Rethinking Encryption: Former Anti Strong-Encryption FBI Guy Changes His Mind.

A couple of weeks ago, Jim Baker published a long article on why the US needs strong encryption. One could call this position surprising, seeing how Baker was part of the FBI’s 2016 efforts to hamstring Apple’s iPhone encryption, a consequence of the San Bernardino terrorist incident. Baker does a good job of showing why […] read more

Laptop With Medical Info Missing From University of Hong Kong.

According to scmp.com, the University of Hong Kong has lost a laptop computer containing medical information on more than 3,600 people. Apparently, the laptop computer was not secured with full disk encryption software; and yet, 901 patients’ data was cryptographically protected independently. Police are currently investigating the situation. Massive Data Breach This latest episode has […] read more

AG Barr Says Encryption Backdoors Are Acceptable Risk.

Attorney General William Barr – the same one who concluded that Special Counsel Robert Mueller’s report on collusion and obstruction of justice “exonerates” the sitting president (in quotations because there’s a wee bit of a controversy on whether the report actually does so; plus Barr never literally uttered the word) – gave a speech on […] read more

Seattle University Alerts Over 2000 Faculty & Staff Of Lost Laptop.

Seattle University announced a couple of weeks ago that an unencrypted laptop was lost while an employee was “commuting on the bus.” An IT investigation drew the conclusion that “an offline email cache file” contained Social Security numbers and other personal information for 2,102 current and former faculty, staff, and dependents. The story feels like […] read more

UK’s National Cyber Security Centre Publishes List of Commonly Used Passwords.

A blast from the past, from the 1990s to the early noughts to be more specific, made the news this week, courtesy of the National Cyber Security Centre in the United Kingdom. According to an analysis by the government organization, blink182 is among the most commonly used passwords in the world. This means that it’s […] read more

Judge Says Biometric Locks Protected By 5th Amendment.

The battle over privacy in the digital age ratcheted up last week. According to a California judge, the Fifth Amendment – the right not to incriminate oneself – protects people from being forced to bypass a smartphone’s encryption via the use of irises, fingerprints, facial recognition, and other similar methods. Obviously, this means a warrant […] read more

HIPAA Notifications Are Now Within 30 Days Since Breach If You’re In Colorado.

According to bizjournals.com, any HIPAA-covered entities that do business in Colorado will now have 30 days to notify Coloradans (or Coloradoans, if you prefer) of a data breach involving personal information, and not the customary 60 calendar days under HIPAA. The reason? A bill on data security that went into effect in September. As usual, […] read more

Leading Self-Encrypting Drives Compromised, Patched.

Earlier this week, security researchers revealed that certain SEDs (self-encrypting drives) sold by some of the leading brands in the consumer data storage industry had flaws in its full disk encryption.   Bad Implementation One of the easiest ways to protect one’s data is to use full disk encryption (FDE). As the name implies, FDE […] read more

Equifax Already Had a Data Breach Before It Was Hacked In 2017.

According to wsj.com (paywalled), Equifax had already suffered a data breach before the data breach that made the company famous around the world. In 2015, two years before the hack that started with a bang and ended with less than a whimper, “Chinese spies” made off with “thousands of pages of proprietary information” that includes […] read more

FBI Director Says Legislation Possibly A Way Into Encrypted Devices.

Last week, FBI Director Christopher Wray said that legislation may be one option for tackling the problem of “criminals going dark,” a term that refers to law enforcement’s inability to access suspects’ data on encrypted devices. The implication is that, in the interest of justice and national security, the FBI will press for a law […] read more