« First...102030...1,9992,0002,0012,0022,003...2,0102,0202,030...Last »

Encryption — the NFC killer app

Posted on by

I believe I have found the killer app for NFC - off-phone encryption hardware for the post-Snowden era.

One of the revelations that Edward Snowden told us is that strong encryption works. Over the new year the person Snowden chose to contact, documentary filmmaker Laura Poitras, spelled out at the Chaos Computer Congress that the two protocols that the United States NSA and the UKs GCHQ could not decrypt were PGP (Pretty Good Privacy public-key encryption) and OTR (Off-The-Record instant messaging encryption).

However, while the math behind PGP may be secure, unless messages are decrypted on air-gapped, offline PCs, the endpoints are the weakest link in the chain. If the file containing the key itself could be stolen it would be a relatively simple case of brute-force guessing the password to the key for the encryption to be broken.

The idea of using mobile smart phones with PGP has long met with derision by the security community. Smart phones are by their nature online 24/7 and are thus the secret key file is a sitting duck for attacks - especially with the plethora of insecure apps to exploit.

Edward Snowdens lawyer said he only uses a simple phone and in Spain, police are taught to recognize terrorists by, among other factors, if they use a laptop in a car.

Enter Yubicos Yubikey Neo, a small USB device that, among other features, works as an OpenPGP smartcard.

This addresses the key problem with PGP keys on a mobile smart device. The private key is never present the phone itself, even for a split-second, and the actual decryption or signing happens on the Yubikey via NFC or on the laptop via USB.

Indeed, for better or for worse, there is no way that a user can extract a private key generated on the key itself. For those paranoid that Yubico might be backdooring their key-generation algorithm, an option is to generate a key on an air-gapped PC and then transfer it to the Yubikey Neo.

The combination of Android K-9 email client, OpenKeyChain PGP and Yubikey Neo suddenly solves the usability / security trade-off that has hampered widespread PGP adoption on mobile devices

Signing or decrypting an email needs the Yubikey to be held against the back of the device for a few seconds, a PIN is entered and there is also a counter of the number of times the PIN has been entered.

See the original post here:
Encryption -- the NFC killer app

New business collaboration platform secures data with personalized cryptography

Posted on by

Data security is a big concern for both individuals and businesses. This doesn't only apply to the public face of a business, but to exchange of information and collaboration between employees too.

Canadian company Witkit is launching a new platform that allows the creation of teams and groups within industries, companies, and departments to tackle projects and solve problems collectively, with the safety and security of knowing their data cannot be breached.

"Our intention with Witkit is to make the first fully encrypted global collaboration platform so that companies and individuals can more easily reap the benefits that socialized teamwork brings to their business challenges," says Sean Merat, president and CEO of Witkit.

Witkit is a modular platform that works by allowing users to create tailored workspaces. These center on 'Kits' -- virtual groups based on specific topics or projects. Within each Kit, members can upload and access shared files, initiate and contribute to group discussions, post and respond to team tasks, and use a single synchronized calendar.

Additional features include secure storage using proprietary encryption, along with messenger and video conferencing services.

Kits can be made private or public and users are able to participate in multiple Kits at the same time. A single dashboard and news feed collates all of a user's memberships in one place.

"The vast majority of breaches today happen on a centralized system which contains sensitive user data," says Merat. "WitCrypt technology ensures that the encryption and decryption of user data is only done on user devices locally. All data that is sent to the Witkit servers is fully encrypted and can only be decrypted by the user's WitCrypt passphrase. We can confidently say that we've minimized most, if not all the risk, to user data being hacked. That is to say that in the unlikely event that the Witkit servers are compromised, there will be no decrypted data to be found".

For more information visit the Witkit website, the first 50,000 people who sign up for the platform will get 50GB of encrypted storage and all available applications for free.

Image Credit: Tischenko Irina / Shutterstock

Read the rest here:
New business collaboration platform secures data with personalized cryptography

Bitcoin TLV `14, #32 – Paul Snow – The Architecture of a Cryptocurrency Based Project – Video

Posted on by


Bitcoin TLV `14, #32 - Paul Snow - The Architecture of a Cryptocurrency Based Project
The lecture took place in the Inside Bitcoins Tel Aviv 2014 conference, organized by the Israeli Bitcoin Association and Buzz Productions, on October 19-20, 2014. Slides (for the entire conference...

By: Bitcoin Israel

Excerpt from:
Bitcoin TLV `14, #32 - Paul Snow - The Architecture of a Cryptocurrency Based Project - Video

Singapore start-up Tembusu Systems gets S$1.2m funding boost

Posted on by

SINGAPORE: Tembusu Systems, which touted Asia's first Bitcoin ATM, on Thursday (Jan 29) announced it secured S$1.2 million in funding to develop its cryptocurrency platform, including S$1 million from a "Singapore-listed company".

The latest capital injection values the company at S$11 million, according to the company's press release.A check on the Accounting and Corporate Regulatory Authority (ACRA) website by Channel NewsAsia showed that OUE Investments is one of the shareholders of the local start-up.

The start-up said its platform, named TRUST, "solves the key challenges of first-generation distributed blockchain technology" and drew from lessons learnt from Bitcoin, the well-known cryptocurrency, such as the issue of complete anonymity of users.

Co-founder and CEO Andras Kristof said: "Our platform introduces proof-of-identity for accounts, which makes for better integration with existing systems and governments. We're also including prepaid wallets and a reputation system to improve the user experience."

Tembusu said TRUST is not a cryptocurrency in itself, but the technology can allow banks, governments and corporations to launch their own asset-backed cryptocurrencies.

"Asset-backed cryptocurrencies will likely be much more stable than Bitcoin, which has seen wild price fluctuations and is worth just 25 per cent of what it was worth 12 months ago," the company stated.

The rest is here:
Singapore start-up Tembusu Systems gets S$1.2m funding boost

Edward Snowden: Apple iPhone With Secret iFeature Allows …

Posted on by

Former National Security Agency contractor Edward Snowden won't use an Apple iPhone because he says it has "special software" that can be activated remotely, allowing the government to spy on its user.

"Edward never uses an iPhone; he's got a simple phone," Anatoly Kucherena, Snowden's attorney, said in an interview with RIA Novosti, a Russian media company, reports Tech Times.

Kucherena told the publication that the "iPhone has special software that can activate itself without the owner having to press a button and gather information about him; that's why on security grounds he refused to have this phone."

It wasn't made clear whether Snowden, who fled the United States and ended up in Russia after leaking sensitive intelligence documents from the NSA, believes intelligence agencies have a way of compromising the iPhone's operating system, or if the software comes from standard diagnostic tools.

Apple has denied claims that it participated in the NSA's PRISM data mining project, after accusations were made when Snowden released the NSA documents that its devices are vulnerable to spying.

The leaked documents revealed that the NSA operates an iPhone backdoor surveillance program that allows officials to snoop through virtually any communication sent or received using an Apple product.

The PRISM project involved gathering materials including audio, video, pictures, documents, emails, and connection logs from mobile devices, which allowed analysts to track the device users' movements and communications.

Apple said it does not allow government agencies to have direct access to its servers.. However, further NSA leaks showed how the agency developed spyware to target iPhones, allowing information to be gathered from devices, and Apple denied further being involved in the spyware development.

Further, with the latest operating system, iOS 8, Apple says it is not even able to decrypt messages itself that come through its devices, as it values its emphasis on user security.

Related stories:

See more here:
Edward Snowden: Apple iPhone With Secret iFeature Allows ...


« First...102030...1,9992,0002,0012,0022,003...2,0102,0202,030...Last »