"matthew green"

Judge rules that EFF's DRM lawsuit can proceed!

In 2016, EFF sued the US Government on behalf of Andrew "bunnie" Huang and Matthew Green, both of whom wanted to engage in normal technological activities (auditing digital security, editing videos, etc) that put at risk from Section 1201 of the Digital Millennium Copyright Act. Read the rest

A critical flaw in Switzerland's e-voting system is a microcosm of everything wrong with e-voting, security practice, and auditing firms

Switzerland is about to have a national election with electronic voting, overseen by Swiss Post; e-voting is a terrible idea and the general consensus among security experts who don't work for e-voting vendors is that it shouldn't be attempted, but if you put out an RFP for magic beans, someone will always show up to sell you magic beans, whether or not magic beans exist. Read the rest

Debunking "ghost users": MI5's plan to backdoor all secure messaging platforms

When lawmakers and cops propose banning working cryptography (as they often do in the USA), or ban it outright (as they just did in Australia), they are long on talk about "responsible encryption" and the ability of sufficiently motivated technologists to "figure it out" and very short on how that might work -- but after many years, thanks to the UK's spy agency MI5, we have a detailed plan of what this system would look like, and it's called "ghost users." Read the rest

"Phooey": a pre-eminent cryptographer responds to Ray Ozzie's key escrow system

I have a lot of respect for ex-Microsoft Chief Software Architect Ray Ozzie, but when I saw that he'd taken to promoting a Clipper-Chip-style key escrow system, I was disheartened -- I'm a pretty keen observer of these proposals and have spent a lot of time having their problems explained to me by some of the world's leading cryptographers, and this one seemed like it had the same problems as all of those dead letters. Read the rest

Teen's devastating bug-report on a "tamper-proof" cryptocurrency wallet shows why companies can't be left in charge of bad news about their products

Saleem Rashid is a 15 year old self-taught British programmer who discovered a fatal defect in the Ledger Nano S, an offline cryptocurrency wallet that is marketed as being "tamper-proof." Read the rest

Ontario judge dishonours his court and disgraces himself by presiding in a MAKE AMERICA GREAT hat

Ontario Judge Bernd Zabel displayed contempt for his position and its political impartiality by showing up for work the day after the US election in a Donald Trump "Make America Great Again" hat, which he wore, and then perched on his bench. Read the rest

EFF to court: don't let US government prosecute professor over his book about securing computers

In July, the Electronic Frontier Foundation filed a federal lawsuit on behalf of Dr Matthew Green, a Johns Hopkins Information Security Institute Assistant Professor of Computer Science; now the US government has asked a court to dismiss Dr Green's claims. A brief from EFF explains what's at stake here: the right of security experts to tell us which computers are vulnerable to attack, and how to make them better. Read the rest

EFF is suing the US government to invalidate the DMCA's DRM provisions

The Electronic Frontier Foundation has just filed a lawsuit that challenges the Constitutionality of Section 1201 of the DMCA, the "Digital Rights Management" provision of the law, a notoriously overbroad law that bans activities that bypass or weaken copyright access-control systems, including reconfiguring software-enabled devices (making sure your IoT light-socket will accept third-party lightbulbs; tapping into diagnostic info in your car or tractor to allow an independent party to repair it) and reporting security vulnerabilities in these devices. Read the rest

Apple releases iOS 9.3, with fix for a big iMessage security flaw

As part of its big iPhone/iPad launch event today in Cupertino, Apple also released a software update that fixes a flaw which made it possible for iCloud-stored images or video sent via iMessage to be decrypted by third parties. Today's iOS update also adds a number of cool new features. Read the rest

Computer scientists on the excruciating stupidity of banning crypto

A paper from some of the most important names in crypto/security history scorchingly condemns plans by the US and UK governments to ban "strong" (e.g. "working") crypto. Read the rest

New NSA leaks: does crypto still work?

Matthew Green's got an excellent postmortem on the huge dump of NSA docs Der Spiegel last weekend. Read the rest

NSA agents may have infiltrated the global communications industry

Leaked Snowden documents published by Laura Poitras and Peter Maass in The Intercept describe the NSA's SENTRY EAGLE program describe six programs aimed at weakening the capacity of people all over the world to communicate in private. Read the rest

Mysterious announcement from Truecrypt declares the project insecure and dead

The abrupt announcement that the widely used, anonymously authored disk-encryption tool Truecrypt is insecure and will no longer be maintained shocked the crypto world--after all, this was the tool Edward Snowden himself lectured on at a Cryptoparty in Hawai'i. Cory Doctorow tries to make sense of it all.

Major Apple security flaw could allow hackers to pwn iOS devices, computers

Joe Menn at Reuters: "A major flaw in Apple Inc software for mobile devices could allow hackers to intercept email and other communications that are meant to be encrypted, the company said on Friday, and experts said Mac computers were even more exposed." There's an OS update.

How bad is it?

"It's as bad as you could imagine, that's all I can say," said Johns Hopkins University cryptography professor Matthew Green. Read the rest

Secure email a "daunting challenge"

Matthew Green, for The New Yorker:, reports on the challenge of consumer cryptography.

The Justice Department did decide to back off, handing [PGP creator] Zimmermann and his fellow pro-cryptography activists, or “cypherpunks,” what appeared to be an overwhelming political and legal victory. But it turned out to be somewhat hollow: the government had given up partly because it realized that encryption wasn’t going mainstream at all. The main reason for this is as sad as it is simple: encrypting e-mail is just hard.

Times change, though, don't they? Read the rest

:)