Learn to Build 14 Websites with 28 Hours of Instruction on HTML, JavaScript, MySQL & More for $14 ×
Encryption

Without Encryption, Everything Stops, Says Snowden (thehill.com) 50

An anonymous reader writes about Snowden's appearance on a debate with CNN's Fareed Zakaria: Edward Snowden defended the importance of encryption, calling it the "backbone of computer security." He said, "Encryption saves lives. Encryption protects property. Without it, our economy stops. Our government stops. Everything stops. Our intelligence agencies say computer security is a bigger problem than terrorism, than crime, than anything else," he noted. "[...] Lawful access to any device or communication cannot be provided to anybody without fatally compromising the security of everybody."
Censorship

WhatsApp Blocked in Brazil for 72 Hours Over Data Dispute (techcrunch.com) 36

An anonymous reader cites an article on TechCrunch: WhatsApp, Facebook's messaging service that recently rolled out end-to-end encryption to its users, will be blocked in Brazil for 72 hours, starting this afternoon. A Brazilian judge ordered telecom providers in the country to block WhatsApp today in a dispute over access to encrypted data. Judge Marcel Montalvao has ordered WhatsApp to turn over chat records related to a drug investigation, but WhatsApp has argued that it cannot access the chats in an unencrypted form and therefore cannot provide the required records to the court. [...] This isn't Montalvao's first clash with WhatsApp, which boasts more than 100 million Brazilian users. The judge ordered the arrest of Facebook's vice president for Latin America, Diego Dzodan, in March. Facebook has said that WhatsApp operates with relative independence and that Dzodan has no control over WhatsApp data.American lawyer and journalist Glenn Greenwald said: "WhatsApp shut down again in Brazil as of 1 pm ET today: used by 100m people, 91% of those online: all from 1 judge."
Crime

The Government Wants Your Fingerprint To Unlock Phones (dailygazette.com) 210

schwit1 quotes this report from the Daily Gazette: "As the world watched the FBI spar with Apple this winter in an attempt to hack into a San Bernardino shooter's iPhone, federal officials were quietly waging a different encryption battle in a Los Angeles courtroom. There, authorities obtained a search warrant compelling the girlfriend of an alleged Armenian gang member to press her finger against an iPhone that had been seized from a Glendale home. The phone contained Apple's fingerprint identification system for unlocking, and prosecutors wanted access to the data inside it.

It marked a rare time that prosecutors have demanded a person provide a fingerprint to open a computer, but experts expect such cases to become more common as cracking digital security becomes a larger part of law enforcement work. The Glendale case and others like it are forcing courts to address a basic question: How far can the government go to obtain biometric markers such as fingerprints and hair?"

Iphone

FBI Bought $1M iPhone 5C Hack, But Doesn't Know How It Works (theguardian.com) 76

An anonymous reader writes: The FBI has no idea how the hack used in unlocking the San Bernardino shooter's iPhone 5C works, but it paid a sum less than $1m for the mechanism, according to a report. Reuters, citing several U.S. government sources, note that the government intelligence agency didn't pay a value over $1.3m for purchasing the hack from professional hackers, as previously reported by many outlets. The technique can also be used as many times as needed without further payments, the report adds. The FBI director, James Comey, said last week that the agency paid more to get into the iPhone 5C than he will make in the remaining seven years and four months he has in his job, suggesting the hack cost more than $1.3m, based on his annual salary.
Encryption

Top Security Experts Say Anti-Encryption Bill Authors Are 'Woefully Ignorant' (dailydot.com) 90

blottsie writes from a report on the Daily Dot: In a Wall Street Journal editorial titled "Encryption Without Tears," Sens. Richard Burr and Dianne Feinstein pushed back on widespread condemnation of their Compliance with Court Orders Act, which would require tech companies to provide authorities with user data in an "intelligible" format if served with a warrant. But security experts Bruce Schneir, Matthew Green, and others say the lawmakers entirely misunderstand the issue. "On a weekly basis we see gigabytes of that information dumped to the Internet," Green told the Daily Dot. "This is the whole problem that encryption is intended to solve." He added: "You can't hold out the current flaws in the Internet as a justification for why the Internet shouldn't be made secure." "These criticisms of Burr and Feinstein's analogy emphasize an important point about digital security: The differences between the levels of encryption protecting certain types of data -- purchase records on Amazon's servers versus photos on an iPhone, for example -- lead to different levels of risk," writes Eric Geller of the Daily Dot.
Crime

Child Porn Suspect Jailed Indefinitely For Refusing To Decrypt Hard Drives (arstechnica.com) 787

An anonymous reader quotes a report from Ars Technica: A Philadelphia man suspected of possessing child pornography has been in jail for seven months and counting after being found in contempt of a court order demanding that he decrypt two password-protected hard drives. The suspect, a former Philadelphia Police Department sergeant, has not been charged with any child porn crimes. Instead, he remains indefinitely imprisoned in Philadelphia's Federal Detention Center for refusing to unlock two drives encrypted with Apple's FileVault software in a case that once again highlights the extent to which the authorities are going to crack encrypted devices. The man is to remain jailed "until such time that he fully complies" with the decryption order. The government successfully cited a 1789 law known as the All Writs Act to compel (PDF) the suspect to decrypt two hard drives it believes contain child pornography. The All Writs Act was the same law the Justice Department asserted in its legal battle with Apple.
Encryption

A Complete Guide To The New 'Crypto Wars' (dailydot.com) 68

blottsie writes: The latest debate over encryption did not begin with a court order demanding Apple help the FBI unlock a dead terrorist's iPhone. The new "Crypto Wars," chronicled in a comprehensive timeline by Eric Geller of the Daily Dot, dates back to at least 2003, with the introduction of "Patriot Act II." The battle over privacy and personal security versus crime-fighting and national security has, however, become a mainstream debate in recent months. The timeline covers a wide-range of incidents where the U.S. and other allied governments have tried to restrict citizens' access to strong encryption. The timeline ends with the director of national intelligence blaming NSA whistleblower Edward Snowden for advancing the spread of user-friendly, widely available strong encryption.
Encryption

Millions Of Waze Users Can Have Their Movements Tracked By Hackers (fusion.net) 55

An anonymous reader quotes a report from Fusion: Researchers at the University of California-Santa Barbara recently discovered a Waze vulnerability that allowed them to create thousands of "ghost drivers" that can monitor the drivers around them -- an exploit that could be used to track Waze users in real-time. Here's how the exploit works. Waze's servers communicate with phones using an SSL encrypted connection, a security precaution meant to ensure that Waze's computers are really talking to a Waze app on someone's smartphone. Zhao and his graduate students discovered they could intercept that communication by getting the phone to accept their own computer as a go-between in the connection. Once in between the phone and the Waze servers, they could reverse-engineer the Waze protocol, learning the language that the Waze app uses to talk to Waze's back-end app servers. With that knowledge in hand, the team was able to write a program that issued commands directly to Waze servers, allowing the researchers to populate the Waze system with thousands of "ghost cars" -- cars that could cause a fake traffic jam or, because Waze is a social app where drivers broadcast their locations, monitor all the drivers around them. You can read the full paper detailing the researchers' findings here. Is there a solution to not being tracked? Yes. If you're a Waze user, you can set the app to invisible mode. However, Waze turns off invisible mode every time you restart the app so beware.
Security

FBI Director Suggests iPhone Hacking Method May Remain Secret (reuters.com) 110

An anonymous reader quotes a report from Reuters: FBI Director James Comey said on Tuesday that his agency was still assessing whether a vulnerability used to unlock an iPhone linked to one of the San Bernardino killers would go through a government review to determine if it should be disclosed to Apple or the public. "We are in the midst of trying to sort that out," Comey said. "The threshold (for disclosure) is, are we aware of the vulnerability, or did we just buy a tool and don't have sufficient knowledge of the vulnerability to implicate the process?" The White House has a procedure for reviewing technology security flaws and deciding which ones should be made public. Although officials say the process leans toward disclosure, it is not set up to handle or reveal flaws that are discovered and owned by private companies, sources have told Reuters, raising questions about the effectiveness of the so-called Vulnerabilities Equities Process.
Encryption

US Begins Dropping 'Cyberbombs' On ISIS (nytimes.com) 121

In what appears to be a significant shift in its tactic to battle against the terrorist organization, the U.S. has begun launching cyberattacks against ISIS (non-paywall link). The New York Times reports that the Department of Defense's Cyber Command unit is mounting cyberattacks against the terrorist organization. The Cyber Command unit aims to stop the organization from spreading its message. The Times reports: The goal of the new campaign is to disrupt the ability of the Islamic State to spread its message, attract new adherents, circulate orders from commanders and carry out day-to-day functions, like paying its fighters. A benefit of the administration's exceedingly rare public discussion of the campaign, officials said, is to rattle the Islamic State's commanders, who have begun to realize that sophisticated hacking efforts are manipulating their data. Potential recruits may also be deterred if they come to worry about the security of their communications with the militant group. "We are dropping cyberbombs," Robert O. Work, deputy secretary of defense said. "We have never done that before."
Encryption

US Wants Its Own Secure and Self-Destructing Messaging App -- And It's Willing to Pay (bloomberg.com) 83

Long time reader schwit1 writes: The Defense Advanced Research Projects Agency (DARPA), an agency within the Department of Defense historically known for creating the Internet itself, has published a call for companies to submit proposals to build a robust messaging platform that the military could use for secure communication of everything from intelligence to procurement contracts. "Troops on the ground in denied communications environments would have a way to securely communicate back to HQ and DoD back office executives could rest assured that their logistics system is efficient, timely and safe from hackers," according to the DARPA proposal. The request for proposals, reported earlier by the UK's Telegraph outlet, also says that the messaging platform should incorporate a customized blockchain, the distributed ledger technology that underpins the digital currency bitcoin, for recording messages and contract information. The proposal says such a distributed ledger would allow the military to conduct its business in a more efficient and secure fashion.Motherboard's Lorenzo Franceschi-Bicchierai reports that DARPA is willing to pay people to make this app. "This project falls under the rules of the Small Business Technology Transfer (STTR) program. During the first phase, according to the program's rules, successful applicants might be awarded no more than $150,000 for one year. The companies and researchers who are part of phase one can then be eligible for a phase two award of up to $1 million for two years. Lastly, during phase three, the company or companies can pursue commercialization, and receive no funds from the federal government."
Government

Spy Chief Complains That Edward Snowden Sped Up Spread of Encryption By 7 Years (theintercept.com) 242

An anonymous reader cites an article on The Intercept: The director of national intelligence on Monday blamed NSA whistleblower Edward Snowden for advancing the development of user-friendly, widely available strong encryption. "As a result of the Snowden revelations, the onset of commercial encryption has accelerated by seven years," James Clapper said. The shortened timeline has had "a profound effect on our ability to collect, particularly against terrorists," he said. When pressed by The Intercept to explain his figure, Clapper said it came from the National Security Agency. "The projected growth maturation and installation of commercially available encryption -- what they had forecasted for seven years ahead, three years ago, was accelerated to now, because of the revelation of the leaks." Asked if that was a good thing, leading to better protection for American consumers from the arms race of hackers constantly trying to penetrate software worldwide, Clapper answered no. "From our standpoint, it's not ⦠it's not a good thing," he said."Of all the things I've been accused of," Snowden said, "this is the one of which I am most proud."
Government

From Uber To Eric Schmidt, Tech Is Closer To the US Government Than You'd Think (theguardian.com) 48

An anonymous reader shares an article on The Guardian: Alphabet's executive chairman, Eric Schmidt, recently joined a Department of Defense advisory panel. Facebook recently hired a former director at the U.S. military's research lab, Darpa. Uber employs Barack Obama's former campaign manager David Plouffe and Amazon.com tapped his former spokesman Jay Carney. Google, Facebook, Uber and Apple collectively employ a couple of dozen former analysts for America's spy agencies, who openly list their resumes on LinkedIn.

These connections are neither new nor secret. But the fact they are so accepted illustrates how tech's leaders -- even amid current fights over encryption and surveillance -- are still seen as mostly U.S. firms that back up American values. Christopher Soghoian, a technologist with the American Civil Liberties Union, said low-level employees' government connections matter less than leading executives' ties to government. For instance, at least a dozen Google engineers have worked at the NSA, according to publicly available records on LinkedIn. And, this being Silicon Valley, not everyone who worked for a spy agency advertises that on LinkedIn. Soghoian, a vocal critic of mass surveillance, said Google hiring an ex-hacker for the NSA to work on security doesn't really bother him. "But Eric Schmidt having a close relationship with the White House does," he said.
Danny Yadron, said, "What's worse for a Silicon Valley executive: ties to the Chinese military or friends in the US Defense Department?"
Opera

Opera Adds Free VPN-Client With Unlimited Usage To Its Desktop Browser 101

On Thursday, Opera announced that it is adding a free built-in virtual private network (VPN) client to its desktop browser. The feature, which isn't available on other popular Web browsers, will allow users to hide their IP address, unblock firewalls and access region-locked content. It will also help users protect their personal information on public Wi-Fi networks as it offers 256-bit encryption. "Everyone deserves to be private online if they want to be," Krystian Kolondra, SVP at Opera told Slashdot in a statement. "By adding a free, unlimited VPN directly into the browser, no additional download or extensions from an unknown third-party provider are necessary."

The move comes a year after Opera acquired North American VPN company SurfEasy. Unlike Chrome and Firefox, which require you to use an additional third-party tool (such as an extension), Opera's VPN offering is baked in the browser. What's more, it is free and offers unlimited usage. The feature is available on Opera's Mac, Windows, and Linux clients.
Privacy

Can Switzerland Become a Safe Haven For the World's Data? (dailydot.com) 103

An anonymous reader shares an interesting article on Daily Dot which lists a number of reasons why Switzerland should be deemed as the nation for storing all of your data. The article reads: As United States and European Union regulators debate a sweeping new data-privacy agreement, Switzerland is presenting itself as a viable neutral location for storing the world's data thanks to strict privacy laws and ideal infrastructure. The Swiss constitution guarantees data privacy under Article 13. The country's laws protecting privacy are similar to those enacted by the E.U. Swiss data protections are also, in some cases, much stricter than those of the E.U., according to Nicola Benz, attorney at Swiss law firm Froriep. And since Switzerland is not part of the E.U., data stored there remains outside the reach of the union's authorities. [...] The country's tight privacy laws could make the small nation more attractive to privacy-focused start-ups. And it already has that momentum. After the former NSA contractor Edward Snowden 2013 revelations about the National Security Agency's secret surveillance activities, Switzerland witnessed something of a boom in its data-center business. Phil Zimmermann, creator of the popular PGP encryption protocol and founder of Silent Circle, even left the U.S. for Switzerland last year, citing the overreach of American authorities. Andy Yen, CEO of Swiss-based encrypted email service Protonmail, said that the country has robust processes in how it carries out data requests from authorities. Data requests have to go through a court like in most countries, said Yen, but "the person that's having their data requested needs to be notified eventually about the request happening and there's an opportunity to fight it in an open court. This is quite different than the U.S., where things can go through a so-called FISA court."
Encryption

FBI Tells Congress It Needs Hackers To Keep Up With Tech Company Encryption (buzzfeed.com) 103

An anonymous reader quotes a report from BuzzFeed: A high ranking technology official with the FBI told members of Congress Tuesday that the agency is incapable of cracking locked phones and devices on its own, even with additional resources. Amy Hess, the agency's executive assistant director for science and technology told a panel of the House Energy and Commerce Committee that encrypted communications continue to pose a challenge to the American law enforcement, and to the safety of the American public. But when asked by lawmakers to provide a practical solution beyond the FBI's talking points, she said that the cooperation of technology companies would be necessary. According to the New York Times, "The FBI defended its hiring of a third-party company to break into an iPhone used by a gunman in last year's San Bernardino, Calif., mass shooting, telling some lawmakers on Tuesday that it needed to join with partners in the rarefied world of for-profit hackers as technology companies increasingly resist their demands for consumer information." They are stressing the importance of cooperation with tech companies and "third parties" to help fight terrorism, claiming they do not have the capabilities and resources available to crack encrypted devices. Congress is currently debating potential legislation on encryption.
Encryption

Viber Update Brings End-To-End Encryption and Hidden Chats (gsmarena.com) 39

An anonymous reader writes: The new hip thing to do if you're a developer of a messaging app is to encrypt everyone's messages -- everyone's doing it! WhatsApp announced earlier this month all messages being sent through the service will now be end-to-end encrypted. Today, Viber has announcd it is doing something similar. All messages being sent through the latest version of the app will be end-to-end encrypted. To confirm messages are being encrypted, a padlock icon will appear in the chat UI. The latest version of the app is already available in the iOS App Store and Android Google Play Store. Viber is one of the largest messaging platforms with over 700 million users. Hidden chats can also be found in the new update. Users can hide select chats with people and access/display them with a PIN or Touch ID.
Encryption

Apple Refused China Request For Source Code In Last Two Years: Lawyer (reuters.com) 57

Dustin Volz, reporting for Reuters: Apple has been asked by Chinese authorities within the last two years to hand over its source code but refused to do so, the company's top lawyer told U.S. lawmakers at a hearing on Tuesday. Apple general counsel Bruce Sewell made the statement in response to a line of attack from law enforcement officials who have attempted to portray Apple as complicit in handing over information to Chinese authorities for business reasons while refusing to cooperate with U.S. requests for access to private data in criminal investigations. Apple and the FBI returned to Washington to testify before lawmakers about their heated disagreement over law enforcement access to encrypted devices, highlighted in the case of a locked iPhone linked to a gunman in last December's Islamist militant-inspired shootings in San Bernardino, California. Earlier in the hearing before a House Energy and Commerce subcommittee, Captain Charles Cohen, commander in the Indiana State Police, repeated the suggestion that Apple has quietly cooperated with Beijing. But when pressed by Representative Anna Eshoo, a California Democrat, for the source of that claim, Cohen only cited news reports. "That takes my breath away," a visibly frustrated Eshoo said. "That is a huge allegation."In some other Apple news, the Cupertino-based company complied with 80% of U.S. law enforcement requests in the second half of 2015, its just released transparency report shows. U.S. law enforcement asked Apple for information 4,000 times, covering 16,112 devices in the second half of 2015.
Encryption

BlackBerry Comments on Canadian Police Eavesdropping Report (blackberry.com) 61

Last week, a report, citing court documents, claimed that Canadian police have had BlackBerry's global decryption key since 2010. Today BlackBerry CEO John Chen officially commented on the report. In a blog post, Chen reiterated that his company remains committed to doing what is "right for the citizenry," without confirming if the Candian police have the "global encryption key." "I have stated before that we are indeed in a dark place when companies put their reputations above the greater good," Chen wrote, adding that the company's cooperation with the Canadian police resulted in shutting down a criminal organization. He adds: Regarding BlackBerry's assistance, I can reaffirm that we stood by our lawful access principles. Furthermore, at no point was BlackBerry's BES server involved. Our BES continues to be impenetrable -- also without the ability for backdoor access -- and is the most secure mobile platform for managing all mobile devices. That's why we are the gold standard in government and enterprise-grade security. For BlackBerry, there is a balance between doing what's right, such as helping to apprehend criminals, and preventing government abuse of invading citizen's privacy, including when we refused to give Pakistan access to our servers. (Update). We have been able to find this balance even as governments have pressured us to change our ethical grounds. Despite these pressures, our position has been unwavering and our actions are proof we commit to these principles. To recall, Chen criticized Apple last year when the iPhone maker refused to unlock a terrorist's iPhone. At the time, he said, Apple was "putting reputation above the greater good."
Security

Researchers Find Hybrid GozNym Malware, 24 Financial Institutions Already Affected (securityintelligence.com) 21

An anonymous reader writes: Researchers are warning about a new hybrid Trojan -- dubbed GozNym-- which is a combination of Nymaim dropper and the Gozi financial malware. IBM researchers say that the malware has been designed to target banks, ecommerce websites, and retail banking, adding that GozNym has already targeted 22 financial institutions in the United States and two in Canada. A ComputerWorld report sheds more light into it, "Nymaim is what researchers call a dropper. Its purpose is to download and run other malware programs on infected computers. It is usually distributed through Web-based exploits launched from compromised websites. Nymaim uses detection evasion techniques such as encryption, anti-VM and anti-debugging routines, and control flow obfuscation. In the past, it has primarily been used to install ransomware on computers. The integration between Nymaim and Gozi became complete in April, when a new version was discovered that combined code from both threats in a single new Trojan -- GozNym."

Slashdot Top Deals