Tag Archive for: encrypted

Judge does not order Apple to disable security on encrypted device

/in

Well, well, well…a federal magistrate of the U.S. District Court for the Eastern District of New York has so far refused to order Apple to disable security on a customer’s encrypted mobile device even though the government assured the judge that doing so “is not likely to place any unreasonable burden on Apple.”

According to the court document (pdf), available on Cryptome which recently admitted to a leaking users’ IP addresses in a separate tech drama, the government filed a sealed application on Oct. 8; it asked the court “to issue an order pursuant to the All Writs Act,” and thereby force Apple “to assist in the execution of a federal search warrant by disabling the security of an Apple device that the government has lawfully seized pursuant to a warrant issued by this court. Law enforcement agents have discovered the device to be locked, and have tried and failed to bypass the lock.”

To read this article in full or to leave a comment, please click here

Network World Security

Apple removes several apps that could spy on encrypted traffic

/in

(credit: PhotoAtelier)

Apple has purged its iOS App Store of several titles that it said had the ability to compromise encrypted connections between end users and the servers they connect to. The company advised users to uninstall the apps from their iPhones and iPads to prevent potentially harmful monitoring, but it has yet to name any of the offending titles.

“Apple has removed a few apps from the App Store that install root certificates that could allow monitoring of data,” company officials wrote in an advisory posted Friday. “This monitoring could be used to compromise SSL/TLS security solutions. If you have one of these apps installed on your device, delete both the app and its associated configuration profile to make sure your data remains protected.”

Apple representatives didn’t respond to an e-mail seeking the names of the offending apps and an explanation of why they weren’t identified. This post will be updated if they reply later.

Read 4 remaining paragraphs | Comments

Ars Technica » Technology Lab

Even encrypted medical record databases leak information

/in

A new study from Microsoft researchers warns that many types of databases used for electronic medical records are vulnerable to leaking information despite the use of encryption.

The paper, due to be presented at the ACM Conference on Computer and Communications Security next month, shows how sensitive medical information on patients could be pilfered using four different attacks.

Researchers discovered the sex, race, age and admission information, among other data, using real patient records from 200 U.S. hospitals.

In the light of increasing cyberattacks against the health care industry, the researchers recommended that the systems they studied “should not be used in the context of” electronic medical records.

To read this article in full or to leave a comment, please click here

Network World Security

Mandating backdoors for encrypted communications is a bad idea

/in

Paul Kocher

Paul Kocher

Congress is hearing testimony today about mandating backdoors in security products so law enforcement can access encrypted communications.

James Comey, the director of the FBI, and Sally Quillian Yates, the deputy U.S. attorney general, are scheduled to testify about the need for such power in order to fight criminals. In the past they have cited child pornographers and terrorists among the targets. Comey says that without backdoors intelligence about criminal plots is going dark.

For a variety of reasons, though, mandating backdoors into encrypted communications is a bad idea.

To read this article in full or to leave a comment, please click here

Network World Tim Greene