RSA Conference speakers begin to bail, thanks to NSA

Actions have consequences, goes the old saying, and actions taken by the security firm RSA in December have come back to haunt it this week.

Last month, it was revealed that RSA had accepted $10 million from the National Security Agency to implement an intentional cryptographic flaw, commonly called a backdoor, in one of its encryption tools. Days later, Mikko Hypponen, chief technology officer of F-Secure with decades under his belt as a security researcher, canceled his annual presentation at the American-hosted RSA Conference, to be held in San Francisco in February.

"I don't really expect your multibillion-dollar … Read more

Target: Encrypted PINs stolen but not encryption key

Target is again trying to calm customers in the wake of the recent hack that snatched credit card information for as many as 40 million account holders.

A Target spokeswoman revealed on Friday that strongly encrypted credit and debit card PINs were stolen by the hackers. But she said that those personal identification numbers cannot be decrypted without the right key, which could not have been taken during the data breach as the company does not store that information. The PINs are encrypted at the point-of-sale keypad, stay encrypted in the system, and continued to remain encrypted when obtained by … Read more

Security firm RSA took millions from NSA: report

What's an encryption backdoor cost? When you're the NSA, apparently the fee is $10 million.

Intentional flaws created by the National Security Agency in RSA's encryption tokens were discovered in September, thanks to documents released by whistleblower Edward Snowden. It has now been revealed that RSA was paid $10 million by the NSA to implement those backdoors, according to a new report in Reuters.

Two people familiar with RSA's BSafe software told Reuters that the company had received the money in exchange for making the NSA's cryptographic formula as the default for encrypted key generation … Read more

Wickr 2.0 makes self-destructing SMS more fun

When it comes to secure text messaging, you're often entirely dependent on the whims of the message server. Wickr goes to great lengths to flip that paradigm around, handing control back to you, the sender.

Wickr 2.0's debut on Friday makes it much easier to invite friends to use the app, thanks to a new address-book scanning feature that prevents Wickr from learning who you're inviting. That's a big difference from just about every other service out there, which accesses your address book -- usually with your permission -- and then holds on to that … Read more

Microsoft to fight Internet snooping with stronger crypto

Comparing government surveillance to sophisticated malware and cyber attacks, Microsoft said late Wednesday it will encrypt Internet traffic traveling through its data centers.

Brad Smith, Microsoft's general counsel, wrote in a company blog post that the software giant is taking steps to ensure that any government surveillance of the Internet is conducted legally rather than by a technological subterfuge. Not mentioning the National Security Agency by name, Smith said Microsoft was especially alarmed by allegations that "some governments" had collected customer data from the Internet without warrants.

"If true, these efforts threaten to seriously undermine confidence … Read more

Microsoft said to beef up its Internet encryption

Microsoft has been an outspoken critic of the National Security Agency's surveillance program, yet it has trailed behind other major tech companies in amping up its Internet encryption practices. However, that could soon change.

The tech giant is looking to overhaul its system for encrypting Internet traffic, according to the Washington Post. Sources familiar with the matter told the newspaper that Microsoft is making the change because it believes the NSA might have breached its global communications systems.

Microsoft's conclusions most likely stem from documents leaked by the former NSA contractor Edward Snowden. In October, the Washington Post … Read more

Encrypted messaging coming to Microsoft's Office 365 next year

In response to e-mail privacy concerns, Microsoft announced Thursday it will introduce message encryption for Office 365 in early 2014.

The new feature, dubbed Office 365 Message Encryption, will allow users to send automatically encrypted e-mail to recipients outside of their own company, regardless of its destination. In addition, all replies and forwards of that original message are automatically encrypted as well.

"No matter what the destination -- Outlook.com, Yahoo, Gmail, Exchange Server, Lotus Notes, GroupWise, Squirrel Mail, you name it -- you can send sensitive business communications with an additional level of protection against unauthorized access," … Read more

Google finishes 2,048-bit security upgrade for Web privacy

Never again are you going to get a Google Web site whose security certificate is protected with comparatively weak 1,024-bit encryption.

The Net giant has secured all its certificates with 2,048-bit RSA encryption keys or better, Google security engineer Dan Dulay said in a blog post Monday. Certificates are used to set up encrypted communications between a Web server and Web browser.

That means two things. First, traffic will be harder to decrypt since 1,024-bit keys aren't in use at Google anymore. Second, retiring the 1,024-bit keys means the computing industry can retire the technology … Read more

Yahoo plays catchup in the encryption arms race

Yahoo on Monday announced that it will be beefing up encryption efforts across all of the company's products -- just the latest case of giant tech companies trying assuage user concerns in the face of numerous press reports of government surveillance.

Specifically, Yahoo CEO Marissa Mayer wrote in a blog post that the company will encrypt all information flowing between data centers by the end of the first quarter in 2014. It will also give users the option to encrypt the flow of all information shared with Yahoo by the same time frame. In addition, Mayer said that the … Read more

Review: Take ZIP tools to a new level with WinZip 18

WinZip has long been a go-to ZIP tool, so we were keen to try the all-new WinZip 18. It's much more than a cosmetic upgrade: A new compression engine zips, splits, and joins files faster than legacy versions, though of course WinZip still handles virtually any archive file type. It converts files to PDFs, adds watermarks, resizes photos, manages archives, and protects files with 128/256 bit encryption. Improved cloud navigation smoothly integrates WinZip with many more cloud services, including Box, Dropbox, SugarSync, SkyDrive, and Google Drive. Cloud Links adds links to files via e-mail, IM, and social media. … Read more