Security & Encryption After Edward Snowden

Uploaded on 2017-03-28 in INTELLIGENCE--USA, INTELLIGENCE--International, GOVERNMENT-National, FREE TO VIEW

It's been almost four years since Edward Snowden leaked US National Security Agency documents revealing the extent of the organisation's surveillance of global internet traffic, but he's still making the headlines in Germany.

There have been a lot of changes on the Internet in those four years, but one of the biggest is the growth in the use of encryption.

In 2013, the NSA had free rein and could listen in on almost any communication it wanted. Now, it's commonplace to encrypt traffic to webmail services and even popular websites such as Microsoft.com or Google.com using the https protocol. And you don't have to be an enemy of the state to use an end-to-end encrypted messaging system such as WhatsApp simply to chat with friends.

The encryption seems to be working, too. Leaked files from the US Central Intelligence Agency, published by Wikileaks, show no obvious signs that fundamental encryption systems have been broken. Instead, the agency's focus seems to have been on subverting smartphones and other terminal devices so that it can access data before encryption, or after decryption.

Keeping unwanted visitors, of whatever nationality, away from your data is therefore key, and some of the exhibitors at Cebit have ways to help you do just that.

Secusmart, the BlackBerry subsidiary that secures German Chancellor Angela Merkel's smartphone, is showing new a version of its SecuSuite security software compatible with Samsung Electronics' Knox platform. That means that organisations looking for smartphones offering government-grade security will soon be able to buy a Samsung Galaxy S7 or S8 rather than the now-discontinued BlackBerry OS smartphones like the one Merkel uses. 

In addition to encrypting communications and data stored on the device, SecuSuite for Samsung Knox also secures voice calls using the SNS standard set by Germany's Federal Office for Information Security (BSI). 

Genua is showing its Data Diode. Named for the electronic component that only allows current to flow in one direction, it allows the transfer of data, log files, backups and emails into a network at up to 3 Gbit/s, while ensuring that only the necessary protocol status messages are sent back.

Sometimes we choose to let data escape from our networks. The digital assistants in our phones and in appliances like Amazon Echo or Google Home record a lot of what we say and do, and send it to their creators' cloud services for processing. 

Amazon's lawyers have recently been fighting to keep that information secret for its customers, but if you don't want to rely on a court verdict for your privacy, you might prefer your voice-controlled assistant to do all its processing at home. 

Semvox has developed an intelligent speech interaction system, ODP S3, that operates locally or in the cloud. It says it's suitable for automotive, industrial, smart home, medical device and robotics applications, among others.

Best practice, these days, is to encrypt all your data at rest, something that many operating systems will do for you these days. What do you do, though, if you didn't encrypt the data on an older device, but now want to securely dispose of its hard disk? If you only have a few such disks you can just drill holes in them, but after a while that will get boring. If you're decommissioning hundreds of disks, you might want to automate things with the HDS230 hard drive shredder from HSM. 

They have a plentiful supply of disks to shred, but you can also bring your own if you really won't need that data again.

If you did encrypt your data, you'll need to remember the password. But if you need to share access to that data, what then? Remembering passwords, and remembering who in the enterprise should have access to them, is the job of Password Safe from Mateso. 

The software can provide temporary, time-controlled access to passwords, logging who has used them and when. If it's too late and you've already forgotten your password, maybe the magician on the Mateso stand can pull it out of thin air.

Computerworld

CIA leak 'absolutely' an 'inside job':

Snowden Helping To Protect Journalists:

UK Accused Of 'full-frontal attack' On Whistleblowers:

 

 

« A Quick Tour Of Cybercrime’s Underground
Cybersecurity’s Human Side Is A Problem »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Cyber Security Associates (CSA)

Cyber Security Associates (CSA)

Cyber Security Associates provides cyber consultancy and cyber managed services which help to detect, protect and educate against the ever-changing cyber threat.

Techmeme

Techmeme

Techmeme is an online news curation service focused on leading edge technology, including cyber security.

Dionach

Dionach

Dionach are a certified information security specialists who provide Penetration Testing, IT Security Auditing and Information Security Consultancy.

Huntsman Security

Huntsman Security

Huntsman Security provides technology to enable real-time security monitoring and immediate visibility of advanced threats and compliance issues.

Convercent

Convercent

We offer comprehensive and integrated compliance management, reporting, and analytics. A 360-degree view of compliance drives efficiency by aligning initiatives and data into a single dashboard.

Codified Security

Codified Security

Codified is a testing platform for mobile application software. We make it easier than ever for companies to detect and fix security vulnerabilities and ensure their applications are compliant.

Boldon James

Boldon James

Boldon James are market leaders in data classification and secure messaging software.

Codeproof Technologies

Codeproof Technologies

The Codeproof enterprise mobility solution empowers your business to secure, deploy and manage mobile applications and data on smartphones, tablets, IoT devices and more.

Onward Security

Onward Security

Onward Security provides security solutions including network & application assessment, product security testing and security consulting services.

Baker Donelson

Baker Donelson

Baker Donelson is a law firm with a team of more than 700 attorneys and advisors representing more than 30 practice areas including Data Protection, Privacy and Cybersecurity.

IntaPeople

IntaPeople

IntaPeople are IT and engineering recruitment specialists. We have specialist teams for job sectors including Cybersecurity, IT infrastructure and DevOps.

Allied Telesis

Allied Telesis

Allied Telesis delivers the secure, flexible, and agile solutions needed to meet the expectations of any industry’s critical mission.

Epoch Concepts

Epoch Concepts

Offering a full line of IT services, solutions, and integration capabilities, Epoch Concepts is the trusted partner of the US military, federal agencies, private enterprises, and systems integrators.

ISO WISH

ISO WISH

Take your Business to the Next Level with ISO Certification in UAE.

Sri Lanka CERT

Sri Lanka CERT

Sri Lanka CERT is the National Centre for Cyber Security, which has the national responsibility of protecting the nation’s cyberspace from cyber threats.

Assura

Assura

Assura provides innovative cybersecurity advisory and managed services to all industries including government, healthcare, financial, manufacturing, and transportation sectors.