Trevor Paglen and Jacob Appelbaum collaborate to create beautiful, acrylic-encased computers that are also Tor nodes, anonymizing data that passes through them, and install the in art galleries all over the world, so that patrons can communicate and browse anonymously, while learning about anonymity and Tor. Read the rest
The parliamentary vice-president from Fidesz -- the largest faction in the Hungarian government -- has asked parliament to "ban communication devices that [law enforcement agencies] are not able to surveil despite having the legal authority to do so." Read the rest
The #FBIvsApple legal case may be over, but the fight over security, privacy, and the right to live free of surveillance has just begun. The Justice Department is expected to drop its legal action against Apple, possibly as soon as today, because an 'outside method' to bypass security on the San Bernardino gunman's iPhone has proven successful, a federal law enforcement official said Monday.
In just a few short years, ransomware -- malware that encrypts all the files on the computer and then charges you for a key to restore them -- has gone from a clever literary device for technothrillers to a cottage industry to an epidemic to a public menace. Read the rest
If you are a seller on Alphabay -- a darkweb site that sells "drugs, stolen data and hacking tools," you'll have to use two-factor authentication (based on PGP/GPG) for all your logins. Read the rest
A month after a hospital in Hollywood was shut down by a ransomware infection that encrypted all the files on its computers and computer-controlled instruments and systems, another hospital, this one in Kentucky, has suffered a similar fate. Read the rest
"Everywhere they went, the attackers left behind their throwaway phones."
Buried in the New York Times story Mark poked fun at earlier for its Crypto Panic vibe, a confirmation of sorts that there's really no evidence the terrorists used crypto at all. There is lots of evidence they used throwaway burner phones to evade detection while planning mass murder. Again, no evidence encryption, none, period. This is significant because these attacks, and similar ones that followed, are at the core of an anti-encryption charm offensive by the FBI and Department of Justice, now targeted at Apple's iPhone.
Ars Technica rehashes the details of the NYT piece and then puts it plainly:
Until we have stronger evidence to the contrary, it seems likely that encryption played little or no part in the Paris terrorist attacks.
Read the restThe NYT story on the Paris attackers makes just as much (if not more) sense if you replace "encryption" with "magic" pic.twitter.com/1ATUU1fzRM
— Christopher Soghoian (@csoghoian) March 20, 2016
One of the terrorists pulled out a laptop, propping it open against the wall, said the 40-year-old woman. When the laptop powered on, she saw a line of gibberish across the screen: βIt was bizarre β he was looking at a bunch of lines, like lines of code. There was no image, no Internet,β she said. Her description matches the look of certain encryption software, which ISIS claims to have used during the Paris attacks.
To summarize, if you see something on someone's computer screen that fits the description below, the person with the computer could be an ISIS terrorist! It looks like "a line of gibberish across the screen." It's "a bunch of lines, like lines of code." There's "no image." There's "no Internet."
It's good to know the spirit of Judith Miller lives on at the Times!
The NYT story on the Paris attackers makes just as much (if not more) sense if you replace "encryption" with "magic" pic.twitter.com/1ATUU1fzRM
— Christopher Soghoian (@csoghoian) March 20, 2016
How the fuck has @nytimes not edited this utter shit? pic.twitter.com/C884P1r1p7
— Internet of Shit (@internetofshit) March 21, 2016
@internetofshit @nytimes Look im using encryption software! pic.twitter.com/RmnAGMEgGH
— Rob (@robatcisco) March 21, 2016
Read the rest@internetofshit @nytimes Encryption for some people: pic.twitter.com/zKJhgFS7JS
— Miguel Esquirol (@miguelesquirol) March 21, 2016
Evan from Fight for the Future writes, "Everyone is focused on the high profile fight between Apple and the FBI, which is a good thing, because the outcome of this case will affect all of us." Read the rest
If you're one of the few engineers at Apple qualified to code up the backdoor that the FBI is seeking in its court order, and if your employer loses its case, and if you think you have a solemn duty as a security engineer to only produce code that makes users more secure, not less, what do you do? Read the rest
Since 2014, Suckfly, a hacker group apparently based in Chengdu, China, has used at least 9 signing certs to make their malware indistinguishable from official updates from the vendor. Read the rest
In response to the FBI's attack on Apple's use of encryption-based security methods, some of the biggest names in technology are reported to be planning an expanded use of encryption for user data that passes through, or is stored on, their products and services.
Ian Clark's long academic paper in the Journal of Radical Librarianship takes a while to get to the point, but when it arrives, it's a very, very good one: in the post-Snowden era, we can no longer address the "digital divide" just by providing access -- we also have to teach people how their online usage is spied on, how that will harm them, and what to do about it. Read the rest
John Oliver continues to deliver the best comedy tech analysis in the business, with an epic rant/explainer that delves into Apple vs FBI and the new crypto wars with scathing wit and deep, technical truth that's made miraculously accessible to a general audience. Read the rest
Obama's SXSW appearance included the president's stupidest-ever remarks on cryptography: he characterized cryptographers' insistence that there is no way to make working cryptography that stops working when the government needs it to as "phone fetishizing," as opposed to, you know, reality. Read the rest
Eddy Cue, Apple's head of services, has warned that if the FBI wins its case and can force Apple to produce custom software to help break into locked phones, there's nothing in principle that would stop it from seeking similar orders for custom firmware to remotely spy on users through their phones' cameras and microphones. Read the rest
Cothority is a new software project that uses "multi-party cryptographic signatures" to make it infinitely harder for governments to order companies to ship secret, targeted backdoors to their products as innocuous-looking software updates. Read the rest
