Posts Tagged communications

A Prize Is Needed For Easy Encryption

Posted by Brian in Comms, Threat Watch on 30/Apr/2014 12:16

From the Electronic Frontier Foundation:

In an era when email and messaging services are being regularly subject to attacks, surveillance, and compelled disclosure of user data, we know that many people around the world need secure end-to-end encrypted communications tools so that service providers and governments cannot read their messages. Unfortunately, the software that has traditionally been used for these purposes, such as PGP and OTR, suffers from numerous usability problems that make it impractical for many of the journalists, activists and others around the world whose lives and liberty depend on their ability to communicate confidentially. Read the rest of this entry »

, , , , , , , ,

No Comments

Keeping the NSA in Perspective

Posted by Brian in Opinion on 24/Apr/2014 12:53

Keeping the NSA in Perspective is republished with permission of Stratfor.”

Editor’s Note: The following Geopolitical Weekly originally ran in July 2013. We repost it today in light of the April 21 awarding of the 2014 Pulitzer Prize for public service to The Washington Post and The Guardian US for their reporting on the National Security Agency’s large-scale surveillance programs.

By George Friedman

In June 1942, the bulk of the Japanese fleet sailed to seize the Island of Midway. Had Midway fallen, Pearl Harbor would have been at risk and U.S. submarines, unable to refuel at Midway, would have been much less effective. Most of all, the Japanese wanted to surprise the Americans and draw them into a naval battle they couldn’t win.

The Japanese fleet was vast. The Americans had two carriers intact in addition to one that was badly damaged. The United States had only one advantage: It had broken Japan’s naval code and thus knew a great deal of the country’s battle plan. In large part because of this cryptologic advantage, a handful of American ships devastated the Japanese fleet and changed the balance of power in the Pacific permanently. Read the rest of this entry »

, , , , , , ,

No Comments

You Can Have Privacy on the Net

Posted by Brian in Comms, Law, Threat Watch on 24/Feb/2014 08:49

Two members of the Electronic Frontier Foundation talk about how it is possible over at Slate:

Despite all of the awareness-raising around surveillance that has taken place over the last year, many individuals feel disempowered, helpless to fight back. Efforts such as the February 11 initiative the Day We Fight Back aim to empower individuals to lobby their representatives for better regulation of mass surveillance. But legislation and policy are only part of the solution. In order to successfully protect our privacy, we must take an approach that looks at the whole picture: our behavior, the potential risks we face in disclosing data, and the person or entity posing those risks, whether a government or company. And in order to successfully fight off the feeling of futility, we must understand the threats we face.

, , , ,

No Comments

RSA Paid $10 Million By NSA To Keep Backdoor In Crypto

Posted by Brian in Comms, News, Threat Watch on 27/Dec/2013 14:46

From Ars Technica:

Security company RSA was paid $10 million to use the flawed Dual_EC_DRBG pseudorandom number generating algorithm as the default algorithm in its BSafe crypto library, according to sources speaking to Reuters.

, , , ,

No Comments

Military To Add Mobile Devices To Networks

Posted by Brian in Comms, News, Warriors on 21/Dec/2013 12:12

From FierceMobileIT:

For the first time in U.S. military history, foot soldiers and company support teams in Afghanistan are using specialized handheld mobile devices to access digital maps, exchange information with other troops and store mission-critical information. What began in 2011 as a way to supply soldiers with high-resolution maps on a PDA-type device eventually morphed into a suite of over 50 apps on something that now more closely resembles a mobile phone.

From Military.com:

In May, the Defense Department approved government-issued Apple devices using the iOS 6 operating system to connect to its networks, so long as they are operated within the confines of mobility pilots or a mobile device management (MDM) solution, once that is in place.

Likewise, the Samsung Knox version of Android was approved for use on DoD networks, pending the rollout of an MDM solution, said DoD spokesman Lt. Col. Damien Pickart.

, , , , ,

No Comments

Spy Apps For the Individual

Posted by Brian in Comms, News, Threat Watch on 6/Nov/2013 13:26

Silent Circle – Secure Communications

Photo Trap – Tamper Detection

Life360 – Safety and Tracking

1Password – Secure Password Management

iDiscreet – Data Encryption

Norton Mobile Security – Firewall for Phones

, , , , , , ,

No Comments

Press Release: Dark Mail Alliance

Posted by Brian in Comms, News on 30/Oct/2013 14:37

Today at the Inbox Love conference in Mountain View, CA, Silent Circle along with Ladar Levision, Founder of Lavabit officially announced the creation of the Dark Mail Alliance.

Silent Circle and Lavabit, as privacy innovators have partnered to lead the charge to replace email as we know it today – fundamentally broken from a privacy perspective – we have collaborated in developing a private, next-generation, end-to-end encrypted alternative. Read the rest of this entry »

, , , , , , , ,

No Comments

Head of NSA Out in 2014

Posted by Brian in Comms, News, Threat Watch on 24/Oct/2013 12:54

From The Guardian:

Alexander has formalized plans to leave by next March or April, while his civilian deputy, Chris Inglis, is due to retire by year’s end, according to US officials who spoke on condition of anonymity.

, ,

No Comments

NSA May Have Impersonated Google

Posted by Brian in Comms, Law, News on 13/Sep/2013 14:00

From Cnet.com:

Earlier this week, Techdirt picked up on a passing mention in a Brazilian news story and a Slate article to point out that the US National Security Agency had apparently impersonated Google on at least one occasion to gather data on people. (Mother Jones subsequently pointed out Techdirt’s point-out.)

A technique commonly used by hackers, a MITM attack involves using a fake security certificate to pose as a legitimate Web service, bypass browser security settings, and then intercept data that an unsuspecting person is sending to that service. Hackers could, for example, pose as a banking Web site and steal passwords.

, , , , , , , ,

No Comments

Silent Circle Comments on the NSA

Posted by Brian in Law, News on 12/Sep/2013 13:46

Here is an excerpt of Silent Circle’s  editorial from their company blog:

We at Silent Circle believe these revelations and disclosures are some of the best things that could happen to the technology sector. In fact, the battle for your digital soul has turned strongly towards Privacy’s corner because we now know what we are up against. We are beginning to define the capabilities and tactics of the world’s surveillance machine. Before all of this -we speculated, guessed and hypothesized that it was bad –we were all way off. It’s horrendous. It’s Orwell’s 1984 on steroids. It doesn’t matter –we will win the war.

, , , , , , , ,

No Comments

The NSA and the Obama Administration

Posted by Brian in Comms, Law, News, Threat Watch on 11/Sep/2013 13:01

Just after the revelations about the NSA’s encryption-breaking abilities, there is now a story that the Obama administration let the leash off the NSA in 2011. In the encryption story published by The Guardian, New York Times and Pro Publica there was an interesting nugget of information. The programs run by the NSA are named after Civil War battles. Does that mean that the NSA sees the American public as its enemy? I have no problem with the NSA doing what they do and focusing that effort outward but as soon as that capability is turned inward on our own citizens that is when we have a problem. There is that pesky Fourth Amendment to the Constitution that specifically prohibits looking at our “effects”:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Bruce Schneier, a security technologist, is now calling on engineers who work in the government or for companies that contract with the government to start blowing the whistle on these type of programs. This administration has a history of citing the dangers that certain citizens pose while ignoring the explicit threats from outside. Targeting Americans with these programs is unacceptable.

, , , , , , , , ,

No Comments

Silent Circle Can’t Guarantee Customers’ Privacy From NSA

Posted by Brian in Comms, News, Threat Watch on 10/Aug/2013 13:42

From Tech Crunch:

“We knew USG would come after us”. That’s why Silent Circle CEO Michael Janke tells TechCrunch his company shut down its Silent Mail encrypted email service. It hadn’t been told to provide data to the government, but after Lavabit shut down today rather than be “complicit” with NSA spying, Silent Circle told customers it has killed off Silent Mail rather than risk their privacy.

Full press release from Silent Circle.

What Silent Circle does:

, , , , , , , , , ,

No Comments

Andriod Backup Services May Not Be Secure

Posted by Brian in Comms, News on 7/Aug/2013 13:58

If you use an Android device you may want to review how you store your settings and passwords.

From the Electronic Frontier Foundation:

If you have a recent Android phone or tablet, chances are you take advantage of a convenient feature to backup your application settings and wireless network passwords. This feature is enabled by default in Android 2.2 and later, and it can make switching to a new device or replacing a lost phone a quicker process. If you haven’t examined all the settings for your phone, you might not know if this setting is enabled.

, , , , , , , , ,

No Comments

Keeping the NSA in Perspective

Posted by Brian in News, Threat Watch on 24/Jul/2013 08:21

Keeping the NSA in Perspective is republished with permission of Stratfor.”

By George Friedman

In June 1942, the bulk of the Japanese fleet sailed to seize the Island of Midway. Had Midway fallen, Pearl Harbor would have been at risk and U.S. submarines, unable to refuel at Midway, would have been much less effective. Most of all, the Japanese wanted to surprise the Americans and draw them into a naval battle they couldn’t win.

The Japanese fleet was vast. The Americans had two carriers intact in addition to one that was badly damaged. The United States had only one advantage: It had broken Japan’s naval code and thus knew a great deal of the country’s battle plan. In large part because of this cryptologic advantage, a handful of American ships devastated the Japanese fleet and changed the balance of power in the Pacific permanently. Read the rest of this entry »

, , , , , , , ,

No Comments

Concern Increasing Over Skype’s Security

Posted by Brian in Comms, News, Threat Watch on 22/Jul/2013 12:53

From Electronic Freedom Foundation:

This security limitation has concerned us for a long time. Last year, Chris Soghoian argued that, for this reason, “Skype is in a position to give the government sufficient data to perform a man in the middle attack against Skype users.” Soghoian argued that Skype should change its design to eliminate this ability, or else disclose the risk more prominently. One way of limiting man-in-the-middle attacks would be for Skype to introduce a way for users to do their own encryption key verification, without relying on the Skype service. As Soghoian notes, that’s what many other encrypted communications tools do—but such a verification option is missing from Skype.

, , , , , , ,

No Comments