With all of the issues surrounding online privacy and internet snooping many are very concerned about having their personal information reviewed, logged, scanned and then stored away for sale by the companies that are tracking this. This issue is a very real one and as the companies we work for can (and do) put system in place to monitor, log and block certain types of traffic we are not surprised to see this become a very hot topic. The issue has become so large that there are multiple protests about privacy and personal data security happening in many countries. So what are you to do if all you really want is to check your Hotmail or maybe do some quick shopping without giving up all of your details? A Canadian company by the name of SurfEasy has a possible answer for you. So sit back, relax and read along as we talk about the SurfEasy Plug-in Privacy device.
Apple is truly ramping up the PR machine and has even managed to get a few people in government to make some rather outrageous statements on the new phone and iOS 8. One of the new stories going around is about how the new iPhone and iOS8 are suddenly “NSA Proof” because they have added data encryption. The fallacy of this claim is almost beyond belief and shows once again that most in the technical press have absolutely no memory.
DEF CON 22, Las Vegas, NV 2014 - Yesterday at DEF CON we had the chance to listen to Christopher Soghoian, Principal Technologist, American Civil Liberties Union talk about the state of the surveillance state and how we can help fight against it. Of course you might think that his talk would be about the use of spy proof technologies, but oddly enough very little of that was talked about except to make it clear that talk of spy-proof technology makes people in Washington nervous.
Although the media world seems shocked by the news that the unmanned drones in use by the military are vulnerable to cyber-attacks we wonder exactly why. I mean come on how many security breaches of high-level “secured” sites have to happen before someone gets it? There really is no such thing as a secure system. This has been shown time and again going back to the first encryption methods. If you have some access to the system you can get in.
As I was wandering the internet today and looking for something interesting to write about I stumbled upon an article that made me laugh a little. The article was talking about the Flame virus and how the methods used to crack open Microsoft’s certificates (called a collision) is a big issue. Now do not get me wrong, the entire Flame malware was a big deal and not just the ability to spoof Microsoft’s certificates to make the code seem legitimate.
I am not even sure how many times I have said this, but here it is again; what man can lock (encrypt etc) man can unlock. This has been proven again as Fujitsu has announced a world record breaking event in crypto cracking. The electronics company’s research and development arm has successfully cracked and cypher that was 278 digits long (this equates to 923 bit). The feat surpasses a breakthrough in 2009 by 74 digits.
Edward Snowden is the gift that keeps on giving. After walking out on the NSA with a ton of secret documents detailing the extent that the agency and their partners were digging into ordinary people’s lives he started to release them. Even after the first and very damaging release of documents Snowden promised that there was more and worse to come. We have seen some pretty bad things coming from the classified document stash including a report that was recently published by Der Speigel.
One of my favorite quotes (relating to security) is “what man can lock, man can unlock”. Another quote that I like is “they all break when you apply enough pressure”. Both of these are crucial to an understanding of security as it relates to just about everything. This includes physical security, data security; you name it… if you try to hide it or lock it up someone can get at it with enough time and resources. One place that this is often overlooked is in the department of DRM (Digital Rights Management).
There is a rumor going around (from “sources wishing to remain anonymous”) that claims that US Law Enforcement and the NSA have been asking internet companies for user passwords. The article originally posted by cNet has made the rounds this morning across a few sites; all of them pointing back at the single cNet source. Now on top of everything else that is going on many people are ready to jump on board with this and further denounce the NSA, the FBI, DHS, IRS, and anyone else in the US government with initials. But outside of the claims from a single blogger at cNet are there any other indications that this is a common practice?
In the late-90s the world was shocked when a single collection of code was able to destroy a number of computers through malicious instructions. Named Chernobyl (or CIH and Spacefilter) this virus was able to overwrite data and even the BIOS on systems. It infected around 60 million computers and cuase upwards of $1 billion in damages around the world. Although there were other viruses before this nasty bug hit the scene, CIH was the start of the anti-malware commercial machine. It was not until after CIH that we really saw companies spring from the ground offering protection from future events like CIH.