Attorney General William Barr wants to backdoor Facebook's WhatsApp

"We are writing to request that Facebook does not proceed with its plan to implement end-to-end encryption across its messaging services without ensuring that there is no reduction to user safety."

Fascinating, accessible guide to cryptographic attacks, from brute-force to POODLE and beyond

Ben Herzog's Cryptographic Attacks: A Guide for the Perplexed from Check Point Research is one of the clearest, most useful guides to how cryptography fails that I've ever read. Read the rest

Learning from Baltimore's disaster, Florida city will pay criminals $600,000 to get free of ransomware attack

The city council of Riviera Beach, Florida has voted unanimously to pay $600,000 to criminals who seized control of the city's computers through a ransomware attack, after three weeks of being locked out of the city systems (the city has also voted to spend $1m replacing its computers). Read the rest

Private Join and Compute is Google's free/open source tool to allow "mulitparty computation" of encrypted data without decryption

Private Join and Compute is a new free/open Google tool that implements the longstanding cryptographic concept of "commutative encryption," which allows untrusted parties to merge their datasets without revealing their contents to one another, do mathematical work on the data, and learn the outcome of that work without either of them seeing the underlying data. Read the rest

Karl Schroeder's "Stealing Worlds": visionary science fiction of a way through the climate and inequality crises

Karl Schroeder (previously) is literally the most visionary person I know (and I've known him since 1986!): he was the first person to every mention "fractals" to me, then "the internet" and then "the web" -- there is no one, no one in my circle more ahead of more curves, and it shows in his novels and none moreso than Stealing Worlds, his latest, which is a futuristic roadmap to how our present-day politics, economics, technology and society might evolve. Read the rest

A critical flaw in Switzerland's e-voting system is a microcosm of everything wrong with e-voting, security practice, and auditing firms

Switzerland is about to have a national election with electronic voting, overseen by Swiss Post; e-voting is a terrible idea and the general consensus among security experts who don't work for e-voting vendors is that it shouldn't be attempted, but if you put out an RFP for magic beans, someone will always show up to sell you magic beans, whether or not magic beans exist. Read the rest

Facebook is working on a crypto coin for WhatsApp

Facebook is said to be developing a 'stablecoin,' which is a kind of digital currency pegged to the U.S. dollar.

How a cryptographer uses a key engraver

Legendary cryptographer and security researcher Matt Blaze (previously) somehow acquired a key engraver and now he's "using it to engrave entirely serious labels on my keys that are not in any way ironic or confusing." Read the rest

Crypto CEO dies with the password to unlock $200+ million of customers' Bitcoin

"After Gerry’s death, Quadriga’s inventory of cryptocurrency has become unavailable and some of it may be lost," said his widow.

Australia just voted to ban working cryptography. No, really.

Remember when Malcolm Turnbull, the goddamned idiot who was briefly Prime Minister of Australia, was told that the laws of mathematics mean that there was no way to make a cryptography system that was weak enough that the cops could use to spy on bad guys, but strong enough that the bad guys couldn't use it to spy on cops, and he said: "Well the laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia." Read the rest

The internet is made up of revolutionary technologies, but isn't revolutionary

My latest Locus Magazine column is What the Internet Is For: it describes the revolutionary principle (end-to-end communications) and technologies (general purpose computers, strong cryptography) that undergird the net, but also cautions that these are, themselves, not sufficient to revolutionize the world. Read the rest

My keynote for Ethereum Devcon: without the rule of law, crypto fails

I was one of the keynote speakers at last week's Ethereum Devcon in Prague, where I gave a talk called "Decentralize, Democratize, or Die," about the way that bad tech policy (crypto backdoors, the DMCA's ban on security disclosures, etc) come from weak states where the super-rich get to call the shots, and how things like money-laundering creates these weak states. The core message: if you don't figure out how to make more pluralistic, less plutocratic states, you will never get the kind of information security you need for your blockchain systems to thrive. Read the rest

Steganographically hiding secret messages in fake fingerprints

In Towards Construction Based Data Hiding: From Secrets to Fingerprint Images , published in IEEE Transactions on Image Processing (Sci-Hub Mirror), two Fudan University computer scientists propose a fascinating method for hiding encrypted messages in fake fingerprints that are both visually and computationally difficult to distinguish from real ones, which could theoretically allow the use of fingerprint databases to convey secret messages. Read the rest

Audio represetation of Bitcoin's price history

As the price goes up and down, the generated audio tone changes in this interesting and insightful audio piece!

I'd been looking for a used video card over the last couple of weeks, but gave up despite the amazing prices being listed. The eBayers are unresponsive to questions and the Craigslist sellers talk like drug dealers. That $225 GTX 1070 you have your eye on is being pulled from a mining rig where it's spent months running 24/7, accumulating all the grease, fur and pain that will be its only friends in the bubble mailer it will be sent to you in.

I ended up ordering this from Amazon despite the still-outrageous price of new video cards. Read the rest

Incoherence, multiplied: Sony announces nebulous "blockchain for DRM"

Sony -- whose most notorious DRM foray infected millions of computers with malware -- has announced an incoherent plan to use blockchain to make DRM work, somehow. Read the rest

Google releases Android encrypted DNS app that will help beat censorship

Google sister-company Jigsaw (previously) has released an Android app called Intra that encrypts DNS queries, which allows Android users to bypass one of the most common forms of internet censorship. Read the rest

Standard Notes: free, open, cross-platform, encrypted, eternal note-taking app

With Evernote's business on the rocks, a lot of people are waking up to the fact that commercial, proprietary cloud systems work great (easy, well-supported) but fail badly (lock-in, sudden bankruptcy, loss of years' worth of important data). Read the rest

More posts