Security flaw in OpenSSL encryption library dates back to early 2012
A major security flaw has been discovered in the OpenSSL cryptographic software library, jeopardizing security for a large number of SSL/TLS-based transmissions. The fault, named the "Heartbleed Bug," has apparently existed since March last year but only recently uncovered, and puts at risk not only the contents of encrypted online communications, but also the SSL keys used in the transmission.
Can encrypt and hide files and folders with 256-bit AES protection
While at the Macworld Expo last weekend in San Francisco, MacNN got a chance to talk with members of the MacPaw software team, best known for their duplicates finder Gemini II and their utility app Clean My Mac. The company released its latest upgrade, file-and-folder encryption tool Hider 2 (formerly MacHider), for OS X 10.8 and higher on Wednesday. The program is designed to allow users to hide, encrypt and password-protect sensitive files, whether they are confidential business documents or those pictures of an ex.
Compression utility software company releases beta of ZipShare web app
WinZip, the maker of the popular file compression utility, has introduced a beta version of its new web app. Named ZipShare, the cloud platform lets users 'zip' and share files from a hard drive or from cloud storage providers. The service will also feature file management, encryption, and file sharing, and is designed to work like a plug-in to various cloud platforms. Currently in beta, a commercial launch is planned for later this spring, with basic file sharing available at no cost and varying service levels available at a monthly rate starting at $10.
RSA blog states no payment from NSA for number generator backdoor
RSA Security has struck out against claims that the company was paid by the National Security Agency (NSA) to sell flawed encryption software that was vulnerable to surveillance. A blog post states that it has never entered into a "secret contract" with the NSA, and that any collaboration between it and the agency has been openly publicized.
Agency pushes vulnerable encryption standard
The National Security Agency has been accused of paying computer-security company RSA $10 million to sell encryption software vulnerable to surveillance, unnamed sources have told Reuters. The agency's role in promoting a crackable encryption standard was exposed earlier this year in documents leaked by former NSA contractor Edward Snowden, however the latest report is the first to detail a formal contract and monetary compensation for compliance.
Users will have more encryption options in Q1
Yahoo has announced plans to encrypt all information that moves between its data centers, in an attempt to prevent unauthorized access by the National Security Agency or other government agencies. The company is also preparing to add new encryption options for users, enabling all data to be encrypted on its way to and from Yahoo's servers.
Encrypted private messaging platform officially launches after successful beta
CoverMe - a secure private texting, document sharing and phone call app -- has officially launched. During its beta period, over 500,000 users signed up for its service, exchanging 500 million messages with military-grade encryption. CoverMe protects personal contacts, call logs, messages, documents, and more, and provides the ability to recall or remotely wipe sent messages from a device. Its private 'vault' allows users to store photos, videos, documents and communication histories so that a lost device does not lead to a privacy breach. Users are immediately notified when a recipient has read a sent message, and the app provides an option to embed messages with a 'self-destruct' option. Available on iTunes and Google Play, CoverMe is free to download (with in-app purchases available).
NSA has obtained encryption keys both legally, and through extra-legal means
More information provided by intelligence agency document leaker Edward Snowden points to the insecurity of commonly used Internet encryption protocols. Reports circulating today suggest that the NSA can completely decrypt the HTTPS and SSL encryption protocols used in most email clients and other secured Internet services, such as online banking, and e-commerce.
RAID rack fits four drives in 1U, Tower fits five in portable stack
Addonics Technologies today announced the Addonics Cipher RAID Rack and the Cipher RAID Tower, two RAID storage solutions with AES 256-bit hardware encryption for high-capacity storage. Both products are tailored for securing large volumes of sensitive information, data archiving or video recording. Both units are Mac or PC compatible, and connect to systems through a single eSATA or USB cable to a USB 3.0 or 2.0 port.
Encryption start to finish, not just at one end
Election software maker Scytl has announced the development of an improved online voting encryption technology. The Baltimore-based company claims the breakthrough guarantees end-to-end security for both computer-based online voting as well as mobile phone voting. Scytl provides voting services to 340,000 French citizens living abroad, some US troops deployed overseas, and provide internet balloting for 350,000 in the city of Halifax, amongst other clients.
Joint Cellcrypt and Verizon service by Fall
Verizon and Cellcrypt are collaborating to supply the US government with secure mobile calling capabilities. The government-grade encrypted voice calling service is aimed to be marketed to military, intelligence, and civilian agencies in the fall as a currently unnamed co-branded service.
Release celebrated with sale, double-license offer
A new utility from WellRedApps aims to make public-key encryption of sensitive documents easy enough that business and other users will routinely do it rather than risk data interception. Called DropKey, the drag-and-drop program uses a 256-bit version of public-key cryptography, which uses a matched-pair standard for encryption and decryption. The program features Address Book integration, and support for multiple files into a single encrypted archive.
Family Pack allows installs on up to six computers
R10Cipher developer Arten Science is now making a "family pack" suite of R10Cipher and cuteCipher (along with an accompanying e-book) available as a bundle offer. The R10Cipher product protects e-mail contents and files using a Public Key encryption system with 384-bit Blowfish security.
128-bit security foils keystroke monitoring
Microsoft will be debuting its Wireless Desktop 2000, a wireless keyboard that transmits its keystrokes using AES 128-bit encryption, early next month. The keyboard is compatible with both Macs and Windows computers and is paired with the Wireless Mouse 2000 for a matched look. The company says its AES 128-bit encryption is the same standard used by the U.S. government to help secure its wireless connections.
Feature spotted on Motorola Xoom
Google appears to have increased the security features in Android 3.0, adding an "Encrypt Tablet" option to protect all of the data on the device. The feature was spotted on a Motorola Xoom tablet, though it is said to be a common option available on any Android 3.0-equipped device. A dialog warns that initial encryption takes up to an hour and requires a fully charged battery.
Portable drives offer keypad, "self-destruct"
User who need to store large amounts of protected data have a further option starting today, as Apricorn adds a 750-gigabyte external USB/eSATA laptop drive with built-in 128- or 256-bit AES encryption to its Aegis Padlock lineup. As seen in our previous review of the 640GB size, the drives use a variable time circuit, encrypted PINs and keys and even offer a brute-force self-destruct feature if it senses it is being systematically attacked.
Relies on Microsoft's Azure cloud storage
Datacastle Red v4 is a single-agent policy-enforcement solution for laptop, tablet and desktop computers that allows system administrators to control backup, encryption, port access and remote deletion that operates in the cloud over Microsoft's Windows Azure platform, and now adds support for Mac OS X devices.
eWallet stores passwords, credit cards, accounts
Ilium Software has ported its password manager, eWallet 7.1, to the Mac platform. The software stores information with 256-bit AES encryption, tracking all of a user's passwords. eWallet owners can create complex, unique passwords instead of relying on one or two easy-to-remember combinations for financial websites. The software can also sync between a Mac and another computer or an iPhone, iPad or iPod touch. Users can store passwords, credit cards numbers, bank accounts, security verification questions and other sensitive information.
128-bit AES encryption in capacities up to 500GB
LaCie has expanded its line of external storage products with the Rugged Safe, an external drive designed to protect data. Contents of the drive are secured using 128-bit AES hardware encryption, while a fingerprint scanner has been integrated directly onto the top of the housing for additional biometric authentication.
Fingerprint scanner paired with heat sensor
Victorinox on Friday expanded its line of USB drives with the Secure Pro. The new device integrates several levels of security, with data protected using 256-bit AES encryption. Users can also take advantage of a fingerprint scanner, built directly onto the removable USB stick. The fingerprint identification components are even paired with a heat sensor that will not provide access to the data if the finger is not within a range of typical body temperature.
Software encrypts every part of a disk
Check Point Software has launched Check Point Full Disk Encryption for Mac OS X 10.6. The software offers encryption and pre-boot authentication utilities. The entire range of drive data is encrypted, including the operating system, temporary files and even erased files. The software offers compliance with security certifications such as FIPS 140-2, Common Criteria EAL4 and BITS.
Software now supports USB external drives
WinMagic has released an update to its disk encryption software, SecureDoc v4.9 for Mac OS X. The software features always-on 256-bit AES full-disk encryption that integrates with Windows Active Directory, allowing it to be deployed across a mixed-OS enterprise network.
Compresses and e-mails files or folders
Zevrix Solutions has announced a new media delivering software, File Courier 1.0. The app is designed to improve the efficiency of sending files and folders via FTP or between local destinations. Automatic e-mail notifications, containing delivery info, can be sent to recipients, while a variety of customizable templates can be used to present the items and locations. Users can also encrypt disk images with passwords, or create low resolution versions of PDF files that can be attached to an e-mail.
iWeb Valet 2.2 ($25) is a tool for enhancing and uploading iWeb pages. After creating a page in iWeb, instead of publishing to MobileMe, iWeb Valet allows users to publish the site to a local folder and then upload it to an FTP sever. The new version now includes a first run wizard which assists new users with some of the basic setup tasks. The DropDown Menu widget has also been made customizable to better fit the look of the menu with each website theme. [Download - 8.3MB]
KaraTunes 3.1 ($13) is an add-on for iTunes allowing users to place all of their lyrics data into a single database which can then be saved, modified and searched. Users can search the LyricTracker database and upload lyrics to their iPod. The latest version allows users to export music and synced lyrics as QuickTime movies to watch on the Mac, PC and iPhone/iPod touch. In additional, users can now set delay time for synced lyrics playback and use customized keywords for Google search. [Download - 10.5MB]
Victorinox Bluetooth tool
First-time CES exhibitor Victorinox Swiss Army has debuted its latest gadget, the Presentation Pro, featuring up to 32GB of storage that is protected by 256-bit hardware encryption and an integrated fingerprint scanner for authentication. The gadget also offers Bluetooth connectivity and two buttons for navigating slide-shows, along with a laser pointer for highlighting specific areas. The company also includes several of its standard tools including a knife, nail file, screwdriver, scissors and a key ring.
Tao Effect ships Espionage
Tao Effect has launched Espionage, offering folder-level encryption for the Mac. Apple's built-in encryption, FileVault, requires the user's entire home folder be encrypted, while Espionage allows the user to pick only specific folders. It also offers similar levels of security, using AES-128- or 256-bit protection. Espionage's ability to encrypt specific folders allows it to isolate important files like email, chat conversations or banking folders, without taking time to encrypt photo collections, movies and other items that don't require high security. Unencrypted data access is three times faster than encrypted, providing a good speed boost to data that is left untouched by Espionage.
PGP Desktop 9.9
Everyone knows that encryption is handy for protecting files from unauthorized users by denying access to their contents. Unfortunately, most people donít use encryption, in spite of the obvious advantages, because itís often too much of a hassle. To make encryption more transparent to the user, a new option is PGP Desktop Professional 9.9.
FileGenius replaces FTP
Applied Answers has released FileGenius, a file-transfer solution for users that need to move large files from one physical location to another. Positioned as an upgraded solution to FTP use, FileGenius works through a web browser, for simple drag-and-drop transfers.It claims to provide an easy interface and secure file access allowing users to begin using the software immediately. Applied Answers recognizes that there are situations that require confidential files to be transferred through a secure connection, FileGenius can be configured to use SSA encryption, and SHA hashed file directories and hidden site addresses (which cannot be found by search engines).
- RiftVault 1.0 ($40) 256-bit AES encryption keeps credit card numbers secure, documents safe, and secrets confidential. Designed exclusively for Mac OS X Leopard. The new release includes major improvements to the UI, has a full feature set and include ssignificant stability and security improvements [Download - form]
- VectorDesigner 1.4 ($70) application for vector drawings, diagrams and illustrations, raster image handling, filtering and color correction. This release introduces user definable templates: a template can contain all the elements that are available in a standard VectorDesigner document, such as paper size, units, rulers positions, layers etc. [Download - 4.9MB]
- SMTPit Pro 4.1.0 ($65) FileMaker plug-in that provides a vast array of email options. You can send simple text based messages or you can send complex HTML messages. You can send a single message or an entire mail out. Its functionality is flexible enough to cover many email tasks. The new release fixes issues dealing with Files and Folders that contained forward and backward slashes and issues on Mac where the plug-in couldn't deal with files on mounted volumes in certain circumstances. [Download - form]
- Merlin 2.6 ($225) project management software designed exclusively for the Mac. With Merlin 2.6, you will be able to publish your project file over the web either as a live HTML document so you can collaborate with other users over the web or as a static HTML page that you can share with the team. This feature opens the door for all users who wish to use Merlin but can't because they are tied to an operating system other than Mac OS X. [Download - 37MB]
goSecure 1.2 launched
GoGoalsoft has announced the latest update to its easy to use Mac OS X encryption application, goSecure 1.2. Designed to keep sensitive documents away from prying eyes, version 1.2 includes 256-Bit AES encryption (up from the 128-bit AES of previous versions), faster encrytion/decryption times, and an option to skip file compression. Offering features such as an easy 'drag and drop' workflow, secure deletion for source files and a 'default path' backup feature, goSecure 1.2 is for users wishing to keep their files secure.
PGP Whole Disk Encryp. 9.9
PGP Corporation has announced a forthcoming update to Whole Disk Encryption, its enterprise-level security program. As implied by its name, the application encrypts everything on a hard drive or flash stick, including swap and temporary files, to the FIPS 140-2 level required by the US government. Version 9.9 will be the first edition of this software for the Mac, and should be released sometime in July.
Check Point for Mac
Check Point Technologies on Wednesday unveiled Check Point Full Disk Encryption for Mac OS X, offering users pre-boot authenticated disk encryption, what the company claims is an industry first. Since the security software encrypts the entire disk before the operating system boots, Check Point says the multi-certified cryptology engine adheres to many state and federal privacy laws, and can be deployed in any scale of operation. Check Point Full Disk Encryption starts at $120.
Fujitsu ultra-secure HDDs
Fujitsu on Monday announced the "first ever" hard disk drive line-up using the hardware-based AES-256 bit encryption standard. The company's mobile HDDs are joined by the MHZ2 CJ-series laptop drives, consisting of full disk encryption, 2.5-inch, 7,200RPM SATA drives with capacities up to 320GB. Fujitsu claims not only improved data security, but also improved system performance for its newest offerings. The hard drives themselves encrypt and decrypt the password, leaving system performance minimally affected; the passwords are not accessible in system memory when powered off, the company claims.
Kingston BlackBox drives
Kingston Technology today unveiled the DataTraveler BlackBox USB flash drive, a Federal Information Processing Standard-validated USB flash drive in 2GB, 4GB, and 8GB sizes. The BlackBox carries FIPS 140-2 certified encryption, which requires the device to pass a Power On Self Test which verifies the encryption architecture is functioning. The DataTraveler BlackBox USB flash drives are currently shipping, starting at $165 and ranging to $425.
Forum roundup, WiFi, SMB
Forum roundup: MacNN forum members are discovering what encryption methods others use to protect their WiFi networks. Users are discussing why they feel one is superior to the other, while a poll is currently tracking the amount of users who encrypt with WEP, WPA-1/2, or other methods, or if they use none at all. Some members are also touting the benefits of using an access control list to govern overall network access.
Lockdown 1.0 encrypts data
Northern Softworks recently unveiled LockDown 1.0, its new software that allows users to encrypt their files and data. LockDown makes use of OpenSSL to provide six encryption ciphers, which the developer claims are "industrial strength". Users simply drag-and-drop their data onto the application, and LockDown can even function with the clipboard. Northern Softworks is currently selling Lockdown 1.0 for $10 from its website.
SecuriKey for Leopard
GT Security today launched SecuriKey 2.1, adding support for Apple's latest release of Mac OS X -- 10.5 Leopard. SecuriKey combines USB token and password technologies with data encryption on the hard drive to provide secure, user-friendly computer access control and data protection. The latest revision of SecuriKey features the only integrated AES encryption and multi-factor authentication solution designed for the Mac, according to GT Security, which provides security for mobile data on Apple laptops as well as desktops and servers. SecuriKey 2.1 is available in Professional and Multi-User editions, working with Mac OS X Tiger/Leopard as well as Windows XP and Windows Server 2003.
Seagate used its share of the CES limelight to unveil a series of solutions intended to enhance the security of its storage offerings and a new family of drives built for DVRs. The new Maxtor BlackArmor is a 2.5 inch portable external storage solution that features National Institute of Standards and Technology (NIST) certified encryption at a size of 160GB. Maxtor BlackArmor drives are expected to be available in Q2 of 2008 for retail price of $150. Also new is Central Axis software which allows access to data on Maxtor Shared Storage II networked drives via a Web connection without breaching network firewalls. Central Axis technology is expected to be available in March and will be a free download.
Apple files DRM patent
After many years of having its software not subject to copy protection or digital rights management, Apple may be looking to correct this with a new patent application entitled "Run-Time Code Injection To Perform Checks". PC World reports that the patent, dated December 13th, would be some sort of digital rights management system that would "restrict execution of that application to specific hardware platforms." Apple notes that some users that are proficient at circumventing protection methods could easily bypass dongles or encrypting software if it is worth enough to them, so Apple's approach relies on hardware-embedded cryptographic key mechanism that would inject bits of code into the application's execution stream, generating data that compares the digitally signed code with the DRM module.
Apricorn Aegis Vault
Apricorn recently unveiled the Aegis Vault Ė a 2.5-inch drive protected with 128-bit AES hardware encryption Ė adding to its large lineup of Aegis portable media drives. The USB-powered drive features an encrypted partition that can be accessed through a password, and can be configured with public partitions for use in a shared environment. The Aegis Vault does not require the host computer to have special software installed to authenticate the drive, allowing any Windows-based computer to access the content in the encrypted partition when the correct password is entered. Pricing for the Aegis Vault starts at $170 for the 80GB version, with drive sizes available up to 250GB.