encryption – Page 15 – SSL and internet security news

Security Vulnerabilities in AT&T Routers

September 6, 2017 infossl

att, encryption, Security technology, securityengineering, vulnerabilities

They’re actually Arris routers, sold or given away by AT&T. There are several security vulnerabilities, some of them very serious. They can be fixed, but because these are routers it takes some skill. We don’t know how many routers are affected, and estimates range from thousands to 138,000. Among the vulnerabilities are hardcoded credentials, which … Read More “Security Vulnerabilities in AT&T Routers” »

Journalists Generally Do Not Use Secure Communication

August 31, 2017 infossl

email, encryption, pgp, privacy, Security technology, signal, whistleblowers

This should come as no surprise: Alas, our findings suggest that secure communications haven’t yet attracted mass adoption among journalists. We looked at 2,515 Washington journalists with permanent credentials to cover Congress, and we found only 2.5 percent of them solicit end-to-end encrypted communication via their Twitter bios. That’s just 62 out of all the … Read More “Journalists Generally Do Not Use Secure Communication” »

Ross Anderson on the History of the Crypto Wars in the UK

August 29, 2017 infossl

cryptography, cryptowars, encryption, Security technology, uk, videos

Ross Anderson gave a talk on the history of the Crypto Wars in the UK. I am intimately familiar with the US story, but didn’t know as much about Britain’s verson. Hour-long video. Summary. Powered by WPeMatico

Alternatives to Government-Mandated Encryption Backdoors

July 25, 2017 infossl

backdoors, encryption, essays, lawenforcement, nationalsecuritypolicy, privacy, Security technology, surveillance

Policy essay: “Encryption Substitutes,” by Andrew Keane Woods: In this short essay, I make a few simple assumptions that bear mentioning at the outset. First, I assume that governments have good and legitimate reasons for getting access to personal data. These include things like controlling crime, fighting terrorism, and regulating territorial borders. Second, I assume … Read More “Alternatives to Government-Mandated Encryption Backdoors” »

Australia Considering New Law Weakening Encryption

July 17, 2017 infossl

australia, childpornography, cryptowars, drugtrade, encryption, internet, Security technology, terrorism

News from Australia: Under the law, internet companies would have the same obligations telephone companies do to help law enforcement agencies, Prime Minister Malcolm Turnbull said. Law enforcement agencies would need warrants to access the communications. “We’ve got a real problem in that the law enforcement agencies are increasingly unable to find out what terrorists … Read More “Australia Considering New Law Weakening Encryption” »

The Secret Code of Beatrix Potter

June 23, 2017 infossl

concealment, encryption, Security technology

Interesting: As codes go, Potter’s wasn’t inordinately complicated. As Wiltshire explains, it was a “mono-alphabetic substitution cipher code,” in which each letter of the alphabet was replaced by a symbol — the kind of thing they teach you in Cub Scouts. The real trouble was Potter’s own fluency with it. She quickly learned to write … Read More “The Secret Code of Beatrix Potter” »

Passwords at the Border

June 1, 2017 infossl

borders, eff, encryption, passwords, passwordsafe, Security technology, socialmedia

The password-manager 1Password has just implemented a travel mode that tries to protect users while crossing borders. It doesn’t make much sense. To enable it, you have to create a list of passwords you feel safe traveling with, and then you can turn on the mode that only gives you access to those passwords. But … Read More “Passwords at the Border” »

NSA Brute-Force Keysearch Machine

May 16, 2017 infossl

cryptanalysis, cryptography, encryption, ibm, keys, nsa, Security technology

The Intercept published a story about a dedicated NSA brute-force keysearch machine being built with the help of New York University and IBM. It’s based on a document that was accidentally shared on the Internet by NYU. The article is frustratingly short on details: The WindsorGreen documents are mostly inscrutable to anyone without a Ph.D. … Read More “NSA Brute-Force Keysearch Machine” »

Shadow Brokers Releases the Rest of Their NSA Hacking Tools

April 10, 2017 infossl

encryption, gametheory, hacking, keys, nsa, Security technology

Last August, an unknown group called the Shadow Brokers released a bunch of NSA tools to the public. The common guesses were that the tools were discovered on an external staging server, and that the hack and release was the work of the Russians (back then, that wasn’t controversial). This was me: Okay, so let’s … Read More “Shadow Brokers Releases the Rest of Their NSA Hacking Tools” »

Encryption Policy and Freedom of the Press

April 4, 2017 infossl

academicpapers, backdoors, cryptography, cryptowars, encryption, nationalsecuritypolicy, Security technology

Interesting law journal article: “Encryption and the Press Clause,” by D. Victoria Barantetsky. Abstract: Almost twenty years ago, a hostile debate over whether government could regulate encryption — later named the Crypto Wars — seized the country. At the center of this debate stirred one simple question: is encryption protected speech? This issue touched all … Read More “Encryption Policy and Freedom of the Press” »