This report first appeared on CyberScoop.
Federal workers and the public in general might be mistaken about the security of .zip files, Sen. Ron Wyden says, and he’s asking the National Institute of Standards and Technology to issue guidance on the best way to send sensitive files over the internet.
“Many people incorrectly believe password-protected .zip files can protect sensitive data. Indeed, many password-protected .zip files can be easily broken with off-the-shelf hacking tools,” the Oregon Democrat writes in a letter obtained by CyberScoop. “This is because many of the software programs that create .zip files use weak encryption algorithms by default.”
Part of Wyden’s concerns stem from the fact that although there are two common types of encryption options available for .zip files, people may be using the weaker option without realizing it. Those files are more vulnerable to password crackers, Wyden says, such as Advanced Archive Password Recovery.
“Given the ongoing threat of cyber attacks by foreign state actors and high-profile data breaches, this is a potentially catastrophic national security problem that needs to be fixed,” Wyden writes to NIST Director Walter G. Copan. NIST cybersecurity guidance — whether issued specifically for federal networks or the public in general — is highly influential, so any action by the agency would potentially have an effect on security practices nationwide.
“The government must ensure that federal workers have the tools and training they need to safely share sensitive data,” Wyden writes.
Read more at CyberScoop.com.