Tag Archive for: Encryption

Apple buffs up iMessage security with quantum computer-proof encryption


iMessage on an Android phone

Dhruv Bhutani / Android Authority

TL;DR

  • Apple is creating a new form of encryption for iMessage.
  • This new layer of encryption aims to prevent harvest now, decrypt later attacks.

Today’s encryption is good enough to defend against most encryption cracking attempts. But will today’s encryption hold up when pitted against more powerful computers in the future? Apple is not waiting to find out and is updating the security protocol for its messaging app to handle attacks from quantum computers.

According to Bloomberg, Apple is introducing a new form of encryption meant for iMessage called PQ3 cryptographic protocol. This new encryption layer will work alongside the company’s existing encryption tools.

PQ3 was designed to prevent what’s known as harvest now, decrypt later attacks. This is an attack where the perpetrator — like a nation-state hacker — extracts as much encrypted data as they can get. They then sit on that data, waiting for a future when quantum computers are powerful and reliable enough to crack the encryption.

The day when quantum computers become capable enough to tear through most encryption is referred to by experts as “Q-day.” There’s no agreement on when Q-day will arrive, with some believing it could happen in the coming decades. Given that Apple is taking this precaution now suggests that the company believes this day will come sooner than later.

Got a tip? Talk to us! Email our staff at [email protected]. You can stay anonymous or get credit for the info, it’s your choice.

Source…

Ransomware now dispenses with data encryption and blackmails with brand exposure – Intelligent CIO LATAM


With Brazil already facing an overwhelming wave of ransomware attacks, Hilmar Becker, Country Manager, F5 networks, Brazil, warns of a switch in tactics by threat actors – leaving organisations even more exposed.

Hilmar Becker, Country Manager, F5 networks, Brazil

Throughout 2023, a harsh reality set in.

The ever-evolving threat landscape has ransomware continuing to wreak havoc.

Brazil remains in a prominent position in relation to this threat: we are the fourth largest ransomware target in the world, according to a report released in the first half of this year.

Only the US, UK and Spain beat our market in this regard.

The accelerated digitalization of the Brazilian economy is not always accompanied by alignment with the best practices of digital security, which increases the vulnerability of companies to these types of attacks.

For years, the practice of encrypting data and holding it hostage until a payment was made was the hallmark of ransomware attacks. The victim’s dilemma was quite simple: pay the ransom or risk losing access to critical data.

To maintain their effectiveness, ransomware gangs have started to innovate with different tactics.

This is the case of double extortion, in which not only is data encrypted, but also stolen information is threatened to be publicly exposed or sold on the dark web.

The first case of this modality happened in 2019.

Shortly after, in 2020, triple extortion began to make the news, which takes double extortion a step further, taking advantage of confidential information about customers, relatives, or other entities related to the victim.

This is an advanced level of blackmail that starts from the attack on the organization to, at another time,

trigger actions pulverized by all the people who had their data exposed.

In recent months, cybercriminals have introduced yet another technique to their arsenal: unencrypted attacks.

In the face of the overwhelming wave of ransomware affecting Brazil, it has become commonplace for companies to keep backups of their data, and decryption tools are being created to neutralize ransomware variants.

This advocacy has changed digital gangs. Thus,…

Source…

Wi-Fi encryption can be hacked and anyone can spy on your internet activity


Equifax and Yahoo disclosed major security breaches recently, which are quite scary, especially the former. But security researchers are about to unveil to explain how hackers could hack any existing Wi-Fi connection and spy on all of your data.

The encrypted WPA2 protocol was just breached, putting at risk everyone who uses wireless internet at home or abroad. You can’t fix the issue yourself, but while you wait for network equipment makers to patch access points, there are several steps you can take to protect yourself.

Yes, the issue is serious, but as long as a hacker isn’t specifically looking to spy on your data, you should not worry about it.

The proof-of-concept exploit is called KRACK (or Key Reinstallation Attacks), according to Ars Technica. An advisory from US-CERT explains that the hack should be publicly disclosed on Monday:

US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven will be publicly disclosing these vulnerabilities on 16 October 2017.

Until access points are fixed, all Wi-Fi traffic is at risk, meaning that hackers will be able to eavesdrop on all your Wi-Fi traffic and steal data coming from all sorts of home devices that connect to the internet wirelessly.

If you’re worried about your security, various solutions can help you mitigate the problem while you wait for hardware companies to update router firmware.

You can stop using Wi-Fi until your routers are fixed, and switch to Ethernet instead. You should also consider using Virtual Private Networks (VPN) to obfuscate your internet usage, especially if you keep using Wi-Fi, and especially in those…

Source…

Decoding the Mystery of Encryption: The Power of Public and Private Keys | by Yash Gupta | Sep, 2023


“In the world of encryption, the key to understanding is just a public and private key away.” — Anonymous

In the digital world, the concept of encryption is as ubiquitous as it is vital. It is the bedrock of internet security, safeguarding our data from prying eyes. Encryption is the process of encoding information in such a way that only authorized parties can access it. It is a complex yet fascinating subject, and understanding it requires a deep dive into the realm of public and private keys.

Public and private keys form the basis of today’s encryption

The world of encryption is a labyrinth of complex algorithms and mathematical equations, but at its core, it is a simple concept. It is a method of transforming plain text into an unreadable format, known as ciphertext, to prevent unauthorized access. The process of converting the ciphertext back into its original form is known as decryption.

The two primary types of encryption are symmetric and asymmetric encryption. Symmetric encryption uses a single key for both encryption and decryption. However, it has a significant drawback: the key must be shared between the sender and receiver. This sharing can lead to potential security risks.

Asymmetric encryption, on the other hand, uses two keys: a public key for encryption and a private key for decryption. This method is also known as Public Key Infrastructure (PKI). The public key is available to everyone, while the private key is kept secret by the owner. This method eliminates the need to share keys, thereby enhancing security.

The concept of public and private keys is akin to a mailbox. Anyone can drop a letter (encrypt data) into the mailbox using the visible slot (public key), but only the person with the key to the mailbox (private key) can open it and read the letters (decrypt the data).

The process of generating these keys involves complex mathematical algorithms. The most common algorithm used is the RSA (Rivest-Shamir-Adleman) algorithm. It generates two large prime numbers and multiplies them. The complexity of factoring large prime numbers ensures the security of RSA encryption.

The beauty of public and private keys lies in their interdependence. The public key is used…

Source…