Agregátor RSS

NIST has posted an update on their post-quantum cryptography program:

• Update


• NISTIR 8309 Status Report on the Second Round of the NIST Post-Quantum Cryptography Standardization Process

Po kolikáté ?

Policisté v Praze zadrželi dva cizince t?sn? po tom, co do bankomatu nainstalovali skimmovací za?ízení s cílem dostat se k pen?z?m klient?. U zadržených muž? pak policisté zajistili i celou ?adu nástroj? k páchání této trestné ?innosti a vysíla?ky, informoval ve st?edu policejní mluv?í Jan Dan?k.

Užite?ný p?ísp?vek "14 Ways to Create a Secure Password in 2019" na stále pot?ebné téma jak vytvá?et a pamatovat si hesla od Jacka Forstera.

25+ Free Security Tools That You Need to Start

P?ehled bezplatných silných antivirových a dalších bezpe?nostních program?, které vám mohou pomoci udržet vaše citlivé informace v bezpe?í.

Email was one of the earliest forms of communication on the internet, and if you’re reading this you almost undoubtedly have at least one email address. Critics today decry the eventual fall of email, but for now it’s still one of the most universal means of communicating with other people that we have. One of the biggest problems with this cornerstone of electronic communication is that it isn’t very private. By default, most email providers do not provide the means to encrypt messages or attachments. This leaves email users susceptible to hackers, snoops, and thieves.

So you want to start encrypting your email? Well, let’s start by saying that setting up email encryption yourself is not the most convenient process. You don’t need a degree in cryptography or anything, but it will take a dash of tech savvy. We’ll walk you through the process later on in this article.

Alternatively, you can use an off-the-shelf encrypted email client. Tutanota is one such secure email service, with apps for mobile and a web mail client. It even encrypts your attachments and contact lists. Tutanota is open-source, so it can be audited by third parties to ensure it’s safe. All encryption takes place in the background. While we can vouch for Tutanota, it’s worth mentioning that there are a lot of email apps out there that claim to offer end-to-end encryption, but many contain security vulnerabilities and other shortcomings. Do your research before choosing an off-the-shelf secure email app.

If you’d prefer to configure your own email encryption, keep reading.

See Affiliated Events too.

Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity.

Security Keys are inexpensive USB-based devices that offer an alternative approach to two-factor authentication (2FA), which requires the user to log in to a Web site using something they know (the password) and something they have (e.g., a mobile device).

The US Department of Justice (DOJ) this week released the first report from its Cyber Digital Task Force – which was set up in February to advise the government on strengthening its online defenses.
The report [PDF], compiled by 34 people from six different government agencies, examines the challenges facing Uncle Sam´s agencies in enforcing the law and protecting the public from hackers. It also lays out what the government needs to do to thwart looming threats to its computer networks.

Let´s (not) Encrypt

If you´ve been following the news for the last few years it will come as no surprise that the Justice Department is not a fan of the common man having access to encryption.
The report bemoans the current state of encryption and its ability to keep the government from gathering and analyzing traffic for criminal investigations. The word ´encryption´ comes up 17 times in the report, not once in a favorable light.
In the past several years, the Department has seen the proliferation of default encryption where the only person who can access the unencrypted information is the end user, the report reads.
The advent of such widespread and increasingly sophisticated encryption technologies that prevent lawful access poses a significant impediment to the investigation of most types of criminal activity.

The demand for quantum computing services will be driven by some process hungry research and development projects as well as by the emergence of several applications including advanced artificial intelligence algorithms, next-generation encryption, traffic routing and scheduling, protein synthesis, and/or the design of advanced chemicals and materials. These applications require a new processing paradigm that classical computers, bound by Moore’s law, cannot cope with. However, one should not expect quantum computers to displace their classical counterparts anytime soon.

Ray Ozzie thinks he has an approach for accessing encrypted devices that attains the impossible: It satisfies both law enforcement and privacy purists. (?)

EFAIL furore not over yet, even though it´s easy to fix.

However, PGP´s creator Phil Zimmerman, Protonmail´s Any Yenn, Enigmail´s Patrick Brunschwig, and Mailvelope´s Thomas Oberndörfer are still concerned that misinformation about the bug remains in the wild.

Yenn tried to refute the EFAIL “don´t use PGP” on May 25, and the four have followed up with this joint post.

According to a Venafi survey of 512 security professionals attending RSA Conference 2018, sixty-four percent of respondents say their personal encryption usage has increased due to recent geopolitical changes.

Encryption is making it more difficult for law enforcement agencies to detect dangerous offenders, according the the National Crime Agency's (NCA) yearly assessment of serious organised crime in Britain.

Since 2010, communication service providers have migrated to encrypted services ´by default´, a process that accelerated following the Snowden disclosures, said the National Strategic Assessment of Serious and Organised Crime 2018

US lawmakers from both major political parties came together on Thursday to reintroduce a bill that, if passed, would prohibit the American government from forcing tech product makers to undermine the security of their wares.

Third-party code in security-critical apps is obviously suboptimal, but company says you can opt out

A security researcher has recommended against using the LastPass password manager Android app after noting seven embedded tracking signatures. The company says users can opt out if they want.…

Společnost Red Hat představila program "Red Hat Enterprise Linux (RHEL) for Open Source Infrastructure" aneb Red Hat Enterprise Linux zdarma pro open source projekty.

Posted by Royal Hansen, Vice President, Security

Black History Month may be coming to a close, but our work to build sustainable equity for Google’s Black+ community, and externally is ongoing. Currently, Black Americans make up less than 12% of information security analysts in the U.S. In an industry that consistently requires new ideas to spark positive change and stand out against the status quo, it is necessary to have individuals who think, speak, and act in diverse ways. Diverse security teams are more innovative, produce better products and enhance an organization's ability to defend against cyber threats.

In an effort to amplify the contributions of the Black+ community to security and privacy fields, we’ll be sharing profiles of Black+ Googlers working on innovative privacy and security solutions over the coming weeks, starting with Camllie Stewart, Google’s Head of Security Policy for Google Play and Android.

Camille co-founded #ShareTheMicInCyber, an initiative that pairs Black security practitioners with prominent allies, lending their social media platforms to the practitioners for the day. The goal is to break down barriers, engage the security community, and promote sustained action. The #ShareTheMicInCyber campaign will highlight Black women in the security and privacy sector on LinkedIn and Twitter on March 19, 2021 and throughout March 2021 in celebration of Women's History Month. Follow the #ShareTheMicInCyber on March 19th to support and amplify Black women in security and privacy.

Read more about Camille’s story below ↓

#ShareTheMicInCyber: Camille Stewart

Today, we will hear from Camille Stewart, she leads security, privacy, election integrity, and dis/misinformation policy efforts for Google's mobile business. She also spearheads a cross-Google security initiative that sets the strategic vision and objectives for Google’s engagement on security and privacy issues.

In her (not so) spare time, Camille is co-founder of the #ShareTheMicInCyber initiative – which aims to elevate the profiles, work, and lived experiences of Black cyber practitioners. This initiative has garnered national and international attention and has been a force for educating and bringing awareness to the challenges Black security practitioners face in industry. Camille is also a cybersecurity fellow at Harvard University, New America and Truman National Security Project. She sits on the board of the International Foundation for Electoral Systems and of Girl Security, an organization that is working to close the gender gap in national security through learning, training, and mentoring support for girls.





Why do you work in security or privacy?

I work in this space to empower people in and through technology by translating and solving the complex challenges that lie at the intersection of technology, security, society, and the law.

Tell us a little bit about your career journey to Google

Before life at Google, I managed cybersecurity, election security, tech innovation, and risk issues at Deloitte. Prior to that, I was appointed by President Barack Obama to be the Senior Policy Advisor for Cyber Infrastructure & Resilience Policy at the Department of Homeland Security. I was the Senior Manager of Legal Affairs at Cyveillance, a cybersecurity company after working on Capitol Hill.

What is your security or privacy "soapbox"?

Right now, I have a few. Users being intentional about their digital security similar to their physical security especially with their mobile devices and apps. As creators of technology, we need to be more intentional about how we educate our users on safety and security. At Google, security is core to everything we do and build, it has to be. We recently launched our Safer With Google campaign which I believe is a great resource for helping users better understand their security and privacy journey.

As an industry, we need to make meaningful national and international progress on digital supply chain transparency and security.

Lastly, the fact that systemic racism is a cybersecurity threat. I recently penned a piece for the Council on Foreign Relations that explores how racism influences cybersecurity and what we must do as an industry to address it.

If you are interested in following Camille’s work here at Google and beyond, please follow her on Twitter @CamilleEsq. We will be bringing you more profiles over the coming weeks and we hope you will engage with and share these with your network. 
If you are interested in participating or learning more about #ShareTheMicInCyber, click here.

Spolek OpenAlt zve příznivce otevřených řešení a přístupu na 190. sraz, který proběhne v pátek 26. února od 17:00 na Jitsi Meet.

A teenaged ethical hacker discovered a flawed endpoint associated with a health-department website in the state of Bengal, which exposed personally identifiable information related to test results.