Lately the news has had a few articles about how companies like Microsoft, Google, and Yahoo etc. are pushing the government for radical changes to their surveillance policies and demanding better protections for their customers. We have seen new ads focused on explaining how important our data is to them (and in some cases how the other guys are abusing it). The groups lining up and demanding change are many of the same companies that Edward Snowden’s bevy of leaked documents claimed were working hand in hand with the NSA to allow for mass spying on peoples’ data and that in cases where they were not directly cooperating lax security practices allowed for easy retrieval of user information.
BIPS, one of Europe's most popular wallet services for virtual currency Bitcoin was the previous day target of extensive DDoS attacks during which 1295 Bitcoin coins were stolen which amounts to around $1.02 million.
Microsoft has announced that from next year they will automatically encrypt the origin of e-mail sent through its services Office 365. The new option, called Office 365 Message Encryption, will allow users to automatically send encrypted e-mail messages to recipients outside their organization.
Corrected 9-26-2013 12:48PM EST to add information from RSA and correct the headline from "RSA Says Not To Use Their Toolkit For Fear it Might Have an NSA Backdoor" to what it currently is.
A couple of weeks ago we reported on a claim that the NSA worked with many security companies and standards groups to help develop encryption algorithms. On the surface this was to help develop stronger and more secure encryption methods to protect US interests and data. However, it turned out that the NSA was actually working to introduce flaws into the system so that they could get back in at a later date. Some of these flaws might have even been exploited by hackers attempting to penetrate systems. We know that in recent years more and more data breaches are happening and the data recovered is often decrypted and sold off. Still until very recently there has not been much to hold up the original claims.
You know, the Internet is a scary enough place with all of the Malware, scams, hackers and other crap. No one needs to be worried about the government looking over their shoulders as well. However, this is what we reminded is happening when Edward Snowden released his cache of documents to the world (through the Guardian and other news sites). We found that under the guise of protecting us from terrorism and other real and imagined threats the US government has been collecting all of our internet data for a number of years. Now this was a great surprise to many people although it should not have been.
There is a rumor going around (from “sources wishing to remain anonymous”) that claims that US Law Enforcement and the NSA have been asking internet companies for user passwords. The article originally posted by cNet has made the rounds this morning across a few sites; all of them pointing back at the single cNet source. Now on top of everything else that is going on many people are ready to jump on board with this and further denounce the NSA, the FBI, DHS, IRS, and anyone else in the US government with initials. But outside of the claims from a single blogger at cNet are there any other indications that this is a common practice?
One of my favorite quotes (relating to security) is “what man can lock, man can unlock”. Another quote that I like is “they all break when you apply enough pressure”. Both of these are crucial to an understanding of security as it relates to just about everything. This includes physical security, data security; you name it… if you try to hide it or lock it up someone can get at it with enough time and resources. One place that this is often overlooked is in the department of DRM (Digital Rights Management).
Although the media world seems shocked by the news that the unmanned drones in use by the military are vulnerable to cyber-attacks we wonder exactly why. I mean come on how many security breaches of high-level “secured” sites have to happen before someone gets it? There really is no such thing as a secure system. This has been shown time and again going back to the first encryption methods. If you have some access to the system you can get in.
I am not even sure how many times I have said this, but here it is again; what man can lock (encrypt etc) man can unlock. This has been proven again as Fujitsu has announced a world record breaking event in crypto cracking. The electronics company’s research and development arm has successfully cracked and cypher that was 278 digits long (this equates to 923 bit). The feat surpasses a breakthrough in 2009 by 74 digits.
As I was wandering the internet today and looking for something interesting to write about I stumbled upon an article that made me laugh a little. The article was talking about the Flame virus and how the methods used to crack open Microsoft’s certificates (called a collision) is a big issue. Now do not get me wrong, the entire Flame malware was a big deal and not just the ability to spoof Microsoft’s certificates to make the code seem legitimate.