Schneier on Security

JULY 24, 2019

Yesterday, Attorney General William Barr gave a major speech on encryption policy -- what is commonly known as "going dark." Nor are we necessarily talking about the customized encryption used by large business enterprises to protect their operations. I think this is a major change in government position.

Encryption 271

Encryption Telecommunications Risk Government 271

Schneier on Security

SEPTEMBER 24, 2020

Both are popular messaging tools in Iran. The hackers also have created malware disguised as Android applications, the reports said.

Government 261

Government Hacking Mobile Encryption 261

Joseph Steinberg

DECEMBER 20, 2021

Nearly every piece of data that is presently protected through the use of encryption may become vulnerable to exposure unless we take action soon. While quantum computers already exist, no devices are believed to yet exist that are anywhere near powerful enough to crack modern encryption in short order.

Encryption 244

Encryption Artificial Intelligence Technology Risk 244

Schneier on Security

OCTOBER 23, 2023

Susan Landau published an excellent essay on the current justification for the government breaking end-to-end-encryption: child sexual abuse and exploitation (CSAE). She puts the debate into historical context, discusses the problem of CSAE, and explains why breaking encryption isn’t the solution.

Encryption 301

Encryption Government Surveillance 301

Schneier on Security

AUGUST 2, 2021

We can assume strong encryption, and good key management. Still, seems like a juicy target for other governments. The satellite can detect and characterise any rogue emissions, enabling it to respond dynamically to accidental interference or intentional jamming.

Telecommunications 363

Telecommunications Encryption Government 363

Schneier on Security

JUNE 21, 2022

Both bills have provisions that could be used to break end-to-end encryption. 3(c)(7)(A)(iii) would allow a company to deny access to apps installed by users, where those app makers “have been identified [by the Federal Government] as national security, intelligence, or law enforcement risks.” Let’s start with S.

Internet 335

Internet Internet Encryption Backups 335

Joseph Steinberg

JULY 20, 2022

There is little doubt that quantum computing will ultimately undermine the security of most of today’s encryption systems , and, thereby, render vulnerable to exposure nearly every piece of data that is presently protected through the use of encryption. Such an attitude is not alarmist – it is reality, whether we like it or not.

Risk 326

Risk Encryption Government Artificial Intelligence 326

Malwarebytes

DECEMBER 5, 2024

The infrastructure that the US government relies to communicate on is made up of the same private sector systems that everybody else uses. If you plan to follow that advice, but are new to encrypted messaging, make sure to use an app that offers E2EE (End-to-end encryption). You don’t need an expensive app to achieve this.

Encryption 138

Encryption Identity Theft Media Telecommunications 138

Schneier on Security

APRIL 7, 2021

.” Moxie Marlinspike, the creator of Signal and CEO of the nonprofit that runs it, describes the new payments feature as an attempt to extend Signal’s privacy protections to payments with the same seamless experience that Signal has offered for encrypted conversations. End-to-end encryption is already at risk.

Cryptocurrency 344

Cryptocurrency Encryption Mobile Government 344

Schneier on Security

JANUARY 21, 2022

Key Findings: MY2022, an app mandated for use by all attendees of the 2022 Olympic Games in Beijing, has a simple but devastating flaw where encryption protecting users’ voice audio and file transfers can be trivially sidestepped. Citizen Lab examined the app and found it riddled with security holes.

Surveillance 342

Surveillance Encryption Wireless Government 342

Schneier on Security

MARCH 13, 2020

Prepare for another attack on encryption in the U.S. It's easy to predict how Attorney General William Barr would use that power: to break encryption. He's said over and over that he thinks the "best practice" is to force encrypted messaging systems to give law enforcement access to our private conversations.

Encryption 279

Encryption Internet Internet Government 279

Schneier on Security

AUGUST 28, 2019

The Department of Justice wants access to encrypted consumer devices but promises not to infiltrate business products or affect critical infrastructure. Barr repeated a common fallacy about a difference between military-grade encryption and consumer encryption: "After all, we are not talking about protecting the nation's nuclear launch codes.

Computers and Electronics 266

Computers and Electronics Encryption Internet Internet 266

WIRED Threat Level

JUNE 15, 2023

The US government warns encryption chipmaker Hualan has suspicious ties to China’s military. Yet US agencies still use one of its subsidiary’s chips, raising fears of a backdoor.

Encryption 145

Encryption Government Hacking 145

Schneier on Security

AUGUST 1, 2019

This article points out that Facebook's planned content moderation scheme will result in an encryption backdoor into WhatsApp: In Facebook's vision, the actual end-to-end encryption client itself such as WhatsApp will include embedded content moderation and blacklist filtering algorithms. The company even noted.

Encryption 139

Encryption Manufacturing Mobile Government 139

Krebs on Security

JUNE 7, 2021

In the process of doing so, I encountered a small snag: The FSB’s website said in order to communicate with them securely, I needed to download and install an encryption and virtual private networking (VPN) appliance that is flagged by at least 20 antivirus products as malware. government on multiple occasions over the past five years.

Antivirus 332

Antivirus VPN Encryption Malware 332

Centraleyes

MAY 27, 2024

What is the Centraleyes AI Governance Framework? The AI Governance assessment, created by the Analyst Team at Centraleyes, is designed to fill a critical gap for organizations that use pre-made or built-in AI tools. What are the requirements for AI Governance? The primary goals of the AI Governance assessment are threefold.

Government 110

Government Risk Technology Data collection 110

The Hacker News

APRIL 23, 2024

European Police Chiefs said that the complementary partnership between law enforcement agencies and the technology industry is at risk due to end-to-end encryption (E2EE). They called on the industry and governments to take urgent action to ensure public safety across social media platforms.

Encryption 121

Encryption Media Government Technology 121

Schneier on Security

NOVEMBER 1, 2022

The tools can slow their data connections to a crawl, break the encryption of phone calls, track the movements of individuals or large groups, and produce detailed metadata summaries of who spoke to whom, when, and where.

Surveillance 350

Surveillance Telecommunications Mobile Encryption 350

The Hacker News

SEPTEMBER 17, 2024

The GSM Association, the governing body that oversees the development of the Rich Communications Services (RCS) protocol, on Tuesday, said it's working towards implementing end-to-end encryption (E2EE) to secure messages sent between the Android and iOS ecosystems.

Encryption 123

Encryption Government 123

Schneier on Security

NOVEMBER 15, 2022

But it risks giving the Egyptian government permission to read users’ emails and messages. Even messages shared via encrypted services like WhatsApp are vulnerable, according to POLITICO’s technical review of the application, and two of the outside experts.

Spyware 322

Spyware Technology Encryption Government 322

Troy Hunt

SEPTEMBER 25, 2021

Sponsored by: Boxcryptor cloud security: Free end-to-end encryption for your files. Check out the seamless encryption solution, Made in Germany!

Encryption 278

Encryption Phishing Government 278

Troy Hunt

JULY 11, 2021

I got my 11th MVP award this week (being welcomed into the MVP program was the turning point of my career and it remains enormously special to me 😊) Sponsored by: Varonis.

IoT 321

IoT Encryption Government 321

The Last Watchdog

SEPTEMBER 10, 2024

Instead of traditional methods that rely on storing and matching biometrics, SenseCrypt eID utilizes acts of encryption and decryption for registration and authentication, with no public/private keys stored anywhere. The company’s stakeholders include government organizations and bodies from both Singapore and Australia.

Computers and Electronics 278

Computers and Electronics Encryption Government Authentication 278

Schneier on Security

APRIL 29, 2020

in 2018 beat back federal prosecutors seeking to wiretap its encrypted Messenger app. If the decision is unsealed, other tech companies will likely try to use its reasoning to ward off similar government requests in the future. This is interesting : Facebook Inc. Now the American Civil Liberties Union is seeking to find out how.

Encryption 239

Encryption Government Surveillance 239

Schneier on Security

MARCH 31, 2024

I know I was at the Fast Software Encryption workshop in December 1993, another conference he created. There I presented the Blowfish encryption algorithm. He didn’t suffer fools in either government or the corporate world. He was the first person to make a lot of those sorts of connections.

Surveillance 325

Surveillance Encryption Engineering Government 325

Schneier on Security

MARCH 30, 2021

Researchers write that the RAT is constantly on the lookout for “any activity of interest, such as a phone call, to immediately record the conversation, collect the updated call log, and then upload the contents to the C&C server as an encrypted ZIP file.” This is a sophisticated piece of malware.

Malware 302

Malware Manufacturing Encryption Government 302

Schneier on Security

MAY 6, 2019

Ten years ago, I could have given you all sorts of advice about using encryption, not sending information over email, securing your web connections, and a host of other things­ -- but most of that doesn't matter anymore. The truth is there's nothing we can do to protect our data from being stolen by cybercriminals and others.

Identity Theft 278

Identity Theft Passwords Password Management Authentication 278

Schneier on Security

FEBRUARY 22, 2022

Government, in turn, must provide more timely and comprehensive threat information while simultaneously treating industry as a vital partner. Still, its contours are already clear: the private sector must prioritize long-term investments in a digital ecosystem that equitably distributes the burden of cyberdefense.

Cybersecurity 332

Cybersecurity Surveillance Marketing Encryption 332

Joseph Steinberg

MAY 9, 2022

They allow Russians to access banned sites, and they help protect users from government surveillance. Unsurprisingly, the Russian government has previously banned some (but not all) VPN services from offering services in the country. That said, VPNs are a double-edged sword for the Kremlin.

VPN 242

VPN Government Artificial Intelligence Technology 242

Schneier on Security

FEBRUARY 11, 2020

The Swiss cryptography firm Crypto AG sold equipment to governments and militaries around the world for decades after World War II. These spy agencies rigged the company's devices so they could easily break the codes that countries used to send encrypted messages. This isn't really news.

Encryption 278

Encryption Government Accountability 278

Schneier on Security

MAY 20, 2020

It's an interesting read, mostly about the government surveillance of him and other journalists. It was an opsec disaster; they would have been much more secure if they'd emailed the encrypted files. I wanted them to send encrypted random junk back and forth constantly, to hide when they were actually sharing real data.

Surveillance 243

Surveillance Encryption Government Media 243

Schneier on Security

FEBRUARY 7, 2020

That allows it to then encrypt the data that those control system programs interact with. Speculation is that this is criminal in origin, and not the work of a government. But because Megacortex also terminated hundreds of other processes, its industrial-control-system targeted features went largely overlooked.

Ransomware 249

Ransomware Malware Encryption Software 249

Schneier on Security

JANUARY 31, 2020

The Department of Interior is grounding all non-emergency drones due to security concerns: The order comes amid a spate of warnings and bans at multiple government agencies, including the Department of Defense, about possible vulnerabilities in Chinese-made drone systems that could be allowing Beijing to conduct espionage.

Encryption 248

Encryption Internet Internet Government 248

Security Affairs

OCTOBER 13, 2023

A cyberespionage campaign, tracked as Stayin’ Alive, targeted high-profile government and telecom entities in Asia. shell – Sends the computer name in a JSON format encrypted with simple XOR encryption and base64 encoded to the C2. report – CurKeep collects information about the infected machine.

Government 131

Government Encryption Malware Phishing 131

Schneier on Security

AUGUST 6, 2024

More importantly, the board seems to have conflict-of-interest issues arising from the fact that the investigators are corporate executives and heads of government agencies who have full-time jobs. The report condemns Microsoft for not rotating an internal encryption key for seven years, when its standard internally was four years.

Government 282

Government Cybersecurity Encryption Hacking 282

Adam Shostack

JANUARY 2, 2025

[no description provided] Today, a global coalition led by civil society and technology experts sent a letter asking the government of Australia to abandon plans to introduce legislation that would undermine strong encryption.

Internet 130

Internet Internet Government Manufacturing 130

Schneier on Security

JANUARY 13, 2022

Remember when the US and Australian police surreptitiously owned and operated the encrypted cell phone app ANOM? Allegations that the FBI outsourced warrantless surveillance of Americans to a foreign government raise troubling questions about the Justice Department’s oversight of these practices.”

Surveillance 328

Surveillance Encryption Government 328