backdoors – Page 9 – SSL and internet security news

Encryption Policy and Freedom of the Press

April 4, 2017 infossl

academicpapers, backdoors, cryptography, cryptowars, encryption, nationalsecuritypolicy, Security technology

Interesting law journal article: “Encryption and the Press Clause,” by D. Victoria Barantetsky. Abstract: Almost twenty years ago, a hostile debate over whether government could regulate encryption — later named the Crypto Wars — seized the country. At the center of this debate stirred one simple question: is encryption protected speech? This issue touched all … Read More “Encryption Policy and Freedom of the Press” »

Cryptkeeper Bug

February 7, 2017 infossl

backdoors, encryption, linux, Security technology, securityengineering

The Linux encryption app Cryptkeeper has a rather stunning security bug: the single-character decryption key “p” decrypts everything: The flawed version is in Debian 9 (Stretch), currently in testing, but not in Debian 8 (Jessie). The bug appears to be a result of a bad interaction with the encfs encrypted filesystem’s command line interface: Cryptkeeper … Read More “Cryptkeeper Bug” »

WhatsApp Security Vulnerability

January 17, 2017 infossl

backdoors, encryption, facebook, Security technology, signal, usability, vulnerabilities, whatsapp

Back in March, Rolf Weber wrote about a potential vulnerability in the WhatsApp protocol that would allow Facebook to defeat perfect forward secrecy by forcibly change users’ keys, allowing it — or more likely, the government — to eavesdrop on encrypted messages. It seems that this vulnerability is real: WhatsApp has the ability to force … Read More “WhatsApp Security Vulnerability” »

Encryption Working Group Annual Report from the US House of Representatives

December 21, 2016 infossl

backdoors, encryption, lawenforcement, nationalsecuritypolicy, Security technology

The Encryption Working Group of the House Judiciary Committee and the House Energy and Commerce Committee has released its annual report. Observation #1: Any measure that weakens encryption works against the national interest. Observation #2: Encryption technology is a global technology that is widely and increasingly available around the world. Observation #3: The variety of … Read More “Encryption Working Group Annual Report from the US House of Representatives” »

My Priorities for the Next Four Years

December 15, 2016 infossl

backdoors, encryption, fear, nationalsecuritypolicy, privacy, Security technology, voting

Like many, I was surprised and shocked by the election of Donald Trump as president. I believe his ideas, temperament, and inexperience represent a grave threat to our country and world. Suddenly, all the things I had planned to work on seemed trivial in comparison. Although Internet security and privacy are not the most important … Read More “My Priorities for the Next Four Years” »

Securing Communications in a Trump Administration

November 23, 2016 infossl

backdoors, computersecurity, encryption, lawenforcement, nationalsecuritypolicy, privacy, Security technology, surveillance, uk

Susan Landau has an excellent essay on why it’s more important than ever to have backdoor-free encryption on our computer and communications systems. Protecting the privacy of speech is crucial for preserving our democracy. We live at a time when tracking an individual — a journalist, a member of the political opposition, a citizen engaged … Read More “Securing Communications in a Trump Administration” »

Smartphone Secretly Sends Private Data to China

November 18, 2016 infossl

android, backdoors, cellphones, china, Security technology, vulnerabilities

This is pretty amazing: International customers and users of disposable or prepaid phones are the people most affected by the software. But the scope is unclear. The Chinese company that wrote the software, Shanghai Adups Technology Company, says its code runs on more than 700 million phones, cars and other smart devices. One American phone … Read More “Smartphone Secretly Sends Private Data to China” »

Recovering an iPhone 5c Passcode

September 15, 2016 infossl

academicpapers, backdoors, encryption, fbi, ios, iphone, lies, passwords, Security technology

Remember the San Bernardino killer’s iPhone, and how the FBI maintained that they couldn’t get the encryption key without Apple providing them with a universal backdoor? Many of us computer-security experts said that they were wrong, and there were several possible techniques they could use. One of them was manually removing the flash chip from … Read More “Recovering an iPhone 5c Passcode” »

Apple's Cloud Key Vault

September 8, 2016 infossl

apple, backdoors, backups, cloudcomputing, keys, lawenforcement, Security technology

Ever since Ian Krstić, Apple’s Head of Security Engineering and Architecture, presented the company’s key backup technology at Black Hat 2016, people have been pointing to it as evidence that the company can create a secure backdoor for law enforcement. It’s not. Matthew Green and Steve Bellovin have both explained why not. And the same … Read More “Apple's Cloud Key Vault” »

Microsoft Accidentally Leaks Key to Windows Backdoor

August 15, 2016 infossl

backdoors, cryptography, keys, leaks, microsoft, Security technology

In a cautionary tale to those who favor government-mandated backdoors to security systems, Microsoft accidentally leaked the key protecting its UEFI Secure boot feature. As we all know, the problems with backdoors are less the cryptography and more the systems surrounding the cryptography. Powered by WPeMatico