China wants Silicon Valley’s encryption keys: Good business, or get out?

Posted on March 8, 2015 by admin

Summary:China wants the encryption keys from U.S. technology companies as part of a counter-terrorism law. The draft law leaves U.S. tech giants with two options: Play ball or get out.

(Image: stock image)

The Chinese government has introduced plans for a far-reaching counter-terrorism law that would require tech companies to hand over encryption keys and source code -- even "backdoors" to give Chinese authorities surveillance access, according to Reuters.

The draft law, on its second reading in the state's parliament, is expected to be passed in a matter of weeks.

In an interview with the news agency, President Obama said he has brought up the issue with the Chinese premier.

"We have made it very clear to them that this is something they are going to have to change if they are to do business with the United States," the president said.

Except that's not exactly what's going on here. It's U.S. tech companies that want to do business with China, thanks to its massive population, burgeoning economy, and its considerable potential financial returns. It's where some of the big global powerhouses are. It would be absurd to no longer do business in the economic and manufacturing heart of the world.

China's rules are broad and borderline terrifying for companies and countries wanting to do business with the Communist state. Making matters worse, tech companies can't possibly comply with the proposed rules. It's not surprising that China, with a history of stealing intellectual property, state-sponsored hacking, and shutting out businesses it doesn't like from state procurement rules, is not trusted by the West.

But Beijing, which sees the rules as vital in protecting state and business secrets, is the one holding the cards. Beijing doesn't trust Silicon Valley in the wake of the National Security Agency surveillance disclosures.

In that regard, China's move to introduce these laws is just good business sense for the country.

CloudFlare boosts browsing privacy, speed through encryption deployment

Posted on March 8, 2015 by admin

Summary:CloudFlare has gone beyond offering free SSL to millions of websites and is now deploying a new level of encryption by default.

CloudFlare is deploying a new level of encryption to improve the security and speed of its websites, especially when visited through mobile web browsers.

The US-based CDN and DNS provider rolled out free SSL to millions of websites through the Universal SSL scheme last fall. Now, the company has begun rolling out a new form of encryption to improve the performance and security of mobile browsing. Dubbed ChaCha20-Poly1305, the cipher suites have only previously been used by one major tech firm, Google, but all CloudFlare websites now support the new algorithm.

As of the time of writing, approximately 10 percent of CloudFlare HTTPS website connections are using the protocol, but more are to follow.

Nick Sullivan from CloudFlare described the deployment in a blog post on Tuesday, explaining that the protocol for encrypting HTTPS -- Transport Layer Security (TLS) -- allows the easy integration of new encryption algorithms. The new cipher, based on the ChaCha20 and Poly1305 algorithms, fills the gap left by mobile browsers and APIs in TLS right now for secure encryption.

In addition, ChaCha20-Poly1305 improves upon the security of the de facto stream cipher choice for TLS, RC4 -- which is no longer considered secure. Another alternative, the AES-GCM cipher, is a good choice, but can be costly when it comes to mobile battery life. Therefore, users have been stuck between power-hungry or insecure encryption options.

In order to combat this problem and find a power-friendly alternative for mobile devices, Google engineers developed ChaCha20-Poly1305, which was included in Chrome 31 in November 2013, and Chrome for Android and iOS at the end of April 2014.

"Having the option to choose a secure stream cipher in TLS is a good thing for mobile performance," Sullivan says. "Adding cipher diversity is also good insurance. If someone finds a flaw in one of the AES-based cipher suites sometime in the future, it gives a safe and fast option to fall back to."

ChaCha20-Poly1305, a mixture of ChaCha20, a stream cipher; and Poly1305, a code authenticator -- developed by Professor Dan Bernstein -- is designed to provide 256-bit security, in comparison to the AES-GCM cipher, which provides around 128 bits of security.

CloudFlare says this level is "more than sufficient" for HTTPS connections. In addition, ChaCha20-Poly1305 also protects TLS against cyberattackers inserting fake messages into secure streams.

More:
CloudFlare boosts browsing privacy, speed through encryption deployment

Regex Fundamentals – Video

Posted on March 8, 2015 by admin

Regex Fundamentals
Grundlagen zu Regular Expressions Regex in einem Linux Kontext Linux und Open Source Software Kurse: http://www.openeducation.ch.

By: OpenEducation

Excerpt from:
Regex Fundamentals - Video

SafeLogic’s "Kosher Data Encryption" at @CloudExpo | @SafeLogic [#Cloud]

Posted on March 7, 2015 by admin

By Elizabeth White

Article Rating:

Reads:

Cryptography has become one of the most underappreciated, misunderstood components of technology. It's too easy for salespeople to dismiss concerns with three letters that nobody wants to question. Yes, of course, we use AES.'

But what exactly are you trusting to be the ultimate guardian of your data? Let's face it - you probably don't know. An organic, grass-fed Kobe steak is a far cry from a Big Mac, but they're both beef, right? Not exactly. Crypto is the same way. The US government requires all federally deployed technology to meet minimum standards. For encryption, if it hasn't been certified to meet the FIPS 140-2 benchmark, it is considered the equivalent of exposing your data in plain text. That's how crucial it is.

In cloud environments, when you are already showing a great deal of trust to relinquish physical control of your infrastructure, encryption should be verified to meet high benchmarks. There is simply no reason to accept mystery meat here.

In his session at 16th Cloud Expo, Ray Potter, CEO and co-founder of SafeLogic, will explain the significance of FIPS 140-2, FISMA and FedRAMP for cryptographic modules, and discuss compliance and validation from end-user and vendor perspectives. He will also discuss:

So the next time it comes up, you'll know all the right questions to ask your butcher.

Speaker Bio Ray Potter is the CEO and co-founder of SafeLogic. Previously, he founded Apex Assurance Group and led the Security Assurance program at Cisco Systems. Ray currently lives in Palo Alto and enjoys cycling and good bourbon, although not at the same time.

Read the rest here:
SafeLogic's "Kosher Data Encryption" at @CloudExpo | @SafeLogic [#Cloud]

‘I thought he was just a great kid, and had real potential’

Posted on March 7, 2015 by admin

In the months before a 17-year-old at Prince William Countys Osbourn Park High School was taken out of his home in handcuffs, accused of helping terrorists, he seemed to be doing the same thing as all his peers: lining up references for his college applications.

The boy did not yet know where he wanted to go or what he wanted to study economics, computer science and cryptography were just three ideas he floated to a former teacher. But with above-average intelligence and a strong desire to learn new things, he seemed destined for success, those who knew him said.

I thought he was just a great kid and had real potential, said Bruce Averill, a former teacher at the Governors School @ Innovation Park in Manassas who had the youth in a college-level chemistry course.

Federal authorities saw the teen differently. By their account, the youngster successfully helped a man not much older than himself travel to Syria and join the Islamic State. The teen, officials said, is believed to have used online contacts to help make arrangements for the mans trip. He is also believed to have involved another 17-year-old Osbourn Park student in his plot.

The case is still in its infancy the teen was taken into custody Feb. 27 and charged as a juvenile but is already drawing attention from law enforcement officials and lawmakers on Capitol Hill. On Thursday, Rep. Barbara Comstock (R-Va.) sent a letter to FBI Director James B. Comey asking for a briefing. She said in an interview that she was concerned about a spate of cases in which the Islamic State seemed to have successfully wooed youths in the United States.

We want to intercede and get engaged on this before it gets worse, Comstock said.

James R. Clapper Jr., director of national intelligence, said recently that about 180 Americans have gone or tried to go to Syria since the conflict there began, although not all had nefarious intentions. Late last month, after three Brooklyn men were arrested on charges that they planned to travel to Syria to join the Islamic State, Michael Steinbach, the FBIs assistant director of the counterterrorism division, briefed a congressional subcommittee about the problem.

FBI spokesman Chris Allen said the bureau and the Department of Homeland Security also recently issued a bulletin to local law enforcement officials about the continuing trend of Western youth being inspired by [the Islamic State] to travel to Syria to participate in conflict.

Allen said authorities are concerned about recruitment efforts made by the Islamic State particularly through social media engagement, and we urge the public to remain vigilant and report any suspicious activity to law enforcement.

The case in Virginia seems to be yet another example of the phenomenon, although much remains unclear. The teen is charged as a juvenile as prosecutors navigate the process to move the case to adult court. The man he helped travel has not been publicly charged.

Continued here:
‘I thought he was just a great kid, and had real potential’

Cryptocurrency software bundled with BitTorrent triggers complaints

Posted on March 7, 2015 by admin

After updating BitTorrent's uTorrent, some users reported that mining software had appeared on their PCs without their consent

Some people who use uTorrent, the popular BitTorrent client, are up in arms over the presence of cryptocurrency mining software on their computers which they say was installed without their permission.

The mining software, made by the company Epic Scale, started appearing for some people earlier this week after they updated to the latest version of uTorrent, a program made by BitTorrent for downloading files. In forums online, users have likened the software to bloatware, as it taxes their computer processor without their consent. Cryptocurrency mining software is used to release bitcoins and other digital currencies by having computers persistently perform complex mathematical calculations.

Some uTorrent users have said their computers were slowing down and overheating due to the software, kicking their fans into overdrive. Others reported persistent pop-ups they couldn't remove, or messages saying their computers were unable to connect to a server.

"When I arrived home this evening my PC was running at full tilt and practically blowing steam," one user wrote on the site for FreeFixer, which makes a tool for removing unwanted software. A thread there has amassed dozens of complaints over the past couple of days.

Users said they received no notification that the software was being installed.

"The only reason I found out about it was that I was playing a game and it was running much slower than usual with constant hiccups," one user wrote.

Users have reported similar complaints in a forum on uTorrent's own site, according to news reports, but those threads have since been removed.

A spokesman for uTorrent maker BitTorrent said there is no silent install happening. Epic Scale is one of many partners that BitTorrent has that might provide installation offers during the install of uTorrent, and the installation is optional, BitTorrent said in a joint blog post with Epic Scale on Friday.

Still, BitTorrent is looking into the issue internally and with Epic Scale, BitTorrent said in the post. The company has received less than a dozen inquiries about the issue over the past 24 hours, the spokesman said.

Originally posted here:
Cryptocurrency software bundled with BitTorrent triggers complaints

U.S. military ordered to refer to Chelsea Manning as female

Posted on March 7, 2015 by admin

WASHINGTON, March 5 (UPI) -- The U.S. military has been ordered to use female pronouns when referring to Chelsea Manning, the transgender soldier who is serving 35 years in prison for giving classified military documents to Wikileaks.

The U.S. Army Court of Criminal Appeals ruled Thursday that the military must use either female or gender-neutral pronouns when referencing Manning in the future. The military may no longer refer to Manning as a man.

Manning, formerly known as Bradley, announced in August 2013 that she was a woman.

"As I transition into this next phase of my life, I want everyone to know the real me," Manning said in the statement at the time. "I am Chelsea Manning. I am a female. Given the way that I feel, and have felt since childhood, I want to begin hormone therapy as soon as possible. I hope that you will support me in this transition."

Last month, the Army approved hormone therapy for her.

Thursday's ruling also means Manning will henceforth only be known by her new name, Chelsea, not Bradley.

Visit link:
U.S. military ordered to refer to Chelsea Manning as female

Military court: Army must not refer to WikiLeaks leaker Manning as a male

Posted on March 7, 2015 by admin

A military appeals court on Thursday ordered the government to refrain from referring to WikiLeaks leaker Pvt. Chelsea Manning as a male.

After the August 2013 espionage conviction for leaking more than 700,000 documents and video, Manning announced that she would live as a woman with the name Chelsea going forward. She also appealed the conviction. A non-military judge approved the name change last year. Hormone therapy, which she is now getting, is assisting her transition. Manning has been diagnosed with gender dysphoria.

"Reference to appellant in all future formal papers filed before this court and all future orders and decisions issued by this court shall either be neutral, e.g., Private First Class Manning or appellant, or employ a feminine pronoun," the US Army Court of Criminal Appeals ruled Thursday.

The military had opposed referring to Manning as a female in court documents. The government argued that "unless directed otherwise," it would continue "using masculine pronouns."

Chase Strangio, an ACLU attorney for Manning, said the military tribunal is "dignifying Chelsea's womanhood."

"This is an important development in Chelseas fight for adequate medical care for her gender dysphoria. That fight continues but at least the government can no longer attempt to erase Chelseas identity by referring to her as male in every legal filing," Strangio said.

The "Free Chelsea Manning" network said Thursday that the military, which bans transgender people from serving, "is continuing to deny Chelseas request to grow her hair consistent with the standards for female prisoners."

Manning, who is jailed in Kansas at Fort Leavenworth, now writes for the Guardian. In December, she wrote:

The challenges that trans people are forced to navigateeven in accessing identification, but in so much moreare the result of institutional bias that favors cisgender people and assumes that trans people are deviant. When your own governments policies send a message that you dont existor that you shouldntits devastating. Despite ample evidence that trans people have existed in most cultures throughout history, and the medical consensus that trans people can live healthy, productive lives, many governments continue to impose barriers on trans people that can make it almost impossible to survive.

More:
Military court: Army must not refer to WikiLeaks leaker Manning as a male

Chelsea Manning: Struggling to Learn to Call People What They Want to Be Called

Posted on March 7, 2015 by admin

Chelsea Manning, the Wikileaks superstar we used to know as Bradley Manning, will now be referred to as she or a gender-neutral pronoun in all future court proceedings.

Josh Wolford reported earlier today on the court ruling that means that the U.S. military must stop referring to Manning as he or male.

This is an important victory for Chelsea, who has been mistreated by the government for years, said Mannings attorney Nancy Hollander in a statement. Though only a small step in a long legal fight, my co-counsel, Vincent Ward, Captain Dave Hammond, and I are thrilled that Chelsea will be respected as the woman she is in all legal filings.

Manning fought for hormonal treatment in her transition to womanhood. She won that only after filing a lawsuit in September of last year.

She brings this action to compel defendants to treat her serious medical needs consistent with their obligation under the Constitution, said the lawsuit. Mannings lawyers claimed that lack of hormonal treatment would cause Manning to suffer continued pain, depression and anxiety and that she is at an extremely high risk of self-castration and suicidality.

It took the DOD until February of this year to finally give in.

After carefully considering the recommendation that (hormone treatment) is medically appropriate and necessary, and weighing all associated safety and security risks presented, I approve adding (hormone treatment) to Inmate Mannings treatment plan, wrote Col. Erica Nelson in a memo.

Mannings fight which has all but overshadowed the reason she is imprisoned in the first place is yet another chapter in Americas struggle to find its place in the gender identity discussion. Other countries and cultures have made peace with this issue long ago. But America seems to want to fight this out on its own, as though the experience of no other cultures has any relevance to us.

One clue to Americas difficulty with gender identity issues lies in how we label it. While in the U.S. Army, Bradley Manning was diagnosed with gender identity disorder. The Diagnostic and Statistical Manual of Mental Disorders, Fifth Edition (DSM-5) calls this gender dysphoria. This term is more acceptable to transgendered persons in general because is only addresses the discontent that transgendered persons feel with the anatomical gender of their birth. Calling it a disorder stigmatizes and marginalizes people who honestly never felt comfortable with their own bodies.

Manning says she has felt female since childhood. This is a statement that many Americans are squeamish about. They say things like:

Continued here:
Chelsea Manning: Struggling to Learn to Call People What They Want to Be Called

Chelsea Manning Wins Fight to Be Called “She”

Posted on March 7, 2015 by admin

In a legal fight overs pronouns, chalk one up for gender rights.

Chelsea Manning, the Wikileaks leaker formerly known as Bradley Manning, will now be referred to as she or a gender-neutral pronoun in all future court proceedings.

What this means, in effect, is that the US military must stop referring to Chelsea Manning as a man.

In September of last year Manning sued the US Department of Defense, claiming she had been denied access to medically necessary treatment in connection with a gender disorder.

Manning accused the military of stalling.

But then last month, the DoD gave in.

Above: Army Image of Chelsea Manning, in 2012, when known as Bradley Manning

See more here:
Chelsea Manning Wins Fight to Be Called “She”