Category Archives: Internet Security
Thank God for the Web!
And, I dont know how I would have coped without seeing my friends and family on Zoom.
Or, How did they possibly manage back in 1918 (during the last equivalent pandemic) without the Internet?
Weve all heard widespread sentiments like this for weeks now, and even as countries begin to end the lockdowns and open more community businesses, large numbers of people plan to continue working from home for months, or until a vaccine is available, or perhaps even forever.
There is no doubt that our connected virtual world has come to the rescue and enabled constant global communication at a level that would have been impossible at the beginning of this millennium. Internet service providers (ISPs), telecommunications and technology companies and many others have offered free services, new apps, expanded coverage and increased speeds to enable enhanced virtual lives for millions of people around the world.
In fact, according the Pew Research Center, 53 percent of Americans say the Internet has been essential during the COVID-19 outbreak, and another 34 percent say it is important but not essential. The list of digital new normal opportunities is, without a doubt, remarkable.
Nevertheless, there is a now a rapidly growing body of evidence suggesting that COVID-19 isnt just making people catch a virus. This pandemic appears to be making the Internet explode with viruses and more "dark side" troubles with potential impacts that will reshape the future of cyberspace far after we can finally get our hair cut again or eat out at a restaurant again with friends.
And sadly, despite the fact that an effective vaccine now seems highly probable within a year, there will be no simple cure to fix the Internets woes.
Cyber Details Please
Back at the end of March, I articulated why many experts felt that the rapid move to working from home during this pandemic was laying the groundwork for a surge in data breaches. From COVID-19-related phishing attacks to unsecured home Wi-Fi networks to the use of personally owned computer equipment that is not secure, the potential for bad actors to access sensitive business data has grown rapidly as people moved very quickly to working from home.
In the past two months, there have been numerous headlines articulating more scary details on this online hacking trend. In addition, several more recent announcements related to Internet fraud and data breaches have surfaced. For example:
This brief video from CNBC explains these cyber trends in detail.
Will COVID-19 Tech Issues Bring a Cyber Pearl Harbor?
But taking this thread a big further, Steven McBride grabbed the attention of Forbes Magazine readers a few weeks ago with the article titled: "Why The Largest Cyberattack In History Could Happen Within Six Months."
Heres an excerpt: The coronavirus is laying the groundwork for a massive cyberattack. In fact,Im on record today saying well see the largest cyberattack in HISTORY within the next six months.
So hundreds of millions of folks are using personal laptopson unsecured home internet connectionsto access work files. Many of which likely contain confidential information and personal data.
This is a dream come true for cyber criminals. Hackers only need to gain access through one entry point to seize control of a whole network. Once theyre in they can steal data, secrets, and even lock you out of the network.
Hackers broke into the networks of Americas largest defense contractor, Lockheed Martin, by targeting remote workers. If they can infiltrate this system, you best believe remote workers with little security are easy pickings.
I highlight this article now because when I posted it on LinkedIn with my personal perspectives, I received hundreds of comments and reactions from global security and technology experts. Some thought the article was just over-hyped FUD, but most people thought that the online cyber challenges were indeed growing during the pandemic and making the Internet much less safe while opening up more Internet vulnerabilities and security holes.
Here is a small sample of some of the responses I received on LinkedIn regarding the Forbes article post:
Corey Munson: PC Matic just launched a security survey of those working from home. The first 3,500 responses have been frightening. (Results will be out next week). The rapid mass migration to WFH & BYOD 'gone wild' has left massive security holes. How those risks are addressed now will determine what happens in the next 6 months.
William Tucker: Makes sense. I specifically use my extra personal computer for anything outside of work or researching something. Even though my work computer is a personal computer too, I don't do online stuff through it, unless it's in the "work" work stream.... Even there we are limited according to our roles....separation of powers/privileges and workstation mapping.
Caston Thomas: Theres no way to predict the severity of a future attack. Complete fake news, equivalent to the crazy dude standing on a New York street corner screaming The end is near. Could it happen? Of course.
Richard Stiennon: I understand your heated response Caston. That said, I did hear an interesting observation from a friend in Canada. There is no question that attack surfaces have been extended out to the home. Also that activity is heightened. If the average dwell time to discover a breach is 270 days, that means that starting 6 months from now we *will* learn of some breaches. Predicting the biggest in history is more of a stretch.
Security Solutions for the Pandemic, Please
I participated in a webinar this past week that was run by Government Technology magazine and Governing magazine titled: "Cybersecurity at the Edge: Rethinking Security Strategy to Support the New Work From Home Normal." This important session (available for free viewing with registration) included:
The webinar covered current hot technology trends in governments around the world. While there has been a huge positive movement towards working from home (WFH), which has been successful in the public and private sectors, there has also been a surge in online fraud and hacking that is just now becoming clear with more announcements likely in the coming months (or even years). Many detailed figures can be found in this Kaspersky Research report.
During the webinar, I offered these excellent resources for organizations that want to improve their business and government cybersecurity during this time of emergency:
One bright spot that I have seen arise in the past few months has been the recognition that organizations need more cybersecurity spending following these new coronavirus concerns. Almost 70 percent of the global organizations surveyed plan to increase their cyber spending in the coming months.
With coronavirus crisis creating new opportunities for cybercriminals, this figure could easily increase by the end of the year. Besides boosting their cybersecurity spending, as the top IT priority this year, around 55% of major organizations will boost their investments in automation solutions, revealed HFS Research survey conducted in April. Smart analytics, hybrid or multi-cloud and artificial intelligence follow, with 53%, 49% and 46% of those bodies asked naming them as their leading IT investments this year.
Whether a major, debilitating cyberattack is coming is debatable. Some will say the Internet was already sick, while admitting that the coronavirus is making cyberspace less safe by exposing weaknesses that were already present. Is that so different than a lack of a sufficient national stockpile of personal protective equipment (PPE)?
No doubt, the importance of cybersecurity has only grown during this pandemic. As the paperless office is becoming closer to reality by necessity, and business transformations and digital government keep growing faster than ever, cyberprotections are also more vital than ever but too often neglected.
So while the Internet is alive and more important than ever to our lives in 2020, COVID-19 is bringing about a cyberpandemic that will linger long after a vaccine or cure is found for this disease.
Here is the original post:
Is COVID-19 Making the Internet Sick? - Government Technology
Those familiar with chocolate will recognize it in many flavors, from milk to extra dark, and in many forms, from syrup to bunny. But recently, Samy Kamkar debuted his take on this age-old treat: iridescent chocolate that glimmers like a rainbow.
The shimmery sweet looks like something out of Willy Wonkas universebut this one comes with no side effects, as Devi Lockwood reports for the New York Times. Its surface has lots of miniscule grooves that diffract light like a prism, giving the chocolates surface that mesmerizing sheen, Kamkar explains.
Kamkar founded the internet security company Openpath and likes to tinker with his food in his spare time, he says. Anyone can do this at home, he tells the Times. Theres no coating. Theres no special ingredient. Its the surface texture of the chocolate itself thats producing it.
Anyone who has a 3-D printer, that is. To make the chocolate, Kamkar created a mushroom-shaped mold with multiple ridges micrometers apart. He tempered the chocolate, poured it into the mold and then put it in a vacuum chamber to prevent air bubbles on the surface. (He chose a mushroom shape because theyre magical, he tells the Times.)
As Marnie Shure reports for the Takeout, Kamkar posted a video of his creation to Twitter on May 9, where users were fascinated with his success.
As Renusha Indralingam explained in Yale Scientific in 2013, iridescence occurs when an objects physical structure causes light waves to combine with one another, a phenomenon known as interference. In the natural world, hummingbirds, beetles, butterflies, peacocks and many other living organisms exhibit iridescent traits, which they can use to choose and attract mates or evade predators, Indralingam wrote.
Kamkars idea isnt new. In December, researchers at ETH Zurich and the University of Applied Sciences and Arts Northwestern Switzerland announced that they had filed a patent for the process of making shimmery, iridescent chocolate without additives, per a statement. The scientists said they were in talks with major chocolate producers about scaling up their discovery for commercial use.
Patrick Rhs, a scientist involved in that project, tells the Times that one of the biggest problems they face will be convincing consumers that the chocolate is safe to eat, reflective surface and all. Maybe the surface is actually too shiny.  People think that there is a plastic foil on top, which is not the case, he says.
Like this article?SIGN UP for our newsletter
Go here to see the original:
Thanks to Physics, This Chocolate Is Iridescentand Safe to Eat - Smithsonian.com
Bug bountyplatform HackerOne announced today that it has paid out $100,000,000 in rewards to white-hat hackers around the world as of May 26, 2020.
Since it started delivering vulnerability reports to its customers, HackerOne bug bounty hunters havefound roughly 170,000 security vulnerabilities according to the company's CEOMrten Mickos.
Over 700,000 ethical hackersare no using the bug bounty platform to get paid for security bugs in the productsof more than 1,900 HackerOnecustomers.
"It is impossible to know exactly how many cyber breaches have thereby been averted but we can estimate that it is thousands or perhaps over ten thousand," Mickos said.
"With the average cost of breach somewhere around $8 million, the savings are in the tens of billions."
As seen in the chart below, the total amount of rewards paid to hackers grew from $10 million between 2014 and 2016, to $30 million between 2017 and 2019, and reached $50 million between Q2 2019 and Q2 2020.
12% of hackers using HackerOne to report security vulnerabilitiesmake over $20,000 each year only from bug bounties, while 1,1% will get rewards worth more than$350,000 annually and 3% being paid over $100,000 per year.
"[I]ttook five years to get to $20 Million in bounties paid, a figure we reached in Q3 2017 (see chart)," HackerOne says.
"Since then, things have really taken off, with the next $80 Million taking only three years. We recently had our best week ever $2.4 Million in bounties paid in just six days."
According toa survey of 1,700 bug bounty hunters enrolled on HackerOne's platform from two years ago, tophackers will earn on average 2.7 times more money in rewards than a software engineer's average salary in the same country.
In August 2019 HackerOne also announced that eight of the hackers using its platforms have become millionaires, with19-year-old Santiago Lopez(@try_to_hack) being the first one to go over $1 million in earningsin March 2019.
"Now, Mark Litchfield (@mlitchfield) from the U.K., Nathaniel Wakelam (@nnwakelam) from Australia, FransRosen (@fransrosen) from Sweden, Ron Chan (@ngalog) from Hong Kong, and Tommy DeVoss (@dawgyg) from the U.S. joined the $1M hacker ranks by hacking for improved internet security," HackerOne said at the time.
Cosmin (@inhibitor181) from Germany and Eric (@todayisnew) are the seventh and eight HackerOne millionaires announced earlier this year, on February 24th and February 24th, respectively.
"As a result of their creativity and tenacity, we predict hackers will have earned $1 billion in bug bounties within five years, protecting companies and governments alike from persistent and ephemeral threats," the company's CEO added.
Update: Added info on @inhibitor181 and@todayisnew.
A STUDY by Internet security firm Kaspersky showed the majority of consumers in the Asia-Pacific region are now concerned about their privacy online, but many of them are still willing to sacrifice their private data in exchange for a free service.
Kaspersky said 40% of the consumers it surveyed in the region claimed they had experienced their accounts being accessed by someone without consent, while 39% reported illegal takeover of devices.
It also said 31% reported about confidential data being stolen and used, while 20% confirmed their private information had been accessed and publicly divulged without their permission.
Kaspersky also found out that more than one-fifth of the users are still willing to sacrifice their privacy to gain a product or a service for free.
It said 24% of the users let their guards down by sharing social media account details for funny quizzes.
Moreover, 2-in-10 of consumers surveyed also admitted they need some help to learn how to protect their privacy online, Kaspersky added.
Stephan Neumeier, managing director for Asia Pacific at Kaspersky, was quoted as saying: Our data on hand suggests a complex online behavior within our region. It is a welcome progress that majority of consumers are now concerned about their online privacy but their virtual habits and security know-how must undergo an overhaul.
With the current remote working situation in the majority of the countries in the Asia-Pacific region, digital privacy should be a concern for both personal users and enterprises. Our corporate networks have reached the comfort of our homes, in turn increasing cybercriminals surface of attack. Its definitely high time to improve cyber hygiene for both our personal and professional reputation and peace of mind, he added.
As for the consequences of a privacy breach, 39% of Kasperskys respondents said they were disturbed by spam and advertisements.
Some 33% said they were stressed, while 24% reported their personal reputation was damaged.
Cybercriminals tend to follow chaos. Whenever there is a major trend or a crisis, they will use it as a perfect opportunity to exploit the heightened human emotions which make users more vulnerable. To protect yourself during this critical time, it is important to be careful about the personal particulars you share online and to understand how these data will be used. Revisit your privacy settings and tweak them accordingly. The internet is a place of opportunities and anyone can benefit from it as long as we know how to intelligently manage our data and our online habits, Mr. Neumeier explained.
Kaspersky said private data leak can be avoided if users can identify potentially dangerous or questionable requests made by an application, and understand the risks associated with different types of common permissions.
Kaspersky said it offers Security Cloud, which incorporates a Do Not Track feature to prevent the loading of tracking elements that monitor users actions on websites and collect information about them.
For businesses, teach employees about the basics of cybersecurity. For example, not opening or storing files from unknown e-mails or websites as they could be harmful to the whole company, or to not use any personal details in their passwords. In order to ensure passwords are strong, staff shouldnt use their name, birthday, street address and other personal information, it added.
The company said the study, which involved 3,012 respondents from countries in the Asia-Pacific region, was conducted between January and February 2020. Arjay L. Balinbin
Well break down the two main types of encryption symmetric and asymmetric before diving into the list of the 5 most commonly used encryption algorithms to simplify them like never before
Often blamed for hiding terrorist activities by political entities, encryption is one of those cyber security topics thats always in the headlines. Anyone who has a decent understanding of the different types of encryption may feel like a kind of injustice is being done to this remarkable technology thats at the heart of internet security and privacy. Encryption is a method of converting data into an undecipherable format so that only the authorized parties can access the information.
Cryptographic keys, in conjunction with encryption algorithms, are what makes the encryption process possible. And, based on the way these keys are applied, there are mainly two types of encryption methods that are predominantly used: symmetric encryption and asymmetric encryption. Both of these methods use different mathematical algorithms (i.e., those encryption algorithms we mentioned moments ago) to scramble the data. This list of common encryption algorithms includes RSA, ECC, 3DES, AES, etc.
In this article, well learn about symmetric & asymmetric encryption and their prevailing encryption algorithms that are used to encrypt data.
Lets hash it out.
The symmetric encryption method, as the name implies, uses a single cryptographic key to encrypt and decrypt data. The use of a single key for both operations makes it a straightforward process, and hence its called symmetric. Heres a visual breakdown of how symmetric encryption works:
Lets understand the symmetric encryption process with a simple example:
There are two really close friends named Bob and Alice living in New York. For some reason, Alice has to move out of the city. The only way they can communicate with each other is through postal mail. But theres one problem: Bob and Alice are afraid that someone could read their letters.
To protect their letters from someones eyes, they decide to write their message in such a way that each letter of the message is replaced by a letter seven positions down the alphabet. So, instead of writing Apple, they would write hwwsl (A -> H, P -> W, L -> S, E -> L). To turn the data back into its original form, theyd have to replace the letter seven positions up the alphabet order.
Of course, this might sound too simple to you and it is. Thats because this technique was used centuries ago by Julius Caesar, the Roman emperor and military general. Known as Caesars cipher, this method works on the technique of alphabet substitution.
Todays encryption methods arent as simple as that. The widely used encryption algorithms are so complex that even the combined computing power of many super-computers cannot crack them. And thats why we can relax and send our credit card information without any worries.
The most outstanding feature of symmetric encryption is the simplicity of its process. This simplicity of this type of encryption lies in the use of a single key for both encryption as well as decryption. As a result, symmetric encryption algorithms:
This means that when theres a large chunk of data to be encrypted, symmetric encryption proves to be a great option.
Like we saw with Caesars cipher, theres specific logic behind every encryption method that scrambles data. The encryption methods that are used today rely on highly complex mathematical functions that make it virtually impossible to crack them.
What you may or may not realize is that there are hundreds of symmetric key algorithms in existence! Some of the most common encryption methods include AES, RC4, DES, 3DES, RC5, RC6, etc. Out of these algorithms, DES and AES algorithms are the best known. While we cant cover all of the different types of encryption algorithms, lets have a look at three of the most common.
Introduced in 1976, DES (data encryption standard) is one of the oldest symmetric encryption methods. It was developed by IBM to protect sensitive, unclassified electronic government data and was formally adopted in 1977 for use by federal agencies. DES uses a 56-bit encryption key, and its based on the Feistel Structure that was designed by a cryptographer named Horst Feistel. The DES encryption algorithm was among those that were included in TLS (transport layer security) versions 1.0 and 1.1.
DES converts 64-bit blocks of plaintext data into ciphertext by dividing the block into two separate 32-bit blocks and applying the encryption process to each independently. This involves 16 rounds of various processes such as expansion, permutation, substitution, or an XOR operation with a round key that the data will go through as its encrypted. Ultimately, 64-bit blocks of encrypted text is produced as the output.
Today, DES is no longer in use as it was cracked by many security researchers. In 2005, DES was officially deprecated and was replaced by the AES encryption algorithm, which well talk about momentarily. The biggest downside to DES was its low encryption key length, which made brute-forcing easy against it. TLS 1.2, the most widely used TLS protocol today, doesnt use the DES encryption method.
3DES (also known as TDEA, which stands for triple data encryption algorithm), as the name implies, is an upgraded version of the DES algorithm that was released. 3DES was developed to overcome the drawbacks of the DES algorithm and was put into use starting in the late 1990s. To do so, it applies the DES algorithm thrice to each data block. As a result, this process made 3DES much harder to crack than its DES predecessor. It also became a widely used encryption algorithm in payment systems, standards, and technology in the finance industry. Its also become a part of cryptographic protocols such as TLS, SSH, IPsec, and OpenVPN.
All encryption algorithms ultimately succumb to the power of time, and 3DES was no different. The Sweet32 vulnerability discovered by researchers Karthikeyan Bhargavan and Gatan Leurent unplugged the security holes that exist within the 3DES algorithm. This discovery caused the security industry to consider the deprecation of the algorithm and the National Institute of Standards and Technology (NIST) announced the deprecation in a draft guidance published in 2019.
According to this draft, the use of 3DES is to be scrapped in all new applications after 2023. Its also worth noting that TLS 1.3, the latest standard for SSL/TLS protocols, also discontinued the use of 3DES.
AES, which stands for advanced encryption system, is one of the most prevalently used types of encryption algorithms and was developed as an alternative to the DES algorithm. Also known as Rijndael, AES became an encryption standard on approval by NIST in 2001. Unlike DES, AES is a family of block ciphers that consists of ciphers of different key lengths and block sizes.
AES works on the methods of substitution and permutation. First, the plaintext data is turned into blocks, and then the encryption is applied using the encryption key. The encryption process consists of various sub-processes such as sub bytes, shift rows, mix columns, and add round keys. Depending upon the size of the key, 10, 12, or 14 such rounds are performed. Its worth noting that the last round doesnt include the sub-process of mix columns among all other sub-processes performed to encrypt the data.
What all of this boils down to is to say that AES is safe, fast, and flexible. AES is a much quicker algorithm compared to DES. The multiple key length options are the biggest advantage you have as the longer the keys are, the harder it is to crack them.
Today, AES is the most widely used encryption algorithm its used in many applications, including:
Many government agencies, including the National Security Agency (NSA), rely on the AES encryption algorithm to protect their sensitive information.
Asymmetric encryption, in contrast to the symmetric encryption method, involves multiple keys for encryption and decryption of the data. Asymmetric encryption encompasses two distinct encryption keys that are mathematically related to each other. One of these keys is known as the public key and the other one as the private key. Hence, why the asymmetric encryption method is also known as public key cryptography.
As we saw in the above example, symmetric encryption works great when Alice and Bob want to exchange information. But what if Bob wants to communicate with hundreds of people securely? Would it be practical if he used different mathematical keys for each person? Not really, because that would be a lot of keys to juggle.
To resolve this issue, Bob uses public key encryption, which means that he gives the public key to everyone who sends him the information and keeps the private key to himself. He instructs them to encrypt the information with the public key so that the data can only be decrypted using the private key that he has. This eliminates the risk of key compromise as the data can only be decrypted using the private key that Bob has in his possession.
The first (and most obvious) advantage of this type of encryption is the security it provides. In this method, the public key which is publicly available is used to encrypt the data, while the decryption of the data is done using the private key, which needs to be stored securely. This ensures that the data remains protected against man-in-the-middle (MiTM) attacks. For web/email servers that connect to hundreds of thousands of clients ever minute, asymmetric encryption is nothing less than a boon as they only need to manage and protect a single key. Another key point is that public key cryptography allows creating an encrypted connection without having to meet offline to exchange keys first.
The second crucial feature that asymmetric encryption offers is authentication. As we saw, the data encrypted by a public key can only be decrypted using the private key related to it. Therefore, it makes sure that the data is only seen and decrypted by the entity thats supposed to receive it. In simpler terms, it verifies that youre talking to the person or organization that you think you are.
Invented by Ron Rivest, Adi Shamir, and Leonard Adleman (hence RSA) in 1977, RSA is, to date, the most widely used asymmetric encryption algorithm. Its potency lies in the prime factorization method that it relies upon. Basically, this method involves two huge random prime numbers, and these numbers are multiplied to create another giant number. The puzzle here is to determine the original prime numbers from this giant-sized multiplied number.
It turns out this puzzle is virtually impossible if using the right key length thats generated with enough entropy for todays super-computers, let alone humans. In 2010, a group of researchers did research, and it took them more than 1,500 years of computing time (distributed across hundreds of computers) to crack RSA-768 bit key which is way below the standard 2048-bit RSA key thats in use today.
A great advantage that RSA offers is its scalability. It comes in various encryption key lengths such as 768-bit, 1024-bit, 2048-bit, 4096-bit, etc. Therefore, even if the lower key-lengths are successfully brute-forced, you can use encryption of higher key lengths because the difficulty of brute-forcing the key increases with each expanding key length.
RSA is based on a simple mathematical approach, and thats why its implementation in the public key infrastructure (PKI) becomes straightforward. This adaptability with PKI and its security has made RSA the most widely used asymmetric encryption algorithm used today. RSA is extensively used in many applications, including SSL/TLS certificates, crypto-currencies, and email encryption.
In 1985, two mathematicians named Neal Koblitz and Victor S. Miller proposed the use of elliptic curves in cryptography. After almost two decades, their idea was turned into a reality when ECC (Elliptic Curve Cryptography) algorithm entered into use in 2004-05.
In the ECC encryption process, an elliptic curve represents the set of points that satisfy a mathematical equation (y2 = x3 + ax + b).
Like RSA, ECC also works on the principle of irreversibility. In simpler words, its easy to compute it in one direction but painfully difficult to reverse it and come to the original point. In ECC, a number symbolizing a point on the curve is multiplied by another number and gives another point on the curve. Now, to crack this puzzle, you must figure out the new point on the curve. The mathematics of ECC is built in such a way that its virtually impossible to find out the new point, even if you know the original point.
Compared to RSA, ECC offers greater security (against current methods of cracking) as its quite complex. It provides a similar level of protection as RSA, but it uses much shorter key lengths. As a result, ECC applied with keys of greater lengths will take considerably more time to crack using brute force attacks.
Another advantage of the shorter keys in ECC is faster performance. Shorter keys require less networking load and computing power, and that turns out to be great for devices with limited storage and processing capabilities. When the ECC is used in SSL/TLS certificates, it decreases the time it takes to perform SSL/TLS handshakes considerably and helps you load the website faster. The ECC encryption algorithm is used for encryption applications, to apply digital signatures, in pseudo-random generators, etc.
The challenge with using ECC, though, is that many server software and control panels havent yet added support for ECC SSL/TLS certificates. Were hoping that this changes in the future, but this means that RSA is going to continue to be the more widely used asymmetric encryption algorithm in the meantime.
First, let me clarify that hybrid encryption is not a method like symmetric and asymmetric encryption are. Its taking the best from both of these methods and creating a synergy to build robust encryption systems.
As advantageous as symmetric and asymmetric encryption are, they both have their downsides. The symmetric encryption method works great for fast encryption of large data. Still, it doesnt provide identity verification, something thats the need of the hour when it comes to internet security. On the other hand, asymmetric encryption thanks to the public/private key pair makes sure that the data is accessed by your intended recipient. However, this verification makes the encryption process painfully slow when implemented at scale.
In many applications, such as website security, there was a need to encrypt the data at a high speed and the verification of identity was also required to ensure the users that theyre talking to the intended entity. Thats how the idea of hybrid encryption was born.
The hybrid encryption technique is used in applications such as SSL/TLS certificates. SSL/TLS encryption is applied during a series of back-and-forth communications between servers and clients (web browsers) in a process thats known as the TLS handshake. In this process, the identity of both parties is verified using the private and public key. Once both parties have confirmed their identities, the encryption of the data takes place through symmetric encryption using an ephemeral (session) key. This ensures speedy transmission of the tons of data that we send and receive on the internet every minute.
If youre wondering which type of encryption is better than the other, then there wont be any clear winner as both symmetric and asymmetric encryption bring their advantages to the table, and we cannot choose only one at the expense of the other.
From the security perspective, asymmetric encryption is undoubtedly better as it ensures authentication and non-repudiation. However, the performance is also an aspect that we cant afford to ignore, and thats why symmetric encryption will always be needed.
Heres the summary of what we hashed out for as far as types of encryption are concerned:
Recent Articles By Author
*** This is a Security Bloggers Network syndicated blog from Hashed Out by The SSL Store authored by Jay Thakkar. Read the original post at: https://www.thesslstore.com/blog/types-of-encryption-encryption-algorithms-how-to-choose-the-right-one/
Among the advantages of hosting the Biznews Share portfolio is how it pushes me into unusual places which are often the best places to learn. Among them the quarterly investorcalls of US-listed stocks which are easilysourced through YouTube and always deliver a lot of valuable information.
Spotting the next Jeff Bezos is also made easier when youre able to actually watch people like Reed Hastings (59) of Netflix or Daniel Ek (36) of Spotify handle tough questions. Another who could join this elite group is Matthew Prince (46), co-founder and CEO Cloudflare, the worlds dominant Internet security business.
In Cloudflares earnings call this month Prince said that given the state of the world, he felt weird reporting strong financials (revenue up 48%, profit margin of 78%), but explained Undoubtedly the superheroes of this crisis are the medical professionals and scientists but the faithful sidekick, the Ant Man to Captain Marvel, has been the Internet on which all worldwide have leaned more than ever before.
Prince described recent growth in Internet use as unprecedented we saw as much in 12 weeks as we have seen in the previous 12 months Internet traffic nearly doubled through March and April versus the beginning of the year. Businesses of all sizes, he said, are moving online to survive. Sounds like a mantra for managers everywhere. SA included.
To receive Biznews founder Alec Hoggs Daily Insider every weekday at 6am in your inboxclick here. You can also sign up to the Weekender for a wrap of the best content Biznews has to offer, for a leisurely Saturday read.
(Visited 117 times, 117 visits today)
See the rest here:
Move online to survive businesss new mantra - BizNews
Visitors tour the Chinese internet security firm Qihoo 360.
BEIJING (AP) China demand Monday that Washington withdraw export sanctions imposed on Chinese companies in the latest round of a worsening conflict over technology, security and human rights.
The foreign ministry accused the Trump administration of interfering in China's affairs by adding eight companies accused of playing roles in a crackdown in its Muslim northwestern region of Xinjiang to an export blacklist.
Washington also imposed controls on access to American technology for 24 companies and government-linked entities it said might be involved in obtaining goods with potential military uses.
The U.S. decision violated basic norms of international relations" and "harmed China s interests, said a ministry spokesman, Zhao Lijian.
We urge the United States to correct its mistakes, revoke the relevant decision and stop interfering in Chinas internal affairs," Zhao said.
The measures announced Friday expand a U.S. campaign against Chinese companies including tech giant Huawei that Washington says might be security threats.
Beijing criticized curbs imposed earlier on Huawei Technologies Ltd. and other companies including Hikvision Digital Technology Ltd., a supplier of video security products. It has yet to say whether it will retaliate.
One company cited Friday in connection with Xinjiang is accused of engaging in human rights violations," the Commerce Department said. The rest are accused of enabling Chinas high-technology surveillance in the region.
One of the technology suppliers, CloudWalk Technology Ltd., which makes facial recognition systems, said in a statement such unfair treatmentwill hurt American companies and global development.
Chinas fledgling tech industries are developing their own processor chips, software and other products. But they need U.S., European and Japanese components and technology for smartphones and other devices, as well as for manufacturing processes.
The company accused of human rights violations, Aksu Huafu Textiles Co., said in a statement the U.S. decision recklessly disregards facts." The company said it won't be affected because any American materials can be replaced by Chinese sources.
Other companies didn't respond Monday to questions about how they might be affected.
The decision to add the companies to the Commerce Departments Entity List limits their access to U.S. components and technology by requiring government permission for exports.
American officials complain Beijing's technology development is based at least in part on stolen foreign know-how and might erode U.S. industrial leadership or threaten the security of its neighbors.
Complaints about Beijings technology ambitions prompted President Donald Trump to raise duties on Chinese imports in 2018, triggering a tariff war that weighs on global trade. The two governments signed a truce in January but Trump has threatened to back out if China fails to buy more American exports.
Other companies cited Friday represent a significant risk of supporting procurement of items for military end-use in China, the Commerce Department said.
The most prominent name on that list is Qihoo 360, a major supplier of anti-virus software and a web browser.
On its social media account, Qihoo 360 accused the Commerce Department of politicizing business and commercial research and development.
Companies including Huawei that were targeted by earlier U.S. sanctions deny they are a threat. Chinese officials accuse Washington of using phony security warnings to block rising competitors of U.S. tech industries.
Another blacklisted company, CloudMinds Technology Co., a maker of internet-linked robots, said all its products are designed for civilian use. It appealed to the U.S. government on its social media account to stop this unfair treatment.
Go here to see the original:
China Demands Us Withdraw Sanctions on Tech Suppliers - Manufacturing Business Technology
Samsung will launch a new standalone turnkey security chip to protect mobile devices, the company announced today.
The chip, which has the said-once-never-forgotten name "S3FV9RR" aka the Mobile SE Guardian 4 is a follow-up to the dedicated security silicon baked into the Galaxy S20 smartphone series launched in February 2020.
The new chip is Common Criteria Assurance Level 6+ certified, the highest certification that a mobile component has received, according to Samsung. CC EAL 6+ is used in e-passports and hardware wallets for cryptocurrency.
It has twice the storage capacity of the first-gen chip and supports device authorisation, hardware-based root of trust, and secure boot features. When a bootloader initiates, the chip initiates a chain of trust sequence to validate each components' firmware. The chip can also work independently from the device's main processor to ensure tighter security.
"In this era of mobility and contactless interactions, we expect our connected devices, such as smart phones or tablets, to be highly secure so as to protect personal data and enable fintech activities such as mobile banking, stock trading and cryptocurrency transactions," said Dongho Shin, senior vice president of marketing at Samsung System LSI, which makes logic chips for the South Korean conglomerate.
"With the new standalone security element solution (S3FV9RR), Samsung is mounting a powerful deadbolt on smart devices to safeguard private information." Which should be handy for all manner of devices - perhaps even Internet of things devices.
Sammy says that the new chip will be available in Q3 this year.
Sponsored: Practical tips for Office 365 tenant-to-tenant migration
Read the original post:
Galaxy S20 security is already old hat as Samsung launches new safety silicon - The Register
DDoS Protection Market report covers the Introduction, Product Type and Application, Market Overview, Market Analysis by Countries, Market Opportunities, Market Risk and Market Driving Force. Under Coronavirus (COVID19) outbreak globally, this DDoS Protection industry report provides 360 degrees of analysis from Supply Chain, Import and Export control to regional government policy and future influence on the industry.Focuses on the topmost key DDoS Protection market manufactures/players like(Arbor Networks, Akamai Technologies, F5 Networks, Imperva, Radware, Huawei Technologies, Corero Network Security, Neustar, Cloudflare, Nexusguard, A10 Networks, Fortinet, Verisign, Zenedge, Sucuri, Sitelock, Flowmon Networks, Stackpath, Dosarrest Internet Security), to define, describe and analyze the Sales Volume, Value, Market Share, Capacity, Production, Price, Revenue, Cost, Gross, Gross Margin, DDoS Protection Market Competition Landscape, SWOT Analysis and Development Plans in next few years.
Get Free Sample PDF (including COVID19 Impact Analysis, full TOC, Tables and Figures)of DDoS Protection[emailprotected]https://www.researchmoz.us/enquiry.php?type=S&repid=2040406
Which Prime Data Figures are Included in This DDoS Protection Market Report-Market size (Last few years, current and expected); Market share analysis as per different companies; DDoS Protection Market forecast; Demand; Price Analysis; DDoS Protection Market Contributions (Size, Share as per regional boundaries).
Scope of DDoS Protection Market:The hybrid deployment mode is gaining a high traction in the market, as mitigating all DDoS attacks is challenging. The hybrid deployment mode safeguards critical enterprise data on-premises and stores other data in the cloud environment. Hybrid deployment solutions protect organizations IT infrastructure from multi-vector DDoS attacks before these attacks snowball into a huge problem. Enterprises can retain all their critical data and intellectual properties within their premises and ensure their safety from network-based, protocol-based, and application-based DDoS attacks.
To ensure each node of organizations infrastructure is protected, the DDoS protection and mitigation market is classified into application areas that include network, application, database, and endpoint. The application segment is expected to grow at the highest CAGR and hold the largest market share during the forecast period. Cybercriminals are using innovative hacking tools to attack organizations network infrastructure and block all the legitimate traffic. DDoS attacks disrupt the functioning of enterprises and can cause loss es amounting to millions. The extensive adoption of DDoS protection solutions and services among enterprises across various verticals, such as retail, Banking, Financial Services, and Insurance (BFSI), government and defense, healthcare, manufacturing, and retail, can be dedicated to the increasing awareness of mitigating devastating volumetric attacks.
On the basis on the end users/applications,this report focuses on the status and outlook for major applications/end users, shipments, revenue (Million USD), price, and market share and growth rate foreach application.
Network Application Database Endpoint
On the basis of product type, this report displays the shipments, revenue (Million USD), price, and market share and growth rate of each type.
Design and Integration Consulting and Advisory Training and Education Support and Maintenance
Do You Have Any Query Or Specific Requirement? Ask to Our Industry[emailprotected]https://www.researchmoz.us/enquiry.php?type=E&repid=2040406
DDoS Protection Market Regional Analysis Covers:
Some Important Highlights From The DDoS Protection Market Report Include:
To Get Discount of DDoS Protection Market:https://www.researchmoz.us/enquiry.php?type=D&repid=2040406
ResearchMozMr. Rohit Bhisey,Tel: +1-518-621-2074USA-Canada Toll Free: 866-997-4948Email:[emailprotected]
Browse More Reports Visit @https://www.mytradeinsight.blogspot.com/
Read the original here:
DDoS Protection Market Overview, Regional And Restraint Analysis By 2020 2026 - 3rd Watch News
Amid the COVID-19 crisis and the looming economic recession, the Electronic Bill Presentment and Payment (EBPP) market worldwide will grow by a…
New York, May 27, 2020 (GLOBE NEWSWIRE) -- Reportlinker.com announces the release of the report "Global Electronic Bill Presentment and Payment (EBPP) Industry" - https://www.reportlinker.com/p05443579/?utm_source=GNW 7 Number of Bills in Billion by the end of the analysis period. An unusual period in history, the coronavirus pandemic has unleashed a series of unprecedented events affecting every industry. The Electronic Bill Presentment and Payment (EBPP) market will be reset to a new normal which going forwards in a post COVID-19 era will be continuously redefined and redesigned. Staying on top of trends and accurate analysis is paramount now more than ever to manage uncertainty, change and continuously adapt to new and evolving market conditions.
As part of the new emerging geographic scenario, the United States is forecast to readjust to a 9.2% CAGR. Within Europe, the region worst hit by the pandemic, Germany will add over 564.4 Number of Bills in Million to the regions size over the next 7 to 8 years. In addition, over 564.5 Number of Bills in Million worth of projected demand in the region will come from Rest of European markets. In Japan, the Electronic Bill Presentment and Payment (EBPP) segment will reach a market size of 1.9 Number of Bills in Billion by the close of the analysis period. Blamed for the pandemic, significant political and economic challenges confront China. Amid the growing push for decoupling and economic distancing, the changing relationship between China and the rest of the world will influence competition and opportunities in the Electronic Bill Presentment and Payment (EBPP) market. Against this backdrop and the changing geopolitical, business and consumer sentiments, the worlds second largest economy will grow at 8% over the next couple of years and add approximately 2 Number of Bills in Billion in terms of addressable market opportunity. Continuous monitoring for emerging signs of a possible new world order post-COVID-19 crisis is a must for aspiring businesses and their astute leaders seeking to find success in the now changing Electronic Bill Presentment and Payment (EBPP) market landscape. All research viewpoints presented are based on validated engagements from influencers in the market, whose opinions supersede all other research methodologies.
Competitors identified in this market include, among others, ACI Worldwide; Bottomline Technologies Inc.; Communications Data Group Inc.; CSG Systems International Inc.; CyberSource Corporation; eBillingHub; ebpSource Limited; Enterprise jBilling Software Ltd.; FIS; Fiserv Inc.; Jack Henry & Associates Inc.; Jopari Solutions Inc.; Pagero AB; PayPal Inc.; SIX Payment Services Ltd.; Sorriso Technologies Inc.; Striata
Read the full report: https://www.reportlinker.com/p05443579/?utm_source=GNW
ELECTRONIC BILL PRESENTMENT AND PAYMENT (EBPP) MCP-1MARKET ANALYSIS, TRENDS, AND FORECASTS, JUNE 2CONTENTS
I. INTRODUCTION, METHODOLOGY & REPORT SCOPE
II. EXECUTIVE SUMMARY
1. MARKET OVERVIEW Electronic Bill Presentment & Payment: Strongly Founded on Next Generation Internet Economy Recent Market Activity Market Overview Key Benefits of EBPP Driving Adoption Worldwide EBPP Models Market Outlook Global Competitor Market Shares Electronic Bill Presentment and Payment (EBPP) Competitor Market Share Scenario Worldwide (in %): 2020 & 2029 Impact of Covid-19 and a Looming Global Recession 2. FOCUS ON SELECT PLAYERS ACI Worldwide (USA) Bottomline Technologies, Inc. (USA) Communications Data Group, Inc. (USA) CSG Systems International, Inc. (USA) CyberSource Corporation (USA) ebpSource Limited (UK) eBillingHub (USA) Enterprise jBilling Software Ltd. (Canada) Fiserv, Inc. (USA) FIS (USA) Jack Henry & Associates, Inc. (USA) Jopari Solutions, Inc. (USA) MasterCard (USA) Pagero AB (Sweden) PayPal, Inc. (USA) SIX Payment Services Ltd. (Switzerland) Sorriso Technologies, Inc. (USA) Striata (USA) 3. MARKET TRENDS & DRIVERS Noteworthy Market Trends, Drivers & Challenges Outsourced EBPP Services Gain in Popularity Political Focus on Exerting Strong Fiscal Controls to Curb Tax Evasion & Fraud Drives the Emergence of Latin America as the World's Largest Market for E-Billing The Rise of Customer Self-Service Tilts EBPP Technologies into the Mass Adoption Stage Intuitive Design of Electronic Bills: Vital to the Success of Bill Presentment SMS Bill Presentment Soars in Popularity ATMs Emerge as a Medium of Electronic Payment SMBs: An Emerging & Lucrative Customer Cluster for EBPP Improving Reconciling, Billing and Payment functions of Business through EBPP Mobile Platform Presents a Positive Outlook for Adoption of Electronic Billing Convergence of Billing with Customer Analytics Opens a New Window of Opportunity Launch of e-Bill Adoption Campaigns to Benefit Market Growth The Significance of EBPP Platforms for Making Utility Payments Growing Importance of Customer Experience Leads CSPs to Turn Towards EBPP Solutions Key Macro Forces Driving Market Growth Global Efforts to Go Cashless Confers Policy Led Stability to the Growth of Electronic Bill Presentment and Payment Solutions Rapid Growth in eCommerce and mCommerce Spurs Consumer Appetite for Electronic Payment Rapid Mobile Broadband Penetration Provides the Platform for Future Growth Developments in Internet Security: A Prerequisite for Growth of e-Billing & Payment Market Increasing Use of Internet-Enabled Smartphones Encourages Bill Payment through Mobile Phones Developments in Mobile Wallet & Payment Apps to Richly Support Growth of Electronic Payments Growing Focus on Environmental Sustainability to Benefit EBPP Challenges Impeding Wider Adoption of EBPP Underdeveloped Internet Infrastructure in Developing Markets Bandwidth Limitations Limit EBPP Potential Inherent limitations of SMS System: A Cause of Concern Lack of Common Standards Key Considerations for Successful Implementation of EBPP EBPP: Not a Complete Replacement for Paper 4. GLOBAL MARKET PERSPECTIVE Table 1: Electronic Bill Presentment and Payment (EBPP) Global Market Estimates and Forecasts in Number of Bills in Million by Region/Country: 2020-2027 Table 2: Electronic Bill Presentment and Payment (EBPP) Global Retrospective Market Scenario in Number of Bills in Million by Region/Country: 2012-2019 Table 3: Electronic Bill Presentment and Payment (EBPP) Market Share Shift across Key Geographies Worldwide: 2012 VS 2020 VS 2027 III. MARKET ANALYSIS GEOGRAPHIC MARKET ANALYSIS UNITED STATES Market Facts & Figures Market Analytics Table 4: United States Electronic Bill Presentment and Payment (EBPP) Market Estimates and Projections in Number of Bills in Million: 2020 to 2027 Table 5: Electronic Bill Presentment and Payment (EBPP) Market in the United States: A Historic Review in Number of Bills in Million for 2012-2019 CANADA Table 6: Canadian Electronic Bill Presentment and Payment (EBPP) Market Estimates and Forecasts in Number of Bills in Million: 2020 to 2027 Table 7: Canadian Electronic Bill Presentment and Payment (EBPP) Historic Market Review in Number of Bills in Million: 2012-2019 JAPAN Table 8: Japanese Market for Electronic Bill Presentment and Payment (EBPP): Annual Sales Estimates and Projections in Number of Bills in Million for the Period 2020-2027 Table 9: Electronic Bill Presentment and Payment (EBPP) Market in Japan: Historic Sales Analysis in Number of Bills in Million for the Period 2012-2019 CHINA Table 10: Chinese Electronic Bill Presentment and Payment (EBPP) Market Growth Prospects in Number of Bills in Million for the Period 2020-2027 Table 11: Electronic Bill Presentment and Payment (EBPP) Historic Market Analysis in China in Number of Bills in Million: 2012-2019 EUROPE Market Facts & Figures Market Analytics Table 12: European Electronic Bill Presentment and Payment (EBPP) Market Demand Scenario in Number of Bills in Million by Region/Country: 2020-2027 Table 13: Electronic Bill Presentment and Payment (EBPP) Market in Europe: A Historic Market Perspective in Number of Bills in Million by Region/Country for the Period 2012-2019 Table 14: European Electronic Bill Presentment and Payment (EBPP) Market Share Shift by Region/Country: 2012 VS 2020 VS 2027 FRANCE Table 15: Electronic Bill Presentment and Payment (EBPP) Market in France: Estimates and Projections in Number of Bills in Million for the Period 2020-2027 Table 16: French Electronic Bill Presentment and Payment (EBPP) Historic Market Scenario in Number of Bills in Million: 2012-2019 GERMANY Table 17: Electronic Bill Presentment and Payment (EBPP) Market in Germany: Recent Past, Current and Future Analysis in Number of Bills in Million for the Period 2020-2027 Table 18: German Electronic Bill Presentment and Payment (EBPP) Historic Market Analysis in Number of Bills in Million: 2012-2019 ITALY Table 19: Italian Electronic Bill Presentment and Payment (EBPP) Market Growth Prospects in Number of Bills in Million for the Period 2020-2027 Table 20: Electronic Bill Presentment and Payment (EBPP) Historic Market Analysis in Italy in Number of Bills in Million: 2012-2019 UNITED KINGDOM Table 21: United Kingdom Market for Electronic Bill Presentment and Payment (EBPP): Annual Sales Estimates and Projections in Number of Bills in Million for the Period 2020-2027 Table 22: Electronic Bill Presentment and Payment (EBPP) Market in the United Kingdom: Historic Sales Analysis in Number of Bills in Million for the Period 2012-2019 REST OF EUROPE Table 23: Rest of Europe Electronic Bill Presentment and Payment (EBPP) Market Estimates and Forecasts in Number of Bills in Million: 2020-2027 Table 24: Electronic Bill Presentment and Payment (EBPP) Market in Rest of Europe in Number of Bills in Million: A Historic Review for the Period 2012-2019 ASIA-PACIFIC Table 25: Electronic Bill Presentment and Payment (EBPP) Market in Asia-Pacific: Estimates and Projections in Number of Bills in Million for the Period 2020-2027 Table 26: Asia-Pacific Electronic Bill Presentment and Payment (EBPP) Historic Market Scenario in Number of Bills in Million: 2012-2019 REST OF WORLD Table 27: Rest of World Electronic Bill Presentment and Payment (EBPP) Market Estimates and Forecasts in Number of Bills in Million: 2020 to 2027 Table 28: Rest of World Electronic Bill Presentment and Payment (EBPP) Historic Market Review in Number of Bills in Million: 2012-2019 IV. COMPETITION
Total Companies Profiled: 78 Read the full report: https://www.reportlinker.com/p05443579/?utm_source=GNW
About ReportlinkerReportLinker is an award-winning market research solution. Reportlinker finds and organizes the latest industry data so you get all the market research you need - instantly, in one place.