Encryption and Internet - Cyber Security Informer

Americans urged to use encrypted messaging after large, ongoing cyberattack

Malwarebytes

DECEMBER 5, 2024

According to NBC news , two officials — a senior FBI official who asked not to be named and Jeff Greene, executive assistant director for cybersecurity at CISA– both recommended using encrypted messaging apps to Americans who want to minimize the chances of China’s intercepting their communications.

Encryption

Encryption Identity Theft Media Telecommunications

MasterCard DNS Error Went Unnoticed for Years

Krebs on Security

JANUARY 22, 2025

The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an unused domain name. Caturegli said the domains all resolve to Internet addresses at Microsoft. ” from Moscow.

DNS

DNS Internet Internet Risk

What Damage Can Happen If Data Leaks When Quantum Computing Breaks Today’s Encryption

Joseph Steinberg

JANUARY 19, 2022

At some point in the not-so-distant future, quantum computers are going to pose a major threat to today’s encryption mechanisms and encrypted data. To begin with, all of today’s encrypted communications could potentially be at risk of being leaked and abused.

Encryption

Encryption Backups Banking Artificial Intelligence

The Internet is Held Together With Spit & Baling Wire

Krebs on Security

NOVEMBER 26, 2021

A visualization of the Internet made using network routing data. Imagine being able to disconnect or redirect Internet traffic destined for some of the world’s biggest companies — just by spoofing an email. Image: Barrett Lyon, opte.org. Based in Monroe, La., Lumen Technologies Inc.

Internet

Internet Internet Authentication Telecommunications

Hidden Anti-Cryptography Provisions in Internet Anti-Trust Bills

Schneier on Security

JUNE 21, 2022

Two bills attempting to reduce the power of Internet monopolies are currently being debated in Congress: S. Reducing the power to tech monopolies would do more to “fix” the Internet than any other single action, and I am generally in favor of them both. 2992, the American Innovation and Choice Online Act ; and S.

Internet

Internet Internet Encryption Backups

Don’t Let Encryption Become A Double-Edged Sword That Undermines Zero Trust CyberSecurity

Joseph Steinberg

APRIL 21, 2022

It is no secret that cybersecurity professionals universally recommend that people, businesses, and governments employ strong encryption as one of several methods of protecting sensitive information.

Encryption

Encryption Cybersecurity Artificial Intelligence Backups

MY TAKE: Securing the Internet of Everything: why self-healing devices are the next frontier

The Last Watchdog

FEBRUARY 10, 2025

Were just getting started down the road to the Internet of Everything (IoE.) Perimeter-focused defenses must be retired and the focus must shift to where the action is — at the furthest edges of the internet, where billions of IoT sensors and controls are proliferating — with scan oversight.

Internet

Internet Internet IoT Manufacturing

We Didn't Encrypt Your Password, We Hashed It. Here's What That Means:

Troy Hunt

SEPTEMBER 3, 2020

The organisation involved may have contacted you and advised your password was exposed but fortunately, they encrypted it. Isn't the whole point of encryption that it protects data when exposed to unintended parties? They can't be unencrypted because they weren't encrypted in the first place. But you should change it anyway.

Passwords

Passwords Encryption Data breaches Risk

Securing Internet Videoconferencing Apps: Zoom and Others

Schneier on Security

APRIL 30, 2020

It still has a bit to go on end-to-end encryption. Zoom does offer end-to-end encryption if 1) everyone is using a Zoom app, and not logging in to the meeting using a webpage, and 2) the meeting is not being recorded in the cloud. That's pretty good, but the real worry is where the encryption keys are generated and stored.

Internet

Internet Internet Encryption Accountability

The Insecurity of Video Doorbells

Schneier on Security

MARCH 5, 2024

Consumer Reports has analyzed a bunch of popular Internet-connected video doorbells. Their security is terrible.

Internet

Internet Internet Encryption Hacking

DEEP TECH NEWS: How ‘attribute-based encryption’ preserves privacy at a fined-grained level

The Last Watchdog

OCTOBER 18, 2023

Enter attribute-based encryption ( ABE ) an advanced type of cryptography that’s now ready for prime time. Customized decryption ABE builds upon digital certificates and the Public Key Infrastructure ( PKI ) that underpins secure communications across the Internet. Here are my takeaways. I’ll keep watch and keep reporting.

Encryption

Encryption Surveillance Internet Internet

Everything Encrypted Will Soon Become Decryptable: We Must Prepare Now For The Era Of Quantum Computers

Joseph Steinberg

DECEMBER 20, 2021

Nearly every piece of data that is presently protected through the use of encryption may become vulnerable to exposure unless we take action soon. While quantum computers already exist, no devices are believed to yet exist that are anywhere near powerful enough to crack modern encryption in short order.

Encryption

Encryption Artificial Intelligence Technology Risk

Around 3.3 million POP3 and IMAP mail servers lack TLS encryption

Security Affairs

JANUARY 3, 2025

Over 3 million POP3 and IMAP mail servers lack TLS encryption, exposing them to network sniffing attacks. million POP3 and IMAP mail servers lack TLS encryption, exposing them to network sniffing attacks. It is widely used to secure data transmitted over the internet, such as emails, web browsing, instant messaging, and file transfers.

Encryption

Encryption Passwords Internet Internet

Quantum Threats and How to Protect Your Data

SecureWorld News

DECEMBER 8, 2024

Recent progress has sparked discussions, but current capabilities are still far from threatening encryption standards like 2048-bit RSA. It is essential to understand the risks posed by quantum computing, as future advancements could compromise today's encrypted data, opening new opportunities for threat actors.

Encryption

Encryption Firewall Education Firmware

Internet Society Opposition to LAED Act

Adam Shostack

JANUARY 2, 2025

The Internet Society Open Letter Against Lawful Access to Encrypted Data Act was published this morning. The Internet Society Open Letter Against Lawful Access to Encrypted Data Act was published this morning. I'm honored to be one of the signers.

Internet

Internet Internet Encryption

New Attack on VPNs

Schneier on Security

MAY 7, 2024

This attack has been feasible for over two decades: Researchers have devised an attack against nearly all virtual private network applications that forces them to send and receive some or all traffic outside of the encrypted tunnel designed to protect it from snooping or tampering.

VPN

VPN Encryption Internet Internet

The Myth of Consumer-Grade Security

Schneier on Security

AUGUST 28, 2019

The Department of Justice wants access to encrypted consumer devices but promises not to infiltrate business products or affect critical infrastructure. Barr repeated a common fallacy about a difference between military-grade encryption and consumer encryption: "After all, we are not talking about protecting the nation's nuclear launch codes.

Computers and Electronics

Computers and Electronics Encryption Internet Internet

Upcoming Speaking Engagements

Schneier on Security

JUNE 14, 2021

This is a current list of where and when I am scheduled to speak: I’ll be part of a European Internet Forum virtual debate on June 17, 2021. The topic is “Decrypting the encryption debate: How to ensure public safety with a privacy-preserving and secure Internet?” Details to come.

Internet

Internet Internet Encryption Technology

Oblivious DNS-over-HTTPS

Schneier on Security

DECEMBER 8, 2020

Here’s how it works: ODoH wraps a layer of encryption around the DNS query and passes it through a proxy server, which acts as a go-between the internet user and the website they want to visit. This new protocol , called Oblivious DNS-over-HTTPS (ODoH), hides the websites you visit from your ISP.

DNS

DNS Encryption Internet Internet

MY TAKE: Can Matter 1.0 springboard us from truly smart homes to the Internet of Everything?

The Last Watchdog

NOVEMBER 14, 2022

The technology industry hopes that Matter arises as the lingua franca for the Internet of Things. Matter seeks to achieve this right out of the gate by leveraging and extending the public key infrastructure (PKI) — the tried-and-true authentication and encryption framework that underpins the legacy Internet.

Internet

Internet Internet IoT Manufacturing

The EARN-IT Act

Schneier on Security

MARCH 13, 2020

Prepare for another attack on encryption in the U.S. It's easy to predict how Attorney General William Barr would use that power: to break encryption. He's said over and over that he thinks the "best practice" is to force encrypted messaging systems to give law enforcement access to our private conversations.

Encryption

Encryption Internet Internet Government

DeepSeek App Transmits Sensitive User and Device Data Without Encryption

The Hacker News

FEBRUARY 7, 2025

A new audit of DeepSeek's mobile app for the Apple iOS operating system has found glaring security issues, the foremost being that it sends sensitive data over the internet sans any encryption, exposing it to interception and manipulation attacks.

Encryption

Encryption Mobile Internet Internet

Why Businesses Must Address Risks of Quantum Computing NOW Rather Than Wait Until Problems Arrive

Joseph Steinberg

JULY 20, 2022

There is little doubt that quantum computing will ultimately undermine the security of most of today’s encryption systems , and, thereby, render vulnerable to exposure nearly every piece of data that is presently protected through the use of encryption. Such an attitude is not alarmist – it is reality, whether we like it or not.

Risk

Risk Encryption Government Artificial Intelligence

New DeadBolt Ransomware Targets NAT Devices

Schneier on Security

JANUARY 26, 2022

There’s a new ransomware that targets NAT devices made by QNAP: The attacks started today, January 25th, with QNAP devices suddenly finding their files encrypted and file names appended with a.deadbolt file extension.

Ransomware

Ransomware Firewall Internet Encryption

Do you actually need a VPN? Your guide to staying safe online!

Webroot

NOVEMBER 21, 2024

The five core components of a VPN are: Encryption : The conversion of information into a coded format that can only be read by someone who has the decryption key. Kill switch: Blocks your device’s internet access if the VPN connection drops. A VPN encrypts your connection, making it much harder for anyone to intercept your data.

VPN

VPN Antivirus Internet Internet

Encryption & Privacy Policy and Technology

Adam Shostack

JANUARY 2, 2025

UK, and Australia: Weak Encryption Puts Billions of Internet Users at Risk. A few tidbits in recent news. The Open Technology Institute has an Open Letter to Law Enforcement in the U.S., press release , letter.) I am pleased to be one of the signers.

Technology

Technology Encryption Internet Internet

China’s Olympics App Is Horribly Insecure

Schneier on Security

JANUARY 21, 2022

Key Findings: MY2022, an app mandated for use by all attendees of the 2022 Olympic Games in Beijing, has a simple but devastating flaw where encryption protecting users’ voice audio and file transfers can be trivially sidestepped. Citizen Lab examined the app and found it riddled with security holes.

Surveillance

Surveillance Encryption Wireless Government

MY TAKE: The role of semiconductors in bringing the ‘Internet of Everything’ into full fruition

The Last Watchdog

DECEMBER 11, 2022

The Internet of Everything ( IoE ) is on the near horizon. For instance, very visibly over the past decade, Internet of Things ( IoT ) computing devices and sensors have become embedded everywhere. For instance, very visibly over the past decade, Internet of Things ( IoT ) computing devices and sensors have become embedded everywhere.

Internet

Internet Internet Energy and Utilities IoT

Keeping the Internet Secure

Adam Shostack

JANUARY 2, 2025

[no description provided] Today, a global coalition led by civil society and technology experts sent a letter asking the government of Australia to abandon plans to introduce legislation that would undermine strong encryption.

Internet

Internet Internet Government Manufacturing

xz Utils Backdoor

Schneier on Security

APRIL 2, 2024

Anyone in possession of a predetermined encryption key could stash any code of their choice in an SSH login certificate, upload it, and execute it on the backdoored device. In theory, the code could allow for just about anything, including stealing encryption keys or installing malware.

Social Engineering

Social Engineering Engineering Software Encryption

Firefox Enables DNS over HTTPS

Schneier on Security

FEBRUARY 25, 2020

DNS-over-HTTPS, or DoH, encrypts the request so that it can't be intercepted or hijacked in order to send a user to a malicious site. [.]. Last year, an internet industry group branded Mozilla an "internet villain" for pressing ahead the security feature. But the move is not without controversy.

DNS

DNS Internet Internet Encryption

Exposed HMIs: A Direct Pathway for Cyberattacks on Critical Infrastructure

SecureWorld News

DECEMBER 17, 2024

However, when improperly configured or left exposed to the internet, HMIs become prime targets for cyberattacks. According to Casey Ellis, Founder and Advisor at Bugcrowd, safety-critical control systems like HMIs "should never be on the Internet." Exposing HMI systems to the Internet can have serious consequences," Raju explains.

Internet

Internet Internet Risk Passwords

Internet Safety Month: Keep Your Online Experience Safe and Secure

Webroot

MAY 31, 2024

What is Internet Safety Month? Each June, the online safety community observes Internet Safety Month as a time to reflect on our digital habits and ensure we’re taking the best precautions to stay safe online. How to protect it Use a Virtual Private Network (VPN) when connecting to the internet.

Internet

Internet Internet Identity Theft Passwords

Security Vulnerability in Saflok’s RFID-Based Keycard Locks

Schneier on Security

MARCH 27, 2024

By exploiting weaknesses in both Dormakaba’s encryption and the underlying RFID system Dormakaba uses, known as MIFARE Classic, Carroll and Wouters have demonstrated just how easily they can open a Saflok keycard lock. The Saflok systems are installed on 3 million doors worldwide, inside 13,000 properties in 131 countries.

Internet

Internet Internet Encryption Hacking

Don’t Bother Using The “Device Filter” Security Feature Offered By Your Home Network Router

Joseph Steinberg

MARCH 15, 2021

During the discussion, a colleague in the field mentioned that ideally people should lock their Wi-Fi networks not only with proper encryption, but also with a MAC address filter that allows only specific authorized devices to connect to the network. MAC address filtering is a pain to manage.

Wireless

Wireless Artificial Intelligence Encryption Passwords

Padlocks, Phishing and Privacy; The Value Proposition of a VPN

Troy Hunt

SEPTEMBER 17, 2020

I want a "secure by default" internet with all the things encrypted all the time such that people can move freely between networks without ever needing to care about who manages them or what they're doing with them. Now let's try the mobile app: What's the encryption story there? " It means "this is private."

VPN

VPN Phishing DNS Encryption

Why CISA is Warning CISOs About a Breach at Sisense

Krebs on Security

APRIL 11, 2024

On April 10, Sisense Chief Information Security Officer Sangram Dash told customers the company had been made aware of reports that “certain Sisense company information may have been made available on what we have been advised is a restricted access server (not generally available on the internet.)”

CISO

CISO Encryption Telecommunications Financial Services

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

SecureWorld News

FEBRUARY 20, 2025

Ghost ransomware actors, identified as operating from China, have been targeting unpatched systems and stolen credentials to infiltrate networks, encrypt data, and demand ransom payments. Report ransomware incidents to the FBI Internet Crime Complaint Center (IC3) , CISA, or MS-ISAC. Develop and test ransomware response plans.

Ransomware

Ransomware IoT Encryption Social Engineering

Privnotes.com Is Phishing Bitcoin from Users of Private Messaging Service Privnote.com

Krebs on Security

JUNE 13, 2020

For the past year, a site called Privnotes.com has been impersonating Privnote.com , a legitimate, free service that offers private, encrypted messages which self-destruct automatically after they are read. And it doesn’t send and receive messages. Creating a message merely generates a link. ” But that’s not the half of it.

Phishing

Phishing Encryption Internet Internet

Don’t Wanna Pay Ransom Gangs? Test Your Backups.

Krebs on Security

JULY 19, 2021

“Suddenly the victim notices they have a couple of petabytes of data to restore over the Internet, and they realize that even with their fast connections it’s going to take three months to download all these backup files. We have backups, the data is there, but the application to actually do the restoration is encrypted.’

Backups

Backups Ransomware Encryption Insurance

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

Krebs on Security

MARCH 31, 2020

Ueland said after hearing about the escrow.com hack Monday evening he pulled the domain name system (DNS) records for escrow.com and saw they were pointing to an Internet address in Malaysia — 111.90.149[.]49 The attacker also obtained free encryption certificates for escrow.com from Let’s Encrypt.

Phishing

Phishing DNS Social Engineering Accountability

U.S. Department of Interior Grounding All Drones

Schneier on Security

JANUARY 31, 2020

The Navy has also warned adversaries may view video and metadata from drone systems even though the air vehicle is encrypted. Data moving across the Internet is obvious -- it's too easy for a country that tries this to get caught. I'm actually not that worried about this risk.

Encryption

Encryption Internet Internet Government

Android happy to check your nudes before you forward them

Malwarebytes

FEBRUARY 26, 2025

I use end-to-end-encrypted (E2EE) messaging for a reason. Im not oblivious to the many users that would be better off with such a service, but Im not so sure theyd appreciate it. However, what really concerned me is the fact that Google is looking at my incoming and outgoing pictures.

Artificial Intelligence

Artificial Intelligence Encryption Manufacturing Risk

Why Your VPN May Not Be As Secure As It Claims

Krebs on Security

MAY 6, 2024

Virtual private networking (VPN) companies market their services as a way to prevent anyone from snooping on your Internet usage. When a device initially tries to connect to a network, it broadcasts a message to the entire local network stating that it is requesting an Internet address. Image: Shutterstock.

VPN

VPN Wireless Internet Internet

Americans urged to use encrypted messaging after large, ongoing cyberattack

MasterCard DNS Error Went Unnoticed for Years

Trending Sources

What Damage Can Happen If Data Leaks When Quantum Computing Breaks Today’s Encryption

The Internet is Held Together With Spit & Baling Wire

Hidden Anti-Cryptography Provisions in Internet Anti-Trust Bills

Don’t Let Encryption Become A Double-Edged Sword That Undermines Zero Trust CyberSecurity

MY TAKE: Securing the Internet of Everything: why self-healing devices are the next frontier

We Didn't Encrypt Your Password, We Hashed It. Here's What That Means:

Securing Internet Videoconferencing Apps: Zoom and Others

The Insecurity of Video Doorbells

DEEP TECH NEWS: How ‘attribute-based encryption’ preserves privacy at a fined-grained level

Everything Encrypted Will Soon Become Decryptable: We Must Prepare Now For The Era Of Quantum Computers

Around 3.3 million POP3 and IMAP mail servers lack TLS encryption

Quantum Threats and How to Protect Your Data

Internet Society Opposition to LAED Act

New Attack on VPNs

The Myth of Consumer-Grade Security

Upcoming Speaking Engagements

Oblivious DNS-over-HTTPS

MY TAKE: Can Matter 1.0 springboard us from truly smart homes to the Internet of Everything?

The EARN-IT Act

DeepSeek App Transmits Sensitive User and Device Data Without Encryption

Why Businesses Must Address Risks of Quantum Computing NOW Rather Than Wait Until Problems Arrive

New DeadBolt Ransomware Targets NAT Devices

Do you actually need a VPN? Your guide to staying safe online!

Encryption & Privacy Policy and Technology

China’s Olympics App Is Horribly Insecure

MY TAKE: The role of semiconductors in bringing the ‘Internet of Everything’ into full fruition

Keeping the Internet Secure

xz Utils Backdoor

Firefox Enables DNS over HTTPS

Exposed HMIs: A Direct Pathway for Cyberattacks on Critical Infrastructure

Internet Safety Month: Keep Your Online Experience Safe and Secure

Security Vulnerability in Saflok’s RFID-Based Keycard Locks

Don’t Bother Using The “Device Filter” Security Feature Offered By Your Home Network Router

Padlocks, Phishing and Privacy; The Value Proposition of a VPN

Why CISA is Warning CISOs About a Breach at Sisense

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

Privnotes.com Is Phishing Bitcoin from Users of Private Messaging Service Privnote.com

Don’t Wanna Pay Ransom Gangs? Test Your Backups.

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

U.S. Department of Interior Grounding All Drones

Android happy to check your nudes before you forward them

Why Your VPN May Not Be As Secure As It Claims

Stay Connected