Monthly Archives: December 2014

Congress Quietly Bolsters NSA Spying in Intelligence Bill …

Posted on by

Congress this week quietly passed a bill that may give unprecedented legal authority to the government's warrantless surveillance powers, despite a last-minute effort by Rep. Justin Amash to kill the bill.

Amash staged an aggressive eleventh-hour rally Wednesday night to block passage of the Intelligence Authorization Act, which will fund intelligence agencies for the next fiscal year. The Michigan Republican sounded alarms over recently amended language in the package that he said will for the first time give congressional backing to a controversial Reagan-era decree granting broad surveillance authority to the president.

The 47-page intelligence bill was headed toward a voice vote when Amash rose to the House floor to ask for a roll call. Despite his effortswhich included a "Dear Colleague" letter sent to all members of the House urging a no votethe bill passed 325-100, with 55 Democrats and 45 Republicans opposing.

The provision in question is "one of the most egregious sections of law I've encountered during my time as a representative," Amash wrote on his Facebook page. The tea-party libertarian, who teamed up with Rep. John Conyers last year in an almost-successful bid to defund the National Security Agency in the wake of the Snowden revelations, warned that the provision "grants the executive branch virtually unlimited access to the communications of every American."

The measure already passed the Senate by unanimous consent on Tuesday, and it is now on its way to the White House, where President Obama is expected to sign it.

The objections from Amash and others arose from language in the bill's Section 309, which includes a phrase to allow for "the acquisition, retention, and dissemination" of U.S. phone and Internet data. That passage, they warn, will give unprecedented statutory authority to allow for the surveillance of private communications that currently exists only under a decades-old presidential decree, known as Executive Order 12333.

"If this hadn't been snuck in, I doubt it would have passed," said Rep. Zoe Lofgren, a California Democrat who voted against the bill. "A lot of members were not even aware that this new provision had been inserted last-minute. Had we been given an additional day, we may have stopped it."

A spokesman for the Senate Intelligence Committee pushed back on claims that the section will strengthen NSA surveillance authority.

"Nothing in Section 309 authorizes any intelligence collection/acquisition at all," the spokesman said in an email."The only thing the section does is require new procedures governing the information the [intelligence community] already collects. The purpose of the section is to limit the [intelligence community's] existing ability to retain information, including U.S. person information."

Go here to see the original:
Congress Quietly Bolsters NSA Spying in Intelligence Bill ...

After the Snowden leaks, 700 million move to avoid NSA spying

Posted on by

Lucas Mearian | Dec. 16, 2014

Survey shows 83 percent believe Internet access should be a basic human right.

Credit: ThinkStock/ Computerworld

An international survey of Internet users has found that more than 39% have taken steps to protect their online privacy and security as a result of spying revelations by one-time NSA employee Edward Snowden.

The survey, conducted by the Centre for International Governance Innovation (CIGI), found that 43% of Internet users now avoid certain websites and applications and 39% change their passwords regularly.

The survey reached 23,376 Internet users in 24 countries and was conducted between Oct. 7 and Nov. 12.

The countries in the survey included Australia, Canada, China, France, Germany, Great Britain, Japan and the United States.

Cryptographer and computer security specialist Bruce Schneier lamented how the survey's findings have been portrayed, with some pointing out how few people were affected by Snowden's actions or even know his name.

"The press is mostly spinning this as evidence that Snowden has not had an effect: "merely 39%," "only 39%," and so on," Schneier wrote in a blog.

The news articles, "are completely misunderstanding the data," Schneier said, pointing to the fact that the survey found that 39% of Internet users in the world have heard of Snowden.

Read more here:
After the Snowden leaks, 700 million move to avoid NSA spying

Google’s work on full encryption chugs along, with Yahoo’s help

Posted on by

Google is making progress developing a user-friendly tool for fully encrypting peoples messages on their computers, with coding help from Yahoo and a transition to GitHub.

Contributions from Alex Stamos, Yahoos chief security officer, and his team have been incorporated into an updated pre-release version of the browser extension announced Tuesday, Google said in a blog post.

Google cited progress in other areas for the project, which aims to give Internet users an easy-to-use tool for encrypting email messages. The tool would scramble peoples messages before they leave their browser and keep them that way until the recipient decodes them. Known as end-to-end encryption, its typically too complex for non-technical users but Yahoo, WhatsApp and others are developing products around it, in response to cybersecurity and spying concerns.

Googles tool currently exists only as source code for a Chrome extension that developers must compile themselves. The first version was made available in June.

The code is being migrated to the GitHub open-source software repository so other developers can tinker with and improve it, Google said Tuesday.

Weve always believed strongly that end-to-end must be an open source project, and we think that using GitHub will allow us to work together even better with the community, wrote Stephan Somogyi, Googles product manager for security and privacy, in the blog post.

To that end, the projects GitHub listing contains additional information for developers and researchers interested in better understanding the tool, Google said.

The tool still seems a ways off from mainstream use. Its still in alpha, Google said, and not yet available in the Chrome Web Store. We dont feel its as usable as it needs to be, Googles Somogyi said.

But Google is working on a server for managing peoples encryption keys for the tool, usually one of the hardest usability problems with cryptography-related products. Google hopes to have a fully fledged end-to-end encryption tool available next year.

Zach Miners covers social networking, search, and general technology news for the IDG News Service, and is based in San Francisco. More by Zach Miners

Originally posted here:
Google's work on full encryption chugs along, with Yahoo's help

Quantum Encryption Could Make Credit Cards Unhackable

Posted on by

Dutch researchers says we're closer to making such technology a practical reality.

Imagine credit cards and ID cards which could never be hacked. That's the promise of quantum cryptography, which harnesses peculiar properties of subatomic particles to thwart data thieves.

Now a team of Dutch researchers says we're closer to making such technology a practical reality.

Publishing in the current issue of Optica, scientists at the University of Twente and Eindhoven University of Technology describe what they call quantum-secure authentication (QSA) of a "classical multiple-scattering key."

To decipher and authenticate the key, the team illuminated it with "a light pulse containing fewer photons than spatial degrees of freedom and verifying the spatial shape of the reflected light." The upshot is that a would-be hacker couldn't crack the encrypted data "even if all information about the key is publicly known," because the principles of quantum physics prevent the optical response to the key from being emulated.

Which is to say that instead of depending on people keeping a secret or "unproven mathematical assumptions," QSA leverages the immutable properties of quantum mechanics to create a perfectly secure encryption system.

The immediate application of the technology would be to add a "strip of nanoparticles" to a credit card or passport, noted Discovery News. To verify the authenticity of the strip, you'd "zap [it] with a laser in such a way as to create a unique pattern that's impossible to crack."

Such a security layer would be "straightforward to implement with current technology," according to study lead author Pepijn Pinkse of the University of Twente's MESA+ Institute for Nanotechnology.

Pinkse offered a way to visualize how QSA works in an accompanying report seen by Discovery News.

"It would be like dropping 10 bowling balls onto the ground and creating 200 separate impacts. It's impossible to know precisely what information was sent (what pattern was created on the floor) just by collecting the 10 bowling balls," the scientist was quoted as saying.

Continued here:
Quantum Encryption Could Make Credit Cards Unhackable

Interested in encrypting your data? Here’s what you need to know [infographic]

Posted on by

There is more than one way to keep your data safe from prying eyes, but the practice that is most recommended is still the use of encryption. It will ensure that only you will be able to access personal information, requiring a decryption key to unlock your data. Proving just how effective it can be, the US government basically wants both Apple and Google to allow it to bypass the encryption in the latest versions of their mobile operating systems, namely iOS 8 and Android 5.0 Lollipop, respectively, because currently it is unable to directly access that data.

However, there are quite a few things that you should also know about encryption before you decide to go down this road. To learn more about what encryption entails, you can check out the following infographic, called "Protected: A Beginner's Guide To Encryption".

This infographic briefly details the basics of encryption, starting with the encryption key, what encryption software you can use on your PCs and Macs, how to encrypt data stored on cloud storage services, and how to encrypt your emails.

As with cloud-based accounts, the more complex the encryption key, the better your chances of keeping your data private. A strong encryption key will be much, much more difficult to crack than, let's say, "password1234" -- it will not help keep your data safe for long, even if you are using the best encryption around.

Similarly, if you do not use safe browsing habits your data may still be at risk, no matter if it is encrypted. You must also make sure that your devices are protected against unauthorized access when you are not using them -- that means locking them while you are away, using difficult to guess passwords and so on.

Image Credit: VERSUSstudio / Shutterstock

See original here:
Interested in encrypting your data? Here's what you need to know [infographic]

Next gen ransomware: Elliptic cryptic, talks on Tor, demands Bitcoin

Posted on by

Cybercrooks have brewed a strain of ransomware that uses elliptic curve cryptography for file encryption, and Tor for communication.

The malware, dubbed OphionLocker, is spreading using a malicious advertising (malvertising) campaign featuring the RIG exploit kit.

The ransomware encrypts files of particular types on infected systems before using Tor2web URL as a conduit for instructions on how to send the payment and obtain the decryptor tool. The extortionists are asking for a payoff of 1 BTC ($352 at current rates of exchange).

F-Secure reports that if the infection happens on a virtual environment NO ransom payment is requested for a "decryptor tool", which (perhaps unsurprisingly) doesn't work. Virtual environments are commonly used by anti-malware researchers.

The tactic of treating them differently appeared geared towards making analysis that bit more difficult, something ultimately aimed at prolonging the longevity of the scam.

Despite the high profile CryptoLocker takedown, ransomware scams remain an all-too-real threat. Crooks are developing more sophisticated encryption schemes to support their fraud. The use of Tor and elliptic curve cryptography places OphionLocker in the top tier of such scams, but is not unprecedented.

A previous strain of ransomware, CTB-Locker, pioneered the use of elliptic curve cryptography for file encryption and Tor for communication with a command and control server.

OphionLocker was first spotted by Trojan7Malware.

Elliptic curve cryptography (ECC) is a form of encryption based on solving the discrete logarithm of a random elliptic curve element. This, like the more familiar idea of factoring the product of two very large prime numbers, offer a one-way function to underpin the security of public-key cryptography systems.

ECC offers equivalent levels of security with lower key sizes, a particular advantage on systems with limited computing power, such as smartphones.

Visit link:
Next gen ransomware: Elliptic cryptic, talks on Tor, demands Bitcoin

GCHQ spy agency releases code-breaking app on Android

Posted on by

The UKs history ofcryptography is fascinating, with famous cryptanalysts like Alan Turing, Dillwyn Knox, and W. T. Tutte deciphering different code machines used in World War I and II.

To celebrate the achievements of the past and reinvigorate students on cryptography, the GCHQ (Government Communications Headquarters) has released a code-breaking app on Android, named Cryptoy. An iOS versionis set to see a2015 release.

Cryptoy currently focused on four methods of encryption: Shift, Substitution, Vigenre and Enigma. The app makes it especially hard at higher levels, testing students who have the ability to crack code.

The GCHQ is interested in finding the next batch of code-breakers for the future. It is unclear how the GCHQ will get in contact with the potential candidates, or how the GCHQ will be able to identify actual codebreakers from cheaters.

Thisis not the first time the GCHQ has used public routes to employ new code-breakers, the Daily Telegraph ran a cryptic crossword and those who solved itreceived a chance to work at the GCHQ.

Encryption has moved from a wartime function designed to hide messages, to a way for Internet services to provide security against surveillance. This has blackened the GCHQs reputation when it comes to codebreaking, and now the next generation will most likely be cracking Facebook or Apple code.

New encryption techniques are on the rise, as more people worry about who is reading their private messages. Apple and Google recently announced new encryption on mobile devices, set to stop the FBI from accessing the devices without a warrant.

Terrorist organizations still use some encryption techniques when messaging, but some have been caught chatting on Facebook about potential attacks. The attack on UK soldier Lee Rigby was reportedly plannedon Facebook a year beforehand the incident.

Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.

Read the rest here:
GCHQ spy agency releases code-breaking app on Android

GCHQ has made an Android app — but it won’t spy on you

Posted on by

Cryptoy

GCHQ has released its own "fun, free, educational" Android app to teach secondary school students about cryptography.

The Cryptoy app, which has no permissions to access confidential information on Android devices, helps children understand basic encryption techniques and create their own encoded messages.

The government hopes the app could help find the next generation of cyber-spies. Minister for the cabinet office Francis Maude said that it was a "creative solution in the hunt for expertise, but with a 21st century spin".

Cryptoy is only available on Android at the moment, but an iOS version for iPads will be available in 2015, GCHQ said. It is aimed at Key Stage 4 students and covers both the theory and practice of cryptography as well its history.

The idea was first developed by GCHQ's industrial placement students as a test project for the Cheltenham Science Festival but growing interest from teachers to use the app in schools persuaded GCHQ to make it publicly available. The spy-agency said examples of cryptography used in the app are from an "earlier era" but were still relevant to today's techniques.

"Building maths and cyber skills in the younger generation is essential for maintaining the cyber security of the UK and growing a vibrant digital economy," said GCHQ director Robert Hannigan.

He described Cryptoy as a "colourful, interactive way" for students and teachers to explore cryptography. The app is compatible with Android 4.1 and up and is available to download now.

Visit link:
GCHQ has made an Android app -- but it won't spy on you

Bitcoin stalls after hitting record prices in 2013

Posted on by

A Bitcoin sign in a Toronto shop window in May, in better times. Photograph: Mark Blinch/Reuters

After skyrocketing to more than a thousand dollars in price late last year and attracting global attention, bitcoin, the leading digital currency, has stalled.

Figures obtained by Reuters show that while wallets cyberspeak for accounts are being created at a steady clip, many of them are empty.

Analysts also provided Reuters with data that shows liquidity in the cryptocurrency remains limited.

Bitcoin, a virtual currency created through a mining process where a computers resources are used to perform millions of calculations, has been hailed as revolutionary because of its lack of ties to a central bank and its potential as an alternative to credit cards for paying for goods and services.

However, the currencys volatility has slowed broader acceptance. The price of bitcoin has plummeted roughly 50% so far this year. It most recently traded at $356.26, down from a peak of $1,163 in December 2013.

Two of its primary appeals the lower transaction fees compared to credit cards and its use in cross-border transactions have not been enough to offset its ups and downs.

Until a unique application emerges that separates it from credit cards, online payments or other currencies, the expansion may remain slow, many market insiders said.

There has to be some motivation that would help this whole bitcoin system explode, like really good applications for consumers, said Jonathan Levin, a London-based digital currency consultant and co-founder of the Oxford Virtual Currency Group. At the moment, there isnt.

Last weeks second auction of bitcoins by the US marshals service, which showed a drastic drop in bidders from the first sale in June, demonstrated just how far bitcoin has fallen off the radar. The first auction attracted 45 unique bidders, with 63 bids, while the December sale showed just 11 buyers and 27 bids.

Go here to read the rest:
Bitcoin stalls after hitting record prices in 2013