PI Newswire

Search Results: encryption

Free Software Blocks Keyloggers by Encrypting Keystrokes

Posted on January 18, 2012 by admin | No Comments

Everything you type on your PC, whether it’s a Web address, your credit card information, user names and passwords – everything – is fair game for key loggers, the hacker-jerks who want to steal your identity and make your life miserable.

Rather than wasting your time reading the rest of this column, hie thee to www.keyscrambler.com and download the free version of KeyScrambler for Windows PCs. If you’re impressed, fork over either $30 or $45 for more powerful versions.

KeyScrambler is simple to use. Once it’s installed, you don’t have to worry about it. As you type in a Web address, user name, password or any other sensitive bit of information, KeyScrambler encrypts it – you can actually watch it generate nonsense character in a little window at the top of your Web browser. I installed it on both Internet Explorer and Firefox, and in both cases, it worked just fine.

Those nonsense characters are all a hacker can see, and that won’t do him a bit of good. Your password, for example, comes out as c&b% (or some such combination).

Unlike some commercial programs that protect against the key logging programs they know about, KeyScrambler protects against any key-logging program because it encrypts everything that’s typed into a browser window or other sensitive fill-in-the-blanks

Tips for Using Encryption Wisely

Posted on January 11, 2012 by admin | No Comments

To help prevent breaches, mobile devices should be encrypted even if storage of sensitive information on them is prohibited, says security expert Melodi Mosley Gates.

“Even with the best of intentions, and the most technically enforced policy, a ban for putting sensitive information on mobile devices is probably not going to be 100 percent effective,” the attorney contends. That’s because all mobile devices enable users to enter data and to receive e-mails that may, in some cases, contain sensitive information.

As a result, her advice is to “have a policy in place that minimizes the amount of sensitive information that can land on mobile devices and still encrypt mobile devices.” Although this approach “may feel like a belt and suspenders,” it’s the best way to minimize the risk of data breaches involving tablets, smart phones, laptops and other mobile devices, which can easily be lost or stolen, Gates says.

In an in-depth interview, Gates offers other practical insights on encryption, including:

•Consider conducting a small-scale encryption pilot that involves representatives of various departments. This can help overcome outdated perceptions about the practicality of encryption.
•Identify sensitive information that needs to be encrypted by using a two-pronged approach: Survey staff members to map their business processes and identify how they use data, and implement a data loss prevention application to scan all computers and pinpoint where sensitive data resides. Taking this approach, she says, also will help “build awareness for why it’s important to keep track of this sensitive data and where it lives.”

Mafia hit suspect cuffed after BlackBerry chatter intercept

Posted on January 7, 2012 by admin | No Comments

Canadian police have apparently used BlackBerry communications to arrest murder suspect Raynald Desjardins in a move seen as an unprecedented use of intercepted data.

However, it is unclear whether or not the data was really intercepted or whether it was provided to cops via wiretap warrants.

The cuffed bloke has been charged with the murder of Salvatore Montagna, who was killed in November last year and was heavily involved in the New York criminal fraternity according to the Global Montreal. The raid involved searching 14 locations and the arrest of three other suspects, but it’s the interception of BlackBerry data that has attracted most attention.

RIM is making the usual noises about respecting users’ privacy and working with law enforcement, but anyone familiar with how RIM’s network operates shouldn’t be surprised by the abilities of prying detectives.

The Canadian police seized at least one BlackBerry during the raid, and once one has possession of the handset then extracting the onboard data is relatively easy, especially if the plod remember not to turn it off, and secure it in a radio-proof bag, as they’re supposed to.

DoT looks to US to intercept encrypted messages

Posted on January 3, 2012 by admin | No Comments

With Indian security agencies being unable to intercept encrypted communications from BlackBerry, Google’s Gmail, Nokia Pushmail and internet telephony provider Skype, among others, the telecom department has sought the expertise of US agencies – on both technical and regulatory fronts – on intercepting such messages in a readable format.

The telecom department (DoT) had conveyed this request to Interpol Secretary-General Ronald K Noble, who was in India last month, officials aware of the discussions said.

The development comes as the Indian security agencies have been searching for options to intercept encrypted communications after several setbacks on this front. Last year, as first reported by ET, a government panel set up to examine security threats regarding 15 forms of communications, including Google’s Gmail, Research in Motion’s BlackBerry services, Nokia’s email offerings and Microsoft Skype, among others, that cannot be tracked by law enforcement agencies here, had ruled that no service be banned purely on the grounds that it cannot be monitored.

Besides, as a long-term solution, the committee has recommended that the upcoming Central Monitoring System be made capable of intercepting any form of communication service offered within the country. But the Home Ministry and Intelligence Bureau whose members were part of the panel, did not sign these recommendations and had given their dissent note.

The panel has also said that a short-term solution involved India forcing operators who offer such services to either locate servers in the country or share encryption keys with security agencies and assist security agencies here in monitoring these services.

Why you might be vulnerable to hackers (but don’t know it)

Posted on December 19, 2011 by admin | No Comments

From Facebook to bank accounts, logging in has become somewhat a way of life for internet users. Consequently, so is the threat of identity theft.

Using a strong password is usually enough to beat back attempted break-ins, but hackers have become more and more sophisticated in their approach. Last week, my colleague Christie Nicholson outlined seven methods one hacker used to gain access to emails and other private accounts, some of which included exhaustive efforts such as mining clues from a person’s blog, online legal records and information gleaned from search engines. And as if that wasn’t creepy enough, Simson Garfunkel over at Technology Review recently discussed a few more tricks that involve the vulnerabilities inherent in the technologies we use to sign on.

Here’s a summary:

•Malware that lurks inside your computer. Antivirus programs can detect and remove password-stealing viruses but some bugs can remain undetected for weeks or months after initially infecting the host.

•The giant loophole that is Windows XP. It wasn’t until Microsoft released Windows 7 that the popular operating system was fortified with advanced security features. Not upgrading means you’re that much more at risk.

•Public computers. There’s no way of telling whether an internet cafe are free of viruses or keylogging programs. And many run on Windows XP.

Google Encrypts Search to Thwart Wi-Fi Hackers

Posted on October 18, 2011 by admin | No Comments

Google radically expanded Tuesday its use of bank-level security that prevents Wi-Fi hackers and rogue ISPs from spying on your searches.

Starting Tuesday, logged-in Google users searching from Google’s homepage will be using https://google.com, not http://google.com — even if they simply type google.com into their browsers. The change to encrypted search will happen over several weeks, the company said in a blog post Tuesday

The change means that the communication between a user’s browser and Google’s servers will be wrapped in encryption by default for those logged into their Google account. That means that hackers, school administrators and nosy corporate network admins won’t be able to see what search terms you are sending to the search giant.

Google introduced an HTTPS search option in May 2010, but users had to decide to go to that page (https://google.com). Google made it harder to find after schools objected to the change, saying it prevented them from censoring and monitoring their charges.

This go-round Google is providing a way for schools and network administrators to prevent the redirect to HTTPS, but Google will also make it clear to searchers on those networks that they are not sending data to Google via encryption.

D.C. Media Protest Encryption of Police Radio Communications

Posted on October 14, 2011 by admin | No Comments

Members of the local Washington, D.C., news media say they are pushing back against the city police department’s new policy to encrypt radio communications, which prevents them from learning about breaking news as it unfolds.

On Wednesday, city officials met with members of the media, including news directors from local television and radio stations, the Associated Press and The Washington Post to discuss the encryption policy, which took effect Sept. 15.

Under the new policy, the media will not be able to monitor police and dispatch chatter on radios, said police communications director Gwendolyn Crump. The media organizations were instead encouraged to sign up for a program wherein they are paged when “serious crimes” occur, she added.

Metropolitan Police Chief Cathy Lanier attributed the new policy to technology advancements. According to WAMU-FM, she has said the development of mobile phone applications allow criminals to easily listen to police communication, thus putting officers at risk.

Lanier, Fire Chief Kenneth Ellerbe and members of Mayor Vincent Gray’s staff were among those on hand Wednesday to hear the concerns.

Hackers Crack Internet Encryption: Should You Be Worried?

Posted on October 7, 2011 by admin | No Comments

Data encryption is the cornerstone of Internet security. Every time you log into your email account or sign into an online retailer like Amazon, chances are that your browser is establishing a secure connection to the server using an encryption technology called TLS (Transport Layer Security).

First developed in 1999 as an improvement over SSL (Secure Socket Layer) 3.0 encryption, TLS 1.0 is used as part of HTTPS encryption and is now the Web standard for data encryption. Almost all websites and browsers use TLS to secure information being transferred between you and the site, and now security researchers Thai Duong and Juliano Rizzo claim to have cracked TSL 1.0 encryption using just a traffic sniffer and a simple bit of JavaScript code.

Duong and Rizzo performed a live demonstration of the exploit, codenamed BEAST (Browser Exploit Against SSL/TLS), at the Ekoparty security conference in Buenos Aires during mid-September. While the details of the attack are highly technical, we now know it starts with a snippet of JavaScript code that infects your browser when you follow a suspicious link or visit a malicious website.

When BEAST infects your browser, it monitors the data you exchange with encrypted websites. It inserts blocks of plain-text into the data stream and attempts to decrypt those known blocks of plain-text by making educated guesses about the encryption key.

After enough time passes (roughly five to ten minutes, according to reports that Rizzo sent to The Register), BEAST inevitably guesses correctly and cracks the code on a byte’s worth of encrypted data, then uses that data to reverse-engineer the encryption key and decrypt the confidential data in the session cookie stored on your computer.

Hackers steal SSL certificates for CIA, MI6, Mossad

Posted on September 6, 2011 by admin | No Comments

The tally of digital certificates stolen from a Dutch company in July has exploded to more than 500, including ones for intelligence services like the CIA, the UK’s MI6 and Israel’s Mossad, a Mozilla developer said on Sunday.

The confirmed count of fraudulently-issued SSL (secure socket layer) certificates now stands at 531, said Gervase Markham, a Mozilla developer who is part of the team that has been working to modify Firefox to blocks all sites signed with the purloined certificates.

Among the affected domains, said Markham, are those for the CIA, MI6, Mossad, Microsoft, Yahoo, Skype, Facebook, Twitter and Microsoft’s Windows Update service.

“Now that someone (presumably from Iran) has obtained a legit HTTPS cert for CIA.gov, I wonder if the US gov will pay attention to this mess,” Christopher Soghoian, a Washington DC-based researcher noted for his work on online privacy, said in a tweet Saturday. Soghoian was referring to assumptions by many experts that Iranian hackers, perhaps supported by that country’s government, were behind the attack. Google has pointed fingers at Iran, saying that attacks using an ill-gotten certificate for google.com had targeted Iranian users . All the certificates were issued by DigiNotar, a Dutch issuing firm that last week admitted its network had been hacked in July . The company claimed that it had revoked all the fraudulent certificates, but then realized it had overlooked one that could be used to impersonate any Google service, including Gmail.

Facial Biometrics Pose Privacy Woes

Posted on August 30, 2011 by admin | No Comments

Facial recognition technology could prove to be an effective way to authenticate individuals seeking entry to secured buildings or databases storing sensitive information. But the biometric technology already is being abused, and IT security managers employing facial recognition should be careful to encrypt the biometric data, cautions a privacy rights leader.

“If they back up those applications with good, solid privacy policies and practices, they’ll be in good shape,” Beth Givens, founder and director of the Privacy Rights Clearinghouse, says in an interview with Information Security Media Group (select one of Podcast Options at right to listen).
Givens says the danger of privacy loss is a major problem with facial recognition technology. She cites a Carnegie Mellon University study in which using only a photo of a person’s face and information publicly available online, researcher identified the person’s birth date, personal interests and Social Security number.

“To me, that’s astounding,” Givens says. “There are many places where you can get a person’s birth date; in fact, that’s public information. But being able to link it to a Social Security number as well as personal interest is another matter entirely, that takes it to an all new level.”

Russian government considers banning iPad, adopting RIM, reports say

Posted on July 31, 2011 by admin | No Comments

Research In Motion Ltd. may have found a new ally in its quest to establish the BlackBerry PlayBook as the default tablet within the corridors of power around the world: the Russian government.

Reports from several Russian newspapers — including the daily business publication RBK Daily — indicate the Russian government is considering a ban on Apple Inc.’s iPad inside government agencies due to security concerns, instead opting for more “cryptographically secure tablet PCs.”

The reports suggest the government is still deciding whether it will use devices from RIM, tablets running Google Inc.’s Android software or a new device created by a Russian agency using “a variety of security systems.” The implementation of a more secure system will help “speed up workflow among agencies” according to the report.

If true, the backing of the Russian government could prove to be another victory for RIM as it seeks to use its reputation of prioritizing security technology to position the BlackBerry PlayBook as the tablet of choice for businesses and governments, the way it originally marketed its BlackBerry smartphones.

Indeed, it was RIM’s security technology which helped the company’s BlackBerry devices to become the gold standard of mobile devices for government agencies around the world, including the Canadian government and the U.S. Federal Bureau of Investigation.

The Case for E-Mail Encryption

Posted on May 25, 2011 by admin | No Comments

With so much critical information being exchanged today via e-mail, now is the time to deploy next-generation e-mail encryption solutions, says Bob Janacek, CTO and founder of DataMotion.

The difference between first-gen and next-gen solutions, Janacek says:
“In the first-gen system, the encrypted e-mail is given to internal users – employees – and they send messages from their desktop to external users. It’s a one-way exchange of secure message,” he says. “In the next-gen solution, we’re looking at the bi-direction aspect of e-mail, and these systems empower the internal employees, along with their business partners and customers, to initiate an encrypted message. So, by allowing the external users especially to initiate a secure message, the organization speeds up its processes, which increases their business value and decreases their costs.”

There are other solid business benefits to be gained from next-gen e-mail encryption solutions, Janacek says, that can help organizations ensure greater security of communications while saving costs. And the new solutions treat mobile communications as a “first-class citizen,” he adds.