FBI spreading fear over Apples iPhone encryption practices
The FBI is angry with growing efforts by tech companies to beef up encryption and security on consumer devices. Apple recently took a step towards ensuring c...
By: RT America
See the rest here:
FBI spreading fear over Apple’s iPhone encryption practices - Video
Three Google security engineers uncover a major vulnerability in the older -- but still supported -- Web encryption standard SSL 3.0. Experts say fixing it is impossible and upgrading will be difficult.
A 15-year-old encryption protocol for browsers and websites is now too vulnerable to safely use. CNET
Older Web technology continues to be dogged by revelations that show how insecure it is. A trio of Google security engineers proved that the encryption standard Secure Socket Layer can be circumvented thanks to a new vulnerability they dubbed "POODLE."
POODLE is a new security hole in Secure Socket Layer (SSL) 3.0 that makes the 15-year-old protocol nearly impossible to use safely, said Google security engineers Bodo Mller, Krzysztof Kotowicz and Thai Duong in a new report published on Tuesday.
The vulnerability allows encrypted, ostensibly-secret information to be exposed by an attacker with network access. POODLE, which stands for Padding Oracle On Downgraded Legacy Encryption (PDF), is a problem because it's used by both websites and Web browsers. Both must be reconfigured to prevent using SSL 3.0, and POODLE will remain a problem as long as SSL 3.0 is supported.
While SSL 3.0 is no longer the most advanced form of Web encryption in use, Mller explained browsers and secure HTTP servers still need it in case they encounter errors in Transport Layer Security (TLS), SSL's more modern, less vulnerable younger sibling.
The good news is that not much of the Web relies on SSL 3.0 anymore. A study by the University of Michigan shows that few sites rely on SSL 3.0 for anything. Less than 0.3 percent of communication between site and server depends on SSL 3.0, while 0.42 percent of the top 1 million domains on Alexa use it in even partially.
The reason that POODLE is a problem is that attackers can force your browser to downgrade to SSL 3.0.
If either browser or server runs into problems connecting with TLS, sites and browsers will often fall back to SSL. The problem is that attackers can force a connection failure which would force a site to use SSL 3.0, which would then expose it to hackers.
Because disabling SSL 3.0 outright causes compatibility problems for sites and servers, Mller recommended that administrators for both add support for TLS_FALLBACK_SCSV, a TLS protocol that blocks attackers from conning browsers into downgrading to not only SSL 3.0, but TLS 1.0 and 1.1 as well. It "may help prevent future attacks," he wrote.
Read the rest here:
Google exposes 'Poodle' flaw in Web encryption standard
The bug affects a 15-year-old encryption standard known as SSL 3.0, but is less severe than Heartbleed or Shellshock.
Another week, another Internet vulnerability uncovered: Google researchers have reported a Web encryption bug that allows hackers to infiltrate email, banking, and other online accounts.
Dubbed Poodle (for "Padding Oracle On Downgraded Legacy Encryption"), the threat affects a 15-year-old encryption standard known as SSL 3.0. But it is reportedly less severe than Heartbleed or Shellshock.
Existing in old software and nearly all browsers, the bug is not easy to apply: It requires a hacker to tap into the connection between you and your browser, referred to as a man-in-the-middle exploit.
"If Heartbleed/Shellshock merited a 10, then this attack is only around a 5," said Errata Security's Robert Graham.
So while you have little to worry about surfing the Web on a secure home connection, using the local coffee shop's unencrypted Wi-Fi makes it simpler for a nearby hacker to take complete control of your accounts.
The good news is they won't be able to steal your password.
Google researchers Bodo Mller, Thai Duong, and Krzysztof Kotowicz discovered the vulnerability, which unfortunately does not come with a quick fix.
Your best bet is to avoid SSL 3.0 entirely, and add a second mechanism called TLS_FALLBACK_SCSV, which will help solve the immediate problem and prevent future attacks.
Chrome and Firefox users can visit Googler Adam Langley's blog for more details on how to implement the patches.
Read the rest here:
Google Reveals 'Poodle' Web-Encryption Bug
Open source developers apparently don't adhere to best practices such as using static analysis and conducting regular security audits, found Coverity's Spotlight report, released Wednesday.
The Coverity Scan service, which is available at no charge to open source projects, helped devs find and fix about 50,000 quality and security defects in code last year.
That number can be attributed in part to continuous improvement, which lets users find previously undetected defects. Also, as projects mature, devs can focus on rooting out new defects. Another factor is that user registration for the Coverity service was quadruple that of 2012, noted Zach Samocha, senior director of products at Coverity.
Coverity in June added its Security Advisor to the Coverity Scan service, which resulted in the discovery of almost 4,000 defects. The Security Advisor includes sophisticated analysis algorithms that help developers find and fix critical Web application security issues.
Of the 4,000 discoveries, almost 2,400 of these were high-severity defects, while 1,330 were low severity, and the remaining 260 or so were medium severity.
There have been several highly publicized open source vulnerabilities this year alone, including Heartbleed and Shellshock.
Those two flaws impacted a large number of users because of the widespread implementation of open source software.
"We would like to see more open source projects sign up for the [Coverity Scan] service and incorporate the finding and fixing of defects into their standard process," Samocha told TechNewsWorld. More than 3,000 open source projects have signed up for the service, but "there are many more."
Security Advisor can find quality defects in C#, Java, C and C++ code, and it can spot security defects in Java, C and C++, Samocha said.
Since June, Security Advisor has identified 688 OWASP Top 10 issues in 37 open source projects, including big data, network management and blog server projects.
Read more:
Report: Open Source Needs to Get With the Security Program
Linux Authors: Pat Romanski, Trevor Parsons, Shahbaz Ali, Carmen Gonzalez, Elizabeth White
Related Topics: SOA & WOA, Java, Linux, Open Source, Eclipse, Cloud Expo, Apache
SOA & WOA: Article
Storage, networking (OpenDaylight), compute virtualization (Xen, KVM, LXC) orchestration (Apache CloudStack, OpenStack)
Article Rating:
Reads:
In hissession at 15thCloud Expo, Mark Hinkle, Senior Director, Open Source Solutions at Citrix Systems Inc., will provide overview of the open source software that can be used to deploy and manage a cloud computing environment.
Mark will include information on storage, networking (e.g., OpenDaylight) and compute virtualization (Xen, KVM, LXC) and the orchestration (Apache CloudStack, OpenStack) of the three to build their own cloud services.
Contact@CitrixCloud for your FREE@CloudExpo pass.
Speaker Bio:Mark Hinkle is the Senior Director, Open Source Solutions, at Citrix Systems Inc. He joined Citrix as a result of their July 2011 acquisition of Cloud.com where he was their Vice President of Community. He is currently responsible for Citrix open source efforts around the open source cloud computing platform, Apache CloudStack and the Xen Hypervisor. Previously he was the VP of Community at Zenoss Inc., a producer of the open source application, server, and network management software, where he grew the Zenoss Core project to over 100,000 users and 20,000 organizations on all seven continents. He also is a longtime open source expert and author having served as Editor-in-Chief for both LinuxWorld Magazine and Enterprise Open Source Magazine. His blog on open source, technology, and new media can be found athttp://www.socializedsoftware.com.
Go here to see the original:
Crash Course in Open Source Cloud Computing By @CitrixCloud | @CloudExpo
Choosing a cloud hosting partner with confidence
+Comment Silicon Valleys biggest companies are an essential part of both the US states data-processing operation and a barely controllable element in American foreign policy, says WikiLeaks fugitive Julian Assange in his latest interview.
Talking to Pando Daily (from the Ecuadorian embassy in London), Assange dubs Google, Facebook and Apple "surveillance barons", which is not a new observation. He also highlights the US states reliance on the internet giant to increase American "soft power" abroad:
Google perceives that its overlapping networks should include networks of traditional US soft power, hard power, and networks in other countries where it is either collaborating with the establishments of those countries or if it feels it doesnt have an in with the elite of the other countries, it brings in the people that might one day replace it.
Assange also criticises Googles network of digital rights groups - for being tame and domesticated, which means Google rarely comes under scrutiny. Google funds over 150 academic departments, think tanks and "citizens groups", offering them advertising, analytics help and fund-raising tools and often hard cash. The support for these organisations helps shape the policy agenda to one that doesnt disrupt Googles business.
The problem is that a lot of groups that would normally criticize Google, the nonprofits that are involved in the tech sector, are funded directly or indirectly by Google. Or by USAID. Or by Freedom House. Google and its extended network have significant patronage in the very groups that would normally be criticizing it, says Assange. Its the nature of organizations. They dont like to bite the hand that feeds them.
Assange singles out the Electronic Frontier Foundation (EFF), which received more than half of its annual income from just one of a series of controversial "cy pres" class action payouts*. The out-of-court payments over privacy breaches saw university departments and groups enriched by Google and Facebook, while the individuals who brought the class action didnt receive a penny.
The EFF is a great group, and theyve done good things for us, but nonetheless it is significantly funded by Google, or people who work at Google, says Assange.
Although hes now known as a notorious conspiracy theorist, Assange has found a conspiracy hidden in plain view.
But a better indicator of Google's influence is not when money changes hand, but when it doesn't. Take for example, the implications of the CJEUs Gonzalez ruling, which upheld that Google wasnt exempt from European data protection law, and which confirmed that individuals have the right to ask for links to old and irrelevant information to be removed from Google.
Read the original:
Julian Assange discovers Google's given MONEY to EFF
Summary: According to security experts, the cryptocurrency community needs to grow up in order to thrive -- and become more like the establishment it originally tried to break away from.
ISLE OF MAN The cryptocommunity needs to "grow up" if Bitcoin is going to flourish, according to a prominent member of the security community.
Interest in Bitcoin exploded after the 2008 recession. In 2012, there was a sharp rise in Bitcoin-based merchant services. Since this time, the cryptocurrency has become monetized due to rising demand, which peaked last year at over $1,000 for a single BTC. Many attempted to cash in, but the price fell by over 50 percent following the decimation of major Bitcoin trading post Mt. Gox.
Despite this, faith in virtual currency remains strong but could the lure of cryptocurrency's unstructured and unregulated system also be its undoing?
There are endless possibilities for cryptocurrency, and this is not limited to Bitcoin. Litecoin, Dogecoin and Peercoin to name but a few are also in the mix, and many individuals and businesses are working out how virtual currency will fit in to our future. Traditional financial institutions may underpin transactions using virtual currency, more individual power and privacy could end up in the hands of consumers, and underdeveloped nations may be able to use crypto to circumvent corrupt governments or to allow for easier payments and reduced transfer costs where traditional economies are volatile.
Bitcoin may have had its name tainted by association with underground marketplace Silk Road, but virtual currency's story doesn't have to end there.
Bruce Elliott, anexecutivefrom financial services firm Boston, told attendeesat the Crypto Valley Summit on the Isle of Man:
Bitcoin for us is a nice thing and a nice way to make money. For others, it's a matter of life and death and a way to transform their own lives [...] and control their own destiny.
In short, Bitcoin is more than a "scheme," as a recent report issued by the Bank of England implied.Within the report, the financial institution said that while Bitcoin had the potential to "disrupt monetary policy," the inherent volatility of the currency means crypto is not a threat to traditional currency and the "small size of such schemes" leaves virtual currency outside of the bank's notice.
However, in order for virtual currency to succeed, more is needed than ideas, glue and tape. Major ingredients including investment, security and regulation may also be necessary.
Visit link:
Bitcoin survival relies on community 'growing up'
menu News gallery history
Use arrows below or keyboard arrows to navigate through images
Next
Previous
Picture credit: PA Photos
COULD WikiLeaks soon be better known as a fashion label? Whilst challenging Chanel and Prada for brand recognition doesn't appear to be on the cards, the online non-profit organisation - which publishes secrets and leaks that it deems in the public interest - plans to open stores in India as part of a global drive to raise awareness and funds.
"India is one of the countries where awareness about WikiLeaks is the highest and Julian [Assange, WikiLeaks founder] is excited about the proposition," Olafur Vignir Sigurvinsson, an Iceland-based WikiLeaks representative, told the Times of India. He added that the monetisation of the WikiLeaks brand would help raise funds for the company, which - like Wikipedia - currently survives on donations. "We are also looking for partners in India, who can manage the property and translate it into retail and e-retail platforms," Olafur added.
The organisation already retails selected products, including T-shirts bearing the slogans "Designated enemy of the state", "Leaks exposing injustice" and "By becoming continuous, war has ceased to exist". Whether selling T-shirts for up to $100 each will sit well with many who believe passionately in the company's "information free to all" ideology remains to be seen.
This is not Assange's first dalliance with fashion. In June, he was said to be preparing to take to the catwalk for fashion designer Ben Westwood - son of Vivienne and a staunch supporter of Assange - but he had to withdraw due to ill health.
Read the original:
WikiLeaks Launches Fashion Label
NSA leaker reunited with dancer Linsday Mills, with whom he lived in Hawaii The two are together again in Moscow, where Snowden is claiming asylum A picture shows the two enjoying a trip to a theatre in the Russian capital Vladimir Putin has granted the wanted man permission to stay for 3 years
By Will Stewart for MailOnline
Published: 13:58 EST, 14 October 2014 | Updated: 15:26 EST, 14 October 2014
A picture of U.S. whistleblower Edward Snowden and his American girlfriend at a Moscow theatre has emerged - and the possibility of the pair marrying in Russia has been raised.
The former National Security Agency contractor is 'happy' that Lindsay Mills is with him in Moscow.
The pole dancer was recently shown with America's most wanted man cooking in his flatin a fly on the wall documentary.
'Edward Snowden is happy that his girlfriend Lindsay Mills came to Russia and that she is supporting him,' said lawyer Anatoly Kucherena.
Reunited with America's most wanted man: The former National Security Agency contractor is 'happy' that girlfriend Lindsay Mills is with him in Moscow
'It's hard to predict if they are going to have a wedding in Russia.'
He spoke as the new picture was issued by state-owned news agency RIA Novosti of the couple on a night out at the theatre.
Here is the original post:
Ed Snowden enjoys date with pole dancer girlfriend Linsday Mills
Edward Snowden in Laura Poitras's 'Citizenfour'
Many rave reviews of Laura Poitrass new documentary Citizenfour have already been written. The film tackles the large and difficult subject of government information collection, which can no longer be easily referred to as the sprawling surveillance state because it involves so many different states, often acting in concert. Documentaries on the subject such as PBS Frontlines recent United States of Secrets usually involve a series of interviews with people staring into the camera and telling you what they know. But that is not the Poitras style. She seeks to capture events as they happen rather than interviews, so her film features Congressional testimony, a speech at a hacker conference, arguments before a federal court about warrantless wiretapping, journalist Glenn Greenwald typing away in Brazil surrounded by his famous dogs, and the active construction site for the NSAs famous datacenter in Utah. But as the New Yorkers George Packer notes in his profile of Poitras, the heart of the film is the hotel room in Hong Kong. That would be the hotel room where NSA whistleblower Edward Snowden holed up for a week last year with Poitras, Greenwald, and Guardian journalist Ewen MacAskill and started the leak that launched a global debate about the intelligence communitys information binging in the digital age.
It is incredible that this historic week is captured on film. It is as if the Washington Posts Bob Woodward were accompanied by a cameraman for his meetings with Deep Throat, or Daniel Ellsberg tailed by a reality TV film crew as he made the momentous decision to share the Pentagon Papers with the press. Not only is the week captured, it is captured in minute and humanizing detail. Such close detail that one of my viewing companions suggested Snowden visit the dermatologist as he worried about some of his moles. It gives the TV show Big Brother a serious run for its money. The three participants (plus Laura Poitras, off screen) bond. Snowdens hotel room steadily gets messier. You see the famous Tor and EFF stickers on Snowdens laptop, but also that he has a copy of Cory Doctorows Homeland in the room a meta touch given that the novel is about a protagonist with a thumbdrive of incriminating government documents who is trying to decide how to leak them. Everyone starts making more jokes as they get more comfortable with one another, even as the bags under Snowdens eyes get darker as the stories he unleashed and his identity go viral. Poitras films Snowden at length simply watching the news, as anchors and experts debate the meaning of the government programs revealed such as the mass collection of telephone metadata and Snowdens own motivations. It is riveting.
Edward Snowden and Glenn Greenwald at the Mira in Hong Kong. A historic week, captured on film.
It is also hilarious at times. Snowden was convinced of the danger of his coming forward. I appreciate your concern for my safety, but I already know how this will end for me and I accept the risk. I ask only that you ensure this information makes it home to the American public, he wrote in an email to Poitras before meeting her, when he signed his emails only as Citizenfour. It was a serious enterprise, and Snowden was convinced of dire results for him, but the tension was lifted by moments of levity. At one point, a fire alarm keeps going off, interrupting their discussions of intelligence programs, awakening first paranoia is someone trying to interrupt their session? and then, after a call to the front desk that reveals its maintenance, simple annoyance.
Snowdens paranoia about being watched is at first laughable to the journalists. Snowden dons the famous red hood, covering himself and his computer to enter his passwords so that an observer or camera cant catch it, while Greenwald looks away trying not to smirk at the absurdity, calling the red blanket Snowdens magic mantle of power. We have all heard the story of Snowden originally reaching out by email to Greenwald but then turning to Poitras instead because Greenwald refused to learn how to use encryption. In the film, Snowden continues to dog Greenwald for his poor security practices, looking shocked when he realizes Greenwald has casually left an SD card with classified documents in his computer. Lets remember to change this out every once in a while, he says. Itll be public soon, Greenwald responds. When Snowden hands Greenwalds computer back to him to type in his password, Greenwald quickly dashes it off and hands the computer back. Well, looks like your password is about 4 characters, Snowden says humorously. I type fast, responds Greenwald. It makes you wonder what jokes Woodward and Mark Felt (a.k.a. Deep Throat) exchanged in that parking garage.
The preternatually composed Snowden is so focused on making sure the journalists understand whats in the documents that he sometimes forgets small gestures. As seen in the trailer, MacAskill has to interrupt Snowdens real-life information download to tell him he has no idea who this guy is. When Snowden launches into his resume, MasAskill interrupts him again. I dont even know your name, he says.
It is a movie about the spread of surveillance, that documents not just the power of the governments surveillance in the digital age but our own power when we capture moments that matter: Snowdens capture of documents at the NSA and Poitrass memorializing this meeting between a whistleblower and the journalists who would bring his secrets forward.
Though sometimes the surveillance in the film is not as sprawling as we would like: at the end of the hotel interviews in Hong Kong, Snowden walks out the door with a lawyer bound for the U.N. and then disappears. We dont get to see the rest of his time in Hong Kong or how he got onto a flight to Russia or his multi-week stay at the Moscow airport. He appears again only in two scenes at the end, revealing calm domesticity as we learn that his girlfriend Lindsay Mills has joined him in Russia and joyousness when Greenwald reveals to him that another leaker of government secrets has come forward with information about the U.S. drone strike program being run out of Germany and the 1.2 million people on the terrorist watchlist (though the Intercept, of which Poitras and Greenwald are founders, reported in August it was only 700,000 people).
There are many, especially in the intelligence community, who believe Snowden is an agent of a foreign power, turned against the U.S. by another countrys spy a plot laid out by a former NSA employee (who met Snowden in a kung-fu class years ago) in a blog post entitled How I Believe Things Went Down. The film serves as a rebuttal.
Here is the original post:
The Best Part Of The Snowden Documentary 'Citizenfour'