encryption

If you tend to fall for Facebook posts like "Lose 18 pounds now!" or "WTF I can't believe this picture of you is online!" I can't help you. But if you'd like to secure your Facebook sessions from hackers and spies, you're in luck.

Facebook is now rolling out a new security feature that enables HTTPS encryption throughout your Facebook session. This long-awaited feature, which encrypts data transferred during Facebook sessions, is designed to prevent attackers from compromising users' accounts.

Here's how to enable it:

Until now, the only way to … Read more

Facebook announced today that it is now offering users the ability to use encryption to protect their accounts from being compromised when they are interacting with the site, something security experts have been seeking for a while.

The site currently uses HTTPS (Hypertext Transfer Protocol Secure) when users log in with their passwords, but now everything a user does on the site will be encrypted if he turns the feature on, the company said in a blog post.

Enabling full-session HTTPS eliminates the ability for attackers to use tools like the Firefox plug-in called Firesheep to snoop on communications between … Read more

There's a new reason to take note of a Russian programmer who rose to modest fame with his detainment in the United States in 2001: his work to help crack encryption used in Canon cameras.

The programmer and encryption expert is Dmitry Sklyarov, and his company, Elcomsoft, has found a vulnerability in Canon's OSK-E3 system for ensuring that photos such as those used in police evidence-gathering haven't been tampered with.

The result is that the company can create doctored photos that the technology thinks are authentic. To illustrate its point, it released a few doctored photos that it says passes the Canon integrity checks.

"The vulnerability discovered by ElcomSoft questions the authenticity of all Canon signed photographic evidence and published photos and effectively proves the entire Canon Original Data Security system useless," the company said in a statement. Sklyarov presented the findings at the Confidence 2.0 conference last week.

Canon didn't immediately respond to a request for comment. … Read more

There are many times when people may have items they would like to keep secured, which can include banking account numbers, software license information, or a secret Coca-Cola recipe. One way to keep these items secure is to save them to an encrypted disk image, but another option available is to use the OS X keychain's Secure Notes feature.

If you open the Keychain Access utility, you will see a Secure Notes section for each keychain; here you can add any bit of text, and it will be securely saved to the keychain. Here are the steps to do … Read more

Secure/Multipurpose Internet Mail Extensions (S/MIME) is a standard public key encryption protocol for e-mail. Gmail S/MIME is a free Firefox add-on that lets users send and receive encrypted e-mail via Google Mail from inside Firefox. It secures your e-mail messages so that only recipients with valid digital certificates can open and read them. To use Gmail S/MIME, you must have a digital certificate validating your identity for your accounts. These are available for free online, and they're easy to install, usually via a wizard. Both users need secured e-mail to open each other's messages; … Read more

Google has begun shipping a feature called False Start in its Chrome browser to speed up secure communications.

False Start essentially cuts out one set of the back-and-forth conversation needed to set up a secure channel between a Web browser and Web pages. Such secure channels use technology called SSL (Secure Sockets Layer) or TLS (Transport Layer Security), and a Web site using it shows an address beginning with HTTPS rather than HTTP.

"The latest releases of Chrome now enable a feature called SSL False Start," said Google programmer Mike Belshe in a blog post Sunday. "As … Read more

Research In Motion has been butting heads with foreign governments over its tight security, but its latest BlackBerry 6 OS has won approval from the U.S. government for those same standards.

RIM announced today that its BlackBerry 6 operating system is now FIPS 140-2 certified. FIPS (Federal Information Processing Standard) is a series of standards set up by the U.S. government to ensure that computer products meet certain high-level security requirements. The standard is used by government agencies, regulated industries, and other organizations that store and send data dealing with sensitive information.

The FIPS 140-2 standard (PDF) specifically … Read more

BlackBerry maker Research in Motion says news reports suggesting that it's close to an agreement to provide India with lawful access to monitor and access network data are "inaccurate" and "misleading."

One story CNET found, published yesterday in the Indian paper Mint, quotes an unnamed senior official from India's Home Ministry who said that an agreement is near that would give the Indian government access to the encrypted data on RIM's BlackBerry Enterprise Service (BES).

"They have in principle agreed to provide us recorded data from their servers," the senior home … Read more

Help is on the way for Web surfers who run the risk of having their Facebook, Twitter, and other Web accounts hijacked over unsecured Wi-Fi networks and other security issues that result from sites not using encryption.

A Web security mechanism called HTTP Strict Transport Security (HSTS) is making its way through the IETF (Internet Engineering Task Force) standards process, and two of the major browsers are supporting it. Web sites that implement HSTS will prompt the browser to always connect to a secure version of the site, using "https," without the Web surfer having to remember to … Read more