless millions of you change your settings.
No other messaging service provides this level of security for your messages,WhatsApp proudly told me in September, as Mark Zuckerberg proclaimed WhatsApp the first global platform to offer end-to-end encrypted messaging and backups. Unfortunately, a fairly well-hidden setting on your iPhone might stop this working, putting all those private WhatsApp messages where Apple can read them.
Enable Encrypted Backups
WhatsApps messages have been secured by end-to-end encryption for years. The issue that Facebook fixed was the security wrapper around the messaging platforms cloud backups, hosted courtesy of Google Cloud for Android and Apple iCloud for iOS.
Until now, WhatsApps cloud backups have been outside its encryption, meaning that Apple or Google can access your chats and media. Law enforcement requests on Apple for iCloud data could return WhatsApp backups along with everything else. But by adding encryption, WhatsApp stops anyone but you from accessing your backups.
I have warned about the dangers of unencrypted backups multiple times. We figured youd be excited about this one, WhatsApps spokesperson said when they called to tell me that encrypted backups was ready and set for deployment. And now its here. The only problem is the way Apple sets up its iPhone could spoil the party.
The issue is the iCloud backup itselfthe general iPhone backup that you can use to restore your settings, home screen, app installs and data thats only on your phone. Your iCloud backup isn't end-to-end encrypted, Apple holds the key to all that data.
Zuckerberg has attacked iMessage in the past for security weaknesses relating to this iCloud backup. iMessage stores non-end-to-end encrypted backups of your messages by default unless you disable iCloud, he has warned. Apple and governments have the ability to access most people's messages. So, when it comes to what matters mostprotecting people's messages, I think that WhatsApp is clearly superior.
What iCloud actually stores in its backup is a copy of iMessages end-to-end encryption keysnot the messages. Zuckerberg got his facts muddled. The net effect is the same, though. Apple can retrieve the key and access messages. This renders iMessages rock solid encryption fairly pointless unless you disable that backup setting.
Ironically, that same issue has now hit WhatsApp. If you have an iPhone and dont change your iCloud backup options when you enable WhatsApps encrypted backups, the platform warns, an unencrypted version of your [WhatsApp] chat history is also backed up to iCloud. Which also renders WhatsApps encryption fairly pointless.
WhatsApps encrypted backup solution is technically clever, storing encryption keys on third-party servers protected by user-generated passwords, all outside WhatsApps (and Apples and Googles) reach, all of which is rendered useless if you dont delve into your iPhone settings. We recommend disabling iCloud backup when you set up end-to-end encrypted backup in WhatsApp, the platform says.
iCloud Backup Warning
Unlike iMessage, you dont need to disable iCloud backup completely, and so its much better. But you do need to enter your iCloud settings where the app-by-app toggles can be found, and disable WhatsApp in that list. Until you do that, iMessage and WhatsApp will have exactly the same iCloud compromise.
The iMessage/iCloud backup risk has never generated the headlines it warranted. But now every iPhone user enabling WhatsApps backup encryption will see the warning. What they need to realize is that theyre running this same risk with iMessage, without any toggle option. Hopefully this will force Apples hand to finally address the issue.
If youre an iMessage user, you can make it fully secure by disabling the general iCloud backup. iClouds general backup is less critical than it was in the past, given that so many of our apps and services sync continually to the cloud. If you want to secure your WhatsApp backup, so long as you have turned encrypted backups on, you can just toggle off WhatsApp within iCloud as you can see in the graphic below.
Secure backup settings
The idea of a general iCloud backup needs to be rethought. WhatsApp users shouldnt need to search that setting, iMessage needs a more secure setup. Apples security loopholes have been headline news this year, with Pegasus, client side scanning and various zero-days escaping patching. This issue is much easier to fix.
As I reported last week, Apple isnt always as much a bastion of your privacy as it makes out. Its refusal to RCS-enable iMessage, offering secure stock messaging between iOS and Android for the first time, is a good example of this. Thisironically againis helping WhatsApp maintain its market lead.
WhatsApp is the big winner when it comes to iMessage versus Google Messages. Its ridiculous that theres no stock messenger option that works securely across Android and iOS, that users need to opt for an over the top like WhatsApp or rely on SMS, a platform with pitiful security. Apple has chosen not to onboard the industry standard RCS, essentially SMS V2, because it would loosen the stickiness of iMessage. This is not in the interests of users, and it means that WhatsApp remains the better option.
As for this iCloud backup issue, although it appears to be an iCloud issue that WhatsApp cannot fix, in reality it could find a way to run backups without relying on iCloud and so prevent there being any risk. Signal has done exactly that, assuring that an iTunes or iCloud backup does not contain any of your Signal message history.
Meanwhile, make sure you enable WhatsApps encrypted backup option when it reaches your phone, dont lose your password, and go into those iCloud settings and toggle off WhatsApp. With all that done, Zuckerberg is right, WhatsApp leads the way for hyper-scale messaging platforms. His issue, though, is that WhatsApps privacy-preserving approach is moving ever further away from his other Facebook/Meta platforms. The case for its independence from Facebook has never been stronger.
Link:
Apple Can Secretly Read Your WhatsApp MessagesThis Is How To Stop It - Forbes
The double-edged sword of encryption – TechRadar
Eighty-five per cent of all web traffic is now encrypted, according to FortiGuard Labs. Yet, this pervasive use of encryption to secure apps and network traffic is a double-edged sword. Undoubtedly, its vital in helping IT to protect their organizations' most critical asset data as it makes it unreadable to all but the intended parties.
About the author
Vince Berk is CTO & Chief Security Architect at Riverbed.
However, it can conversely be used by hackers to exfiltrate data unseen or to conceal malware delivery. It may seem counter-intuitive, but the ubiquitous use of encryption, may therefore also erode your security posture. Without taking mitigating steps, the loss of visibility over the network therefore increases the risk of malicious activity going undetected. It also reduces ITs ability to monitor and optimize performance on a per-app or per-user basis. Luckily, visibility and control can both be regained with the right technological investments.
Ahead of exploring this, its important to understand the extent of the data security benefits encryption provides, which make adoption essential despite visibility challenges.
Strong data cybersecurity is crucial for ensuring business confidentiality and integrity. Without it, organizations are unable to maintain uninterrupted business operations, avoid reputational damage, ensure compliance with legal and industry regulations, and reduce financial costs.
Perimeter security solutions can help protect data by making it more challenging for bad actors to access sensitive information. However, if the perimeter is breached, the data will be visible to the hacker if not encoded. Whats more, perimeter solutions cant protect information whilst its in transit. Amongst other factors, this is what has driven the almost universal use of encryption.
In contrast, encryption protects data in all states and has become the de-facto standard. This is essential as data tends to be at its most vulnerable when being moved between locations. Without encryption, cybercriminals can simply capture network traffic as they see it fly by on the wire. Whereas, encoding the information creates a wormhole between endpoints with everything in the middle unfindable and untouchable.
In other words, sending encrypted traffic is akin to posting a letter rather than a postcard. If we choose to send a letter or encrypted communication the content is only readable by the intended recipient. Conversely with a postcard unencrypted data everyone who encounters it on its journey from sender to recipient can read it.
Encryption therefore provides peace of mind for organizations. However, the same qualities that make it a strong security asset can also make it a dangerous subversion tool in the hands of hackers.
Encryption is increasingly being used by hackers to disguise data exfiltration. This is because if they attempted to remove sensitive information such as credit card numbers or passwords via an unencrypted channel it would be picked up by the companies security sensors. Whereas, if they pass it through an encrypted tunnel the alarm wont be raised as IT wont have visibility over the contents.
This lack of visibility creates additional challenges in the performance realm as well, as even for the authorized movement of data by employees, the business can see only the opaque transfer of information but not critical performance metrics. And without insight into protocol level metrics of how smoothly the data is moving, or not moving, IT teams cant identify and resolve problems.
As the drawbacks of encryption center around visibility, companies need to focus on attaining the same level of visibility and performance management over encrypted applications and network traffic that theyve historically had for un-encrypted traffic. This is possible by investing in IT designed to provide enhanced insight into encrypted network traffic.
Solutions of this type offer numerous benefits. Firstly, they empower operators to see if an application or network performance is slow and needs optimizing to maintain user productivity. Secondly, they give them the ability to track, report, and validate the integrity of SSL/TLS certificates. This is a fundamental process for guaranteeing that critical encryption technology is properly deployed and are up-to-date, so that key data is not exposed to malicious actors. It also means IT teams can pick out anomalous activity such as an expired certificate being used, or unusual or weak cyphers which may indicate a hackers presence. Furthermore, an awareness of the existence of encrypted channels can be powerful in itself. Although operators cant see the content, they can dig in at either side to establish why the channel exists and if it may be for nefarious reasons.
Theres no denying that encryption offers invaluable privacy benefits by controlling the visibility of data. However, this also makes it harder to evaluate network and application performance, not to mention spot data exfiltration. As such, it is paramount for companies to adopt solutions focused on regaining visibility. With these tools in place, organizations can reap the benefits encoding provides, while mitigating against risks, to maintain strong company performance at a critical stage in the business environment.
Go here to see the original:
The double-edged sword of encryption - TechRadar
An Open Letter to City Council and the City Manager on Police Encryption. Category: Public Comment from The Berkeley Daily Planet – Berkeley Daily…
We, the undersigned, are writing to express our concern about the recent decision by the Berkeley City Council, the City Manager, and the Berkeley Police Department to use encrypted public safety radio devices in Berkeley.
It is our understanding that the City of Berkeley selected the company, Motorola Solution, to provide encrypted public safety radio devices for two reasons: 1) there is no alternative radio device to share communications with neighboring police units, and 2) the company would provide a discount to this city. We now understand that these reasons are false.
The contract was given to Motorola in a no-bid process, against city regulations, and cheaper radio equipment from JVCKenwood would serve just as well with Motorola and with other neighboring systems. It seems the city council committed money to Motorola for their system upgrade, a cost which has gone from $4.2 Million to its present $6.5 million.
Under our municipal regulations, the City of Berkeley is required to conduct a competitive bid process so radio device providers have an equitable opportunity to bid for the contract. At the same time, the competitive bid process also provides the public with an understanding about the nature of proposed changes to its public safety radio device system and its intention to use municipal taxpayer funds to cover the costs. Instead, the City of Berkeley circumvented the competitive bid process and any public discussion about making a fundamental change to our public safety communications for people who live or come to Berkeley.
The city council had also voted to not do any business with any company that works with ICE, but that is exactly what Motorola does! So Berkeley is in violation of its own principles of human rights.
The reason this has suddenly become an issue is that California state government ordained that police radio communications be encrypted to restrict the public from access to confidential information about police officers (under the so-called patrolpersons bill of rights (PBOR)). But this is a requirement that the BPD already satisfies, since it uses "Signal" and other encryption software. In other words, Berkeleys decision, fallaciously in response to the state, is in bad faith.
The competitive bid process provides the public with information about the nature of proposed changes to its public safety radio device system and its intention to use municipal taxpayer funds to cover the costs. The City of Berkeley is required to conduct a competitive bid process so radio device providers have an equitable opportunity to bid for the contract. Berkeley circumvented the competitive bid process, and any public discussion about making a fundamental change to our public safety communications for people who live or come to Berkeley.
The primary reason for which persons interest themselves in those operations is to become watchers, witnesses, and a de-escalating presence to how police deal with certain people in particular, very diverse people, including those with mental health and substance use issues, low income people, people of color, those who are unhoused, and people with multiple identities and conditions.
Often police criminalize a person who has simply called for assistance by giving an arbitrary or unneeded command, which the subject refuses, and is then arrested for disobedience, often with violence.
h2. Radio encryption will have the consequence of making it impossible for Berkeley Copwatch to serve as public accountability for the Berkeley Police Department. Copwatch was formed 30 years ago when police brutality, arbitrary arrest, and racially biased practices were on the rise. Copwatch offered civilian participation in policing matters, and aspired to develop greater social trust in the police. That trust could be grounded in public observation, and thus the knowledge that the police were an agency that had civilian interests at heart. Ordinary people needed to be assured that black and brown people were not treated as an assumed enemy.
3. The third consequence of encryption would be the loss of the medias capacity to collect information and be present. Radio encryption insulates the police from the people who they are to serve. It will thus hinder the entire project of representation by excluding resident access to information on the function of government. Police will be in control of information needed by the people for their own participation in government. Any move by a government agency to exclude the people is anti-democratic.
We want openness in communication, cooperation in governance, respect across the different functions and structures of our daily lives. As we move forward to reimagining public safety in our Berkeley community, it is critical that we move forward with meaningful change.
1. Open communications allows us to address individual and structural policing harms that disparately impact Black, Latinx, Native American, Asian American, Pacific Islander, LGBTQIA+, unhoused people, people with low income, people with disabilities (mental health, substance use, physical). We have egregious policing harms from traffic stops, and accountability for call taking operations, dispatch, and response in the community is key to solving them and ensuring they do not continue.
2. Open public safety communications for call taking, dispatch, and responding to people in the community allows us observe and witness with the aim to diminish overall risks of injury and death from police aggression and violence and how calls are diverted from police to non-police crisis response and other alternative programs to policing particularly in the future.
3. Open communication improves public safety when people can observe and witness how police by themselves or co-responding with the mobile crisis unit, respond to people experiencing mental illness and/or substance use problems in the community. They can see if first responders are focused on trauma-informed de-escalation and harm reduction, and if they are able to coordinate for appropriate levels of care, including transport to the next destination.
4. Open communication further improves public safety when people can observe and witness if law enforcement is responding to non-criminal events in the community that could be answered by alternatives to policing, including for first aid and non-emergency medical care, housing assistance, resource connection and referrals and if they are using culturally safe and responsive practices to serve diverse individuals in the community.
The residents of the city of Berkeley voted overwhelmingly for Measure ii. Its intent was to bring greater attention, and help to people caught in webs of trouble and to make sure that they will be treated with respect. Encryption does the opposite by putting behavior back into the shadows.
References:
https://www.dailycal.org/2021/10/12/berkeleys-contract-with-motorola-solutions-was rushed-lacked-transparency/
https://www.dailycal.org/2021/10/04/an-artificial-crisis-city-council-to-vote-on-sanctuary waiver-for-motorola/
https://www.vice.com/en/article/vb5ab4/motorola-solutions-works-with-ice-cbp
Karl Knobler
Rivka Polatnik
Edward Olson
Margaret Fine
Steve Martinot
RCJR [Racial and Criminal Justice Reform]
Lynn Cooper
Negeene Mosaed
[Please sign and distribute if you agree.]
WhatsApp to alert users with new security code. Read why – Mint
The instant messaging app, WhatsApp, is planning to alert users about the security code changes if a user re-registers itself on a new smartphone. End-to-end encrypted chats between you and one other person have their own security code used to verify that the calls and the messages you send to that chat are end-to-end encrypted. This code can be found in the contact info screen, both as a QR code and a 60-digit number.
These codes are unique to each chat and can be compared between people in each chat to verify that the messages you send to the chat are end-to-end encrypted. Security codes are just visible versions of the special key shared between you - and don't worry, it's not the actual key itself, that's always kept secret.
At times, the security codes used in end-to-end encryption might change. This can happen because you or your contact reinstalled WhatsApp or changed phones.
To receive notifications when security codes change:
Open WhatsApp Settings.
Tap Account > Security.
From here, you can enable security notifications by tapping Show Security Notifications.
This feature is only available for a contact in an end-to-end encrypted chat.
The news was also confirmed by the tracker, WABetainfo on its Twitter page.
Subscribe to Mint Newsletters
* Enter a valid email
* Thank you for subscribing to our newsletter.
Never miss a story! Stay connected and informed with Mint. Download our App Now!!
More:
WhatsApp to alert users with new security code. Read why - Mint
PSD2 & Open Banking Biometric Authentication Market Research Report by Function, by End Users, by Region – Global Forecast to 2026 – Cumulative…
PSD2 & Open Banking Biometric Authentication Market Research Report by Function (Authentication & Authorization, Content Based Attacks Detection, and Data Encryption), by End Users (Banks, Customers, and Marchants), by Region (Americas, Asia-Pacific, and Europe, Middle East & Africa) - Global Forecast to 2026 - Cumulative Impact of COVID-19
New York, Nov. 08, 2021 (GLOBE NEWSWIRE) -- Reportlinker.com announces the release of the report "PSD2 & Open Banking Biometric Authentication Market Research Report by Function, by End Users, by Region - Global Forecast to 2026 - Cumulative Impact of COVID-19" - https://www.reportlinker.com/p06178419/?utm_source=GNW
The Global PSD2 & Open Banking Biometric Authentication Market size was estimated at USD 4,189.68 million in 2020 and expected to reach USD 4,598.17 million in 2021, at a CAGR 10.08% to reach USD 7,458.13 million by 2026.
Market Statistics:The report provides market sizing and forecast across five major currencies - USD, EUR GBP, JPY, and AUD. It helps organization leaders make better decisions when currency exchange data is readily available. In this report, the years 2018 and 2019 are considered historical years, 2020 as the base year, 2021 as the estimated year, and years from 2022 to 2026 are considered the forecast period.
Market Segmentation & Coverage:This research report categorizes the PSD2 & Open Banking Biometric Authentication to forecast the revenues and analyze the trends in each of the following sub-markets:
Based on Function, the market was studied across Authentication & Authorization, Content Based Attacks Detection, Data Encryption, Identity Tracking, Message Validation, and Traffic Management.
Based on End Users, the market was studied across Banks, Customers, Marchants, and Payment Service Provider.
Based on Region, the market was studied across Americas, Asia-Pacific, and Europe, Middle East & Africa. The Americas is further studied across Argentina, Brazil, Canada, Mexico, and United States. The United States is further studied across California, Florida, Illinois, New York, Ohio, Pennsylvania, and Texas. The Asia-Pacific is further studied across Australia, China, India, Indonesia, Japan, Malaysia, Philippines, Singapore, South Korea, Taiwan, and Thailand. The Europe, Middle East & Africa is further studied across France, Germany, Italy, Netherlands, Qatar, Russia, Saudi Arabia, South Africa, Spain, United Arab Emirates, and United Kingdom.
Cumulative Impact of COVID-19:COVID-19 is an incomparable global public health emergency that has affected almost every industry, and the long-term effects are projected to impact the industry growth during the forecast period. Our ongoing research amplifies our research framework to ensure the inclusion of underlying COVID-19 issues and potential paths forward. The report delivers insights on COVID-19 considering the changes in consumer behavior and demand, purchasing patterns, re-routing of the supply chain, dynamics of current market forces, and the significant interventions of governments. The updated study provides insights, analysis, estimations, and forecasts, considering the COVID-19 impact on the market.
Competitive Strategic Window:The Competitive Strategic Window analyses the competitive landscape in terms of markets, applications, and geographies to help the vendor define an alignment or fit between their capabilities and opportunities for future growth prospects. It describes the optimal or favorable fit for the vendors to adopt successive merger and acquisition strategies, geography expansion, research & development, and new product introduction strategies to execute further business expansion and growth during a forecast period.
FPNV Positioning Matrix:The FPNV Positioning Matrix evaluates and categorizes the vendors in the PSD2 & Open Banking Biometric Authentication Market based on Business Strategy (Business Growth, Industry Coverage, Financial Viability, and Channel Support) and Product Satisfaction (Value for Money, Ease of Use, Product Features, and Customer Support) that aids businesses in better decision making and understanding the competitive landscape.
Market Share Analysis:The Market Share Analysis offers the analysis of vendors considering their contribution to the overall market. It provides the idea of its revenue generation into the overall market compared to other vendors in the space. It provides insights into how vendors are performing in terms of revenue generation and customer base compared to others. Knowing market share offers an idea of the size and competitiveness of the vendors for the base year. It reveals the market characteristics in terms of accumulation, fragmentation, dominance, and amalgamation traits.
Competitive Scenario:The Competitive Scenario provides an outlook analysis of the various business growth strategies adopted by the vendors. The news covered in this section deliver valuable thoughts at the different stage while keeping up-to-date with the business and engage stakeholders in the economic debate. The competitive scenario represents press releases or news of the companies categorized into Merger & Acquisition, Agreement, Collaboration, & Partnership, New Product Launch & Enhancement, Investment & Funding, and Award, Recognition, & Expansion. All the news collected help vendor to understand the gaps in the marketplace and competitors strength and weakness thereby, providing insights to enhance product and service.
Company Usability Profiles:The report profoundly explores the recent significant developments by the leading vendors and innovation profiles in the Global PSD2 & Open Banking Biometric Authentication Market, including 3M Cogent, Accenture, Inc., Agnitio SL, Aldermore, Alibaba, Apple, BehavioSec, CardinalCommerce, ClearBank, Danal, Diamond Fortress Technologies, Enfuce Financial Services Ltd, Fulcrum Biometrics, Gemalto, iProov, Iritech, Inc., Mastercard, Metro Bank, Monzo, Nok Nok Labs, NXT-ID, OakNorth, Okta, Inc., PulseWallet, Samsung, SayPay, Sign2Pay, Thales SA, The FIDO Alliance, Virgin Money, and VoiceVault.
The report provides insights on the following pointers:1. Market Penetration: Provides comprehensive information on the market offered by the key players2. Market Development: Provides in-depth information about lucrative emerging markets and analyze penetration across mature segments of the markets3. Market Diversification: Provides detailed information about new product launches, untapped geographies, recent developments, and investments4. Competitive Assessment & Intelligence: Provides an exhaustive assessment of market shares, strategies, products, certification, regulatory approvals, patent landscape, and manufacturing capabilities of the leading players5. Product Development & Innovation: Provides intelligent insights on future technologies, R&D activities, and breakthrough product developments
The report answers questions such as:1. What is the market size and forecast of the Global PSD2 & Open Banking Biometric Authentication Market?2. What are the inhibiting factors and impact of COVID-19 shaping the Global PSD2 & Open Banking Biometric Authentication Market during the forecast period?3. Which are the products/segments/applications/areas to invest in over the forecast period in the Global PSD2 & Open Banking Biometric Authentication Market?4. What is the competitive strategic window for opportunities in the Global PSD2 & Open Banking Biometric Authentication Market?5. What are the technology trends and regulatory frameworks in the Global PSD2 & Open Banking Biometric Authentication Market?6. What is the market share of the leading vendors in the Global PSD2 & Open Banking Biometric Authentication Market?7. What modes and strategic moves are considered suitable for entering the Global PSD2 & Open Banking Biometric Authentication Market?Read the full report: https://www.reportlinker.com/p06178419/?utm_source=GNW
About ReportlinkerReportLinker is an award-winning market research solution. Reportlinker finds and organizes the latest industry data so you get all the market research you need - instantly, in one place.
__________________________
Story continues