Monthly Archives: July 2014

Snowden: think like ‘worst people on Earth’ to outwit NSA

Posted on by

Former NSA contractor Edward Snowden who was responsible for blowing the whistle and exposing surveillance programmes run by the US and UK governments has implored hackers to focus more of their efforts on creating anti-surveillance technologies.

Speaking via video link from Moscow to the audience at the Hackers On Planet Earth (HOPE) conference in New York this weekend, Snowden said that he intends to devote his time to promoting technologies that allow people to communicate anonymously and encrypt their messages. At the same time, he encouraged others to do the same.

"If you let go of your rights for a moment, you've lost them for a lifetime, and this is why this matters -- we didn't know about it [the surveillance], we weren't told about it." Describing the surveillance programmes set up by the US government as "a fundamentally un-American thing", he then proceeded to explain to the hackers, many of whom consider him to be a hero, how they can help fight back against what we now know to be "the new truth of our world".

"I think we the people, you the people, you in this room right now have both the means and the capability to help build a better future by encoding our rights into the programs and protocols on which we rely every day. And that's what my future work is going to be involved in and I hope you will join me and the Freedom of the Press Foundation and every other organisation in making that happen."

When asked to explain what tools needed to be developed and how people should use them, Snowden said that while the level of protection required varied dramatically from person to person, there were still basic rules that should be abided by. "Generally when I talk about this, I say encryption, encryption, encryption, because it is an important first step that denies the government access to anything typically more than suspicion which is drawn from association."

Snowden, who is now on the board of the Freedom of the Press Foundation, explained that encryption for journalists in particular should only be seen as the first step, as that association is capable of betraying them completely. It's important to remember, he says that when it comes to how governments work out who their adversaries are, "the same techniques they use to discover spies, they use to discover journalists".

He praised some of the tools already out there, including Tor and PGP, but said that the hacking community needed to work together to peer review any systems that are built up by attacking them and "work as adversaries to find holes so we can fix them".

User experience also needs to significantly improve to make tools easier to use, he said. "We need encryption, mixed routing, we need non-attributable communications or un-attributable internet access that's available to people, that's easy, that's transparent, that's reliable -- that we can use not just here in the United States, but around the world, because again this a global problem."

The dangers posed by surveillance and the attacks against anti-surveillance technologies are only going to get worse, he added, before imploring the "grad students of the world to fix this thing". The trick is, he says, "to think like the worst people on Earth" and consider how they will unpick the systems that are built. "The techniques are only limited by our imagination."

Snowden has now been in Russia for over a year and earlier this month made a request to extend his Russian visa, which expires at the end of July. The US has requested that Snowden be extradited to face criminal charges, but given the past and current tensions between the two countries, it is unlikely that Russia will acquiesce to Washington's demands anytime soon.

Go here to read the rest:
Snowden: think like 'worst people on Earth' to outwit NSA

Mexican Army Cipher Wheel – state of the art encryption 100 years ago – Video

Posted on by


Mexican Army Cipher Wheel - state of the art encryption 100 years ago
This encryption machine was used during the time of conflict between Mexico and the USA shortly before World War I. It uses 5 disks that convert letters into 2 digit numbers based on a key...

By: dj51florida

See the rest here:
Mexican Army Cipher Wheel - state of the art encryption 100 years ago - Video

Getting Started with Hashing in SQL Server

Posted on by

Introduction

In my most recent articles, Ive talked about encryption in detail and demonstrated its usage at the entire database level with Transparent Data Encryption and at the column level with granularcell level encryption. In this article, I am going to discuss hashing in SQL Server and how it is different from encryption.

Encryption brings data into a state which cannot be interpreted by anyone who does not have access to the decryption key, password, or certificates. Though encryption does not restrict the access to the data, it ensures if data loss happens, then in that case data is useless for the person who does not have access to the decryption keypasswordcertificates. On the other hand, Hashing brings a string of characters of arbitrary size into a usually shorter fixed-length value or key that represents the original string and acts as a shortened reference to the original data. A slight change in the input string of characters produces a completely different hashed output.

To meet the demands of regulatory compliance and corporate data security standards, SQL Server allows you to enable encryption at the columncell level or on the entire database level whereas hashing can be used for several purposes for example:

Encryption is bidirectional, which means data encrypted can be decrypted back to the original string if you have access to the correct decryption key, whereas hashing is unidirectional, which means hashed data cannot be reversed back to the original string.

SQL Server has the HASHBYTES inbuilt function to hash the string of characters using different hashing algorithms. The supported algorithms are MD2, MD4, MD5, SHA, SHA1, or SHA2. The hashed data conforms to the algorithm standard in terms of storage size i.e. 128 bits (16 bytes) for MD2, MD4, and MD5; 160 bits (20 bytes) for SHA and SHA1; 256 bits (32 bytes) for SHA2_256, and 512 bits (64 bytes) for SHA2_512. SHA2_256 and SHA2_512 algorithms are available in SQL Server 2012 and later versions.

The stronger hash function you use, the more storage space it takes, and performance is slower but it provides a stronger hash value with minimal chance of hash collision (generating the same hashed output for two different input string of characters). Hence, its recommended to use hashing algorithms depending on your workload and data to hash by making it an appropriate trade-off.

The example below, demonstrates the use of the HASHBYTES function to do hashing using MD5 algorithm. As mentioned before, a slight change in the input string of characters produces a completely different hashed output and this is what you could see in the second column. The only difference between input for the first column and input for the second column is an extra space at the end of the input string in the second input string:

No matter how many times you do the hashing, the hashed output will remain same for the same set of input strings and same hashing algorithm:

View post:
Getting Started with Hashing in SQL Server

Homeland Security gets into software security

Posted on by

Summary: It sounds unlikely, but the Homeland Security Agency is now providing an online, open-source code-testing suite with the unlikely name of SWAMP.

PORTLAND No, I am not making this up. At OSCon, The Department of Homeland Security (DHS), best known to you as the people checking up on you between the airport parking lot and your flight, quietly announced that they're now offering a service for checking out your open-source code for security holes and bugs: the Software Assurance Marketplace (SWAMP).

"Why," you ask?

Because Patrick Beyer, SWAMP's Project Manager at Morgridge Institute for Research, the project's prime contractor, explained, "With open source's popularity, more and more government branches are using open-source code. Some are grabbing code from here, there, and everywhere." Understandably, "there's more and more concern about the safety and quality of this code. We're the one place you can go to check into the code"

This is true, but the government has been using open-source software since before the phrase "open source," or even the earlier phrase, "free software" existed. Some of NASA's COSMIC free scientific code collection, for example, dates back to the 1960s and the Veterans Affairs' Veterans Health Information Systems and Technology Architecture (VistA), the first electronic health record (EHR) system, began in the early 1980s.

During my own time at NASA in the 1980s, Linux was introduced. Soon thereafter, the first Linux supercomputer architecture, Beowulf, was created at Goddard Space Flight Center (GSFC) in 1995. More recently, in 2010, the popular open-source cloud program OpenStack, got its start as a joint project between RackSpace and NASA.

So it is that government agencies have long both used and created "open-source" software. What's been missing, and what the SWAMP tries to provide, is a centralized way of checking the code for errors and security problems.

While SWAMP is funded by a $23.4 million grant from the Department of Homeland Security Science & Technology Directorate (DHS S&T), SWAMP is designed by researchers from the Morgridge Institute, the University of Illinois-Champaign/Urbana, the University of Indiana, and the University of Wisconsin-Madison. Each brings broad experience in software assurance, security, open source software development, national distributed facilities and identity management to the project.

The SWAMP servers themselves are hosted at the Morgridge Institute in Madison, WI. At the Institute, the clustered servers are kept at a secure facility. The SWAMP cluster currently has 700 cores, 5TBs of RAM, and 100TBs of storage to meet the continuous assurance needs of multiple software and tool development projects. SWAMP opened its services to the community in February of 2014 offering five open-source static analysis tools that analyze source code for possible security defects without having to execute the program.

These tools currently are:

Read more here:
Homeland Security gets into software security

Julian Assange Fails To Overturn Swedish Arrest Warrant

Posted on by

Wikileaks founder Julian Assange has failed to overturn his arrest warrant, and remains confined to the Ecuadorean Embassy in London, after a Swedish court rejected his appeal on Wednesday.

Assange has spent two years holed up in the Ecuadorians residency, to avoid extradition to Sweden over allegations of sexual misconduct which were made more than three years ago. He claims that he would likely be sent on to the US for trial over Wikileaks publication of US government material although he has not as yet been charged in America.

Assanges lawyers filed a petition in a Swedish court to withdraw his arrest warrant, which was issued after allegations of sexual misconduct. So far, no official charges have been filed in Sweden, and Assange insists that the Swedish warrant is nothing more than a political ploy, which would see him eventually extradited to the United States, to face criminal charges there over Wikileaks release of thousands of confidential US government documents.

Those leaks were highly embarrassing to the US government, and a Federal Grand Jury is currently preparing a criminal case against WikiLeaks.

Assanges lawyers argued that the Swedish arrest warrant should be withdrawn, because it is not legally enforceable whilst Assange resides within the grounds of the embassy of Ecuador.

Assanges lawyers also highlighted that Swedish prosecutors are refusing to travel to the UK to interview him about the allegations, so they can decide whether to actually file criminal charges.

But the Swedish court dismissed Assanges legal attempt.

All in all, the district court makes the assessment that the reasons for the arrest warrant offset the infringement and adverse effects the measure entails for Julian Assange, District court judge Lena Egelin was quoted as saying by Reuters. He should therefore continue to be wanted for arrest in his absence.

Thomas Olsson, one of Assanges Swedish lawyers, was quoted as saying that he would appeal the Swedish court verdict.

Ecuador granted Assange political asylum back in August 2012, and Assange wants a guarantee of safe passage to Ecuador before he will leave the embassy, as he fears the United States will have him arrested if he leaves.

Excerpt from:
Julian Assange Fails To Overturn Swedish Arrest Warrant

Eric Cantona works out with Julian Assange… apparently

Posted on by

Something rather bizarre happened at the weekend, involving a football icon and a controversial activist.

Eric Cantona was pictured working out alongside Julian Assange in a tweet that gave little further information.

Julian Assange works out with Eric Cantona

The photo was taken in Assange's room in the Ecuadorian embassy, where he has been camped since June 2012 to avoid extradition to Sweden for questioning on sexual assault allegations.

Assange looks on as a sweaty and knackered Cantona pants on a running machine, which was given to Assange by Ken Loach, who directed Cantona in the 2009 film Looking for Eric.

Assange's spokesperson said that the pair had "discussed a future collaboration", which will be revealed "in due course".

Could we be about to see a footy tournament involving former footballers and activists on the run? Or Ken Loach's latest film Looking for Julian?

Read the original here:
Eric Cantona works out with Julian Assange... apparently