« First...102030...2,2952,2962,2972,2982,299...2,3102,3202,330...Last »

A beginner’s guide to BitLocker, Windows’ built-in encryption tool

Posted on by

The creators of TrueCrypt shocked the computer security world this week when they seemingly ended development of the popular open source encryption tool. Even more surprising, the creators said TrueCrypt could be insecure and that Windows users should migrate to Microsoft's BitLocker. Conspiracy theories immediately began to swirl around the surprise announcement.

Regardless of the true motivations behind the message, the TrueCrypt fiasco gives us a chance to talk about BitLockerand how to use it.

BitLocker is Microsoft's easy-to-use, proprietary encryption program for Windows that can encrypt your entire drive as well as help protect against unauthorized changes to your system such as firmware-level malware.

BitLocker is available to anyone who has a machine running Windows Vista or 7 Ultimate, Windows Vista or 7 Enterprise, Windows 8.1 Pro, or Windows 8.1 Enterprise. If you're running an Enterprise edition chances are your PC belongs to a large company so you should discuss enabling BitLocker encryption with your company's IT department.

Most of us buy PCs with the standard version of Windows, which doesn't include BitLocker encryption. But if you upgraded to Windows 8 during the initial rollout of Microsoft's dual-interface OS then you probably have Windows 8 or 8.1 Pro. During the early days of Windows 8 Microsoft was selling cheap Windows 8 Pro upgrade licenses to anyone eligible for an upgrade.

To run BitLocker you'll need a Windows PC running one of the OS flavors mentioned above, plus a PC with at least two partitions and a Trusted Platform Module (TPM).

A TPM is a special chip that runs an authentication check on your hardware, software, and firmware. If the TPM detects an unauthorized change your PC will boot in a restricted mode to deter potential attackers.

If you don't know whether your computer has a TPM or multiple partitions, don't sweat it. BitLocker will run a system check when you start it up to see if your PC can use BitLocker.

Here's the thing about BitLocker: It's a closed source program. That's problematic for extremely privacy-minded folks, since users have no way of knowing if Microsoft was coerced into putting some kind of backdoor into the program under pressure from the U.S. government.

The company says there are no back doors, but how can we be certain? We can't. Sure, if BitLocker was open source most of us wouldn't be able to read the code to determine if there was a backdoor anyway. But somebody out there would be able to meaning there would be a much higher chance of any faults with the program being discovered.

Continue reading here:
A beginner's guide to BitLocker, Windows' built-in encryption tool

Encryption tool TrueCrypt may be resurrected by security audit group

Posted on by

In the wake of the sudden demise of personal encryption tool TrueCrypt, the auditing group who crowd funded an audit of the package may be bringing it back from the grave. Audit group founder and Johns Hopkins professor Matthew Green is reportedly attached to the program, but Green claims that "we're not going to commit to a 'fork' yet."

TrueCrypt was an open-source freeware application used for on-the-fly encryption. It could create a virtual encrypted disk within a file, encrypt a disk partition, or the entire storage device with pre-boot authentication. In the wake of the Snowden revelations, a non-profit agency was crowdfunded and created to audit the utility's encryption methodology, with the first phase of the report having been completed in April.

Speculation about the shutdown yesterday was wide-ranging, with the most prevalent theory being that the shutdown was a "warrant canary," meaning that the group may have received a subpoena from US courts demanding encryption keys. Internet skeptics believe that the group may have chosen to shut down, rather than fight or concede the keys to the court.

Reuters claims that Green and the audit team are continuing the evaluation of the encryption code. Additionally, the group will attempt to de-obfuscate the license and the legal issues surrounding it before publishing a fork to the utility.

By Electronista Staff

Link:
Encryption tool TrueCrypt may be resurrected by security audit group

Corporations put their cash where their open source security is

Posted on by

Summary: OpenSSL and Open Crypto Audit Project are the first open source projects to receive funding from the Core Infrastructure Initiative.

The corporate cash faucet has been turned on for vital, but neglected, open-source projects. The Core Infrastructure Initiative (CII) has reviewed under-funded but critical open source software projects and decided that Network Time Protocol (NTP), OpenSSH, and OpenSSL will get the first round of funding.

OpenSSL will receive funds from CII for two full-time core developers.

OpenSSL Software Foundation President Steve Marquess, who joined OpenSSL in April, said that he did not consider this enough and that he'd "ultimately like to see more than just two dedicated people working on OpenSSL, but these Linux Foundation fellowships are the most significant good news the OpenSSL project has ever had." The two new full-time programmers are Stephen Henson and Andy Polyakov.

The project, needless to say, is accepting additional donations. These can be coordinated directly with the OpenSSL Foundation (contact at info@opensslfoundation.com).

The Open Crypto Audit Project (OCAP) will also receive funding in order to conduct a security audit of the OpenSSL code base. Other projects are under consideration and will be funded as assessments are completed and budget allows.

The exact amounts being given to OCAP, NTP, and OpenSSH have not been revealed. In general, the CII provides funding for fellowships for key developers to work full time on open source projects, security audits, computing and test infrastructure, travel, face-to-face meeting coordination and other support. The Steering Committee, comprised of members of the Initiative, and the Advisory Board of industry stakeholders and esteemed developers, is tasked with identifying underfunded open source projects that support critical infrastructure, and administering the funds through The Linux Foundation.

"All software development requires support and funding. Open source software is no exception and warrants a level of support on par with the dominant role it plays supporting todays global information infrastructure, said Jim Zemlin, executive director at The Linux Foundation in a statement. CII implements the same collaborative approach that is used to build software to help fund the most critical projects. The aim of CII is to move from the reactive, crisis-driven responses to a measured, proactive way to identify and fund those projects that are in need. I am thrilled that we now have a forum to connect those in need with those with funds.

In addition, the CII's backers, which already include Google, IBM, Intel, Cisco, Microsoft, and VMware have now been joined by Adobe, Bloomberg, HP, Huawei, and salesforce.com. These companies represent the ongoing and overwhelming support for the open source software that provides the foundation for todays global infrastructure. Each CII member has pledged a minimum of $100,000 a year for a minimum of three years to support critical open source projects.

Looking ahead, the CII also announced its Advisory Board. This group will advise the CII Steering Committee about the open source projects most in need of support. Its membership, a who's who of open source programmers, security experts, and lawyers includes:

More here:
Corporations put their cash where their open source security is

Open source TrueCrypt suddenly shutters, conspiracy theories abound

Posted on by

The official pages for cryptography tool TrueCrypt have suddenly changed, claiming that users shouldn't use the utility as development has ceased and it may "contain unfixed security issues." A new version of the app has been posted, removing the ability to create new encrypted volumes, but still allowing decryption of existing volumes.

TrueCrypt was an open-source freeware application used for on-the-fly encryption. It could create a virtual encrypted disk within a file, encrypt a disk partition, or the entire storage device with pre-boot authentication. In the wake of the Snowden revelations, a non-profit agency was crowdfunded and created to audit the utility's encryption methodology, with the first phase of the report having been completed in April.

The full posting at the TrueCrypt site says that "This page exists only to help migrate existing data encrypted by TrueCrypt. The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms. You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform." It is unclear what the support termination of Windows XP has to do with the death of the TrueCrypt platform.

Despite some Internet uncertainty and conspiracy theories around the sudden death of the popular tool, the new release is certified with the TrueCrypt private signing key, suggesting that the release is authentic from the secretive developer team. The repository hosting the utility, SourceForge claims that there is "no indicator of account compromise" and "current usage is consistent with past usage." Additionally, the last major update was over two years ago with limited support on newer operating systems, so all signs point to the program being abandoned, rather than interfered with by external forces.

By Electronista Staff

Read more here:
Open source TrueCrypt suddenly shutters, conspiracy theories abound

Julian Assange seeks Ecuador asylum: Wikileaks founder …

Posted on by

Wikileaks founder Julian Assange has taken refuge in Ecuadors embassy in London claiming political asylum.

The country's foreign minister Ricardo Patino told a news conference that the controversial whistleblower said he was being persecuted and was seeking asylum.

He said that Assange, an Australian, had argued that the authorities in his country will not defend his minimum guarantees in front of any government or ignore the obligation to protect a politically persecuted citizen.

Referring to the Unites States, he said it was impossible for him to return to his homeland because it would not protect him from being extradited to a foreign country that applies the death penalty for the crime of espionage and sedition.

The move comes less than a week after Britains Supreme Court rejected Assanges bid to reopen his attempts to block extradition to Sweden, where he is wanted for questioning after two women accused him of sexual misconduct during a visit to the country two years ago.

He denies the allegations.

His legal struggle to stay in Britain has dragged on for neearly two years, clouding his websites work exposing the worlds secrets.

Assange shot to fame in 2010 with the release of hundreds of thousands of secret US documents, including a video showing US forces gunning down a crowd of Iraqi civilians and journalists whom they had mistaken for insurgents.

Foreign Minister Ricardo Patino said: Ecuador is studying and analysing the request.

A spokesman from the Ecuador Embassy said: This afternoon Mr Julian Assange arrived at the Ecuadorian Embassy seeking political asylum from the Ecuadorian government.

See the rest here:
Julian Assange seeks Ecuador asylum: Wikileaks founder ...


« First...102030...2,2952,2962,2972,2982,299...2,3102,3202,330...Last »