Monthly Archives: July 2014

Personal Privacy Is Only One of the Costs of NSA Surveillance

Posted on by

Photo: Name Withheld; Digital Manipulation: Jesse Lenz

There is no doubt the integrity of our communications and the privacy of our online activities have been the biggest casualty of the NSAs unfettered surveillance of our digital lives. But the ongoing revelations of government eavesdropping has had a profound impact on the economy, the security of the internet and the credibility of the U.S. governments leadership when it comes to online governance.

These are among the many serious costs and consequences the NSA and those who sanctioned its activitiesincluding the White House, the Justice Department and lawmakers like Sen. Dianne Feinsteinapparently have not considered, or acknowledged, according to a report by the New America Foundations Open Technology Institute.

Too often, we have discussed the National Security Agencys surveillance programs through the distorting lens of a simplistic security versus privacy narrative, said Danielle Kehl, policy analyst at the Open Technology Institute and primary author of the report. But if you look closer, the more accurate story is that in the name of security, were trading away not only privacy, but also the U.S. tech economy, internet openness, Americas foreign policy interests and cybersecurity.

Over the last year, documents leaked by NSA whistleblower Edward Snowden, have disclosed numerous NSA spy operations that have gone beyond what many considered acceptable surveillance activity. These included infecting the computers of network administrators working for a Belgian telecom in order to undermine the companys routers and siphon mobile traffic; working with companies to install backdoors in their products or network infrastructure or to devise ways to undermine encryption; intercepting products that U.S. companies send to customers overseas to install spy equipment in them before they reach customers.

The Foundations report, released today, outlines some of the collateral damage of NSA surveillance in several areas, including:

The economic costs of NSA surveillance can be difficult to gauge, given that it can be hard to know when the erosion of a companys business is due solely to anger over government spying. Sometimes, there is little more than anecdotal evidence to go on. But when the German government, for example, specifically cites NSA surveillance as the reason it canceled a lucrative network contract with Verizon, there is little doubt that U.S. spying policies are having a negative impact on business.

[T]he ties revealed between foreign intelligence agencies and firms in the wake of the U.S. National Security Agency (NSA) affair show that the German government needs a very high level of security for its critical networks, Germanys Interior Ministry said in a statement over the canceled contract.

Could the German government simply be leveraging the surveillance revelations to get a better contract or to put the US on the defensive in foreign policy negotiations? Sure. That may also be part of the agenda behind data localization proposals in Germany and elsewhere that would force telecoms and internet service providers to route and store the data of their citizens locally, rather than let it pass through the U.S.

But, as the report points out, the Germans have not been alone in making business decisions based on NSA spying. Brazil reportedly scuttled a $4.5 billion fighter jet contract with Boeing and gave it to Saab instead. Sources told Bloomberg News [t]he NSA problem ruined it for the US defense contractor.

Go here to see the original:
Personal Privacy Is Only One of the Costs of NSA Surveillance

BlackBerry Acquires Encryption Service Secusmart

Posted on by

BlackBerry has acquired the encryption service that manages German Chancellor Angela Merkel's secrets.

In the wake of the Snowden leaks, security has been top of mind for consumers and businesses alike, and BlackBerry is hoping to take advantage of that with the acquisition of high-security voice and data encryption service Secusmart.

Terms of the deal were not immediately revealed.

The companies have previously partnered to bring Secusmart's technology to BlackBerry; SecuSUITE for BlackBerry 10 was selected last year by Germany's Federal Office for Information Security for the government's classified communications.

"We are always improving our security solutions to keep up with the growing complexity of enterprise mobility, with devices being used for more critical tasks and to store more critical information, and security attacks becoming more sophisticated," BlackBerry CEO John Chen said in a statement.

This acquisition "underscores our focus on addressing growing security costs and threats," Chen said. It also demonstrates the company's commitment to international agencies, counting among its customers all G7 governments, 16 of the G20 ministries, and a number of global enterprises. That includes German Chancellor Angela Merkel, BlackBerry said, who reportedly had her cell phone bugged by U.S. intelligence last year.

According to the company, BlackBerry carries more security certifications than any other mobile vendor, and is the only organization with official approval to run on U.S. Department of Defense networks.

"Secusmart and BlackBerry's solution already meets the highest security requirements of the German federal authorities and NATO for restricted communications," said Dr. Hans-Christoph Quelle, managing director of Secusmart. "We see significant opportunities to introduce Secusmart's solutions to more of BlackBerry's government and enterprise customers around the world."

BlackBerry recently updated its BBM messaging service to add Protected: the first solution in the recently announced eBBM Suite for "secure enterprise-class messaging."

BBM Protected provides separate encryption keys for each message sent, rather than one for an entire conversation, meaning a hacker would have to crack each individual code and then string them together to see the whole chat.

See the original post:
BlackBerry Acquires Encryption Service Secusmart

Rackspace joins Vormetric Cloud Partner Program

Posted on by

Summary: Rackspace plans to utilize encryption and key management services from Vormetric's Transparent Encryption solution.

By Natalie Gagliordi for Between the Lines | July 29, 2014 -- 14:06 GMT (07:06 PDT)

Web-hosting company Rackspace is joining the Vormetric Cloud Partner Program, with plans to utilize encryption and key management services from Vormetric's Transparent Encryption solution.

More specifically, Rackspace customers will be able to secure data-at-rest environments within Rackspace's managed cloud. That extra level of security is needed for Rackspace customers with heavy compliance requirements, such as government or healthcare organizations.

Rackspace customers will also enjoy a boost in encryption speed within their managed cloud environments. The Vormetric Transparent Encryption tool touts a high speed, hardware-based encryption method using Intel AES-NI and Secure Key technologies.

Vormetric's VP of cloud C.J. Radford reiterated the security benefit the collaboration brings to Rackspaces managed cloud:

"Given that security is the No. 1 concern of enterprises looking to embrace cloud and hosting solutions, Vormetric gives Rackspace's customers the ability to use Vormetric's Transparent Encryption solution within Rackspace environments. By using Vormetric Transparent Encryption, Rackspace customers can seamlessly protect data with encryption and access controls, keep control of encryption keys within the enterprise, and gather the security intelligence that can identify when an attack is in progress."

More:

Topics: Cloud, Data Management

Natalie is a ZDNet staff writer based in Louisville, Kentucky.

See original here:
Rackspace joins Vormetric Cloud Partner Program

Rackspace Joins the Vormetric Cloud Partner Program

Posted on by

Vormetric on Tuesday announced that Rackspace Hosting has joined the Cloud Partner program, and will be offering encryption and key management services to customers via Vormetric's Transparent Encryption solution. Vormetric's Transparent Encryption combines the performance, flexibility, simplicity and scalability needed to safeguard data-at-rest within Rackspace's managed cloud environments, enabling customers to address their compliance requirements, and to help protect sensitive information.

"Organizations have increasingly adopted Rackspace as their provider of choice for enterprise class cloud and hosting solutions," said John Engates, CTO at Rackspace. "With Vormetric, we've added new capabilities to extend data security practices to our customer implementations across our managed cloud platform."

Rackspace customers can use Vormetric's Transparent Encryption solution within Rackspace environments.

A top concern that organizations have with encryption is performance. Vormetric Transparent Encryption addresses this concern with high speed, hardware-based encryption using Intel AES-NI and Secure Key technologies. The result is strong protection and great performance within Rackspace environments.

"Given that security is the #1 concern of enterprises looking to embrace cloud and hosting solutions, Vormetric gives Rackspace's customers the ability to use Vormetric's Transparent Encryption solution within Rackspace environments," explained Vormetric's vice president of cloud, C.J. Radford. "By using Vormetric Transparent Encryption, Rackspace customers can seamlessly protect data with encryption and access controls, keep control of encryption keys within the enterprise, and gather the security intelligence that can identify when an attack is in progress."

Originally posted here:
Rackspace Joins the Vormetric Cloud Partner Program

The great Ars experiment—free and open source software on a smartphone?!

Posted on by

Android minus the Google Apps. We've got some work to do.

Ron Amadeo

Android is a Google productit's designed and built from the ground up tointegrate with Google services andbe a cloud-powered OS. A lot of Android is open source, though, and there's nothing that says youhave to use it the way that Google would prefer.With some work, its possible to turn a modern Android smartphone into a Google-less, completely open deviceso we wanted to try just that. Afterdusting off the Nexus 4 and grabbing a copy of the open source parts of Android,we jumped off the grid and dumped all theproprietaryGoogle and cloud-based services you'd normally use on Android. Instead, this experiment runs entirely onopen source alternatives. FOSS or bust!

But, wait... did we say we'd dump "all" services? Not going to happen. Almostinstantly, wehad tocompromise our open source ideals due to hardware.The SoC in the Nexus 4 is made by Qualcomm, and manyof the drivers for it are closed source(this is the case with nearly all smartphones, not just our sacrificial Nexus 4). The firmware and drivers for the cellular modem, Wi-Fi, Bluetooth, GPS, NFC, and camera are closed source, too. The CyanogenModrepository has a list of closed source drivers ineach device branch called "proprietary-blobs.txt." You can see the list for our Nexus 4 here, which is 184 items long.

These chunks of proprietary code come from the component manufacturers themselves (Qualcomm, Broadcom, Synaptics, Sony, Samsung), and seeing what's in them usually requires you to be a big developer with an NDA in place. While some of this code is locked downfor competitive reasons,there's also a concern that modifying the firmware for basic components could damage the device or, in the case of the modem,disrupt the cellular network. There is reallyno escaping proprietary component firmwareon any device (though some are trying), so we had to hold our nose and just deal with it. With that disclaimer, the journey begins:

It starts withCyanogenMod (CM), what we're going with for our software build. The "Android" that ships on phones today is a mix of open source software from the Android Open Source Project (AOSP) and proprietary Google software. CyanogenMod takes AOSP, adds a bunch of handy enhancements, and ports it to tons of devices.While most people install CyanogenMod and immediately sideloadthe proprietary Google Apps, that's an extra, optional step. This experience isall about FOSS, so we're going to skip the Googley parts and just run raw AOSP-based CM.

Installing CyanogenMod today is a relatively simple affair, thanks to the CyanogenMod installer.If you're interested in what installing CM looks like, check out our previous article on the process.

Ron Amadeo

Time to install, boot up, andhey, this doesn't look so bad! At only one page, theapp selection is a little sparse, but it looks like we're starting with a good amount of base functionality. We still get software buttons and a status bar. The home screen (CM's "Trebuchet")even looks like Google's KitKat version, minus the Google Now integration.

Even with the seriously slimmed down app selection, a lot of these apps are junk. DSP Manager isCyanogenMod's audio equalizer, which really belongs in thesettings somewhereinstead of theapp drawer. Movie Studio, Sound Recorder, and Voice Dialerare part of AOSP, but like a lot of AOSP apps, they aren't actively developed and aren't meant to be taken seriously. Terminal Emulator is definitely one of those apps that belongs in an app store, since the majority of users won't touch it.

Go here to see the original:
The great Ars experiment—free and open source software on a smartphone?!

Your iPhone Can Finally Make Free, Encrypted Calls

Posted on by

If youre making a phone call with your iPhone, you used to have two options: Accept the notionthat any wiretapper, hacker or spook can listen in on your conversations, or pay for pricey voice encryption software.

As of today theres a third option: The open source software group known as Open Whisper Systems has announced the release of Signal, the first iOS app designed to enable easy, strongly encrypted voice calls for free. Were trying to make private communications as available and accessible as any normal phone call, says Moxie Marlinspike, the hacker security researcher who founded the nonprofit software group. Later this summer, he adds, encrypted text messaging will be integrated into Signal, too, to create what he describes as a single, unified app for free, easy, open source, private voice and text messaging.

Signal encrypts calls with a well-tested protocol known as ZRTP and AES 128 encryption, in theory strong enough to withstand all known practical attacks by anyone from script-kiddy hackers to the NSA. But WIREDs test calls with an early version of the app, after a few false-starts due to bugs that Marlinspike says have now been ironed out, were indistinguishable from any other phone call. The only sign users have that their voice has been encrypted is a pair of words that appear on the screen. Those two terms are meant to be read aloud to the person on the other end of the call as a form of authentication. If they match, a user can be sure he or she is speaking with the intended contact, with no man-in-the-middle eavesdropping on the conversation and sneakily decrypting and then re-encryptingthe voice data.

Like any new and relatively untested crypto app, users shouldnt entirely trust Signals security until other researchers have had a chance to examine it. Marlinspike admits there are always unknowns, such as vulnerabilities in the software of the iPhone that could allow snooping. But in terms of preventing an eavesdropper on the phones network from intercepting calls, Signals security protections are probably pretty great, he says.

After all, the technology behind Signal isnt exactly new. Marlinspike first took on the problem of smartphone voice encryption four years ago withRedphone, an Android app designed to foil all wiretaps.Signal and Redphone both use an encryption protocol called ZRTP, invented by Philip Zimmermann, the creator of the iconic crypto software PGP.

Zimmermann has developed his own iPhone implementation of ZRTP for his startup Silent Circle, which sells an iPhone and Android app that enables encrypted calls and instant messaging. But unlike Open Whisper Systems, Silent Circles charges its mostly corporate users $20 a month to use its closed-source privacy app. Signal offers the same services gratis, making it the first free encryption app of its kind for iOS.

Since Silent Circle users are limited to calling only contacts with the same paid software installed, its practicality for non-business users has been limited. Though Signal and Redphone users similarly cant make encrypted calls to users without Open Whisper Systems apps installed, they can make secure calls from one app to the other, a feature that will make both Android and iOS-encrypted calling apps vastly more practical. Marlinspike notes that journalists hoping to communicate privately with a source, for instance, would have a difficult time convincing them to shell out for an expensive subscription app. If you want the ability to, in principle, call anyone securely, it really has to be free, says Christine Corbett Moran, one of the lead volunteer coders on Signal.

Instead of taking the for-profit startup route, Open Whisper Systems will instead by funded by a combination of donations and government grants. Marlinspike says the project has received money from the free-software-focused Shuttleworth Foundation and the Open Technology Fund, a U.S. government program that has also funded other privacy projects like the anonymity software Tor and the encrypted instant messaging website Cryptocat.

That government funding is ironic given the last years boost in encryption interest from the Snowden Effect: Open Whisper Systems argues, like other encryption projects, that the eavesdropping countermeasures Signal and its Android counterpart provide are more important than ever in the wake of Snowdens year of revelations of blanket spying by the NSA. When I call the United States Im hearing more and more self-censorshiprelatives in the U.S. saying, Id rather talk about this in person, says Moran, who is pursuing a PhD in Astrophysics at the University of Zurich. Thats not a climate anyone should have to live in.

Open Whisper Systems founder Marlinspike has been a fixture of the security and cryptography community for years, demonstrating groundbreaking hacks like ones that revealed vulnerabilities in the Web encryption SSL and Microsofts widely used VPN encryption MS-CHAPv2. He co-founded the San Francisco-based startup Whisper Systems in 2010 with the intention of hardening the security of Googles Android and providing tools for encrypted communications. But that work took a hiatus when Whisper Systems was acquired by Twitter in late 2011.

Read more from the original source:
Your iPhone Can Finally Make Free, Encrypted Calls

Cryptocurrency Round-Up: Blockchain Returns to App Store and Coinapult Tackles Bitcoin Volatility

Posted on by

Apple welcomes back Blockchain's wallet app to its App Store, while Coinapult takes aim at bitcoin's volatility.

A brief period of stability has settled over bitcoin after a few bad days of tumbling prices, marked by two separate and sudden drops.

Both litecoin and peercoin also enjoyed a moment of calm, each shifting in value by less than 1% since yesterday.

The biggest mover across all markets was rainbowcoin, which jumped by more than 850% over the last 24 hours. Despite the massive leap, the cryptocurrency geared towards the LGBT community still only has a relatively modest market capitalisation of around $50,000 (30,000).

Bitcoin and Apple make peace

Blockchain has returned to iOS after Apple reinstated its bitcoin wallet app to the App Store yesterday.

The move comes more than five months after Blockchain and other bitcoin-related apps were banned by Apple.

"We're very excited to continue investing in iOS again and working with Apple to reimagine how the world transacts," said Nicolas Cary, CEO of Blockchain.

Following the February ban, Cary labelled Apple "anticompetitive" and "capricious" and warned that its treatment of bitcoin was a strategic mistake that would result in Android taking the early lead in fintech and bitcoin software.

Coinapult takes aim at bitcoin volatility

More:
Cryptocurrency Round-Up: Blockchain Returns to App Store and Coinapult Tackles Bitcoin Volatility

Kanye West Defeats Coinye Cryptocurrency in Lawsuit

Posted on by

PREV

See Beastie Boys' Completed 'Paul's Boutique' Mural

Keith Urban Concert Leaves 22 Hospitalized

When the creators of the Coinye West were finally unmasked and served with a lawsuit back in March it seemed that the contentious cryptocurrency was on the ropes, and now the legal proceedings have finally drawn to a close, reports NBC News. Documents filed in the case last week brought an official end to Kanye West's lawsuit against South Park-referencing e-coins.

Kanye first started battling the creators back in January with a cease-and-desist letter, but it quickly became clear that the men behind the currency had inflammatory goals. Even when faced with legal action, they said they'd only suspend service once 'Ye himself asked them to stop. After months of legal proceedings, however, they've met an anticlimactic end. Kanye filed suit against a handful of named defendants, most of whom lost the suit by default for failing to acknowledge the charges. According to the documents that surfaced last week, three defendants chose to settle with Kanye.

At least now all involved can get back to their lives and Yeezus can get back to being a blowfish.

spin

SPIN SINGLES MIX: 10 HIPPIE RAPPERS, AUSSIE BEATMAKERS,...

See the original post here:
Kanye West Defeats Coinye Cryptocurrency in Lawsuit