New Australian Legislation Challenges Unbreakable Encryption

Australia passed a law that challenges the right of tech companies to sell devices with unbreakable encryption. The Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018, which took effect last month, covers all devices sold in Australia. But if Apple, for example, creates a back door for its iPhones sold there, authorities in other countries previously stymied by Apple’s tough encryption could demand the same access. Australia’s law said it can’t ask a company to build universal decryption. Continue reading New Australian Legislation Challenges Unbreakable Encryption

Wi-Fi Alliance Finalizes the WPA3 Wireless Security Protocol

The Wi-Fi Alliance just unveiled WPA3, five months after it was first announced. The nonprofit organization that certifies Wi-Fi networking standards introduced a certification for two versions of WPA3, the successor standard to WPA2: WPA3-Personal and WPA3-Enterprise as well as Wi-Fi Easy Connect, a program that makes it easier to pair Wi-Fi devices without displays. Wi-Fi Alliance vice president of marketing Kevin Robinson dubs WPA3 as “the next generation of security for personal and enterprise networks.” Continue reading Wi-Fi Alliance Finalizes the WPA3 Wireless Security Protocol

Municipalities Increasingly Targeted for Ransomware Attacks

Cyber criminals recently hacked the municipal computers of Rockport, Maine, demanding $1,200 in Bitcoin to unlock them. That’s just one example of a surge of ransomware aimed at municipal computer systems, both large and small, including the city of Atlanta and a St. Louis library system. According to Ponemon Institute, an information systems research firm, these kinds of public sector hacks are increasing faster than those on private ones. City officials are often unprepared to deal with the consequences. Continue reading Municipalities Increasingly Targeted for Ransomware Attacks

W3C Officially Recommends EME Spec for DRM Protection

The World Wide Web Consortium (W3C) published the Encrypted Media Extensions (EME) specification as a recommendation, although W3C members only voted 58.4 percent to approve, with 30.8 percent opposing and 10.8 percent abstaining. EME is a standard interface for digital rights management (DRM) protection of content delivered through the browser, defining how Internet content works with third-party Content Decryption Modules (CDMs) that provide proprietary decryption and rights management. In response to the EME recommendation, the Electronic Frontier Foundation has resigned from the W3C. Continue reading W3C Officially Recommends EME Spec for DRM Protection

W3C Approves the EME Standard for DRM-Protected Video

The World Wide Web Consortium (W3C), which oversees standards for the web, approved a new system for handling DRM-protected video. Encrypted Media Extensions (EME) work by letting DRM systems connect directly to the user’s browser. EME lets streaming video services protect their content without forcing users to install plugins that can be insecure. But not everyone is happy. Some researchers and advocates of the open Internet believe EME will give browser developers and content providers too much power. Continue reading W3C Approves the EME Standard for DRM-Protected Video

Ransomware: Hackers Extort $1 Million From One Company

In the largest ransomware payout to date, South Korean web provider Nayana has agreed to pay $1 million to hackers who originally demanded 550 Bitcoins, about $1.62 million. Following negotiations, Nayana has agreed to pay $1 million in three installments. The ransomware, identified as Erebus by cybersecurity firm Trend Micro, impacted 153 Linux servers and more than 3,400 websites hosted by Nayana. “This is the single largest-known payout for a ransomware attack, and it was an attack on one company,” reports CNET. “For comparison, the WannaCry ransomware attacked 200,000 computers across 150 countries, and has only pooled $127,142 in Bitcoins since it surfaced.” Continue reading Ransomware: Hackers Extort $1 Million From One Company

Extortion Hacking On the Rise, But Does Not Always Pay Off

Cyberattacks are on the rise, with major corporations, media companies, the healthcare industry and even the federal government becoming targets of hacking. Recent incidents involved media content as hackers threatened early releases of movies and streaming series if the property owners failed to pay ransoms. Hackers called the Shadow Brokers told the NSA they would release secret espionage tools unless the agency pays up. Security experts suggest that this type of extortion has had mixed results thus far. Continue reading Extortion Hacking On the Rise, But Does Not Always Pay Off

FBI iPhone Hack Could Impact the Future of Law Enforcement

Although the FBI was finally able to decrypt the iPhone belonging to San Bernardino terrorist Syed Rizwan Farook by paying for a third party private hack, the issues around accessing content on a personal smartphone are not resolved. The FBI is figuring out how and if it can re-use the hack, but it’s not simply interested in what’s called “data at rest,” says FBI director James Comey. The FBI is also interested in “data in motion,” the emails, texts and other information in transit over the Internet as “hugely significant” for national security. Continue reading FBI iPhone Hack Could Impact the Future of Law Enforcement

Twitter Withholds Data, Tensions Rise Between Police, Tech

The battle over encryption is heating up on Capitol Hill where Manhattan district attorney Cyrus R. Vance Jr. said his office hasn’t been able to decrypt 230 iPhones possibly containing important crime-related information. Google general counsel Kent Walker and Microsoft president Brad Smith also visited lawmakers to make the counter-argument that weakened encryption would make their technology less secure. These latest salvos are part of a battle that ignited when Apple refused to decrypt a mass-shooter’s iPhone. Continue reading Twitter Withholds Data, Tensions Rise Between Police, Tech

Proposed Encryption Bill Faces Opposition from Silicon Valley

Washington and Silicon Valley are poised to clash again in the ongoing debate over encryption technology in relation to data privacy, law enforcement and national security. Senate Intelligence Committee chair Richard Burr (Republican, NC) and Dianne Feinstein (Democrat, CA), the panel’s vice chair, have introduced proposed legislation that would require companies to unlock encrypted devices when served a court order. Congress has been working on a balance between security and privacy regarding encryption, especially in the wake of the recent iPhone case. Continue reading Proposed Encryption Bill Faces Opposition from Silicon Valley

FBI Tries to Unlock More iPhones, Debate Continues in Europe

Since the FBI broke the encryption of the iPhone 5C belonging to terrorist Syed Rizwan Farook, most likely with the help of the Israeli office of the Japanese mobile phone security firm Cellebrite Mobile Synchronization, it has been testing the method on other iPhone versions. It will not, however, disclose the phone’s flaw or the information found on Farook’s phone. European cases regarding locked phones are heating up, with France and England considering fines for companies that don’t help crack their phones’ encryption. Continue reading FBI Tries to Unlock More iPhones, Debate Continues in Europe

Europe Divides in Battle Between Privacy, Digital Decryption

As the issue of digital encryption versus privacy roiled in the U.S. over the FBI’s demand that Apple unlock the iPhone of a mass murderer in California, recent violence in Brussels and Paris has brought those same issues to the fore in Europe. Although privacy is enshrined as a basic right in much of Europe, lawmakers in some countries are considering proposals that would give greater powers to law enforcement to access personal digital data. But privacy advocates in those same countries are fighting back. Continue reading Europe Divides in Battle Between Privacy, Digital Decryption

RSA Conference Reveals More Nuances in FBI-Apple Battle

By now, everyone knows the general outline of the argument between Apple and the FBI, over the latter’s request for a backdoor into the San Bernardino shooter’s iPhone. Apple’s refusal to do so has sparked a war of words and legal actions between Apple and other proponents of data protection/digital privacy and the government, as well as others who believe national security trumps digital privacy. More recently, at the RSA Conference, an information security event, more nuances were revealed. Continue reading RSA Conference Reveals More Nuances in FBI-Apple Battle

Apple and U.S. Government Battle Over Privacy vs. Terrorism

The battle between terrorism and privacy has been brewing for quite some time, and the tipping point was the iPhone belonging to Syed Rizwan Farook, who, with his wife, opened fire at an office party in December 2015, killing 14 people and injuring 22. The FBI has been trying to decrypt Farook’s phone, unsuccessfully, and asked Apple to create a “backdoor” code into the phone. Apple refused, and now a court order gives the Silicon Valley company five days to comply. Chief executive Tim Cook is holding firm. Continue reading Apple and U.S. Government Battle Over Privacy vs. Terrorism

Will Proposed DRM Framework Keep the Web Relevant?

The World Wide Web Consortium published a working draft last week for Encrypted Media Extensions (EME), which is a proposed framework that enables delivery of DRM-protected media content via browsers without using plugins such as Flash or Silverlight. While the announcement has met with sharp criticism from groups including the Electronic Frontier Foundation and the Free Software Foundation, Ars Technica suggests the framework will help keep the Web relevant. Continue reading Will Proposed DRM Framework Keep the Web Relevant?