article thumbnail

Australia Threatens to Force Companies to Break Encryption

Schneier on Security

In 2018, Australia passed the Assistance and Access Act, which—among other things—gave the government the power to force companies to break their own encryption. Examples include certain source code, encryption, cryptography, and electronic hardware. We in the encryption space call that last one “ nerd harder.”

article thumbnail

Patch Tuesday, November 2018 Edition

Krebs on Security

This week’s patch batch addresses two flaws of particular urgency: One is a zero-day vulnerability ( CVE-2018-8589 ) that is already being exploited to compromise Windows 7 and Server 2008 systems.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Signal downplays encryption key flaw, fixes it after X drama

Bleeping Computer

Signal is finally tightening its desktop client's security by changing how it stores plain text encryption keys for the data store after downplaying the issue since 2018. [.]

article thumbnail

Encryption is on the Rise!

Cisco Security

standard in RFC 8446 in August 2018, plenty of tools and utilities were already supporting it (even as early as the year prior, some web browsers had implemented it as their default standard, only having to roll it back due to compatibility issues. Toward the end of 2018, EMA conducted a survey of customers regarding their TLS 1.3

article thumbnail

How Did Facebook Beat a Federal Wiretap Demand?

Schneier on Security

in 2018 beat back federal prosecutors seeking to wiretap its encrypted Messenger app. Here's the 2018 story. This is interesting : Facebook Inc. Now the American Civil Liberties Union is seeking to find out how. The entire proceeding was confidential, with only the result leaking to the press. Slashdot thread.

article thumbnail

Some Fortinet products used hardcoded keys and weak encryption for communications

Security Affairs

Researchers at SEC Consult Vulnerability Lab discovered multiple issues in several security products from Fortinet, including hardcoded key and encryption for communications. “The messages are encrypted using XOR “encryption” with a static key.” The PoC code is a Python 3 script that decrypts a FortiGuard message.

article thumbnail

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

Krebs on Security

LastPass officially instituted this change back in 2018, but some undisclosed number of the company’s earlier customers were never required to increase the length of their master passwords. In February 2018, LastPass changed the default to 100,100 iterations. By 2013, new LastPass customers were given 5,000 iterations by default.

Passwords 302