encryption

Johns Hopkins reverses decision forcing prof to pull NSA post

Johns Hopkins University was alerted earlier Monday that one of its professors wrote a blog post allegedly linking to classified National Security Agency documents. Swiftly, the university asked this professor to take down his post. However, hours later, when the school realized he was just linking to news articles -- he was allowed to reinstate the blog post.

The whole debacle began after major news stories spread across the Web last Thursday detailing claims that the NSA has been setting up a clandestine program to break digital encryptions for everything from users' smartphones to everyday e-mails to medical records.

Matthew … Read more

Review: While basic, MEO Free File Encryption for Mac secures files, easily

MEO Free File Encryption for Mac allows users to password-protect files and send encrypted e-mails, all in a basic, easy-to-understand package. With the rise in security threats, the program's capabilities will be useful to many users who want to protect sensitive files against unauthorized access.

MEO Free File Encryption for Mac opens into a small menu with three large buttons. Each includes clear labeling and graphics, making their functions easy to identify, even for less-experienced users. These buttons are for encrypting, decrypting, and e-mailing secured files. Clicking the encrypt option brings up an additional window, which allows users to … Read more

BlackBerry's encryption patents could be its saving grace

Days after BlackBerry announced it was for sale, some people suggested that the beleaguered phone maker sell its patent portfolio to avoid going into the red.

While BlackBerry's smartphones sales have been tepid at best, the company still has a healthy portfolio of 130 encryption patents. In fact, MIT Technology Review suggested these patents could be the company's biggest asset.

What's unique about BlackBerry's security patents is that they use what's called elliptic curve cryptography, which is regarded as more efficient than RSA algorithms for small devices. BlackBerry bought these patents for $106 million from … Read more

Google now encrypts cloud storage by default

Google's Cloud Storage service now automatically encrypts all its customer data for free, the company said Thursday.

The encryption has "no visible performance impact," Google Cloud Storage's product manager, Dave Barth, wrote in a blog post. "If you require encryption for your data, this functionality frees you from the hassle and risk of managing your own encryption and decryption keys," he said.

New files added to Cloud Storage will be encrypted as they're uploaded and before they're saved to a drive. Older files will be migrated "in the coming months," … Read more

How to encrypt a file from the OS X command line

If you would like to encrypt a file or two on your Mac to keep it secure, there are several options available to you. There are a number of third-party tools, such as GPGTools' GPG Suite, which offer encryption options for files (more details here), but Apple also offers built-in encryption support with disk images.

While securely wrapping files in disk images generally requires using Disk Utility, you can do so through the command line as well, which may be useful if you are accessing a system remotely through SSH, or scripting a routine where you would like to encrypt … Read more

Lavabit chief predicts 'long fight' with feds (Q&A)

Ladar Levison can't talk for legal reasons about the specifics of why he shut down Lavabit, his encrypted Web e-mail company, but he was hardly tight-lipped about the subject.

Lavabit went dark Thursday, after nearly 10 years in service. Lavabit is the Web mail service allegedly used by Edward Snowden to contact a Human Rights Watch representative in July. Snowden is the source of the recent unsettling revelations about National Security Agency surveillance activity.

Levison replaced the Lavabit login screen with a message that reads in part, "As things currently stand, I cannot share my experiences over the … Read more

GPGTools offers quick encryption options for OS X Mail

If you regularly send confidential information via e-mail and wish to make it as secure as possible, one option for OS X users is GPGTools, which provides encryption and decryption services for any of your e-mail accounts.

GPGTools is a free and open-source encryption project for OS X, based on OpenPGP, which gives OS X users quick access to options for signing and encrypting e-mail messages, as well as offering file-level services for encrypting documents and folders. The project has been around since 2011, but was recently updated to version 2, and supports a number of new features. The suite … Read more

Silent Circle follows Lavabit in shuttering encrypted e-mail

Silent Circle shuttered its encrypted e-mail service on Thursday, the second such closure in just a few hours in an apparent attempt to avoid government scrutiny that may threaten its customers' privacy.

Silent Circle, which makes software that encrypts phone calls and other communications, announced in a company blog post that it could "see the writing on the wall" and decided it best to shut down its Silent Mail feature. The company said it was inspired by the closure earlier Thursday of Lavabit, another encrypted e-mail service provider that alluded to a possible national security investigation.

"We … Read more

Can FileVault be bypassed with OS X password reset routines?

FileVault is OS X's built-in data encryption technology, and when enabled, as with an unencrypted OS X volume you simply enter your account credentials to get into your system. However, given Apple supplies password resetting utilities that can change an administrative password even without being logged in, you might be concerned this will allow a bad guy to simply reset your password, bypass FileVault, and get to your encrypted files.

MacFixIt reader Fred recently wrote in with such a concern:

If I have FileVault enabled on my Mac, what prevents someone from restarting with Command-R held down, and then … Read more

Feds tell Web firms to turn over user account passwords

The U.S. government has demanded that major Internet companies divulge users' stored passwords, according to two industry sources familiar with these orders, which represent an escalation in surveillance techniques that has not previously been disclosed.

If the government is able to determine a person's password, which is typically stored in encrypted form, the credential could be used to log in to an account to peruse confidential correspondence or even impersonate the user. Obtaining it also would aid in deciphering encrypted devices in situations where passwords are reused.

"I've certainly seen them ask for passwords," said … Read more