Monthly Archives: March 2015

Whistleblower Edward Snowden comments on possibility of a fair trial if he returned home to the U.S. – Video

Posted on by


Whistleblower Edward Snowden comments on possibility of a fair trial if he returned home to the U.S.
To read the full story of Snowden #39;s web chat: http://www.cbc.ca/1.2979923 Subscribe to CBC News to watch more videos: https://www.youtube.com/user/cbcnews?sub_confirmation=1 Connect...

By: CBC News

Link:
Whistleblower Edward Snowden comments on possibility of a fair trial if he returned home to the U.S. - Video

Edward Snowden won’t return to U.S. without a fair trial …

Posted on by

Edward Snowdens lawyer on Wednesday sought to tamp down speculation that the fugitive whistle-blower could soon return to the United States.

Anatoly Kucherena told a news conference Tuesday that his client wants to go home and has teamed up with U.S. and German lawyers to work on the issue.

Some reporters must have misinterpreted what I said during my press conference and jumped to the wrong conclusion that my client was about to go home already, Kucherena told the Los Angeles Times in Moscow. This is not happening until the U.S. government stops politicizing Edward's case and offers him a fair and unbiased trial.

The 31-year-old former National Security Agency contractor, who is wanted on U.S. charges of theft and espionage, has been living in Russia since he fled there in 2013 and was granted asylum.

Of course Edward is often homesick, Kucherena said. But the last thing he wants is to travel to the United States to be immediately imprisoned for an indefinite period pending trial when the government openly calls him a traitor.

He said Snowden would welcome an opportunity to defend himself publicly in an open and fair trial, but that the chances of that happening appeared to be very slippery.

In the meantime, Kucherena said, Snowden has been enjoying working as an IT specialist at a Russian company. He receives regular visits from his longtime girlfriend, Lindsey Mills, and they spend their time fruitfully, going to museums, concerts and the theater, he said.

Edward enjoys Russian culture and is eagerly learning the Russian language, Kucherena added.

Snowden has not been assigned a round-the-clock security detail, Kucherena said, but Edward understands full well that he should continue to be very careful about everything he does, given the potential security risks, which he doesn't believe are diminishing.

Russian authorities won't stop Snowden if he decides to leave the country, according to an official with the Foreign Ministry.

See original here:
Edward Snowden won't return to U.S. without a fair trial ...

Snowden says US not offering fair trial if he returns

Posted on by

TORONTO: Edward Snowden, the fugitive former U.S. spy agency contractor who leaked details of mass U.S. surveillance programs, said on Wednesday he is not being offered a fair trial if he returns to the United States.

"I would love to go back and face a fair trial, but unfortunately ... there is no fair trial available, on offer right now," he said from Russia in a live question and answer discussion organised by Canadian Journalists for Free Expression, Toronto's Ryerson University and the Canadian Broadcasting Corp.

"I've been working exhaustively with the government now since I left to try to find terms of a trial," he said.

On Tuesday, his Russian lawyer had said that Snowden has been working with American and German lawyers on a way to return to the United States.

During Wednesday's discussion, in which he took questions via Twitter and from a Toronto audience, Snowden said Canada falls well below other Western nations in the level of oversight it puts on its spy agencies.

"Canadian intelligence has one of the weakest oversight frameworks out of any Western intelligence agency in the world," he said.

He did not comment specifically on new legislation proposed by Canada's Conservative government that would expand the powers of the Canadian Security Intelligence Service, the country's main intelligence service. Critics say the new bill provides little to no additional oversight.

In January, CBC News and news website The Intercept reported that 2012 documents sourced from Snowden showed that Canada's electronic spy agency, the Communications Security Establishment, had intercepted and analysed up to 15 million file downloads a day.

The Canadian media advocacy group that co-hosted Wednesday's event also launched an archive of all previously published documents released by media outlets working with Snowden. (https://cjfe.org/snowden)

(Additional reporting and writing by Alastair Sharp; Editing by Chris Reese and Peter Galloway)

Go here to read the rest:
Snowden says US not offering fair trial if he returns

Encryption flaw opened Android and Apple smartphones to online drive-by attacks

Posted on by

Ninety-five per cent of the world's smartphones in use today have been wide open to a decade-old flaw that would have enabled attackers to steal passwords and other sensitive data.

The security flaw, dubbed "Freak", would have exposed visitors to US government websites - and possibly many more - to drive-by attacks. The websites that exploited the flaw included Whitehouse.gov, NSA.gov and FBI.gov.

News of the flaw was made public when internet company Akamai revealed in a corporate blog for customers that it was working to provide a fix. The flaw was discovered following last year's discovery of a catastrophic flaw in OpenSSL.

"The problem is that, until CVE 2015-0204 was raised - and fixed - an OpenSSL client using strong ciphers (anything other than export) could be tricked into accepting such a weak key. An attacker connects to the web server with an export cipher and gets a message signed with the weak RSA key, wrote Akamai's Rich Salz.

He continued: "He then cracks that key. The following day, for future connections from innocent browsers, he can act as a man in the middle. The attacker will use the cracked key to connect to clients, who will accept it. The attacker will then have access to all communication between the client and server. A server that does not support the export ciphers will never use the export RSA key and never send it to a client. A client that has the CVE fixed will never accept such a key."

The security flaw was found by a team of researchers from Microsoft and IT security organisations in the US, France and Spain. It was the result of a ban on US exports of "strong" encryption until the late 1990s, which saw much weaker security standards adopted in widely used software instead. The use of that software continued as a result of inertia in the IT industry, even after the US export ban was lifted.

"Researchers discovered in recent weeks that they could force browsers to use the old export-grade encryption then crack it over the course of just a few hours. Once cracked, hackers could steal passwords and other personal information and potentially launch a broader attack on the Web sites themselves by taking over elements on a page, such as a Facebook 'Like' button," reported the Washington Post.

John Hopkins University cryptographer Matthew Green, one of the researchers who helped uncover the flaw, said that it demonstrated the folly of governments attempt to mandate backdoors into secure software so that they could eavesdrop on people's online and communications activities.

Weakening security, he said, added complexity that attackers with nefarious intent could - and would - exploit. "When we say this is going to make things weaker, we're saying this for a reason."

The name "Freak" stands for "factoring related attack on RSA keys" and describes how the attack works against the Data Encryption Standard (DES) when one system authenticates with another.

See more here:
Encryption flaw opened Android and Apple smartphones to online drive-by attacks

Will HIPAA Require Encryption?

Posted on by

By Megan Williams, contributing writer

You and your healthcare IT clients could be facing even more legislation around healthcare data, and this time, its about encryption.

Currently, the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act do not contain mandates around encryption, but that may soon change. The Senate Health, Education, Labor, and Pensions committee is rethinking its approach to encryption in their efforts to revisit HIPAA, according to FierceHealthIT.

The legislation is coming up on its 20-year anniversary, and many in the industry feel regulations around encryption dont properly address the new security threats that are becoming so common in the healthcare sector.

HITECH

The answer to HIPAAs lack of focus on encryption came in 2009 in the form of the HITECH Act, which, much like todays Meaningful Use initiatives, placed incentives around encryption, and avoided imposing a rigid solution across the industry. Indiana University law professor, Nicolas Terry told the AP, that it seemed like a reasonable balance at the time, but that recent events may have proven the compromise unworkable.

Basically, the industry hasnt gone for the incentives in big enough ways. Over 40 percent of healthcare employees arent using full-disk, or file-level encryption devices at work, according to a Forrester research report, leaving huge segments of the industry vulnerable, just as attacks are increasing, and growth in security-testing concepts like the Internet of Things are taking off.

The current chair of the HIMSS Privacy And Security Policy Task Force doesnt believe much will happen, though, before the next presidential election.

On a smaller level, states like New Jersey have taken the lead, and enacted legislation requiring health insurance companies to encrypt patient information, according to NJ.com. All insurance companies using data containing personal information must either protect that data by encryption, or by any other method or technology rendering it unreadable, undecipherable, or otherwise unusable by an unauthorized person.

Where Encryption Falls Short

See the original post:
Will HIPAA Require Encryption?