pgp
Latest
‘Efail’ exploit exposes popular email encryption schemes
Encrypted emails guarded by common encryption tools are allegedly "susceptible to critical vulnerabilities" that would expose their content to potential hackers. Sebastian Schnizel, a computer science professor from the University of Münster called attention to the 'Efail' issue on Sunday via Twitter. He subsequently urged users of PGP/GPG and S/Mime software to disable it in their email clients.
FBI arrests CEO of company selling custom BlackBerrys to gangs
Custom, extra-secure BlackBerry phones remain a staple of the criminal underworld, and a recent bust just illustrated this point. Motherboard has learned that the FBI arrested Vincent Ramos, the founder of the well-established phone mod seller Phantom Secure, for allegedly aiding criminal organizations that include the Sinaloa drug cartel. The company altered BlackBerry and Android devices to disable common features (including the camera and web browsing) while adding Pretty Good Privacy for encrypted conversations. And it wasn't just turning a blind eye to the shady backgrounds of its customers, according to investigators -- it was fully aware of who was involved.
Keybase's encrypted chat works with accounts you already have
With their first release, Keybase simplified encrypted file sharing, allowing anyone to securely send data without the need for additional third-party software. Now the company wants to bring that same security and simplicity to encrypted messaging with Keybase Chat. Unlike other encrypted messaging services such as WhatsApp or Signal, Keybase Chat works with public accounts and usernames you already have, so there's no need to exchange phone numbers, email addresses or encryption keys.
Google wants to make encryption easier for everyone
As more and more of our daily lives take place online, more and more sites, apps and services are increasing their encryption to keep users' data safe and secure. However, being the web monolith that it is, Google's Security and Privacy Engineering team have noticed a few problems with building a generic yet secure way of exchanging public encryption keys that could work across a range of applications. To fix this, Google has announced the Key Transparency initiative to create a simple way to establish secure connections even through untrusted servers.
Dutch police seize a secure communications network
The worries about criminals using encryption might be overblown, but that changes when a secure network appears to be used primarily with that activity in mind. Dutch police have both seized encrypted communications network Ennetcom and arrested its owner, Danny Manupassa, over beliefs that the business was being used for organized crime. Reportedly, many of the 19,000-plus users used the company's modified BlackBerry phones as part of "serious criminal activity," including drug trafficking and gang murders. Manupassa himself is accused of money laundering and possessing illegal weapons.
Police claim to have cracked extra-secure BlackBerry phones
BlackBerry smartphones have secure messaging as a matter of course, but for some that isn't enough: there are custom models that are even more secure thanks to PGP-encrypted mail. However, it seems that these locked down models aren't quite as safe as you'd think. The Netherlands Forensic Institute has confirmed a recent report that it's capable of scooping up encrypted data from PGP-equipped BlackBerry devices. It's not discussing the exact techniques involved, but it's relying on a tool from CelleBrite to get the job done. One possibility is that investigators are guessing the password based on a memory dump, although that normally requires yanking a memory chip off the phone's motherboard.
Facebook will encrypt the emails it sends to you with PGP
Facebook, the social network where there's no such thing as too much information is handing another olive branch to the privacy crowd. The company has announced that it'll allow users to add PGP keys to their profiles, enabling them to encrypt the regular missives that the social network sends out. That way, no-one but you will be able to find out that Dave, the bully from junior high, has tried to add you as a friend twice this month. If you're wary about the legitimacy of Facebook's project, take comfort from the fact that one of the testers was noted security expert and former Tor lead, Runa Sandvik.
Yahoo wants to keep your email safe from prying eyes
Google revealed this past June that it was working on a way for users to easily encrypt their emails, but it turns out it's not alone in its ambitions. Alex Stamos, Yahoo's Chief Information Security Officer, said at the Black Hat conference in Las Vegas that the company wants to offer end-to-end encryption for Yahoo mail come 2015. What's more, that PGP-based security system should interact seamlessly with Google's -- should they choose to, people from both sides of the Google-Yahoo divide will be able to send each other secure messages that are totally unintelligible to curious (or malicious) outsiders.
