Obama Police State 2014 - Giuliani on NSA spying program proposals
Defenders Of The Constitution !!! Please: Like, Share and Subscribe ...Thanks!!! Credit:Fox News.
By: America in Decline
See more here:
Obama Police State 2014 - Giuliani on NSA spying program proposals - Video
In Obamas speech 10 days ago outlining surveillance reforms, the president promised he would allow corporations like Google, Apple and Microsoft to be more transparent with their customers about NSA spying.
We will also enable communications providers to make public more information than ever before about the orders that they have received to provide data to the government, the president said.
Today, we learned what that means. The Justice Department announced(.pdf)that for the first time corporate America may publicly report a broad range of vague and inexact figures about the number of secret orders they receive from the Foreign Intelligence Surveillance Court.
The companies may begin reporting the number of FISA orders in bands of 1,000. Each company can also report the number of accounts affected collectively by the FISA orders, but, also, only in ranges of 1,000.
Companies were previously blocked from disclosing any of that information.
The change strikes an appropriate balance between the competing interests of protecting national security and furthering transparency, said Deputy Attorney General James Cole in a letter to the general counsels of Yahoo, Microsoft, LinkedIn, Google and Facebook, who had fought for the right to disclose FISA counts to their customers.
The guidelines are roughly the same that already apply to another type of secret order, called a National Security Letter.After a private deal with Google last summer, the government allowed the media giant to report the number of National Security Letters it received and the number of accounts affected by them, all in ranges of 1,000. For 2012, the latest year in which figures were available, Google had said it received 0-999 National Security Letters affecting 1000-1999 accounts.
National Security Letters allow the government to get detailed information on Americans finances and communications without oversight from a judge. The FBI has issued hundreds of thousands of NSLs and has even been reprimanded for abusing them.
FISA orders are potentially broader. FISA orders were issued to telcos under the bulk telephone metadata program NSA whistleblower Edward Snowden disclosed in June.
The companies may publish the figures one every six months, with a six-month delay in reporting periods. The government also ordered a two-year delay for companies to report snooping stats following the first order that is served on a company for a platform, product, or service (whether developed or acquired) for which the company has not previously received such an order.
Excerpt from:
Tech Giants, Telcos Get OK to Release Stats on NSA Spying
12 hours ago by Nancy Owano Credit: Symantec
(Phys.org) Database breaches are making today's headlines, revealing events where thieves scoff up millions of passwords. Security experts meanwhile think about, talk about and work towards fighting against such crimes. A fresh twist in the security arsenal might be to simply baffle criminals by unleashing a flood of data that appears real but is fake. "Honey Encryption" is an approach being proposed to protect sensitive data. You beat attackers by making it difficult to figure out if the password or encryption key they are trying to steal is correct or incorrect.
A discussion about the approach on Wednesday in Threatpost said the tool results in the attacker seeing a plausible-looking password or encryption key which is actually incorrect, and the attacker cannot tell the information is incorrect. The two people behind this Honey Encryption approach is Ari Juels, former chief scientist at computer security company RSA, and Thomas Ristenpart, an assistant professor at the University of Wisconsin.
As it is now, a criminal intruder, with each try of an incorrect key, sees gibberish. The unsuccessful try clearly indicates it is not what he or she wants. With honey encryption, however, trying to guess the password or encryption key becomes mystifying; the attacker is dealing with thousands of, say, fake credit card numbers, and each one looks plausible. A report about their work in MIT Technology Review said Juels was convinced that "by now enough password dumps have leaked online to make it possible to create fakes that accurately mimic collections of real passwords."
In October, Juels had said that "Honeywords and honey-encryption represent some of the first steps toward the principled use of decoys, a time-honored and increasingly important defense in a world of frequent, sophisticated, and damaging security breaches." He said that the honeywords and honey encryption are joint work, respectively, with Ron Rivest and Tom Ristenpart. He said honey-encryption creates "ciphertexts that decrypt under incorrect keys to seemingly valid (decoy) messages."
The Honey Encryption system, meanwhile, will be the subject of a paper later this year when Juels and Ristenpart present their "Honey Encryption: Security Beyond the Brute-Force Bound" at the Eurocrypt conference in May, an event that is focused on cryptographic techniques, in Copenhagen.
Explore further: Research trio crack RSA encryption keys by listening to computer noise
2014 Phys.org
(Phys.org) A trio of researchers in Israel has discovered that it is possible to crack 4096-bit RSA encryption keys using a microphone to listen to high-pitch noises generated by internal computer components. ...
IBM inventors have received a patent for a breakthrough data encryption technique that is expected to further data privacy and strengthen cloud computing security.
International Journal on Cryptography and Information Security ( IJCIS)
International Journal on Cryptography and Information Security ( IJCIS) is an open access peer reviewed journal that focuses on cutting-edge results in applied cryptography and Information...
By: AIRCC
Read more:
International Journal on Cryptography and Information Security ( IJCIS) - Video
Java Cryptography Architecture (JCA) Overview
Java Cryptography Tutorial, 1. The JCA JCE 2. The Provider Framework 3. The Factory Framework 4. API vs API in Java 5. java.security vs javax.crypto 6.Messa...
By: Zariga Tongy
More here:
Java Cryptography Architecture (JCA) Overview - Video
Technology
Nidhi Subbaraman NBC News
Jan. 27, 2014 at 3:23 PM ET
Jim Lo Scalzo / EPA, file
A Maryland State Trooper sits in an unmarked SUV outside the grounds of the National Security Administration just north of Washington, in Fort Meade, Md.
A group of cryptography researchers from universities around the country iscondemning the weakening of security infrastructure by the U.S. government and NSA, and warning against storing mass amounts of sensitive data.
In the open letter published Friday, the researchers write that data collection activities uncovered in the last 10 months stand to "chill free speech and invite many types of abuse, ranging from mission creep to identity theft."
The group hopes to improve the knowledge of privacy-preserving technology that already exists, that could aid legal surveillance proceed in a targeted manner. Should the NSA choose to use them, the cryptographic research community has and is developing tools and projects that can "protect civil liberties while enabling legit government searches,"Amit Sahai, a crypto researcher at UCLA who signed the letter, told NBC News. Though, "the exact ways in which they would fit together would very much depend on the precise questions that need to be addressed."
For example, Sahai noted that a kind of secure communication protocol would let phone companies rather than the government hold onto cell phone data, while allowing government entities to selectively search for information on a suspect. In this setup, the phone companies would not be privy to the exact searches, and the government would not have access to all available data.
In 2010, the FBI followed digital crumbs to track down a bank-robbing duo whod been involved in a spate of teller heists across Arizona and Colorado. After getting the greenlight from a judge, feds analyzed data from four Verizon cell towers near affected banks, and found one number that had accessed three of those towers on the days each of the banks was robbed.
Originally posted here:
US crypto researchers to NSA: If you must track, track responsibly
Cybersecurity
When President Barack Obama announced future changes to the governments surveillance programs on Jan. 17, he mentioned nothing about the National Security Agencys efforts to undermine worldwide encryption standards.
While the president focused most of his efforts on curbing the NSAs bulk records collections on phone call metadata, a group of more than 50 leading cryptographers believes the NSAs intentional weakening of Internet security standards is equally important and should be done away with, too.
The cryptographers, including several former federal officials, signed an open letter to the U.S. government Jan. 24 calling for an end to the subversion of security technology, referring to revelations from top-secret documents leaked by former NSA contractor Edward Snowden.
Those documents revealed the NSA deliberately weakened international encryption standards adopted and promoted by the National Institute of Standards and Technology, damaging NISTs reputation and forcing it to publicly recommend against using its own adopted standard.
Media reports since last June have revealed that the US government conducts domestic and international surveillance on a massive scale, that it engages in deliberate and covert weakening of Internet security standards, and that it pressures US technology companies to deploy backdoors and other data-collection features. As leading members of the US cryptography and information-security research communities, we deplore these practices and urge that they be changed, the open letter states.
The choice is not whether to allow the NSA to spy," the signatories argue in the letter. "The choice is between a communications infrastructure that is vulnerable to attack at its core and one that, by default, is intrinsically secure for its users. ... We urge the US government to reject society-wide surveillance and the subversion of security technology, to adopt state-of-the-art, privacy-preserving technology, and to ensure that new policies, guided by enunciated principles, support human rights, trustworthy commerce, and technical innovation.
Among the many cryptographers to sign the letter were two former Federal Trade Commission chief technology officers: Steven Bellovin and Ed Felten, now professors at Columbia and Princeton universities, respectively.
The cryptographers are not alone in their concerns about the NSAs subversion of Internet security standards. In December, the presidents own NSA review panel recommended the NSA be separated from the approval processes NIST uses to adopt encryption standards. Obama has yet to publicly address that recommendation.
About the Author
Read more:
Cryptography experts sign open letter against NSA surveillance
President Barack Obama in his State of the Union on Tuesday failed to address an issue that affects everyone on the internet the NSAs subversion of cryptographic standards and technologies.
Privacy advocates and business interests were crossing their fingers that Obama would announce he was following the recommendations of a presidential panel that recently urged a dramatic overhaul of the NSAs efforts to undermine encryption on a global scale.
It was the second public address to the nation this month, and both times Obama overlooked the cryptography debacle disclosed by NSA whistleblower Edward Snowden.
When Obama outlined a host of reforms to address the Snowden revelations in a Jan. 17 public address, the 44th president was also mum on whether he would accept the crypto recommendations of the Presidents Review Group on Intelligence and Communications Technologies.
There would have been no better time for Obama to address the global community about a hot-button issue that has sparked a cottage industry of crypto-product makersand one that is impacting the tech sectors ability to conduct business overseas.
The State of the Union offered President Obama an opportunity to clear the air on outstanding surveillance issues that were not addressed in his recent reform speech. Chief among these is the governments introduction of vulnerabilities in cryptographic standards and commercial products. Unfortunately, this did not occur, says Daniel Castro, an analyst with the Washington, D.C.-based Information Technology and Innovation Foundation. As long as these questions go unanswered, U.S. technology companies will face a disadvantage in global markets and lose market share to foreign competitors.
The presidential panels two recommendations in that area were to fully support and not undermine efforts to create encryption standards and to not in any way subvert, undermine, weaken, or make vulnerable generally available commercial software.
Those recommendations were in response to classified documents Snowden obtained while an NSA contractor that suggested the agency engineered a backdoor into a random number generator standard promulgated by NIST..
The Snowden documents also highlighted that the NSA has worked with industry partners to covertly influence technology products. The documents also underlined that the NSA has vast crypto-cracking resources, a database of secretly held encryption keys used to decrypt private communications, and an ability to crack cryptography in certain VPN encryption chips.
See original here:
Obama Stays Silent on Reform of NSA's Crypto Subversion