Tag Archive for: encrypted

Twitter’s new encrypted message feature criticized by security and privacy experts

/in



Washington
CNN
 — 

Privacy and security experts widely panned a new feature that Twitter unveiled Wednesday that encrypts some direct messages between users, raising questions about the future of user safety on the platform.

Twitter’s early efforts at securing direct messages with encryption appear to be riddled with caveats, flaws and risks that may endanger users, the experts said after the company rolled out its initial release.

With the first iteration of the feature, only users who are paying subscribers to Twitter Blue or whose organizations have paid to be verified with the company may use encrypted messages.

In addition, encrypted messages may only be sent between two individuals, not groups. Encrypting images, video and other media is not supported. Both participants must either have exchanged direct messages in the past, or the recipient of an encrypted message must already follow the sender.

Perhaps most crucially, Twitter acknowledged that even with the encryption feature enabled, the company itself, and other third parties, can still potentially access user messages.

“I’m trying to be positive about Twitter deploying encrypted DMs even though there are so many things about this system that make it feel like a v0.1 release, or are just obnoxious,” said Matthew Green, a cryptographer and computer science professor at Johns Hopkins University, in a tweet.

Twitter’s former chief information security officer, Lea Kissner, publicly pleaded with Twitter’s current engineering team to improve the feature quickly.

“Twitter folks, seriously. I left some design docs somewhere. Please use them,” Kissner said on Bluesky, a rival platform.

Twitter has described encrypted messaging as key to the company’s future of becoming “the most trusted platform on the internet.” But the rollout provides another example of how, under CEO Elon Musk, Twitter has forged ahead with significant changes to the platform over the warnings of independent researchers about potential unintended consequences…

Source…

Hackers encrypted Suffolk health department data, report says

/in


Forensic investigators probing the September ransomware attack on Suffolk County found evidence that hackers encrypted data and left ransomware notes on the Department of Health computer network, although Suffolk said there is no evidence “thus far” that personal data was stolen.

In a report from Unit 42, a division of Palo Alto, the company that provided firewall and other network protection services to the county in advance of the attack, investigators also said they found evidence that the hackers “staged and exfiltrated,” or exported, data from the county clerk’s network, as well as Suffolk’s main parent network.

Security experts say health data tends to be among the most highly sought by ransomware attackers and other hackers, in part because it often is rich with personally identifiable information. By encrypting data, the hackers blocked the county from access to it.

Suffolk spokeswoman Marykate Guilfoyle said the county’s Department of Information Technology and its incident response team are “coordinating closely” with County Clerk Vincent Puleo and “will notify any individuals if it is determined that their personal identifying information may have been impacted.”

WHAT TO KNOW

  • Investigators report finding evidence that hackers encrypted data and left ransomware notes on the Department of Health computer network during the Sept. 8 cyberattack.
  • A Suffolk spokeswoman said there is no evidence “thus far” that personal data was stolen.
  • Security experts say health data tends to be highly sought after by hackers, in part because it often is rich with personally identifiable information. 

Suffolk has already acknowledged the Social Security numbers of up to 26,000 employees may have been exposed and that personal information of up to 470,000 people was “accessed or acquired” from the county’s Traffic and Parking Violations Agency server.

In the past, when the county has found that infiltrators compromised data by so-call exfiltration, or stealing and exporting copies, the government moved to alert those whose data may have been compromised. It is providing a free one-year subscription to a credit-monitoring and ID theft…

Source…

After praising Moxie Marlinspike for Signal, Elon Musk and Twitter to partner with Signal for encrypted DMs- Technology News, Firstpost

/in


Mehul Reuben DasNov 23, 2022 12:44:04 IST

Elon Musk, when he took over Twitter, had envisioned that Twitter’s DM or Direct Messaging system would be one of the best in the world. In fact Musk had planned to revamp the way DMs function on Twitter and place it behind a paywall so that users can subscribe to a set of features.

In a recent all-hands meeting with the employees of Twitter, Musk reiterated the importance of encrypting DMs on Twitter, and how a former employee, Moxie Marlinspike wanted to work on the feature, but wasn’t really allowed to. He also said that “it should be the case that I can’t look at anyone’s DMs if somebody has put a gun to my head.”

Musk also praised Moxie Marlinspike and said that Twitter would not only start with encryption but eventually, become a better DMing platform than Signal. Musk also announced that Twitter will be partnering up with Moxie Marlinspike and a few people from Signal to work on their encrypted DMs.

Moxie Marlinspike, for those who are unaware, is one of the most prominent cryptographers and computer security researchers in the United States. After his exit from Twitter, he went on to co-found Signal, an end-to-end messaging platform that makes it impossible for snooping eyes to read or view messages or photos that are exchanged between a sender and a receiver.

Over the years, Twitter has kickstarted and then paused building encrypted DMs several times. But now Musk is set on rolling out encryption as a top priority for the vision he is calling Twitter 2.0. 

The first time around, it was Moxie Marlinspike himself who wanted to set up encryption for DMs on the platform. However, in 2013, he had to leave Twitter when the platform didn’t let him build the feature set. 

In 2018, Twitter again set out to set up encryption for DMs and had even bought a license to use Signal’s tech, but by 2019, Twitter reportedly had scrapped the idea again. 

American whistleblower Edward Snowden has reiterated his faith in the Signal app multiple times and says that he uses it every day. Snowden has been in favour of the Signal app since its inception and tweeted that he used…

Source…

How to Decrypt Files Encrypted by Ransomware

/in


For any organization struck by ransomware, business leaders always ask “how do we decrypt the data ASAP, so we can get back in business?”

The good news is that ransomware files can be decrypted. The bad news is it doesn’t work most of the time:

  • Paid ransom decryption tools and keys don’t always work.
  • Free decryption tools don’t always work.
  • Paid decryption tools don’t always work.

The best defense and the best option for recovery will always be the availability of sufficient, isolated data backups and a practiced restoration process. However, even with the best planning, organizations can find a few users, machines, or systems that were overlooked or whose backup may be corrupted or encrypted.

What can be done to recover from ransomware attacks when backups are not available?

Also read:

The First Calls After an Attack

First, call the cyber insurance company that issued the organization’s cybersecurity policy. Most insurance companies require specific incident response vendors, procedures, and reporting that must be met to meet the standards to be insured.

Insured companies often will not have options. Instead, the cybersecurity insurance company will take full control, and the insured company will need to follow instructions.

If the organization does not have insurance, then the fastest way to recover is to call an MSSP, incident response specialist, or ransomware recovery specialist. Executives, legal counsel, and law enforcement such as the local office for the FBI or police should also be on the incident response phone list for early contact.

Before Decryption, Block the Attacks

Whether handing off recovery to the insurance company, paid incident response professionals, or attempting recovery in-house, the next steps will generally be the same:

  1. Stop the spread of the ransomware.
  2. Eliminate attacker access.
  3. Begin work on recovery.

Note that decryption is not a consideration until at least step three because the IT team cannot safely attempt any decryption without stopping the spread of ransomware or blocking access that attackers might use to interfere with recovery. These steps are covered in more depth in How to Recover From a…

Source…