mailing list archives
The Year of Encryption
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 18 Mar 2014 19:24:30 -0600
Last summer, the world's largest Internet companies learned they'd been
hacked by the U.S. government.
Their answer for 2014: encrypt everything.
Over the last eight months, Yahoo encrypted its e-mail service and Google
extended encryption to every search term that users enter. Microsoft said
that by the end of this year it plans to encrypt all the data traveling to
and from its networks. "Encryption on the Web is expanding enormously,"
says Peter Eckersley, technology projects director at the Electronic
Frontier Foundation (EFF), which grades companies on how well they do at
protecting users' privacy.
The EFF believes that within a few years, every file crossing the Internet
could be protected with encryption, which uses mathematics to scramble and
Encryption does not guarantee complete privacy--ciphers can be broken or
compromised. But its widespread use could seriously hinder both
cybercriminals and bulk collection of data by governments. That's because
even someone who is able to pilfer encrypted data can't easily read it.
Encryption was already a rising trend, even before the spy scandal. Major
security breaches have shown that computer networks are not safe from
intruders. Last year, hackers stole millions of credit card numbers from
Target and Neiman Marcus after finding clever ways to gain access to their
"Today's networks are like Swiss cheese. It's very easy to get in, move
laterally, and exfiltrate data," says -Dmitri A-lperovitch, cofounder of
the security firm CrowdStrike. "People are using tools from the 1990s to do
Encrypting data, like customers' credit card information, is an additional
line of defense. But encrypting stored data (as opposed to data in transit)
turns out to pose a difficult puzzle. Encrypting the data protects it but
also makes it difficult to search or process--rendering it less useful.
Encryption also takes up computer time, the main reason Web companies like
Yahoo didn't always use it before. But Internet firms realize they must now
take extraordinary steps in response to extraordinary new threats.
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
sales () riskbasedsecurity com
Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus
on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
- The Year of Encryption Audrey McNeil (Mar 21)