PINDROP BLOG

Category: Privacy

September 26, 2016
Rooting Out Sensitive Data in Email With MailSniper
One of the more common ways for sensitive data to leak from an organization is through email. Whether intentionally or through carelessness, employees will often include passwords, financial information, and other important data in emails that wind up in the wrong hands. Depending upon the kind of information, this can either be slightly embarrassing or potentially catastrophic for…
Read More →
September 23, 2016
Researchers Say iOS 10 Backup Passwords Easy to Crack
Apple seems to have made a curious security choice in iOS 10, one that enables attackers to brute force the password for a user’s local backup 2,500 times faster than was possible on iOS 9. Researchers at Elcomsoft, a Russian security company, discovered the issue, which is related to the choice of hashing algorithm in…
Read More →
September 23, 2016
On the Wire Podcast: Nick Sullivan
There is an effort underway by some of the larger Internet infrastructure companies to encrypt as much of the network as possible. Google has been working on this for several years, making HTTPS connections the default for many of its services, and CloudFlare has done a lot of work on this as well. This week…
Read More →
September 22, 2016
No Surprise Google is Storing Allo Messages
The launch of Google Allo came with a big surprise. The surprise isn’t that Allo stores users’ messages indefinitely by default, the surprise is that people were surprised by that. When the company announced Allo in May, Google officials touted its security and privacy features, emphasizing the end-to-end encryption built into the app and the Incognito mode…
Read More →
September 21, 2016
Nearly All Top Global Companies Have Leaked Credentials Online
Many CSOs live in fear of waking up to an email reporting a data breach at their company, but the threat to an enterprise isn’t limited to a compromise of that specific organization. A new report shows that there are leaked employee credentials online for 97 percent of the top 1,000 global companies, many of which…
Read More →
September 20, 2016
‘The Horse is Out of the Barn’ on Government Control of Encryption
Controlling the development and deployment of strong encryption may have once been a possibility for intelligence and law enforcement agencies, but those days have passed and will not return, current and former U.S. intelligence officials said Tuesday. The current version of the encryption debate has much to do with the desire of law enforcement agencies and…
Read More →
September 19, 2016
Experts Question Legality of Government Hacking
The emergence into the public consciousness of government hacking techniques and activities in recent years has sparked an increasingly loud debate over how and when law enforcement agencies should be allowed to employ these tactics. But that conversation ignores the fact that these techniques may not actually be legal, experts say. Law enforcement agencies, especially the…
Read More →
September 15, 2016
Ash Carter: Government Isn’t Going to Invent a Solution to Crypto Problem
As government leaders and technologists continue to butt heads over the use of strong encryption, the  top defense official in the United States said he supports users’ rights to employ the technology and does not thing the government will come up with a magic answer to the crypto problem. Speaking at the TechCrunch Disrupt conference this…
Read More →
September 14, 2016
Years After Disclosure, Apple Was Still Sending Updates Over HTTP
With the release of iOS 10 on Tuesday, Apple made a number of significant changes to the mobile operating system. The most attention-grabbing security upgrade is the move to push software updates over an encrypted connection, a fix that is more than two years in the making. In 2014, researcher Raul Siles of DinoSec discovered that an…
Read More →
September 13, 2016
Bypassing the CA Restrictions in Android Nougat
One of the new security features Google added to Android Nougat is a function that prevents the OS from trusting by default any user-installed certificate authorities. The goal is to protect the traffic to and from apps, but a researcher has found a way around that protection and a method to intercept HTTPS traffic from…
Read More →