In this post we’re going to talk about how the communication, file sharing and file storage layers have become a huge security vulnerability for organizations of all sizes, why, and what you can do about it.
Last updated 1/13/21
This is a technical overview of how HighSide’s encrypted messaging & file sharing works for those who are interested in specifics. You do not need to read or understand any of this to use HighSide correctly unless you are the admin for your team in which case you might choose to just read the section on authentication.
TL;DR Each message is encrypted then HMAC’d with a randomly generated unique 256 bit key using AES-CTR, hereafter the “AESEphemKey”. Then, for every participant who must receive the message, the AESEphemKey is encrypted with the participant’s 512 bit secp256k1 elliptic curve public key and that encrypted AESEphemKey is added to the top of the ciphertext as a header. The whole thing is signed using ECDSA-SHA256, and then the information is sent to the server and relayed to the receiving clients. Each receiving client checks the signature, finds their header, decrypts the AESEphemKey using their private key, and then decrypts the main ciphertext using this AESEphemKey. Sending files works similarly except that files are split, compressed, encrypted, and sent in pieces to speed things up. Key authentication is taken care of by an admin in your team; if users trust the admin then they do not need to all verify each other’s keys.
TikTok and Huawei are probably two of the most notable Chinese technology companies that are enveloped in policy debates. The US government’s most recent actions against TikTok could be an indication of future actions that could be taken against Chinese technology companies. Join us for the important discussion about how geopolitical motivations impact technology regulations and international interference operations. We’ll look at how Western businesses are changing their technology development, operations and staffing strategies in Greater China and much more.
Download the case study that details why one global strategic intelligence company ditched Zoom, Teams, Slack and other “mainstream” collaboration platforms for HighSide.
It was made aware to the public via media reporting that a group of sophisticated attackers had gained unauthorized access to internal US Treasury and Commerce Department systems. Now, we don’t have the full technical details of how these compromises were accomplished, but we do know from both press reporting and personal sources familiar with the incident response, that the scale of the breach was amplified due to the relatively immature security capabilities offered in Microsoft O365 services such as Exchange Online and Teams.
According to the World Health Organization, COVID-19 is now officially a pandemic.
The impact of COVID-19 struck close to home for me this week as at least two attendees at the annual RSA Conference fell ill to the virus. I spent the entire week in San Francisco at the RSA Conference catching up with longtime friends, speaking in several sessions and walking the Expo floor. For myself and our company, HighSide, I’m grateful to have no symptoms two weeks post-conference and that our company enables employees to work from wherever they have an internet connection to stay productive.
As the virus continues to spread, new regions are quarantined and companies begin their work from home contingency plans, our customers handling regulated and sensitive data have begun asking us how they can ensure continuation of operations from home.
This article was originally published on Silicon Luxembourg on Feb. 4th, 2020
For the last several months, many of us in the mobile technology security community have heard rumors about Jeff Bezos’ iPhone. Not that he had access to a special new model or something good, but something quite bad – that his iPhone had been remotely compromised by a well-funded group to gain access to his personal information as the result of a business deal gone bad.
What is surprising about this security incident is that Bezos has access to some of the best cyber security professionals in the world. He has a dedicated team who looks after his physical and cyber protection. If this type of attack can be successful with Bezos as the target, then nearly anyone is just as vulnerable (probably more so because most don’t have the cyber protection resources Bezos does).
The need for improved HIPAA compliant technologies is becoming more apparent.
The number of data breaches in the healthcare industry has increased steadily for the past four years. From 2015 to 2018 alone, healthcare breaches increased by more than 26%. And while cyber attacks are growing across all sectors, the healthcare industry is especially vulnerable.
A recent Ponemon Institute study shows that, on average, healthcare records sell for 250% more than other information on the dark web.
Over 35,000 people will stroll the aisles at DSEI this year. They expect exhibitors, more than 1,600 of them, to amaze with new, innovative solutions for the greatest problems in defence. The world’s biggest defence contractors and service providers will be there demonstrating their latest and most impressive technologies and solutions.
Thought leadership? DSEI will host over 300 speakers that are all government leaders or experts in the defence industry.
As far as defence conferences go, DSEI is the pinnacle.
There have been more than 500 bank failures in the past decade.
More than 500 failures.
Of them, most were smaller community banks that couldn’t recover from the effects of the Great Recession. Since the economic downturn, the surviving banks are regaining strength and financial stability, but many are still struggling with operational and financial challenges.
“Our money is safer under the mattress than it is in the community bank!”
We all sort of laughed at my neighbor’s conclusion to the philosophical discussion about current banking cyber crimes. About five of us were tossing around our perceptions of the cyber readiness of financial institutions when Chris decided we should just take all our money out. Of course, we were being a bit fantastical and just having fun with our dramatized cyber doomsday scenarios. And I don’t think Chris was serious about keeping his money under a mattress.
But the truth is, many banks are struggling to keep up with information security. And the terrifying truth is, a lot of their efforts are trailing behind hackers’ capabilities.
