Inside The Americas - The encryption debate
In-depth reports and analysis from our extensive network of correspondents throughout the region on the most important developments in Latin America. In the digital age, the government #39;s...
By: teleSUR English
View post:
Inside The Americas - The encryption debate - Video
Three-quarters of Passcode's Influencers disagree with FBI Director James Comey, insisting stronger encryption on consumer devices would not hinder law enforcement and intelligence agencies so much that it would harm national security.
"Its crucial that users demand the highest level of security to both protect our personal privacy and mitigate the potential harm that can result from theft of personal data. Unquestionably, encrypting the content of smartphones makes it more difficult to access that information; thats the point," said Nuala O'Connor, head of the Center for Democracy and Technology. "However, there are still many legal channels police can pursue to access encrypted data."
Mr. Comey and intelligence officials have criticized companies such as Google and Apple for strengthening encryption on consumer devices because they say it will stymie law enforcement as they track criminals and terrorists. While the 73 percent of Influencers largely acknowledged that encryption will occasionally pose some obstacles to law enforcement, they insisted they were not severe enough to justify built-in government access to data.
"Evidence that this is a serious problem demanding a policy response is laughably weak," said Cato Institute senior fellow Julian Sanchez.
"We live in a Golden Age of Surveillance. Never in human history have police had such easy access to such vast quantities of data about people. They'll still be able to use subpoenas or court orders (and the threat of contempt penalties or even obstruction charges) to compel people to decrypt data; they can still surreptitiously attempt to get people's passphrases through physical surveillance," Mr. Sanchez continued. "It is flat out insane to suggest that we should undermine the security of a technology used by hundreds of millions of people for legitimate purposes because of the minuscule fraction of cases where crypto will be the make-or-break factor in a legitimate investigation."
Security pros also had objections, taking issue with intelligence officials' assertions that it would be technologically feasible to provide government access to encrypted data through a secure channel without compromising users' security.
"Much greater harms to national security would result from the government deliberately weakening encryption protocols (again) as the FREAK vulnerability demonstrated this past week," said Chris Finan, chief executive officer of Manifold Security. "DC policymakers shouldn't seek a middle-ground solution on this issue, because it simply doesn't exist when it comes to cryptography.
Get Monitor cybersecurity news and analysis delivered straight to your inbox.
"The only answer is to support the strongest possible encryption protocols, while also enabling law enforcement professionals with the resources needed to conduct classic police work," Mr. Finan continued."The FBI director should realize that the days of relying on backdoor technology shortcuts are over. Encryption is as empowering a technology as gunpowder or firearms, policymakers need to appreciate the irreversibility of this paradigm shift and adapt. Quite simply, governments no longer enjoy a monopoly on technologies like cryptographic protocols or offensive cyberwarfare exploits. There are no tech magic bullets to address these policy challenges."
The Passcode Influencers Poll brings together a diverse group of more than 80 security and privacy experts from across government, the private sector, academia, and the privacy community. To preserve the candor of their responses, Influencers have the choice to keep their comments anonymous, or voice their opinions on the record.
See more here:
Influencers: Stronger encryption on consumer devices won't hurt national security (+video)
DECENTRALIZE Episode 21: Jeff Garzik
Watch our interview with Bitcore Core developer and founder and CEO of Dunvegan Space Systems Jeff Garzik. We discuss Jeff #39;s background in open source software and his current work in ...
By: DECENTRALIZE
See original here:
DECENTRALIZE Episode 21: Jeff Garzik - Video
Advanced SSH
This lesson will show you how to configure configure SSH.
By: Big Data Open Source Software Project
Read the rest here:
Advanced SSH - Video
Open sourcing hardware and software is core to [Facebook, Inc.s] mission, according to Matt Corddry, Director of Hardware Engineering at Facebook. In a live interview with theCUBE co-hosts John Furrier and Jeff Kelly during OCP Summit 2015, Corddry explained that the benefit to the internet behemoth, he explained, is that it actually helps us move faster. By open sourcing hardware, Corddry added, Facebook intends to connect more folks, and get more smart minds on the problem.
Part of Facebooks recent software innovations blur the boundaries of open hardware and open software, Corddry said. He called out FBOSS and Open VMC as particularly exciting products software products that Facebook is announcing at a hardware summit precisely because they bridge hardware and software.FBOSS allows you to program you won network switches, enabling folks to hack [their] own software on [their] own network switch. Open VMC, he said, allows you to roll your own code in the little baseboard management controller Both these innovations are uncharted territory, he explained, because they enable people to hack and innovate down at the hardware platform management level.
While Facebooks announcements at the Open Compute Project Summit leverage bridge hardware and software, the company also has invested in innovating in both areas separately.
Recent software innovations, like the HipHop Virtual Machine, are designed to make it easier for Facebook to connect the world. The HipHop Virtual Machine allows people to scale out large web properties thanks to much more efficient PHP execution.
Corddry also highlighted the System on a Chip design that Facebook recently announced. A lot of it is the disaggregation of our infrastructure, he said, adding: Instead of cramming all bits and resources into one big boxwere going to really focus on solving one problem at a time. The intention, Corddry explained is to scale out massive amounts of compute without needing to put a bunch of local storage and other resources in the box at the same time.
Hardware-based innovations are in Corddrys wheelhouse. My team, he explained, mostly focuses on the gear in the data center. Contrary to popular trends, Facebook is building big, ugly tin boxes instead of going smaller, smaller, smaller servers. The benefit of theses servers, said Corddry, is that theyre super efficient, and built to work at massive scale. In particular, Corddry highlighted that the amount of power required to cool one of their designs is only three to six watts, whereas traditional OEM designs take 80 watts of power. That efficiency, he commented, makes a tremendous difference.
More here:
Open source software and hardware is central to Facebook’s future | #OCPSummit2015
Yet another twist, if you wish to call it that, in the case of Wikileaks co-founder Julian Assange: The Guardian reports that a police letter has informed him he must present himself to a London police station on Friday at 11:30 am. Since last week, Assange has been seeking political asylum at Ecuadors embassy in London, to avoid extradition to Sweden where he would face police questioning about allegations of sexual assault in August of 2010 brought by two Swedish women.
Assange has claimed that the sex was consensual and that the two womens allegations are politically motivated. He has also accused Sweden of being a Saudi Arabia of feminism.
A spokesman for Londons Metropolitan police said thata surrender notice had been served this morning upon a 40-year-old man that requires him to attend a police station at a date and time of our choosing. The police also noted that this is standard practice in extradition cases and is the first step in the removal process. If Assange fails to surrender, the spokesman said that it would be a further breach of conditions and that Assange would be liable to arrest.
Ecuador has said that Assange is under its protection while it considers his asylum application and, indeed, so long as he remains in the embassys building he is beyond the reach of the police, according to the British Foreign Office.Ecuadors ambassador to the UK left London on Sunday to return home to discuss Assanges application for asylum.
A number of well-known Americans including Michael Moore, Oliver Stone, Noam Chomsky, Danny Glover, Naomi Wolf and Bill Maher have signed a lettersupporting Assanges application for political asylum in Ecuador. Daniel Ellsberg, the military analyst who leaked the Pentagon Papers in 1971 and who has long supported Assange, has also signed the letter, as have about 4,000 others. On Monday,Robert Naiman, the policy director ofJust Foreign Policy, delivered the letter to the Ecuadorian embassy.
Stating that the US government had made no secret about its hostility to Wikileaks, the letters notes that there is a strong likelihood that once in Sweden, [Assange] would be imprisoned, and then likely extradited to the United States. Assange and his supporters have said that, were he to be extradited to the US, he could be charged and found guilty under the Espionage Act and sentenced to the death penalty.
Wikileaks is responsible for the largest leak of classified US military and diplomatic documents ever.
Related Care2 Coverage
Assange Requests Asylum in Ecuador
Read the original post:
Julian Assange Could Be Arrested on Friday | Care2 Causes
Julian Assange has been at the Ecuadorian embassy for three years They granted the 43-year-old WikiLeaks founder refugee status British police cannot enter embassy near Harrods without permission Eight officers on duty assigned to at one time to Assange surveillance Surveillanceoperation so far cost tax payer a shocking 10million Met Commissioner complained it is 'sucking' police resources Swedish investigation into Assange could lapse in five years' time By then the Metropolitan Police bill could have topped 30 million
By Richard Pendlebury for the Daily Mail
Published: 18:11 EST, 19 February 2015 | Updated: 18:48 EST, 19 February 2015
79 shares
100
View comments
Wanted man: Julian Assange in the Ecuadorian embassy - and the British police waiting outside to arrest him
Each morning, the glitzy London district of Knightsbridge plays host to a variety of uniformed rituals such as the troop of Household Cavalry jangling out of the Hyde Park Barracks on their way to Horse Guards Parade.
But rather less photogenic is the line-up of Metropolitan Police officers stationed 24 hours a day outside the Ecuador embassy round the corner from Harrods.
Their cordon is unlike any other police patrol in the capital. Rather than being deployed to repel intruders, the officers are there to make sure that one particular person is arrested if ever he leaves the building.
Follow this link:
How WikiLeaks fugitive Julian Assange could cost Britain £30m
SOURCE: My Big Coin Pay, Inc.
LAS VEGAS, NV--(Marketwired - Mar 3, 2015) - Privately held My Big Coin Pay, the corporate parent of the online cryptocurrency payment platform and virtual wallet website http://www.MyBigCoin.com, announced today that it has entered into a letter of intent to merge with Shot Spirits Corporation (OTC PINK: SSPT), as part of an alternative public offering or "APO" transaction. Subject to regulatory approval and the fulfillment of contractual obligations, if successful, the merged company will be named My Big Coin Pay and is expected to trade on the OTC Pink Marketplace. The current management of My Big Coin Pay will become the management of the surviving public entity.
According to the Letter of Intent, My Big Coin Pay has thirty (30) days to complete the contemplated merger. My Big Coin Pay must, according to the Letter of Intent, work with Shot Spirits Corporation to provide "current public information" through the OTC Pink Marketplace and obtain the necessary regulatory approvals for the merger. The Letter of Intent further contemplates that a definitive agreement with respect to the contemplated merger must be executed within thirty (30) days. The contemplated definitive agreement, subject to revision, provides that upon completion of the merger, the shareholders of My Big Coin Pay will own approximately 90% of the common stock of the surviving entity, while the shareholders of Shot Spirits will own approximately ten (10%).
John Roche, Chief Executive Officer of My Big Coin Pay, said, "This Letter of Intent marks a significant step in the process of becoming a publicly held company." He added, "My Big Coin Pay is another step closer to being accessible within the micro cap public market, and creating an opportunity for investors to get involved in what we believe is an exciting, emerging technology that seeks to create a viable commercial platform for cryptocurrencies. We will be focusing all of our efforts over the next 30 days on meeting our obligations to close this transaction." The execution of a definitive agreement and closing of the merger is targeted for late March, 2015, subject to customary closing conditions, regulatory approval as well as shareholder approval from both companies.
About My Big Coin Pay, Inc.
My Big Coin Pay, Inc. is the corporate parent of the online cryptocurrency payment platform and virtual wallet website http://www.MyBigCoin.com. MyBigCoin is a privacy-centered digital currency developed for use with My Big Coin Pay's emerging peer-to-peer and commercial digital currency exchange platforms. My Big Coin Pay seeks to collaborate with payments industry leaders to develop unique, high-value, cryptocurrency-based payment solutions. My Big Coin Pay, Inc. is a privately-held company based in Las Vegas, Nevada.
Statements in this press release that are not historical fact may be deemed forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended. Although My Big Coin Pay, Inc. believes the expectations reflected in any forward-looking statements are based on reasonable assumptions, My Big Coin Pay is unable to give any assurance that its expectations will be attained. Factors that could cause actual results to differ materially from expectations include the company's ability meet the conditions necessary to complete the proposed APO transaction.
Read more from the original source:
My Big Coin Pay, Inc. Announces Letter of Intent to Merge With Shot Spirits Corporation
An effort to search for cryptographic flaws in TrueCrypt, a popular disk encryption program, will resume even though the software was abandoned by its creators almost a year ago.
For years TrueCrypt has been the go-to open-source tool for people looking to encrypt files on their computers, especially since its one of the few solutions to allow encrypting the OS volume.
In October 2013, cryptography professor Matthew Green and security researcher Kenneth White launched a project to perform a professional security audit of TrueCrypt. This was partly prompted by the leaks from former U.S. National Security Agency contractor Edward Snowden that suggested the NSA was engaged in efforts to undermine encryption.
Green and Whites Open Crypto Audit Project started accepting donations and contracted iSEC Partners, a subsidiary of information assurance company NCC Group, to probe critical parts of the TrueCrypt code for software vulnerabilities. The firm found some issues, but nothing critical that could be described as a backdoor. Their report, published in April 2014, covered the first phase of the audit.
Phase two was supposed to involve a formal review of the programs encryption functions, with the goal of uncovering any potential errors in the cryptographic implementationsbut then the unexpected happened.
In May 2014, the developers of TrueCrypt, who had remained anonymous over the years for privacy reasons, abruptly announced that they were discontinuing the project and advised users to switch to alternatives.
This threw our plans for a loop, Green said in a blog post Tuesday. We had been planning a crowdsourced audit to be run by Thomas Ptacek and some others. However in the wake of TC pulling the plug, there were questions: Was this a good use of folks time and resources? What about applying those resources to the new Truecrypt forks that have sprung up (or are being developed?)
Truecrypt.
Now, almost a year later, the project is back on track. Ptacek, a cryptography expert and founder of Matasano Security, will no longer lead the cryptanalysis and the effort will no longer be crowdsourced. Instead, phase two of the audit will be handled by Cryptography Services, a team of consultants from iSEC Partners, Matasano, Intrepidus Group, and NCC Group.
The cost of professional crypto audits is usually very high, exceeding the $70,000 the Open Crypto Audit Project raised through crowdfunding. To keep the price down, the project had to be flexible with its time frame and work around Cryptography Services other engagements.
Read more:
TrueCrypt security audit back on track after silence and uncertainty
A major security flaw has been discovered in the Secure Sockets Layer/Transport Layer Security (SSL/TLS) cryptographic protocols, leaving users of Google and Apple devices open to attack when visiting purportedly secure websites.
Technology companies are now rushing to put out fixes for the FREAK attack, disclosed by researchers today.
The vulnerability in the SSL/TLS secure communications protocols allows attackers to intercept HTTPS connections between vulnerable clients and servers - which researchers revealed included web browsers on Android and Apple smartphones.
Attackers could then force the site to downgrade to weak, so-called "export-grade" cryptography, which could be easily cracked in order to decrypt web traffic, in turn allowing attackers to steal passwords and other sensitive information.
The flaw has been around since the late 1990s, stemming from a former US government policy which had banned the export of strong encryption.
The policy - which was ditched in 1999 - meant weaker "export-grade" products were shipped to customers outside of the US.
However, the weaker keys continued to be used by software companies after the policy was canned, going unnoticed until it was discovered this year by thegroup of cryptographers at INRIA, Microsoft Research and IMDEA.
The "FREAK name stands for 'factoring attack on RSA-EXPORT keys'. The keys used in the export-grade encryption had a length of 512 bits - which is considered incredibly weak in the current age thanks to rapid increases in computing power - allowing attackers to easily guess the key.
"This bug causes them to accept RSA export-grade keys even when the client didn't ask for export-grade RSA," cryptographer Matthew Green wrote in ablog post.
"The impact of this bug can be quite nasty: it admits a 'man in the middle' attack whereby an active attacker can force down the quality of a connection, provided that the client is vulnerable and the server supports export RSA."
See the original post:
Apple, Google users at risk from FREAK flaw