ENCRYPTION
OPINION: Hyper-Convergence and the Need for Greater Encryption. Is there a need to encrypt physical servers on premise, rather than just certain files and directories based on the data they hold? The argument often given for not needing to encrypt physical servers is usually that these servers run for weeks, months or even years without being brought down, and that they are physically protected within a well-fortified data center. The protection that FDE (Full Drive Encryption) brings only really applies to data at rest and it seldom is at rest on these servers. A response to this argument is that all drives eventually leave the data center for repair or disposal and having them encrypted protects you from having your old drives with your customer data on them show up on eBay. It also makes that decommissioning process even easy, as an encrypted drive can be quickly and easily crypto-erased if it is still operational, and if in some dramatic failure of process these does not happen, the data is still not accessible without the encryption key. Read more
[INFOSECURITY-MAGAZINE.COM]
SECURITY: Skype’s Rolling Out End-to-End Encryption For Hundreds of Millions of People. Skype has more than 300 million monthly users, making it one of the most popular chat platforms in the world. Now, they’ll all be able to benefit from a crucial privacy protection: Microsoft has announced that Skype will offer end-to-end encryption for audio calls, text, and multimedia messages through a feature called Private Conversations. Read more
[WIRED.COM]
NATIONAL SECURITY: FBI Chief Calls Encryption a ‘Major Public Safety Issue’. FBI Director Christopher A. Wray on Tuesday renewed a call for tech companies to help law enforcement officials gain access to encrypted smartphones, describing it as a “major public safety issue.” Wray said the bureau was unable to gain access to the content of 7,775 devices in fiscal 2017 — more than half of all the smartphones it tried to crack in that time period — despite having a warrant from a judge. Read more.
[WASHINGTONPOST.COM]
CHAT SECURITY: WhatsApp Security Flaws Could Allow Snoops to Slide Into Group Chats. When WhatsApp added end-to-end encryption to every conversation for its billion users two years ago, the mobile messaging giant significantly raised the bar for the privacy of digital communications worldwide. But one of the tricky elements of encryption—and even trickier in a group chat setting—has always been ensuring that a secure conversation reaches only the intended audience, rather than some impostor or infiltrator. And according to new research from one team of German cryptographers, flaws in WhatsApp make infiltrating the app’s group chats much easier than ought to be possible. Find out more
[WIRED.COM]
==========
NOW ON SLIDESHARE: Tech Update Summary from Blue Mountain Data Systems December 2017 https://www.slideshare.net/BMDS3416/tech-update-summary-from-blue-mountain-data-systems-december-2017.
IT SECURITY SUPPORT: Blue Mountain Data Systems is actively involved in implementing FISMA and NIST standards with Federal Civilian Agencies. Due to our extensive experience in this area, Blue Mountain has developed processes and organizational techniques to help ensure security deliverables are completed on time, and performed in the most efficient manner possible. We ensure that NIST-800-53 control requirements are treated consistently during definition, analysis, implementation, auditing, and reporting phases of a system. Find out more about Blue Mountain Data Systems IT Security Support Services. Call us at 703-502-3416.
BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S. Dept. of Labor, Employee Benefits Security Administration. Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support. Read more.
==========
