Stallman’s Email Preface

2015-03-17T18:18:36+00:00March 17th, 2015|Tags: , , |

[[[ To any NSA and FBI agents reading my email: please consider]]]
[[[ whether defending the US Constitution against all enemies, ]]]
[[[ foreign or domestic, requires you to follow Snowden’s example. ]]]

iSpy: The CIA Campaign to Steal Apple’s Secrets

2015-03-10T22:33:32+00:00March 10th, 2015|Tags: , , , , |

iSpy: The CIA Campaign to Steal Apple’s Secrets

Researchers working with the Central Intelligence Agency have conducted a multi-year, sustained effort to break the security of Apple’s iPhones and iPads.
At the 2011 Jamboree conference, there were two separate presentations on hacking the GID key on Apple’s processors. One was focused on non-invasively obtaining it by studying the electromagnetic emissions of — and the amount of power used by — the iPhone’s processor while encryption is being performed. Careful analysis of that information could be used to extract the encryption key. Such a tactic is known as a “side channel” attack. The second focused on a “method to physically extract the GID key.

”Whatever method the CIA and its partners use, by extracting the GID — which is implanted on the processors of all Apple mobile devices »

Pick Two

2014-08-14T06:08:17+00:00August 14th, 2014|Tags: , |

There’s an old engineering rule about fast, cheap, and reliable – choose two. If you’re at NASA and you’re sending something to the moon you need it to be fast and reliable, but you can throw away cheap. Throwaway medical instruments in an operating room need to have a different thing – doesn’t have to work for long, and since you’re going to throw it away it would be nice if it’s cheap, so you make your trade-offs.

That as a rule of thumb is mostly what engineering is about. You can have most things, but not everything. I think security engineering are about tolerable failure modes – are about what the tolerable levels of failure are. Determine what failure modes are tolerable and what are not and I can design around not having the intolerable ones. But the cost of »

Why the Web Needs Perfect Forward Secrecy More Than Ever

2014-04-09T17:05:24+00:00April 9th, 2014|Tags: , |

Why the Web Needs Perfect Forward Secrecy More Than Ever

most HTTPS websites on the Internet still don’t support forward secrecy, which means that a large chunk of your past communications with those servers is vulnerable to decryption when private SSL keys are compromised. For example, if someone has been intercepting your HTTPS-encrypted messages to Yahoo for the past several years and then stole a copy of Yahoo’s private key yesterday with Heartbleed, they would be able to use it to go back and decrypt the previously-unintelligible recording of your old communications today — if those communications weren’t made using a forward-secrecy-enabled connection.

In the aftermath of yesterday’s events, it’s clear that forward secrecy is necessary to protect against unforseeable threats to SSL private keys. Whether that threat is an existing or future software bug, an insider who steals the »

A Running List of Things We Know the NSA Can Do. So Far.

2014-01-17T22:48:15+00:00January 17th, 2014|Tags: , , |

A Running List of Things We Know the NSA Can Do. So Far.

wilwheaton:

wnyc:

Full list on the Brian Lehrer Show blog.

  • It can track the numbers of both parties on a phone call, as well location, time and duration. (More)
  • It can hack Chinese phones and text messages. (More)
  • It can set up fake internet cafes. (More)
  • It can spy…

An important list to remind yourself of from time to time.

2018-03-27T08:57:56+00:00January 10th, 2014|Tags: , |

We were pressured to weaken the mobile security in the 80’s

They wanted a key length of 48 bit. We were very surprised. The West Germans protested because they wanted a stronger encryption to prevent spying from East Germany. The compromise was a key length of 64 bit – where the ten last bits were set to zero. The result was an effective key length of 54 bit.

One other thing that was put in the GSM specification, after demands from some countries, was that the encryption could be turned off, without the cell phone user knowing.

When the encryption is turned off, it is also quite easy for private citizens with the right equipment to eavesdrop on cell phone calls.

Go to Top