Boing Boing 

Today's terrifying Web security vulnerability, courtesy of the 1990s crypto wars

The Logjam bug allows attackers to break secure connections by tricking the browser and server to communicate using weak crypto -- but why do browsers and servers support weak crypto in the first place?

Read the rest

150 orgs, experts and companies tell Obama: hands off crypto!


The joint letter from human rights organizations, eminent cryptographers, tech companies and trade associations takes aim at the FBI's ever-louder calls to ban the use of effective cryptography.

Read the rest

Smart Grid consortium rolled its own crypto, which is always, always a bad idea


When you make up your own crypto, it's only secure against people stupider than you, and there are lots of people smarter than the designers of the Open Smart Grid Protocol, who rolled their own (terrible) crypto rather than availing themselves of the numerous, excellent, free public cryptographic protocols.

Read the rest

Computer scientist/Congressman: crypto backdoors are "technologically stupid," DA is "offensive"

Rep Ted Lieu (D-CA) is a USAF reserve colonel, former member of the Judge Advocate General Corps and holds a computer science degree -- he's one of the four members of Congress with any formal computer science qualifications.

Read the rest

Encryption backdoors are like TSA luggage-locks for the Internet

In my new Guardian column, I look at UK Prime Minister David Cameron's election pledge to eliminate strong crypto and point out that we already have a forerunner of this in the "TSA-safe" luggage locks -- and it's a disaster.

Read the rest

FBI's crypto backdoor plans require them to win the war on general purpose computing


The FBI wants backdoors in all your crypto, and UK Prime Minister David Cameron made backdoors an election promise, but as Stanford lawyer/computer scientist Jonathan Mayer writes, there's no way to effectively backdoor modern platforms without abolishing the whole idea of computers as we know them, replacing them with an imaginary and totalitarian computing ecosystem that does not exist and probably never will.

Read the rest

Encrypting your laptop demystified

On The Intercept, Micah Lee follows up on his great primer on NSA-proof passwords with a soup-to-nuts tutorial on encrypting your laptop.

Read the rest

Ransomware decryptor


If you or someone you love has been hijacked by Coinvault ransomware -- malware that encrypts your data and won't decrypt it unless you transfer Bitcoin to criminals -- Kaspersky may be able to help you (via Hacker News)

Surveillance self-defense kit for LGBTQ youth


The latest addition to the Electronic Frontier Foundation's Surveillance Self-Defense series is a set of tools and instructions aimed specifically at LGBTQ kids, who have unique threat models (being outed) and adversaries (homophobic friends, parents, pastors).

Read the rest

NSA declares war on general purpose computers


NSA director Michael S Rogers says his agency wants "front doors" to all cryptography used in the USA, so that no one can have secrets it can't spy on -- but what he really means is that he wants to be in charge of which software can run on any general purpose computer.

Read the rest

NSA-proof passwords


The Intercept's Micah Lee explains how to use Diceware's to generate a passphrase that can survive the NSA's trillion-guess-per-second cracking attempts -- but which can still be easily memorized.

Read the rest

Top homeland security Congressjerk only just heard about crypto, and he doesn't like it


Rep John Carter [R-TX] chairs Homeland Security Appropriations and sits on Defense subcommittees, but he only found out that encryption exists when FBI Director James Comey gave bizarre congressional testimony about the coming Bad Times if we're allowed to know about math.

Read the rest

As crypto wars begin, FBI silently removes sensible advice to encrypt your devices


The FBI used to publish excellent advice about encrypting your devices to keep your data secure when your stuff is lost or stolen; this advice has been silently dropped now that FBI Director James Comey is trying to stop manufacturers from using crypto by default.

Read the rest

Automating remote BIOS attacks


Legbacore's upcoming "digital voodoo" presentation will reveal an automated means of discovering BIOS defects that are vulnerable to remote attacks, meaning that your computer can be compromised below the level of the OS by attackers who do not have physical access to it.

Read the rest

Parliamentary Office of Science & Technology tells Cameron Tor is good, unstoppable


David Cameron has vowed to ban crypto if he wins the UK election, but Parliament's lead technical experts have told him that he can't, and shouldn't, mess with Tor and other cryptographic tools.

Read the rest

Bruce Schneier's Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World

No one explains security, privacy, crypto and safety better.Read the rest

Companies should never try to intercept their users' encrypted traffic

Lenovo's disgraceful use of Superfish to compromise its users' security is just the tip of the iceberg: everywhere we look, companies have decided that it's a good idea to sneakily subvert their users' encryption.

Read the rest