IBM Researchers Open Source Homomorphic Crypto Library
mikejuk writes with news of an advancement for homomorphic encryption and open source: "To be fully homomorphic the code has to be such that a third party can add and multiply numbers that it contains without needing to decrypt it. In other words they can change the data by working with just the encrypted version. This may sound like magic but a fully homomorphic scheme was invented in 2009 by Craig Gentry. This was a step in the right direction but the problem was that it is very inefficient and computationally intensive. Since then there have been a number of improvements that make the scheme practical in the right situations Now Victor Shoup and Shai Halevi of the IBM T J Watson Research Center have released an open source (GPL) C++ library, HElib, as a Github project. The code is said to incorporate many optimizations to make the encryption run faster. Homomorphic encryption has the potential to revolutionize security by allowing operations on data without the need to decrypt it."
Small Company Wants to Make Encryption Key Management Into a Commodity (Video)
StrongAuth helps protect data with strong encryption, so that even if a company's network infrastructure is breached, its critical data -- including customers' credit card numbers, for example -- is still safe. Their software is open source, and their objective is to "become like the Toyota Camry of encryption key management," says StrongAuth CTO Arshad Noor. "Everybody should be able to afford it." These are big words from a company that only has 12 employees, all in Silicon Valley, but it's a company that not only has a strong reputation among its small and medium-sized business clients, but is starting to get acceptance from Fortune 500 behemoths, too. In this video interview (and in the transcript), Arshad not only talks about data security, but about how his company makes money while developing and relying purely on open source software. And did somebody ask about Linux? Yes, their software is all based on Linux. CentOS, to be exact.
The War Z Taken Offline Following Hack
An anonymous reader writes with this tidbit from Net Security: "Players of The War Z, a first-person zombie survival game, have been notified of a breach of the developer's forum and game databases and the theft of user data contained in them. 'The data accessed included email addresses used to log-in to the forum, forum passwords which we encrypt, email addresses used to log-in to the game, encrypted game passwords as well as in-game character names and the IP addresses from which players log-in to the forum and to the game,' the developer explained ...There is no mention of what encryption algorithm they use to encrypt the passwords, nor whether they are 'salted,' so their advice to users about immediately changing the passwords they used for the forum and the account is more than fitting."
Does Apple Need To Get Serious About Security?
An anonymous reader writes "An article at The Verge makes the case that Apple's development of its cloud services hasn't been accompanied by the necessary effort to ramp up security to match users' increasing levels of risk. As evidence, they use a recent (and very simple) security hole that allowed anyone to reset an Apple ID password with just a user's email address and birth date. Apple's initial response failed to fully stop the exploit, and then it took several days for them to fix the issue. 'A server-side attack on Apple's cloud could get customers' credit card numbers and addresses, device backups with their encryption keys — as well as contacts and Apple IDs — anonymously and in bulk. Those systems may be defended like a castle, but bandits have plenty of places to chip away at private information at the periphery: intercepting wireless location data, cracking the still-private protocols for services like FaceTime or iMessage, or imitating iTunes updates to install to take over ...
Amazon Web Services Launches CloudHSM, A Dedicated Hardware Security Appliance For Managing Cryptographic Keys
Amazon just announced the launch of CloudHSM, a new service that provides Amazon Web Services users who need to meet corporate, contractual and regulatory compliance requirements for data security a way to do so by using a dedicated Hardware Security Module (the ‘HSM’ in CloudHSM) within the Amazon cloud. Until now, Amazon argues, the only option for many companies that use its cloud services was to store their most sensitive data – or the encryption keys to it – in their own on-premise data centers. This, of course, made it hard for these companies to fully migrate their applications to the cloud. The new service, Amazon writes, can be used to support “a variety of use cases and applications, such as database encryption, Digital Rights Management (DRM), and Public Key Infrastructure (PKI) including authentication and authorization, document signing, and transaction processing.” The actual appliances are Luna SA modules from SafeNet, Inc. The new CloudHSM service uses Amazon’s ...