The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Most Trusted Cyber Security and Computer Security Analysis: encryption

Google Achieves First-Ever Successful SHA-1 Collision Attack

Google Achieves First-Ever Successful SHA-1 Collision Attack

February 23, 2017Swati Khandelwal
SHA-1, Secure Hash Algorithm 1, a very popular cryptographic hashing function designed in 1995 by the NSA, is officially dead after a team of researchers from Google and the CWI Institute in Amsterdam announced today submitted the first ever successful SHA-1 collision attack. SHA-1 was designed in 1995 by the National Security Agency (NSA) as a part of the Digital Signature Algorithm. Like other hashes, SHA-1 also converts any input message to a long string of numbers and letters that serve as a cryptographic fingerprint for that particular message. Collision attacks appear when the same hash value (fingerprint) is produced for two different messages, which then can be exploited to forge digital signatures, allowing attackers to break communications encoded with SHA-1. The explanation is technologically tricky, but you can think of it as attackers who surgically alters their fingerprints in order to match yours, and then uses that to unlock your smartphone. The researchers h
Lavabit — Encrypted Email Service Once Used by Snowden, Is Back

Lavabit — Encrypted Email Service Once Used by Snowden, Is Back

January 21, 2017Mohit Kumar
Texas-based Encrypted Email Service ' Lavabit ,' that was forced to shut down in 2013 after not complying with a court order demanding access to SSL keys to snoop on Edward Snowden's emails , is relaunching on Friday. Lavabit CEO Ladar Levison had custody of the service's SSL encryption key that could have helped the government obtain Snowden's password. Although the FBI insisted it was only after Snowden's account, that was the key to the kingdom that would have helped the FBI agents obtain other users' credentials as well. But rather than complying with the federal request that could compromise the communications of all of its customers, Levison preferred to shut down his encrypted email service, leaving its 410,000 users unable to access their email accounts. Now, Levison has announced that he is reviving Lavabit with a new architecture that fixes the SSL problem — which according to him, was the biggest threat — and includes other privacy-enhancin
Explained — What's Up With the WhatsApp 'Backdoor' Story?

Explained — What's Up With the WhatsApp 'Backdoor' Story?

January 14, 2017Mohit Kumar
What is a backdoor? By definition: "Backdoor is a feature or defect of a computer system that allows surreptitious unauthorized access to data, " either the backdoor is in encryption algorithm, a server or in an implementation, and doesn't matter whether it has previously been used or not. Yesterday, we published a story based on findings reported by security researcher Tobias Boelter that suggests WhatsApp has a backdoor that "could allow" an attacker, and of course the company itself, to intercept your encrypted communication. The story involving the world's largest secure messaging platform that has over a billion users worldwide went viral in few hours, attracting reactions from security experts, WhatsApp team, and Open Whisper Systems, who partnered with Facebook to implement end-to-end encryption in WhatsApp. Note: I would request readers to read complete article before reaching out for a conclusion. And also, suggestions and opinions are
WhatsApp Backdoor allows Hackers to Intercept and Read Your Encrypted Messages

WhatsApp Backdoor allows Hackers to Intercept and Read Your Encrypted Messages

January 13, 2017Mohit Kumar
Important Update — Most Security Experts argued, " It's not a backdoor, rather it's a feature ," but none of them denied the fact that, if required, WhatsApp or a hacker can intercept your end-to-end encrypted chats. Read detailed explanation on arguments in my latest article. Most people believe that end-to-end encryption is the ultimate way to protect your secret communication from snooping, and it does, but it can be intercepted if not implemented correctly. After introducing " end-to-end encryption by default " last year, WhatsApp has become the world's largest secure messaging platform with over a billion users worldwide. But if you think your conversations are completely secure in a way that no one, not even Facebook, the company that owned WhatsApp, can intercept your messages then you are highly mistaken, just like most of us and it's not a new concept. Here's the kick: End-to-end encrypted messaging service, such as WhatsApp and Te
NIST Calls Development of Quantum-Proof Encryption Algorithms

NIST Calls Development of Quantum-Proof Encryption Algorithms

December 22, 2016Mohit Kumar
Quantum Computers – Boon or Bane? Quantum computers can perform operations much more quickly and efficiently even with the use of less energy than conventional computers, but that's bad news for encryption — a process which scrambles data according to a massively complex mathematical code. In theory, quantum computers can break almost all the existing encryption algorithms used on the Internet today due to their immense computing power. Quantum computers are not just in theories; they're becoming a reality. With countries like China that holds the top two position in the world's most powerful supercomputers (Sunway TaihuLight and Tianhe-2), followed by the United States' Titan, the day is not far when Quantum computers will work on an industrial scale. Although it's hard to move quantum computing to an industrial scale, it has become a matter of concern for the United States' National Institute of Standards and Technology (NIST) over the fact that
How to Hack Apple Mac Encryption Password in Just 30 Seconds

How to Hack Apple Mac Encryption Password in Just 30 Seconds

December 16, 2016Swati Khandelwal
Macintosh computers are often considered to be safer than those running Windows operating system, but a recently discovered attack technique proves it all wrong. All an attacker needs is a $300 device to seize full control of your Mac or MacBook. Swedish hacker and penetration tester Ulf Frisk has developed a new device that can steal the password from virtually any Mac laptop while it is sleeping or even locked in just 30 seconds, allowing hackers to unlock any Mac computer and even decrypt the files on its hard drive. So, next time when you leave your Apple's laptop unattended, be sure to shut it down completely rather than just putting the system in sleep mode or locked. Here's How an Attacker can steal your Mac FileVault2 Password The researcher devised this technique by exploiting two designing flaws he discovered last July in Apple's FileVault2 full-disk encryption software. The first issue is that the Mac system does not protect itself against Direc
Press Shift + F10 during Windows 10 Upgrade to Launch Root CLI & bypass BitLocker

Press Shift + F10 during Windows 10 Upgrade to Launch Root CLI & bypass BitLocker

November 30, 2016Swati Khandelwal
If your computer's security relies on Windows BitLocker Hard Drive Encryption software, then Beware! Because anyone with physical access to your PC can still access your files within few seconds. All an attacker need to do is hold SHIFT+F10 during Windows 10 update procedure. Security researcher Sami Laiho discovered this simple method of bypassing BitLocker, wherein an attacker can open a command-line interface with System privileges just by holding SHIFT+F10 while a Windows 10 PC is installing a new OS build. The command-line interface (CLI) then grants the attacker full access to the computer's hard drive, even when the victim has enabled BitLocker disk encryption feature. Laiho explains that during the installation of a new build (Windows 10 upgrade), the operating system disables BitLocker while the Windows PE installs a new image of the main Windows 10 OS. "The installation [Windows 10 upgrade] of a new build is done by reimaging the machine and the im
Crack for Charity — GCHQ launches 'Puzzle Book' Challenge for Cryptographers

Crack for Charity — GCHQ launches 'Puzzle Book' Challenge for Cryptographers

October 15, 2016Mohit Kumar
The UK's Signals Intelligence and Cyber Security agency GCHQ has launched its first ever puzzle book, challenging researchers and cryptographers to crack codes for charity. Dubbed " The GCHQ Puzzle Book ," the book features more than 140 pages of codes, puzzles, and challenges created by expert code breakers at the British intelligence agency. Ranging from easy to complex, the GCHQ challenges include ciphers and tests of numeracy and literacy, substitution codes, along with picture and music challenges. Writing in the GCHQ Puzzle Book's introduction, here's what GCHQ Director, Robert Hannigan says: "For nearly one hundred years, the men and women of GCHQ, both civilian and military, have been solving problems. They have done so in pursuit of our mission to keep the United Kingdom safe. GCHQ has a proud history of valuing and supporting individuals who think differently; without them, we would be of little value to the country. Not all are geniuses
Researchers Demonstrated How NSA Broke Trillions of Encrypted Connections

Researchers Demonstrated How NSA Broke Trillions of Encrypted Connections

October 12, 2016Swati Khandelwal
In the year 2014, we came to know about the NSA's ability to break Trillions of encrypted connections by exploiting common implementations of the Diffie-Hellman key exchange algorithm – thanks to classified documents leaked by ex-NSA employee Edward Snowden. At that time, computer scientists and senior cryptographers had presented the most plausible theory: Only a few prime numbers were commonly used by 92 percent of the top 1 Million Alexa HTTPS domains that might have fit well within the NSA's $11 Billion-per-year budget dedicated to "groundbreaking cryptanalytic capabilities." And now, researchers from University of Pennsylvania, INRIA, CNRS and Université de Lorraine have practically proved how the NSA broke the most widespread encryption used on the Internet. Diffie-Hellman key exchange (DHE) algorithm is a standard means of exchanging cryptographic keys over untrusted channels, which allows protocols such as HTTPS, SSH, VPN, SMTPS and IPsec to negotia
How to Start Secret Conversations on Facebook Messenger

How to Start Secret Conversations on Facebook Messenger

October 06, 2016Swati Khandelwal
If you are looking for ways to start a secret conversation on Facebook Messenger with your friends, then you are at the right place. In this article, I am going to tell you about Facebook Messenger's new end-to-end encrypted chat feature, dubbed " Secret Conversations ," but before that, know why do you need your chats to be end-to-end encrypted? Your online privacy is under threat not only from online marketers and hackers but also from governments. Just yesterday, it was revealed that Yahoo secretly built hacking tool to scan all of its customers' incoming emails for US intelligence officials. So, to hide your personal life online from prying eyes, you need end-to-end encryption that allows you to send and receive messages in a way that no one, including the feds with a warrant, hackers and not even the company itself, can intercept or read them. Last year, WhatsApp became the largest end-to-end encrypted messaging network in history by rolling out anoth
Apple Weakens iOS 10 Backup Encryption; Now Can Be Cracked 2,500 Times Faster

Apple Weakens iOS 10 Backup Encryption; Now Can Be Cracked 2,500 Times Faster

September 23, 2016Swati Khandelwal
After the iPhone encryption battle between Apple and the FBI , Apple was inspired to work toward making an unhackable future iPhones by implementing stronger security measures even the company can't hack. Even at that point the company hired one of the key developers of Signal — one of the world's most secure, encrypted messaging apps — its core security team to achieve this goal. But it seems like Apple has taken something of a backward step. Apple deliberately weakens Backup Encryption For iOS 10 With the latest update of its iPhone operating system, it seems the company might have made a big blunder that directly affects its users' security and privacy. Apple has downgraded the hashing algorithm for iOS 10 from "PBKDF2 SHA-1 with 10,000 iterations" to "plain SHA256 with a single iteration," potentially allowing attackers to brute-force the password via a standard desktop computer processor. PBKDF2 stands for Password-Based Key Deri
Germany and France declare War on Encryption to Fight Terrorism

Germany and France declare War on Encryption to Fight Terrorism

August 25, 2016Mohit Kumar
Yet another war on Encryption! France and Germany are asking the European Union for new laws that would require mobile messaging services to decrypt secure communications on demand and make them available to law enforcement agencies. French and German interior ministers this week said their governments should be able to access content on encrypted services in order to fight terrorism , the Wall Street Journal reported . French interior minister Bernard Cazeneuve went on to say that the encrypted messaging apps like Telegram and WhatsApp " constitute a challenge during investigations, " making it difficult for law enforcement to conduct surveillance on suspected terrorists. Also Read:  How to Send and Receive End-to-End Encrypted Emails The proposal calls on the European Commission to draft a law that would " impose obligations on operators who show themselves to be non-cooperative, in particular when it comes to withdrawing illegal content or decrypting me
China Launches World's 1st 'Hack-Proof' Quantum Communication Satellite

China Launches World's 1st 'Hack-Proof' Quantum Communication Satellite

August 16, 2016Swati Khandelwal
China has taken one more step forward towards achieving success in Quantum communication technology. China has launched the world's first quantum communications satellite into orbit aboard a Long March-2D rocket earlier today in order to test the fundamental laws of quantum mechanics at space. 'Hack-Proof' Communications System The satellite, dubbed Quantum Science Satellite, is designed to develop a ' Hack-Proof ' communications system in this age of global electronic surveillance and cyber attacks by transmitting uncrackable encryption keys from space to the ground. The 600-plus-kilogram Quantum Science Satellite , better known as Quantum Experiments at Space Scale (QUESS) satellite, took off from the Jiuquan Satellite Launch Center in Gobi Desert at 1:40 AM local time on a 2-year mission on Tuesday. The QUESS satellite will help China perform unprecedented levels of experiments in quantum communication by sending entangled photons from the satellite
Car Thieves Can Unlock 100 Million Volkswagens With A Simple Wireless Hack

Car Thieves Can Unlock 100 Million Volkswagens With A Simple Wireless Hack

August 11, 2016Swati Khandelwal
In Brief Some 100 Million cars made by Volkswagen are vulnerable to a key cloning attack that could allow thieves to unlock the doors of most popular cars remotely through a wireless signal, according to new research. Next time when you leave your car in a parking lot, make sure you don't leave your valuables in it, especially if it's a Volkswagen. What's more worrisome? The new attack applies to practically every car Volkswagen has sold since 1995. There are two distinct vulnerabilities present in almost every car sold by Volkswagen group after 1995, including models from Audi, Skoda, Fiat, Citroen, Ford and Peugeot. Computer scientists from the University of Birmingham and the German engineering firm Kasper & Oswald plan to present their research [ PDF ] later this week at the Usenix security conference in Austin, Texas. Attack 1 — Using Arduino-based RF Transceiver (Cost $40) The first attack can be carried out using a cheap radio device that can
KeySniffer Lets Hackers Steal Keystrokes from Wireless Keyboards

KeySniffer Lets Hackers Steal Keystrokes from Wireless Keyboards

July 27, 2016Mohit Kumar
Radio-based wireless keyboards and mice that use a special USB dongle to communicate with your PC can expose all your secrets – your passwords, credit card numbers and everything you type. Back in February, researchers from the Internet of things security firm Bastille Networks demonstrated how they could take control of wireless keyboards and mice from several top vendors using so-called MouseJack attacks. The latest findings by the same security firm are even worse. Researchers have discovered a new hacking technique that can allow hackers to take over your wireless keyboard and secretly record every key you press on it. Dubbed KeySniffer , the hack is death for millions of wireless, radio-based keyboards. The Cause: Lack of Encryption and Security Updates The KeySniffer vulnerability affects wireless keyboards from eight different hardware manufacturers that use cheap transceiver chips ( non-Bluetooth chips ) – a less secure, radio-based communication protocol. T
Facebook Messenger adds End-to-End Encryption (Optional) for Secret Conversations

Facebook Messenger adds End-to-End Encryption (Optional) for Secret Conversations

July 08, 2016Swati Khandelwal
Facebook has begun rolling out end-to-end encryption for its Messenger app, thus making its users' conversations completely private. The end-to-end encryption feature, dubbed " Secret Conversations ," will allow Messenger users to send and receive messages in a way that no one, including the FBI with a warrant, hackers and not even Facebook itself, can intercept them. But, this new feature will currently be available only to a small number of users for testing. So if you are one of those lucky users, you will be able to send end-to-end encrypted Secret Conversations through your Messenger app. Rest of the Messenger users will get Secret Conversations feature later this summer or in early fall, the company wrote in a Facebook newsroom post published today. Sounds exciting, right? But, there's a catch: Your conversations on Messenger will not be end-to-end encrypted by default, like what WhatsApp and Apple are offering. Instead, Facebook will require
Apple left iOS 10 Kernel Code Unencrypted, Intentionally!

Apple left iOS 10 Kernel Code Unencrypted, Intentionally!

June 24, 2016Mohit Kumar
Apple's new iOS 10 recently made headlines after MIT Technology Review revealed that the company had left the kernel of the mobile operating system unencrypted. Yes, the first developer preview of iOS 10 released at WWDC has an unencrypted kernel. When the headline broke, some of the users were surprised enough that they assumed Apple had made a mistake by leaving unencrypted kernel in iOS 10, and therefore, would get reverted in the next beta version of the operating system. However, Apple managed to confirm everyone that the company left the iOS 10 kernel unencrypted intentionally, as the kernel cache does not contain any critical or private information of users. On iOS, the kernel is responsible for things like security and how applications are capable of accessing the parts of an iPhone or an iPad. But, Why Apple had left the iOS wide open when other features like iMessage offer end-to-end encryption ? Apple did this on purpose, because by leaving the iOS 10 kernel
Apple announces Encryption-focused New File System for macOS Sierra

Apple announces Encryption-focused New File System for macOS Sierra

June 14, 2016Mohit Kumar
Apple announced one huge change at WWDC 2016: The company is replacing the HFS+ file system on MacOS, iOS, tvOS and WatchOS with a new file system. The company has introduced its brand new file system called The Apple File System — or APFS for short — for iOS, OS X, tvOS, and WatchOS, making security its centerpiece. " The Apple File System (APFS) is the next-generation file system designed to scale from an Apple Watch to a Mac Pro. APFS is optimized for Flash/SSD storage, and engineered with encryption as a primary feature, " according to an entry in the WWDC 2016 schedule. Yes, the Apple File System is optimized for Flash and SSD-based storage solutions that are used in iPhones, iPads, MacBooks, AppleTV set-top boxes, and others Apple gadgets. APFS supports "nearly" all features the HFS+ file system provides while offering improvements over the previous system in the process. Apple describes APFS as a modern file system that includes " strong enc
Facebook Messenger App — Choose either End-to-End Encryption or Artificial Intelligence

Facebook Messenger App — Choose either End-to-End Encryption or Artificial Intelligence

June 03, 2016Mohit Kumar
Facebook is set to introduce end-to-end encryption for its Messenger app , allowing more than its 900 Million users to send and receive messages that can not be read or intercepted by law enforcement or even the social network itself. However, it's not the kind of end-to-end encrypted chat feature provided by Apple or WhatsApp in which all your conversation are entirely encrypted by default. Instead, the social networking giant will offer an end-to-end encrypted chat mode in Messenger as opt-in, just like Google's Allo smart chat app that provides encrypted chat feature only if users opt for it. Privacy advocates criticized Google for adding its ' incognito ' encrypted chat mode as an opt-in feature, rather than offering end-to-end encryption by default. Now, Facebook Messenger will roll out the same choice for its users in the next few months, when the company will roll out this new encrypted chat mode in Messenger as an opt-in feature, reports  The Guardian.
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.