is a new steganography tool
by Bram Cohen
of BitTorrent fame designed to “vastly simplify the implementation of new steganographic techniques, and allow a universal decoder and encoding of multiple messages to different keys in the same file.” In particular, DissidentX allows encoding multiple plain texts into the same cover text with different keys, so called deniable encryption
posted by jeffburdges
on Jan 16, 2014 -
A recent strain of malware called Cryptolocker (technical description from BleepingComputer
) has been infecting computers across the Internet. It's of the Ransomware (wiki)
genre of attack, and searches a computer's drive for critical files by browsing their extensions (for example, focusing on word processing documents, images and music) and encrypts them with its own key that you can then buy back from the hacker for a fee of $100 to $300 dollars payable in Bitcoins. More information about the virus and how to avoid it is available at Krebs On Security
, and the Malwarebytes Blog
, with more recent developments on Naked Security
posted by codacorolla
on Nov 7, 2013 -
If the NSA is able to break through banks' computer security, does that mean it solved the prime factorization problem?
The New York Times reported
recently that “the agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems.” Since banks' encryption codes rely on the fact that nobody knows how to find the prime factors of really large numbers, it could mean that the NSA has found a way to do that. Or it could mean that the NSA has simply gotten lots of banks to give up their information, or found other ways around their encryption. But if they've cracked this long-standing math problem, might the secret leak? What would be the effects?
posted by Sleeper
on Sep 12, 2013 -
Today The New Yorker
, a service that allows sources to share information with TNY journalists securely and anonymously. As explained in this infographic
, Strongbox relies on the Tor network, a dedicated server, PGP encryption, VPNs, and multiple laptops and thumb drives to prevent files from being intercepted or traced. The codebase
, which is open source, was designed by the late Aaron Swartz (Previously
). Kevin Poulsen, one of the organizers of the project, chronicles
how Swartz developed the code and how the project managed to carry on after his death. TNY hopes
that Strongbox will help the magazine continue its long tradition of investigative journalism.
posted by Cash4Lead
on May 15, 2013 -
The United States Court of Appeals for the Eleventh Circuit ruled yesterday
[.pdf] that a citizen's refusal to decrypt encrypted drives is protected by the Fifth Amendment, at least under some circumstances. In doing so it reversed the district court's contempt order entered against a John Doe defendant after he refused to decrypt his laptop hard drive and five external hard drives in response to a subpoena. This decision arguably conflicts with an earlier decision
in which a district court in Vermont required a defendant to provide the password to his encrypted drives. The Eleventh Circuit distinguishes the earlier case on the basis that the government in that case knew of the existence of the files and simply couldn't access them, while in the recent case the government did not know the names of files or even whether or not files actually existed on the encrypted drives.
posted by monju_bosatsu
on Feb 24, 2012 -
When you send people passwords and private links via email or chat, there are copies of that information stored in many places. If you use a one-time link instead, the information persists for a single viewing which means it can't be read by someone else later. This allows you to send sensitive information in a safe way knowing it's seen by one person only. Think of it like a self-destructing message, a One Time Secret
posted by netbros
on Dec 16, 2011 -
application aims to use steganography
to hide samizdat
-type data within a larger stream of innocuous network traffic. Thus, civilians in Iran, for example, could more easily evade Iranian censors and provide the world with an unfiltered report
on events within the country. Haystack earned its creator Austin Heap
a great deal of positive coverage from the media during the 2009 Iranian election protests. The BBC described Heap as "on the front lines"
of the protesters' "Twitter revolution", while The Guardian called him an Innovator of the Year
. Despite the laudatory coverage, however, the media were never given a copy of the software to examine. Indeed, not much is known about the software or its inner workings. Specialists in network encryption security were not allowed to perform an independent evaluation of Haystack, despite its distribution to and use by a small number of Iranians, possibly at some risk. As interest in the project widens
and criticisms of the media coverage and software continue to mount
, Heap has currently asked users to cease using Haystack
until a security review can be performed.
posted by Blazecock Pileon
on Sep 13, 2010 -
Clear passenger data stolen.
A unencrypted laptop with the personal data, including name, address, SSi number, passport number, date of birth, etc. of every one of the 33,000+ users of the the Clear
system has been stolen. The Clear system allows travelers who register and pay an annual fee to bypass airport security lines by using a smart card in some airports. TSA has suspended new registrations until Verified Identity Pass, Inc.
, a subsidiary of GE, figures out how to install PGP. VIP is the only private contractor allowed to register users to the Clear system. Via
posted by dejah420
on Aug 5, 2008 -
New "Hi - tech" passport cracked.
Standards for the new passports were set by the International Civil Aviation Organisation (ICAO)
in 2003 and adopted by the waiver countries and the US. The UK Home Office has adopted a very high encryption technology called 3DES
- that is, to a military-level data-encryption standard times three. However they used non-secret information actually published in the passport to create a 'secret key'. That is the equivalent of installing a solid steel front door to your house and then putting the key under the mat.
posted by adamvasco
on Nov 17, 2006 -
Scientists have created an unbreakable cypher through the use of quantum physics, where a photon is observed and used as the basis for an encryption key. "Uncertainty is the principle we exploit. It's impossible to find the key, because the photon can be measured once and only once. An eavesdropper can't measure it, and so can't get the key." Props to Heisenberg!
posted by PreacherTom
on Nov 9, 2006 -
of two pendulum clocks was discovered in 1665 by Huygens. Two pendulum clocks mounted on the same wall always fell exactly out of phase with each other no matter what the starting conditions. Regardless of the initial conditions the system always ended up the same. In stark contrast, a chaotic
system is extremely sensitive
to initial conditions. How can these two seemingly seperate things be tied together? The synchronization of chaos
. When two chaotic systems are synchronized together, information
can be shared between them. It immediatly brings to mind applications for encryption
, but it is still far away from everyday use
posted by ozomatli
on Dec 14, 2005 -
Homer Simpson: Hack your DVD player.
It seems in countries in which the DVD Copy Control Authority doesn't own the government, even the giants of corpmedia don't like the "protection" features the platform foists on consumers. On Fox's Simpsons UK DVD release FAQ page, Homer himself says "I have no idea whatsoever what regional coding means. But it is essential that you buy a multi-regional player. Do it now." Is the DVD region-coding system really only relevant in the United States?
posted by Vetinari
on Jul 11, 2002 -
War on Civil Liberties Watch: Usable encryption is in deep doo-doo. A new poll
finds 72% of Americans now supporting a ban on unbreakable encryption. (Apparantly breakable, and thus useless, encryption is just fine.) Besides the obvious fact that this stuff is already out there and cannot be taken back, particularly from non-US citizens who don't give a damn about our laws (such as, say, the exact people we're trying to defeat), is there any hope that the courts will find any such new laws unconstitutional?
posted by aaron
on Sep 18, 2001 -
Tivo hackers today released the hack that enables you to get MPEG-2 video out of the box and put it on CDs, share it over the net, etc. No details because the AVS Tivo site
(registration required) is being slashdot
ted...but will this precipitate a TiVo crackdown on the hackers?
posted by luser
on Jun 7, 2001 -
ALL YOUR EMAIL ARE BELONG TO US!
How serious is this threat? What precautions do you routinely take? What precautions do you think you *should* be taking? What viable options do we have today, for those of us who aren't computer programmers by profession? And how secure are they, anyway?
posted by rushmc
on May 30, 2001 -
Wincent Colaiuta has seen and reviewed the new Mac OS
but you can't read the review. He's encrypted the whole thing using PGP and he's not releasing the key until the OS is released. He says he's done this to avoid law suits from Apple.
I say he's begging for hits.
If he wanted to avoid lawsuits, he could just wait to publish the review...
posted by Jako
on Mar 20, 2001 -
The battle for unrestricted encryption continues.
Professor Bernstein won't rest; he's not going to let this go. More power to him and let's hope he ultimately wins. [He's challenging the US government restrictions on private encryption on free-speech grounds, and so far he's won in every court where the case has been heard. The government has been using delaying actions, and their relaxation of restrictions may partially have been in hopes he'd give up, leaving them still capable of some control. He's not going to, though. He's got blood in his eye, so to speak.]
posted by Steven Den Beste
on Jan 8, 2001 -
In this sendmail.net piece,
Greg Knauss (of Winerlog-when-it-was-good fame) asserts, among other things, that if a court subpoenas your email, and it's encrypted, that you can be tossed in jail for contempt if you don't give them the keys. Um, hello? 5th amendment? Does anyone have references either way on this one?
posted by baylink
on May 8, 2000 -