Category Archives: Encryption
The next administration must be ready for new quantum encryption standards, MITRE advises – Nextgov/FCW
The next presidential administration whether it be a second term for current President Joe Biden or former President Donald Trump will have to focus on ensuring the U.S. is ready for quantum computing to outperform the encryption methods currently used to secure data, a top federally-backed research group argues.
MITRE said in an advisory document released last week that the next presidential administration will need to prioritize such quantum computing advances, as well as critical infrastructure protections, clarification of cyber leadership roles and implementation of a zero trust framework for the federal government.
The readout is part of a series of releases from the federally affiliated national security research giant ahead of the upcoming election and possible transition of power in the White House. The release is the first of its kind in the 2024 election season that focuses on U.S. cybersecurity policy.
Todays cryptographic systems rely on complex mathematical algorithms that are difficult for traditional computers to unravel. But future quantum computers could solve these problems much more efficiently because they rely on the laws of quantum mechanics and can process a vast number of possibilities simultaneously. It means malicious actors in the coming years may be augmented with new abilities to decode encrypted information currently considered secure.
Practical quantum computing tools are still in development, though a top NSA official predicted in April that they could be available in three to five years and will likely be accessed in cloud based environments.
While it is hard to predict precisely when quantum computing will crack the currentencryption, the U.S. government must prepare now to protect data past, present, and future in the context of post-quantum cryptography, said the MITRE advisory, referring to a new era of cryptographic algorithms that are designed to be secure against the capabilities of quantum computers. The National Institute of Standards and Technology has been in the process of developing tools to help agencies migrate to PQC standards, as directed by the White House.
The next administration should assess the U.S. governments post-quantum readiness, craft a cryptographic bill of materials to outline what systems need transitioning to PQC and use expertise from the PQC Coalition, MITRE argues.
The White House and intelligence partners have already been working to bolster government network defenses against advanced techniques enabled by the creation of practical quantum computers in the near future. The NSA, in particular, has set a 2035 deadline for IC systems to be locked into these new PQC standards.
Federal scientific thought leaders are trying to prevent quantum-powered cyber incidents like record now, decrypt later attacks where an adversary will hoover up encrypted data streams, store them, and with the eventual existence of a powerful enough quantum device decrypt that data to use for theft or exploitation.
Here is the original post:
The next administration must be ready for new quantum encryption standards, MITRE advises - Nextgov/FCW
Going Dark: EU States Push for Access to Encrypted Data and Increased Surveillance – netzpolitik.org
The recently published recommendations of an high level expert group on the topic of going dark were also discussed in the Standing Committee on Internal Security (COSI). On May 29, several EU member states spoke out in favor of access to encrypted data and communications, as well as Europe-wide data retention. We are publishing the secret minutes of the meeting in full (in German).
The Going Dark expert group (High-Level Group on access to data for effective law enforcement), dominated by security authorities, called for backdoors to encrypted data and many other surveillance options in 42 recommendations at the end of May this year. We published the full text of the categorized document (PDF) last week, and the expert groups demands can also be derived from a freedom of information request.
The groups topic was how investigating authorities deal with encryption. The authorities fear a scenario in which large parts of communication are encrypted and they are therefore no longer able to investigate. Police forces and intelligence services call this phenomenon going dark. However, studies doubt the negative effects, partly because digital technologies provide the security authorities with a wealth of data that they did not have in the past.
According to the protocol drawn up by the German Permanent Representation in Brussels, EU member states have already called for a concrete roadmap to implement the recommendations. The document also shows that the recommendations have been endorsed by various bodies within the European Union. The CATS Committee, which coordinates police and judicial cooperation in criminal matters, has supported the panels recommendations and the EU Commission has also welcomed the results, stating that they have great potential.
A range of countries, including Estonia, the Czech Republic, Spain, Sweden, Finland, Italy, the Netherlands, and Ireland, see an urgent need for action on encryption and data retention. Hungary called access to data a key element for effective law enforcement and found the results of the expert group to be impressive and forward-looking. According to the minutes, the police authority Europol emphasized the danger of end-to-end encryption being misused by criminals, a view shared by Greece.
Only Luxembourg spoke out against weakening encryption. Germany, on the other hand, did not welcome the weakening of encryption, but spoke out in favor of improved cooperation with industry and standardization bodies. The expert group had described the latter as important because technical standards could be set here that could make the work of investigating authorities easier.
Germany also emphasized that as part of the national implementation of the European Electronic Communication Code (EECC), over-the-top services (OTTs) [] must be made mandatory as interpersonal communication services without any doubt and without exception. This should impose obligations to cooperate in monitoring on messengers such as WhatsApp & Co. In this context, Germany argued that the major market players in particular should be called upon to apply the standards implemented for data transfers to law enforcement authorities.
At the same time, it seemed clear to the members of the committee that, in view of the numerous new surveillance powers and encroachments on fundamental rights contained in the expert catalogue, the EU member states are facing political headwinds and thus difficult communication. According to the minutes, the chair of the committee said that it was important to set the right narrative, and Sweden, with the support of several countries, advised a communication strategy that emphasizes that the recommendations are intended to protect fundamental rights.
It will be interesting to see what such a communication strategy will look like in view of the plans for all kinds of additional surveillance and backdoors into encrypted communications.
The group of high-level experts had been meeting since last year to tackle the so-called going dark problem. The High-Level Group set up by the EU was characterized by a bias right from the start: The committee is primarily made up of representatives of security authorities and therefore represents their perspective on the issue.
This imbalance was criticized by data protection activists, who were then involved in the process, albeit at a late stage and only unofficially. They apparently had little influence on the committees recommendations. Outgoing Pirate MEP Patrick Breyer called the panels recommendations the secret wish list of EU governments and warned that these proposals would be implemented after the European elections. The approval in the COSI committee shows that Breyers fears are justified.
Original Article in German, Translation by Daniel Leisegang
View post:
Going Dark: EU States Push for Access to Encrypted Data and Increased Surveillance - netzpolitik.org
Forget Windows’ Built-in Backup: I Use This Free and Encrypted Software – How-To Geek
Key Takeaways
Tired of losing files with Windows Backup? Discover how KopiaUI can bring peace of mind to your backup process with incremental snapshots, encryption, and cloud storage options. Let's dive in.
A few years ago, I experienced a nightmare with Windows Backup. I had been regularly backing up my files using the built-in Windows backup tool, thinking my data was safe. However, my hard drive failed, and all of my backups were corrupted and unusable. I lost photos, important documents, and years of work. It was a horrible experience that made me realize the importance of a reliable backup solution.
After my issues with Windows Backup, I searched for a more reliable and secure backup tool for Windows. That's when I discovered KopiaUI. KopiaUI allows me to create snapshot backups and send them to multiple locations, so I never have to worry about a hard drive failure again.
KopiaUI is a fast, secure, open-source backup and restore tool. It creates file-system snapshots in a remote location with built-in client-side encryption, ensuring your files are safe.
KopiaUI doesn't limit you to local backups. You can use a cloud storage provider like Backblaze or Google Cloud Storage, local directories, network shares (Windows Shares or Linux Server Shares), and even Rclone Remote (allowing you to use services like Dropbox, OneDrive, etc). You can also host your own Kopia repository on a Linux or Windows Server for a more streamlined LAN backup solution.
Why should you care about KopiaUI? It allows you to create incremental snapshots of your files on Windows, which you can roll back to at any time. This makes backups efficient, as only changes since the last backup are saved. Best of all, everything is encrypted and can be stored off-site for safekeeping. It's an incredible tool that will help you keep your files safe on Windows.
When it comes to backing up your files on Windows, choosing between KopiaUI and Windows Backup depends on your needs and priorities. KopiaUI excels with incremental snapshots, and only saves changes since the last backup. This efficiency significantly reduces storage space compared to Windows Backup, which offers both full and incremental backups but lacks customization.
KopiaUI's versatility shines with a wide range of backup destinations including local directories, network shares, and various cloud providers like Backblaze and Google Cloud Storage. This contrasts with Windows Backup's limited options, primarily focusing on local and network backups. Moreover, KopiaUI's cross-platform compatibility ensures access to your backups on Windows, macOS, and Linux.
Reliability is crucial for backups, and KopiaUI boasts snapshot-based backups, reducing the risk of corruption compared to Windows Backup, which has a history of occasional failures. While Windows Backup remains a popular choice due to its integration and ease of use, it lacks the advanced features that power users might seek.
Security is critical, and KopiaUI prioritizes this with client-side encryption of all backup data before it leaves your device. It also offers a variety of encryption algorithms for enhanced flexibility.
In terms of user interface, KopiaUI's interface is functional and well-documented but might require some getting used to. On the other hand, Windows Backup seamlessly integrates into system settings, and it will be very intuitive for anyone that uses Windows regularly.
KopiaUI is a compelling alternative to Windows Backup, especially for users prioritizing incremental backups, diverse storage options, robust security, and advanced features. While its interface might not be as intuitive as Windows Backup's, its reliability and comprehensive features make it a strong contender for safeguarding your valuable data.
To use KopiaUI, you'll need to download it and install it on Windows. Head over to the KopiaUI GitHub releases page, and grab the latest version for Windows.
After downloading the EXE to your computer, open up Windows Explorer, and launch the setup EXE. Once launched, follow the installation instructions to install the software on your computer.
After KopiaUI finishes installing, launch it. When you launch the software, you will need to select where you'd like your backups to be saved. Choose the storage solution for your backup that works best for you.
With your storage solution chosen, you'll be asked to finish creating your KopiaUI repository by entering a password. Do so, and then click "Create Repository" to finish.
KopiaUI supports a wide variety of cloud storage options, like Dropbox, OneDrive, Google Drive, etc. However, it requires a tiny bit of setup to make it work. Thankfully, it isn't difficult to set up (relatively speaking).
To start, open up PowerShell, and run the following command. This command will set up Chocolatey, an easy-to-use installation tool for Windows.
You can then install Rclone with:
From here, connect to your favorite Cloud service:
Configuring Google Drive
Type n for a new remote. Enter a name (e.g., GoogleDrive). Choose "17" for Google Drive. Leave Client ID and Secret blank. Choose the desired access level. Follow the instructions to authenticate.
In Kopia, enter "C:programdatachocolateybinrclone.exe" as the path to Rclone.
Configuring Dropbox
Type n for a new remote. Enter a name (e.g., Dropbox). Choose 12 for Dropbox. Leave Client ID and Secret blank. Type n for default authentication. Follow the instructions to authenticate.
Be sure to enter "c:programdatachocolateybinrclone.exe" as the path to Rclone in Kopia.
Configuring OneDrive
Type n for a new remote. Enter a name (e.g., OneDrive). Choose 33 for OneDrive. Follow the instructions to authenticate.
Make sure you enter "c:programdatachocolateybinrclone.exe" as the path to Rclone in Kopia.
Verify the Setup
Before you go any further, you need to confirm that your remote works. To verify the setup, run the command below, with the remote name you chose. If everything is up and running, the command will correctly show your Rclone remote, as well as the files and folders it has access to.
Open KopiaUI, then go to repository setup. Choose "Rclone Remote" as the storage type. Enter the remote name and folder path, and you'll be ready to back up to your favorite cloud service.
After connecting to a cloud service, you'll be asked to finish creating your KopiaUI repository by entering a password. Do so, and then click "Create Repository" to finish.
When you've connected KopiaUI to your storage solution of choice, your new KopiaUI repository will be ready to use. To create your first backup, find the Snapshots section of KopiaUI, and select the "New Snapshot" button. After selecting the "New Snapshot" button, you'll be asked to "enter path to snapshot." Browse for the folder you wish to back up to KopiaUI. When you've selected it, find the "Snapshot Now" button and select it.
After selecting the "Snapshot Now" button, you can customize the settings for your backup in KopiaUI. However, this is not required. You can just as easily leave everything at default. When you've finished looking over the settings, click "Snapshot Now" again to start the backup process.
When the snapshot is completed, KopiaUI will list this backup in the UI. Select the backup to view the contents. If you want to restore a backup with KopiaUI, select the snapshot, and then select "Restore Files & Directories" to restore it to their original locations, or a location of your choosing. You can also mount your backups directly as a filesystem by selecting the "Mount as Local Filesystem" option.
Although KopiaUI might look a bit complicated at first, it's worth learning for the peace of mind it offers. With KopiaUI, you can make sure your files are always backed up and safe on your Windows computer. Keep using KopiaUI, and you'll never have to worry about losing your important files again.
Read more from the original source:
Forget Windows' Built-in Backup: I Use This Free and Encrypted Software - How-To Geek
EU agencies highlight crypto concerns both encryption and cryptocurrency – ReadWrite
The European Union Innovation Hub a collaborative effort among various EU agencies and member states has recently published its inaugural report on encryption. The report highlights the dual nature of cryptographic technologies, acknowledging their potential for both positive and negative applications.
The report recognizes the integral role of public-private cryptography in the functioning of cryptocurrencies and non-fungible tokens (NFTs), which rely on these technologies for storage, mining, and transfers. However, it also points out that some malicious actors exploit the system to evade law enforcement, particularly through the use of protocols and privacy coins that can obscure visibility on the blockchain.
The EU Innovation Hub specifically identified cryptocurrencies such as Monero (XMR), Zcash (ZEC), Grin (GRIN), and Dash (DASH), as well as layer-2 initiatives, zero-knowledge proofs, crypto mixing services, and non-compliant crypto exchanges, as facilitators for bad actors to launder funds. The report states:
Mixers and privacy coins have been complicating tracing for years, but Mimblewimble and zero-knowledge proofs are relatively new developments that can also obscure the visibility of cryptocurrency addresses, balances and transactions.
Crypto hackers and scammers often use services like Tornado Cash to siphon stolen funds and deter traceability. However, this does not completely impede investigations:
All of these developments can still be investigated by law enforcement authorities, when access to the private keys of the suspect are gained.
The report was created by six members of the EU Innovation Hub for Internal Security: Europol, Eurojust, the European Commissions Directorate-General for Migration and Home Affairs, the European Commissions Joint Research Center, the European Councils Counter-Terrorism Coordinator, and the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice.
Read more:
EU agencies highlight crypto concerns both encryption and cryptocurrency - ReadWrite
Over and out? Police radio encryption bill left in limbo after failing to pass both houses in Albany | amNewYork – amNY
Sign up for our amNewYork email newsletter to get news, updates, and local insights delivered straight to your inbox!
New York lawmakers failed to pass the Keep Police Radio Public Act to prevent the NYPD and other police departments from shutting the press out of police radio access amid encryption efforts.
Only one of the two houses in Albany passed the bill before the 2024 legislative session ended on Saturday morning. As a result, it will have to be reintroduced in the next session that starts in January 2025.
The act would have provided credentialed media access to encrypted police radio channels, and compelled the NYPD to allow access to New York City media that have listened to police radio channels as a source of news for more than 90 years.
The state Senate approved its version of the bill, sponsored by Senate Deputy Majority Leader Mike Gianaris of Queens, by a vote of 60-40. It was then sent to the Assembly, where it was sponsored by Assemblywoman Karines Reyes of the Bronx. However, a spokesperson for Reyes said the bill came in late and failed to get enough support to be discharged to a vote.
It took forever to get a bill number and so it was hard to circulate for support, the spokesperson said. The expectation is the assemblywoman will continue to seek support over the weeks and months, [and get] the opportunity to come back with new legislation [in which] more people will be on it.
Press advocates hope that the bill can be reintroduced in a special session should Gov. Kathy Hochul convene one later this year for unrelated issues such as finding an alternative funding solution for the MTA after Hochul indefinitely delayed congestion pricing.
Gianaris said he was proud to have sponsored and passed the legislation in the Senate.
I am proud the Senate passed my legislation preserving access to encrypted police radio, which is critical for the accountability a free press provides, said Gianaris. As encrypted radio usage grows, this legislation would strike the proper balance between legitimate law enforcement needs and the rights and interests of New Yorkers.
The City Council has been critical of the NYPD for failing to have a plan for including the press in communications. Speaker Adrienne Adams castigated police officials at a budget hearing in March, but has not yet offered any local solutions to the issue.
The City Council issued a brief statement regarding the failure of the state police radio encryption bill: We continue to explore solutions to preserve transparency of NYPD radio communications and avoid negatively impacting volunteer first responders, accountability, and public safety.
Other leaders have remained silent even though most of the state legislative contingent supports the bill.
All four of the co-sponsors of Reyes version of the act are from Brooklyn. Brooklyn Borough President Antonio Reynoso had no comment despite having four days to reply to questions.
The New York Media Consortium, comprised of eight press organizations, are leading the effort to maintain press access to police radio transmissions. Leaders of those groups sounded off after the failed attempt to pass the bill.
Diane Kennedy, president of the New York News Publishers Association said that the legislation still has a chance in the next session because it was passed in the Senate.
In passing Sen. Gianariss bill, the New York State Senate recognized the importance of maintaining journalists access to police radio communications, Kennedy said. We look forward to working with Assemblywoman Karines Reyes as she continues her efforts to get the bill passed by the New York State Assembly. We urge the City of New York to preserve journalists access to police radio communications in a safe and secure manner that will benefit both law enforcement and the public.
Most impacted are those working on the streets of New York City, especially press photographers who are normally first on the scene of most incidents. Bruce Cotler, president of the New York Press Photographers Association, noted that the fight is not over.
We are of course disappointed that the legislation did not yet pass to allow the press to continue to have access to police communications, but the struggle is far from over, said Cotler. The bill did pass the senate and only needs an assembly vote. We believe assembly leaders will realize that it is possible to maintain the safety of officers while providing access to communications to the press to preserve transparency that is paramount to the publics right to know.
David Cruz, president of the New York Press Club, echoed his sentiments.
This bill is a no-brainer, said Cruz. Continued access to police frequencies speeds up the release of critical information to make sure the public is quickly informed. We hope the legislature takes up this consequential bill in the next session. The future of news coverage depends on it.
NYPD officials have opposed the bill; in the past, they have questioned the vetting of journalists credentialed by the Mayors Office of Media and Entertainment, and police officials were seeking a delay in radio transmissions.
They also echo Mayor Eric Adams, saying bad guys use radio transmissions against them and it risks the safety of responding officers.
The NYPD has yet to provide a plan for keeping the media in the loop to maintain transparency, despite their billion-dollar radio upgrade being in its sixth year. NYPD officials said they planned to have a plan after the encryption program is completed, by late 2025.
Mickey Osterreicher, general counsel of the National Press Photographers Association called on news organizations to push for the legislation in the future.
It is very unfortunate that despite our efforts, we were not able to get this crucial bill passed this session, said Osterreicher. Hopefully, news organizations throughout the state will realize the detrimental effects that encryption will have on their news-gathering abilities and loudly voice support for this legislation the next time it comes up for a vote.
Lloyd Mitchell, a freelance photographer who contributes to amNewYork Metro and a member of the Press Photographers Government Relations Committee, said failure to gain radio access will damage his efforts at informing the public of the news.
I am disappointed in the Assembly essentially giving power to the NYPD and making our jobs even more difficult, Mitchell said. The assembly should have been an ally, and my compliments go to Brooklyn and Bronx delegations for attempting to spearhead the legislation. We are optimistic that those who mightve opposed the bill will realize the importance of it in the next session. If they dont, they will have no one else to blame but themselves when critical incidents go unreported in a timely manner, with police controlling the narrative, he added.
Oliya Scootercaster, owner of the Freedom News Service, says her ability to provide news overnight and daily to the public will be compromised without radio access.
We have crossed over to the darkness, quite literally, Brooklyn is gone from accountability as its now fully encrypted, she said. Nobody, besides police, know whats happening on the streets. The NYPD appears to be rapidly developing a larger media team, which might be what they expect to replace journalists with. Journalism works because its multiple independent witnesses documenting one event. If its only the NYPD documenting the event, you only get the NYPDs story.
See the rest here:
Over and out? Police radio encryption bill left in limbo after failing to pass both houses in Albany | amNewYork - amNY
Ultra Intelligence & Communications awarded nearly $32 million agreement for BlackArrow encryption key … – PR Newswire
AUSTIN, Texas, June 11, 2024 /PRNewswire/ -- Ultra Intelligence and Communications has announced a $31.9 million agreement through an Other Transaction Agreement (OTA) with Consortium Management Group, Inc. (CMG) on behalf of Consortium for Command, Control and Communications in Cyberspace (C5) from the U.S. Air Force Cryptologic and Cyber Systems Division to deliver over-the-network rekey and remote management system upgrades for operationally deployed communications security (COMSEC) devices including identification friend or foe (IFF), Link-16 and in-line encryptors to reduce service costs and ensure reliable tactical networks.
This Other Transaction Authority (OTA) award signifies Ultra I&C's deep-rooted expertise in cryptographic engineering and key management, expanding Ultra I&C's position as a tactical data link solutions provider.
"Ensuring reliable communications is paramount for any operation, under all conditions and
environments," said Bradford Powell, president of Ultra I&C's C2I&E division. "Remote management and rekey capability are necessary to improve tactical network operations, minimize downtime, and protect our military personnel responsible for maintaining tactical equipment in operational locations. As CJADC2 and other initiatives continue to connect assets and domains, the maintenance of those tactical networks become increasingly important."
Under the terms of the agreement, Ultra I&C will develop a high-assurance certified encryptor for secure network distribution of keys and commands to various COMSEC equipment, incorporating the latest key management infrastructure protocols and security requirements to meet the complex and evolving needs of modern defense operations. The solution builds upon Ultra's currently fielded Remote Tactical Data Links Management System (RTDLMS), providing Link-16 remote management and rekey for U.S. and multiple international partners.
About Ultra Intelligence & CommunicationsUltra Intelligence & Communications, also known as Ultra I&C, has generations of experience fielding tactical communications, command and control, and cyber security technologies for the most challenging defense applications. Ultra I&C connects the multi-domain battlespace and ensures secured information advantage in high-threat environments. These innovative solutions are an integral operational component for the U.S. Department of Defense, the UK Ministry of Defence, the Canadian Department of National Defence and many more defense organizations worldwide. The company is headquartered in Austin, TX with locations and manufacturing facilities around the globe. For more information, visit https://www.ultra-ic.com.
Media InquiriesAmanda Rudolph, Vice President of Marketing and Communications: amanda.rudolph@ultra-ic.com
SOURCE Ultra Intelligence & Communications
Read this article:
Ultra Intelligence & Communications awarded nearly $32 million agreement for BlackArrow encryption key ... - PR Newswire
New report on encryption in criminal matters stresses balance between security and privacy – Eurojust
The report gives an overview of the use of encrypted communication tools such as EncroChat and SkyECC by criminal networks and analyses the topic of encryption from a legal, technical, policy and research point of view. The publication also touches on specific judicial processes and court rulings.
Furthermore, the new report includes an elaborate analysis of the recent ruling by the Court of Justice of the European Union of 30 April this year on encrypted communications. This ruling clarifies the conditions for EU Member States to request and transmit intercepted data from encrypted communication channels for use as evidence in criminal proceedings, in order to safeguard fundamental rights and enable continued investigations into criminal activities.
The publication also provides technical information on new developments and tools such as quantum computing, cryptocurrencies, biometric data, telecommunications and artificial intelligence. It also presents an overview of the challenges and opportunities they represent for judicial and law enforcement authorities.
The main ideas in the conclusions and recommendations are:
The report is the result of the pooling of expertise of all partners collaborating in the EU Innovation Hub for Internal Security, hosted at Europol, including the EU Agencies CEPOL, EIGE, EUAA, Eurojust, Europol, Frontex, FRA and the General Secretariat of the Council of the European Union (including the EU Counterterrorism Coordinators Office), as well as the European Commission (Directorate Generals JRC and Home).
Beyond Firewalls: The Critical Need for Data Encryption in Cybersecurity – TimesTech
In our hyper-connected digital age, safeguarding sensitive information has become a paramount concern for businesses and individuals alike. From financial records to confidential communications, our virtual lives are teeming with valuable data ripe for malicious exploitation. As cyber risks loom large, its more crucial than ever for businesses to invest in robust cybersecurity measures like data encryption. This ingenious technique transforms readable information into indecipherable code, creating an impenetrable virtual vault that protects our most guarded secrets, even in the face of a successful cyber incident.
At its core, data encryption is an intricate dance of math and cryptography. Imagine taking a plaintext messagebe it an email, document, or financial transactionand scrambling it through a sequence of complex mathematical operations and cryptographic keys. The result? A seemingly nonsensical jumble of characters, a ciphertext that appears as mere gibberish to anyone lacking the decryption key.
This encryption alchemy is powered by algorithms like the widely-used AES (Advanced Encryption Standard), RSA, and ECC (Elliptic Curve Cryptography), each offering unique strengths and applications. The encryption process begins with the meticulous generation of cryptographic keys, produced through secure random number generators and safeguarded by stringent key management practices to prevent unauthorized access.
Todays workforce is mobile, and sensitive data is constantly on the move. Employees leave the secure confines of corporate networks and carry laptops, tablets, and smartphones to meetings, conferences, and remote work locations. This portability comes at a costthe ever-present risk of theft, loss, or accidental exposure.
Enter encryption, a digital bodyguard for your sensitive information. By encrypting data on portable devices, organizations ensure that even if a device falls into the wrong hands, the sensitive information it contains remains useless to prying eyes without the decryption key. Savvy companies mandate encryption for all devices leaving the workplace, leveraging built-in encryption options or dedicated encryption tools.
Moreover, the oft-overlooked risks posed by removable storage media like USB drives and external hard drives demand equal vigilance. These diminutive data carriers, while convenient, are notorious for facilitating data loss due to their small size and easy portability. Encrypting data on these devices is a simple yet effective solution to a persistent problem.
While robust cybersecurity strategies should aim to prevent attacks from occurring in the first place, encryption serves as a formidable last line of defense. Even if threat actors manage to breach a companys defenses through phishing, social engineering, or other nefarious means, encrypted data remains securely locked away, inaccessible without the decryption key.
Many encryption tools offer military-grade protection, such as the widely accepted AES-256 standard, currently considered one of the strongest methods of encoding data. By rendering sensitive information useless to attackers, encryption effectively mitigates the potential damage caused by successful cyber incidents, safeguarding the privacy and integrity of critical data.
As businesses and individuals navigate the digital realm, embracing encryption as a core component of their cybersecurity strategy is no longer a luxury but a necessity. By safeguarding sensitive information both at rest and in transit, encryption empowers us to traverse the digital landscape confidently, secure in the knowledge that our most valuable data is shielded from prying eyes now and into an uncertain future.
Read the original here:
Beyond Firewalls: The Critical Need for Data Encryption in Cybersecurity - TimesTech
Media encryption added to Dante – Worship AVL
Audinate has announced the addition of Dante Media Encryption to the evolving security features and benefits of the Dante platform. Dante Media Encryption protects the content of media flows using strong AES256 encryption, safeguarding media from interception or unauthorised access.
Designed with security at its core, Dante offers device, network and media-level protections for pro AV manufacturers to integrate into their products and system solutions. The accelerating convergence of AV equipment and IT network technologies has increased the need for integrators and manufacturers to provide network protection for system users with security-conscious designs and adherence to emerging IoT (Internet-of-Things) network regulations.
Dante systems and endpoints implement a multilayer security architecture that provides threat and vulnerability protection to the network and connected devices. The multilayer security architecture provides a solid foundation for manufacturers and systems integrators to follow best practices when configuring Dante and their products to meet new regulations. The addition of Dante Media Encryption enables pro AV equipment manufacturers to upgrade qualified Dante firmware and software in new or existing designs. Dante Media Encryption capabilities are fully compatible between updated devices in managed Dante networks.
Read the original:
Media encryption added to Dante - Worship AVL
Microsoft’s Recall feature will now be opt-in and double encrypted after privacy outcry – VentureBeat
It's time to celebrate the incredible women leading the way in AI! Nominate your inspiring leaders for VentureBeats Women in AI Awards today before June 18. Learn More
Microsoft has announced major changes to its recently unveiled AI-powered Recall feature, part of the new line of Copilot+ PCs, in response to blistering criticism from security researchers about potential privacy risks. The company said it would make the feature opt-in, require biometric authentication to access stored data, and add additional layers of encryption.
Introduced last month, Recall was touted as a groundbreaking capability that would automatically capture screenshots as users worked, enabling them to search their computing history using natural language queries. But security experts quickly raised red flags, warning that the features vast data collection and lack of robust protections created serious privacy and security vulnerabilities.
In a blog post, Pavan Davuluri, Microsofts Corporate Vice President for Windows + Devices, acknowledged the clear signal from critics that the company needed to strengthen safeguards and make it easier for users to choose whether to enable Recall. The changes, which will be implemented before the features public release on June 18, include:
The additional encryption is particularly notable, as it should make it significantly harder for attackers or unauthorized users to access the potentially sensitive data captured by Recall even if they gain access to the database. Stored screenshots will now be double encrypted and only decryptable with the authenticated users biometrics on their enrolled device.
VB Transform 2024 Registration is Open
Join enterprise leaders in San Francisco from July 9 to 11 for our flagship AI event. Connect with peers, explore the opportunities and challenges of Generative AI, and learn how to integrate AI applications into your industry. Register Now
Critics, including notable cybersecurity firms and privacy advocates, argued that the persistent storage and processing of screen captures could become a target for malicious actors. The outcry reached a peak when an investigative report by BBC highlighted vulnerabilities that could potentially be exploited to access sensitive information without adequate user consent.
Responding to the criticism, Microsoft published a blog post on their Windows Experience Blog detailing their decision to make Recall an opt-in feature during its preview phase. Privacy and security are paramount, stated the post, emphasizing that the company is taking steps to reassess the features impact on user privacy.
The decision to make the feature opt-in has been met with mixed reactions. Some industry analysts commend Microsoft for taking swift action in response to user feedback. Turns out speaking out works, said Kevin Beaumont, a cybersecurity researcher in a post on X.com. Microsoft are making significant changes to Recall, including making it specifically opt in, requiring Windows Hello face scanning to activate and use it, and actually trying to encrypt the database they say.
On the other hand, some users express disappointment, having anticipated the convenience promised by Recall. In all seriousness, Ive seen zero positivity about Recall (the Windows feature which takes screenshots every 5 seconds), which leads me to believe no-one thinks this is a good feature, said Dr Owain Kenway in a post on X.com. But is there a secret undercurrent of pro-Recall users embarrassed into silence?
Microsoft has committed to a thorough review and revision of Recalls security measures. According to their press release, the company plans to conduct extensive testing with selected users who opt into the preview post-review to gather more data and refine the features security framework.
This incident underscores the delicate balance tech companies must maintain between innovating with cutting-edge AI technologies and ensuring the privacy and security of their users. It also highlights the growing role of public and expert scrutiny in shaping the development and deployment of new technologies in the digital age. As Microsoft navigates these challenges, the tech community and its users will undoubtedly keep a close watch on how Recall evolves and how it might set precedents for future AI integrations in consumer technology.
VB Daily
Stay in the know! Get the latest news in your inbox daily
By subscribing, you agree to VentureBeat's Terms of Service.
Thanks for subscribing. Check out more VB newsletters here.
An error occured.