Stallman’s Email Preface
[[[ To any NSA and FBI agents reading my email: please consider]]]
[[[ whether defending the US Constitution against all enemies, ]]]
[[[ foreign or domestic, requires you to follow Snowden’s example. ]]]
iSpy: The CIA Campaign to Steal Apple’s Secrets
iSpy: The CIA Campaign to Steal Apple’s Secrets
Researchers working with the Central Intelligence Agency have conducted a multi-year, sustained effort to break the security of Apple’s iPhones and iPads.
At the 2011 Jamboree conference, there were two separate presentations on hacking the GID key on Apple’s processors. One was focused on non-invasively obtaining it by studying the electromagnetic emissions of — and the amount of power used by — the iPhone’s processor while encryption is being performed. Careful analysis of that information could be used to extract the encryption key. Such a tactic is known as a “side channel” attack. The second focused on a “method to physically extract the GID key.”Whatever method the CIA and its partners use, by extracting the GID — which is implanted on the processors of all Apple mobile devices »
Pick Two
There’s an old engineering rule about fast, cheap, and reliable – choose two. If you’re at NASA and you’re sending something to the moon you need it to be fast and reliable, but you can throw away cheap. Throwaway medical instruments in an operating room need to have a different thing – doesn’t have to work for long, and since you’re going to throw it away it would be nice if it’s cheap, so you make your trade-offs.
That as a rule of thumb is mostly what engineering is about. You can have most things, but not everything. I think security engineering are about tolerable failure modes – are about what the tolerable levels of failure are. Determine what failure modes are tolerable and what are not and I can design around not having the intolerable ones. But the cost of »
This week’s report begins in China, where the government has blocked access to all of Google’s encrypted and unencrypted services in the country and announced a new battle against Internet messaging apps.
Netizen Report: China’s Censors Take on Google and Messaging Apps Ahead of Tiananmen’s 25th Anniversary
Well this is a little unexpected.
Why the Web Needs Perfect Forward Secrecy More Than Ever
Why the Web Needs Perfect Forward Secrecy More Than Ever
most HTTPS websites on the Internet still don’t support forward secrecy, which means that a large chunk of your past communications with those servers is vulnerable to decryption when private SSL keys are compromised. For example, if someone has been intercepting your HTTPS-encrypted messages to Yahoo for the past several years and then stole a copy of Yahoo’s private key yesterday with Heartbleed, they would be able to use it to go back and decrypt the previously-unintelligible recording of your old communications today — if those communications weren’t made using a forward-secrecy-enabled connection.
In the aftermath of yesterday’s events, it’s clear that forward secrecy is necessary to protect against unforseeable threats to SSL private keys. Whether that threat is an existing or future software bug, an insider who steals the »
I Used Unsecured Webcams to Take Photos of Peoples the Insides of People’s Homes and Offices
This is why you don’t trust companies like Verizon or Comcast who use proprietary software to setup “security” cameras in your house.
A Running List of Things We Know the NSA Can Do. So Far.
A Running List of Things We Know the NSA Can Do. So Far.
wnyc:
Full list on the Brian Lehrer Show blog.
An important list to remind yourself of from time to time.
We were pressured to weaken the mobile security in the 80’s
They wanted a key length of 48 bit. We were very surprised. The West Germans protested because they wanted a stronger encryption to prevent spying from East Germany. The compromise was a key length of 64 bit – where the ten last bits were set to zero. The result was an effective key length of 54 bit.
…
One other thing that was put in the GSM specification, after demands from some countries, was that the encryption could be turned off, without the cell phone user knowing.
When the encryption is turned off, it is also quite easy for private citizens with the right equipment to eavesdrop on cell phone calls.
Surviving in a Feudal Security World
Surviving in a Feudal Security World
Mr. Schneier does a beautiful job explaining the landscape we now live in.
Nathan from the Guardian Project, drops some knowledge about why need to encrypt all the things. Watch it, you’ll learn things.