Basic Disk Encryption: Arch Linux (Using dm-crypt)
Basic Disk Encryption using Arch Linux command line based install. Kernel module: dm-crypt. Show Notes: http://paste.ubuntu.com/10740491/ References: https://wiki.archlinux.org/index.php/Dm-crypt.

By: midfingr

Read more:
Basic Disk Encryption: Arch Linux (Using dm-crypt) - Video

Pixelated: Modern email with encryption
https://pixelated-project.org/

By: ThoughtWorks

Original post:
Pixelated: Modern email with encryption - Video

iPhone Message Encryption
Paranoia Text Encryption keeps your SMSs, emails, social networking posts, notes, and any other text safe from unintended readers. Available for iOS (http://www.paranoiaworks.mobi/pte), Android...

By: Social Media Marketing

Read more:
iPhone Message Encryption - Video

Encryption is the process of converting data to an unrecognizable or "encrypted" form. It is commonly used to protect sensitive information so that only authorized parties can view it. This includes files and storage devices, as well as data transferred over wireless networks and the Internet.

You can encrypt a file, folder, or an entire volume using a file encryption utility such as GnuPG or AxCrypt. Some file compression programs like Stuffit Deluxe and 7-Zip can also encrypt files. Even common programs like Adobe Acrobat and Intuit TurboTax allow you to save password-protected files, which are saved in an encrypted format.

Encryption is also used to secure data sent over wireless networks and the Internet. For example, many Wi-Fi networks are secured using WEP or the much stronger WPA encryption. You must enter a password (and sometimes a username) connect to a secure Wi-Fi network, but once you are connected, all the data sent between your device and the wireless router will be encrypted.

Many websites and other online services encrypt data transmissions using SSL. Any website that begins with "https://," for example, uses the HTTPS protocol, which encrypts all data sent between the web server and your browser. SFTP, which is a secure version of FTP, encrypts all data transfers.

There are many different types of encryption algorithms, but some of the most common ones include AES (Advanced Encryption Standard), DES (Data Encryption Standard), Blowfish, RSA, and DSA (Digital Signature Algorithm). While most encryption methods are sufficient for securing your personal data, if security is extremely important, it is best to use a modern algorithm like AES with 256-bit encryption.

Read more here:
Encryption Definition - Computer

For months, federal law enforcement agencies and industry have been deadlocked on a highly contentious issue: Should tech companies be obliged to guarantee government access to encrypted data on smartphones and other digital devices, and is that even possible without compromising the security of law-abiding customers?

Recently, the head of the National Security Agency provided a rare hint of what some U.S. officials think might be a technical solution. Why not, suggested Adm. Michael S. Rogers, require technology companies to create a digital key that could open any smartphone or other locked device to obtain text messages or photos, but divide the key into pieces so that no one person or agency alone could decide to use it?

I dont want a back door, Rogers, the director of the nations top electronic spy agency, said during a speech at Princeton University, using a tech industry term for covert measures to bypass device security. I want a front door. And I want the front door to have multiple locks. Big locks.

Law enforcement and intelligence officials have been warning that the growing use of encryption could seriously hinder criminal and national security investigations. But the White House, which is preparing a report for President Obama on the issue, is still weighing a range of options, including whether authorities have other ways to get the data they need rather than compelling companies through regulatory or legislative action.

The task is not easy. Those taking part in the debate have polarized views, with advocates of default commercial encryption finding little common ground with government officials who see increasing peril as the technology becomes widespread on mobile phones and on text messaging apps.

Apple catalyzed the public debate in September when it announced that one of the worlds most popular smartphones would come equipped with a unique digital key that can be used only by its owner. Even if presented with a warrant, Apple could no longer unlock an iPhone that runs its latest operating system.

Hailed as a victory for consumer privacy and security, the development dismayed law enforcement officials, who said it threatens what they describe as a centuries-old social compact in which the government, with a warrant based on probable cause, may seize evidence relevant to criminal investigations.

What were concerned about is the technology risks bringing the country to a point where the smartphone owner alone, who may be a criminal or terrorist, has control of the data, Deputy Assistant Attorney General David Bitkower said at a recent panel on encryption hosted by the nonprofit Congressional Internet Caucus Advisory Committee. That, he said, has not been the standard American principle for the last couple of hundred years.

Tech industry officials and privacy advocates take a different view. I dont believe that law enforcement has an absolute right to gain access to every way in which two people may choose to communicate, said Marc Zwillinger, an attorney working for tech companies on encryption-related matters and a former Justice Department official. And I dont think our Founding Fathers would think so, either. The fact that the Constitution offers a process for obtaining a search warrant where there is probable cause is not support for the notion that it should be illegal to make an unbreakable lock. These are two distinct concepts.

The increasing use of encrypted storage extends well beyond the iPhone or the similar option that Google offers though not by default on new versions of its Android operating system. Windows and Apple offer simple settings to encrypt the contents of personal computers, and several cloud storage companies encrypt the data they host with keys known only to their customers.

Follow this link:
As encryption spreads, U.S. grapples with clash between privacy, security

Robert Alexander/Getty Images A woman talks on her smartphone as she leans against a wall of a shop selling cow skulls in Santa Fe, New Mexico. For months, federal law enforcement agencies and industry have been deadlocked on a highly contentious issue: Should tech companies be obliged to guarantee U.S. government access to encrypted data on smartphones and other digital devices, and is that even possible without compromising the security of law-abiding customers?

Recently, the head of the National Security Agency provided a rare hint of what some U.S. officials think might be a technical solution. Why not, said Adm. Michael S. Rogers, require technology companies to create a digital key that could open any smartphone or other locked device to obtain text messages or photos, but divide the key into pieces so that no one person or agency alone could decide to use it?

I dont want a back door, said Rogers, the director of the nations top electronic spy agency during a speech at Princeton University, using a tech industry term for covert measures to bypass device security. I want a front door. And I want the front door to have multiple locks. Big locks.

Law enforcement and intelligence officials have been warning that the growing use of encryption could seriously hinder criminal and national security investigations. But the White House, which is preparing a report for President Obama on the issue, is still weighing a range of options, including whether authorities have other ways to get the data they need, rather than compel companies through regulatory or legislative action.

The task is not easy. Those taking part in the debate have polarized views, with advocates of default commercial encryption finding little common ground with government officials who see increasing peril as the technology becomes widespread on mobile phones and on text messaging apps.

Apple catalyzed the public debate in September when it announced that one of the worlds most popular smartphones would now come equipped with a unique digital key that can be used only by its owner. Even if presented with a warrant, Apple could no longer unlock an iPhone that runs its latest operating system.

Hailed as a win for consumer privacy and security, the development has dismayed law enforcement officials, who say it threatens what they describe as a centuries-old social compact in which the government, with a warrant based on probable cause, may seize evidence relevant to criminal investigations.

What were concerned about is the technology risks bringing the country to a point where the smartphone owner alone, who may be a criminal or terrorist, has control of the data, Deputy Assistant Attorney General David Bitkower said at a recent panel on encryption hosted by the nonprofit Congressional Internet Caucus Advisory Committee. That, he said, has not been the standard American principle for the last couple of hundred years.

Tech industry officials and privacy advocates take a different view. I dont believe that law enforcement has an absolute right to gain access to every way in which two people may choose to communicate, said Marc Zwillinger, an attorney for tech companies on encryption-related matters and a former Justice Department official. And I dont think our Founding Fathers would think so either. The fact that the Constitution offers a process for obtaining a search warrant where there is probable cause is not support for the notion that it should be illegal to make an unbreakable lock. These are two distinct concepts.

The increasing use of encrypted storage extends well beyond the iPhone or the similar option that Google offers though not by default on new versions of its Android operating system. Windows and Apple offer simple settings to encrypt the contents of personal computers, and several cloud storage companies encrypt the data they host with keys known only to their customers.

Go here to see the original:
As encryption spreads, U.S. grapple with clash between privacy, security

Chinas web censorship machine, the Great Firewall, has a more offensive brother, researchers have declared today. Called the Great Cannon by Citizen Lab, a research body based at the University of Toronto, it can intercept traffic and manipulate it to do evil things.

In recent distributed denial of service (DDoS) attacks on code repository Github, the Great Cannon was used to redirect traffic intended for Baidu Baidu, the equivalent of Google Google in China, to hit two pages on the target site, including one that provided links to the Chinese-language edition of the New York Times. GreatFire.org, a website dedicated to highlighting Chinese censorship, was hit by a similar attack.

The Great Cannon only intercepts traffic to or from a specific set of targeted addresses, unlike the Great Firewall, which actively examines all traffic on tapped wires going in and out of China. According to Citizen Lab, in the recent DDoS hits, it intercepted traffic going to Baidu, and when it saw a request for certain JavaScript files on a Baidu server, it appeared to either pass the request on unmolested, as it did for 98 per cent of connections, or it dropped the request before it reached Baidu and sent a malicious script back to the requesting user, as it did nearly 2 per cent of the time. That malicious script would fire off traffic to the victims servers. With so many users redirected to the targets, the internet pipes feeding Github and GreatFire.org were clogged up, taking them offline. It was an effective, if blunderbuss, approach to censoring the targets.

A Baidu paper cup is seen on a table at the Baidu headquarters building in Beijing on December 17, 2014. Baidu visitors were used in recent attacks on Github and GreatFire.org AFP PHOTO / Greg BAKER (Photo credit should read GREG BAKER/AFP/Getty Images)

But, as the researchers noted, the Great Cannon could be abused to intercept traffic and insert malware to infect anyone visiting non-encrypted sites within the reach of the attack tool. That could be done, said Citizen Lab, by simply telling the system to manipulate traffic from specific targets, say, all communications coming from Washington DC, rather than going to certain sites, as in the abuse of Baidu visitors. Since the Great Cannon operates as a full man-in-the-middle, it would also be straightforward to have it intercept unencrypted email to or from a target IP address and undetectably replace any legitimate attachments with malicious payloads, manipulating email sent from China to outside destinations, Citizen Lab added in its report released today.

The Great Cannon is not too dissimilar to QUANTUM, a system used by the National Security Agency and the UKs GCHQ, according to the Edward Snowden leaks. So-called lawful intercept providers, FinFisher and Hacking Team Team, sell products that appear to do the same too, Citizen Lab noted.

But theres one simple way to stop the Great Cannon and the NSA from infecting masses of users: encrypt all websites on the internet. The system would not be able to tamper with traffic that is effectively encrypted. The SSL/TLS protocols (which most users commonly use when on HTTPS websites rather than HTTP) drop connections when a man-in-the-middle like the Cannon is detected, whilst preventing anyone from peeking at the content of web communications.

There are some significant projects underway designed to bring about ubiquitous web encryption. Just this week, the Linux Foundation announced it would be hosting the Lets Encrypt project, which seeks to make SSL certificates, which website owners have to own and integrate into their servers to provide HTTPS services, free and easy to acquire. It should be possible to grab these simple and (hopefully) secure certificates from mid-2015, though Josh Aas, executive director at the the Internet Security Research Group (ISRG), which runs Lets Encrypt, would not say when exactly. It has some serious backers, including Akamai, Cisco, Electronic Frontier Foundation and Mozilla.

Its unclear whether Lets Encrypt would provide certificates to Chinese sites. The default stance is that we want to issue to everyone but we will have to comply with US laws our legal team is looking into it.

Read the rest here:
Another Reason For Ubiquitous Web Encryption: To Neuter China's 'Great Cannon'

Last week, FBI Director James Comey once again campaigned for backdoors into the encryption programs of tech companies, writes Sunday Yokubaitis at the Daily Dot.

Tech execs say privacy should be the paramount virtue, he told the House of Representatives Appropriations Committee. When I hear that, I close my eyes and try to imagine what the world looks like where pedophiles cant be seen, kidnappers cant be seen, [and] drug dealers cant be seen.

The United States government is playing to fear, uncertainty, and doubt. The reality is the government already collects a tremendous amount of personal data about its citizens through the location data our phones give away, National Security Agency metadata programs and online shopping habits without our consent.

Encryption is how privacy-conscious Internet users fight back against the unblinking eye of government mass surveillance and protect themselves online. Even if the NSA can break some encryption technologies, were at least making it harder and more expensive for them to track law-abiding citizens en masse. When Comey asks for backdoors, he is really just asking to make his job easierwith dubious benefits and very serious risks.

We must protect encryption because backdoors are inherently insecure.

Todays Question: Is encryption the Second Amendment for the Internet?

Excerpt from:
Is encryption the Second Amendment for the Internet?