UK Royal Society's #1 cybersecurity recommendation: don't backdoor crypto

Royal_Society_entrance (1)

The Royal Society, once presided over by Isaac Newton, is one of Britain's most respected learned institutions: that's why it matters so much that the organisation's new report, "Progress and research in cybersecurity," begins by demanding that government "must commit to preserving the robustness of encryption, including end-to-end encryption, and promoting its widespread use. Encryption is a foundational security technology that is needed to build user trust, improve security standards and fully realise the benefits of digital systems." Read the rest

Even if Moore's Law is "running out," there's still plenty of room at the bottom

Altera_StratixIVGX_FPGA

A very good piece by Tom Simonite in the MIT Technology Review looks at the implications of Intel's announcement that it will slow the rate at which it increases the density of transistors in microprocessors. Read the rest

DoJ report: less than a quarter of one percent of wiretaps encounter any crypto

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1029-3

Despite all the scare talk from the FBI and the US intelligence services about terrorists "going dark" and using encrypted communications to talk with one another, the reality is that criminals are using crypto less than ever, according to the DoJ's own numbers. Read the rest

Teach crypto with emoji: Codemoji!

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1119

Brett from Mozilla writes, "Codemoji, a game and learning tool that lets you encode secret messages in emoji and then send them to friends for deciphering." Read the rest

UK Parliament votes in Snoopers Charter, now it goes to the House of Lords

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1106

The Members of Parliament voted in favour of the far-ranging, massively invasive spying bill after the Tories agreed to minor improvements, like dropping the requirement for mandatory crypto backdoors if they would be infeasible or expensive to implement. Read the rest

Password hashing demystified

1200px-Double-alaskan-rainbow

The password breaches are getting stronger and worser, and hardly a week goes by without a dump that's a couple zeroes bigger than the biggest to date -- but not all password breaches are created equal, and a lot depends on whether and how the passwords were hashed. Read the rest

Jacob Appelbaum, Tor developer and Wikileaks staffer, resigns amid sex abuse claims

800px-RightsCon_Rio_2012-_Jacob_Applebaum

Appelbaum, whose work has put him in the crosshairs of his own government and foreign states, resigned from the Tor project on Friday, accompanied by a short note from Tor executive director Shari Steele. Read the rest

Tor Project is working on a web-wide random number generator

hs_montreal_4

Random number generators are the foundation of cryptography -- that's why the NSA secretly sabotaged the RNG standard that the National Institute for Standards and Technology developed. Read the rest

EFF is hiring a software engineer!

image1

Forget "disrupting" some industry -- work at EFF and you can write code to make a better future for everyone! Read the rest

James Clapper: Snowden accelerated crypto adoption by 7 years

EnronStockPriceAugust2000toJanuary2001.svg

Apparently America's spy agencies have a seven-year plan for cryptographic adoption: James Clapper, the Director of National Intelligence, has credited Edward Snowden with the acceleration of commercial adoption of encryption by 7 years. Read the rest

Brussels terrorists kept their plans in an unencrypted folder called "TARGET"

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1029

Remember how, in the wake of the horrific terrorist attacks on Brussels last month, authorities all over the world declared that the world was critically endangered by cryptography, insisting that crazy, far-reaching crypto-bans were necessary to prevent another attack? Read the rest

Ron Wyden vows to filibuster anti-cryptography bill

3642123174_18d160528f_b

Senators Richard Burr [R-NC] and Dianne Feinstein [D-CA] finally introduced their long-rumored anti-crypto bill, which will ban US companies from making products with working cryptography, mandating that US-made products have some way to decrypt information without the user's permission. Read the rest

Let's Encrypt is actually encrypting the whole Web

free-ssl-certificate

Let's Encrypt (previously) a joint EFF-Mozilla-Linux Foundation project that lets anyone easily create an SSL certificate for free in minutes and install and configure it so that visitors to their Websites will be shielded from surveillance, came out of beta this week, and it's already making a huge difference. Read the rest

Why the rise of ransomware attacks should worry you

20012127713_aed0df29b4_b

Sean Gallagher does an excellent job of running down the economics and technology behind the rise and rise of ransomware attacks: ransomware has become a surefire way to turn a buck on virtually any network intrusion, and network intrusions themselves are trivial if you don't especially care whose networks you break into. Read the rest

Security flaws found in 3 state health insurance websites

Reuters / Phil McCarten

Federal investigators have discovered major security vulnerabilities in the state health insurance websites for California, Kentucky and Vermont that could allow criminals to access sensitive personal data for hundreds of thousands of people.

Read the rest

Artist installs sculptures that are also Tor nodes in the world's galleries

IMG_6969_D01-1024x693

Trevor Paglen and Jacob Appelbaum collaborate to create beautiful, acrylic-encased computers that are also Tor nodes, anonymizing data that passes through them, and install the in art galleries all over the world, so that patrons can communicate and browse anonymously, while learning about anonymity and Tor. Read the rest

Hungarian ruling party wants to ban all working crypto

Dia03 (1)

The parliamentary vice-president from Fidesz -- the largest faction in the Hungarian government -- has asked parliament to "ban communication devices that [law enforcement agencies] are not able to surveil despite having the legal authority to do so." Read the rest

More posts