Security News

There cannot be a "British internet," or a version of end-to-end encryption that is specific to the UK. The UK Government must urgently rethink the Bill, revising it to encourage companies to offer more privacy and security to its residents, not less. "There is grave concern that the Online Safety Bill's requirements around identifying illegal content could break the principle of end-to-end encryption with the promise of a magical backdoor. Once a backdoor has been compromised, data and content protected by the encryption becomes accessible. This is exactly what many bad actors would welcome."

The answer, our researchers discovered, is that so-called active adversaries might be able to shake loose at least some queued-up data from at least least some access points. The researchers figured out various ways of tricking some access points into releasing those queued-up network packets.

Half of U.S. businesses say that security is the most influential factor when buying software, according to Capterra's Security Features Survey. Digging further, businesses share the types of security features they consider to be "Must-haves." 76% cite data backups as a dealbreaker when choosing software.

Let's start with a couple of plums from the US, where - hold onto your peaked caps - law enforcement officials have been breaking the law, wholesale. The government says, with a straight face, that to Protect the Children it must install back doors in end-to-end encryption.

A group of researchers has revealed what it says is a vulnerability in a specific implementation of CRYSTALS-Kyber, one of the encryption algorithms chosen by the U.S. government as quantum-resistant last year. The underlying idea is that the physical effects introduced as a result of a cryptographic implementation can be used to decode and deduce sensitive information, such as ciphertext and encryption keys.

Google Workspace has expanded its client-side encryption to Gmail and Google Calendar for users of Workspace Enterprise Plus, Education Standard and Education Plus, Google announced on Tuesday. Google Calendar for web browser, and Calendar on Android and iOS mobile apps in beta.

Google has announced the general availability of client-side encryption for Gmail and Calendar, months after piloting the feature in late 2022. The data privacy controls enable "Even more organizations to become arbiters of their own data and the sole party deciding who has access to it," Google's Ganesh Chilakapati and Andy Wen said.

Gmail client-side encryption is now generally available for Google Workspace Enterprise Plus, Education Plus, and Education Standard customers. The feature was first introduced in Gmail on the web as a beta test in December 2022, after being available in Google Drive, Google Docs, Sheets, Slides, Google Meet, and Google Calendar since last year.

Windows 10 already has two flavours of encryption - BitLocker and Windows Device Encryption - and as of the 22H2 release, Windows 11 Enterprise and Education adds Personal Data Encryption. Personal Data Encryption doesn't replace either of them because it doesn't encrypt a whole drive; instead, it protects individual files and folders using 256-bit AES-CBC encryption keys that are protected by Windows Hello for Business, but only through applications that are built to use it.

ASCON is the name of the group of lightweight authenticated encryption and hashing algorithms that the U.S. National Institute of Standards and Technology has chosen to secure the data generated by Internet of Things devices: implanted medical devices, keyless entry fobs, "Smart home" devices, etc. Why are the ASCON encryption algorithms a good choice for IoT devices?