NIST announced it has removed the Dual EC DRBG random number generator from a draft guidance on RNGs; the move could become official next month after a public comment period expires.
Browsing Tag: Encryption
The initial phase of the TrueCrypt audit has been released and 11 vulnerabilities were uncovered, but no evidence of a backdoor.
The list of products and sites affected by the OpenSSL heartbleed vulnerability continues to grow, and as security teams implement the patch and dig into the thornier work of revoking certificates, a new problem is emerging: It’s difficult to know whether an attacker has exploited the vulnerability on a given system.
Microsoft confirmed today it will support HTTPS Strict Transport Protocol (HSTS) in Internet Explorer 12, bringing its browser in line with other major vendors in its support of the protocol.
Yahoo announced a number of encryption enhancements to its email and other online services, and also announced it was finally encrypting communication links between its data centers.
Researchers are in the midst of rolling out a secure new platform for building web applications that can protect confidential data from being stolen in the event that attackers gain full access to the servers.
Researchers at UC Berkeley have developed new attacks that analyze HTTPS traffic and can accurately determine what pages you’ve visited during an encrypted session.
A panel of some of the biggest names in cryptography said more conservatism and caution in the development and deployment of encryption is warranted.
PUNTA CANA–The golden era of bulk surveillance through the acquisition of phone records and other data from telecommunications companies may already be fading, but the larger threat to privacy and security is just beginning to emerge: the use of legal tools and coercion to get around encryption and other safeguards. One of the main results[...]
Honey Encryption is an encryption tool in the works that fools an attacker with bogus decrypted data that looks like it could be a plausible guess at an encryption key or password.