Latest news with #AdvancedEncryptionStandard
Time Business News
23-07-2025
- Time Business News
From Mobile Threats to AI Defense: Protectstar's Two-Decade Evolution in Cybersecurity
In cybersecurity, two decades can feel like a geological era. The threats of 2004, clumsy viruses, mass-mailing worms, rudimentary trojans, barely resemble the advanced persistent threats and nation-state actors we battle today. Companies that survived and thrived through this radical shift didn't just adapt. They anticipated. They innovated. They evolved. Protectstar is one of those rare survivors. Its journey from a startup focused on mobile threats to a leader in AI-driven defense systems is more than a success story; it's a blueprint for how cybersecurity must continue to evolve if it wants to keep up with an increasingly complex digital world. The Early Days: Mobile Security Before It Was Cool When Protectstar launched in 2004, the idea of 'mobile cybersecurity' sounded almost laughable to most in the industry. Smartphones were barely a concept. The big threats were Windows-based and largely concerned desktops and servers. But Protectstar's early focus on securing mobile devices showed a prescience that was, frankly, rare. By 2005, they were developing protections for early smartphones, years before 'bring your own device' would become a corporate nightmare and mobile malware would explode into a billion-dollar criminal enterprise. Protectstar understood something the rest of the market was slow to grasp: security follows the user. As devices shrank and mobility increased, the attack surface would inevitably shift. Building a Foundation: Extended AES and iShredder One of the key pillars in Protectstar's rise was their development of data protection tools, especially around secure deletion and encryption. Extended AES (Advanced Encryption Standard) and iShredder weren't just software utilities. They were answers to a deeper anxiety growing in the digital world — the idea that once data existed somewhere, it was almost impossible to fully erase. iShredder, in particular, tapped into a psychological fear that resonates even today: how do I really delete my information? Protectstar didn't just offer an eraser, they offered trust . Algorithms modeled after military data destruction standards, certified wiping processes, and forensic resilience. It wasn't flashy. It was foundational. And it laid the groundwork for the credibility Protectstar enjoys today. The Shift Toward Artificial Intelligence: Necessity, Not Novelty Fast forward a decade. Signature-based detection was crumbling. Zero-days were being weaponized faster than vendors could patch. Malware began evolving too quickly for human-led analysis to keep pace. Protectstar didn't chase the AI hype, they were dragged into it by necessity. Extended AI (EAI) became a core part of Protectstar's defensive architecture. Their Antivirus AI and Anti Spy apps don't rely on bloated signature libraries. Instead, they use machine learning models that continuously analyze patterns, behaviors, and anomalies both locally and in the cloud. What's critical to understand here is that Protectstar didn't just bolt AI onto existing products as a gimmick. They re-engineered how their apps think. This matters because threat actors are increasingly deploying polymorphic malware – malicious code that changes itself to evade traditional detection. Static defenses don't cut it anymore. Only adaptive, learning-based defenses stand a chance. Protectstar's approach reflects that hard truth. From Threat Prevention to Threat Prediction The real pivot that marks Protectstar's maturity is the move from reaction to prediction. Most security tools still play catch-up. Malware is detected after the fact. Damage is contained after a breach. Protectstar's AI models aim to spot malicious intent before it executes. Behavioral analysis, context-based risk scoring, and anomaly detection allow their systems to 'feel' when something is off, even if it's never seen that particular attack signature before. In cybersecurity, milliseconds matter. The difference between prevention and reaction can be catastrophic. Protectstar's shift toward predictive defense mirrors what the smartest players in the industry are trying to achieve: turning cybersecurity into a proactive, pre-emptive shield. Keeping It Lean: The Beauty of Minimalism One of the easy mistakes security companies make when chasing innovation is bloat. More features. More processes. More 'stuff'. Protectstar resisted that temptation. Their apps are tight. Fast. Lean. They're built for resource-constrained devices like smartphones, not massive enterprise data centers. There's elegance in how Protectstar's tools integrate AI while maintaining a minimal attack surface themselves. Remember: every line of code, every open port, every background process — it's all potential exposure. Protectstar's commitment to streamlined engineering doesn't just make their apps faster; it makes them inherently safer. Privacy as a Product Feature, Not a Tagline Somewhere along the way, 'privacy' became a buzzword in cybersecurity marketing. But Protectstar's handling of user data shows that for them, it's not a checkbox. It's an ethos. They collect minimal telemetry. They anonymize threat data. They avoid unique device IDs where possible. They build their machine learning models to operate with as little raw user data as necessary. Cybersecurity companies are often caught selling or leaking user information, and this is where Protectstar's record stands out. It's not because they're perfect (no one is), but because their default posture is user-first. That's important. Trust is brittle in this industry. Lose it once, and it's almost impossible to earn back. What's Next for Protectstar? If the past is any indicator, Protectstar's future will involve getting even smaller and smarter . On-device AI: We're likely to see more models that do heavier lifting directly on the device, reducing latency and dependency on cloud processing. We're likely to see more models that do heavier lifting directly on the device, reducing latency and dependency on cloud processing. Cross-platform convergence: Expect tighter integration across mobile, tablet, and IoT devices as Protectstar expands its ecosystem. Expect tighter integration across mobile, tablet, and IoT devices as Protectstar expands its ecosystem. Post-quantum security: It wouldn't surprise me to see them experiment with quantum-resistant encryption models ahead of the broader market. It wouldn't surprise me to see them experiment with quantum-resistant encryption models ahead of the broader market. Behavioral micro-segmentation: Building even more contextually aware, fine-grained models that treat every app and process on a device as its own micro-environment to monitor. If Protectstar has taught us anything, it's that they're rarely satisfied with staying reactive. They anticipate shifts before they hit the mainstream. Lessons from Two Decades on the Front Lines Protectstar's evolution isn't about flashy breakthroughs. It's about relentless adaptation. Predicting user needs before users even articulate them. Recognizing technological shifts before the rest of the industry stumbles into them. More importantly, it's about staying grounded. Lean engineering. Ethical data practices. Pragmatic AI. For those of us who work in cybersecurity, Protectstar's journey is a reminder: survival isn't just about reacting to threats. It's about evolving your very DNA to match a digital world that's changing faster than we ever imagined. And if their track record is any indication, Protectstar's best chapters are still unwritten. TIME BUSINESS NEWS
CNET
14-05-2025
- Business
- CNET
Why Is Venmo Asking Me to Register With Plaid? What You Need to Know About the Free Financial Service
You don't have to create your own account with Plaid but you can use Plaid Portal to view what types of information you have shared with the service. pixelfit / Getty Images If you've shared your banking login with an investing or budgeting app in the past few years, there's a good chance you've also given your data to a company called Plaid. Don't be alarmed, Plaid is a service that works behind the scenes to securely link bank accounts to financial apps. It's used by more than 12,000 financial institutions and more than 8,000 apps and payment services, like Venmo. But is Plaid safe to use and what does it do with your banking info? Here's what you need to know. How does Plaid work? With your permission, Plaid allows a financial app or service to access information from your bank. Think of Plaid as the go-between, encrypting and securing data as it's sent from your bank to the app or service. For example, let's say you want to use a budgeting app like Rocket Money. Instead of manually entering your account numbers and routing numbers for your different bank accounts and inputting your transaction histories, Plaid will automatically share the data with Rocket Money so it can analyze your earning, spending and saving patterns to develop a roadmap for your finances. Is Plaid safe to use? Anytime you're doing anything with your banking information, you need to focus on the security features that will keep that information out of the hands of bad actors. Here's a rundown of the key features that help make Plaid safe: Login and password protection: You'll need to enter your username and password for your financial institution to allow Plaid to share the account info. However, Plaid's website says it doesn't share your login info with the apps . You'll need to enter your username and password for your financial institution to allow Plaid to share the account info. However, Plaid's website says it doesn't share your login info with the apps Best-in-class encryption: While Advanced Encryption Standard and Transport Layer Security are terms that may not mean much to people who don't speak cybersecurity lingo, they are both signals of Plaid's efforts to keep all information as secure as possible while it's being transmitted. It's all encrypted, meaning that outside parties cannot view your info while it's in transit. While Advanced Encryption Standard and Transport Layer Security are terms that may not mean much to people who don't speak cybersecurity lingo, they are both signals of Plaid's efforts to keep all information as secure as possible while it's being transmitted. It's all encrypted, meaning that outside parties cannot view your info while it's in transit. Multifactor authentication: When you share your details with Plaid, expect to get a text on your phone as well. The confirmation is an additional layer of security to help Plaid verify that it's really you. Plaid says that "almost all logins" have multifactor authentication. When you share your details with Plaid, expect to get a text on your phone as well. The confirmation is an additional layer of security to help Plaid verify that it's really you. Plaid says that "almost all logins" have multifactor authentication. Regular audits:. By inviting third-party scrutiny, Plaid can regularly and independently test its application programming interfaces (API) and security controls. Additionally, Plaid says it does not sell or rent consumers' financial data. There is no record of any major data breaches with Plaid. How do I use Plaid? You don't really have to do much to use Plaid. The reason the service exists is to sync your personal financial data with a new company without requiring more setup on your end. If you're using Plaid, however, you'll know because a pop-up window informs you that you will be giving Plaid permission to share certain types of data with the app or service. If you agree, you'll enter your bank login information and Plaid will connect the two systems. If you want to know what types of data you're sharing via Plaid and with what companies, you can create a Plaid Portal account. You'll share your phone number and Plaid will scour its service to display the connections you have through the service. Can Plaid see my bank account balance and other financial data? Once you enter your bank login details, Plaid may be able to view your account balance and share those details with another service. For example, if you're applying for a personal loan or using a new budget app, the lender or the app provider will likely need to know your account balance. Other pieces of data that Plaid can collect, use and share with other providers includes: Name, mailing address, phone number and email address Transaction history including date, amount, type, and full description of each purchase, withdrawal or other transaction Account name and account type Account number Routing number Real-time balance In the past, Plaid has gotten into trouble for collecting too much data: The company settled a class-action lawsuit for $58 million that alleged Plaid was collecting more information than it needed. Can I choose what information to share with Plaid? When Plaid asks for your bank login information to connect your account with another company, you'll get a clear rundown of the types of information that will be shared. Additionally, you can submit a request to delete your data and eliminate connections with other services via Plaid's Privacy Request Form or within the Plaid Portal. Are there safer alternatives to Plaid? Plaid may not be your only option for connecting your bank account, depending on the service. For example, if you don't want to share your data with Plaid for account verification with Venmo, you can choose a manual process that includes microtransactions -- small deposits and withdrawals. Apps may partner with alternative data connection services such as MX, TrueLayer or Finicity to share your information. It's tough to say whether any of these are actually safer than Plaid; they may just offer a different user experience and, depending on your financial institution, they might be easier. Sharing your financial information with any company can feel stressful. However, Plaid's security protocols seem designed to alleviate a lot of those concerns. FAQs Do I need Plaid? If you want to use an app to help manage your finances or make payments, that app requires a digital connection to your bank to share your data. Creating and maintaining secured connections with thousands of financial institutions isn't feasible for most apps. Instead, they use a service like Plaid, which builds and maintains connections for more than 12,000 financial institutions. Depending on the app, you may have the option to use alternative data connection services or to use a manual process to share your information. Why is Venmo asking me to use Plaid? Venmo uses Plaid to instantly verify your bank account information. By entering your username and password for your online banking portal, Plaid is able to let Venmo know your essential details -- your bank account and routing numbers -- to let you send and receive money. Do I have to create a Plaid account to use it? Plaid acts as a middleman that links your bank with whatever app or service needs your account information, so you don't need a standalone Plaid account. If you want to know what information you have shared with Plaid, however, you can create a Plaid Portal account that will give you an overview of all the data. Is Plaid safe to use with my financial accounts? While no company is 100% immune to data breaches and online hackers, Plaid is used by thousands of financial institutions for protecting and transmitting sensitive information. The company follows rigorous security protocols to safeguard your financial accounts including best-in-class encryption and multi-factor authentication for the vast majority of transactions.
The Hindu
25-04-2025
- Science
- The Hindu
Quantum secure communications are a must for India, officials say
Senior government officials on Friday (April 25, 2025) stressed the importance of developing and deploying quantum-secure communications, using encryption that will withstand any future developments in the next generation of advanced computer systems. Under the National Quantum Mission (NQM), one of the four pillars is quantum communications, which focuses on indigenously developing such capabilities. 'If you have a 128-bit AES [Advanced Encryption Standard] system, it cannot be decrypted in your lifetime, because the number which is getting factorised is very large,' Ajay Kumar Sood, India's Principal Scientific Advisor said. Dr. Sood was referring to the cryptographical techniques used to encrypt data, which typically involve one-way mathematical functions to encrypt information in digital systems. Using mathematical functions like this is extremely difficult to decrypt without a key. However, quantum computers – which rely on qubits as opposed to classical computers that use binary, have shown great theoretical promise in attacking such decryption tasks. Qubits leverage aspects of quantum mechanics that may allow them in the future to decrypt data that would take regular supercomputers several years in a fraction of that time. Since quantum computers are at a nascent stage of development – qubits are proving difficult to leverage in a large enough group – these capabilities have not yet emerged. But policymakers worldwide are preparing for their arrival. When 'quantum computers are available, this [decryption] can be done in probably a few minutes provided we have enough qubits, and the noise in those qubits is limited,' Dr. Sood said. 'And this is where the entire world is going. Imagine if that happens. None of our transactions will be safe. None. And this is where it is a strategic autonomy issue that quantum technologies have to be developed in our country. So, it is not a choice, it is a must.' While quantum decryption still requires significant scientific leaps, quantum-resistant encryption techniques have already seen significant progress. India's goal under the communications pillar of the NQM is 'ensuring secure quantum communication over 2000 km,' Union Minister for Communications Jyotiraditya Scindia said. Quantum key distribution (QKD), a protocol that requires the distribution of encryption keys across a long distance – a challenging undertaking – has seen progress. Mr. Scindia pointed to a recent deployment of QKD between two cities in Germany, for a distance of 254 km, along existing telecom equipment. 'When you are transmitting the encryption key through photons, there needs to be cryogenically induced mechanisms to keep that system cool to be able to transmit over distances,' Mr. Scindia said. 'But this [deployment in Germany] has been done using traditional optical fibre cables and traditional computers.' Some deployments are already being tested. The Konark Corps of the Indian Army, for instance, said on April 13 that it had successfully demonstrated quantum secure key distribution in 'field conditions' in Jodhpur. Government bodies like the DoT's Telecom Engineering Centre and startups demonstrated their own implementations of quantum-resilient applications at the conclave as well.
Yahoo
07-03-2025
- Yahoo
The best password manager for 2025
Recently, we saw all the ways reused passwords can harm your security posture. The 23andMe attack comes to mind, but generally credential stuffing has been on the rise. Hackers can buy or find your reused passwords to access some of your most sensitive accounts. To prevent yourself from falling victim, password managers can help. They encourage you to have a unique, strong password for each account by removing the burden of memorizing all sorts of different login there are dozens of password managers available now — that's why we tested out nine of the best services available now to help you choose the right one for your needs. 1Password remains our top pick for the best password manager, thanks to its zero-knowledge policy, numerous security features and general ease of use, but there are other top password managers out there to consider as well. Best password managers for 2025 Are password managers safe? Are password managers worth it? How we tested password managers Other password managers we tested Password manager FAQs It seems counterintuitive to store all your sensitive information in one place. One hack could mean you lose it all to an attacker and struggle for months or even years to rebuild your online presence, not to mention you may have to cancel credit cards and other accounts. But most experts in the field agree that password managers are a generally secure and safe way to keep track of your personal data, and the benefits of strong, complex passwords outweigh the possible risks. The mechanics of keeping those passwords safe differs slightly from provider to provider. Generally, you have a lengthy, complex 'master password' that safeguards the rest of your information. In some cases, you might also get a 'security key' to enter when you log in to new devices. This is a random string of letters, numbers and symbols that the company will send you at sign up. Only you know this key, and because it's stored locally on your device or printed out on paper, it's harder for hackers to find. These multiple layers of security make it difficult for an attacker to get into your vault even if your password manager provider experiences a breach. But the company should also follow a few security basics. A 'zero-knowledge' policy means that the company keeps none of your data on file, so in the event of an attack, there's nothing for hackers to find. Regular health reports like pentests and security audits are essential for keeping companies up to par on best practices, and other efforts like bug bounty programs or hosting on an open source website encourage constant vigilance for security flaws. Most password managers now also offer some level of encryption falling under the Advanced Encryption Standard (AES). AES 256-bit is the strongest, because there are the most number of possible combinations, but AES 128-bit or 192-bit are still good. You likely already use a password manager, even if you wouldn't think to call it that. Most phones and web browsers include a log of saved credentials on the device, like the 'passwords' keychain in the settings of an iPhone. That means you've probably seen the benefits of not having to memorize a large number of passwords or even type them out already. While that's a great way in, the downfall of these built-in options are that they tend to be device specific. If you rely on an Apple password manager, for example, that works if you're totally in the Apple ecosystem — but you become limited once you get an Android tablet, Lujo Bauer, professor of electrical and computer engineering, and of computer science, at Carnegie Mellon University, said. If you use different devices for work and personal use and want a secure option for sharing passwords with others, or just don't want to be tied to one brand forever, a third-party password manager is usually worth it. We tested password managers by downloading the apps for each of the nine contenders on iPhone, Android, Safari, Chrome and Firefox. That helped us better understand what platforms each manager was available on, and see how support differs across operating systems and browsers. As we got set up with each, we took note of ease of use and how they iterated on the basic features of autofill and password generators. Nearly all password managers have these features, but some place limits on how much you can store while others give more control over creating easy-to-type yet complex passwords. From there, we looked at extra features like data-breach monitoring to understand which managers offered the most for your money. Finally, we reviewed publicly available information about security specs for each. This includes LastPass, which more experts are shying away from recommending after the recent breach. For the sake of this review, we've decided not to recommend LastPass at this time as fallout from the breach still comes to light (The company disclosed a second incident earlier in 2024 where an unauthorized attack accessed the company's cloud storage, including sensitive data. Since then, hackers have stolen more than $4.4 million in cryptocurrency using private keys and other information stored in LastPass vaults.) These are the password managers we tested: 1Password LastPass Bitwarden Dashlane Keeper NordPass Enpass Norton password manager LogMeOnce For a while, security experts considered LastPass a solid choice for a password manager. It's easy to use, has a slew of helpful extra features and its free version gives you a lot. But we decided not to include LastPass in our top picks because of the high profile data breaches it has experienced over the past couple of years. Keeper met a lot of the basic criteria we tested for, like autofill options and cross-platform availability. We liked its family plan options, too, that can keep your whole household secure. There's even a self-destruct feature that deletes local data after five incorrect login attempts, should your device be lost or stolen (the cloud-based data remains untouched). But we didn't think its extra features, like the encrypted messaging app, added much value. Enpass works well as an affordable password manager. That includes an inflation-beating 'lifetime' access pass instead of a monthly payment for users really committed to the service. Still, it was confusing to set up across devices and because Enpass stores data locally, as opposed to in the cloud, we struggled to get started with it on mobile. A familiar name in security, we were excited to test out Norton's password manager. While it's free, its features seem underdeveloped. It lacked password sharing, account recovery and complex form-filing tools that come standard in many of the other password managers we tested. LogMeOnce comes with a wide range of premium tiers, from professional to family, that include different levels of storage and features. But when we tested, it lacked some basic cross-platform availability that other password managers had already, like compatibility with Mac and Safari. Using a password manager can enhance your online security. They store all of your complex passwords and autofill them as needed, so that you can have unique, good passwords across the web without remembering each of them yourself. In many cases, unique passwords are your first defense against attack, and a reliable manager makes it easier to keep track of them all. Password managers are a secure way to store your credentials. Experts in the field generally agree that the benefits of accessibility when storing complex passwords outweigh the possibility of attack, like what happened with LastPass. But with any service, it can vary from provider to provider. You should look out for zero-knowledge policies, regular security audits, pentests, bug bounty programs and encryption when choosing the right secure password manager for you. Think of password managers like virtual safe deposit boxes. They hold your valuables, in this case usually online credentials, in a section of the vault only accessible to you by security key or a master password. Most of these services have autofill features that make it convenient to log in to any site without needing to remember every password you have, and they keep your credit card information close for impulse purchases. But given that passwords are one of the top ways to keep your online identity secure, the real value of password managers is staying safe online. 'It's just not possible without a password manager to have unique, long and hard-to-guess passwords,' Florian Schaub, an associate professor of information and of electrical engineering and computer science at the University of Michigan, said. Common guidance states that secure passwords should be unique, with the longest number of characters allowed and uppercase letters, lowercase letters, numbers and special characters. This is the exact opposite of using one password everywhere, with minor variations depending on a site's requirements. Think of how many online accounts and sites you have credentials for — it's an impossible task to remember it all without somewhere to store passwords safely (especially in instances when you need to create a new password for any given account). Password managers are more readily accessible and offer the benefit of filling in those long passwords for you. Given their universal benefit, pretty much everyone could use a password manager. They're not just for the tech-savvy people or businesses anymore because so much sensitive information ends up online behind passwords, from our bank accounts to our Netflix watch history. That's the other perk of password managers: safe password sharing. Families, friends or roommates can use them to safely access joint accounts. Texting a password to someone isn't secure, and you can help your family break the habit by starting to use one yourself, Lisa Plaggemier, executive director at National Cyber Security Alliance, said. Streaming is the obvious use case, but consider the shared bills, file storage and other sites you share access with the people around you as well. Forgetting a master password won't necessarily lock you out for good, but the recovery process varies from provider to provider. Some services give you a 'security key' at sign up to enter when you log into new devices. It can also be used to securely recover your account because it's a random string of keys stored locally that only you have access to. Other services, however, have no way to recover your vault. So creating a master password that you won't forget is important. A good master password should be unique, with the longest number of characters allowed and uppercase letters, lowercase letters, numbers and special characters. Experts often recommended thinking of it like a 'passphrase' instead of a 'password' to make it easier to remember. For example, you can take a sentence like 'My name is Bob Smith' and change it to 'Myn@m3isB0b5m!th' to turn it into a secure master password that you won't forget. A passkey is a sort of digital identification that's interlocked to your account on a given app or website. While that sounds like a password, there's an important distinction: Passkeys are bilateral authenticators that have two separate components: a private key stored locally on your device and a public key belonging to the website or application. When logging in with a passkey, these two keys pair and give you access to your account. You can read more about passwords versus passkeys here. Update, October 28 2024, 5:15PM ET: This story has been updated to note that Keeper's "self-destruct" security feature only deletes local content when engaged, but maintains data on a subscriber's cloud-based account.
