Help wanted: Director of Technology Policy for Consumer Reports

050056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1177

This is a pretty amazing vacancy: "You will lead Consumer Reports in our effort to realize a market where consumer safety is protected through strong encryption; consumers’ rights to test, repair, and modify their devices are supported by copyright, security, and consumer protection laws; and consumers are empowered to make informed choices about IoT products while being protected by privacy policies regulating the collection, use, and storage of their data. This is a chance to build something big, meaningful, and new." Read the rest

The Tor Project's social contract: we will not backdoor Tor

Magna_Carta_(British_Library_Cotton_MS_Augustus_II.106)

I first encountered the idea of "social contracts" for software projects in Neal Stephenson's seminal essay In the Beginning Was the Command Line, which endorsed the Debian project on the strength of its social contract: "As far as I know, Debian is the only Linux distribution that has its own constitution." Read the rest

100 million VWs can be unlocked with a $40 cracker (and other cars aren't much better)

Screen-Shot-2016-08-10-at-11.34.18-AM

In Lock It and Still Lose It—On the (In)Security of Automotive Remote Keyless Entry Systems, a paper given at the current Usenix Security conference in Austin, researchers with a proven track record of uncovering serious defects in automotive keyless entry and ignition systems revealed a technique for unlocking over 100,000 million Volkswagen cars, using $40 worth of hardware; they also revealed a technique for hijacking the locking systems of millions of other vehicles from other manufacturers. Read the rest

DoJ to judges: use Tor to protect your internet connection

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1154

This summer, DoJ Cybercrime Lab director Ovie Carroll presented at a Federal Judicial Seminar in San Diego, attended by over 100 US federal judges, where he recommended that the judges should use Tor -- The Onion Router, subject of much handwringing and serious technological assaults from the US government, but which is also primarily funded by the USG -- to protect their personal information while using their home and work computers. Read the rest

BBC will use surveillance powers to sniff Britons' wifi and find license-cheats

BLW_TV_Detector_Van (1)

If you live in the UK and watch live TV or use the Iplayer video-on-demand service, you have to pay a "license fee" that directly supports public media in the UK (in other countries, public media is funded out of the tax-coffers, but in the UK, it's a direct transfer from viewers to the media, which is meant to make the BBC independent of the whims of government and thus more able to hold it to account). Read the rest

Spoofing GPS is surprisingly easy; detecting it is surprisingly hard

Mjc5MDkzOQ

GPS security is increasingly implicated in both physical and information security: from steering a super-yacht (or a super-tanker) into pirate-friendly waters to diverting self-driving cars or even unlocking geo-tagged tokens and AR game objectives. Read the rest

A profile of Moxie Marlinspike: the seagoing anarchist cryptographer who brought private messaging to millions

Moxie_Marlinspike

Andy Greenberg's colorful and nuanced profile of Moxie Marlinspike offers some insight into the young, talented cryptographer whose tool, Signal, is now part of both Whatsapp and (shortly) Allo -- an anarchist who walked away from $1M in Twitter payouts after a near-death experience and decided, instead, to build free and open tools to give the entire world the power to keep secrets from the police. Read the rest

UK Royal Society's #1 cybersecurity recommendation: don't backdoor crypto

Royal_Society_entrance (1)

The Royal Society, once presided over by Isaac Newton, is one of Britain's most respected learned institutions: that's why it matters so much that the organisation's new report, "Progress and research in cybersecurity," begins by demanding that government "must commit to preserving the robustness of encryption, including end-to-end encryption, and promoting its widespread use. Encryption is a foundational security technology that is needed to build user trust, improve security standards and fully realise the benefits of digital systems." Read the rest

Even if Moore's Law is "running out," there's still plenty of room at the bottom

Altera_StratixIVGX_FPGA

A very good piece by Tom Simonite in the MIT Technology Review looks at the implications of Intel's announcement that it will slow the rate at which it increases the density of transistors in microprocessors. Read the rest

DoJ report: less than a quarter of one percent of wiretaps encounter any crypto

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1029-3

Despite all the scare talk from the FBI and the US intelligence services about terrorists "going dark" and using encrypted communications to talk with one another, the reality is that criminals are using crypto less than ever, according to the DoJ's own numbers. Read the rest

Teach crypto with emoji: Codemoji!

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1119

Brett from Mozilla writes, "Codemoji, a game and learning tool that lets you encode secret messages in emoji and then send them to friends for deciphering." Read the rest

UK Parliament votes in Snoopers Charter, now it goes to the House of Lords

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1106

The Members of Parliament voted in favour of the far-ranging, massively invasive spying bill after the Tories agreed to minor improvements, like dropping the requirement for mandatory crypto backdoors if they would be infeasible or expensive to implement. Read the rest

Password hashing demystified

1200px-Double-alaskan-rainbow

The password breaches are getting stronger and worser, and hardly a week goes by without a dump that's a couple zeroes bigger than the biggest to date -- but not all password breaches are created equal, and a lot depends on whether and how the passwords were hashed. Read the rest

Jacob Appelbaum, Tor developer and Wikileaks staffer, resigns amid sex abuse claims

800px-RightsCon_Rio_2012-_Jacob_Applebaum

Appelbaum, whose work has put him in the crosshairs of his own government and foreign states, resigned from the Tor project on Friday, accompanied by a short note from Tor executive director Shari Steele. Read the rest

Tor Project is working on a web-wide random number generator

hs_montreal_4

Random number generators are the foundation of cryptography -- that's why the NSA secretly sabotaged the RNG standard that the National Institute for Standards and Technology developed. Read the rest

EFF is hiring a software engineer!

image1

Forget "disrupting" some industry -- work at EFF and you can write code to make a better future for everyone! Read the rest

James Clapper: Snowden accelerated crypto adoption by 7 years

EnronStockPriceAugust2000toJanuary2001.svg

Apparently America's spy agencies have a seven-year plan for cryptographic adoption: James Clapper, the Director of National Intelligence, has credited Edward Snowden with the acceleration of commercial adoption of encryption by 7 years. Read the rest

More posts