The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: encryption software

Google Created Faster Storage Encryption for All Low-End Devices

Google Created Faster Storage Encryption for All Low-End Devices

February 08, 2019Swati Khandelwal
Google has launched a new encryption algorithm that has been built specifically to run on mobile phones and smart IoT devices that don't have the specialized hardware to use current encryption methods to encrypt locally stored data efficiently. Encryption has already become an integral part of our everyday digital activities. However, it has long been known that encryption is expensive, as it causes performance issues, especially for low-end devices that don't have hardware support for making the encryption and decryption process faster. Since data security concerns have recently become very important, not using encryption is no more a wise tradeoff, and at the same time, using a secure but slow device on which apps take much longer to launch is also not a great idea. Currently Android OS supports AES-128-CBC-ESSIV for full-disk encryption and AES-256-XTS for file-based encryption, and Google has already made it mandatory for device manufacturers to include AES encry
GnuPG Flaw in Encryption Tools Lets Attackers Spoof Anyone's Signature

GnuPG Flaw in Encryption Tools Lets Attackers Spoof Anyone's Signature

June 15, 2018Swati Khandelwal
A security researcher has discovered a critical vulnerability in some of the world's most popular and widely used email encryption clients that use OpenPGP standard and rely on GnuPG for encrypting and digitally signing messages. The disclosure comes almost a month after researchers revealed a series of flaws, dubbed eFail , in PGP and S/Mime encryption tools that could allow attackers to reveal encrypted emails in plaintext , affecting a variety of email programs, including Thunderbird, Apple Mail, and Outlook. Software developer Marcus Brinkmann discovered that an input sanitization vulnerability, which he dubbed SigSpoof , makes it possible for attackers to fake digital signatures with someone's public key or key ID, without requiring any of the private or public keys involved. The vulnerability, tracked as CVE-2018-12020 , affects popular email applications including GnuPG, Enigmail, GPGTools and python-gnupg, and have now been patched in their latest available so
Buggy Microsoft Outlook Sending Encrypted S/MIME Emails With Plaintext Copy For Months

Buggy Microsoft Outlook Sending Encrypted S/MIME Emails With Plaintext Copy For Months

October 12, 2017Swati Khandelwal
Beware, If you are using S/MIME protocol over Microsoft Outlook to encrypt your email communication, you need to watch out. From at least last 6 months, your messages were being sent in both encrypted and unencrypted forms, exposing all your secret and sensitive communications to potential eavesdroppers. S/MIME, or Secure/Multipurpose Internet Mail Extensions, is an end-to-end encryption protocol—based on public-key cryptography and works just like SSL connections—that enables users to send digitally signed and encrypted messages. According to a security advisory published by SEC Consult earlier this week, a severe bug (CVE-2017-11776) in Microsoft Outlook email client causes S/MIME encrypted emails to be sent with their unencrypted versions attached. When Outlook users make use of S/MIME to encrypt their messages and format their emails as plain text, the vulnerability allows the seemingly encrypted emails to be sent in both encrypted as well as human-readable clear text f
Someone is Spying on Researchers Behind VeraCrypt Security Audit

Someone is Spying on Researchers Behind VeraCrypt Security Audit

August 16, 2016Mohit Kumar
After TrueCrypt mysteriously discontinued itself, VeraCrypt became the most popular open source disk encryption software used by activists, journalists, and privacy conscious people. Due to the huge popularity of VeraCrypt, security researchers from the OSTIF ( The Open Source Technology Improvement Fund ) announced at the beginning of this month that it had agreed to audit VeraCrypt independently. Using funds donated by DuckDuckGo and VikingVPN, the OSTIC hired vulnerability researchers from QuarksLab to lead the audit, which would look for zero-day vulnerabilities and other security holes in VeraCrypt's code. Now, the most troubling part comes here: The OSTIF announced Saturday that its confidential PGP-encrypted communications with QuarkLabs about the security audit of VeraCrypt were mysteriously intercepted. "We have now had a total of four email messages disappear without a trace, stemming from multiple independent senders." the OSTIF said . "Not
Apple hires Encryption Expert to Beef Up Security on its Devices

Apple hires Encryption Expert to Beef Up Security on its Devices

May 25, 2016Mohit Kumar
The FBI and other law enforcement agencies have waged legal war on encryption and privacy technologies. You may have heard many news stories about the legal battle between Apple and the FBI over unlocking an iPhone that belonged to the San Bernardino shooter. However, that was just one battle in a much larger fight. Now, in an effort to make its iPhone surveillance-and-hack proof, Apple has rehired security expert and cryptographer Jon Callas , who co-founded the widely-used email encryption software PGP and the secure-messaging system Silent Circle that sells the Blackphone. This is not Apple’s first effort over its iPhone security . Just a few months back, the company hired Frederic Jacobs , one of the key developers of Signal — World's most secure, open source and encrypted messaging app . Now Apple has rehired Callas, who has previously worked for Apple twice, first from 1995 to 1997 and then from 2009 to 2011. During his second joining, Callas designed a ful
​DARPA Wants To Build Ultra Secure Messaging App for US Military

​DARPA Wants To Build Ultra Secure Messaging App for US Military

April 24, 2016Mohit Kumar
Just last month, DARPA launched a project dubbed "Improv," inviting hackers to transform simple household appliances into deadly weapons . Now, the Defense Advanced Research Projects Agency is finding someone in the private sector to develop a hacker-proof " secure messaging and transaction platform " for the U.S. military. Darpa wants researchers to create a secure messaging and transaction platform that should be accessible via the web browser or standalone native application. The secure messaging app should " separate the message creation, from the transfer (transport) and reception of the message using a decentralized messaging backbone to allow anyone anywhere the ability to send a secure message or conduct other transactions across multiple channels traceable in a decentralized ledger, " agency's  notice explains. In simple words, DARPA aims to create a secure messaging service that not only implements the standard encryption and se
'Hacking Team' Loses License to Sell Surveillance Malware Outside Europe

'Hacking Team' Loses License to Sell Surveillance Malware Outside Europe

April 07, 2016Swati Khandelwal
Hacking Team – the infamous Italy-based spyware company that had more than 400 GB of its confidential data stolen last year – is facing another trouble.  This time not from other hackers, but from its own government. Hacking Team is infamous for selling surveillance spyware to governments and intelligence agencies worldwide, but now it may not be allowed to do so, as the Italian export authorities have revoked the company's license to sell outside of Europe. Almost a year after it was hacked and got all its secrets leaked online , Hacking Team somehow managed to resume its operations and start pitching new hacking tools to help the United States law enforcement gets around their encryption issues. Hacking Team had sold its malware, officially known as the Galileo Remote Control System , to authorities in Egypt, Morocco, Brazil, Malaysia, Thailand, Kazakhstan, Vietnam, Mexico, and Panama. Hacking Team had also signed big contracts with the Federal Burea
Hacking Team Offering Encryption Cracking Tools to Law Enforcement Agencies

Hacking Team Offering Encryption Cracking Tools to Law Enforcement Agencies

October 31, 2015Swati Khandelwal
Hacking Team, the infamous Italy-based spyware company that had more than 400 GB of its confidential information stolen earlier this year, has resumed its operations and started pitching new hacking tools to help US law enforcement gets around their encryption issues . Yes, Hacking Team is back with a new set of Encryption Cracking Tools for government agencies as well as other customers to break encrypted communications. The announcement came in an email pitch sent to existing and potential new customers on October 19 when Hacking Team CEO David Vincenzetti confirmed that Hacking Team is now "finalizing [its] brand new and totally unprecedented cyber investigation solutions." The e-mail is not made public, but Motherboard has been able to obtain a copy of it that states: "Most [government agencies] in the United States and abroad will become 'blind,' they will 'go dark,' they will simply be unable to fight vicious phenomena such as te
THN Weekly Roundup — 11 Most Important Hacking News Stories

THN Weekly Roundup — 11 Most Important Hacking News Stories

October 05, 2015Swati Khandelwal
We are back with our last week’s top cyber security threats and challenges, just in case you missed any of them ( ICYMI ). THN Weekly Round Up is The Hacker News efforts to help you provide all important stories of last week in one shot. We recommend you read the full story ( just click ‘Read More’ because there’s some valuable advice in there as well ). Here's the list: 1. Quantum Teleportation — Scientists Teleported Quantum Data over 60 Miles While the world is battling between Quantum computers and Encryption , the NIST Scientists have set a new record in the field of " Quantum Teleportation "... …by successfully Teleporting a small amount of data (qubit) inside light particles over a distance of 60 Miles (100 km) through a network of optical fiber – the record which is four times faster than previous one. To know how the Quantum Teleportation works and how the researchers able to reach this record, Read More … 2. Pirate Bay co-fo
TrueCrypt Encryption Software Has Two Critical Flaws: It's time to Move On

TrueCrypt Encryption Software Has Two Critical Flaws: It's time to Move On

October 01, 2015Khyati Jain
If you are among thousands of privacy-conscious people who are still using ‘ no longer available ’ TrueCrypt Encryption Software , then you need to pay attention. Two critical security vulnerabilities have been discovered in the most famous encryption tool, TrueCrypt, that could expose the user’s data to hackers if exploited. TrueCrypt was audited earlier this by a team of Security researchers and found to be backdoor-free . James Forshaw , Security researcher with Google’s Project Zero — which looks for zero-day exploits — has found a pair of privilege elevation flaws in TrueCrypt package. Last year, TrueCrypt project was dropped after its mysterious developers had claimed the Windows disk-encryption software had ‘ unfixed security issues ’. TrueCrypt is a widely-used ‘ On-the-Fly ’ Open source Hard disk encryption program. Reportedly, TrueCrypt vulnerabilities would not directly allow an attacker to decrypt drive data. Instead, successful exploitation
Web Encryption Protocol That Even Quantum Computers Can't Crack

Web Encryption Protocol That Even Quantum Computers Can't Crack

August 07, 2015Khyati Jain
Sometimes, instead of black and white we tend to look out, how a grey would look? Yes, today we are going to discuss the ‘entangling’ or ‘superpositioning’ which is a power packed functionality of quantum computers. And simultaneously, how can they pose a threat when fully launched in the world. Superposition is a state in which a system can be in multiple stages i.e. it can be ‘up’ and ‘down’ at the same time. The Quantum systems can hit different modules of a problem simultaneously, split across possible versions of the universe. What are Quantum Computers? Quantum computers are going to be the next huge development in computing for processing data, with an ability to perform calculations thousands of times faster than today’s modern supercomputers. Quantum computing is not well suited for tasks such as word processing and email, but it is ideal for tasks such as cryptography, modeling and indexing enormous databases. A quantum computer can compute in min
Most Vulnerable Smart Cities to Cyber Attack on Internet of Things (IoT)

Most Vulnerable Smart Cities to Cyber Attack on Internet of Things (IoT)

July 31, 2015Khyati Jain
Imagine… You drive to work in your Smart-Car connected to the GPS automatically, but a hacker breaks into your car's network, takes control of the steering wheel, crashes you into a tree, and BOOM ! Believe it or not, such cyber attacks on smart devices are becoming reality. Car Hacking was recently demonstrated by a pair of security researchers who controlled a Jeep Cherokee remotely from miles away, which shows a rather severe threat to the growing market of the Internet of Things (IoT) . Internet of Things (IoT) — A technology that connects objects to a network or the Internet, and enables interaction among varied devices such as: Smart Cars Smart TVs Refrigerators Wearables Routers Other embedded computing as well as non-computing devices. Few days back, I had read about Smart Dustbins that are the latest smart objects to become Wi-Fi-enabled. Internet of Things to make Cities Smart or Dumb? Cities around the world are becoming
How To Encrypt Your USB Drive to Protect Data

How To Encrypt Your USB Drive to Protect Data

June 15, 2015Mohit Kumar
The USB flash drives or memory sticks are an excellent way to store and carry data and applications for access on any system you come across. With storage spaces already reaching 256 gigabytes, nowadays USB drives are often larger than past's hard drives. Thanks to increased storage capacity and low prices, you can easily store all your personal data on a tiny, easy-to-carry, USB memory stick. The USB drive is a device that is used by almost everyone today. However, there's a downside… I think you’ll agree with me when I say: USB sticks are easily lost or stolen. Aren’t they? However, in today’s post I am going to show you how to use your USB drives without fear of being misplaced. If you are not aware, the leading cause of data breaches for the past few years has been the loss or theft of laptops and USB storage devices. However, USB flash memory sticks are generally treated with far less care than laptops, and criminals seeking for corporate devices could cost your c
Cisco Open Sources Experimental Small Domain Block Cipher

Cisco Open Sources Experimental Small Domain Block Cipher

June 23, 2014Wang Wei
In cryptography, Block ciphers such as AES or DES are a symmetric key cipher operating on fixed-length groups of bits, called blocks, and typically operate on large input data blocks i.e. 64 or more than 128, 256 bits. Block cipher encrypts Plain-text to Cipher-text by applying cryptographic key and algorithm to a block of data at once as a group rather than to one bit at a time, so that identical blocks of text do not get encrypted the same way. However, some applications need smaller blocks, and possibly non-binary blocks. So, to fulfil this need Cisco is providing a  small block cipher , what it calls “FNR” (Flexible Naor and Reingold), but currently it is an experimental block cipher rather a production software. Sashank Dara , software engineer at the security technology group Cisco , says in a detailed explanation that FNR is a flexible length small domain block cipher for encrypting objects that works without the need for padding, as happens in the traditional
Student Decrypts Simplocker Android Ransomware that Encrypts Files

Student Decrypts Simplocker Android Ransomware that Encrypts Files

June 17, 2014Swati Khandelwal
In a previous story, I reported about a new ransomware threat known as Simplocker discovered by researchers at the security firm ESET, targeting Android users in the UK, Switzerland, Germany, India and Russia, for ransom. Simplocker (Android/Simplocker.A) is the latest Android ransomware that has ability to encrypt the files using Advanced Encryption Standard (AES) on the Android device SD cards demanding users pay a ransom of 260 UAH ( Ukrainian hryvnias ), which is roughly equal to $21 US, for those files to be decrypted. To hide their track, the malware author is using the Command-and-Control server hosted on TOR .onion domain, which makes it difficult to trace the server's physical location or determine who is operating it. The malware collects information about the users’ phone such as IMEI number, Operating System, phone model and manufacturer to send it all to Command-and-Control server. STUDENT CRACKS SIMPLOCKER RANSOMWARE Now, an undergraduate stu
Terrorist Group Al-Qaeda Uses New Encryption Softwares After NSA Revelations

Terrorist Group Al-Qaeda Uses New Encryption Softwares After NSA Revelations

May 15, 2014Mohit Kumar
Last year, Just after Snowden leaks, the U.S Government warned that NSA surveillance revelations will make harder to track bad guys trying to harm the United States, as disclosures can be helpful to terrorist groups. In response to the NSA revelations, the terrorists at Al-Qaeda have started using strongest encryption techniques in order to bypass the standard cryptographic protections in its various communications, according to the recent report released by the Threat Intelligence  company, Recorded Future . The analysis carried out by the intelligence firm revealed that the Infamous Terrorist Organizations, Al-Qaeda that attacked civilian and military targets in various countries, has switched to new encryption software for the first time in seven years, following the revelations of the US National Security Agency (NSA) by former contractor Edward Snowden . Al-Qaeda is a global militant Islamist and takfiri organization which operates as a network comprising both a
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.