Free Republic

Everyone is losing their mind over Apple being forced to help the FBI unlock an iPhone. Just what is going on? Relax, don't spill your almond milk latte. We'll make it crystal clear for you.

Up to 46,000 Internet-accessible digital video recorders (DVRs) that are used to monitor and record video streams from surveillance cameras in homes and businesses can easily be taken over by hackers. According to security researchers from vulnerability intelligence firm Risk Based Security (RBS), all the devices share the same basic vulnerability: They accept a hard-coded, unchangeable password for the highest-privileged user in their software -- the root account. Using hard-coded passwords and hidden support accounts was a common practice a decade ago, when security did not play a large role in product design and development. That mentality has changed in...

FBI Director James Comey said Tuesday one of the phones used by the killers in the San Bernardino, California, attacks remains inaccessible to investigators more than two months after 14 people were fatally shot. Testifying before the Senate Intelligence Committee, Comey cited the case as an example of how encryption is affecting counterterrorism efforts. But he said the dilemma of bad guys "going dark" is mostly affecting state and local law enforcement officials who are trying to solve murder, drug and car accident cases. Companies are increasingly making devices such as cellphones with encryption that allows only the people communicating...

Obama establishes Federal Privacy Council as part of massive cyber effort https://iapp.org/news/a/obama-establishes-federal-privacy-council-as-part-of-massive-cyber-effort/ Obama establishes Federal Privacy Council as part of massive cyber effort Sam Pfeifle The Privacy Advisor | Feb 9, 2016 Obama establishes Federal Privacy Council as part of massive cyber effort As part of his 2017 budget proposal for the United States, President Barack Obama is including $19 billion for cybersecurity efforts, a 35-percent increase over fiscal year 2016. The funds will go toward a Cybersecurity National Action Plan, which includes the hiring of a chief information security officer, a $3.1 billion fund for IT modernization at the...

It lights you up like a Vegas casino, says compsci boffin Usenix Enigma Although the cops and Feds wont stop banging on and on about encryption - the spies have a different take on the use of crypto. To be brutally blunt, they love it. Why? Because using detectable encryption technology like PGP, Tor, VPNs and so on, lights you up on the intelligence agencies' dashboards. Agents and analysts don't even have to see the contents of the communications - the metadata is enough for g-men to start making your life difficult. "To be honest, the spooks love PGP," Nicholas...

... The first report on the incident, released Monday, noted the loss. “A post-recovery inventory of the boats found that all weapons, ammunition, and communication gear are accounted for minus two SIM cards that appear to have been removed from two handheld satellite phones,” said the report from the U.S. Central Command. ... “Those SIM cards don’t just contain the satellite links,” he said. “They also include encryption codes, and otherwise unpublished data relating to specific orders and personnel,” he added. The former naval officer said those SIM cards should not have been allowed to fall into Iranian hands. .......

A proposed bill in New York seeks to require that all smartphones sold in the state can be decrypted or unlocked and proposes hefty fines for vendors failing to comply.The proposed law marks the latest effort by lawmakers to make it easier for law enforcement to access and read encrypted data stored on smartphones. Should the proposed bill successfully pass through New York's state assembly and senate, Apple and Google could face fines of $2,500 per device sold in the state after January 1, 2016, if a retailer knowingly sold a smartphone that could not be unlocked or decrypted by...

The CEO makes a case for standing against the use of back doors, or intentional security vulnerabilities that let law enforcement poke into your private information. It seems Apple CEO Tim Cook isn't shy about doling out advice to the Obama administration. Cook is reportedly unhappy with the White House's unwillingness to take a stance on encryption, or the scrambling of emails and other messages to keep them private. According to The Intercept, he made his concerns clear to a high-level delegation of officials during a meeting in San Jose, California, last week, asking the administration to issue a statement...

One of the excellent features of new Windows devices is that disk encryption is built-in and turned on by default, protecting your data in case your device is lost or stolen. But what is less well-known is that, if you are like most users and login to Windows 10 using your Microsoft account, your computer automatically uploaded a copy of your recovery key - which can be used to unlock your encrypted disk - to Microsoft's servers, probably without your knowledge and without an option to opt-out. During the "crypto wars" of the nineties, the National Security Agency developed an...

As you may have heard, last night Apple CEO Tim Cook was on 60 Minutes. The overall story really wasn't all that insightful for anyone who's been following Apple for any length of time, but what got a lot of attention was Tim Cook reiterating his position on protecting the privacy of Apple users through encryption.... Same basic stuff he's said before. Nothing new. Nothing controversial. But grandstanding Senator Tom Cotton apparently flipped out about it and pushed out a statement that shows a rather stunning ignorance of the law.... Of course, Senator Tom Cotton apparently didn't bother to read...

A leading Democratic senator will seek legislation requiring the ability to "pierce" through encryption. The potential bill would allow American law enforcement to read protected communications with a court order. Sen. Dianne Feinstein (D-Calif.) told the Senate Judiciary Committee on Wednesday that she would seek a bill that would give police armed with a warrant based on probable cause the ability “to look into an encrypted Web." "I have concern about a PlayStation that my grandchildren might use," she said, "and a predator getting on the other end, and talking to them, and it's all encrypted. I think there really...

Republican South Carolina Sen. Lindsey Graham renewed his calls on technology companies to give law enforcement entry into its encrypted information to fight terrorism. His message to Silicon Valley: "Change your business model tomorrow."... Companies like Apple and Google have bolstered encryption on smartphones because of heightened consumer privacy concerns in the wake of Edward Snowden's revelations that the government had been spying on its citizens. Graham said that’s a business decision.... Apple, Google and Facebook have all been under mounting pressure to create backdoor keys that would allow law enforcement access to encrypted communications. The companies maintain that this...

Disk vault Bitlocker snubs self-encrypting drives - when's the fix? We know Microsoft can be pretty secretive about its spyware-as-a-service Windows 10, but Redmond has now taken its furtiveness to a whole new level. You may or may not know that its disk encryption tool Bitlocker has suddenly stopped working in the latest version of its operating system for a number of people. Bitlocker refuses to work if you try to enable it on a self-encrypting drive with the hardware-accelerated encryption switched on: when you do a clean install of the latest build of Windows 10 - the November 2015...

Practical homomorphic encryption manual released As genome research - and the genomes themselves - get passed around the scientific community, the world's woken up to the security and privacy risks this can involve. A Microsoft research quintet has therefore published ways to help scientists work on genomic data while reducing the risk of data theft. The team published an informal manual to help scientists and other researchers to use the Simple Encrypted Arithmetic Library (SEAL). Homomorphic encryption is a technique in which software can operate on encrypted data without decrypting it. This would let hospitals and labs to work on...

Encrypted email provider ProtonMail is still being hit by a DDoS attack from what appears to be a nation state, as well as a secondary and separate lower-level assault from an identified assailant. However, the service is now operating normally, it seems. Switzerland-based ProtonMail offers an encrypted webmail system able to withstand intelligence agency-level surveillance. However, since last Tuesday the company has continued to be hit by DDoS attacks from two attackers. Talking to The Register, ProtonMail CEO Andy Yen explained: "We have been attacked every day since 3 November, so we're now entering the sixth day of attacks." "There...

In a victory for tech firms, the Obama administration will not force firms to breach the security of their products in order to provide information to law enforcement.The decision comes after a year after encryption introduced on iPhones and some Android phones sparked a debate between law enforcement and tech companies over access to phone data. With iOS 8, most data stored on the phone and communications over services like iMessage were encrypted in a way that only users could access it — not even Apple could.FBI director James Comey then sounded the alarm that phone encryption would prevent law enforcement...

To hear FBI Director James Comey tell it, strong encryption stops law enforcement dead in its tracks by letting terrorists, kidnappers and rapists communicate in complete secrecy. But that’s just not true. In the rare cases in which an investigation may initially appear to be blocked by encryption — and so far, the FBI has yet to identify a single one — the government has a Plan B: it’s called hacking.

Whistle-blower Edward Snowden has some strong opinions on communications — even when those communications are coming from aliens. The former intelligence-agency contractor turned fugitive was an unexpected guest on famous astrophysicist Neil deGrasse Tyson's StarTalk podcast on September 18. And, inevitably, the two got to talking about extraterrestrials. Snowden became an infamous household name in 2013 when he leaked classified documents divulging the government's top-secret mass-surveillance program, which involved collecting personal information on Americans via phone records without their knowledge. When the news broke, the US charged him with theft and espionage, and he's now living in Russia where he...

Mzoudi was a liaison to al Qaeda, witness said. A man claiming to be a former Iranian spy testified Friday that Abdelghani Mzoudi, the second man to be tried for an alleged role in the Sept. 11 attacks, was involved in the preparations to hit the World Trade Center. The witness, who goes by the alias Hamid Reza Zakeri, took the stand at the Hanseatic Higher Regional Court in Hamburg and claimed that Mzoudi, was "responsible for part of the organization" of the suicide attacks that destroyed the twin towers in New York and damaged the Pentagon. Zakeri testified Mzoudi...

While Washington mulls ways to make crypto less effective, the industry, thank heavens, continues to push in the other direction. Microsoft Research has just published an elliptic curve library it reckons is considerably faster than what's currently available. Outlined in this International Association for Cryptologic Research (IACR) paper, the implementation, the FourQLib, comes from noted Redmondian researchers Craig Costello and Patrick Longa. The aim with FourQ sis to update today's elliptic curve cryptography (ECC) – implementations like the National Institute of Science and Technology's (NIST's) P-256 and the non-NIST-influenced Curve25519 – since one inevitability of crypto tech is that it...