Security researchers bypass encryption on self‑encrypting drives
Industry standard specification does not guarantee the safety of the self-encrypting drives despite verification
encryption
Invest in encryption and get it right
The heavy ICO fine against Royal & Sun Alliance Insurance PLC has highlighted a shortcoming with encryption.
Encrypt – or face a huge fine
The ICO, the UK’s independent authority that oversees data privacy, recently released a new guidance on encryption best practices. The key message - encrypt or face a big fine.
Encryption 101: What is it? When should I use it?
More than perhaps any other security topic, encryption really seems to perplex a lot of people. So, let's take a closer look – from basics to best practice.
Artist mails NSA ‘uncrackable’ mixtape
An artist has created what he claims to be an ‘uncrackable’ mixtape, using freely available encryption tools and housed on a home-made device, and posted it to America’s National Security Agency (NSA).
Interview: ‘Fully encrypted’ Android Blackphone – will it allow for spy‑proof communication?
Speaking via email, Silent Circle’s Toby Weir-Jones said of the Android device built to offer secure communication, “It's obvious there is tremendous interest in the goals we've set for Blackphone, even though we have released so little concrete detail so far."
Bad password choices: don't miss the point
Phish, Phowl, and Passwords I spend a lot of time defending educational as opposed to purely technical solutions to security. Not that I don’t believe in the usefulness of technical solutions: that is, after all, ESET’s basic business. However, there are many people in the security business who believe that education is a waste of
The BYOD security challenge: How scary is the iPad, tablet, smartphone surge?
Employee use of personally-owned computing devices for work-related purposes–known as Bring Your Own Device or BYOD–is not a new trend and security professionals have been concerned about it for some time, but there is a widely held view that the trend has been transformed of late. Why? Waves of mobile digital devices flooding into the
Windows Phone 8: Security Heaven or Hell?
Introduction Mobile World Congress 2012 is almost upon us, and one of the most hotly-anticipated topics is the next generation of Microsoft’s smartphone operating system Windows Phone 8, which has been kept under wraps far more tightly than its PC counterpart, Windows 8. While Microsoft was an early adopter in the creation of smartphones with
Now you can be forced to decrypt your hard drive?
Awhile back we noted a case where Ramona Fricosu, a woman accused of involvement in a mortgage scam, was asked, following a law enforcement raid in which her laptop was seized, to decrypt data on the device for use as evidence, potentially incriminating her. She pleaded the 5th Amendment protection against self-incrimination and refused to
Could hackers break into your Wi‑Fi wireless router?
You just got a new wireless router for Christmas, but when you set it up it asks about wireless security. Do you want WEP, WPA, WPA2 or any of the other alphabet soup options they give? While it’s easiest to just pick the default setting, are you setting yourself up for trouble from aspiring hackers?
Unencrypted credit card storage on the rise
More websites stored unencrypted credit card payment information than ever this year, according to a recent report. I thought we had this figured out? Obviously this is a direct violation of Payment Card Industry Data Security Standard (PCI DSS) requirements. But seriously, this stuff is simple for the developers to fix, so why don’t they?
Stolen password checking: a question of trust
How do you know a service is legitimate and safe? We all have to trust by proxy sometimes, but it just doesn't feel right to encourage people to accept reassuring statements as gospel.
Encryption, the Wonderdrug
One of the recurring themes of the past few years in the UK is data lost by the public sector on USB drives, CDs and so on.
Where there’s smoke, there’s FireWire
Forensic software developer PassWare announced a new version of its eponymous software forensics kit on Tuesday. Already several news sources are writing about how the program can automatically obtain the login password from a locked or sleeping Mac simply by plugging in a USB flash drive containing their software and connecting it to another computer
Deus ex machina
It will likely come as no surprise to regular readers of ESET's Threat Blog that we are somewhat gadget aficionados here in the Research Department. Our focus, however, is usually on issues such as malware, spam and privacy so we do not spend a lot of time discussing gadgetry. Every once in a while, though,
Operation Cyber ShockWave
While serving in the Marine Corps, one activity that I felt was effective in preparing both myself and my unit to be able to handle real-world scenarios, was getting as much experience as possible from military training exercises. In most cases multiple branches worked together or, as in the case with NATO exercises, multiple countries
Party Line – GSM Eavesdropping
The BBC has reported (http://news.bbc.co.uk/1/hi/technology/8429233.stm) that Karsten Nohl has published details of the encryption algorithm used to encrypt mobile phonecalls made using GSM technology. The topic has inspired much discussion following a talk at the Chaos Computer Congress in Berlin. The GSM Association seems, according to the BBC report, to be a little ambivalent about the
Data Breaches – It’s All Greek to Me
The results (released yesterday) from a study conducted by the Ponemon Institute yielded some interesting data points. The most visible of these was the finding that 85% of U.S. organizations experienced data breaches of varying magnitudes. This study, entitled “U.S. Enterprise Encryption Trends”, has completed its fourth annual publication. The data was directly obtained from
You Did Back Up Your Data, Didn’t You?
One of the security best practices is to back up your data regularly. This is sound advice as it helps mitigate the damages from many different threats. Lots of people think of data loss when they think of viruses, but very few viruses actually tried to cause data loss. There have been a few that