Security News

Futurist Isaac Arthur explains how to stay safe from quantum encryption hacking. Dan Patterson, a Senior Producer for CBS News and CNET, interviewed futurist Isaac Arthur about quantum encryption.

That's why, despite TLS 1.3 being around since 2018 and offering greater security that TLS 1.2, the latter that remains the de facto standard. The TLS 1.2 protocol took multiple round trips between client and server, while TLS 1.3 is a much smoother process that requires only one trip.

Zoom in its documentation, and in an in-app display message, has claimed its conferencing service is "End-to-end encrypted," meaning that an intermediary, include Zoom itself, cannot intercept and decrypt users' communications as it moves between the sender and receiver. When reports emerged that Zoom Meetings are not actually end-to-end encrypted encrypted, Zoom responded that it wasn't using the commonly accepted definition of the term.

That's a good thing because miscreants hijacking unprotected Zoom calls is a thing. When we say end-to-end.... Despite Zoom offering a meeting host the option to "Enable an end-to-end encrypted meeting," and providing a green padlock that claims "Zoom is using an end to end encrypted connection," it appears that the company is able to access data in transit along that connection, and can also be compelled to provide it to governments.

Kubernetes-specialist Zettaset has introduced software-defined encryption for Kubernetes-managed containers, improving DevSecOps, enhancing data protection, and enabling compliance. The fluid nature of cloud storage requires a software rather than hardware solution - and Zettaset has announced its software-defined XCrypt Kubernetes Encryption offering.

For years, Naked Security and Sophos have said #nobackdoors, agreeing with the Information Technology Industry Council that "Weakening security with the aim of advancing security simply does not make sense." EARN IT is a bipartisan effort, having been introduced by Republican Lindsey Graham, Democrat Richard Blumenthal and other legislators who've used the specter of online child exploitation to argue for the weakening of encryption.

Zettaset, a leading provider of software-defined encryption solutions, announced Zettaset XCrypt Container Encryption for Docker Enterprise from Mirantis, a software-only encryption solution for containers. Designed to protect containers from data theft in any physical or virtual environment, the new solution enables organizations running Docker Enterprise environments to seamlessly secure data within containers through encryption with little-to-no impact on performance or business velocity.

On Thursday, a bipartisan group of US senators introduced legislation with the ostensible purpose of combating child sexual abuse material online - at the apparent cost of encryption. The law bill is called the Eliminating Abusive and Rampant Neglect of Interactive Technologies Act, which folds up into the indignant acronym EARN IT. Backed by senators Lindsey Graham, Richard Blumenthal, Josh Hawley and Dianne Feinstein, the proposed law intends to make technology companies "Earn" their exemption from liability allowed under Section 230 of the US Communications Decency Act by requiring internet companies to follow a set of best practices to keep CSAM off their networks.

It cannot be fixed without replacing the silicon, only mitigated, it is claimed: the design flaw is baked into millions of Intel processor chipsets manufactured over the past five years. Buried deep inside modern Intel chipsets is what's called the Management Engine, or these days, the Converged Security and Manageability Engine.

Evidence is emerging that a barely noticed change made to Chrome 80, released on 4 February, might have disrupted the hugely successful data and user profile stealing malware AZORult. Now, according to research by Israeli security company Kela, chatter on crime forums suggests cybercriminals believe that Chrome 80's move to encrypt locally saved passwords and cookies using AES-256 has killed the malware's attempts to steal data for good.