Tech

With help from NIST, Sen. Wyden wants us to be smarter about .zip files

June 19, 2019

Sen. Ron Wyden, D-Ore., speaks at a New America event in April 2018.

This report first appeared on CyberScoop.

Federal workers and the public in general might be mistaken about the security of .zip files, Sen. Ron Wyden says, and he’s asking the National Institute of Standards and Technology to issue guidance on the best way to send sensitive files over the internet.

“Many people incorrectly believe password-protected .zip files can protect sensitive data. Indeed, many password-protected .zip files can be easily broken with off-the-shelf hacking tools,” the Oregon Democrat writes in a letter obtained by CyberScoop. “This is because many of the software programs that create .zip files use weak encryption algorithms by default.”

Part of Wyden’s concerns stem from the fact that although there are two common types of encryption options available for .zip files, people may be using the weaker option without realizing it. Those files are more vulnerable to password crackers, Wyden says, such as Advanced Archive Password Recovery.

“Given the ongoing threat of cyber attacks by foreign state actors and high-profile data breaches, this is a potentially catastrophic national security problem that needs to be fixed,” Wyden writes to NIST Director Walter G. Copan. NIST cybersecurity guidance — whether issued specifically for federal networks or the public in general — is highly influential, so any action by the agency would potentially have an effect on security practices nationwide.

“The government must ensure that federal workers have the tools and training they need to safely share sensitive data,” Wyden writes.

With help from NIST, Sen. Wyden wants us to be smarter about .zip files

More Like This

Bipartisan Senate bill aims to ban U.S. agency purchases of counterfeit electronics

How the IRS’s ‘cautious’ approach with Direct File prevented its ‘failure’

White House to require increased cybersecurity protocols for R&D institutions

Top Stories

FedRAMP ‘undeniably’ in state of limbo without final OMB modernization guidance, Rep. Connolly says

VA awards AI tech sprint winners pilot contracts for ambient medical transcription services

Social Security Administration transitioning long-time users to Login.gov

Energy Department’s national labs get AI boost in bipartisan Senate bill

GSA begins FedRAMP pilot to change request process

Chevron’s downfall highlights need for clear artificial intelligence laws

More Scoops

NIST wants help with guide for restoring industrial control systems after cyberattacks

DHS releases roadmap to post-quantum cryptography

New guidelines from NIST on how to avoid cyberattacks from a nation-state

NIST drops ‘federal’ from cyber controls guidance

How Cisco is helping agencies wrap their arms around the NIST framework

The case for multi-factor authentication in NIST’s cyber framework

NIST asks for help with quantum-proof crypto

Latest Podcasts

The VA extends its EHR contract with Oracle Center for another 11 months.

Leveraging AI to modernize government IT systems

The Coast Guard’s AI chief takes a new role focused on the 2024 presidential transition

How AI and cloud technologies can enable innovation and improve citizen experiences

Tech

Defense

Cyber

FedScoop TV