Symantec caught issuing rogue certificates


Your browser trusts SSL certificates from hundreds of "Certificate Authorities," each of which is supposed to exercise the utmost caution before issuing them -- a rogue cert would allow a criminal or a government to act as a man-in-the-middle between you and your bank, email provider, or employer, undetectably intercepting communications that you believed to be secure. Read the rest

America's spooks abandon crypto-backdoors, plan shock-doctrine revival


They have decided that there's no political will to ban crypto today, but have vowed to bring it back after some unspecific future terrorist atrocity. Read the rest

Kilton Library's Tor node is back online


Kilton, New Hampshire's public library was the first library in the USA to offer an Tor node on its computers, giving its patrons a technological assist in maintaining their privacy and anonymity -- until the DHS sent them a letter demanding that they switch it off.

Now, ninja librarian Alison Macrina has tweeted the good news: "WE'VE DONE IT. THE KILTON LIBRARY WILL TURN THEIR #TOR RELAY BACK ON!!!"

(Image: Tor Project) Read the rest

Library offers Tor nodes; DHS tells them to stop

John writes, "After a library created a Tor node on its network, the DHS and local police contacted them to ask them to stop. For now they have; their Board of Trustees will vote soon on whether to renew the service." Read the rest

Ashley Madison's passwords were badly encrypted, 15 million+ passwords headed for the Web

A flaw in the fraudulent dating site's password hashing means that at least 15 million of its users' passwords are liable to decryption. Read the rest

Free six-part course on encrypting email and securing your network sessions against snooping

Jeff sez, "Tuts+ has made my six part introduction to PGP encryption, email and networking privacy available to readers for free." Read the rest

What happened when we got subpoenaed over our Tor exit node

We've run a Tor exit-node for years. In June, we got the nightmare Tor operator scenario: a federal subpoena (don't worry, it ended surprisingly well!)

Going to DEFCON? EFF's got your back

The Electronic Frontier Foundation always has a huge presence at Las Vegas's DEFCON, but this year, we're hosting our first-ever badge-hack contest! Read the rest

Once again: Crypto backdoors are an insane, dangerous idea

The Washington Post editorial board lost its mind and called on the National Academy of Sciences to examine "the conflict" over whether crypto backdoors can be made safe: the problem is, there's no conflict. Read the rest

IRS responds to records request with encrypted CD full of blacked-out documents

Michael sez, "Sometimes a simple 'no' can be better than what agencies consider a response when it comes to Freedom of Information. J. Pat Brown over at FOIA powerhouse MuckRock discovered that the hard way when, after a request for information on information about the IRS's whisteblower office resulted in documents being sent on a CD ... that was fully encrypted ... using a Windows only app ... where the password was sent along in a separate letter." Read the rest

The Tor Project is hiring a new executive director

So, an EFF activist gig isn't for you and neither is deputy director of the Free Software Foundation: how about executive director of the Tor Project, which maintains The Onion Router, a crucial piece of anonymity and privacy technology? Read the rest

Moxie Marlinspike profiled in WSJ. Obama thinks secure messaging apps like the one he built are “a problem.”

[Wall Street Journal]

[Wall Street Journal]

The Wall Street Journal just discovered what some of us have known for a long time: Moxie Marlinspike is really cool, and the work he does is important. Read the rest

What happened at yesterday's Congressional hearings on banning crypto?

Cryptographers and security experts gathered on the Hill yesterday to tell Congress how stupid it was to ban crypto in order to make it easier to spy on "bad guys." Read the rest

Computer scientists on the excruciating stupidity of banning crypto

A paper from some of the most important names in crypto/security history scorchingly condemns plans by the US and UK governments to ban "strong" (e.g. "working") crypto. Read the rest

EFF's new certificate authority publishes an all-zero, pre-release transparency report

EFF, Mozilla and pals are launching Let's Encrypt, an all-free certificate authority, in September -- but they've released a transparency report months in advance. Read the rest

You'll falafel about this horrifying new pita-sized crypto-key-sniffing hack

I nearly falafel my chair when I read about the Israeli researchers who've designed a device that can derive crypto keys from the unintentional radio signals emitted by a computer's CPU—and miniaturized it until it can fit into a pita. Read the rest

US CIO defies the FBI, orders HTTPS for all government websites

Tony Scott, CIO of the US government, has spit in the eye of assistant FBI director Michael Steinbach, who called on companies "to build technological solutions to prevent encryption above all else." Read the rest

More posts