Encryption Could Make You More Vulnerable

narramissic writes "It sounds like a headline straight out of The Onion, but security researchers from IBM Internet Security Systems, Juniper, nCipher and elsewhere are warning that the use of data encryption could make organizations vulnerable to new risks and threats. There is potential for 'A new class of DoS attack,' says Richard Moulds, nCipher's product strategy EVP. 'If you can go in and revoke a key and then demand a ransom, it's a fantastic way of attacking a business.'"

It's not so much 'more vulnerable'

[KublaiKhan]

I'd call it 'differently vulnerable' rather than 'more vulnerable'--all things come with inherent risks, and the risks of any particular action must be weighed against the rewards thereof.

Encryption is necessary for many businesses, and if such attacks are truly a worry, they should be addressed in the same manner as any other risk.

Re:It's not so much 'more vulnerable'

[AndGodSed]

Yes, but splashing "MORE VULNERABLE" on a headline preys better on the fears of the uninformed than "DIFFERENTLY VULNERABLE"

We all know headlines exist solely to generate traffic...

Hmm

[moogied]

This sounds more like a problem in the encryption SYSTEM. Its kind of like saying "Encryption makes you weaker because your more likely to use passwords. Which can be brute forced!"

Mission option for every security discussion

[wsanders]

5) Buy our stuff!

Really, I've never seen a setup where stealing ONE (or a few) keys could result in a situation where a whole enterprise gets shut down for ransom.

More likely, consider the situation where only two guys have the password to the domain name registrar's account, they get laid off, and a year later some one realizes the company domain expires in two days. Before anyone figures out how to renew it, it's in the hands of a pr0n site. There's your missing/lost key scenario, happens all the time.