Posts Tagged communications

You Can Have Privacy on the Net

Two members of the Electronic Frontier Foundation talk about how it is possible over at Slate:

Despite all of the awareness-raising around surveillance that has taken place over the last year, many individuals feel disempowered, helpless to fight back. Efforts such as the February 11 initiative the Day We Fight Back aim to empower individuals to lobby their representatives for better regulation of mass surveillance. But legislation and policy are only part of the solution. In order to successfully protect our privacy, we must take an approach that looks at the whole picture: our behavior, the potential risks we face in disclosing data, and the person or entity posing those risks, whether a government or company. And in order to successfully fight off the feeling of futility, we must understand the threats we face.

, , , ,

No Comments

RSA Paid $10 Million By NSA To Keep Backdoor In Crypto

From Ars Technica:

Security company RSA was paid $10 million to use the flawed Dual_EC_DRBG pseudorandom number generating algorithm as the default algorithm in its BSafe crypto library, according to sources speaking to Reuters.

, , , ,

No Comments

Military To Add Mobile Devices To Networks

From FierceMobileIT:

For the first time in U.S. military history, foot soldiers and company support teams in Afghanistan are using specialized handheld mobile devices to access digital maps, exchange information with other troops and store mission-critical information. What began in 2011 as a way to supply soldiers with high-resolution maps on a PDA-type device eventually morphed into a suite of over 50 apps on something that now more closely resembles a mobile phone.

From Military.com:

In May, the Defense Department approved government-issued Apple devices using the iOS 6 operating system to connect to its networks, so long as they are operated within the confines of mobility pilots or a mobile device management (MDM) solution, once that is in place.

Likewise, the Samsung Knox version of Android was approved for use on DoD networks, pending the rollout of an MDM solution, said DoD spokesman Lt. Col. Damien Pickart.

, , , , ,

No Comments

Spy Apps For the Individual

Silent Circle – Secure Communications

Photo Trap – Tamper Detection

Life360 – Safety and Tracking

1Password – Secure Password Management

iDiscreet – Data Encryption

Norton Mobile Security – Firewall for Phones

, , , , , , ,

No Comments

Press Release: Dark Mail Alliance

Today at the Inbox Love conference in Mountain View, CA, Silent Circle along with Ladar Levision, Founder of Lavabit officially announced the creation of the Dark Mail Alliance.

Silent Circle and Lavabit, as privacy innovators have partnered to lead the charge to replace email as we know it today – fundamentally broken from a privacy perspective – we have collaborated in developing a private, next-generation, end-to-end encrypted alternative. Read the rest of this entry »

, , , , , , , ,

No Comments

Head of NSA Out in 2014

From The Guardian:

Alexander has formalized plans to leave by next March or April, while his civilian deputy, Chris Inglis, is due to retire by year’s end, according to US officials who spoke on condition of anonymity.

, ,

No Comments

NSA May Have Impersonated Google

From Cnet.com:

Earlier this week, Techdirt picked up on a passing mention in a Brazilian news story and a Slate article to point out that the US National Security Agency had apparently impersonated Google on at least one occasion to gather data on people. (Mother Jones subsequently pointed out Techdirt’s point-out.)

A technique commonly used by hackers, a MITM attack involves using a fake security certificate to pose as a legitimate Web service, bypass browser security settings, and then intercept data that an unsuspecting person is sending to that service. Hackers could, for example, pose as a banking Web site and steal passwords.

, , , , , , , ,

No Comments

Silent Circle Comments on the NSA

Here is an excerpt of Silent Circle’s  editorial from their company blog:

We at Silent Circle believe these revelations and disclosures are some of the best things that could happen to the technology sector. In fact, the battle for your digital soul has turned strongly towards Privacy’s corner because we now know what we are up against. We are beginning to define the capabilities and tactics of the world’s surveillance machine. Before all of this -we speculated, guessed and hypothesized that it was bad –we were all way off. It’s horrendous. It’s Orwell’s 1984 on steroids. It doesn’t matter –we will win the war.

, , , , , , , ,

No Comments

The NSA and the Obama Administration

Just after the revelations about the NSA’s encryption-breaking abilities, there is now a story that the Obama administration let the leash off the NSA in 2011. In the encryption story published by The Guardian, New York Times and Pro Publica there was an interesting nugget of information. The programs run by the NSA are named after Civil War battles. Does that mean that the NSA sees the American public as its enemy? I have no problem with the NSA doing what they do and focusing that effort outward but as soon as that capability is turned inward on our own citizens that is when we have a problem. There is that pesky Fourth Amendment to the Constitution that specifically prohibits looking at our “effects”:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Bruce Schneier, a security technologist, is now calling on engineers who work in the government or for companies that contract with the government to start blowing the whistle on these type of programs. This administration has a history of citing the dangers that certain citizens pose while ignoring the explicit threats from outside. Targeting Americans with these programs is unacceptable.

, , , , , , , , ,

No Comments

Silent Circle Can’t Guarantee Customers’ Privacy From NSA

From Tech Crunch:

“We knew USG would come after us”. That’s why Silent Circle CEO Michael Janke tells TechCrunch his company shut down its Silent Mail encrypted email service. It hadn’t been told to provide data to the government, but after Lavabit shut down today rather than be “complicit” with NSA spying, Silent Circle told customers it has killed off Silent Mail rather than risk their privacy.

Full press release from Silent Circle.

What Silent Circle does:

, , , , , , , , , ,

No Comments

Andriod Backup Services May Not Be Secure

If you use an Android device you may want to review how you store your settings and passwords.

From the Electronic Frontier Foundation:

If you have a recent Android phone or tablet, chances are you take advantage of a convenient feature to backup your application settings and wireless network passwords. This feature is enabled by default in Android 2.2 and later, and it can make switching to a new device or replacing a lost phone a quicker process. If you haven’t examined all the settings for your phone, you might not know if this setting is enabled.

, , , , , , , , ,

No Comments

Keeping the NSA in Perspective

Keeping the NSA in Perspective is republished with permission of Stratfor.”

By George Friedman

In June 1942, the bulk of the Japanese fleet sailed to seize the Island of Midway. Had Midway fallen, Pearl Harbor would have been at risk and U.S. submarines, unable to refuel at Midway, would have been much less effective. Most of all, the Japanese wanted to surprise the Americans and draw them into a naval battle they couldn’t win.

The Japanese fleet was vast. The Americans had two carriers intact in addition to one that was badly damaged. The United States had only one advantage: It had broken Japan’s naval code and thus knew a great deal of the country’s battle plan. In large part because of this cryptologic advantage, a handful of American ships devastated the Japanese fleet and changed the balance of power in the Pacific permanently. Read the rest of this entry »

, , , , , , , ,

No Comments

Concern Increasing Over Skype’s Security

From Electronic Freedom Foundation:

This security limitation has concerned us for a long time. Last year, Chris Soghoian argued that, for this reason, “Skype is in a position to give the government sufficient data to perform a man in the middle attack against Skype users.” Soghoian argued that Skype should change its design to eliminate this ability, or else disclose the risk more prominently. One way of limiting man-in-the-middle attacks would be for Skype to introduce a way for users to do their own encryption key verification, without relying on the Skype service. As Soghoian notes, that’s what many other encrypted communications tools do—but such a verification option is missing from Skype.

, , , , , , ,

No Comments

Drone Video Unencrypted

From Danger Room:

Four years after discovering that militants were tapping into drone video feeds, the U.S. military still hasn’t secured the transmissions of more than half of its fleet of Predator and Reaper drones, Danger Room has learned. The majority of the aircraft still broadcast their classified video streams “in the clear” — without encryption. With a minimal amount of equipment and know-how, militants can see what America’s drones see.

, , , , , , , ,

No Comments

Smartphone Malware

FBI: Smartphone Users Should be Aware of Malware Targeting Mobile Devices and the Safety Measures to Help Avoid Compromise

The IC3 has been made aware of various malware attacking Android operating systems for mobile devices. Some of the latest known versions of this type of malware are Loozfon and FinFisher. Loozfon is an information-stealing piece of malware. Criminals use different variants to lure the victims. One version is a work-at-home opportunity that promises a profitable payday just for sending out e-mail. A link within these advertisements leads to a website that is designed to push Loozfon on the user’s device. The malicious application steals contact details from the user’s address book and the infected device’s phone number.

, ,

No Comments