blog trackingRealtime Web Statistics encrypted Archives - Gregory D. Evans | Worlds No. 1 Security Consultant

Posts Tagged ‘encrypted’

eBay hacked, Encrypted passwords and non-financial data stolen

If you have an account in eBay, it is time to change your password! E-commerce company eBay Inc urges users to change their passwords following a security breach impacting a database containing encrypted passwords and non-financial data. Read More….

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post eBay hacked, Encrypted passwords and non-financial data stolen appeared first on National Cyber Security.

View full post on National Cyber Security

ProtonMail – The New Encrypted Email Service

Recently, a new push to encrypt mail that can keep your messages free from the snoop of the government is getting popular. An email service with promising end to end encryption has been launched on Friday.  The major services like Yahoo mail and Google Gmail have stepped forward to take security measures. Read More….

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post ProtonMail – The New Encrypted Email Service appeared first on National Cyber Security.

View full post on National Cyber Security

Mail1Click offers free encrypted e-mail for people and businesses

Top Priority Sector:  it_security Mail1Click, from Dubai-based Kryptotel, is offering a free, cross-platform e-mail solution for individuals and businesses that the company says is near hack-proof. Read More….

View full post on The Cyber Wars

Hidden, Encrypted, Password protected folder.

In this tutorial, I show you how to make a hidden, password protected, and encrypted folder. Tust using terminal and disk utility. This is really cool, most people cant see it, unless they really know what they are doing. And even if they do find it, they cant open it.

View full post on National Cyber Security

Firefox intends to make all Google searches encrypted in the future

Mozilla is currently testing default encrypted Google searches for all Firefox users, with the intent to make all Google searches encrypted in the near future, the browser maker said on Wednesday.

“We are currently testing the change to use SSL for built-in Google searches in our Firefox nightly channel,” said Johnathan Nightingale, senior director of Firefox engineering, in an email. “If no issues are uncovered, it will move through our Aurora and Beta release channels before eventually shipping to all our Firefox users. This will include migrating the changes to our non-English version of Firefox, as well.”

Google is the default search engine used by Firefox. There is no official word from Mozilla, however, on exactly when it will switch Firefox end users to default encrypted Google searches. Once the feature ends up on the Aurora and Beta release channels it will be generally available soon after, Mozilla said. The browser maker noted that development for each release channel could take up to six weeks.

Firefox is used by about 21 percent to 25 percent of Internet users globally, according to NetApplications and StatCounter. Firefox developers have been discussing standard encrypted Google searches within their browser since February 2011. At the time the search engine was not ready to welcome all Firefox users to encrypted Google search, said Adam Langley, security engineer at Google.

Compared to unencrypted searches, Google’s encrypted search was not fast and complete enough, he noted in comments on the Bugzilla page discussing the proposed changes. However, he added: “We would welcome Firefox giving their users the option to use encrypted search.”

Now, Firefox appears it will be the first browser to offer default encryption for Google searches. Google’s Chrome browser does not encrypt searches by default.

As of 8 March, Google started rolling out default-encrypted searches for signed-in users only. Standard encrypted Google searches were added to the Firefox Nightly Build last Sunday, apparently with Google’s approval.

 

“We are always continuously looking to improve our services and are continuously working to make SSL available for our services,” said Google spokesman Mark Jansen in an email.

In December, Mozilla said it renewed its search deal with Google, which provides “significant revenue” to the browser maker. The deal was extended for another three years. According to an AllThingsD report the deal is worth $300 million a year.

The Google contract generated 84 percent of Mozilla’s revenue of $123 million in 2010, the last year full year for which detailed financial information is available for the browser maker, a tax-exempt organisation.


Article source: http://rss.feedsportal.com/c/270/f/3551/s/1daf156c/l/0Lnews0Btechworld0N0Csecurity0C33463230Cfirefox0Eintends0Emake0Eall0Egoogle0Esearches0Eencrypted0Ein0Efuture0C0Dolo0Frss/story01.htm

View full post on National Cyber Security » Computer Hacking

Encrypted? Check. Strong passphrase? Check. Mailing them together? Oops.

Encryption only helps secure your data when the keys are a secret, a lesson learned the hard way by Ernst and Young and Regions Financial.Encrypted? Check. Strong passphrase? Check. Mailing them together? Oops., Blog, them, together, Check, strong, encrypted, passphrase, Oops, Mailing

View full post on Naked Security – Sophos

View full post on National Cyber Security

Opening a ZixCorp Encrypted Email


A brief demonstration showing you how easy it it to open and reply to an encrypted email from ZixCorp.

View full post on National Cyber Security

Google hardens HTTPS encrypted traffic against future attacks

Google has modified the encryption method used by its HTTPS-enabled services including Gmail, Docs and Google+, in order to prevent current traffic from being decrypted in the future when technological advances make this possible.

The majority of today’s HTTPS implementations use a private key known only by the domain owner to generate session keys that are subsequently used to encrypt traffic between the servers and their clients.

This approach exposes the connections to so-called retrospective decryption attacks. “In ten years time, when computers are much faster, an adversary could break the server private key and retrospectively decrypt today’s email traffic,” explained Adam Langley, a member of Google’s security team.

In order to mitigate this relatively low, but real security risk, Google has implemented an encryption property known as forward secrecy, which involves using different private keys to encrypt sessions and deleting them after a period of time.

In this way, an attacker who manages to break or steal a single key won’t be able to recover a significant quantity of email traffic that spans months of activity, Langley said. In fact, he pointed out that not even the server admin will be able to decrypt HTTPS traffic retroactively.

Because SSL wasn’t designed to support key exchange mechanisms capable of forward secrecy by default, the Google engineers had to design an extension for the popular OpenSSL toolkit. This was integrated into OpenSSL 1.0.1, which has yet to be released as a stable version.

The new Google HTTPS implementation uses ECDHE_RSA for key exchange and the RC4_128 cipher for encryption. Unfortunately, this combination is only supported in Firefox and Chrome at the moment, which means that HTTPS connections on Internet Explorer will not benefit from the added security.

This isn’t necessarily a problem with Internet Explorer, which does support a combination of EDH (Ephemeral Diffie-Hellman) key exchange and RC4. EDH also provides forward secrecy, but Google chose ECDHE (Elliptic curve Diffie-Hellman) instead for performance reasons.

The company plans to add support for IE in the future and hopes that its example will encourage other service providers that use HTTPS to implement forward secrecy, so that one day it can become the norm for online traffic encryption.

Article source: http://rss.feedsportal.com/c/270/f/3551/s/1a5bbe08/l/0Lnews0Btechworld0N0Csecurity0C3320A6820Cgoogle0Ehardens0Ehttps0Eencrypted0Etraffic0Eagainst0Efuture0Eattacks0C0Dolo0Frss/story01.htm

View full post on National Cyber Security » Computer Hacking

Encrypted malware stumps antivirus suites

Malware writers are taking their cat-and-mouse game with antivirus software makers up another level, using block ciphers that can even get the malware white-listed.

Kaspersky Labs said evidence of the block ciphers are starting to appear in banking Trojan programs in Brazil, making it hard for antivirus products to detect, let alone neutralize them.

“When used to encrypt the contents of malware executables, block ciphers can cause malware detection and analysis systems not to work properly. Block-cipher encrypted malicious links, for example, can be downloaded and analyzed, but not detected as malicious. If that happens enough, the malicious links can even become whitelisted – exempt from further checks altogether,” it said in a blog post.

It said a Kaspersky Lab expert came across the group of files, which he identified as Trojan-Banker.Win32.Delf.vh, while analyzing some potentially malicious links from Brazil.

The files contained encrypted malware that turned out to be a block cipher.

On the other hand, Kaspersky said administrators of the sites on which the malicious files are hosted will not be able to identify them. As such, the malware can remain untouched.

It added the creators of the Delf banking Trojan update mirror sites with new versions of the malware every couple of days, altering the encryption algorithm to complicate detection even more.

A separate article on PC World said this may thwart most antivirus software that rely on searching for patterns of data that are alike or similar to its virus definitions.

“Even more unfortunate, the wildcard characters could be hidden in another type of seemingly useful file (e.g. .jpeg files) that actually displays an image, and therefore, might not trigger the virus scanner at all. Could it get even worse? Yes, but to my knowledge, most, if not all, virus scanners also are incapable of determining what will happen when the decryption script is run–that is, they don’t actually execute the code to find out what will happen,” it said. — TJD, GMA News

Article source: http://ph.news.yahoo.com/encrypted-malware-stumps-antivirus-suites-082406319.html

View full post on National Cyber Security » Virus/Malware/Worms

Android virus receiving orders from encrypted blog

Researchers from Trend Micro have spotted a piece of malicious software for Android that receives instructions from an encrypted blog, a new method of communication for mobile malware, according to the company.

The malware, which can steal information from an Android phone and send it to a remote server, purports to be an ebook application. It has been found on a third party Chinese language application store.

Trend Micro calls the malware “ANDROIDOS_ANSERVER.A.” If the application is installed, it asks for a variety of permissions. If those are granted, it can then make calls, read log files, write and receive SMSes and access the Internet and network settings, among other functions.

The malware uses the blog to figure out which command and control servers it should check in to. The server then feeds the malware an XML file, which contains a URL where the malware can update itself. It can also connect with the blog to check for new updates. Trend Micro found that 18 variants of the malware have been posted to the blog between July 23 to September 26.

“This is a blog site with encrypted content, which based on our research, is the first time Android malware implemented this kind of technique to communicate,” wrote Karl Dominguez, a Trend Micro threat response engineer.

Malware writers have been known to abuse blogging platforms before. Dominguez noted that a botnet discovered earlier this year obtained instructions posted to Twitter.

Some of the newer versions of the malware on the blog “had the capability to display notifications that attempt to trick users into approving the download of an update,” Dominguez wrote.

Security experts generally recommend that users should be cautious when downloading Android applications from third party application stores due to the number of rogue applications that have been found. Users should also keep an eye on what permissions an application asks for and only allow the fewest permissions lest the application has nefarious functions.

Article source: http://rss.feedsportal.com/c/270/f/3551/s/191585a4/l/0Lnews0Btechworld0N0Csecurity0C330A90A430Candroid0Evirus0Ereceiving0Eorders0Efrom0Eencrypted0Eblog0C0Dolo0Frss/story01.htm

View full post on National Cyber Security » Computer Hacking

Get The New Book By Gregory Evans

Everyone Is Talking About!

Are You Hacker Proof?
$15.95

Find Out More, Click Here!