Free Republic

ARMONK, NY — IBM inventors have received a patent for a breakthrough data encryption technique that is expected to further data privacy and strengthen cloud computing security. The patented breakthrough, called "fully homomorphic encryption," could enable deep and unrestricted analysis of encrypted information — intentionally scrambled data — without surrendering confidentiality. IBM's solution has the potential to advance cloud computing privacy and security by enabling vendors to perform computations on client data, such as analyzing sales patterns, without exposing or revealing the original data. IBM's homomorphic encryption technique solves a daunting mathematical puzzle that confounded scientists since the invention of...

Reuters reports that the NSA paid massive computer security firm RSA $10 million to promote a flawed encryption system so that the surveillance organization could wiggle its way around security. In other words, the NSA bribed the firm to leave the back door to computers all over the world open. Thanks to documents leaked by Edward Snowden, we already knew the NSA played a central role in promoting a flawed formula for generating random numbers, which if used in encryption, essentially gives the spies easy access to computing systems. A piece of RSA software, bSafe, became the most significant vector...

Microsoft announced a new effort to "[protect] customer data from government snooping." FSF executive director John Sullivan issued the following statement on Thursday, December 5th: "Microsoft has made renewed security promises before. In the end, these promises are meaningless. Proprietary software like Windows is fundamentally insecure not because of Microsoft's privacy policies but because its code is hidden from the very users whose interests it is supposed to secure. A lock on your own house to which you do not have the master key is not a security system, it is a jail. Even on proprietary operating systems like Windows,...

Code Names for NSA Exploit Tools This is from a Snowden document released by "Le Monde": General Term Descriptions: HIGHLANDS: Collection from Implants VAGRANT: Collection of Computer Screens MAGNETIC: Sensor Collection of Magnetic Emanations MINERALIZE: Collection from LAN Implant OCEAN: Optical Collection System for Raster-Based Computer Screens LIFESAFER: Imaging of the Hard Drive GENIE: Multi-stage operation: jumping the airgap etc. BLACKHEART: Collection from an FBI Implant DROPMIRE: Passive collection of emanations using antenna CUSTOMS: Customs opportunities (not LIFESAVER) DROPMIRE: Laser printer collection, purely proximal access (***NOT*** implanted) DEWSWEEPER: USB (Universal Serial Bus) hardware host tap that provides COVERT link over...

Truecrypt is a cross-platform, free disk encryption software for Windows and Unix-like operating systems. It is generally considered a good disk encryption software, and not too long ago, I wrote a tutorial that showed how to encrypt the Windows installation of a Windows-Linux dual-boot setup (see Dual-boot Fedora 18 and Windows 7, with full disk encryption configured on both OSs). Truecrypt is said to be published under an open source license, but in some quarters, its license has not been accepted as a valid open source license. And some of those people believe it has a backdoor. Guess who is...

Now that we have enough details about how the NSA eavesdrops on the internet, including today's disclosures of the NSA's deliberate weakening of cryptographic systems, we can finally start to figure out how to protect ourselves.... At this point, I feel I can provide some advice for keeping secure against such an adversary.... 1) Hide in the network. Implement hidden services. Use Tor to anonymize yourself. Yes, the NSA targets Tor users, but it's work for them.... 2) Encrypt your communications. Use TLS. Use IPsec. Again, while it's true that the NSA targets encrypted connections--and it may have explicit exploits...

German people are flocking to national email providers and demanding encryption services normally reserved for corporate security in the wake of the US spying scandal, German justice minister Sabine Leutheusser-Schnarrenberger told journalists in Berlin on Wednesday (28 August). “German users have reacted to the NSA [the US’ National Security Agency] scandal by switching to German email providers … and they are demanding encryption of their emails so far reserved to telecom companies. There is a great opportunity for private encryption,” the minister said. She claimed that “some 80 percent have done so” already. …

The Internet, and many forms of online commerce and communication that depend on it, may be on the brink of a "cryptopalypse" resulting from the collapse of decades-old methods of shared encryption. The result would be "almost total failure of trust in the Internet," said four researchers who gave a presentation at the Black Hat security conference in Las Vegas earlier this month. "We need to move to stronger cryptosystems that leverage more-difficult mathematical problems," the presenters said.

An entrepreneur as professionally careful as the Dread Pirate Roberts doesn’t trust instant messaging services. Forget phones or Skype. At one point during our eight-month preinterview courtship, I offer to meet him at an undisclosed location outside the United States. “Meeting in person is out of the question,” he says. “I don’t meet in person even with my closest advisors.” When I ask for his name and nationality, he’s so spooked that he refuses to answer any other questions and we lose contact for a month. All my communications with Roberts are routed exclusively through the messaging system and forums...

t wasn’t just any terrorist message that triggered U.S. terror alerts and embassy closures—but a conference call of more than 20 far-flung al Qaeda operatives, Eli Lake and Josh Rogin report. The crucial intercept that prompted the U.S. government to close embassies in 22 countries was a conference call between al Qaeda’s senior leaders and representatives of several of the group’s affiliates throughout the region. snip Several news outlets reported Monday on an intercepted communication last week between Zawahiri and Nasser al-Wuhayshi, the leader of al Qaeda’s affiliate based in Yemen. But The Daily Beast has learned that the discussion...

Until Wednesday morning, you'd probably never heard of something called "XKeyscore," a program that the National Security Agency itself describes as its "widest reaching" means of gathering data from across the Internet. According to reports shared by NSA leaker Edward Snowden with the Guardian, is that in addition to all of the other recent revelations about the NSA's surveillance programs, by using XKeyscore, "analysts can also search by name, telephone number, IP address, keywords, the language in which the Internet activity was conducted or the type of browser used." David Brown, who co-authored the recent book "Deep State: Inside the...

<p>I’d call this another reason to go Mac, except that Apple also cooperated with NSA in accessing customer activities. Second look at Linux?</p> <p>Microsoft has collaborated closely with US intelligence services to allow users’ communications to be intercepted, including helping the National Security Agency to circumvent the company’s own encryption, according to top-secret documents obtained by the Guardian.</p>

At a moment when governments and corporations alike are hellbent on snooping through your personal digital messages, it'd sure be nice if there was a font their dragnets couldn't decipher. So Sang Mun tried to build one. Sang, a recent graduate from the Rhode Island Schoold of Design (RISD), has unveiled ZXX—a "a disruptive typeface" that he says is much more difficult for data collectors like the NSA to decrypt. He's made it free to download on his website. "The project started with a genuine question: How can we conceal our fundamental thoughts from artificial intelligences and those who deploy...

Meet the groundbreaking new encryption app set to revolutionize privacy and freak out the feds. For the past few months, some of the world’s leading cryptographers have been keeping a closely guarded secret about a pioneering new invention. Today, they’ve decided it’s time to tell all. Back in October, the startup tech firm Silent Circle ruffled governments’ feathers with a “surveillance-proof” smartphone app to allow people to make secure phone calls and send texts easily. Now, the company is pushing things even further—with a groundbreaking encrypted data transfer app that will enable people to send files securely from a smartphone...

New tool and service can decrypt any PPTP and WPA2 wireless sessions using MS-CHAPv2 authenticationSecurity researchers released two tools at the Defcon security conference that can be used to crack the encryption of any PPTP (Point-to-Point Tunneling Protocol) and WPA2-Enterprise (Wireless Protected Access) sessions that use MS-CHAPv2 for authentication. MS-CHAPv2 is an authentication protocol created by Microsoft and introduced in Windows NT 4.0 SP4. Despite its age, it is still used as the primary authentication mechanism by most PPTP virtual private network (VPN) clients. MS-CHAPv2 has been known to be vulnerable to dictionary-based brute force attacks since 1999, when a...

Researchers have spotted a new banking Trojan subbed 'Tinba' that appears to have hit on a simple tactic for evading security - be as small as possible. An astonishing 20KB in size, Tinba ('Tiny Banker') retains enough sophistication to match almost anything that can be done by much larger malware types. Its main purpose is to burrow into browsers in order to steal logins, but it can also use 'obfuscated' (i.e disguised) web injection and man-in-the-browser to attempt to finesse two-factor web authentication systems. A particularly interesting feature is the way it tries to evade resident security, injecting itself into...

Researchers at Microsoft have built a virtual vault that could work on medical data without ever decrypting it. Imagine getting a friend's advice on a personal problem and being safe in the knowledge that it would be impossible for your friend to divulge the question, or even his own reply. Researchers at Microsoft have taken a step toward making something similar possible for cloud computing, so that data sent to an Internet server can be used without ever being revealed. Their prototype can perform statistical analyses on encrypted data despite never decrypting it. The results worked out by the software...

The Colorado prosecution of a woman accused of a mortgage scam will test whether the government can punish you for refusing to disclose your encryption passphrase. The Obama administration has asked a federal judge to order the defendant, Ramona Fricosu, to decrypt an encrypted laptop that police found in her bedroom during a raid of her home. Because Fricosu has opposed the proposal, this could turn into a precedent-setting case. No U.S. appeals court appears to have ruled on whether such an order would be legal or not under the U.S. Constitution's Fifth Amendment, which broadly protects Americans' right to...

The September11 terror attacks in the US were staged to overcome disunity in al-Qa'ida, confidential computer records reveal. Alan Cullison reports on what happened after his laptop was wrecked while he was covering the combat in Afghanistan IN the autumn of 2001, I was one of scores of journalists who ventured into northern Afghanistan to write about the US-assisted war against the Taliban. After losing use of my computer in an accident, I scrawled stories by candlelight with a ballpoint pen and read dispatches to my editors at The Wall Street Journal over a satellite phone. When the Taliban's defences...

Techniques that reliably erase hard disk drives don't produce the same results for solid state drives, warn University of California at San Diego researchers.Solid state drives (SSDs) have a small security problem: they're tough to erase. That warning comes from researchers at the University of California at San Diego. "Sanitization is well-understood for traditional magnetic storage, such as hard drives and tapes," said the researchers' in their study summary. "Newer solid state disks, however, have a much different internal architecture, so it is unclear whether what has worked on magnetic media will work on SSDs as well." Accordingly, the researchers...