Gmail will warn you when your correspondents use unencrypted mail transport

Unencrypted Message

A basic best-practice for email servers is to use TLS (Transport Layer Security) when they connect to one another, which guards against "man in the middle" attacks that would allow attackers to read or change emails while they travel between mail-servers. Read the rest

In promoting Cybersecurity National Action Plan, White House conspicuously fails to mention encryption

crypto

The White House released an announcement today on President Obama's Cybersecurity National Action Plan. In thousands of not actually bad at all words about cybersecurity, they managed not to say the word "encryption" once.

Read the rest

Free Bitcoin textbook from Princeton

8631889823_48c97e00cf_b

The Princeton Bitcoin Book by Arvind Narayanan, Joseph Bonneau, Edward Felten, Andrew Miller and Steven Goldfeder is a free download -- it's over 300 pages and is intended for people "looking to truly understand how Bitcoin works at a technical level and have a basic familiarity with computer science and programming." Read the rest

How to prepare to join the Internet of the dead

Online_No_One_Knows_Youre_Dead

In January 2015, security researcher and beloved, prolific geek Michael "Hackerjoe" Hamelin died in a head-on collision that also hospitalized his widow, Beth Hamelin. Read the rest

FBI's war on encryption is unnecessary because the Internet of Things will spy on us just fine

Reuters

The war on encryption waged by the F.B.I. and other intelligence agencies is unnecessary, because the data trails we voluntarily leak allow “Internet of Things” devices and social media networks to track us in ways the government can access.

That's the short version of what's in “Don’t Panic: Making Progress on the ‘Going Dark’ Debate,” a study published today by the Berkman Center for Internet and Society at Harvard.

Read the rest

California assemblyman joins NY legislator in proposing ban on crypto for phones

001

California assemblyman Jim Cooper (D-9th) has copy-pasted New York assemblyman Matthew Titone's (D-61st) insane, reality-denying bill that bans companies from selling smartphones with working crypto on them, introducing nearly identical measures in the California legislature. Read the rest

Juniper's products are still insecure; more evidence that the company was complicit

MX480_left.png

It's been a month since Juniper admitted that its firewalls had back-doors in them, possibly inserted by (or to aid) US intelligence agencies. In the month since, Juniper has failed to comprehensively seal those doors, and more suspicious information has come to light. Read the rest

Lessig on how the economics of data-retention will drive privacy tech

Panopticon

In an interview with the WSJ's CIO blog, Lawrence Lessig proposes that the existence of cryptographic tools that allow for "zero-knowledge" data-querying, combined with the potential liability from leaks, will drive companies to retain less data on their customers. Read the rest

Payment system security is hilariously bad

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x910

In Shopshifting: The potential for payment system abuse, Karsten Nohl and Fabian Bräunlein showed attendees at Hamburg's Chaos Communications Congress just how poor the security in payment terminals is, and demonstrated several attacks that would let them harvest card numbers and PINs, make undetectable phantom charges and refunds to merchant accounts, and commit other mischief. Read the rest

Windows 10 covertly sends your disk-encryption keys to Microsoft

152101REDSchwartzWin10

There's no way to turn off the "recovery" feature that sends your disk encryption keys to Microsoft by default, without notice -- though you can (and should) ask Microsoft to forget the keys later. Read the rest

Wishful thinking versus terrorism: why crypto backdoors are a dumb idea

Cinderlla_Animated

"We know of no case where such an addition of exceptional access capabilities has not resulted in weakened security." Read the rest

Obama promises statement on encryption before Xmas (maybe)

Asymmetric_cryptography_-_step_2.svg

The Obama administration, which has staffed up on savvy pro-privacy technologists, even as its law enforcement arm has called for a "magic pony" that would let Internet users attain technological security without compromising the ability to wiretap them, has promised to release a statement indicating whether it will make policy based on science or fear.

Update: Kevin Bankston clarifies:

Read the rest

Harlem Cryptoparty: Crypto matters for #blacklivesmatter

cYrxq8Ks.png

This week's Radio Motherboard podcast (MP3) talks with Matthew Mitchell, a former data journalist who organizes Harlem Cryptoparty, a regular training meeting for black activists who want to learn to defend themselves against the burgeoning police/DHS practice of racially profiling black activists through targeted surveillance.

Though social media surveillance is a modern phenomenon, the US government has a long and shameful history of surveilling black activists (see, for example, the FBI's attempt to convince Martin Luther King to kill himself).

Harlem Cryptoparty is an attempt to help black people armor themselves against everyday surveillance, promoted through barbershops, hair salons, black churches and flyers in the neighborhood.

2:24 Mitchell explains why a cryptography meetup makes sense in Harlem.

5:05 In order to reach the Harlem community, you have to recruit offline.

7:55 Cryptoparties and privacy events are still rare in the inner city in predominantly black and Latino communities, even though it’s not just a hypothetical threat. “You’re worried about, hey this guy threw me against a wall, flashed a badge at me, took my phone, he said if I gave him the phone he’ll let me walk, otherwise I have to do paper work. What was he doing with it?”

9:40 Nusrat Choudury from the ACLU’s Racial Justice program joins us. She wrote this piece, “The Government Is Watching #BlackLivesMatter, And It’s Not Okay.”

12:40 There is a pattern throughout history of the government using the fear of threats to conduct surveillance on “people who look or act different.”

15:30 A private security firm called Zero Fox collected information on protesters in Baltimore and labeled some “high severity physical threats.”

The Black Community Needs Encryption [Adrianne Jeffries/Vice] Read the rest

French PM defies Ministry of Interior, says he won't ban open wifi or Tor

LibertyEqualityorDeath

Despite the French Ministry of Interior's demands to crack down on Internet anonymity, Prime Minister Manual Valls has gone on record saying he won't allow such a thing to pass: Read the rest

The crypto explainer you should send to your boss (and the FBI)

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x894

Whenever a clueless authority figure who apparently knows nothing about security (like, apparently, FBI director James Comey) calls for a ban on crypto, here's the article you should show them.

Read the rest

The moral character of cryptographic work

Bertrand Russel- Albert Einstein

Phillip Rogaway, an eminent computer scientist and cryptographer at UC Davis, has made a stir in information security circles with a long, thoughtful paper called The Moral Character of Cryptographic Work. Read the rest

Let's Encrypt enters public beta: free HTTPS certificates for everyone!

free-ssl-certificate

Let's Encrypt is a joint project from EFF, Mozilla and others that allows anyone to create a free HTTPS certificate in minutes, this being a critical piece of infrastructure, necessary for making connections between a web-server and a browser secure and private. Read the rest

More posts