For the past several days I have been focused on understanding the inner workings of several of the popular file synchronization tools with the purpose of finding useful forensics-related artifacts that may be left on a system as a result of using these tools. Given the prevalence of Dropbox, I decided that it would be one of the first synchronization tools that I would analyze, and while working to better understand it I came across some interesting security related findings.

The meta-issue is pretty simple. If you expect a cloud provider to do anything more interesting than simply store your files for you and give them back to you at a later date, they are going to have to have access to the plaintext. For most people -- Gmail users, Google Docs users, Flickr users, and so on -- that's fine. For some people, it isn't. Those people should probably encrypt their files themselves before sending them into the cloud.

The FTC complaint charges Dropbox (.pdf) with telling users that their files were totally encrypted and even Dropbox employees could not see the contents of the file. Ph.D. student Christopher Soghoian published data last month showing that Dropbox could indeed see the contents of files, putting users at risk of government searches, rogue Dropbox employees, and even companies trying to bring mass copyright-infringement suits.

All malware is bad, but ransomware is particularly insidious—ask any ransomware victim. That's why a new attack scheme called “Pacman” has raised alarms, because it's even nastier than usual. Think of the classic Pac-Man game's voracious yellow ball, chomping up all of your files. It takes only one click to infect a vulnerable PC, and the attack gives victims only 24 hours to pay the ransom in Bitcoins or risk losing all of the compromised data.

Chinese, Russian and United States law enforcement agencies have the ability to eavesdrop on Skype conversations, as well as have access to Skype users' geographic locations. In many cases, simple request for information is sufficient, and no court approval is needed. This ability was deliberately added by Microsoft after they purchased Skype in 2011 for the law enforcement agencies around the world. This is implemented through switching the Skype client for a particular user account from the client-side encryption to the server-side encryption, allowing dissemination of an unencrypted data stream.

Hello guys, skype just produced this popup in FF on its own, after researching a bit, it seems its been an issue thats been spreading in the last 24 hours and only effecting skype users.

Researchers recently spotted a malvertising campaign that used poisoned ads on Skype to redirect users to the Angler exploit kit.

Some Skype users have reported seeing malicious ads inside their Skype clients in recent days that lead to a site that tries to download a fake Adobe or Java update.

Several users have complained about "fake Flash" ads, which if triggered, can lead to a ransomware attack.

Last summer, I deleted my Dropbox account after the company admitted to a horrifying security breach. This week, I reluctantly opened a new Dropbox account. Within minutes, I received a message from Dropbox suggesting that their back-end processes are still problematic. Here's why I'm concerned.

See how data travels across the internet and the privacy risks it faces along the way

While it's not true that all Internet traffic flows through the US, the addition of a few listening posts at key Internet exchanges in Europe (London, Paris) and some in Asia (Hong Kong, Tokyo) ensure that the NSA and its Five Eyes partners can analyse and ingest the majority of international Internet traffic.

Sécurité sans Frontières est un collectif de professionnels de la sécurité informatique et de hackers qui se portent volontaires pour prêter assistance aux journalistes, défenseurs des droits de l’homme et organisations à but non-lucratif dans le domaine de la sécurité informatique.

De plus en plus d’experts en cybersécurité s’intéressent aux attaques informatiques pratiquées par les gouvernements contre la société civile.

L’administration Trump a annulé une série de mesures prises sous la présidence Obama, dont un ensemble de protections de la vie privée des consommateurs américains.

In the spring of 2004, Mark Zuckerberg used data from his successful new web site, TheFacebook.com, to hack into the email accounts of two Harvard Crimson...

Apple says that its preliminary assessments of the WikiLeaks documents released today indicate that the vulnerabilities it details for iPhone and Mac were..

“Previously we were able to do our job in the background.”

Les sénateurs sont revenus jeudi 23 mars sur des règles empêchant les fournisseurs d’accès à Internet de revendre les données de navigation de leurs clients sans leur consentement.