1. U

    Zooms end to end encryption, not really end to end.

    UPDATE 2020-04-17: Zoom hires a bunch of security experts to help fix zero day exploits. https://www.thefpsreview.com/2020/04/17/zoom-invests-into-hiring-outside-security-experts-to-fix-exploits-as-hackers-are-selling-them-online/ UPDATE 2020-04-09: US Senate tells members to not use Zoom...
  2. C

    VirtualBox - Enabling encryption allocates all dynamic storage

    So, if I create VM with 50gb dynamic drives, and only use 20gb, why does enabling encryption permenantly expand the .VHD file to 50gb? This is a win10 guest on win10 host. So, even if I decrypt the VDI file, it stays at 50gb. If I compact the file, it still stays at 50gb. Any ideas?
  3. cageymaru

    Firefox Send Is a Free File Transfer Service Featuring Encryption

    Mozilla has announced Firefox Send is now available for use as a free file transfer service with built-in end-to-end encryption. Send allows users to safely and simply share files from any browser without having to worry about their private information existing in the cloud. Send will be...
  4. AlphaAtlas

    Australia Passes World's First Anti Encryption Law

    New Atlas reports that the Australian government recently passed the world's first anti-encryption bill. The Assistance and Access Bill 2018 can allegedly "compel a private company to create new interception capabilities so no communications data is completely inaccessible to the government."...
  5. cageymaru

    The U.S. Department of Justice Indicts Two Iranians of Deploying SamSam Ransomware

    The U.S. Department of Justice has unsealed an indictment of two Iranians for computer hacking and deploying a crippling style of ransomware called "SamSam Ransomware" onto American and Canadian public institutions such as hospitals and municipalities. Faramarz Shahi Savandi, 34, and Mohammad...
  6. B

    Opinions/Suggestions on Encrypting Main SSDs in Laptops & Home Server...

    I have been thinking about this for some time and am having trouble coming to a conclusion, so maybe the hive can help me out. Due to health issues, I have been a bit out of the tech loop for the last couple of years, so please bear with me. My wife and I have moved to using laptops as our main...
  7. dvsman

    Email Encryption Q

    Hey fellas, So I got my hands on my old office Xerox printer / copier thing (for free!) and have been playing around with it and have a q? I hope one of you guys can answer. The feature I normally use is scanning paper docs to email (vs faxing) and one of the options in the menu - which I've...
  8. FrgMstr

    Russia Smashes Telegram

    If you recall, the Russian government had recently demanded encryption keys be shared with it for services that were encrypting content. Telegram is one such encrypted service, and it decided to give the finger to the Russian government, instead of handing over the encryption keys so that its...
  9. R

    Telegram Loses Bid to Block Russia From Encryption Keys

    Two years ago we covered a story on how Russia was requiring ISPs to give backdoor access to apps. The encrypted messaging app Telegram, has lost a bid before Russia's Supreme Court to block security services getting access to users' data according to a Bloomberg report. Last year Telegram was...
  10. FrgMstr

    FBI Backs Away from the Backdoor and Asks for Private Sector Co-op

    The FBI and access to your encrypted devices have been in the news a lot over the last year (here, here, and here are just a few examples). Even last week stories of the FBI using Geek Squad employees as confidential informants surfaced. The common thread, and biggest point of disgust with the...
  11. DooKey

    WPA3 Protocol Announced

    WPA 3 has been announced and it brings some much needed improvements to WPA2. WPA2 has been around for a long time and its time is finally coming to an end thanks to the Wi-Fi Alliance. The primary improvement that should be of note is it will provide individualized data encryption in open...
  12. DooKey

    The US Claims It Doesn't Need a Court Order to Ask Tech Companies to Build Encryption Backdoors

    According to documents released over the weekend, intelligence officials told the Senate Intelligence Committee there's no need to use the court system to ask tech companies to build backdoors into their products. Furthermore, they also said the Foreign Intelligence Surveillance Act allows them...
  13. DooKey

    66 Percent of Popular Android Cryptocurrency Apps Don't Use Encryption

    Believe it or not, new analysis by security firm High-Tech Bridge has found that 66 percent of popular cryptocurrency apps don't use HTTPS to encrypt information in transit. To make matters worse 94 percent of these apps had at least three medium-risk vulnerabilities. If you're using one of...
  14. DooKey

    FBI Could Not Access Nearly 7K Devices Because of Encryption

    In a speech to the International Association of Chiefs of Police conference in Philadelphia, FBI Director Wray said the FBI hasn't been able to retrieve data from more than half of the mobile devices it tried to access in less than a year. He considers it a huge problem and wants to seek a...
  15. DooKey

    Homeland Security Orders Federal Agencies to Start Encrypting Sites and Emails

    You would think that after years of hacks on public and private institutions that all US Government websites would have HTTPS enabled by default. Think again because at least one-quarter of federal sites still don't support basic website encryption. As a matter of fact only 70% of Homeland...
  16. FrgMstr

    New Encryption Legislation Coming?

    Reuters has an interesting story about encryption in our lives, and while soft on facts it is instead noting the tone of what is being said by the U.S. Deputy Attorney General Rod Rosenstein. This morning Rosenstein basically told us that trying to negotiate with tech companies in the U.S. was...
  17. X

    How to get/decrypt an SSD PSID from the drive itself?

    Hi everyone, I'm now looking for a way to get an SSD PSID (Physical Security ID) from the inside of it. I know it is an hexadecimal identifier to lock the SSDs from piracy issues. Supposedly from what I know, if you erase or modify the SMART Values on the inside of an SSD twice, it will...
  18. FrgMstr

    Encrypt and Lock Your Phone - Go to Jail

    The Miami Herald is reporting that a man suspected of child abuse has been sentenced to 180 days in jail because he did not give the police a working security code to access his iPhone. No matter your thoughts on this, there is absolutely no doubt that we are going to be seeing more and more of...
  19. FrgMstr

    US Senate Goes HTTPS & Encrypted Messaging

    While many lawmakers are talking about needing backdoors for encryption in our world, it seems as though the US Senate has decided that HTTPS is needed on its own site and its private messages need backdoor-free encryption as well. US Senator Ron Wyden penned a letter to the Senate welcoming...
  20. Schtask

    PfSense Teases Encryption For Version 2.5

    PfSense has just released updated hardware requirements for future versions of the companies software. For those not in the know, pfSense is an open source firewall computer software distribution that is built upon FreeBSD. Instead of specialized and costly equipment, pfSense is installed on a...
  21. Schtask

    Quantum Ciphers and Human Ingenuity

    Quantum Computers have cryptographers worried that our concepts of modern cryptography will soon become obsolete. We've mentioned this before. Quantum computers like the D Wave X2 utilize bits that exist in superposition. In other words, bits of 1 or 0 are not just 1 or 0. They can also be 1 AND...
  22. Zarathustra[H]

    Identifying HTTPS-Protected Netflix Videos in Real-Time

    Researchers at the United States Military Academy at West Point have discovered that despite Netflix recently implementing TLS (HTTPS) encryption on their video streams to protect the privacy of their viewers, they can identify what video people are watching with 99.99% accuracy, using a...
  23. Schtask

    Over 15,000 Fraudulent PayPal Certificates Issued to Phishing Sites

    Let's Encrypt was launched publicly in December of 2015 under the premise that websites would be encrypted and served to the end user over Transport Layer Security (TLS). The thought was that TLS would protect user data from pilfering. Many Cyber Security experts expressed fear that free...
  24. Zarathustra[H]

    'Sorry, I've Forgotten my Decryption Password' is Contempt of Court

    The Register is reporting that the U.S. Third Circuit Court of Appeals today upheld a lower court ruling in which a man suspected of concealing child pornography was held in contempt after failing to successfully provide his decryption passwords for his external hard drives. This legal decision...
  25. Zarathustra[H]

    One in Five Websites Still Use Outdated SHA-1 Encryption Algorithm

    SHA-1 has been known to be potentially insecure since 2005, but this wasn't proven in practice, at least not publicly, until Google recently announced they executed a successful collision attack, breaking it. The collision attack is notable as it takes about one 100,000th of the time to crack...
  26. FrgMstr

    Lavabit Email Back and Better than Ever

    If you are not familiar with Lavabit email, the story surrounding it for the last couple of years is interesting on its own. The Lavabit service was shut down several years ago after it was forced by the US Government to hand over SSL keys to Edward Snowden's email account allegedly. Last...
  27. Pieter3dnow

    AMD x86 Memory Encryption Technologies

    AMD x86 Memory Encryption Technologies by David Kaplan, AMD http://events.linuxfoundation.org/sites/events/files/slides/AMD%20x86%20Memory%20Encryption%20Technology%20LSS%20Slides.pdf Stumbled onto this youtube has some decent information about the features coming to Linux
  28. FrgMstr

    Russia Says All Your Encryption Base are Belong to Us

    Nothing to see here, move along. Oh wait just a friggin minute, this is worth hearing about. The Russian government are requiring Internet service providers to give backdoors in order for the government to collect encryption keys.
  29. FrgMstr

    [H]F now on [H]ardware and [H]ttps

    Yesterday the outage was to move the forums back to our own servers. It should be a "little" faster now. Also, you will notice we are now encrypted. This may impact your browsing at work positively...or negatively. If you see any big issues, please let me know.
  30. Z

    Have Basic Questions About SED

    Hello, I have been out of the loop. I have some questions about the SED (Self-encrypting Drive) feature on these newer SSD's, for a home user. 1. If I am upgrading, say cloning a older SSD to newer SSD with SED, can I start using SED right away or would I have to do a fresh install of the OS...