« First...102030...2,1682,1692,1702,1712,172...2,1802,1902,200...Last »

Snowden, Putin, sheared pigs and the joys of Whataboutism

Posted on by

What is Russia playing at by harboring Americas most wanted whistleblower Edward Snowden in a Moscow airport?

A brief recap: Over the weekend, Snowden arrived in Moscow from Hong Kong en route to a third country, probably Ecuador (which is already housing Julian Assange in its London embassy). On Sunday, journalists received a number of tip offs that he was due to take an Aeroflot flight to Cuba, but when the nearly entire foreign press corps boarded the plane hoping to interview him, his seat remained empty and the hapless hacks ended up flying to the Caribbean by themselves. No one has seen Snowden since his purported arrival in Sheremetyevo.

Today, Putin broke the silence in characteristic style at a press conference during a diplomatic visit to Finland. He confirmed that the American remains in the airport transit area and that Russia would not turn hand him over. Then, in another classic turn of phase, he described the fuss over Snowden as likeshearing a piglet: theres a lot of squealing, but theres little wool.

As could be expected, Russias willingness to assist Snowden in escaping the American government has divided opinion. The Russians have reacted to this imbroglio in basically the worst possible way, arguedMark Adomanis in Forbes, by just acting like jerks because they think they can get away with it.

On the contrary, writes Anatoly Karlin, aka Da Russophile:Russias incipient reputation as a sanctuary for Western dissidents is a status that is extremely valuable in international PR terms. Besides, would the US extradite a Russian Snowden? To even ask the question is to mockingly answer it.

But one of the most satisfying things to come out of all this is a recent tweet from the Economists former Russia man and current international editor Edward Lucas: How does#Russiatreat its whistleblowers? With Polonium 210#Litvinenko.

The irony is that Lucass tweet is a textbook example of whataboutism,the very thing his august newspaper condemns as an old Soviet rhetorical ploy whereby any criticism of the Soviet Union (Afghanistan, martial law in Poland, imprisonment of dissidents, censorship) was met with a What about (apartheid South Africa, jailed trade-unionists, the Contras in Nicaragua, and so forth).

Whatever else comes out of this Snowden saga, if Putin can get an Economist editor to adopt Soviet propaganda tactics, he must be doing something right.

Read the original:
Snowden, Putin, sheared pigs and the joys of Whataboutism

Snowden in the Greater Scheme of U.S.-Russian Relations

Posted on by

Barack Obama, Vladimir Putin, and Edward Snowden (Photo: telegraph.co.uk)

On Thursday, Aug. 1, 2013, Russia granted temporary asylum to Edward Snowden, permitting him to leave the transit zone of Sheremetyevo Airport for the first time in nearly six weeks. The Obama administration immediately expressed its disappointment with the Russian decision, and some members of Congress have called for retaliatory measures against Russia. While President Putins foreign policy adviser, Yury V. Ushakov, has asserted that the issue was not important enough to derail U.S.-Russian relations. Nevertheless, Obama canceled a presidential summit meeting scheduled for September, and there was talk in Washington of boycotting the Winter Olympics in Sochi.

To be sure, the charges against Snowden are serious. He has released official documents revealing the methods used by the National Security Agency (documents, not mere whisperings to reporters that the authorities could deny, and the actual methods, not a few random details picked up by those methods). This was not like the 1970s disclosure of secret CIA operations unknown even to Congress. The existence of these programs has already been known to the public in broad outline since 2006, and it has been known that Congress revised the laws governing them in 2007 and 2008. It appears so far that the Obama administration (unlike the Bush administration) has operated the programs within the confines of current law. (Granted, people may disagree with the law, and Congress may change it again if it so chooses.) While Snowden presents himself as a whistleblower, his evidence relates to the governments capabilities, not to any specific abuses of those capabilities or other wrongdoing. He and journalist Glenn Greenwald have made assertions that abuses are occurring, or must have occurred, but they have not proved it or described any specific instance of abuse. At times, their descriptions of the technologies involved and of the documents themselves have been inaccurate.

On the other hand, it is not like the United States rolls over and surrenders everyone the Russians want extradited. Take, for instance, Ilyas Akhmadov, former foreign minister of the Chechen Republic of Ichkeria (not to be confused with the Islamists of the Caucasus Emirate, who have subsequently dominated the Chechen rebel movement). He is wanted in Russia on charges of terrorism, but was granted asylum in the United States in 2004. The Department of Homeland Security opposed the asylum decision, but members of Congress advocated on his behalf. Probably some of the same members who now cannot believe that Russia would deny an extradition request.

Could the Snowden case actually undermine U.S.-Russian relations? Not by itself, but U.S.-Russian relations are in a precarious balance at the moment. It is not impossible that they might deteriorate on their own or that this might serve as a trigger.

On the positive side, there are areas in which the United States and Russia cooperate, much more than in, say, 2008, when relations were virtually frozen. Russia finally entered the World Trade Organization in 2012, with U.S. support, and the two countries have agreed to normalize trade relations for the first time in nearly a century. Russia allows the United States to use its territory and air spaceand not to object to the use of Central Asian territoryto move personnel and equipment in and out of Afghanistan, making the U.S. military less dependant on precarious Pakistani routes. The two countries signed a nuclear arms reduction treaty and have subsequently cooperated in implementation and verification measures. The two countries have increased cooperation in counterterrorism activities since the Boston Marathon bombing, and they cooperate in combating heroin traffic.

In other areas, however, things are not going so well. Russia, over the objections of the United States, continues financial and trade relations with Iran and supports the regime of Bashar al-Assad in Syria. Moscow objects loudly to U.S. plans for ballistic-missile defense, which the Russians insist is directed at neutralizing their deterrent force. On North Korea, where the two sides strategic interests come closer together, they have differed significantly over tactics. The low point came with Russias invasion of its neighbor Georgia in 2008.

I suspect, however, that the real problem in U.S.-Russian relations lies at a deeper level, separate from any list of discrete issues. The two countries are simply out of sync in their basic attitudes toward each other. The mismatch may have prevented the true breakthrough in relations that could have occurred at the end of the cold war.

When the Soviet Union collapsed, both sides realized that a fundamental change had occurred in their mutual relationship. Both said to themselves, The cold war is over, now we can be friends, but it meant different things to them. For the Russians, to put it in crude terms, despite their pitiable condition at the moment, the basic opportunity was, We and the Americans are no longer enemies; now we can rule the world together. The image of mutual relations was something akin to a resurrection of the 19th-century Concert of Europe, in which the great powers of the day held conferences and decided the big issues of the moment both for themselves and for lesser powers. I suspect the Russians originally thought that the G-7 was where those decisions were made, but they were determined to find the proper place and to become full-fledged members. The Russians do not put it this way, but they seem to have something like this in mind when they describe what it means for Russia to be treated as an equal, an equal, that is, to the American superpower. An earlier hint of this attitude came in the 1970s, when Soviet foreign minister Andrei Gromyko stated that dtente meant that no important issue in the world could be resolved without the participation of the Soviet Union, or in opposition to it.

The U.S. attitude toward Russia and the changed world of the 1990s was different. Again, few Americans would put it this way, but the attitude was, We and the Russians are no longer enemies; now we dont have to pay any attention to them whatsoever. Oh, occasionally an American leader will declare that U.S.-Russian relations are important and then produce a lengthy list of things that we need them to do for us. Yet there rarely seems to be a list of things we could do for them (the WTO was a noteworthy exception, although it took 20 years) or a list of what the two of us could do together (and those are constructed around U.S. goals and objectives). Needless to say, the Russians do not find this amusing.

See the original post:
Snowden in the Greater Scheme of U.S.-Russian Relations

Putin’s Deadliest Catch: Snowden Joins Navalny in Moscow

Posted on by

As Edward Snowden slipped into Moscow this afternoon, asylum documents in hand, he joined another recently freed man: Alexey Navalny. Russia now has two famous cyber-whistleblowers on its hands, and hasnt yet figured out what to do with either.

One thing is for sure, Putins planned meeting Obama on the sidelines of the G20 summit is now looking increasingly unlikely.

The similarities between Snowden and Navalny are striking. Both have become famous for exposing the corruption and abuses of power that underpin the power centres of their respective societies. Both are creatures of the internet. Both are idealists who have an (overinflated?) belief in the power of unfiltered information to protect freedom. Both are young, fearless and ready to give up their lives for the causes they believe in. Both are photogenic, eloquent and extremely media savvy. Interestingly also, they are both politically slippery: their ideological beliefs do not clearly or readily fit into established paradigms of left and right. Neither is without a dark side. For Navalny, it is the spectre of nationalism, the persistent reminders of the chauvinism and borderline racism for which he was once expelled from the liberal Yabloko party. He is also known to identify closely with neoliberalism, as Sean Guillory eloquently reminds us with his latest post. For his part, Snowden has been accused of hypocrisy in claiming to stand for freedom of information while seeking asylum in a country notorious for its state censorship and other civil rights abuses.

But perhaps the main thing that unites the two men is the threat they pose to the established order.

Navalnys revelations that Russias ruling party was a party of crooks and thieves unravelled Putins key argument that he was the only man who could rescue the country from corruption. The whistleblowers online campaign has made it impeccably clear that in fact, the reverse is true. Navalny is an existential threat to the Russian order because he has revealed not just what everyone already knew that the governments control is ultimately based on corruption but the mechanism by which it operates. Those kinds of revelations make it possible for people to take concrete actions. It is the agency that Navalny has made possible that scares the government.

Similarly, on one level, Snowdens revelations of U.S. cyber-surveillance merely confirmed what many have long suspected. However, by revealing the details of the specific operations and how they work, Snowden has not only exposed the hypocrisy of American claims to be guarantors of freedom, but also given people practical ideas as to how exactly to push back against the new surveillance state.

Its no wonder that Obama would like to do to Snowden what Putin is planning to do with Navalny: throw them in jail and lock away the key. The identical behavior of democratic America and authoritarian Russia in response to these respective existential threats proves that the two great powers have a lot more in common than they would like to admit.

Read more:
Putin’s Deadliest Catch: Snowden Joins Navalny in Moscow

Porticor and nScaled Partner to Deliver Secure and Compliant Business Continuity and Disaster …

Posted on by

Porticor Adds Software-Defined Encryption Key Management to nScaleds Leading IT BCDR Platform for Complete Protection of Replicated Data in the Cloud

CAMPBELL, Calif., and SAN FRANCISCO Porticor and nScaled today announced the industrys first joint solution integrating software-defined homomorphic encryption key management to protect customers cloud information and applications replicated for IT Business Continuity and Disaster Recovery (BCDR).

Porticor is a leading cloud data security company delivering the only cloud-based key management and data encryption solution that infuses trust into the cloud and keeps cloud data confidential. nScaled is a provider of automated, integrated IT Business Continuity and Disaster Recovery (BCDR) solutions.

nScaleds Disaster Recovery as a Service (DRaaS) platform replicates data, servers, operating systems and applications to protect and deliver critical IT services to users in case of a man-made or natural disaster, equipment failure or data loss. nScaleds DRaaS hybrid cloud solution ensures that replicas are up to date at all times, including both the data and the virtual machine images of the code that runs the applications. Forrester Research, Inc., named nScaled a Leader in The Forrester Wave: Disaster-Recovery-As-A-Service Providers, Q1 2014.

Porticor adds key management and encryption to nScaleds solution. Integrated into nScaleds physical and virtual appliance, Porticor encrypts the data store of each application backed up by nScaleds solution seamlessly and transparently. Porticor is also implemented on nScaleds cloud, ensuring that any data replicated to the nScaled cloud is also encrypted. The result is multifaceted, data-at-rest and in-transmission encryption solution that protects information at the customers data center and in the cloud.

We are in the insurance business so clients share personal and account information about their employees with us, said Aatash Patel, IT Director at Covala Group, a leading enroller and administrator of voluntary, supplemental individual disability benefits for large employers. With nScaled in place serving our disaster recovery needs, we needed a private cloud data encryption solution that was high performing and compatible with our VMware environment. Porticor has been our answer to protect clients confidential information, and help us meet their compliance requirements. We spun up Porticor with nScaled in our cloud without any technical training, and support has been very helpful at both companies. I am very happy with what both vendors are doing together so far.

For a white paper on the partnership and joint solution now available, see http://www.porticor.com/porticor-nscaled-secure-dr/.

Business continuity and disaster recovery have been one of the most successful services offered through the cloud model, and nScaled delivers the industrys leading automated and integrated solution, said Mark Jameson, VP of Worldwide Sales and Product Strategy at nScaled. Together with Porticor we are providing the most secure and reliable Disaster Recovery as a Service (DRaaS) to protect customers data and applications.

Cloud providers, including providers delivering DRaaS, offer a shared responsibility model for the security and protection of customer applications and data, said Gilad Parann-Nissany, Porticor founder and CEO. Now that we have teamed with nScaled, customers can be assured that their applications and information will be available and safe from loss due to disasters and cloud data security threats.

Cloud data encryption provides an effective layer of protection against new cloud security challenges, including internal cloud data center threats, information protection in a shared environment, and compliance requirements which mandate information to be secured both on premises and in the cloud. The challenge created is not in encrypting the data, but with managing the encryption keys. To provide secure cloud management of encryption keys for outsourced data center services to the nScaled cloud, Porticor uses a highly sophisticated and patented approach split key encryption and homomorphic key management.

Read the original:
Porticor and nScaled Partner to Deliver Secure and Compliant Business Continuity and Disaster ...

Open-Xchange announces OX Guard email encryption tool

Posted on by

OPEN-XCHANGE, the German web based productivity service provider, has announced an encryption product called OX Guard.

OX Guard is described as a "fully integrated email security tool". It requires no technical knowledge to set up and works with one click.

Messages are sent with PGP encryption using RSA public/private key pairing designed to keep all data away from prying eyes.

"We are not trying to re-invent the encryption wheel," said Rafael Laguna, CEO of Open-Xchange. "Instead, what OX Guard delivers is a secure and usable solution for everyone, helping service providers to rebuild the trust that privacy issues have destroyed.

"Everyone has the right to protect their data and we are upholding that right by making encryption user-friendly."

The "baked in" web based offering includes email retraction and timeout, secondary passwording and encrypted file sharing with storage and multi-server scalability.

If a non-user receives an OX Guard message, they receive a clear text message with instructions on how to access and decrypt the message.

Email and files are protected with symmetric AES keys and then the encrypted data is encrypted further with RSA public/private keys. Files are stored on Open-Xchange servers, but the organisation has no way of decrypting the data.

This level of encryption also appears in the main Open-Xchange suite which we profiled in an interview with Mr Laguna earlier this year. Last weekend protesters lobbied GCHQ over its surveillance schemes and those of its American counterpart, the US National Security Agency (NSA).

Read the original here:
Open-Xchange announces OX Guard email encryption tool

M&A Due Diligence: Open Source Report and License Analysis Service Now Offered by WhiteSource Software

Posted on by

Woodbury, NY (PRWEB) September 04, 2014

Open source software components, while free to use, have a license attached to them. The license lists the requirements that the company using the open source software needs to meet. Certain licenses may impose restrictions on the intellectual property of the software products that use them. Also, failing to meet license requirements could make the use of the open source components illegal.

Therefore, investigating which open source components are included in a software product and how they are used is a standard part of every M&A due diligence process.

In addition to M&A, open source due diligence is standard in OEM deals, where the licensor is often required to indemnify the licensee. Increasingly, we see software buyers insisting on due diligence because they are concerned that legal action against a vendor will affect their operation.

While open source due diligence has always been a standard requirement for most transactions, the growing percentage of open source components in commercial software means that manual due diligence or the use of software scanners is no longer an option.

Ron Rymon, a serial entrepreneur and active chairman of WhiteSource software, was involved in two open source due diligence processes:

I was involved in two M&A transactions and the open source due diligence process in each transaction was completely different. When negotiating the sale of the first company, we had to work very hard to create a report of the open source components that we used and their licenses. We spent a few man weeks including some very long nights working on the open source report, while negotiating the deal during the day. It was very hard. This is why we started WhiteSource says Rymon.

WhiteSource creates a full open source report, including risk and compliance analysis, in one click. So when I sold the second company, we were able to produce the report in minutes.

WhiteSource now offers an Open Source Due Diligence package, aiming at providing a quick and cost-effective answer to the need of producing an open source analysis for an M&A, private equity, OEM and software purchasing deals. To contact WhiteSource here.

Want to hear more about Ron Rymons M&A experience and about the WhiteSource solution?

More:
M&A Due Diligence: Open Source Report and License Analysis Service Now Offered by WhiteSource Software

Quantum key distribution technology: Secure computing for the ‘Everyman’

Posted on by

17 hours ago by James E. Rickman This small device developed at Los Alamos National Laboratory uses the truly random spin of light particles as defined by laws of quantum mechanics to generate a random number for use in a cryptographic key that can be used to securely transmit information between two parties. Quantum key distribution represents a foolproof cryptography method that may now become available to the general public, thanks to a licensing agreement between Los Alamos and Whitewood Encryption Systems, LLC. Los Alamos scientist developed their particular method for quantum cryptography after two decades of rigorous testing inside of the nation's premier national security science laboratory.

The largest information technology agreement ever signed by Los Alamos National Laboratory brings the potential for truly secure data encryption to the marketplace after nearly 20 years of development at the nation's premier national-security science laboratory.

"Quantum systems represent the best hope for truly secure data encryption because they store or transmit information in ways that are unbreakable by conventional cryptographic methods," said Duncan McBranch, Chief Technology Officer at Los Alamos National Laboratory. "This licensing agreement with Whitewood Encryption Systems, Inc. is historic in that it takes our groundbreaking technical work that was developed over two decades into commercial encryption applications."

By harnessing the quantum properties of light for generating random numbers, and creating cryptographic keys with lightning speed, the technology enables a completely new commercial platform for real-time encryption at high data rates. For the first time, ordinary citizens and companies will be able to use cryptographic systems that have only been the subject of experiments in the world's most advanced physics and computing laboratories for real-world applications.

If implemented on a wide scale, quantum key distribution technology could ensure truly secure commerce, banking, communications and data transfer.

The technology at the heart of the agreement is a compact random-number-generation technology that creates cryptographic keys based on the truly random polarization state of light particles known as photons. Because the randomness of photon polarization is based on quantum mechanics, an adversary cannot predict the outcome of this random number generator. This represents a vast improvement over current "random-number" generators that are based on mathematical formulas that can be broken by a computer with sufficient speed and power.

Moreover, any attempt by a third party to eavesdrop on the secure communications between quantum key holders disrupts the quantum system itself, so communication can be aborted and the snooper detected before any data is stolen.

The Los Alamos technology is simple and compact enough that it could be made into a unit comparable to a computer thumb drive or compact data-card reader. Units could be manufactured at extremely low cost, putting them within easy retail range of ordinary electronics consumers.

Whitewood Encryption Systems, Inc. of Boston, Mass., is a wholly owned subsidiary of Allied Minds. The agreement provides exclusive license for several Los Alamos-created quantum-encryption patents in exchange for consideration in the form of licensing fees.

"Whitewood aims to address one of the most difficult problems in securing modern communications: scalabilitymeeting the need for low-cost, low-latency, high-security systems that can effectively service increasingly complex data security needs," said John Serafini, Vice President at Allied Minds. "Whitewood's foundation in quantum mechanics makes it uniquely suited to satisfy demand for the encryption of data both at rest as well as in transit, and in the mass quantity and high-throughput requirements of today's digital environment."

Original post:
Quantum key distribution technology: Secure computing for the 'Everyman'

Microsoft TechNet: Encryption

Posted on by

Traditionally, ciphers have used information contained in secret decoding keys to code and decode messages. The process of coding plaintext to create ciphertext is called encryption and the process of decoding ciphertext to produce the plaintext is called decryption. Modern systems of electronic cryptography use digital keys (bit strings) and mathematical algorithms ( encryption algorithms ) to encrypt and decrypt information.

There are two types of encryption: symmetric key encryption and public (asymmetric) key encryption. Symmetric key and public key encryption are used, often in conjunction, to provide a variety of security functions for network and information security.

Encryption algorithms that use the same key for encrypting and for decrypting information are called symmetric-key algorithms. The symmetric key is also called a secret key because it is kept as a shared secret between the sender and receiver of information. Otherwise, the confidentiality of the encrypted information is compromised. Figure14.1 shows basic symmetric key encryption and decryption.

Figure14.1 Encryption and Decryption with a Symmetric Key

Symmetric key encryption is much faster than public key encryption, often by 100 to 1,000 times. Because public key encryption places a much heavier computational load on computer processors than symmetric key encryption, symmetric key technology is generally used to provide secrecy for the bulk encryption and decryption of information.

Symmetric keys are commonly used by security protocols as session keys for confidential online communications. For example, the Transport Layer Security (TLS) and Internet Protocol security (IPSec) protocols use symmetric session keys with standard encryption algorithms to encrypt and decrypt confidential communications between parties. Different session keys are used for each confidential communication session and session keys are sometimes renewed at specified intervals.

Symmetric keys also are commonly used by technologies that provide bulk encryption of persistent data, such as e-mail messages and document files. For example, Secure/Multipurpose Internet Mail Extensions (S/MIME) uses symmetric keys to encrypt messages for confidential mail, and Encrypting File System (EFS) uses symmetric keys to encrypt files for confidentiality.

Cryptography-based security technologies use a variety of symmetric key encryption algorithms to provide confidentiality. For more information about the specific encryption algorithms that are used by security technologies, see the applicable documentation for each technology. For more information about how the various symmetric key algorithms differ, see the cryptography literature that is referenced under "Additional Resources" at the end of this chapter.

Encryption algorithms that use different keys for encrypting and decrypting information are most often called public-key algorithms but are sometimes also called asymmetric key algorithms . Public key encryption requires the use of both a private key (a key that is known only to its owner) and a public key (a key that is available to and known to other entities on the network). A user's public key, for example, can be published in the directory so that it is accessible to other people in the organization. The two keys are different but complementary in function. Information that is encrypted with the public key can be decrypted only with the corresponding private key of the set. Figure14.2 shows basic encryption and decryption with asymmetric keys.

Figure14.2 Encryption and Decryption with Asymmetric Keys

Originally posted here:
Microsoft TechNet: Encryption

Open-Xchange launches in-browser encryption to combine security with ease of use [Q&A]

Posted on by

Data security used to be primarily about physically controlling where information was stored. But over the last few years the move towards greater use of mobile devices and increasing reliance on email for business communication has made securing information much more of a challenge.

The solution many organizations have turned to is encryption, particularly for emails, but is this the answer? Cloud collaboration specialist Open-Xchange is launching OX Guard, a fully integrated email security and encryption add-on to its OX App Suite.

OX Guard works inside the browser, with no need for special plugins or prior knowledge of encryption. Users of the OX environment will automatically receive decrypted emails, while external addresses can read encrypted content via a secure link.

We spoke to Open-Xchange CEO Rafael Laguna to find out about the role encryption has to play in ensuring security and privacy.

BN: How can encryption be used as part of a broader security strategy?

RL: Encryption adds another layer of security and complexity. Encrypted data at rest is pretty safe from prying eyes when stolen -- someone with malicious intent may be able to get to it, but it will make no sense, so it is worthless. Unfortunately the same applies when the legit consumer of the data wants to access them, some additional secure process to make it consumable again needs to be run, adding another cumbersome step.

BN: Doesnt encryption just add an extra layer of complexity making information harder to access and meaning people won't use it?

RL: Yes, indeed. This is why encryption hasn't been widely adopted in the mainstream. Encryption only gets user acceptance when it is easy to use. So encrypt as much as you can but keep the usability high.

BN: How can you overcome the problem of exchanging information with third-parties who arent using the same encryption system?

Read this article:
Open-Xchange launches in-browser encryption to combine security with ease of use [Q&A]


« First...102030...2,1682,1692,1702,1712,172...2,1802,1902,200...Last »