The UK's Demands for Apple to Break Encryption Is an Emergency for Us All
(eff.org)
The Washington Post reported that the United Kingdom is demanding that Apple create an encryption backdoor to give the government access to end-to-end encrypted data in iCloud.
The Washington Post reported that the United Kingdom is demanding that Apple create an encryption backdoor to give the government access to end-to-end encrypted data in iCloud.
UK government reportedly demands Apple backdoor to encrypted cloud data
(techcrunch.com)
Government officials in the United Kingdom have reportedly secretly ordered Apple to build a backdoor that would give its authorities access to users’ encrypted iCloud data.
Government officials in the United Kingdom have reportedly secretly ordered Apple to build a backdoor that would give its authorities access to users’ encrypted iCloud data.
Apple ordered by UK to create global iCloud encryption backdoor
(macrumors.com)
The British government has secretly demanded that Apple give it blanket access to all encrypted user content uploaded to the cloud, reports The Washington Post.
The British government has secretly demanded that Apple give it blanket access to all encrypted user content uploaded to the cloud, reports The Washington Post.
Celebrating Ten Years of Encrypting the Web with Let's Encrypt (2023)
(eff.org)
Ten years ago, the web was a very different place. Most websites didn’t use HTTPS to protect your data. As a result, snoops could read emails or even take over accounts by stealing cookies. But a group of determined researchers and technologists from EFF and the University of Michigan were dreaming of a better world: one where every web page you visited was protected from spying and interference. Meanwhile, another group at Mozilla was working on the same dream.
Ten years ago, the web was a very different place. Most websites didn’t use HTTPS to protect your data. As a result, snoops could read emails or even take over accounts by stealing cookies. But a group of determined researchers and technologists from EFF and the University of Michigan were dreaming of a better world: one where every web page you visited was protected from spying and interference. Meanwhile, another group at Mozilla was working on the same dream.
Researchers combine holograms and AI to create uncrackable optical encryption
(optica.org)
As the demand for digital security grows, researchers have developed a new optical system that uses holograms to encode information, creating a level of encryption that traditional methods cannot penetrate.
As the demand for digital security grows, researchers have developed a new optical system that uses holograms to encode information, creating a level of encryption that traditional methods cannot penetrate.
Europol chief says Big Tech has 'responsibility' to unlock encrypted messages
(ft.com)
Europol chief says Big Tech has ‘responsibility’ to unlock encrypted messages
Europol chief says Big Tech has ‘responsibility’ to unlock encrypted messages
Windows BitLocker – Screwed Without a Screwdriver
(neodyme.io)
Someone steals your laptop. It’s running Windows 11, fully up-to-date. Device encryption (Windows BitLocker) is enabled. Secure Boot is active. BIOS/UEFI settings are locked down. So, you’re safe, right?
Someone steals your laptop. It’s running Windows 11, fully up-to-date. Device encryption (Windows BitLocker) is enabled. Secure Boot is active. BIOS/UEFI settings are locked down. So, you’re safe, right?
Encryption backdoor debate done and dusted, former White House tech advisor says
(theregister.com)
In the wake of the Salt Typhoon hacks, which lawmakers and privacy advocates alike have called the worst telecoms breach in America's history, the US government agencies have reversed course on encryption.
In the wake of the Salt Typhoon hacks, which lawmakers and privacy advocates alike have called the worst telecoms breach in America's history, the US government agencies have reversed course on encryption.
Dumping Memory to Bypass BitLocker on Windows 11
(noinitrd.github.io)
In this article I will demonstrate how to bypass BitLocker encryption on Windows 11 (version 24H2). This was accomplished by extracting full volume encryption keys (FVEK) from memory using my tool Memory-Dump-UEFI.
In this article I will demonstrate how to bypass BitLocker encryption on Windows 11 (version 24H2). This was accomplished by extracting full volume encryption keys (FVEK) from memory using my tool Memory-Dump-UEFI.
Breaking NATO Radio Encryption [video]
(media.ccc.de)
We present fatal security flaws in the HALFLOOP-24 encryption algorithm, which is used by the US military and NATO. HALFLOOP-24 was meant to safeguard the automatic link establishment protocol in high frequency radio, but our research demonstrates that merely two hours of intercepted radio traffic are sufficient to recover the secret key.
We present fatal security flaws in the HALFLOOP-24 encryption algorithm, which is used by the US military and NATO. HALFLOOP-24 was meant to safeguard the automatic link establishment protocol in high frequency radio, but our research demonstrates that merely two hours of intercepted radio traffic are sufficient to recover the secret key.
AI, Encryption, and the Sins of the 90s
(ndss-symposium.org)
Looking back to the “Crypto Wars” of the 90s, Meredith Whittaker gave a clear and informed perspective on the political, technical, and commercial pressures that have shaped our current encryption policy landscape.
Looking back to the “Crypto Wars” of the 90s, Meredith Whittaker gave a clear and informed perspective on the political, technical, and commercial pressures that have shaped our current encryption policy landscape.
Was the US Telecom Breach Inevitable, Proving Backdoors Can't Be Secure?
(theintercept.com)
Hackers have gained sweeping access to U.S. text messages and phone calls — and in response, the FBI is falling back on the same warmed-over, bad advice about encryption that it has trotted out for years.
Hackers have gained sweeping access to U.S. text messages and phone calls — and in response, the FBI is falling back on the same warmed-over, bad advice about encryption that it has trotted out for years.
FBI Official Reluctantly Touts Encryption Due to Chinese Hack of US Telecoms
(techdirt.com)
Thanks to government-mandated backdoors in US telecom/broadband services, the FBI — at least in the form of an official who refused to identify themself — has had to recommend (albeit extremely half-heartedly) that encrypted communications are perhaps the only thing keeping phone owners from being actively surveilled by Chinese hackers.
Thanks to government-mandated backdoors in US telecom/broadband services, the FBI — at least in the form of an official who refused to identify themself — has had to recommend (albeit extremely half-heartedly) that encrypted communications are perhaps the only thing keeping phone owners from being actively surveilled by Chinese hackers.
'Shame on Google for Their Description of Google Messages's Encryption Support'
(daringfireball.net)
While writing the previous item regarding the FBI encouraging the use of E2EE text and call protocols, I wound up at the Play Store page for Google Messages. It’s shamefully misleading regarding Google Messages’s support for end-to-end encryption.
While writing the previous item regarding the FBI encouraging the use of E2EE text and call protocols, I wound up at the Play Store page for Google Messages. It’s shamefully misleading regarding Google Messages’s support for end-to-end encryption.
FBI Warns iPhone and Android Users–Stop Sending Texts
(forbes.com)
US citizens urged to use encryption, given attacks
US citizens urged to use encryption, given attacks
US Senators implore Department of Defense to expand the use of Matrix
(element.io)
This week the FBI, the US Cybersecurity and Infrastructure Security Agency (CISA) and partner agencies in New Zealand, Australia and Canada began advocating for the use of end-to-end encrypted (E2EE) communications.
This week the FBI, the US Cybersecurity and Infrastructure Security Agency (CISA) and partner agencies in New Zealand, Australia and Canada began advocating for the use of end-to-end encrypted (E2EE) communications.
Git-crypt – transparent file encryption in Git
(agwa.name)
git-crypt enables transparent encryption and decryption of files in a git repository. Files which you choose to protect are encrypted when committed, and decrypted when checked out. git-crypt lets you freely share a repository containing a mix of public and private content. git-crypt gracefully degrades, so developers without the secret key can still clone and commit to a repository with encrypted files.
git-crypt enables transparent encryption and decryption of files in a git repository. Files which you choose to protect are encrypted when committed, and decrypted when checked out. git-crypt lets you freely share a repository containing a mix of public and private content. git-crypt gracefully degrades, so developers without the secret key can still clone and commit to a repository with encrypted files.
Key transparency and the right to be forgotten
(soatok.blog)
This post is the first in a new series covering some of the reasoning behind decisions made in my project to build end-to-end encryption for direct messages on the Fediverse.
This post is the first in a new series covering some of the reasoning behind decisions made in my project to build end-to-end encryption for direct messages on the Fediverse.
Let's Encrypt is 10 years old now
(letsencrypt.org)
Vital personal and business information flows over the Internet more frequently than ever, and we don’t always know when it’s happening. It’s clear at this point that encrypting is something all of us should be doing. Then why don’t we use TLS (the successor to SSL) everywhere? Every browser in every device supports it. Every server in every data center supports it. Why don’t we just flip the switch?
Vital personal and business information flows over the Internet more frequently than ever, and we don’t always know when it’s happening. It’s clear at this point that encrypting is something all of us should be doing. Then why don’t we use TLS (the successor to SSL) everywhere? Every browser in every device supports it. Every server in every data center supports it. Why don’t we just flip the switch?
Australia increasingly hostile toward secure messaging apps
(theguardian.com)
The founder of an encrypted messaging app who left Australia for Switzerland after police unexpectedly visited an employee’s home says he had left because of Australia’s “hostile” stance against developers building privacy-focused apps.
The founder of an encrypted messaging app who left Australia for Switzerland after police unexpectedly visited an employee’s home says he had left because of Australia’s “hostile” stance against developers building privacy-focused apps.
Show HN: Fireproof – local-first database with Git-like encrypted sync
(fireproof.storage)
Quickly add live data to any app or page.
Quickly add live data to any app or page.
Hyrumtoken: A Go package to encrypt pagination tokens
(github.com/ssoready)
hyrumtoken is a Go package to encrypt pagination tokens, so that your API clients can't depend on their contents, ordering, or any other characteristics.
hyrumtoken is a Go package to encrypt pagination tokens, so that your API clients can't depend on their contents, ordering, or any other characteristics.
Encrypted messaging app dev leaves Australia after police visit employee's home
(theguardian.com)
The founder of an encrypted messaging app who left Australia for Switzerland after police unexpectedly visited an employee’s home says he had left because of Australia’s “hostile” stance against developers building privacy-focused apps.
The founder of an encrypted messaging app who left Australia for Switzerland after police unexpectedly visited an employee’s home says he had left because of Australia’s “hostile” stance against developers building privacy-focused apps.
The sins of the 90s: Questioning a puzzling claim about mass surveillance
(cr.yp.to)
Meredith Whittaker, president of the Signal Foundation, gave an interesting talk at NDSS 2024 titled "AI, Encryption, and the Sins of the 90s".
Meredith Whittaker, president of the Signal Foundation, gave an interesting talk at NDSS 2024 titled "AI, Encryption, and the Sins of the 90s".
Show HN: I created a web app to encrypt/decrypt messages using Web Crypto API
(vercel.app)
It's a Web Crypto API experiment to encrypt/decrypt messages using public and private keys.
It's a Web Crypto API experiment to encrypt/decrypt messages using public and private keys.
Harvest Now, Decrypt Later
(wikipedia.org)
Harvest now, decrypt later, also known as store now, decrypt later or retrospective decryption, is a surveillance strategy that relies on the acquisition and long-term storage of currently unreadable encrypted data awaiting possible breakthroughs in decryption technology that would render it readable in the future - a hypothetical date referred to as Y2Q (a reference to Y2K) or Q-Day.
Harvest now, decrypt later, also known as store now, decrypt later or retrospective decryption, is a surveillance strategy that relies on the acquisition and long-term storage of currently unreadable encrypted data awaiting possible breakthroughs in decryption technology that would render it readable in the future - a hypothetical date referred to as Y2Q (a reference to Y2K) or Q-Day.
Chinese researchers break RSA encryption with a quantum computer
(csoonline.com)
In a potentially alarming development for global cybersecurity, Chinese researchers have unveiled a method using D-Wave’s quantum annealing systems to crack classic encryption, potentially accelerating the timeline for when quantum computers could pose a real threat to widely used cryptographic systems.
In a potentially alarming development for global cybersecurity, Chinese researchers have unveiled a method using D-Wave’s quantum annealing systems to crack classic encryption, potentially accelerating the timeline for when quantum computers could pose a real threat to widely used cryptographic systems.