security

U.S. spy chief criticizes journalists for publishing anti-encryption efforts

"The office of the director of national intelligence (ODNI), which oversees the US’s intelligence agencies, suggested the stories, simultaneously published on the front pages of the New York Times and Guardian, were 'not news', but nonetheless provided a 'road map … to our adversaries'. Privacy groups, however, said the NSA’s activities were endangering privacy and putting both US internet users and businesses users at risk. 'Even as the NSA demands more powers to invade our privacy in the name of cybersecurity, it is making the internet less secure and exposing us to criminal hacking, foreign espionage, and unlawful surveillance,' said the ACLU’s principal technologist." Continue reading

Continue ReadingU.S. spy chief criticizes journalists for publishing anti-encryption efforts

Bitcoin developer: Are bitcoin thieves revealing NSA back doors?

"Will bitcoin -- and the financial incentive to break bitcoin crypto -- reveal other NSA backdoors in ECDSA, SHA256, RIPEMD160, and other algorithms and libraries used by bitcoin? Thieves are likely to exploit any flaws immediately, and move stolen loot to another private key. The NSA, on the other hand, is likely to avoid exploiting any weaknesses until key moments. Thus, ironically, thieves are playing a role in securing bitcoin and associated algorithms from NSA, Chinese, Russian or mafia tampering. Was the SecureRandom() bug a now-revealed NSA backdoor? You can thank bitcoin for exposing the problem and leading to immediate fixes, and attention to weak RNG impact." Continue reading

Continue ReadingBitcoin developer: Are bitcoin thieves revealing NSA back doors?

Toshiba’s quantum cryptography network that even the NSA can’t hack

"A quantum network uses specially polarized photons to encode an encryption key—a very long series of numbers and letters that can unlock a digital file. The photons are then sent down a fiber optic cable until they reach their destination, a photon detector, which counts them, and delivers the key to the intended recipient. If the photons are interfered with, the individual packets of information are forever altered and the recipient can see the telltale signs of tampering. The next step toward mainstreaming quantum crypto is increasing the distance that photons can travel before they degrade—currently the record is 200 km (124 miles) using a dedicated fiber optic cable." Continue reading

Continue ReadingToshiba’s quantum cryptography network that even the NSA can’t hack

Schneier on NSA surveillance: A guide to staying secure

"Now that we have enough details about how the NSA eavesdrops on theinternet, including today's disclosures of the NSA's deliberate weakening of cryptographic systems, we can finally start to figure out how to protect ourselves. The NSA has turned the fabric of the internet into a vast surveillance platform, but they are not magical. They're limited by the same economic realities as the rest of us, and our best defense is to make surveillance of us as expensive as possible. Trust the math. Encryption is your friend. Use it well, and do your best to ensure that nothing can compromise it. That's how you can remain secure even in the face of the NSA." Continue reading

Continue ReadingSchneier on NSA surveillance: A guide to staying secure

Revealed: The NSA’s Secret Campaign to Crack, Undermine Internet Security

"The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world. The agency, according to the documents and interviews with industry officials, deployed custom-built, superfast computers to break codes, and began collaborating with technology companies in the United States and abroad to build entry points into their products. The documents do not identify which companies have participated." Continue reading

Continue ReadingRevealed: The NSA’s Secret Campaign to Crack, Undermine Internet Security

Sudden spike of Tor users likely caused by one “massive” botnet

"Researchers have found a new theory to explain the sudden spike in computers using the Tor anonymity network: a massive botnet that was recently updated to use Tor to communicate with its mothership. Making a C&C server a Tor hidden service makes sense from an attacker's perspective. Tor makes it much harder for white hats and law enforcement officers to identify the malware operators and to shut down the server. Instead of connecting to a registered IP address, an infected machine connects to a pseudo address such as vtipk3.onion that is hard—if not impossible—to trace. Researchers have been predicting that botnets would adopt Tor protocols since at least 2010." Continue reading

Continue ReadingSudden spike of Tor users likely caused by one “massive” botnet

‘More profitable than cocaine’: Peru is top source of counterfeit US cash

"Peru has in the past two years overtaken Colombia as the No. 1 source of counterfeit U.S. dollars, says the U.S. Secret Service, protector of the world's most widely traded currency. Over the past decade, $103 million in fake U.S. dollars 'made in Peru' have been seized — nearly half since 2010, Peruvian and U.S. officials say. The phony money heads mostly to the United States but is also goes smuggled to nearby countries including Argentina, Venezuela and Ecuador. Counterfeiters earn up to $20,000 in real currency for every $100,000 in false bills they produce after expenses, the investigator said." Continue reading

Continue Reading‘More profitable than cocaine’: Peru is top source of counterfeit US cash

Mapping the Bitcoin Economy Could Reveal Users’ Identities

"The new research comes at a time when investment in the bitcoin economy is booming (see “Bitcoin Hits the Big Time”), and as it is being scrutinized by U.S. authorities. In 2013, the U.S. Department of Homeland Security has seized a total of $5 million from Mt Gox, the largest exchange where people go to convert between bitcoins and conventional currencies. Last month, New York’s financial regulator subpoenaed 22 companies to gather information about their dealings with Bitcoin. 'The Bitcoin protocol still has huge potential for anonymity,' says Sarah Meiklejohn, who led the research project, 'but the way that people are using it is not achieving anonymity at all.'" Continue reading

Continue ReadingMapping the Bitcoin Economy Could Reveal Users’ Identities

How We Got Busted Buying Drugs On Silk Road’s Black Market

"To be clear, we weren’t caught by law enforcement–so far at least, our experiment last month in ordering small amounts of marijuana from three different Bitcoin-based online black markets hasn’t resulted in anyone getting arrested. But a few weeks after those purchases, I asked Sarah Meiklejohn, a Bitcoin-focused computer science researcher at the University of California at San Diego, to put the privacy of our black market transactions to the test by tracing the digital breadcrumbs that Bitcoin leaves behind. The result of her analysis: On Silk Road, and possibly on smaller competitor markets, our online drug buys were visible to practically anyone who took the time to look." Continue reading

Continue ReadingHow We Got Busted Buying Drugs On Silk Road’s Black Market

Developers Scramble to Build NSA-Proof Email

"Edward Snowden’s revelations about the NSA’s mass internet surveillance is driving development of a slew of new email tools aimed at providing end-to-end encryption to users, and it has boosted interest in existing privacy tools too. Jon Callas, a Silent Circle founder, says his company is planning to take another run at secure email. He says he’s primarily concerned with email metadata like the sender, receiver and subject line, as well as the IP addresses and transit server information in the header of encrypted email." Continue reading

Continue ReadingDevelopers Scramble to Build NSA-Proof Email