LEAP's multi-year plan to secure everyday communication breaks down into discrete services, to be rolled out one at a time. When we introduce a new service, integrated support will be added to both the user-facing LEAP Client and the server-side LEAP Platform for Service Providers. All communication content will be client-side encrypted, and as much of the metadata as possible. Most importantly, all LEAP services will be based on our plan for federated secure identity and unmappable routing.

On Sunday, Brazilian TV show Fantastico published previously undisclosed details based on documents obtained by Guardian journalist Glenn Greenwald from former NSA contractor Edward Snowden. The 13-minute news segment focused on the revelation that, according to the leaked files, the NSA apparently targeted Brazil’s state-run Petrobras oil producer for surveillance—undermining a recent statement by the agency that it “does not engage in economic espionage in any domain.” The Petrobras detail has been picked up internationally, and is likely to cause a serious stir in Brazil. (The country is still reeling from the revelation last week that the NSA spied on its president.) But Fantastico delivered several other highly significant nuggets that deserve equal attention.

Speaking at the keynote LinuxCon panel this year, Linus Torvalds, who created the open-source Linux operating system 22 years ago, revealed that the government had approached him about installing a backdoor into system’s structure. Linux is the preferred operating system for the privacy conscious infosec community.

The news broke this morning that the NSA (US), the GCHQ (UK), and the FRA (Sweden) have been actively working to subvert the cryptography that makes our society tick, by planting backdoors in most if not all commercial cryptography software. This means that these agencies have deliberately made all of us vulnerable as we conduct our banking business, as we go to the hospital, and as we talk privately online. Our society depends on our ability to keep secrets, and the deliberate planting of backdoors, the deliberate subversion of our infrastructure, is nothing short of a declaration of war. Even according to U.S. Generals.

Now that we have enough details about how the NSA eavesdrops on the internet, including today's disclosures of the NSA's deliberate weakening of cryptographic systems, we can finally start to figure out how to protect ourselves.

The idea we had was to build an “unattended self-deploying” instance of Kali Linux that would install itself on a target machine along with a customized configuration requiring no user input whatsoever. On reboot after the installation completes, Kali would automagically connect back to the attacker using a reverse OpenVPN connection. The VPN setup would then allow the attacker to bridge the remote and local networks as well as have access to a full suite of penetration testing tools on the target network.

I write this post because I've noticed a sort of "JUST USE BCRYPT" cargo cult (thanks Coda Hale!) This is absolutely the wrong attitude to have about cryptography. Even though people who know much more about cryptography than I do have done an amazing job packaging these ciphers into easy-to-use libraries, use of cryptography is not something you undertake lightly. Please know what you're doing when you're using it, or else it isn't going to help you. § The first cipher I'd suggest you consider besides bcrypt is PBKDF2. It's ubiquitous and time-tested with an academic pedigree from RSA Labs, you know, the guys who invented much of the cryptographic ecosystem we use today. Like bcrypt, PBKDF2 has an adjustable work factor. Unlike bcrypt, PBKDF2 has been the subject of intense research and still remains the best conservative choice.

According to leaked internal documents from the German Federal Office for Information Security (BSI) that Die Zeit obtained, IT experts figured out that Windows 8, the touch-screen enabled, super-duper, but sales-challenged Microsoft operating system is outright dangerous for data security. It allows Microsoft to control the computer remotely through a built-in backdoor. Keys to that backdoor are likely accessible to the NSA – and in an unintended ironic twist, perhaps even to the Chinese.

Forty-four per cent of those questioned said they didn't believe the phone would interfere with the plane's instruments, but — perhaps more worryingly — 27 per cent said they couldn't cope without a switched-on phone and nine per cent said they couldn't turn off their phone as being uncontactable was unacceptable (we're assuming they weren't the brightest in the sample). § There's much debate about whether phones really can interfere with instrumentation, with the general feeling that the risk isn't worth taking and that as they generally won't work anyway it's not a big deal to ask flyers to turn them off. Some planes do have in-cabin coverage, but that only gets switched on above 10km to avoid interfering with ground networks.

Now you can quickly view your DomainKeys, DKIM, and SPF validitay, and SpamAssassin score in one place. Just send an email to any address @www.brandonchecketts.com. Then check here to see the results.

|< First   < Previous   11–20 (176)   Next >   Last >|