encryption posts on CNET - Page 2


New TextSecure delivers smoother encryption

TextSecure is a far cry from driving a multibillion-dollar buyout. But for people who care about having their SMS and instant messages protected from prying eyes, it's an app that just got easier to use and more secure.

The new Android version of TextSecure, announced Monday, still uses the TextSecure v2 protocol that debuted with its CyanogenMod integration last year. Open WhisperSystems' founder, a security researcher and developer who goes by the pseudonym Moxie Marlinspike, said that the partnership has helped his company.

"It's been great," he said. "Their userbase is enormous, and it's … Read more

Target works on security-heavy credit cards, after breach

Target is still reeling from the massive security breach, which affected as many as 110 million customers. Now, as the retailer gets back on its feet, it's becoming more security focused.

Target Chief Financial Officer John Mulligan wrote an opinion piece for The Hill on Monday saying that the company was speeding up its implementation of high-security credit cards.

The credit cards come embedded with a tiny microprocessor chip, which is said to beef up security and make it more difficult for cybercriminals to access user data. Target had already begun work on the cards before the hack, but … Read more

Tumblr activates SSL, but with a catch

Tumblr has begun to catch up with modern security standards by activating SSL on Monday. There's a catch, though: You have to enable SSL on Tumblr manually.

If you're not familiar, Secure Sockets Layer, or SSL, allows for the data being transmitted from the Tumblr server to your computer to be encrypted. SSL decreases the likelihood of casually eavesdropping on people who visit sites with it enabled.

Tumblr owners can go into their Tumblr account settings dashboard and manually turn on SSL. Conrad Rushing, Tumblr's director of security engineering who wrote the blog post announcing the new … Read more

See when recipients open your Gmail attachments with docTrackr

Some e-mail attachments are more sensitive than others, just as some e-mail recipients are more responsible than others. Chrome extension docTrackr lets you encrypt Gmail attachments, set permissions, and remotely destroy them. It also alerts you when a recipient opens or prints an attachment, so you can call shenanigans the next time your flighty friend claims not to have received an attachment.

When docTrackr installs, it adds a button next to the regular attachment button in Gmail's compose window. It also adds a button to the right of Chrome's address bar that provides a link to docTrackr's … Read more

Yahoo enables default HTTPS encryption for Yahoo Mail

As promised, Yahoo is now automatically encrypting Yahoo Mail users' connections to the service.

The company announced Tuesday it has enabled automatic HTTPS as the default for all users on the network, coming in a day before the January 8 deadline it placed on itself in October. With the upgrade, the Web portal has now using 2,048-bit encryption keys to secure certificates, which are used to set up encrypted communications between a Web server and Web browser.

"Anytime you use Yahoo Mail -- whether it's on the web, mobile web, mobile apps, or via IMAP, POP or … Read more

RSA Conference speakers begin to bail, thanks to NSA

Actions have consequences, goes the old saying, and actions taken by the security firm RSA in December have come back to haunt it this week.

Last month, it was revealed that RSA had accepted $10 million from the National Security Agency to implement an intentional cryptographic flaw, commonly called a backdoor, in one of its encryption tools. Days later, Mikko Hypponen, chief technology officer of F-Secure with decades under his belt as a security researcher, canceled his annual presentation at the American-hosted RSA Conference, to be held in San Francisco in February.

"I don't really expect your multibillion-dollar … Read more

Target: Encrypted PINs stolen but not encryption key

Target is again trying to calm customers in the wake of the recent hack that snatched credit card information for as many as 40 million account holders.

A Target spokeswoman revealed on Friday that strongly encrypted credit and debit card PINs were stolen by the hackers. But she said that those personal identification numbers cannot be decrypted without the right key, which could not have been taken during the data breach as the company does not store that information. The PINs are encrypted at the point-of-sale keypad, stay encrypted in the system, and continued to remain encrypted when obtained by … Read more

Security firm RSA took millions from NSA: report

What's an encryption backdoor cost? When you're the NSA, apparently the fee is $10 million.

Intentional flaws created by the National Security Agency in RSA's encryption tokens were discovered in September, thanks to documents released by whistleblower Edward Snowden. It has now been revealed that RSA was paid $10 million by the NSA to implement those backdoors, according to a new report in Reuters.

Two people familiar with RSA's BSafe software told Reuters that the company had received the money in exchange for making the NSA's cryptographic formula as the default for encrypted key generation … Read more

Wickr 2.0 makes self-destructing SMS more fun

When it comes to secure text messaging, you're often entirely dependent on the whims of the message server. Wickr goes to great lengths to flip that paradigm around, handing control back to you, the sender.

Wickr 2.0's debut on Friday makes it much easier to invite friends to use the app, thanks to a new address-book scanning feature that prevents Wickr from learning who you're inviting. That's a big difference from just about every other service out there, which accesses your address book -- usually with your permission -- and then holds on to that … Read more

Microsoft to fight Internet snooping with stronger crypto

Comparing government surveillance to sophisticated malware and cyber attacks, Microsoft said late Wednesday it will encrypt Internet traffic traveling through its data centers.

Brad Smith, Microsoft's general counsel, wrote in a company blog post that the software giant is taking steps to ensure that any government surveillance of the Internet is conducted legally rather than by a technological subterfuge. Not mentioning the National Security Agency by name, Smith said Microsoft was especially alarmed by allegations that "some governments" had collected customer data from the Internet without warrants.

"If true, these efforts threaten to seriously undermine confidence … Read more