In addition we're concerned with WhatsApp's web app. WhatsApp provides an HTTPS-secured web interface for users to send and receive messages. However, as with all websites, the resources needed to load the application are delivered each and every time you visit that site. So, even if there is support for crypto in the browser, the web application can easily be modified to serve a malicious version of the application upon any given pageload, which is capable of delivering all your messages to a third party.
2017/02/06: all this encryption breaks Deep Packet Inspection. All the IDS's, IPS's and NGFW's that we bought are becoming obsolete. They can't inspect the encrypted packets. Of course they try to hold onto this technology by introducing technologies like SSL inspection (aka SSLbump). This technology basically breaks the trust model of Internet encryption by acting as a man-in-the-middle. The place where you work spoofs itself as the encrypted site you are going to. Because they control your computer, you don't even know it is happening. Then they decrypt your Internet traffic to use DPI on it and then re-encrypt it back to the Internet.
Instead of holding onto deep packet inspection, I think we need to transition to new methodologies for detecting bad things on the network. Telemetry data is one of these ways through passive monitoring of netflows or DNS queries By looking at traffic on your network and determining what looks anomalous, you may be able to determine where the nefarious activity is happening. By looking at your DNS queries and investigating Passive DNS with Bind RPZor using OpenDNS you can cut down on a huge amount of bad sites on the Internet and interrupt phishing campaigns and malware.
The results of the U.S. presidential election have put the tech industry in a risky position. President-Elect Trump has promised to deport millions of our friends and neighbors, track people based on their religious beliefs, and undermine users' digital security and privacy. He'll need Silicon...
I'm speaking to you from Silicon Valley, where some of the most prominent and successful companies have built their businesses by lulling their customers into complacency about their personal information," said Cook. "They're gobbling up everything they can learn about you and trying to monetize i
I make network architectures private and secure (without giving up everything else).
We already wrote about how law enforcement was freaking out over the (good) news that Apple and Google were making encryption a default on both iOS and Android. Then we had a followup where a recently retired FBI guy insisted that such encryption...
We have to create a mass encryption movement."
SSL (Secure Sockets Layer) and its descendant TLS (Transport Layer Security) are the most widely used protocols for encrypting data that is exchanged between a server and a client. These protocols often use X.509 certificates and asymmetric cryptography. STARTTTLS is another method of securing plain-text communication. This protocol also encrypts data with SSL or TLS, Continue reading...
WhatsApp has been plagued by numerous issues in their security: easily stolen passwords, unencrypted messages and even a website that can change anyone's status. But that streak is not yet over.
When you access a Web site over an encrypted connection, you're using a protocol called HTTPS. But not all HTTPS connections are created equal. In the first few milliseconds after a browser connects securely to a server, an important choice is made: the browser sends a list of preferences for what...
Silent Circle will offer a previously military-grade encryption service to the average smartphone user -- and to the military itself, ...
SSDs can offer substantial benefits in performance and reliability for at least some purposes, but encrypting data and secure data deletion are problems.
2012/05/24: Recently, the new version 4.0 of the OwnCloud open-source software has been released. According to Wikipedia, "OwnCloud is a software suite that provides a location-independent storage area for data (cloud storage). The project was launched in January 2010 from KDE developer Frank Karlitschek to create a free alternative to commercial cloud providers. In contrast to commercial storage services, ownCloud can be installed on a private server at no additional cost". So, anybody sensitive to the privacy of his own data, but still willing to store them in the cloud, might be tempted to install the feature-rich OwnCloud application on a dedicated server. Even more interestingly, the feature list of the latest version mentions the following:
Dropbox is great but the data is not encrypted on your computer (you can read more about this here). There are various ways to encrypt some private files in your Dropbox folder: you can use Truecript, EncFS, etc.
I recently visited a relative who is studying in the natural sciences and who, surprisingly, is even less capable in certain technical asp...
Convinced from spending hours reading rave reviews, Bob eagerly clicked "Proceed to Checkout" for his gallon of Tuscan Whole Milk and
Investigations into Computer Security, Hardware Security, secure microcontrollers, embedded security systems, tamper resistance, smartcards, analyzing security systems. Analysis of the copy protection mechanism in modern microcontrollers. Hardware designe. Embedded systems programming. Reverse engineering. Non-invasive and semi-invasive attacks, optical probing