White House Chief of Staff John Kelly’s Personal Cell Phone was Compromised

White House Chief of Staff John Kelly’s personal cell phone was compromised back in December. Details may be found at: http://politi.co/2xIbaTX.

Actually, this shouldn’t surprise anyone. I hope it didn’t surprise John Kelly although I suspect it may have. Everyone should be aware that EVERY unencrypted cell phone can be hacked. The higher your position in government, military, sports, the entertainment industry, or in the business world, the greater the odds that someone is monitoring your calls and the web sites you visit with your smartphone. Those listening might be foreign governments, our own NSA, the FBI, local police departments, business competitors, identity thieves, or (in the case of celebrities) various gossip magazines and newspapers.

Continue reading

Why We Should Never Let the Government Break Encryption

One of the dumbest ideas being voiced by politicians and bureaucrats these days is that all encryption should have “back doors” that allow various governments to break into the encryption and be able to read your private information, along with the private information of everyone else. This is sort of the equivalent of going on vacation and yet leaving the key to the front door of your house under the doormat. It will allow all sorts of miscreants to access your information, not just the government.

Should this idea ever become law, two things will (or won’t) happen:

Continue reading

The Majority of IT Security Professionals Believe Encryption Backdoors are Ineffective and Potentially Dangerous

In a recent Venafi survey of 296 IT security pros, 91 percent of those surveyed said cybercriminals could take advantage of government-mandated encryption backdoors. 72 percent of the respondents do not believe encryption backdoors would make their nations safer from terrorists.

Only 19 percent believe the technology industry is doing enough to protect the public from the dangers of encryption backdoors. 81 percent feel governments should not be able to force technology companies to give them access to encrypted user data. 86 percent believe consumers don’t understand issues around encryption backdoors.

“Giving the government backdoors to encryption destroys our security and makes communications more vulnerable,” said Kevin Bocek, chief security strategist for Venafi.

Continue reading

ProtonMail Professional – Encrypted Email for Organizations

This blog has always focused on privacy problems and solutions for individuals. However, many organizations also have a need for privacy. ProtonMail, already well known for private email services for individuals, has now introduced a related product for corporations, non-profits, and any other organizations that feel a need for privacy.

You can read the announcement for ProtonMail Professional at: https://protonmail.com/blog/encrypted-email-for-organizations/.

Data Shredder for Mac 2017 Offers Military Grade Data Deletion

Miami-based security solutions company, ProtectStar today announced Data Shredder for Mac 2017, their new military grade data deletion tool for macOS computers. The app securely and efficiently deletes data using methods that meet and exceed government, military, and industry standards. Users simply drag-and-drop files, folders, or drives to the app and press the “Shred” button. Data Shredder then completely eliminates any chance for data reconstruction, even by government agencies.

Data Shredder for Mac 2017 sells for $19.90.

The new Data Shredder for Mac 2017 joins several other, related products that have been available from ProtectStar for some time, including:

Continue reading

Hackers are Using Hotel Wi-Fi to Spy on Guests and Steal Data and Money

This is one more reason why you always want to use a VPN, especially when traveling.

An advanced hacking and cyberespionage campaign against high-value targets has returned. The so-called ‘DarkHotel’ group has been active for over a decade, with a signature brand of cybercrime that targets business travellers with malware attacks, using the Wi-Fi in luxury hotels across the globe.

In short, the hackers find ways to infiltrate the hote’s wi-fi system so that they can see every bit of information that hotel guests are sending and receiving on (unencrypted) connections.

The hackers have much more sophisticated methods than just “wiretapping” into the wi-fi network. The usual method for the attack is to send carefully crafted phishing emails. When the recipient clicks on the email message, a self-extracting archive package, called winword.exe, is then executed and begins the Trojan downloader process.

Luckily, the problem is easy to avoid.

Continue reading

RSA Says You Can’t Force the Private Sector to Break Encryption

RSA’s VP and GM of Global Public Sector Practice Mike Brown believes there’s a better way to thwart terrorism than breaking end-to-end encryption, as recently proposed by the Australian government.

Australian Prime Minister Malcolm Turnbull, along with Attorney-General George Brandis, announced plans last week to introduce legislation that would force internet companies to assist Australian law enforcement in decrypting messages sent with end-to-end encryption. (See my earlier article at http://bit.ly/2gQIwrB.)

During a question-and-answer session, Turnbull was asked about the difficulty of using legislation in an attempt to defeat the laws of mathematics. Turnbull replied, “”I’m not a cryptographer, but what we are seeking to do is to secure their [the tech companies] assistance. They have to face up to their responsibility. They can’t just, you know, wash their hands of it and say it’s got nothing to do with them.”

Well, Turnbull obviously is “not a cryptographer.” I have to agree.

NOTE: I am a former cryptographer. These days I am simply a crypto hobbyist.

Continue reading