Excellent explainer: how consensus algorithms (including Bitcoin/blockchain) work

The creation of "public ledgers" -- like blockchain, popularized by Bitcoin -- requires "consensus algorithms" that allow mutually untrusted, uncoordinated parties to agree on a world-readable, distributed list of things (domain names, transactions, title deeds, etc), something that cryptography makes possible in a variety of ways. Read the rest

NERD HARDER! FBI Director reiterates faith-based belief in working crypto that he can break

Working cryptography's pretty amazing: because of its fundamental theoretical soundness, we can trust it to secure the firmware updates to our pacemakers; the conversations we have with our loved ones, lawyers and business colleagues; the financial transactions the world depends on; and the integrity of all sorts of data, communications and transactions. Read the rest

New Consumers Union report catalogs the potential collateral damage from the crypto wars

In a new white paper, Consumers Union (publishers of Consumer Reports) looks at the "consumer stake in the encryption debate": they note that governments want to ban working cryptography so that cops can spy on crooks, but the reprt does an excellent job enumerating all the applications for crypto beyond mere person to person communications privacy. Read the rest

Wired releases a surveillance self-defense guide

Wired's new Guide to Digital Security is an excellent addition to the genre of simple-to-follow how-tos for reducing the likelihood that you'll be victimized by computer-assisted crime and harassment, and that if you are, the harms will be mitigated. Read the rest

Germany's proposed anti-cryptography bill: backdoors and hack-backs

This week, German authorities will introduce a law that will allow law enforcement agencies to order companies to insert back doors into their products to assist in law enforcement queries; the law is backed by Thomas de Maizière, Germany's Interior Minister. Read the rest

Democratic Senators propose federal breach disclosure law with 5-year prison sentences for covering up data-loss

The Data Security and Breach Notification Act (S2179) was introduced by three Senate Commerce Committee Democrats, Bill Nelson [D-FL], Richard Blumenthal [D-CT] and Tammy Baldwin [D-WI] in the wake of the revelation that Uber hid a breach involving 50,000,000 riders and 7,000,000 drivers for over a year after paying hush-money to the criminals who stole the data. Read the rest

Motherboard's excellent, accessible guide to internet security

The Motherboard Guide To Not Getting Hacked is an excellent adjunct to existing guides (I like EFF's Surveillance Self-Defense and The Cryptoparty Handbook) to defending yourself against criminals, stalkers, cops, and other potential intruders into your digital life. Read the rest

Equifax's CEO isn't sure whether they've finally started encrypting their servers yet

Equifax's nation-destroying data-breach was subsequently revealed to be just the latest in a series of unbelievably careless IT blunders, and it eventually cost the company CEO his job; now his replacement has told Congress that he's not really sure if the company has finally started encrypting the detailed, compromising, sensitive data they nonconsensually harvest from every person in the USA. Read the rest

The DoJ's top crypto warrior wants "strong" encryption that he can break at will

Deputy Attorney General Rod Rosenstein has made a name for himself as a crypto warrior who promotes a murky idea called "responsible encryption," through which software would somehow be designed so that its security worked 100% of the time when criminals and foreign governments were trying to break it, but fail 100% of the time when the US government was trying to break it. Read the rest

The crooked Secret Service agent who stole Silk Road bitcoins did it again after pleading guilty

Shaun Bridges is the disgraced ex-Secret Service Agent who pleaded guilty to stealing bitcoin from online drug dealers while he was investigating the Silk Road; he's serving a 71-month sentence and has just had two years added to it after he pleaded guilty to stealing more bitcoin after his guilty plea, while he was out on bail Read the rest

The New York Times is now a Tor onion service

The New York Times is now available as an "Onion Service" on the Tor network, at the address https://www.nytimes3xbfgragh.onion/ -- meaning that anyone with Tor access can securely and privately access the Times without giving away any information about what they're looking at, even to state-level actors who control the ISPs. Read the rest

Simple steps your small organization can take to defend itself against cyberattacks

Respected security researcher Dan Wallach from Rice University has published a short (18 page) guide to securing small organizations against three kinds of cyberattack: Untargeted, ​remote ​(spammers, ​phishers, ​ransomware ​griefers, ​etc.); Targeted, ​remote ​(spear ​phishers); and Targeted, ​in ​person ​(immigration ​agents, ​police, ​criminal ​trespass). Read the rest

Defect in Subaru keyless entry system makes it trivial to sniff and clone your car-keys

Subaru's wireless keyless entry protocol uses a system of "rolling codes" that jump from one value to another in a way that is supposed to be impossible to predict without possession of a cryptographic secret, shared by both the keys and the cars' firmware. Read the rest

Crowdfunder for a free/open phone crosses $1M mark

One of the holy grails of free and open computing is a really great free/open phone; it's been tried many times before without much success, but a new crowdfunder from Purism (who make a pretty great free/open laptop) has just crossed the $1,000,000 mark and is on track to hit its target of $1.5M in the next 18 days. Read the rest

Spanish tech activists publish a "how-to guide for preserving fundamental rights on the Internet"

As the Spanish government was hacking the Catalonian independence movement, shutting down the .cat top-level domain, and engaging mass-blocking of websites and apps to control information about yesterday's referendum on Catalonian independence, the Xnet collective published a basic (but wide-ranging) guide to "preserving fundamental rights on the Internet," suitable for anyone living under the kind of state suppression that Spain underwent. Read the rest

Cyber-arms dealer offers $1m for zero-day Tor hacks

Zerodium is a cyber-arms dealer that produces hacking tools for governments by buying up newly discovered defects in widely used systems, weaponizing them and then selling them to be used against criminals, activists, journalists and other targets of state surveillance. Read the rest

Chinese government sources tell the WSJ they're about to shut down all domestic Bitcoin exchanges

China's "economic miracle" has been accompanied by mass-scale looting, creating a class of super-rich, corrupt millionaires and billionaires to rival the US or Russia; these 1%ers know that their wealth is subject to the whims of the Politburo, which is why they are so anxious to acquire second passports, and to exfiltrate their cash through baroque schemes, anodyne scams, and runaway property speculation. Read the rest

More posts