security

Experts Say iPhone 5S Fingerprint Security Feature Can Be Hacked

"While fingerprint sensors might seem like a nifty way to shorten the steps to your next brilliant tweet and keep your buddy from punking your Facebook with a fake status update, they’re more likely to create a false sense of security, thanks to statements like this, from Apple Senior Vice President Dan Riccio, in the introductory video for the new iPhone 5s: 'Your fingerprint is one of the best passwords in the world. It’s always with you, and no two are exactly alike.' Riccio is half-right. Your fingerprint is always with you, and no two are exactly alike. But that doesn’t make it one of the best passwords in the world. That actually makes it a potentially lousy password." Continue reading

Continue ReadingExperts Say iPhone 5S Fingerprint Security Feature Can Be Hacked

Gov. Standards Agency Suggests Dropping NSA-Influenced Algorithm

"Documents provided by Edward Snowden suggest that the NSA has heavily influenced the standard, which has been used around the world. In its statement Tuesday, NIST acknowledged that the NSA participates in creating cryptography standards 'because of its recognized expertise' and because NIST is required by law to consult with the spy agency. Various versions of Microsoft Windows, including those used in tablets and smartphones, contain implementations of the standard, though the NSA-influenced portion isn’t enabled by default." Continue reading

Continue ReadingGov. Standards Agency Suggests Dropping NSA-Influenced Algorithm

How the NSA Spies on Smartphones Including the BlackBerry

"For an agency like the NSA, the data storage units are a goldmine, combining in a single device almost all the information that would interest an intelligence agency: social contacts, details about the user's behavior and location, interests (through search terms, for example), photos and sometimes credit card numbers and passwords. According to the documents, it set up task forces for the leading smartphone manufacturers and operating systems. Specialized teams began intensively studying Apple's iPhone and its iOS operating system, as well as Google's Android mobile operating system. Another team worked on ways to attack BlackBerry." Continue reading

Continue ReadingHow the NSA Spies on Smartphones Including the BlackBerry

Bruce Schneier: iPhone Fingerprint Authentication

"Fingerprint readers have a long history of vulnerabilities as well. Some are better than others. The simplest ones just check the ridges of a finger; some of those can be fooled with a good photocopy. Others check for pores as well. The better ones verify pulse, or finger temperature. Fooling them with rubber fingers is harder, but often possible. [..] Apple's move is likely to bring fingerprint readers into the mainstream. But all applications are not equal. It's fine if your fingers unlock your phone. It's a different matter entirely if your fingerprint is used to authenticate your iCloud account. The centralized database required for that application would create an enormous security risk." Continue reading

Continue ReadingBruce Schneier: iPhone Fingerprint Authentication

Report: NSA Mimics Google to Monitor “Target” Web Users

"This revelation adds to the growing list of ways that the NSA is believed to snoop on ostensibly private online conversations. In what appears to be a slide taken from an NSA presentation that also contains some GCHQ slides, the agency describes 'how the attack was done' on 'target' Google users. NSA employees log into an internet router—most likely one used by an internet service provider or a backbone network. (It's not clear whether this was done with the permission or knowledge of the router's owner.) Once logged in, the NSA redirects the 'target traffic' to an 'MITM,' a site that acts as a stealthy intermediary, harvesting communications before forwarding them to their intended destination." Continue reading

Continue ReadingReport: NSA Mimics Google to Monitor “Target” Web Users

“Privacy” Held Hostage By “Security” – Public Unimpressed

"Since Sept. 11, our government has acted as if security and privacy were an either/or proposition. In other words, an increase in one causes a decrease in the other. Like a seesaw, if one side goes up, the other side must go down. As federal security consultant Ed Giorgio stated several years ago in a widely quoted New Yorker article, 'Privacy and security are a zero-sum game.' Apparently, in order to be more 'secure,' we must accept less 'privacy.' That includes allowing increased warrantless surveillance and scrutiny by the government. So is the government’s argument sound?" Continue reading

Continue Reading“Privacy” Held Hostage By “Security” – Public Unimpressed

Mobile Crime-Fighting App Gives Police Instant Database Access

"More than 600 San Francisco Police Department officers started using the app Monday, giving them access to internal SFPD, California DOJ and federal law enforcement databases. An additional 1,000 officers with the department are expected to participate in the initiative by the end of 2013. Emergency 911 call histories will also be accessible via the device, along with data records used by law enforcement including booking photos, DMV records and criminal histories. Agents can use JusticeMobile on their iPads to check potential gun buyers at weekend firearms shows statewide by checking names against the Bureau of Firearms Armed Prohibited Persons (APPS) database." Continue reading

Continue ReadingMobile Crime-Fighting App Gives Police Instant Database Access

How to foil NSA sabotage: use a dead man’s switch

"It doesn't really matter if you trust the 'good' spies not to abuse their powers (though even the NSA now admits to routine abuse, you should still be wary of deliberately weakened security. It is laughable to suppose that the back doors that the NSA has secretly inserted into common technologies will only be exploited by the NSA. There are plenty of crooks, foreign powers, and creeps who devote themselves to picking away patiently at the systems that make up the world and guard its wealth and security (that is, your wealth and security) and whatever sneaky tools the NSA has stashed for itself in your operating system, hardware, applications and services, they will surely find and exploit." Continue reading

Continue ReadingHow to foil NSA sabotage: use a dead man’s switch

Let us count the ways: How the feds (legally, technically) get our data

"It’s worth considering the various vectors of technical and legal data-gathering that high-level adversaries in America and Britain (and likely other countries, at least in the 'Five Eyes' group of anglophone allies) are likely using in parallel to go after a given target. So far, the possibilities include: A company volunteers to help (and gets paid for it). Spies copy the traffic directly off the fiber. A company complies under legal duress. Spies infiltrate a company. Spies coerce upstream companies to weaken crypto in their products/install backdoors. Spies brute force the crypto. Spies compromise a digital certificate. Spies hack a target computer directly, stealing keys and/or data, sabotage." Continue reading

Continue ReadingLet us count the ways: How the feds (legally, technically) get our data

Why I think the NSA is lying

"It’s IMPOSSIBLE for the NSA to have cracked everything. And my assessment is that this is an intimidation campaign. The NSA wants people to think that they have this capability. And if everyone thinks that the NSA is Big Brother’s Big Brother, all-seeing and all-knowing, then not only will everyone be terrified, but everyone will simply stop using encryption. After all, why bother going through the hassle of encrypting/decrypting if the NSA can still read the contents of your email? It’s in the NSA’s interest for people to think that the agency is almighty. I don’t buy it. These people are seriously vile. But they don’t have superpowers." Continue reading

Continue ReadingWhy I think the NSA is lying