Category Archives: Cloud

Feds Want Apple’s Help to Defeat Encrypted Phones, New Legal Case Shows

OAKLAND, CA—Newly discovered court documents from two federal criminal cases in New York and California that remain otherwise sealed suggest that the Department of Justice (DOJ) is pursuing an unusual legal strategy to compel cellphone makers to assist investigations.

In both cases, the seized phones—one of which is an iPhone 5S—are encrypted and cannot be cracked by federal authorities. Prosecutors have now invoked the All Writs Act, an 18th-century federal law that simply allows courts to issue a writ, or order, which compels a person or company to do something.

Some legal experts are concerned that these rarely made public examples of the lengths the government is willing to go in defeating encrypted phones raise new questions as to how far the government can compel a private company to aid a criminal investigation.

Read 33 remaining paragraphs | Comments

Bits Blog: What Cloud Computing Means to Your Job

The next big technology migration will change how workplaces are organized. Bad news, middle managers: You’re going to get less important.

Google’s Project Loon Woos Telecom Giants

Some telecom analysts view Project Loon, Google’s effort to beam Internet signals from high-altitude balloons, as a threat to incumbent carriers. But Google wants to partner rather than compete, and some large wireless players have stepped forward.

Amazon Moves to Extend Cloud-Computing Dominance

Amazon Web Services already has the largest share of the worldwide cloud-computing market, and is looking for ways to expand the range of services it offers.

Crypto attack that hijacked Windows Update goes mainstream in Amazon Cloud

Underscoring just how broken the widely used MD5 hashing algorithm is, a software engineer racked up just 65 cents in computing fees to replicate the type of attack a powerful nation-state used in 2012 to hijack Microsoft’s Windows Update mechanism.

Nathaniel McHugh ran open source software known as HashClash to modify two separate images—one of them depicting funk legend James Brown and the other R&B singer/songwriter Barry White—that generate precisely the same MD5 hash, e06723d4961a0a3f950e7786f3766338. The exercise—known in cryptographic circles as a hash collision—took just 10 hours and cost only 65 cents plus tax to complete using a GPU instance on Amazon Web Service. In 2007, cryptography expert and HashClash creator Marc Stevens estimated it would require about one day to complete an MD5 collision using a cluster of PlayStation 3 consoles.

The MD5 hash for this picture—e06723d4961a0a3f950e7786f3766338—is precisely the same for the one below. Such “collisions” are a fatal flaw for hashing algorithms and can lead to disastrous attacks.

The practical ability to create two separate inputs that generate the same hash is a fundamental flaw that makes MD5 unsuitable for most purposes. (The exception is password hashing. Single iteration MD5 hashing is horrible for passwords but for an entirely different reason that is outside the scope of this post.) The susceptibility to collisions can have disastrous consequences, potentially for huge swaths of the Internet.

Read 4 remaining paragraphs | Comments

Facebook Government Requests Up 24%

Requests by governments for Facebook’s user data are up by nearly a quarter in the first half of the year compared to the previous six months.

Domino’s Becomes A Tech Company That Happens To Make Pizza

Advancements in online and mobile orders have become key ingredients for the company’s recent success. Domino’s innovations include an online pizza tracker and a voice-ordering app.

» E-Mail This

UK Spy Chief, Parroting His US Counterparts, Calls for Crypto Backdoors

GCHQ building at Cheltenham, Gloucestershire.

UK Ministry of Defence

Writing that “privacy has never been an absolute right,” Robert Hannigan, the head of British spy agency GCHG, urged the US tech sector to assist the fight against terrorism and other crimes by opening up their proprietary networks to government authorities.

Hannigan

GCHQ

Hannigan, in a Financial Times editorial on Monday, suggested that “technology companies are in denial” over the Internet’s use “to facilitate murder or child abuse.” He wrote that the time was ripe for “addressing some uncomfortable truths” and went on to say the public wouldn’t mind if technology companies gave governments backdoor access either.

They do not want the media platforms they use with their friends and families to facilitate murder or child abuse. They know the Internet grew out of the values of western democracy, not vice versa. I think those customers would be comfortable with a better, more sustainable relationship between the agencies and the technology companies.

“Better do it now than in the aftermath of greater violence,” Hannigan added.

Hannigan’s opinion piece follows similar comments by FBI Director James Comey and US Attorney General Eric Holder. And a day after Hannigan’s comments, the Electronic Frontier Foundation of San Francisco released a “Secure Messaging Scorecard” that rated which messaging technologies are “truly safe and secure.”

Read 7 remaining paragraphs | Comments

Online Drug Dealers Are Now Accepting Darkcoin, Bitcoin’s Stealthier Cousin

Darkcoin, bitcoin’s more anonymous cousin, is increasingly being used for online drug deals. Ironically, this could actually help take it mainstream.

The post Online Drug Dealers Are Now Accepting Darkcoin, Bitcoin’s Stealthier Cousin appeared first on WIRED.

RemoteIE gives free access to Internet Explorer VMs without the VM

For some time now, Microsoft has offered free Windows virtual machine images to make it easier for Web developers to test their work in a bunch of different Internet Explorer versions. A new beta scheme launched today takes that one step further: with RemoteIE, devs don’t even need to download and run the virtual machine. Microsoft will run the VMs instead, using its Azure RemoteApp service to provide remote access.

Access to the remote Internet Explorer is provided through the RemoteApp client. This is a close relative of the regular Windows Remote Desktop app, and like the Remote Desktop app, it’s available on a number of platforms; not just Windows and OS X, but also iOS, and Android.

With RemoteIE, developers have full access to Internet Explorer and all its features, albeit only with software-mode WebGL. F12 developer tools are available, though there’s no ability to install add-ons or extensions to the remote browser. Sessions are limited to 60 minutes presently and will disconnect after 10 minutes of inactivity.

Read 1 remaining paragraphs | Comments

India’s ‘Uber’ For Auto-Rickshaws

How mobile apps are taming India’s “autos”

Chinese Government Launches Man-in-Middle Attack Against iCloud

A screen capture shows the warning of a fake iCloud.com certificate—signed by an official Chinese certificate authority.

GreatFire.org

GreatFire.org, a group that monitors censorship by the Chinese government’s national firewall system (often referred to as the “Great Firewall”), reports that China is using the system as part of a man-in-the-middle (MITM) attack on users of Apple’s iCloud service within the country. The attacks come as Apple begins the official rollout of the iPhone 6 and 6 Plus on the Chinese mainland.

The attack, which uses a fake certificate and Domain Name Service address for the iCloud service, is affecting users nationwide in China. The GreatFire.org team speculates that the attack is an effort to help the government circumvent the improved security features of the new phones by compromising their iCloud credentials and allowing the government to gain access to cloud-stored content such as phone backups.

Chinese iCloud users attempting to log in with Firefox and Chrome browsers would have been alerted to the fraudulent certificate. However, those using Mac OS X’s built-in iCloud login or another browser may not have been aware of the rerouting, and their iCloud credentials would have been immediately compromised. Using two-step verification would prevent the hijacking of compromised accounts.