John writes, “After a library created a Tor node on its network, the DHS and local police contacted them to ask them to stop. For now they have; their Board of Trustees will vote soon on whether to renew the service.” Read the rest
Visit site:
Library offers Tor nodes; DHS tells them to stop
An Indian certificate authority in the Microsoft root of trust has been caught issuing fake Google subdomain certificates that would allow nearly undetectable eavesdropping on “secure” connections to services like Google Docs. Read the rest
See the original post:
Fake Google subdomain certificates found in the wild
The maintainers of the security-conscious FreeBSD operating system have declared that they will no longer rely on the random number generators in Intel and Via’s chips , on the grounds that the NSA likely has weakened these opaque hardware systems in order to ease surveillance. The decision is tied to the revelations of the BULLRUN/EDGEHILL programs, wherein the NSA and GCHQ spend $250M/year sabotaging security in standards, operating systems, software, and networks. “For 10, we are going to backtrack and remove RDRAND and Padlock backends and feed them into Yarrow instead of delivering their output directly to /dev/random,” FreeBSD developers said. “It will still be possible to access hardware random number generators, that is, RDRAND, Padlock etc., directly by inline assembly or by using OpenSSL from userland, if required, but we cannot trust them any more.” In separate meeting minutes, developers specifically invoked Snowden’s name when discussing the change. “Edward Snowdon [sic] — v. high probability of backdoors in some (HW) RNGs,” the notes read, referring to hardware RNGs. Then, alluding to the Dual EC_DRBG RNG forged by the National Institute of Standards and Technology and said to contain an NSA-engineered backdoor, the notes read: “Including elliptic curve generator included in NIST. rdrand in ivbridge not implemented by Intel… Cannot trust HW RNGs to provide good entropy directly. (rdrand implemented in microcode. Intel will add opcode to go directly to HW.) This means partial revert of some work on rdrand and padlock.” “We cannot trust” Intel and Via’s chip-based crypto, FreeBSD developers say [Dan Goodin/Ars Technica]
Read the original post:
FreeBSD won’t use Intel & Via’s hardware random number generators, believes NSA has compromised them
A Bitcoin address with a history of large transactions just conducted a transfer worth $147M , more or less.
Read More:
$147M Bitcoin transaction
CNet’s Declan McCullagh reports on a rumor that Google is testing a system for encrypting its users’ files on Google Drive; they are reportedly considering the move as a means of making it harder for government spies to harvest user-data.
Read More:
Google experimenting with spy-resistant encrypted Google Drive
Apple apparently has the power to decrypt iPhone storage in response to law-enforcement requests, though they won’t say how. Google can remotely “reset the password” for a phone for cops, too: Last year, leaked training materials prepared by the Sacramento sheriff’s office included a form that would require Apple to “assist law enforcement agents” with “bypassing the cell phone user’s passcode so that the agents may search the iPhone.” Google takes a more privacy-protective approach: it “resets the password and further provides the reset password to law enforcement,” the materials say, which has the side effect of notifying the user that his or her cell phone has been compromised. Ginger Colbrun, ATF’s public affairs chief, told CNET that “ATF cannot discuss specifics of ongoing investigations or litigation. ATF follows federal law and DOJ/department-wide policy on access to all communication devices.” …The ATF’s Maynard said in an affidavit for the Kentucky case that Apple “has the capabilities to bypass the security software” and “download the contents of the phone to an external memory device.” Chang, the Apple legal specialist, told him that “once the Apple analyst bypasses the passcode, the data will be downloaded onto a USB external drive” and delivered to the ATF. It’s not clear whether that means Apple has created a backdoor for police — which has been the topic of speculation in the past — whether the company has custom hardware that’s faster at decryption, or whether it simply is more skilled at using the same procedures available to the government. Apple declined to discuss its law enforcement policies when contacted this week by CNET. It’s not clear to me from the above whether Google “resetting the password” for Android devices merely bypasses the lock-screen or actually decrypts the mass storage on the phone if it has been encrypted. I also wonder if the “decryption” Apple undertakes relies on people habitually using short passwords for their phones — the alternative being a lot of screen-typing in order to place a call. Apple deluged by police demands to decrypt iPhones [Declan McCullagh/CNet] ( via /. )
Visit link:
Apple can decrypt iPhones for cops; Google can remotely “reset password” for Android devices
Buzzing around the internet this week: Polish security researcher and professor Wojciech Mazurczyk (left) claims to be developing a way to hide secret, un-eavesdroppable messages in “silent” packets transmitted within Skype conversations . He and his team plan to present SkypeHide at a steganography conference in Montpellier, France, this coming June. VentureBeat has a writeup here . The ease with which Skype can be snooped by law enforcement is well-known . I’ll be interested to hear what other security researchers make of Mazurczyk’s project, when and if it is eventually released.
See original article:
SkypeHide promises to hide secret messages in silent Skype packets, even when authorities are listening
Douglas sez, 18 months ago Boing Boing posted about EFF’s effort to get Ubuntu to make full disk encryption (FDE) easy upon install. EFF has delivered. I’m sure many of us have had and continue to have the experience of trying to nudge someone (or ourselves) over from OS X or Windows to GNU/Linux and LUKS full disk encryption, but the process got roadblocked at some point because using the alternate installer to config the partitions and all for FDE was just too much of a hassle for parties involved. Now in Ubuntu 12.10, FDE is just a tickbox in the default installer. How cool is that? This means it’s a good time to donate to EFF . And if you’re using Ubuntu 12.10, don’t forget to fix the privacy problems for which EFF provides a tutorial (thanks again!). ( Thanks, Doug ! )
See original article:
EFF delivers easy full-disk encryption for Ubuntu