Tag: encryption

Microsoft Freaks out over security

Microsoft campusSoftware giant Microsoft said that people using all versions of Windows could be affected by the recent Freak phenomenon.

Freak is a vulnerability caused by software engineers making encryption weaker in operating systems as a result of an order by the USA in the 1990s.

Previously, it was known that the Freak vulnerability affected devices such as Apple and Android operating systems.

Microsoft described Freak “as an industry wide issue that is not specific to Windows operating systems”.

Microsoft doesn’t believe that peoples’ computers have yet been publicly exploited.

Microsoft said it is working with its partners to give information to customers to help them secure their machines. The security advisory can be found here.

Apple, Google scramble to fix bug

330ogleBoth Google and Apple devices are vulnerable to a bug and the companies are rushing to create patches for people that have such devices.

The bug – named Freak – has been in devices for years and follows US government rules in the 1990s which forced tech vendors to offer weak encryption for devices being exported abroad. While the US government changed those rules, the vulnerability remained in later iterations of the software.

Google has apparently already fixed the bug, while Apple will push an update as early next week.

Freak stands for factoring attack on RSA-Export keys – and was apparently first discovered by French researchers, whose findings were later confirmed by other experts in the field.

Quite a few well known websites, including government websites, support the less secure encryption but Google has advised people to disable that support.

Obama blows hot and cold on encryption

thewhitehouseWhile his security spooks are complaining that company moves to use strong encryption is making their life difficult, President Barack Obama said he likes the technology, other than when he doesn’t.

Talking to Recode, Obama appears to have jumped on the side of the big tech corporations against the NSA and when asked if American citizens should be entitled to control their data, just as the president controls his own private conversations through encrypted email, he said yes.

Obama replied that he’s “a strong believer in strong encryption …. I lean probably further on side of strong encryption than some in law enforcement.” He maintained that he is as firm on the topic as he ever has been.

However the matter, claimed Obama was hypothetical. If the FBI had a good case against someone involved in a terrorist plot and wants to know who that person was communicating with? Traditionally, they could get a court order for a wire tap. Today, a company might tell the FBI they can’t technically comply.

He warned that the first time that an attack takes place in which it turns out that we had a lead and we couldn’t follow up on it, because the data was encrypted the public’s going to demand answers.

“Ultimately everybody, and certainly this is true for me and my family, we all want to know that if we’re using a smartphone for transactions, sending messages, having private conversations, that we don’t have a bunch of people compromising that process. There’s no scenario in which we don’t want really strong encryption,” he said.

So, in other words, everyone should have strong encryption which should turn itself off when the security services want to have a look at it.

Obama joins British calls for encryption back-doors

 revolutionPresident Barack Obama and British Prime Minister David “One is an Ordinary Bloke” Cameron are singing from the same hymn sheet when it comes to the matter of encryption.

Obama has issued a statement that he can’t see why police and spies should not be locked out of encrypted smartphones and messaging apps.  Clearly he has not been paying much attention to the Snowden affair where it appears that the lack of encryption gave US and UK snoops huge powers over the lives of the great unwashed, while not making much difference to terrorists or criminals.

Apple, Google  and Facebook  have introduced encrypted products in the past half year that the companies say they could not unscramble, even if faced with a search warrant. That’s prompted vocal complaints from spy chiefs, the Federal Bureau of Investigation and British Prime Minister David Cameron.

In fact Obama’s comments came after two days of meetings with Cameron, and were made with his loyal lapdog at his side.

“If we find evidence of a terrorist plot… and despite having a phone number, despite having a social media address or email address, we can’t penetrate that, that’s a problem,” Obama said.

He insisted that US tech-giants are on the side of the spooks.

He said that “They’re patriots.”  Standing next to a British Prime Minister claiming that people who are publically claiming they are working to stop UK and US spooks are actually working for them is a hugely ironic piece of disinformation.

Google, Apple and Microsoft have spent a fortune encrypting links to their networks to keep “tyranny” out. If they are patriots then they are unlikely to side with the British, if US history is anything to go by.

In the US, governments have long been able to access the contents of electronic communication, including phone calls, consumer email and social media, with warrants, through wiretaps and from technology companies themselves.

But the law that governs these practices is dated and doesn’t mandate tech firms incorporate such features into modern apps.

The president wants a technical way to keep information private, but ensure that police and spies can listen in when a court approves. He is on a hiding to no-where with this one. Bill Clinton tried for a “clipper chip” that would allow only the government to decrypt scrambled messages.

Security experts have long argued such systems would tigger anti-hacking tools, leaving computers exposed. An encryption algorithm with a master key, it is inherently weaker because it’s possible for an outsider to steal that master key and crack the code.

What is worrying about this particular transatlantic accord is that the UK is more likely to get it into law than the US.

Security experts have warned that you can’t have secure systems with backdoors and that if you bring in such rules you will be making it easier for terrorists to take control of systems.

 

Scientists improve quantum hard drive

crystalThe Australian National University (ANU) claimed that a prototype quantum hard drive it’s developing has improved storage times by as much as 100 times.
The goal of the scientists are to use quantum physics to develop a highly secure data encryption network using quantum information, with applications in banking and other internet functions.
As we reported earlier this week, other scientists are working to achieve higher internet security using quantum physics.
The scientists said they stored quantum information in atoms of Europium embedded in a crystal.
They claim that the solid state technique offers advantages over using laser beams in optical fibres.  The team’s record storage time is now six hours.
Manjin Zhong from ANU, said: “Our storage times are now so long that it means people need to rethink what is the best way to distribute quantum data.  Even transporting our crystals at pedestrian speeds we have less loss than laser systems for a given distance.”
She said that the team’s goal is store light in separate crystals and transport them to different parts of networks thousands of kilometres apart.  “We are thinking of our crystals as portable optical hard drives for quantum entanglement,” she said.

Verizon’s end-to-end encryption has back door

back-doorUS carrier Verizon really does not understand why people want end-to-end encryption on their phone lines.

The outfit just announced that it is bringing in an expensive service which guarantees security by providing the sort of encryption on the line which users want following the Edward Snowden revelations.

Verizon Voice Cypher, the product introduced with the encryption company Cellcrypt, offers business and government customers’ end-to-end encryption for voice calls on iOS, Android, or BlackBerry devices equipped with a special app. The encryption software provides secure communications for people speaking on devices with the app, regardless of their wireless carrier, and it can connect to an organization’s secure phone system. All this will cost you $45 per device each month.

All sounds good but then comes the part which Verizon and Cellcrypt fail to understand why people want their product in the first place.

Cellcrypt and Verizon both say that law enforcement agencies will be able to access communications that take place over Voice Cypher, so long as they are able to prove that there is a legitimate law enforcement reason for doing so.

Seth Polansky, Cellcrypt’s vice president for North America, said building technology to allow wiretapping was not a security risk. “It’s only creating a weakness for government agencies,” he says. “Just because a government access option exists, it doesn’t mean other companies can access it.”

While Verizon is required by US law to build networks that can be wiretapped, the Communications Assistance for Law Enforcement Act requires phone carriers to decrypt communications for the government only if they have designed their technology to make it possible to do so. All Verizon and Cellcrypt needed to do is structure their encryption so that neither company had the information necessary to decrypt the calls, they would not have been breaking the law.

Verizon believes major demand for its new encryption service will come from governmental agencies conveying sensitive but unclassified information over the phone. It might have a point – such agencies want encryption and do not have to worry about others snooping on them.

 

Encryption foils coppers nine times in the US

pressieIt appears that while coppers using wiretaps are fairly effective, streetwise criminals are starting to adopt better encryption mentions.

According to Wired in nine cases during 2013, state police were unable to break the encryption used by criminal suspects they were investigating.

This is not high, but it is more than twice as many cases as in 2012, when police reported encryption preventing them from successfully spying on a criminal suspect for the first time.

To put the figure into perspective, Federal and state police eavesdropped on US suspects’ phone calls, text messages, and other communications at least 3,500 times in 2013. Of those thousands of cases, only 41 involved encryption at all. In 32 cases police managed to get around suspects’ privacy protections to eavesdrop on their targets.

The figures seem to suggest that warnings from government agencies like the FBI that the free availability of encryption tools will eventually lead to a dystopian future where criminals and terrorists use privacy tools to make their communications invisible to police.

This complaint has become common. Last year the Drug Enforcement Agency leaked an internal report complaining that Apple’s iMessage encryption was blocking their investigations of drug dealers.

However the statistics from police reports shows that encryption use is on the rise, even if the number of cases remains small and most encryption use is pointless.