Boing Boing 

If the FBI has a backdoor to Facebook or Apple encryption, we are less safe

Reuters


Reuters

Freedom of the Press Foundation director Trevor Timm tells Boing Boing,

Now that the USA Freedom Act is out of the way, it seems pretty clear the next battle in Congress will almost certainly be over encryption, as the FBI has not stopped its push to force tech companies to insert a backdoor into their communications tools, despite being ridiculed for it by security experts. The FBI seems to push it even farther in the past week, testifying before Congress that they need to stop encryption "above all else" and leaking a story to the LA Times about ISIS using encrypted text messaging apps. I wrote about what a dumb move it is on several levels for the Guardian.

Read the rest

A computer researcher haggled with a Russian ransomware criminal

hackers

If you accidentally install Troldash (via spam email) on your computer, it will encrypt your hard drive and lock up your files. Troldash will display an email address to contact the criminal, who will offer to sell you the key to decrypt your hard drive. Natalia Kolesova, a researcher at the security firm Checkpoint, intentionally installed Troldash on a test machine and engaged in an email exchange with the scammer to see if he or she would negotiate the 250 euro ransom.

Posing as a victim named Olga, the researcher contacted the scam artist, and received a reply with instructions to pay 250 euros to get the files back.

Suspecting the reply was automated, Ms Kolesova pressed for a more human response, asking more details about how to transfer the money, and pleading with the hacker to not make them pay.

Responding in Russian, the scammer offered to accept 12,000 roubles, a discount of around 15%. After Ms Kolesova pleaded further, the email response read: "The best I can do is bargain."

Eventually the unknown man or woman was talked into accepting 7,000 roubles - 50% less than the first demand.

"Perhaps if I had continued bargaining, I could have gotten an even bigger discount," Ms Kolesova concluded.

Image: Shutterstock

Facebook rolls out new encryption features

Reuters


Reuters

An update rolled out today by Facebook allows users to post their public email encryption key on their Facebook profile, so others can encrypt future emails to that user. Here's the official blog post at Facebook.

More at CPJ:

Facebook profiles now have a field for PGP public keys--just like for phone numbers or email addresses. Uploaded keys can be shared as widely or narrowly as desired, just like other information on a Facebook profile. For journalists who use Facebook to connect with sources and disseminate, share, and comment on news, their profile will now indicate they are available for encrypted emails. The new feature will also make it easier to securely contact potential sources.

A sample display of the new encryption feature offered to users by Facebook.


A sample display of the new encryption feature offered to users by Facebook.

"Status update: Facebook users now have access to PGP encryption" and "CPJ welcomes Facebook move to add PGP encryption features" [Committee to Protect Journalists]

"Securing Email Communications from Facebook" [Facebook]

The Tor challenge: run a Tor node for great justice

EFF, Freedom of the Press Foundation, Free Software Foundation and The Tor Project have launched The Tor Challenge, a campaign to encourage people to run Tor nodes. "Tor is a powerful tool that helps you stay anonymous online. It can protect your privacy as you browse the Internet and circumvent government censorship of the webpages you visit. We need your help to keep Tor strong. Run a Tor relay today." Here's how to get started.

Lavabit founder Levison: decision to close was like 'putting a beloved pet to sleep'

Amy Goodman at Democracy Now interviewed Ladar Levison, founder/owner/operator of Lavabit, the security-focused email service Edward Snowden used to invite attendees to a Moscow press conference; the service was abruptly closed last week with an explanation pointing to US government interference. He joined the show from Washington DC with his lawyer, Jesse Binnall. Goodman asks Levison to explain why he closed the company:

Read the rest

70-year old wartime cipher uncracked

"A World War Two code found strapped to the leg of a dead pigeon stuck in a chimney for the last 70 years may never be broken, a British intelligence agency said on Friday."

Cartoon explains how world's cutest encrypted chat service works

Cryptocat Adventure! from Nadim Kobeissi on Vimeo.

Sean Bonner shared this cute video for Cryptocat, a web-based service that enables secure, encrypted online chatting and file transfer between two parties.

The creator of Cryptocat, a 22-year old named Nadim Kobeissi, says Cryptocat has earned him the dreaded "SSSS" mark of suspicion on his boarding passes. From Wired:

When he flies through the US, he’s generally had the notorious “SSSS” printed on his boarding pass, marking him for searches and interrogations — which Kobeissi says have focused on his development of the chat client.

His SSSS’s can mean hours of waiting, and Kobeissi says he has been searched, questioned, had his bags and even his passport taken away and returned later. But he’s kept his sense of humor about the experience, even joking from the airport on his Twitter account.

Cryptocat

US doxes Bin Laden (always use encryption, kids)

CNET's Emil Protalinski reports that Osama bin Laden did not encrypt the thousands of files stored in the Pakistani compound where he was killed, and "17 of the 6,000 documents have now been publicly released." (via @ioerror)

Defendant's encrypted laptop yields secrets

After seizing an encrypted laptop from defendant Ramona Fricosu, prosecutors headed into difficult waters: could she be forced to unlock it? A judge ordered her to give up the password, raising issues of unreasonable search and seizure and the right not to incriminate oneself. Fricosu's lawyers suggested she had forgotten it, but a showdown was averted: she either turned the password over or they figured it out some other way. [Wired]

Prime Suspect, or Random Acts of Keyness

The foundation of Web security rests on the notion that two very large prime numbers, numbers divisible only by themselves and 1, once multiplied together are irreducibly difficult to tease back apart.

Read the rest

How to encrypt your disks

Seth Schoen at the EFF has a suggestion for an extra New Year's Resolution: Full-disk encryption on all your computers.