Security News

Twitter has rolled out some quality of life updates for direct messages on the platform, and CEO Elon Musk reckons the site is to start encrypting DMs, beginning today, without providing proof that's the case. In a tweet last night, Twitter Support announced that a couple of well-trodden DM features from other platforms were being added to Twitter.

On April 25, security researchers Tommy Mysk and Talal Haj Bakry, who are known collectively on Twitter as Mysk, warned users of Google's Authenticator 2FA app to not turn on a new syncing feature. The change came about when Google enabled its 2FA Authenticator app to sync credentials across different devices.

Google is bringing end-to-end encryption to Google Authenticator cloud backups after researchers warned users against synchronizing 2FA codes with their Google accounts. This new feature allows users to synchronize their Google Authenticator 2FA tokens with their Google account, providing a backup if their mobile device is lost or damaged.

As currently drafted, the Bill could break end-to-end encryption,opening the door to routine, general and indiscriminate surveillance of personal messages of friends, family members, employees, executives, journalists, human rights activists and even politicians themselves, which would fundamentally undermine everyone's ability to communicate securely. The Bill provides no explicit protection for encryption, and if implemented as written, could empower OFCOM to try to force the proactive scanning of private messages on end-to-end encrypted communication services - nullifying the purpose of end-to-end encryption as a result and compromising the privacy of all users.

An international group of law enforcement agencies are urging Meta not to standardize end-to-end encryption on Facebook Messenger and Instagram, which they say will harm their ability to fight child sexual abuse material online. "The VGT has not yet seen any indication from META that any new safety systems implemented post-E2EE will effectively match or improve their current detection methods," the taskforce said.

There cannot be a "British internet," or a version of end-to-end encryption that is specific to the UK. The UK Government must urgently rethink the Bill, revising it to encourage companies to offer more privacy and security to its residents, not less. "There is grave concern that the Online Safety Bill's requirements around identifying illegal content could break the principle of end-to-end encryption with the promise of a magical backdoor. Once a backdoor has been compromised, data and content protected by the encryption becomes accessible. This is exactly what many bad actors would welcome."

The answer, our researchers discovered, is that so-called active adversaries might be able to shake loose at least some queued-up data from at least least some access points. The researchers figured out various ways of tricking some access points into releasing those queued-up network packets.

Half of U.S. businesses say that security is the most influential factor when buying software, according to Capterra's Security Features Survey. Digging further, businesses share the types of security features they consider to be "Must-haves." 76% cite data backups as a dealbreaker when choosing software.

Let's start with a couple of plums from the US, where - hold onto your peaked caps - law enforcement officials have been breaking the law, wholesale. The government says, with a straight face, that to Protect the Children it must install back doors in end-to-end encryption.

A group of researchers has revealed what it says is a vulnerability in a specific implementation of CRYSTALS-Kyber, one of the encryption algorithms chosen by the U.S. government as quantum-resistant last year. The underlying idea is that the physical effects introduced as a result of a cryptographic implementation can be used to decode and deduce sensitive information, such as ciphertext and encryption keys.