An anonymous reader writes from a report via PC Magazine: Following the recent vulnerabilities in Tor, researchers at MIT's Computer Science and Artificial Intelligence Laboratory and the Ecole Polytechnique Federale de Lausanne have been working on a new anonymity network that they say is more secure than Tor. While the researchers are planning to present their new system, dubbed Riffle, at the Privacy Enhancing Technologies Symposium later this month, they did say the system uses existing cryptographic techniques, but in new ways. A series of servers are what make up Riffle, each of which "permutes the order in which it receives messages before passing them on to the next," according to a news release. "For instance, messages from senders Alice, Bob, and Carol reach the first server in the order A, B, C, that server would send them to the second server in a different order -- say C, B, A. The second server would permute them before sending them to the third, and so on." Nobody would know which was which by the time they exited the last server. Both Tor and MIT's anonymity network use onion encryption. Riffle uses a technique called verifiable shuffle in addition to onion encryption to thwart tampering and prevent adversaries from infiltrating servers with their own code. Last but not least, it uses authentication encryption to verify the authenticity of an encrypted message. The researchers say their system provides strong security while using bandwidth much more efficiently than similar solutions.

An anonymous Slashdot reader writes: "The TPP is simply bad for tech users and innovators," writes the Electronic Frontier Foundation, arguing the proposed trade agreement for the Pacific Rim "exports the most onerous parts of U.S. copyright law and prevents the U.S. from improving them in the future, while failing to include the balancing provisions that work for users and innovators, such as fair use." At a press conference, the EFF delivered 210,000 signatures gathered in conjunction with other activist groups "to call on Democratic Party Leader Nancy Pelosi to stop the Trans-Pacific Partnership from going to a vote during the 'lame duck' session of Congress following the November election."

More signatures are still being collected online, to be delivered on July 21. In a statement, the EFF adds that the TPP also "does nothing to safeguard the free and open Internet, by including phony provisions on net neutrality and encryption, trade secrets provisions that carry no exceptions for journalism or whistleblowing, and a simplistic ban on data localization...to buy off big tech."

Reader wiredmikey writes: Facebook announced Friday it would roll out optional "end to end encryption" for its Messenger application, following a trend aimed at stronger security and protection against snooping. The new feature will be known as "secret conversations" which can be read only by the sender and recipient. Facebook shared technical details about its implementation of the security in a technical white paper (PDF). Facebook earlier this year began implementing this end-to-end encryption on its WhatsApp messaging service.ZDNet's Zack Whittaker, however, warns about a catch in Facebook's effort. He writes: But already the company has faced some criticism for not encrypting messages by default, instead making the service opt-in, like Apple's iMessage, or even Facebook's other chat app, WhatsApp, which recently switched on default end-to-end encryption earlier this year. Cryptographer and Johns Hopkins professor Matthew Green, who reviewed an early version of the system, said in a tweet that though you "have to turn on encryption per thread," he added that providing encryption to almost a billion people makes it hard to "put that genie back in the bottle."

An anonymous reader writes: The President of the Russian Federation, Vladimir Putin, has ordered the Federal Security Service (FSB) to produce "encryption keys" to decrypt all data on the internet, and the FSB has two weeks to do it, Meduza reports. The head of the FSB, Alexander Bortnikov, is responsible for accomplishing such a task. "The new 'anti-terrorist' laws require all 'organizers of information distribution' that add 'additional coding' to transmitted electronic messages to provide the FSB with any information necessary to decrypt those messages," reports Meduza. "It's still unclear what information exactly online resources are expected to turn over, given that all data on the internet is encoded, one way or another, and in many instances encryption keys for encrypted information simply don't exist." Some of the details of the executive order include requiring telecom providers and "organizers of information distribution" to store copies of the content of all information they transmit for six months and store the metadata for three years so the Kremlin can access it whenever they want. In order for that to happen, ISPs would need to build new data centers capable of holding all that information and buy imported equipment, all without state subsidies, where they risk going bankrupt. To actually operate the data centers, the Russian government would need to upgrade Russia's outdated electrical grid and cables, which could cost between $30 and $77 billion. What about the "encryption keys?" In addition to storing all the transmitted information, "organizers of information distribution" have to turn over "any information necessary to decrypt those messages." Therefore, "additional coding" will need to be added to all electronic messages to act as instructions for the FSB to "decode" them. Many services and websites don't have "keys" or are fundamentally unsharable, like banks and financial institutions. Nearly all electronic information needs to be "encoded" in some way. Bortnikov has two weeks and the clock starts now. Good luck!

Reader msm1267 writes: The default implementation for KeyStore, the system in Android designed to store user credentials and cryptographic keys, is broken, researchers say.>In an academic paper published this week, researchers argue that the particular encryption scheme that KeyStore uses fails to protect the integrity of keys and could be exploited to allow an attacker to modify stored keys through a forgery attack.
KeyStore, which performs key-specific actions through the OpenSSL library, allows Android apps to store and generate their own cryptographic keys. By storing keys in a container, KeyStore makes it more difficult to remove them from the device. Mohamed Sabt and Jacques Traore, two researchers with the French telecom Orange Labs, claim the scheme associated with the system is "non-provably secure," and could have "severe consequences." The two point out in their paper "Breaking Into the KeyStore: A Practical Forgery Attack Against Android KeyStore," that it's the hash-then-encrypt (HtE) authenticated encryption (AE) scheme in cipher block chaining mode (CBC) in KeyStore that fails to guarantee the integrity of keys.

Quantum computing could potentially someday be used to retroactively break any communications that were encrypted with today's standard encryption algorithms. Google realizes this, and hence, is ensuring that it doesn't happen. Today, it announced that it has begun to deploy a new type of cryptography called the New Hope algorithm in its Chrome Canary browser that is designed to prevent such decryption attacks. From a report on The Verge: Although quantum computers of this variety are only small and experimental at this stage, Google is taking precautions for the worst case scenario. "While they will, no doubt, be of huge benefit in some areas of study, some of the problems that they [quantum computers] are effective at solving are the ones that we use to secure digital communications," writes Matt Braithwaite, a Google software engineer, in a blog post. "Specifically, if large quantum computers can be built then they may be able to break the asymmetric cryptographic primitives that are currently used in TLS, the security protocol behind HTTPS." In other words, quantum computers could undermine the security of the entire internet. Quantum computers promise computational power far exceeding today's standards by taking advantage of the underpinning physics discipline. So the presence of a hypothetical future quantum computer, Braithwaite adds, puts at risk any and all encrypted internet communication past or present. It's unclear how secure New Hope (PDF) will prove to be for Chrome, and Braithwaite admits it could be less secure than its existing encryption. But Google says New Hope -- developed by researchers Erdem Alkim, Leo Ducas, Thomas Poppelmann and Peter Schwabe -- was the most promising of all post-quantum key-exchange software it looked into last year.

An anonymous reader writes: "The United Nations officially condemned the practice of countries shutting down access to the internet at a meeting of the Human Rights Council on Friday," reports the Register newspaper, saying Friday's resolution "effectively extends human rights held offline to the internet," including freedom of expression. "The resolution is a much-needed response to increased pressure on freedom of expression online in all parts of the world," said Thomas Hughes, Executive Director of Article 19, a long-standing British human rights group which had pushed for the resolution. "From impunity for the killings of bloggers to laws criminalizing legitimate dissent on social media, basic human rights principles are being disregarded to impose greater controls over the information we see and share online."

Thirteen countries, including Russia and China, had unsuccessfully urged the deletion of the text guaranteeing internet access, and Article 19 says the new resolution even commits states to address "security concerns on the Internet in accordance with their obligations to protect freedom of expression, privacy and other human rights online." But they also called the resolution a missed opportunity to urge states to strengthen protections on anonymity and encryption, and to clarify the boundaries between state and private ICT actors.

An anonymous reader writes: Google first implemented Full Disk Encryption in Android by default with Android 5.0 Lollipop in an effort to prevent criminals or government agencies from gaining unauthorized access to one's data. What it does is it encodes all the data on a user's Android device before it's ever written to disk using a user's authentication code. Once it is encrypted, it can only be decrypted if the user enters his/her password. However, security researcher Gal Beniamini has discovered issues with the full disk encryption. He published a step-by-step guide on how one can break down the encryption protections on Android devices powered by Qualcomm Snapdragon processors. The source of the exploit is posted on GitHub. Android's disk encryption on devices with Qualcomm chips is based only on your password. However, Android uses your password to create a 2048-bit RSA key (KeyMaster) derived from it instead. Qualcomm specifically runs in the Snapdragon TrustZone to protect critical functions like encryption and biometric scanning, but Beniamini discovered that it's possible to exploit a security flaw and retrieve the keys from TrustZone. Qualcomm runs a small kernel in TrustZone to offer a Trusted Execution Environment known as Qualcomm Secure Execution Environment (QSEE), which allows small apps to run inside of QSEE away from the main Android OS. Beniamini has detailed a way for attackers to exploit an Android kernel security flaw to load their own QSEE app inside this secure environment, thereby exploiting privilege escalation flaw and hijacking of the complete QSEE space, including the keys generated for full disk encryption. The researcher also said Qualcomm or OEMs can comply with government or law enforcement agencies to break the FDE: "Since the key is available to TrustZone, Qualcomm and OEMs [Original Equipment Manufacturers] could simply create and sign a TrustZone image which extracts the KeyMaster keys and flash it to the target device," Beniamini wrote. "This would allow law enforcement to easily brute force the FDE password off the device using the leaked keys."

An anonymous reader writes from a report via The Guardian: U.S. Republican congressional staff said in a report released Wednesday that previous efforts to regulate privacy technology were flawed and that lawmakers need to learn more about technology before trying to regulate it. The 25-page white paper is entitled Going Dark, Going Forward: A Primer on the Encryption Debate and it does not provide any solution to the encryption fight. However, it is notable for its criticism of other lawmakers who have tried to legislate their way out of the encryption debate. It also sets a new starting point for Congress as it mulls whether to legislate on encryption during the Clinton or Trump administration. "Lawmakers need to develop a far deeper understanding of this complex issue before they attempt a legislative fix," the committee staff wrote in their report. The committee calls for more dialogue on the topic and for more interviews with experts, even though they claim to have already held more than 100 such briefings, some of which are classified. The report says in the first line that public interest in encryption has surged once it was revealed that terrorists behind the Paris and San Bernardino attacks "used encrypted communications to evade detection." Congressman Ted Lieu is pushing the federal government to treat ransomware attacks on medical facilities as data breaches and require notifications of patients.

Trailrunner7 quotes a report from On the Wire: A powerful California congressman is pushing the federal government to treat ransomware attacks on medical facilities as data breaches and require notifications of patients. The pressure is coming from Rep. Ted Lieu (D-Calif.) and follows comments from officials at the Department of Health and Human Services about the department's plan to issue guidance to health care organizations about ransomware attacks. The Office for Civil Rights section of HHS, which has responsibility for health information privacy, will provide guidance on how to handle ransomware attacks, and Lieu is eager to ensure that the guidance specifically addresses how ransomware attacks relate to data breach regulations. "I welcome the news of HHS providing guidance to health providers on a matter that threatens so many hospital IT systems. However, we need to make clear that ransomware is not the same as conventional breaches. The threat to patients from ransomware is typically due to the denial of access to their medical records and medical services. Not only could this be a threat to privacy, but it could result in medical complications and deaths if hospitals can't access patient information," Lieu said in a statement. He sent a letter to the deputy director for health information privacy in the Office of Civil Rights at HHS, Deven McGraw, asking him to instruct health organizations and providers to notify patients of an attack if it results in a denial of access to a medical record or a loss of functionality thats necessary to provide patient care. In the past, Lieu has called for a full congressional investigation into the aforementioned widespread flaw in global phone networks that allows hackers to track anyone's location and spy on their phone calls and text messages. He was also one of the first lawmakers to publicly express his pro-encryption view after a federal judge ordered Apple to help the FBI break into the San Bernardino shooter's iPhone, saying it effectively "forces private-sector companies like Apple to be used as an arm of law enforcement."

Earlier this week, The Intercept evaluated the best instant messaging clients from the privacy standpoint. The list included Facebook's WhatsApp, Google's Allo, and Signal -- three apps that employ end-to-end encryption. One popular name that was missing from the list was Telegram. A report on Gizmodo sheds further light on the matter, adding that Telegram is riddled with a wide range of security issues, and "doesn't live up to its proclamations as a safe and secure messaging application." Citing many security experts, the report states:One major problem Telegram has is that it doesn't encrypt chats by default, something the FBI has advocated for. "There are many Telegram users who think they are communicating in an encrypted way, when they're not because they don't realize that they have to turn on an additional setting," Christopher Soghoian, Principal Technologist and Senior Policy Analyst at the American Civil Liberties Union, told Gizmodo. "Telegram has delivered everything that the government wants. Would I prefer that they used a method of encryption that followed industry best practices like WhatsApp and Signal? Certainly. But, if it's not turned on by default, it doesn't matter."The other issue that security experts have taken a note of is that Telegram employs its own encryption, which according to them, "is widely considered to be a fatal flaw when developing encrypted messaging apps." The report adds:"They use the MTproto protocol which is effectively homegrown and I've seen no proper proofs of its security," Alan Woodward, professor at the University of Surrey told Gizmodo. Woodward criticized Telegram for their lack of transparency regarding their home cooked encryption protocol. "At present we don't know enough to know if it's secure or insecure. That's the trouble with security by obscurity. It's usual for cryptographers to reveal the algorithms completely, but here we are in the dark. Unless you have considerable experience, you shouldn't write your own crypto. No one really understands why they did that."The list goes on and on.

A bill that was proposed recently in the Russian Duma to make cryptographic backdoors mandatory in all messaging apps, has passed. Patrick Howell O'Neill, reports for DailyDot:A massive surveillance bill is now on its way to becoming law in Russia. The "anti-terrorism" legislation includes a vast data-eavesdropping and -retention program so that telecom and internet companies have to record and store all customer communications for six months, potentially at a multitrillion-dollar cost. Additionally, all internet firms have to provide mandatory backdoor access into encrypted communications for the FSB, the Russian intelligence agency and successor to the KGB. The bill, with support from the ruling United Russia party, passed Friday in the Duma, Russia's lower legislative house, with 277 votes for, 148 against, and one abstaining. It now moves to Russia's Federal Council and the Kremlin, where it's expected to pass into law.

Let's Encrypt is a nonprofit aimed at encrypting the entire web. It provides free certificates, and its service is backed by EFF, Mozilla, Cisco, Akamai and others. Despite it being around for years, security firm Comodo, which as of 2015, was the largest issuer of SSL certificates with a 33.6% market share on 6.6% of all web domains, last year in October filed for the trademark Let's Encrypt. The team at Let's Encrypt wrote in a blog post today that they have asked Comodo to abandon its "Let's Encrypt" applications, directly but it has refused to do so. The blog post adds: We've forged relationships with millions of websites and users under the name Let's Encrypt, furthering our mission to make encryption free, easy, and accessible to everyone. We've also worked hard to build our unique identity within the community and to make that identity a reliable indicator of quality. We take it very seriously when we see the potential for our users to be confused, or worse, the potential for a third party to damage the trust our users have placed in us by intentionally creating such confusion. By attempting to register trademarks for our name, Comodo is actively attempting to do just that. Update: 06/23 22:25 GMT by M :Comodo CEO has addressed the issue on company's forum (screenshot).

There is no shortage of messaging apps out there, so which one should you be using? If you care about your privacy, you would want your messaging client to be end-to-end encrypted. This narrows down the list to WhatsApp, Signal, and Allo. The Intercept has evaluated the apps to find which among the three is the best from the privacy standpoint. The publication says that while all the three aforementioned apps use the same secure messaging protocol (Open Whisper System's), they differ on exactly what information is encrypted, what metadata is collected, and what, precisely, is stored in the cloud.
WhatsApp:It's important to keep in mind that, even with the Signal protocol in place, WhatsApp's servers can still see messages that users send through the service. They can't see what's inside the messages, but they can see who is sending a message to whom and when.In addition, WhatsApp also retains your contact list -- provided you have shared it with the service. If government requests access to this data, WhatsApp could hand it over.
Allo:The first thing to understand about Google's forthcoming Allo app is that, by default, Google will be able to read all of your Allo messages. If you want end-to-end encryption via the Signal protocol, you need to switch to an "incognito mode" within the app, which will be secure but include fewer features. [...] Allo's machine learning features prevent Google from turning on end-to-end encryption for all messages, since Google needs to be able to ingest the content of messages for the machine learning to work, a Google spokesperson confirmed. Signal:The first thing that sets Signal apart from WhatsApp and Allo is that it is open source. The app's code is freely available for experts to inspect for flaws or back doors in its security. Another thing that makes Signal unique is its business model: There is none. In stark contrast to Facebook and Google, which make their money selling ads, Open Whisper Systems is entirely supported by grants and donations. With no advertising to target, the company intentionally stores as little user data as possible. Signal's privacy policy is short and concise. Unlike WhatsApp, Signal doesn't store any message metadata. [...] If you back up your phone to your Google or iCloud account, Signal doesn't include any of your messages in this backup.But what about Telegram, you ask? A Gizmodo report, also published on Wednesday, says that Telegram's default settings store your message on its unencrypted servers. "This is pretty much one of the worst things you could imagine when trying to send secure messages."

Remember when FBI's director James Comey was spotted using a piece of tape over the camera on his laptop? At the time, Comey noted that he started doing it after he saw a person "smarter" than him do it as well. Facebook CEO Mark Zuckerberg apparently also puts a tape over his webcam. Zuckerberg posted an image on Facebook yesterday, celebrating Instagram's big milestone of hitting 500 million monthly active users. In the background, we can see that his laptop has a tape over the webcam, as well as something around the microphone port. From a report on The Guardian: Even experts who don't cover their cameras think they should. Why doesn't Matthew Green, an encryption expert at Johns Hopkins University? "Because I'm an idiot," he said. "I have no excuse for not taking this seriously ... but at the end of the day, I figure that seeing me naked would be punishment enough." While Zuckerberg probably does have any number of advanced persistent threats trying to break his digital security, normal people shouldn't be too complacent either. Installing backdoors on compromised computers is a common way for some hackers to occupy their time.On an unrelated note, it appears, Zuckerberg uses Mozilla's Thunderbird as his primary email client.

Patrick O'Neill quotes a report from The Daily Dot: A new bill in the Russian Duma, the country's lower legislative house, proposes to make cryptographic backdoors mandatory in all messaging apps in the country so the Federal Security Service -- the successor to the KGB -- can obtain special access to all communications within the country. [Apps like WhatsApp, Viber, and Telegram, all of which offer varying levels of encrypted security for messages, are specifically targeted in the "anti-terrorism" bill, according to the Russian-language media. Fines for the offending companies could reach 1 million rubles or about $15,000.] Russian Senator Elena Mizulina argued that the new bill ought to become law because, she said, teens are brainwashed in closed groups on the internet to murder police officers, a practice protected by encryption. Mizulina then went further. "Maybe we should revisit the idea of pre-filtering [messages]," she said. "We cannot look silently on this."

Nicola Hahn writes: While top secret NSA documents continue to trickle into the public sphere, tech industry leaders have endeavored to reassure anxious users by extolling the benefits of strong encryption. Rising demand among users for better privacy protection signifies a growth market for the titans of Silicon Valley -- this results in a tendency to frame the issue of cybersecurity in terms of the latest mobile device. Yet whistleblowers from our intelligence services offer dire warnings that contrast sharply with feel good corporate talking points. Edward Snowden, for example, noted that under mass surveillance we're essentially "tagged animals" who pay for our own tags. There's an argument to be made that the vast majority of network-connected gadgets enable monitoring far more than they protect individual liberty. In some instances, the most secure option is to opt out.

Iain Thomson, writing for The Register: CIA director John Brennan told U.S. senators they shouldn't worry about mandatory encryption backdoors hurting American businesses. And that's because, according to Brennan, there's no one else for people to turn to: if they don't want to use U.S.-based technology because it's been forced to use weakened cryptography, they'll be out of luck because non-American solutions are simply "theoretical." Thus, the choice is American-built-and-backdoored or nothing, apparently. The spymaster made the remarks at a congressional hearing on Thursday after Senator Ron Wyden (D-OR) questioned the CIA's support for weakening cryptography to allow g-men to peek at people's private communications and data. Brennan said this was needed to counter the ability of terrorists to coordinate their actions using encrypted communications. The director denied that forcing American companies to backdoor their security systems would cause any commercial problems.

An anonymous reader quotes a report from ZDNet: A hacker has stolen tens of millions of accounts from over a thousand popular forums, which host popular car, tech, and sports communities. The stolen database contains close to 45 million records from 1,100 websites and forums hosted by VerticalScope, a Toronto-based media company with dozens of major properties, including forums and sites run by AutoGuide.com, PetGuide.com, and TopHosts.com. "We are aware of the possible issue and our internal security team has been investigating and will be collecting information to provide to the appropriate law enforcement agencies," said Jerry Orban, vice-president of corporate development, in an email. In a sample given to ZDNet, the database shows email addresses, passwords that were hashed and salted passwords with MD5 (an algorithm that nowadays is easy to crack), as well as a user's IP address (which in some cases can determine location), and the site that the record was taken from. LeakedSource, which confirmed the findings, said in its blog post that it was "likely that VerticalScope stored all of their data on interconnected or even the same servers as there is no other way to explain a theft on such a large scale." A LeakedSource group member said it was "not related" to the recent hacks against MySpace, LinkedIn, and Tumblr. The report goes on to say: "A cursory search of the list of domains caught up in the hack revealed that none of the sites [ZDNet] checked offered basic HTTPS website encryption, which would prevent usernames and passwords from being intercepted."

On the sidelines of its Worldwide Developer's Conference, Apple also quietly unveiled a new file system dubbed APFS (Apple File System). Here's how the company describes it: HFS+ and its predecessor HFS are more than 30 years old. These file systems were developed in an era of floppy disks and spinning hard drives, where file sizes were calculated in kilobytes or megabytes. Today, solid-state drives store millions of files, accounting for gigabytes or terabytes of data. There is now also a greater importance placed on keeping sensitive information secure and safe from prying eyes. A new file system is needed to meet the current needs of Apple products, and support new technologies for decades to come.Ars Technica dived into the documentation to find that APFS comes with a range of "solid" features including support for 64-bit inode numbering, and improved granularity of object time-stamping. "APFS supports nanosecond time stamp granularity rather than the 1-second time stamp granularity in HFS+." It also supports copy-on-write metadata scheme which aims to ensure that file system commits and writes to the file system journal stay in sync even if "something happens during the write -- like if the system loses power." The new file system offers an improvement over Apple's previous full-disk encryption File Vault application. It also features Snapshots (that lets you throw off a read-only instant of a file system at any given point in time), and Clones. According to the documentation, APFS can create file or directory clones -- and like a proper next-generation file system, it does so instantly, rather than having to wait for data to be copied. From the report: Also interesting is the concept of "space sharing," where multiple volumes can be created out of the same chunk of underlying physical space. This sounds on first glance a lot like enterprise-style thin provisioning, where you can do things like create four 1TB volumes on a single 1TB disk, and each volume grows as space is added to it. You can add physical storage to keep up with the volume's growth without having to resize the logical volume.As the documentation notes, things are in early stage, so it might take a while before AFPS becomes available to general users.