encryption

FreedomPop's 'Snowden phone' encrypts your calls and data

Want to protect your phone calls and data from the feds, hackers, and other snoops? FreedomPop's new Privacy Phone promises to do just that.

Nicknamed the "Snowden phone" after NSA whistleblower Edward Snowden, the phone is actually a Samsung Galaxy S2 that FreedomPop rejiggered into a call- and data-encrypting device. Equipped with 128-bit encryption, the phone aims to secure your voice calls and text messages. A built-in virtual private network lets you surf the Web anonymously.

Selling now for $189, the Privacy Phone comes with unlimited voice and texting. FreedomPop throws in 50MB of monthly data access … Read more

Klocwork: Our source code analyzer caught Apple's 'gotofail' bug

It was a single repeated line of code -- "goto fail" -- that left millions of Apple users vulnerable to Internet attacks until the company finally fixed it Tuesday.

That OS X security vulnerability, which also affected iOS users, arose out of Apple's custom implementation of a security standard known as SSL/TLS. By including the "goto fail" line twice in a row, the normal error check for some types of encryption signatures fails.

Now Klocwork, a company that makes source code analysis tools, is demonstrating that its product would have caught the errant second &… Read more

Yahoo, ICQ chats still vulnerable to government snoops

Nine months after Edward Snowden revealed extreme Internet surveillance by US and British intelligence agencies, some major technology companies have yet to take rudimentary steps to shield their users' instant messages from eavesdropping.

A CNET analysis shows that Yahoo and ICQ transmit the content of supposedly private instant messages in unencrypted form, exposing them to both government spies and malicious snoops on the same Wi-Fi network. AOL's AIM service encrypts content -- but leaks metadata about who's talking to whom.

These privacy problems were highlighted by a Guardian article Thursday, which revealed that spy agencies were eavesdropping on … Read more

How to encrypt your Kindle Fire HDX

Device encryption can be a great way to keep your data secure in case it falls into the wrong hands. For many users, however, it can be overkill and there's usually a performance hit to a device that's been encrypted. Using a PIN code to lock the device is usually an effective deterrent and software tools like Find My iPhone and Android Device Manager can help track, lock, or wipe lost devices.

Unfortunately for Kindle Fire HDX owners, there's no app available that's comparable to Find My iPhone or Android Device Manager. If you want to … Read more

Unique smartphones boast encryption, e-ink

CNET Update explores the quirky side of smartphones:

These are not your typical smartphones. In this episode of Update, learn about new smartphones that stand out with unique features, including:

- The Blackphone, made by Geeksphone in Switzerland, which encrypts calls, texts and data. It's arriving in June for $630.

- Panasonic's rugged Toughpad, designed for tough jobs that may involve barcode scanning.

- BlackBerry's upcoming Q20, which goes back to basics with a trackpad. It's also selling the Z3, a sub-$200 all-touchscreen phone that will be sold in emerging markets.

- The dual-screen YotaPhoneRead more

New TextSecure delivers smoother encryption

TextSecure is a far cry from driving a multibillion-dollar buyout. But for people who care about having their SMS and instant messages protected from prying eyes, it's an app that just got easier to use and more secure.

The new Android version of TextSecure, announced Monday, still uses the TextSecure v2 protocol that debuted with its CyanogenMod integration last year. Open WhisperSystems' founder, a security researcher and developer who goes by the pseudonym Moxie Marlinspike, said that the partnership has helped his company.

"It's been great," he said. "Their userbase is enormous, and it's … Read more

Target works on security-heavy credit cards, after breach

Target is still reeling from the massive security breach, which affected as many as 110 million customers. Now, as the retailer gets back on its feet, it's becoming more security focused.

Target Chief Financial Officer John Mulligan wrote an opinion piece for The Hill on Monday saying that the company was speeding up its implementation of high-security credit cards.

The credit cards come embedded with a tiny microprocessor chip, which is said to beef up security and make it more difficult for cybercriminals to access user data. Target had already begun work on the cards before the hack, but … Read more

Tumblr activates SSL, but with a catch

Tumblr has begun to catch up with modern security standards by activating SSL on Monday. There's a catch, though: You have to enable SSL on Tumblr manually.

If you're not familiar, Secure Sockets Layer, or SSL, allows for the data being transmitted from the Tumblr server to your computer to be encrypted. SSL decreases the likelihood of casually eavesdropping on people who visit sites with it enabled.

Tumblr owners can go into their Tumblr account settings dashboard and manually turn on SSL. Conrad Rushing, Tumblr's director of security engineering who wrote the blog post announcing the new … Read more

See when recipients open your Gmail attachments with docTrackr

Some e-mail attachments are more sensitive than others, just as some e-mail recipients are more responsible than others. Chrome extension docTrackr lets you encrypt Gmail attachments, set permissions, and remotely destroy them. It also alerts you when a recipient opens or prints an attachment, so you can call shenanigans the next time your flighty friend claims not to have received an attachment.

When docTrackr installs, it adds a button next to the regular attachment button in Gmail's compose window. It also adds a button to the right of Chrome's address bar that provides a link to docTrackr's … Read more

Yahoo enables default HTTPS encryption for Yahoo Mail

As promised, Yahoo is now automatically encrypting Yahoo Mail users' connections to the service.

The company announced Tuesday it has enabled automatic HTTPS as the default for all users on the network, coming in a day before the January 8 deadline it placed on itself in October. With the upgrade, the Web portal has now using 2,048-bit encryption keys to secure certificates, which are used to set up encrypted communications between a Web server and Web browser.

"Anytime you use Yahoo Mail -- whether it's on the web, mobile web, mobile apps, or via IMAP, POP or … Read more