The Untold Story of the Man That Made Mainstream Encryption Possible

from One Zero Bailey Whitfield Diffie, born June 5, 1944, was always an independent sort. As one early friend remarked, “The kid had an alternative lifestyle at age five.” Diffie didn’t read until he was 10 years old. There was no question of disability, he simply preferred that his parents read to him, which seemingly they did, quite patiently. Finally, in the fifth grade, Diffie spontaneously worked his way through a tome called The Space Cat, and immediately progressed to the Oz books. Later that year his teacher at P.S. 178 — “Her name was Mary Collins and if she […]

Continue reading

Signal Is Finally Bringing Its Secure Messaging to the Masses

from Wired Last month, the cryptographer and coder known as Moxie Marlinspike was getting settled on an airplane when his seatmate, a Midwestern-looking man in his sixties, asked for help. He couldn’t figure out how to enable airplane mode on his aging Android phone. But when Marlinspike saw the screen, he wondered for a moment if he was being trolled: Among just a handful of apps installed on the phone was Signal. Marlinspike launched Signal, widely considered the world’s most secure end-to-end encrypted messaging app, nearly five years ago, and today heads the nonprofit Signal Foundation that maintains it. But […]

Continue reading

New Ransomware Doesn’t Just Encrypt Data. It Also Meddles With Critical Infrastructure

from ars technica Over the past five years, ransomware has emerged as a vexing menace that has shut down factories, hospitals, and local municipalities and school districts around the world. In recent months, researchers have caught ransomware doing something that’s potentially more sinister: intentionally tampering with industrial control systems that dams, electric grids, and gas refineries rely on to keep equipment running safely. A ransomware strain discovered last month and dubbed Ekans contains the usual routines for disabling data backups and mass-encrypting files on infected systems. But researchers at security firm Dragos found something else that has the potential to […]

Continue reading

Encrypted DNS Could Help Close the Biggest Privacy Gap on the Internet. Why Are Some Groups Fighting Against It?

from EFF Thanks to the success of projects like Let’s Encrypt and recent UX changes in the browsers, most page-loads are now encrypted with TLS. But DNS, the system that looks up a site’s IP address when you type the site’s name into your browser, remains unprotected by encryption. Because of this, anyone along the path from your network to your DNS resolver (where domain names are converted to IP addresses) can collect information about which sites you visit. This means that certain eavesdroppers can still profile your online activity by making a list of sites you visited, or a […]

Continue reading

Don’t Connect to a Public Wi-Fi Network Anywhere You Wouldn’t Go Barefoot

from New America Weekly We’ve all done it. Maybe because of work pressures—you need to catch a plane but are also pushing toward a deadline. Maybe out of sheer boredom—your flight is delayed yet another hour and there is really only so much time you can spend at the airport bar before noon. Whatever the reason, we’ve all been there—stuck in the airport, looking at a list of little Wi-Fi signals, some without the lock next to them, wondering … it couldn’t hurt, could it? Just this once? Of course, airports aren’t the only place with skeezy Wi-Fi. Coffee shops, […]

Continue reading

Microsoft’s Top Lawyer Becomes a Civil Rights Crusader

from MIT Technology Review When Apple CEO Tim Cook refused to help the FBI get into a mass murderer’s iPhone last winter, he was hailed for his boldness in fighting the government on a matter of principle. In fact, Cook was borrowing from the playbook of a top executive at Apple’s dowdier rival Microsoft—a genial, sandy-haired man named Brad Smith. Smith has taken the government to court four times in the past three years, each time accusing it of breaching the Constitution in its efforts to get its hands on Microsoft customers’ data. He believes computers and the Internet have weakened […]

Continue reading

Apple’s Security Debate is Everyone’s Problem (Including Yours)

from Note to Self The debate over whether the government can access your phone is here. Hello! You’ve probably been following along, but in case you need the tl;dr: The debate revved up last month when the FBI asked Apple to hack into a locked iPhone associated with one of the gunmen from the San Bernardino massacre last December. Since then, the conversation has evolved into a national debate over what the government should (and shouldn’t) be allowed to access. The conversation has officially moved outside the realm of tech and the government. With 90 percent of American adults owning a cell phone, the issue is hitting a […]

Continue reading

Forget Apple vs. the FBI: WhatsApp Just Switched on Encryption for a Billion People

from Wired FOR MOST OF the past six weeks, the biggest story out of Silicon Valley was Apple’s battle with the FBI over a federal order to unlock the iPhone of a mass shooter. The company’s refusal touched off a searing debate over privacy and security in the digital age. But this morning, at a small office in Mountain View, California, three guys made the scope of that enormous debate look kinda small.  Mountain View is home to WhatsApp, an online messaging service now owned by tech giant Facebook, that has grown into one of the world’s most important applications. More than a billion people trade […]

Continue reading

John Oliver Explains Why iPhone Encryption Debate Is No Joking Matter

from ars technica The FBI’s legal showdown with Apple over iPhone security has spilled into just about every facet of popular culture, from endless news coverage to Congressional hearings and even to comments from President Obama. On Sunday, it got treatment from comedian John Oliver, whose weekly HBO series Last Week Tonight does a better job than most news shows covering the important news stories of the day. In an 18-minute segment, Oliver brought the stakes of the fight front and center and explained in some of the most concrete terms yet why—contrary to the repeated claims of the Obama […]

Continue reading

The 5 Biggest Reveals From Apple’s Motion To Dismiss The FBI’s Court Order

from Macworld On Thursday, Apple filed a motion to vacate the court order compelling the company to create a hackable version of iOS that the FBI can use to break into the iPhone of San Bernardino shooter Syed Farook. In the filing, Apple’s main argument is that its software is protected speech, and that the government’s motion for Apple to fabricate software that contradicts its beliefs is a violation of its First and Fifth Amendment rights. We read through the 65-page filing, and spotted the following revelations.  More here.

Continue reading

The Apple Case Will Grope Its Way Into Your Future

from NYTs To understand what’s at stake in the battle between Apple and the F.B.I. over cracking open a terrorist’s smartphone, it helps to be able to predict the future of the tech industry. For that, here’s one bet you’ll never lose money on: Digital technology always grows hungrier for more personal information, and we users nearly always accede to its demands. Today’s smartphones hold a lot of personal data — your correspondence, your photos, your location, your dignity. But tomorrow’s devices, many of which are already around in rudimentary forms, will hold a lot more. Consider all the technologies we think […]

Continue reading

Apple’s FBI Battle is Complicated. Here’s What’s Really Going On.

From Wired The news this week that a magistrate ordered Apple to help the FBI hack an iPhone used by one of the San Bernardino shooter suspects has polarized the nation—and also generated some misinformation. Those who support the government say Apple has cooperated in the past to unlock dozens of phones in other cases—so why can’t it help the FBI unlock this one? But this isn’t about unlocking a phone; rather, it’s about ordering Apple to create a new software tool to eliminate specific security protections the company built into its phone software to protect customer data. Opponents of […]

Continue reading

Worldwide Encryption Products Survey

from Schneier on Security The findings of this survey identified 619 entities that sell encryption products. Of those 412, or two-thirds, are outside the U.S.-calling into question the efficacy of any US mandates forcing backdoors for law-enforcement access. It also showed that anyone who wants to avoid US surveillance has over 567 competing products to choose from. These foreign products offer a wide variety of secure applications­ — voice encryption, text message encryption, file encryption, network-traffic encryption, anonymous currency­ — providing the same levels of security as US products do today. More here.

Continue reading

Tim Cook Says Apple Will Fight Us Gov’t Over Court-Ordered Iphone Backdoor

from ars technica Apple chief Tim Cook has attacked the recent court order that compels Apple to unlock and decrypt the San Bernardino gunman’s iPhone. “Opposing this order is not something we take lightly. We feel we must speak up in the face of what we see as an overreach by the US government,” says an open letter published by Cook early this morning. Late yesterday, a federal judge in California ordered Apple to help the US government (the FBI) unlock and decrypt the iPhone 5C belonging to Syed Rizwan Farook, who shot up an office party in San Bernardino in December 2015. In the past, […]

Continue reading

No Business Too Small to Be Hacked

from NYTs Just as the holiday shopping season neared, a toy company, Rokenbok Education, was navigating a nightmare situation: Its database files had been infected by malware. Online criminals had encrypted company files, making them unusable, and were demanding a hefty ransom to unlock the data. Rokenbok, a California-based company that uses building blocks and even robotics to teach children how to think like engineers, lost thousands of dollars in sales in two days. Rokenbok’s founder and executive director, Paul Eichen, was already struggling to adapt his seven-employee company to a fast-changing toy world. Even worse, the malware attack was not […]

Continue reading

Why Are Digital-Privacy Apps So Hard to Use?

from The Atlantic Unless two people are in the same room, it’s hard for them to communicate information securely. Phone calls, emails, and text messages could be open to eavesdropping from governments, companies, or hackers—and even paper mail is subject to tracking. Truly private online communications have been available for some time, but most require a high level of technology know-how. Those uncomfortable setting up a PGP key to encrypt their emails, for example, have for decades been left without an option to communicate securely. But since Edward Snowden’s trove of leaked government documents revealed the extent of the National Security Agency’s […]

Continue reading

How The NSA Can Break Trillions Of Encrypted Web And VPN Connections

from ars technica For years, privacy advocates have pushed developers of websites, virtual private network apps, and other cryptographic software to adopt the Diffie-Hellman cryptographic key exchange as a defense against surveillance from the US National Security Agency and other state-sponsored spies. Now, researchers are renewing their warning that a serious flaw in the way the key exchange is implemented is allowing the NSA to break and eavesdrop on trillions of encrypted connections. The cost for adversaries is by no means modest. For commonly used 1024-bit keys, it would take about a year and cost a “few hundred million dollars” to crack […]

Continue reading

Obama Administration Won’t Seek Encryption-Backdoor Legislation

from ars technica FBI Director James Comey told a congressional panel that the Obama administration won’t ask Congress for legislation requiring the tech sector to install backdoors into their products so the authorities can access encrypted data. Comey said the administration for now will continue lobbying private industry to create backdoors to allow the authorities to open up locked devices to investigate criminal cases and terrorism. “The administration has decided not to seek a legislative remedy now, but it makes sense to continue the conversations with industry,” Comey told a Senate panel of the Homeland Security and Governmental Affairs Committee on Thursday. Comey’s […]

Continue reading

Phone And Laptop Encryption Guide: Protect Your Stuff And Yourself

from ars technica The worst thing about having a phone or laptop stolen isn’t necessarily the loss of the physical object itself, though there’s no question that that part sucks. It’s the amount of damage control you have to do afterward. Calling your phone company to get SIMs deactivated, changing all of your account passwords, and maybe even canceling credit cards are all good ideas, and they’re just the tip of the iceberg. Using strong PINs or passwords and various Find My Phone features is a good place to start if you’d like to limit the amount of cleanup you […]

Continue reading

Secure Messaging Scorecard

From EFF In the face of widespread Internet surveillance, we need a secure and practical means of talking to each other from our phones and computers. Many companies offer “secure messaging” products—but are these systems actually secure? We decided to find out, in the first phase of a new EFF Campaign for Secure & Usable Crypto. This scorecard represents only the first phase of the campaign. In later phases, we are planning to offer closer examinations of the usability and security of the tools that score the highest here. As such, the results in the scorecard below should not be […]

Continue reading