IBM Researchers Open Source Homomorphic Crypto Library
mikejuk writes with news of an advancement for homomorphic encryption and open source: "To be fully homomorphic the code has to be such that a third party can add and multiply numbers that it contains without needing to decrypt it. In other words they can change the data by working with just the encrypted version. This may sound like magic but a fully homomorphic scheme was invented in 2009 by Craig Gentry. This was a step in the right direction but the problem was that it is very inefficient and computationally intensive. Since then there have been a number of improvements that make the scheme practical in the right situations Now Victor Shoup and Shai Halevi of the IBM T J Watson Research Center have released an open source (GPL) C++ library, HElib, as a Github project. The code is said to incorporate many optimizations to make the encryption run faster. Homomorphic encryption has the potential to revolutionize security by allowing operations on data without the need to decrypt it."
advancement
center
craig
direction
encryption
gentry
github
gpl
halevi
helib
homomorphic
ibm
improvements
operations
optimization
security
shai
shoup
situation
version
victor
watson
Small Company Wants to Make Encryption Key Management Into a Commodity (Video)
StrongAuth helps protect data with strong encryption, so that even if a company's network infrastructure is breached, its critical data -- including customers' credit card numbers, for example -- is still safe. Their software is open source, and their objective is to "become like the Toyota Camry of encryption key management," says StrongAuth CTO Arshad Noor. "Everybody should be able to afford it." These are big words from a company that only has 12 employees, all in Silicon Valley, but it's a company that not only has a strong reputation among its small and medium-sized business clients, but is starting to get acceptance from Fortune 500 behemoths, too. In this video interview (and in the transcript), Arshad not only talks about data security, but about how his company makes money while developing and relying purely on open source software. And did somebody ask about Linux? Yes, their software is all based on Linux. CentOS, to be exact.
acceptance
arshad
business
camry
centos
commodity
cto
encryption
fortune
linux
management
noor
reputation
security
silicon valley
strongauth
toyota
yes
The War Z Taken Offline Following Hack
An anonymous reader writes with this tidbit from Net Security: "Players of The War Z, a first-person zombie survival game, have been notified of a breach of the developer's forum and game databases and the theft of user data contained in them. 'The data accessed included email addresses used to log-in to the forum, forum passwords which we encrypt, email addresses used to log-in to the game, encrypted game passwords as well as in-game character names and the IP addresses from which players log-in to the forum and to the game,' the developer explained ...There is no mention of what encryption algorithm they use to encrypt the passwords, nor whether they are 'salted,' so their advice to users about immediately changing the passwords they used for the forum and the account is more than fitting."
advice
encryption
mention
security
Does Apple Need To Get Serious About Security?
An anonymous reader writes "An article at The Verge makes the case that Apple's development of its cloud services hasn't been accompanied by the necessary effort to ramp up security to match users' increasing levels of risk. As evidence, they use a recent (and very simple) security hole that allowed anyone to reset an Apple ID password with just a user's email address and birth date. Apple's initial response failed to fully stop the exploit, and then it took several days for them to fix the issue. 'A server-side attack on Apple's cloud could get customers' credit card numbers and addresses, device backups with their encryption keys — as well as contacts and Apple IDs — anonymously and in bulk. Those systems may be defended like a castle, but bandits have plenty of places to chip away at private information at the periphery: intercepting wireless location data, cracking the still-private protocols for services like FaceTime or iMessage, or imitating iTunes updates to install to take over ...
apple
billion
business
ddos
development
devices
encryption
evidence
facetime
ids
imessage
information
itunes
location
policy
practice
privacy
secrecy
security
service
Amazon Web Services Launches CloudHSM, A Dedicated Hardware Security Appliance For Managing Cryptographic Keys
Amazon just announced the launch of CloudHSM, a new service that provides Amazon Web Services users who need to meet corporate, contractual and regulatory compliance requirements for data security a way to do so by using a dedicated Hardware Security Module (the ‘HSM’ in CloudHSM) within the Amazon cloud. Until now, Amazon argues, the only option for many companies that use its cloud services was to store their most sensitive data – or the encryption keys to it – in their own on-premise data centers. This, of course, made it hard for these companies to fully migrate their applications to the cloud. The new service, Amazon writes, can be used to support “a variety of use cases and applications, such as database encryption, Digital Rights Management (DRM), and Public Key Infrastructure (PKI) including authentication and authorization, document signing, and transaction processing.” The actual appliances are Luna SA modules from SafeNet, Inc. The new CloudHSM service uses Amazon’s ...
amazon
appliances
applications
authentication
authorization
balance
business
cloudhsm
cloudhsms
compliance
documents
drm
eal
encryption
fips
government
hsm
hsms
instance
latency
launches
luna
management
nist
options
pki
provisions
requirements
safenet
security
service
transactions
vpc