Category Archives: Encryption

UK Spy Chief, Parroting His US Counterparts, Calls for Crypto Backdoors

GCHQ building at Cheltenham, Gloucestershire.

Writing that “privacy has never been an absolute right,” Robert Hannigan, the head of British spy agency GCHG, urged the US tech sector to assist the fight against terrorism and other crimes by opening up their proprietary networks to government authorities.

Hannigan

GCHQ

Hannigan, in a Financial Times editorial on Monday, suggested that “technology companies are in denial” over the Internet’s use “to facilitate murder or child abuse.” He wrote that the time was ripe for “addressing some uncomfortable truths” and went on to say the public wouldn’t mind if technology companies gave governments backdoor access either.

They do not want the media platforms they use with their friends and families to facilitate murder or child abuse. They know the Internet grew out of the values of western democracy, not vice versa. I think those customers would be comfortable with a better, more sustainable relationship between the agencies and the technology companies.

“Better do it now than in the aftermath of greater violence,” Hannigan added.

Hannigan’s opinion piece follows similar comments by FBI Director James Comey and US Attorney General Eric Holder. And a day after Hannigan’s comments, the Electronic Frontier Foundation of San Francisco released a “Secure Messaging Scorecard” that rated which messaging technologies are “truly safe and secure.”

Read 7 remaining paragraphs | Comments

Online Drug Dealers Are Now Accepting Darkcoin, Bitcoin’s Stealthier Cousin

Darkcoin, bitcoin’s more anonymous cousin, is increasingly being used for online drug deals. Ironically, this could actually help take it mainstream.

The post Online Drug Dealers Are Now Accepting Darkcoin, Bitcoin’s Stealthier Cousin appeared first on WIRED.

Hacker Lexicon: What Is Homomorphic Encryption?

Homomorphic encryption is a method for securing data whose inventor just won the MacArthur Genius Award. It could make sensitive information more secure, but it’s incredibly difficult.

The post Hacker Lexicon: What Is Homomorphic Encryption? appeared first on WIRED.

Latest Android Encrypted by Default, Adds “Smart” Device Locking

The latest version of the Android operating system, Lollipop, adds encryption by default, along with a variety of easy-to-use ways to lock and unlock the phone and a more secure foundation to help protect devices against current threats.

In a blog post published on Tuesday, Google described the features, which will begin shipping with the Lollipop operating system in new Android devices in the coming weeks. While some of the capabilities, such as encryption, are already included in the current Android OS, the new version will turn them on by default.

Many of the security features were born of Android’s open-source foundations and the fact that other researchers and companies can create and test new security features for the operating system, Adrian Ludwig, lead security engineer for Android at Google, said during a briefing on the security features.

Read 11 remaining paragraphs | Comments

VIDEO: Keyless cars ‘targeted by thieves’

Organised criminal gangs are increasingly targeting high-end cars with keyless security systems, a UK motoring industry group has warned.

Kickstarter Freezes Anonabox Privacy Router Project for Misleading Funders

On Friday afternoon Kickstarter suspended the crowdfunding campaign for Anonabox, an initiative to sell a tiny, $45 router that would run all the user’s online traffic over the anonymity network Tor.

The post Kickstarter Freezes Anonabox Privacy Router Project for Misleading Funders appeared first on WIRED.

Privacy Advocates Don’t Buy FBI’s Warning About Encryption Practices

FBI Director James Comey used his first major policy address to warn that new encryption techniques could lock out law enforcement trying to solve crimes. He wants a back door into smartphones.

» E-Mail This

Privacy Router Anonabox Gets $600K in Crowdfunding—And Huge Backlash

The Tor-enabled router project known as Anonabox successfully tapped into thousands of Internet users’ desire for simpler privacy tech. Unfortunately, it wasn’t ready for the scrutiny that success brought with it.

The post Privacy Router Anonabox Gets $600K in Crowdfunding—And Huge Backlash appeared first on WIRED.

Laura Poitras on the Crypto Tools That Made Her Snowden Film Possible

As a journalist, Laura Poitras was the quiet mastermind behind the publication of Edward Snowden’s unprecedented NSA leak. As a filmmaker, her new movie Citizenfour makes clear she’s one of the most important directors working in documentary today. And when it comes to security technology, she’s a serious geek.

The post Laura Poitras on the Crypto Tools That Made Her Snowden Film Possible appeared first on WIRED.

The Secure Smartphone that Won’t Get You Beaten with Rubber Hoses

Interest in secure communications is at an all time high, with many concerned about spying by both governments and corporations. This concern has stimulated developments such as the Blackphone, a custom-designed handset running a forked version of Android that’s built with security in mind.

But the Blackphone has a problem. The mere fact of holding one in your hand advertises to the world that you’re using a Blackphone. That might not be a big problem for people who can safely be assumed to have access to sensitive information—politicians, security contractors, say—but if you’re a journalist investigating your own corrupt government or a dissident fearful of arrest, the Blackphone is a really bad idea. Using such a phone is advertising that you have sensitive material that you’re trying to keep secret and is an invitation to break out the rubber hoses.

That’s what led a team of security researchers to develop DarkMatter, unveiled today at the Hack In The Box security conference in Kuala Lumpur. DarkMatter is a secure Android fork, but unlike Blackphone and its custom hardware, DarkMatter is a secure Android that runs on regular Android phones (including the Galaxy S4 and Nexus 5) and which, at first glance, looks just like it’s stock Android. The special sauce of DarkMatter is secure encrypted storage that selected apps can transparently access. If the firmware believes it’s under attack, the secure storage will be silently dismounted, and the phone will appear, to all intents and purposes, to be a regular non-secure device.

Read 9 remaining paragraphs | Comments

SSL broken, again, in POODLE attack

Poodle Gothic Redux by Amanda Wray

From the researchers that brought you BEAST and CRIME comes another attack against Secure Sockets Layer (SSL), one of the protocols that’s used to secure Internet traffic from eavesdroppers both government and criminal.

Calling the new attack POODLE—that’s “Padding Oracle On Downgraded Legacy Encryption”—the attack allows a man-in-the-middle, such as a malicious Wi-Fi hotspot or a compromised ISP, to extract data from secure HTTP connections. This in turn could let that attacker do things such as access online banking or e-mail systems. The flaw was documented by Bodo Möller, Thai Duong, and Krzysztof Kotowicz, all of whom work at Google. Thai Duong, working with Juliano Rizzo, described the similar BEAST attack in 2011 and the CRIME attack in 2012.

The attack depends on the fact that most Web servers and Web browsers allow the use of the ancient SSL version 3 protocol to secure their communications. Although SSL has been superseded by Transport Layer Security, it’s still widely supported on both servers and clients alike and is still required for compatibility with Internet Explorer 6. SSLv3, unlike TLS 1.0 or newer, omits validation of certain pieces of data that accompany each message. Attackers can use this weakness to decipher an individual byte and time of the encrypted data, and in so doing, extract the plain text of the message byte by byte.

Read 8 remaining paragraphs | Comments

Apple Says iOS Encryption Protects Privacy; FBI Raises Crime Fears

Apple says its new operating system for the iPhone features encryption so secure that not even Apple has the key to it. But the FBI warns that the software could limit its ability to fight crime.

» E-Mail This

Apple’s iPhone Encryption Is a Godsend, Even if Cops Hate It

It took the upheaval of the Edward Snowden revelations to make clear to everyone that we need protection from snooping, governmental and otherwise. Snowden illustrated the capabilities of determined spies, and said what security experts have preached for years: Strong encryption of our data is a basic necessity, not a luxury.

The post Apple’s iPhone Encryption Is a Godsend, Even if Cops Hate It appeared first on WIRED.