encryption posts on CNET - Page 5

encryption

Lavabit chief predicts 'long fight' with feds (Q&A)

Ladar Levison can't talk for legal reasons about the specifics of why he shut down Lavabit, his encrypted Web e-mail company, but he was hardly tight-lipped about the subject.

Lavabit went dark Thursday, after nearly 10 years in service. Lavabit is the Web mail service allegedly used by Edward Snowden to contact a Human Rights Watch representative in July. Snowden is the source of the recent unsettling revelations about National Security Agency surveillance activity.

Levison replaced the Lavabit login screen with a message that reads in part, "As things currently stand, I cannot share my experiences over the … Read more

GPGTools offers quick encryption options for OS X Mail

If you regularly send confidential information via e-mail and wish to make it as secure as possible, one option for OS X users is GPGTools, which provides encryption and decryption services for any of your e-mail accounts.

GPGTools is a free and open-source encryption project for OS X, based on OpenPGP, which gives OS X users quick access to options for signing and encrypting e-mail messages, as well as offering file-level services for encrypting documents and folders. The project has been around since 2011, but was recently updated to version 2, and supports a number of new features. The suite … Read more

Silent Circle follows Lavabit in shuttering encrypted e-mail

Silent Circle shuttered its encrypted e-mail service on Thursday, the second such closure in just a few hours in an apparent attempt to avoid government scrutiny that may threaten its customers' privacy.

Silent Circle, which makes software that encrypts phone calls and other communications, announced in a company blog post that it could "see the writing on the wall" and decided it best to shut down its Silent Mail feature. The company said it was inspired by the closure earlier Thursday of Lavabit, another encrypted e-mail service provider that alluded to a possible national security investigation.

"We … Read more

Can FileVault be bypassed with OS X password reset routines?

FileVault is OS X's built-in data encryption technology, and when enabled, as with an unencrypted OS X volume you simply enter your account credentials to get into your system. However, given Apple supplies password resetting utilities that can change an administrative password even without being logged in, you might be concerned this will allow a bad guy to simply reset your password, bypass FileVault, and get to your encrypted files.

MacFixIt reader Fred recently wrote in with such a concern:

If I have FileVault enabled on my Mac, what prevents someone from restarting with Command-R held down, and then … Read more

Feds tell Web firms to turn over user account passwords

The U.S. government has demanded that major Internet companies divulge users' stored passwords, according to two industry sources familiar with these orders, which represent an escalation in surveillance techniques that has not previously been disclosed.

If the government is able to determine a person's password, which is typically stored in encrypted form, the credential could be used to log in to an account to peruse confidential correspondence or even impersonate the user. Obtaining it also would aid in deciphering encrypted devices in situations where passwords are reused.

"I've certainly seen them ask for passwords," said … Read more

Feds put heat on Web firms for master encryption keys

The U.S. government has attempted to obtain the master encryption keys that Internet companies use to shield millions of users' private Web communications from eavesdropping.

These demands for master encryption keys, which have not been disclosed previously, represent a technological escalation in the clandestine methods that the FBI and the National Security Agency employ when conducting electronic surveillance against Internet users.

If the government obtains a company's master encryption key, agents could decrypt the contents of communications intercepted through a wiretap or by invoking the potent surveillance authorities of the Foreign Intelligence Surveillance Act. Web encryption -- which … Read more

Options for securing password files in OS X

Password managers like Apple's Keychain or the third-party 1Password utility are exceptionally useful options for managing the numerous credentials we establish and use on a day to day basis with our computers. With these tools set up, you can easily check an option to save your username and password in an encrypted form, to be retrieved whenever you access the respective service.

Despite these tools, some people may still wish to keep a list of usernames and passwords they use in an accessible list, such as a text document or other more simplistic form, even if it's just … Read more

SIM card flaw said to allow hijacking of millions of phones

A vulnerability on SIM cards used in some mobile phones could allow malware infection and surveillance, a security researcher warns.

Karsten Nohl, founder of Security Research Labs in Berlin, told The New York Times that he has identified a flaw in SIM encryption technology that could allow an attacker to obtain a SIM card's digital key, the 56-digit sequence that allows modification of the card. The flaw, which may affect as many as 750 million mobile phones, could allow eavesdropping on phone conversations, fraudulent purchases, or impersonation of the handset's owner, Nohl warned.

"We can remotely install … Read more

Google tests encryption to protect users' Drive files against government demands

Google has begun experimenting with encrypting Google Drive files, a privacy-protective move that could curb attempts by the U.S. and other governments to gain access to users' stored files.

Two sources told CNET that the Mountain View, Calif.-based company is actively testing encryption to armor files on its cloud-based file storage and synchronization service. One source who is familiar with the project said a small percentage of Google Drive files is currently encrypted.

The move could differentiate Google from other Silicon Valley companies that have been the subject of ongoing scrutiny after classified National Security Agency slides revealedRead more

How the U.S. forces Net firms to cooperate on surveillance

By wielding a potent legal threat, the U.S. government is often able to force Internet companies to aid its surveillance demands. The threat? Comply or we'll implant our own eavesdropping devices on your network.

Under federal law, the National Security Agency can serve real-time "electronic surveillance" orders on Internet companies for investigations related to terrorism or national security.

These orders, authorized by the Foreign Intelligence Surveillance Act, are used to feed data into the NSA's PRISM software program that was revealed last month by former intelligence analyst Edward Snowden. PRISM documents indicate that the NSA … Read more