blog trackingRealtime Web Statistics Encrypted Archives | Gregory D. Evans | Worlds No. 1 Security Consultant | Gregory D. Evans | Worlds No. 1 Security Consultant

Posts Tagged ‘encrypted’

Cops are struggling to crack encrypted phones used for organised crime due to advances in technology

Source: National Cyber Security – Produced By Gregory Evans

Cops are struggling to crack encrypted phones used for organised crime due to advances in technology

LAW enforcement agencies are being thwarted in the war on terror and organised crime by a surge in highly-encrypted mobile phones. Codebreakers say they are involved in a constant battle with manufacturers updating their technology to stay one step ahead of hackers. Experts say police and counter-terrorism units are unable to extract vital information from the handsets, which have now become almost impossible to crack. Analysts working for police, the National Crime Agency (NCA), the Borders Agency and HM Revenue and Customs have also warned specialist mobile devices offering voice encryption are impossible to breach. Telecoms firms have introduced expensive handsets offering military-grade encryptions to the market. The Sunday Mail can reveal that one private investigator operating in the west of Scotland sold a consignment of these devices to an organised crime group earlier this year. We also found a seller in Birmingham flogging similar devices on classified ads website Gumtree. The unnamed man offered our reporter anti-tapping phones with six months’ encryption for £2200 and handsets with PGP (Pretty Good Privacy) encryption for £1100. He said: “I’ve got a load of phones. I’ve got a couple of prices. If you’re looking to make calls out, there’s a special unit […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post Cops are struggling to crack encrypted phones used for organised crime due to advances in technology appeared first on National Cyber Security.

View full post on National Cyber Security

eBay hacked, Encrypted passwords and non-financial data stolen

If you have an account in eBay, it is time to change your password! E-commerce company eBay Inc urges users to change their passwords following a security breach impacting a database containing encrypted passwords and non-financial data. Read More….

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post eBay hacked, Encrypted passwords and non-financial data stolen appeared first on National Cyber Security.

View full post on National Cyber Security

ProtonMail – The New Encrypted Email Service

Recently, a new push to encrypt mail that can keep your messages free from the snoop of the government is getting popular. An email service with promising end to end encryption has been launched on Friday.  The major services like Yahoo mail and Google Gmail have stepped forward to take security measures. Read More….

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post ProtonMail — The New Encrypted Email Service appeared first on National Cyber Security.

View full post on National Cyber Security

Mail1Click offers free encrypted e-mail for people and businesses

Top Priority Sector:  it_security Mail1Click, from Dubai-based Kryptotel, is offering a free, cross-platform e-mail solution for individuals and businesses that the company says is near hack-proof. Read More….

View full post on The Cyber Wars

Hidden, Encrypted, Password protected folder.

In this tutorial, I show you how to make a hidden, password protected, and encrypted folder. Tust using terminal and disk utility. This is really cool, most people cant see it, unless they really know what they are doing. And even if they do find it, they cant open it.

View full post on National Cyber Security

Firefox intends to make all Google searches encrypted in the future

Mozilla is currently testing default encrypted Google searches for all Firefox users, with the intent to make all Google searches encrypted in the near future, the browser maker said on Wednesday.

“We are currently testing the change to use SSL for built-in Google searches in our Firefox nightly channel,” said Johnathan Nightingale, senior director of Firefox engineering, in an email. “If no issues are uncovered, it will move through our Aurora and Beta release channels before eventually shipping to all our Firefox users. This will include migrating the changes to our non-English version of Firefox, as well.”

Google is the default search engine used by Firefox. There is no official word from Mozilla, however, on exactly when it will switch Firefox end users to default encrypted Google searches. Once the feature ends up on the Aurora and Beta release channels it will be generally available soon after, Mozilla said. The browser maker noted that development for each release channel could take up to six weeks.

Firefox is used by about 21 percent to 25 percent of Internet users globally, according to NetApplications and StatCounter. Firefox developers have been discussing standard encrypted Google searches within their browser since February 2011. At the time the search engine was not ready to welcome all Firefox users to encrypted Google search, said Adam Langley, security engineer at Google.

Compared to unencrypted searches, Google’s encrypted search was not fast and complete enough, he noted in comments on the Bugzilla page discussing the proposed changes. However, he added: “We would welcome Firefox giving their users the option to use encrypted search.”

Now, Firefox appears it will be the first browser to offer default encryption for Google searches. Google’s Chrome browser does not encrypt searches by default.

As of 8 March, Google started rolling out default-encrypted searches for signed-in users only. Standard encrypted Google searches were added to the Firefox Nightly Build last Sunday, apparently with Google’s approval.

 

“We are always continuously looking to improve our services and are continuously working to make SSL available for our services,” said Google spokesman Mark Jansen in an email.

In December, Mozilla said it renewed its search deal with Google, which provides “significant revenue” to the browser maker. The deal was extended for another three years. According to an AllThingsD report the deal is worth $300 million a year.

The Google contract generated 84 percent of Mozilla’s revenue of $123 million in 2010, the last year full year for which detailed financial information is available for the browser maker, a tax-exempt organisation.


Article source: http://rss.feedsportal.com/c/270/f/3551/s/1daf156c/l/0Lnews0Btechworld0N0Csecurity0C33463230Cfirefox0Eintends0Emake0Eall0Egoogle0Esearches0Eencrypted0Ein0Efuture0C0Dolo0Frss/story01.htm

View full post on National Cyber Security » Computer Hacking

Encrypted? Check. Strong passphrase? Check. Mailing them together? Oops.

Encryption only helps secure your data when the keys are a secret, a lesson learned the hard way by Ernst and Young and Regions Financial.Encrypted? Check. Strong passphrase? Check. Mailing them together? Oops., Blog, them, together, Check, strong, encrypted, passphrase, Oops, Mailing

View full post on Naked Security — Sophos

View full post on National Cyber Security

Opening a ZixCorp Encrypted Email


A brief demonstration showing you how easy it it to open and reply to an encrypted email from ZixCorp.

View full post on National Cyber Security

Google hardens HTTPS encrypted traffic against future attacks

Google has modified the encryption method used by its HTTPS-enabled services including Gmail, Docs and Google+, in order to prevent current traffic from being decrypted in the future when technological advances make this possible.

The majority of today’s HTTPS implementations use a private key known only by the domain owner to generate session keys that are subsequently used to encrypt traffic between the servers and their clients.

This approach exposes the connections to so-called retrospective decryption attacks. “In ten years time, when computers are much faster, an adversary could break the server private key and retrospectively decrypt today’s email traffic,” explained Adam Langley, a member of Google’s security team.

In order to mitigate this relatively low, but real security risk, Google has implemented an encryption property known as forward secrecy, which involves using different private keys to encrypt sessions and deleting them after a period of time.

In this way, an attacker who manages to break or steal a single key won’t be able to recover a significant quantity of email traffic that spans months of activity, Langley said. In fact, he pointed out that not even the server admin will be able to decrypt HTTPS traffic retroactively.

Because SSL wasn’t designed to support key exchange mechanisms capable of forward secrecy by default, the Google engineers had to design an extension for the popular OpenSSL toolkit. This was integrated into OpenSSL 1.0.1, which has yet to be released as a stable version.

The new Google HTTPS implementation uses ECDHE_RSA for key exchange and the RC4_128 cipher for encryption. Unfortunately, this combination is only supported in Firefox and Chrome at the moment, which means that HTTPS connections on Internet Explorer will not benefit from the added security.

This isn’t necessarily a problem with Internet Explorer, which does support a combination of EDH (Ephemeral Diffie-Hellman) key exchange and RC4. EDH also provides forward secrecy, but Google chose ECDHE (Elliptic curve Diffie-Hellman) instead for performance reasons.

The company plans to add support for IE in the future and hopes that its example will encourage other service providers that use HTTPS to implement forward secrecy, so that one day it can become the norm for online traffic encryption.

Article source: http://rss.feedsportal.com/c/270/f/3551/s/1a5bbe08/l/0Lnews0Btechworld0N0Csecurity0C3320A6820Cgoogle0Ehardens0Ehttps0Eencrypted0Etraffic0Eagainst0Efuture0Eattacks0C0Dolo0Frss/story01.htm

View full post on National Cyber Security » Computer Hacking

Encrypted malware stumps antivirus suites

Malware writers are taking their cat-and-mouse game with antivirus software makers up another level, using block ciphers that can even get the malware white-listed.

Kaspersky Labs said evidence of the block ciphers are starting to appear in banking Trojan programs in Brazil, making it hard for antivirus products to detect, let alone neutralize them.

“When used to encrypt the contents of malware executables, block ciphers can cause malware detection and analysis systems not to work properly. Block-cipher encrypted malicious links, for example, can be downloaded and analyzed, but not detected as malicious. If that happens enough, the malicious links can even become whitelisted — exempt from further checks altogether,” it said in a blog post.

It said a Kaspersky Lab expert came across the group of files, which he identified as Trojan-Banker.Win32.Delf.vh, while analyzing some potentially malicious links from Brazil.

The files contained encrypted malware that turned out to be a block cipher.

On the other hand, Kaspersky said administrators of the sites on which the malicious files are hosted will not be able to identify them. As such, the malware can remain untouched.

It added the creators of the Delf banking Trojan update mirror sites with new versions of the malware every couple of days, altering the encryption algorithm to complicate detection even more.

A separate article on PC World said this may thwart most antivirus software that rely on searching for patterns of data that are alike or similar to its virus definitions.

“Even more unfortunate, the wildcard characters could be hidden in another type of seemingly useful file (e.g. .jpeg files) that actually displays an image, and therefore, might not trigger the virus scanner at all. Could it get even worse? Yes, but to my knowledge, most, if not all, virus scanners also are incapable of determining what will happen when the decryption script is run–that is, they don’t actually execute the code to find out what will happen,” it said. — TJD, GMA News

Article source: http://ph.news.yahoo.com/encrypted-malware-stumps-antivirus-suites-082406319.html

View full post on National Cyber Security » Virus/Malware/Worms

Page 1 of 212»

My Twitter

  • RT @GregoryDEvans: Israeli Ministry Wants a Cyper Security Lab https://t.co/lcOHUX7GUc https://t.co/WEYpmg1OTa
    about 1 hour ago
  • RT @GregoryDEvans: Flaw with password manager LastPass could hand over control to hackers https://t.co/tsnxcBEyLL https://t.co/QL8bTYTJln
    about 3 hours ago
  • RT @GregoryDEvans: Democrats haven’t told famous donors their info was hacked https://t.co/47onxc8O9E #security #hacker #HTCS
    about 3 hours ago
  • RT @GregoryDEvans: Democrats haven’t told famous donors their info was hacked https://t.co/47onxc8O9E https://t.co/zRhN32rqdD
    about 3 hours ago
  • RT @GregoryDEvans: Democrats haven’t told famous donors their info was hacked https://t.co/47onxc8O9E https://t.co/zRhN32rqdD
    about 3 hours ago

AmIHackerProof.com By Gregory D. Evans

Hacker For Hire By Gregory Evans

Gregory D. Evans On Facebook

Parent Securty By Gregory D. Evans

National Cyber Security By Gregory D. Evans

Dating Scams By Gregory Evans