Five Best File Encryption Tools

2016.08.10 01

Keeping your personal data safe doesn’t have to be difficult—as long as you keep the sensitive stuff encrypted and under your control. That’s why this week we’re looking at the five best file encryption tools you can use to encrypt your data locally so only you have the key.

Earlier in the week we asked you for your favorite file encryption tools, and you gave us tons of great nominations, but as always, we only have room for the top five.

For the purposes of our roundup, we’re focusing on desktop file encryption tools – the ones you use on your own computer to encrypt your own private data, not cloud services that promise to encrypt your data, or business services that say they offer encryption. The goal here is to find the best tools you can use to lock down your sensitive files—whether they’re photos, financial documents, personal backups, or anything else—and keep them locked down so only you have the key. For those unfamiliar with the topic, we have a great guide on how encryption works, and how you can use it to keep your own data safe.

With that out of the way, here are your top five, in no particular order:

Five Best File Encryption Tools

Old Tech Can Create New Security Woes

2016.08.07 05

“Patch your systems in a timely manner” is a mantra of security experts, but what happens when the patch well runs dry because a product’s maker no longer supports it? That is a situation many large enterprises find themselves in, and it’s one that poses security risks.

Between 30 percent and 50 percent of the hardware and software assets in the average large enterprise have reached their end-of-life date, according to a BDNA report released last month.

End-of-life products pose a serious security risk to the enterprise.

“The vast majority of vulnerabilities — more than 99 percent — exploit out-of-date software with known vulnerabilities,” said BDNA President Walker White.

Oversight is a common reason end-of-life products continue to run on an organization’s systems.

“There may be a new version of a product, but because you don’t have a clear view of what’s in your environment, you can miss the old version in your upgrade process,” White told TechNewsWorld.

That’s how orphan apps are created, too.

“These products may remain on a network and are not removed because no one is using them, and no one has turned off their lights,” White said. “A hacker will exploit that kind of leftover artifact.”

Old Tech Can Create New Security Woes

Google Beefs Up Phone App’s Spam-Fighting Skills

2016.08.02 03

Google on Tuesday released an updated version of its Phone app for Android with a new spam protection feature that warns users when an incoming call is likely to be spam. It also lets them block numbers and report spam.

The app is available on Google Play.

“Most mobile numbers aren’t listed anywhere, and so spamming has been [difficult] — but automation is rapidly eroding the protection of anonymity,” he told LinuxInsider. “It’s possible for call systems to quickly scan down a block of numbers, identify the ones that get answered, and compile lists of active numbers.”

Google Beefs Up Phone App’s Spam-Fighting Skills

KeySniffer Follows the Scent of Cheap Wireless Keyboards

2016.08.02 01

A vulnerability in inexpensive wireless keyboards lets hackers steal private data, Bastille reported this week.

The vulnerability lets hackers use a new attack the firm dubbed “KeySniffer” to eavesdrop on and capture every keystroke typed from up to 250 feet away

The stolen data is rendered in clear text. It lets hackers search for victims’ credit card information, bank account usernames and passwords, answers to security questions, network access passwords, and any data typed into a document or email.

“Almost all access credentials have value to hackers,” noted Tom Clare, vice president of marketing at Gurucul.

“Hijacked or compromised access credentials to the corporate cloud “are the keys to the kingdom,” he told TechNewsWorld.

“KeySniffer demonstrates that as many as two thirds of the lower-cost wireless keyboards currently on the market implement no encryption whatsoever, leaving them vulnerable to passive keystroke sniffing and injection,” observed Bastille’s Marc Newlin.

Affected keyboards are made by eight companies: HP, Toshiba, Kensington, Insignia, Radio Shack, Anker, General Electric and EagleTec.

KeySniffer Follows the Scent of Cheap Wireless Keyboards

Google Dabbles in Post-Quantum Cryptography

2016.07.26 07

Google last week announced an experiment with post-quantum cryptography in Chrome. A small fraction of connections between Google’s servers and Chrome on the desktop will use a post-quantum key-exchange algorithm in addition to the elliptic-curve key-exchange algorithm already being used.

The idea is that large quantum computers — if and when they’re built — might be able to break current security algorithms retroactively, so it would be wise to develop algorithmic proof against such cracking efforts.

The experiment employs the New Hope algorithm, which Google considered the most promising post-quantum key-exchange among those it investigated last year. Its aim is to gain real-world experience with the larger data structures post-quantum algorithms likely will require.

Layering the post-quantum algorithm on top of the existing algorithm allows the experiment to proceed without affecting user security, Google said.

Google pledged to discontinue the experiment within two years, emphasizing that it did not want to establish its selected post-quantum algorithm as a de facto standard.

Google Dabbles in Post-Quantum Cryptography

Facebook Lets Messenger Conversations Go Dark

2016.07.26 06

Facebook last week said it would begin testing long anticipated end-to-end encryption capabilities in its Messenger app, enabling users to have secret conversations.

The new level of security means that a message will be visible only to the sender and the recipient — Facebook won’t even be able to read it.

Users can set a timer to limit the amount of time that a message remains visible during the conversation. Facebook has employed Open Whisper Systems’ Signal Protocol technology to provide the encryption.

One major caveat is that an end-to-end encrypted conversation can not be viewed on multiple mobile systems at the same time — however, the encryption is an optional feature.

Many users want to be able to switch devices during a conversation — for example, move from a mobile phone to a tablet or desktop computer. With the current technology, secret conversations can be read only on one device.

In addition, sending rich content like GIFs or video and making payments will not be possible using the encryption.

Facebook Lets Messenger Conversations Go Dark

Apple Patents Tech to Foil Concert Pirates

2016.07.26 03

A patent for an infrared system that could be used to shut off iPhone cameras and microphones at live performances is one of dozens awarded to Apple last month.

The company first applied for a patent for the infrared camera system in 2011, according to Patently Apple, which noted the technology’s great potential.

The system could assist the music and movie industries by automatically disabling camera functions at movies or concerts. However, the technology could have other applications as well — for example, turning an iOS device into a museum or city tour guide, or a source of product information at a retail outlet.

How It Works

The camera described in Apple’s patent would detect more than an image. If the image contained an infrared signal with encoded data, the data would be routed to circuitry in the camera to decode the data.

One possible way of using the data the infrared signal delivered could be to display information to users about objects next to them — a painting in a museum, for example.

Another way of using the data could be to disable camera functions.

Apple Patents Tech to Foil Concert Pirates

Hackers Claim Credit for Pokemon Go No-Go

2016.07.26 01

Pokemon Go, the augmented reality game that has become an overnight sensation, experienced sluggish performance over the weekend, possibly from a hacker attack on its login servers.

Shortly after Pokemon Go devs tweeted that the game was rolling out to 26 additional countries, this tweet appeared:

2016.07.26 02

The next day the Pokemon Go team announced that the issues causing the server problem had been fixed and that players once again could search for Pokemon in the real world.

In the interim, though, two hacker groups — OurMine and PoodleCorp — claimed they had crippled the servers with Distributed Denial of Service attacks.

Hackers Claim Credit for Pokemon Go No-Go

Civil Rights Office Issues Ransomware Guidance

2016.07.25 03

Ransomware infections are on the rise, and healthcare organizations are ripe targets, which may be why the federal government addressed the subject last week.

Ransomware attacks have risen from about 1,000 a day last year to 4,000 a day this year, Symantec has reported.

Many of those attacks are for small change, but some of the larger ones have been directed at healthcare providers. For example, Hollywood Presbyterian Medical Center earlier this year paid hackers US$17,000 to get its systems back online. Also, Medstar Health this spring coughed up $19,000 to return to normal operations.

Civil Rights Office Issues Ransomware Guidance

HummingBad Mucks Up Android’s Works

2016.07.11 02

More than 85 million Android devices worldwide have been taken over by the Yingmob, a group of China-based cybercriminals who created the HummingBad malware, according to a Check Point report released last week.

HummingBad establishes a persistent rootkit on Android devices, generates fraudulent ad revenue, and installs additional fraudulent apps.

If it fails to establish a rootkit, it effectively carpet bombs the target devices with poisoned apps.

HummingBad has been generating revenue of US$300,000 a month, according to Check Point.

The malware runs along with legitimate ad campaigns that Yingmob has produced for its legitimate ad analytics business.

HummingBad Mucks Up Android’s Works