Encryption/Data Security news, articles & updates| SC Media

Encryption/Data Security

China pushes new global data security initiative, decrying US ‘politicizing’ the issue

China announced a comprehensive global data security program Tuesday, proposing many of the same international norms agreed upon by Western nations already, while protecting China’s interest in balkanizing the internet. State Councilor and Foreign Minister Wang Yi proposed the “Global Data Security Initiative” in a statement translated here by the New America think tank. According…

EARN IT passes Senate Judiciary, stokes concerns over erosion of end-to-end encryption

Proponents of the Eliminating Abusive and Rampant Neglect of Interactive Technologies Act (EARNIT) might tout its tough stance on online child sexual abuse material but privacy and digital rights advocates contend the bill, just passed by the Senate Judiciary Committee, will erode end-to-end encryption. EARN IT revokes Section 230 protection for internet intermediaries for what…

Zoom will extend optional end-to-end encryption to free users

Zoom said Wednesday that it would extend end-to-end encryption to users of its free service. The popular conferencing platform had drawn criticism for its plans to provide E2EE only to its paid customers but after consulting with civil liberties groups, encryption experts, child safety advocates and others, released an updated and inclusive E2EE design on…

Bug prompts Let’s Encrypt to revoke over 3M TLS certificates

Beginning today, Let’s Encrypt is revoking more than 3 million of its Transport Layer Security (TLS) certificates, following the discovery of a bug that affects the way it rechecks CAA (Certificate Authority Authorization) records. “Most subscribers issue a certificate immediately after domain control validation, but we consider a validation good for 30 days,” explained Jacob Hoffman-Andrew,…

RSA certificates vulnerable: Keyfactor

The security firm Keyfactor recently presented information proving that about 250,000 RSA keys are vulnerable to compromise. The report was based on the examination of 175 million RSA certificates and keys. Researchers mined active and publicly available RSA keys to identity any common factors. Keyfactor said Any keys sharing one of their prime factors with…

Diplomats used WhatsApp, personal phones to discuss Ukraine policy

Nearly a decade after Hillary Clinton began using personal devices and a private email server while Secretary of State – a practice that sparked a heated debate and congressional investigations during the 2016 presidential election cycle – an early impeachment probe into President Trump revealed that diplomats in the administration used WhatsApp and their personal…

Cellebrite claims it can crack any iPhone or Android, Trump admins weigh encryption ban

Israeli data extraction firm Cellebrite announced the ability to break into any iPhone or Android device for law enforcement agencies near the same time Trump administration officials weighed the pros and cons of banning encryption law enforcement can’t break.   Senior Trump officials met Wednesday to discuss whether to seek legislation that would crack down on…

Unpatched bug in Windows SymCrypt library could cause DoS condition, warns researcher

Google’s Project Zero vulnerability hunting team has publicly disclosed an unpatched bug in the SymCrypt cryptography library for Windows, which could create a denial of service condition when the user initiates any function that requires cryptography. Project Zero researcher Tavis Ormandy said in a June 11 tweet that even though the problem is of “relatively…

Australia passes law forcing tech giants to circumvent encryption on target devices

Australia’s parliament on Thursday passed groundbreaking legislation that instructs tech developers to help law enforcement investigations by intercepting the encrypted communications of suspects’ devices. Known as the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018, the law contains language requiring companies in some cases to build new capabilities to decrypt protected communications if…

Next post in Home