Cynics say that the world runs on money, but money wouldn’t run as smoothly on the World Wide Web if it wasn’t for SSL/TLS. It’s the go-to encryption protocol for a lot of the Internet, and it’s supported by every major browser and many of the top websites around. But how secure is it? A pair of security researchers plan on demonstrating a serious TLS security flaw at the Ekoparty security conference later this week, and they plan on doing it with a bang: by decrypting a Paypal authentication cookie.
A Colorado woman accused of a mortgage scam is refusing to disclose her encryption passphrase for a laptop police found in her bedroom during a raid, and the way this plays out could set a precedent for future cases. The Department of Justice asked a federal judge to force the defendant, Ramona Fricosu, to decrypt the laptop, which brings up the question of whether or not such an order would be legal under the Fifth Amendment.
Privacy advocates and seedy characters on the edge of Internet legality alike use Bitcoins as their virtual currency of choice. The anonymous, decentralized P2P nature of Bitcoins lets you transfer money without ever having to contact a bank or even know the true identity of the person on the other end of the transaction. Recent events have dragged the shadowy currency into the light of public scrutiny, and now its squirming users have another headache to deal with: a trojan designed specifically to pilfer your Bitcoin wallet.
Sony has once again commented on the PSN outage and hacking incident. But this time we got a little more technical information than previous disclosures offered. Contrary to past reports, Sony claims that passwords were not stored in plain text, or in any easily accessible form. They were not encrypted, but were rather "transformed using a cryptographic hash function." Well, it's better than nothing.
Chalk up another milestone for Seagate, which this week announced it has shipped over 1 million self-encrypting laptop and enterprise hard drives. Seagate's hunch that there's a market for HDDs with built-in encryption so far seems to be spot on, and it hasn't hurt that these drives have managed to win U.S. government certifications. And thanks in part to computer makers like Dell, Fujitsu, Hitachi, IBM, and others stepping on board, Seagate said its enterprise SED shipments have tripled over the two quarters, while its laptop SED shipments have doubled in the past three years.
On the software front, SanDisk used CES to announce it's now offering encryption and online backup features across its entire retail USB portfolio. This includes the company's SecureAccess software, which creates a password-protected folder or "vault" on the USB drive, and up to 2GB of storage in the cloud offered by Dmailer.
"Business travelers lose more than 12,000 laptops each week in U.S. airports, and more than half of those laptops contain confidential or sensitive information," said Kent Perry, director, product marketing, SanDisk. "Data security has become an absolute necessity, and SanDisk USB drives with SecureAccess software offer an easy to use vault protected by AES encryption."
SanDisk is also expanding its USB flash drive offerings with the introduction of the Ultra and Cruzer Edge. The Ultra serves up transfer speeds up to 15MB/s and comes in 8GB ($45) and 32GB ($110) capacities, while the Cruzer Edge sports a compact slider design and is available in 2GB ($13), 4GB ($32), 8GB ($45), and 16GB ($80 capacities).
Hit the jump to read about SanDisk's CompactFlash announcement.
Samsung wants the world to know that its new enterprise solid state drives (SSDs) with built-in hardware encryption are the shiznit, or to use plain English, they boast government grade AES 256-bit encryption.
"Faster and more secure than its predecessor, our new corporate-focused SSD is the only one with self-encryption built on TCG's Opal standard that's available on the market today," said Jim Elliot, Vice President, Memory Marketing and Product Planning, Samsung.
By Samsung's estimation, a lost or stolen notebook ends up costing a company $200 per lost record. Samsung's SSDs include always-on hardware encryption with the data encryption and user authentication taking place in the drive controller rather than being stored in software. According to Samsung, its self-encrypting SSDs also perform 2.4 times higher than an SSD with software encryption and 3.7 times higher than an HDD with software encryption.
Reports earlier in the day seemed to make it pretty clear that BlackBerry maker RIM had reached an agreement with Indian authorities regarding access to their encrypted email system. The word was that India would get access to encrypted BlackBerry user data if a lawful request was filed. But now RIM is calling those claims false, according to All Things D.
RIM has been in talks with India for the last few months, but says it has no plans to make changes in its security practices at this time. It's been a sticky situation for RIM, which has always tried to adhere to the lawful access laws in all the countries it does business in. Additionally, providing the encryption keys is mostly impossible in the first place, meaning a special system would need to be placed in India for authorities to have access.
This doesn't mean there won't be an agreement. It could be that a government minister just jumped the gun, and RIM will end up capitulating soon enough. How do you think RIM should deal with these ongoing data requests?
How awesome would it be if your hard drive securely erased sensitive data whenever it's powered down, or when it was removed from your system? Not only would that be rad, but it's now a reality thanks to Toshiba's new Wipe technology for its line of Self-Encrypting Drive (SED) models.
There are a number of scenarios where something like this could prove useful, including obvious ones like your notebook becoming lost or stolen. But that isn't all Wipe is good for.
"Many organizations are now realizing the critical importance of maintaining the security of document image data stored within copier and printer systems," Toshiba explains. "Wipe is a technology that can automatically invalidate an HDD security key when its power supply is turned off, instantly making all data in the drive indecipherable. Toshiba's innovative new Wipe Technology adds advanced storage security features to enable system makers to transparently and automatically secure private data."
On the pedestrian side, Toshiba's Wipe technology can also come in handy when returning a leased system, disposing of a system and/or hard drive, or re-purposing a drive, Toshiba says.
A few years ago in Finland, a case of white collar crime was perpetrated. This in and of itself is not unusual, but the resulting legislation was. It turns out a bank employee used an open Wi-Fi access point to electronically transfer some money that wasn't his. So, clearly the best way to make sure people don't steal is to outlaw open Wi-Fi. That's just what Finland did. But now they're looking back with the benefit of hindsight and realizing they might have overreacted a little bit.
The Finnish Justice Ministry is planning to officially decriminalize unprotected Wi-Fi hotspots. Let's be clear though, this is not an invitation for people to leave the wireless networks unprotected. Individuals should probably protect their networks, unless they really feel like sharing with the neighborhood. This change will be great for businesses that had no choice but to lock down their Wi-Fi networks, causing inconvenience for customers.
It's nice to see a European nation being realistic about wireless networks. Germany recently instituted rules similar to the Finnish ones. We just don't quite see the argument. Do you think everyone should be legally required to lock down their Wi-Fi?