Security News

The US Department of Justice, together with government representatives from six other countries, has recently re-ignited the perennial Battle to Break Encryption. Modern encryption schemes don't just encrypt network traffic with your long-term encryption keys, but add in what are known as ephemeral keys into the mix - one-time encryption secrets for each communication session that are discarded after use.

Video-conferencing giant Zoom is rolling out a technical preview of its end-to-end encryption next week. Zoom has faced various controversies around its encryption policies over the past year, including several lawsuits alleging that the company falsely told users that it offers full encryption.

Starting next week, Zoom users - both those who are on one of the paid plans and those who use it for free - will be able to try out the solution's new end-to-end encryption option. Must join from the Zoom desktop client, mobile app, or Zoom Rooms.

Video conferencing platform Zoom next week will start rolling out end-to-end encryption in technical preview. "We're excited to announce that starting next week, Zoom's end-to-end encryption offering will be available as a technical preview, which means we're proactively soliciting feedback from users for the first 30 days," the company said earlier this week.

One such feature is called Intel Total Memory Encryption, which Intel said helps ensure that all memory accessed from the CPU is encrypted - such as customer credentials, encryption keys and other IP or personal information on the external memory bus. The Intel Platform Firmware Resilience will be part of the Xeon Scalable platform, which Intel claims will help protect against platform firmware attacks by detecting them before they can compromise or disable the machine.

Zoom also unveiled a public beta for OnZoom, an online events platform and marketplace for paid Zoom users who want to create, host and monetize classes, concerts or fundraisers via the Zoom Meetings platform. The first Zapps will be distributed in the Zoom experience by the end of year and open to developers soon afterward, according to a Zoom blog.

Zoom announced today that it will roll out end-to-end encryption for all users starting next week, as part of a 30-day technical preview. To start using E2EE when joining new meetings during this roll out phase, meeting participants will have to join using the Zoom desktop client, mobile app, or from Zoom Rooms.

A group of researchers has detailed a new timing vulnerability in Transport Layer Security protocol that could potentially allow an attacker to break the encryption and read sensitive communication under specific conditions. Dubbed "Raccoon Attack," the server-side attack exploits a side-channel in the cryptographic protocol to extract the shared secret key used for secure communications between two parties.

Learn how you can enable the new Nextcloud end-to-end encryption. What you'll need How to enable encryption on Nextcloud.

A group of academic researchers has devised practical attacks against major standards in email end-to-end encryption, which could lead to the exfiltration of sensitive information. The proposed attacks target the OpenPGP and S/MIME encryption schemes, and can be used to leak private keys and other data, researchers with the Ruhr University Bochum and Münster University of Applied Sciences explain in a newly published paper.