Posts Tagged ‘encrypted’
Wednesday, October 29, 2014 @ 09:10 AM gHale
All information gathered from Adobe’s ebook reading software Digital Editions will end up encrypted when it goes to its servers.
The application collects the data in order to comply with the DRM (digital rights management) policies that protect copyright holders against piracy.
“Adobe uses the information collected about the eBook you have opened in Adobe Digital Editions software to ensure it is being viewed in accordance with the type of DRM license that accompanies that eBook. The type of license is determined by the eBook provider,” the company said.
Earlier this month it was a slightly different and less secure scenario, where the program would collect details about books it opened and would deliver them to one of its servers called adelogs.adobe.com.
Nate Hoffelder of The Digital Reader blog said Digital Editions 4 also scanned the storage unit in search for other books and shared the data with Adobe.
An analysis of the traffic to the Adelog sever revealed the information ended up uploaded in an insecure manner, allowing a third party to intercept and access it in plain text.
Adobe disclosed the type of information it hauls from the users of Digital Editions, also explaining its use.
Apart from unique values required for the purpose of authentication and identification of the user and the device, the company also retrieves the IP address at the time of purchasing an ebook, duration of reading the text, amount of the ebook read, as well as details included by the providers of the ebook.
Regarding the reading duration, “this information may be collected to facilitate limited or metered pricing models entered into between eBook providers, such as publishers and distributors,” Adobe said.
The company explains in by some models, publishers can charge libraries for lending an ebook to an individual either since the time of the borrowing or since the reader actually picks up the book and reads it.
One important detail is information taken from the user now goes to its servers via a secure connection. This eliminates the risk of anyone intercepting the traffic and the information accessed by a third-party.
Adobe said none of the data collected is personally identifiable and that it may share some of it with ebook providers.
Tuesday, May 27, 2014 @ 06:05 PM gHale
A beta release of an encrypted, secure email service was so popular and interest so great, its developers had to temporarily close the signups.
The name of the service is ProtonMail, and the creators are CERN researcher Andy Yen (the service’s system administrator), designer Jason Stockman (the front-end developer), and MIT graduate/CERN software developer/resident cryptography expert Wei Sun, who tackled the development of the service’s back-end.
“ProtonMail was founded in summer 2013 at CERN by scientists who were drawn together by a shared vision of a more secure and private Internet,” it said on the project’s official website.
“ProtonMail is developed both at CERN and MIT and is headquartered in Geneva, Switzerland. We were semifinalists in 2014 MIT 100K startup launch competition and are advised by the MIT Venture Mentoring Service.”
The service offers end-to-end encryption, which means the data ends up encrypted on the users’ computer before going to the company servers. “We have no access to your messages, and since we cannot decrypt them, we cannot share them with third parties,” the creators said.
The company does not log IP addresses or require any personal information to sign up, and accepts bitcoin and cash payments for paid accounts to ensure user anonymity. There are also free accounts and the company only charges for extra storage.
Since ProtonMail’s headquarters is in Switzerland, its servers are also in the country.
“All user data is protected by the Swiss Federal Data Protection Act (DPA) and the Swiss Federal Data Protection Ordinance (DPO) which offers some of the strongest privacy protection in the world for both individuals and entities,” they pointed out. “Only a court order from the Cantonal Court of Geneva or the Swiss Federal Supreme Court can compel us to release the extremely limited user information we have.”
The service apparently checks another box that is crucial for a successful encrypted email offering: It’s easy to use. Users will only have to remember/store two passwords: One to authenticate themselves, and another to decrypt the user’s data in the browser. The latter never ends up shared with the company, so if you forget or lose it, you cannot recover the data stored in your account.
The service uses secure implementations of AES, RSA, along with OpenPGP, and open source cryptographic libraries in order to guarantee that there are no hidden backdoors. It’s also interesting to note that even non-ProtonMail users can receive the encrypted messages sent by a user – they will receive the decryption passphrase along with the message.
The beta version of the service launched last Friday, and less than three days later they reached full server capacity.
“Over the next couple days, we will work on expanding our server capacity, and further improving our security. Since our launch, we have had several offers to help us with a full security audit and as those results come in, we will also be taking steps to further improve the security of ProtonMail,” Yen said on the company blog. “Because of the overwhelming demand for ProtonMail, we are also looking for additional developers to help us build ProtonMail.”
While waiting for them to reopen the gates, users can reserve their ProtonMail username.
Thursday, September 19, 2013 @ 05:09 PM gHale
After reports of hacking attempts, Brazilian oil giant Petrobras wants to keep itself on the winning security edge by increasing its spending on its IT infrastructure this year and for the following four years at least.
Maria das Graças Silva Foster, president of Petrobras, said at a public hearing in the Brazilian Senate the company will invest $1.8 billion (R$4 billion) in 2013 and $9.6 billion (R$21.2 billion) between 2013-2017 on information technology and telecommunications.
“This is a policy that is so important it has been personally approved by the board of directors,” said Graças Foster. “The management of our goods, people, information and the wealth we create is of crucial importance.”
During the joint hearing with the Parliamentary Commission for the Espionage Inquiry and the Economic Affairs and Foreign Relations committees in the Senate, she said the company constantly monitors and protects its information. One case in point she cited the quantity of emails that end up preemptively blocked.
“Between August 09 and September 09 we received 195.9 million emails,” she said. “Of these, 16.5 million arrived at their destination.”
Regarding press reports the U.S.’ National Security Agency (NSA) targeted Petrobras through espionage, the president said no violation of Petrobras systems had been recorded, but the presence of the company’s name in reports has created “discomfort.”
“Systems used by Petrobras are among the most advanced on the market,” she said, emphasizing “investment in information security should be set to follow technological developments.”
Graça Foster said Petrobras has an integrated data processing center, which has restricted access, and the company’s strategic information does not go through the Internet.
“The company’s knowledge is held at the data processing center. Critical information is stored in an encrypted closed system. Access to the center is controlled with biometrics, weighing and monitoring with cameras” she said. Despite working with partner companies and suppliers, only Petrobras holds all the information, only allowing the company to read them, she said. Additionally, Petrobras has contracts that provide for confidentiality.
Strict security procedures included requiring scientists and functionaries to avoid transferring the most critical data, such as seismic studies of the company’s oil reserves, through the Internet.
Thursday, March 22, 2012 @ 03:03 PM gHale
Google’s encrypted search service will be the default option for Mozilla’s Firefox browser.
The modification is not in the stable version of Firefox yet, but users who download the daily beta builds can access it now.
The switch to using HTTPS for search by default is a major step for Mozilla in terms of protecting the privacy of users’ search queries and results. Google has had an option for encrypted search and the company made secure search the default choice for users logged in to their Google accounts since last October. Google has not made that option the default for its own Chrome browser.
With the change in Firefox, users of Mozilla’s browser now have an extra layer of protection for their search queries, something that is becoming increasingly importance in the age of surveillance, targeted ads and data sales.
“Google’s October 2011 decision to start proactively scrubbing search queries from the referrer header was a great first step, but a small percentage of Google’s search users benefited. Now that Mozilla is switching to HTTPS search, hundreds of millions of Firefox users will have their privacy protected, by default,” privacy and security researcher Chris Soghoian said.
“The only surprising aspect to this otherwise great bit of good news is that the first major browser to use HTTPS search is Firefox and not Chrome. I reasonably assumed that as soon as Google’s pro-privacy engineers and lawyers won the internal battle over those in the company sympathetic to needs of the SEO community, that Google’s flagship browser would have been the first to ship HTTPS by default.”
Google has not said publicly when it plans to enable HTTPS search by default for Chrome users, but with the move by Mozilla, it seems likely Google will do it soon.
“We would welcome Firefox giving their users the option to use encrypted search. However, at this time we don’t feel that our encrypted search offers the features and speed that our users expect and so we wouldn’t want it to be the default. We are working towards making encrypted search as fast and complete as unencrypted search, but we’re not there yet,” said Google’s Adam Langley.
Mozilla has not said when the change to HTTPS Google searches will show up in the stable channel of Firefox.