Security News
With email now the number one destination to hoodwink overworked and bleary-eyed users with a confidence trick, there are many, many reasons to keep email secure. The historical problem with a technique like encryption in the past has been, if carried out in a heavy-handed fashion, it can be an all-or-nothing kind of deal.
A trio of Republican senators on Tuesday proposed legislation that requires service providers and device makers in America to help the Feds bypass encryption when presented with a court-issued warrant. The law bill [PDF] is dubbed the Lawful Access to Encrypted Data Act, which uncharacteristically cannot be condensed into a pandering acronym.
Privacy advocates are decrying a new bill, which would force tech companies to unlock encrypted devices if ordered to do so by law enforcement with a court issued warrant. "Any sort of backdoor or weakened encryption can be used by adversaries to gain access to unauthorized data, not to mention the potential for abuse by law enforcement, despite assurances to the contrary. Finally, if this bill were to pass, people who are conducting nefarious activity will just switch to tools that are built outside of the United States where there will be no backdoor access. So, the FBI will not only not be able to access the data, they won't even be able to access unencrypted metadata that can prove very valuable in tracking down bad guys."
Experts have argued that adding backdoors to encryption systems would also allow malicious actors to abuse those backdoors, thus defeating the purpose of strong encryption. The officials believe that while encryption is "Vital" for securing data, communications and financial transactions, law enforcement should be given access to the information they seek if they present a warrant.
Zoom CEO Eric Yuan announced in a blog post Wednesday that Zoom is extending its end-to-end encryption offering to all Zoom account holders. Zoom released the first draft of its E2EE plan in late May as part of a response to criticism of its security flaws, which became public as Zoom signups skyrocketed during the COVID-19 pandemic.
Zoom Video Communications has decided to extend the benefits of end-to-end encryption not only to paying Zoom customers, but to those who create free accounts, as well. Zoom does an about-face on E2EE. Zoom CEO Eric Yuan announced their decision to bring E2EE to paid users only in early June.
Zoom announced on Wednesday that it has decided to offer end-to-end encryption to free users after all, as long as they verify their account by providing an additional piece of information, such as a phone number. Zoom said earlier this month that only paying customers and schools would benefit from its upcoming end-to-end encryption feature, arguing that free users are more likely to commit abuse and the company wants to be able to assist law enforcement investigations.
Zoom today said it will make end-to-end encryption available to all of its users, regardless of whether they pay for it or not. We note that Google Meet and other rival services do not offer E2EE. "Today, Zoom released an updated E2EE design on GitHub," Zoom CEO Eric Yuan said.
An Italian company that sells what it describes as a legitimate encryption utility is being used as malware packer for the cloud-delivered malicious GuLoader dropper, claim researchers. According to researchers at Check Point, the company identified as CloudEyE is looking to take a piece of the traditional packer and crypter market - a thriving arena that caters to malware authors looking for obfuscation for their wares.
5G adoption, security and worldwide market trendsWith 5G adoption ramping up all over the world, we sat down with Chris Pearson, President of 5G Americas, to learn more about the current 5G landscape. Zoom to offer end-to-end encryption only to paying customersAs Zoom continues on its path to bring end-to-end encryption to users, the big news is that only paid users will have access to the option.