64 posts tagged with encryption.
Displaying 1 through 50 of 64. Subscribe:

A DIY Guide to Feminist Cybersecurity

Hack*Blossom: "You have a right to exist safely in digital spaces. Although we have to rely on outside parties for technology to access these spaces, there are tons of helpful tools and strategies that allow you to take greater control of your digital life and mitigate the risk of malicious threats. We’ll walk through common areas of digital life such as web browsing, private data, and smartphones to show you different ways that you can implement as much or little security as you’re comfortable with." [more inside]
posted by bluecore on Jan 13, 2017 - 34 comments

Electronic Self-Protection

How to encrypt your entire life in less than an hour "In this article, I will show you how you can protect yourself by leveraging state-of-the-art encryption. In a single sitting, you can make great strides toward securing your privacy." [more inside]
posted by XtinaS on Nov 12, 2016 - 47 comments

6Password9 DNA1970

An analysis of a worst-case scenario password database reveals patterns. The dataset in question comes from a service where the original programmer created their own "encryption" for storing passwords. Before the site fully converted their password storage to bcrypt, they were hacked. Having access to all the passwords instead of just the "easy" ones allows for additional demographic analysis. Some factoids below the cut: [more inside]
posted by CBrachyrhynchos on Jun 26, 2016 - 114 comments

Ascii to Icon

Happy Friday! Enjoy this neat little toy that let's you make symbols and icon by typing out a grid characters. Brought to you by xqt2, a nobody. [more inside]
posted by numaner on Jun 17, 2016 - 10 comments

I have loved justice and hated iniquity: therefore I die in exile.

I miss my mom and dad and brother, my friends, my dog and cat, my giant redwood trees, and tacos.
Tor developer isis agora lovecruft is the latest developer to seek self exile and tells her story of FBI harrassment.
[more inside]
posted by adamvasco on May 26, 2016 - 28 comments

Tech and Privacy Experts Erupt Over Leaked Encryption Bill

A draft of a highly anticipated Senate encryption bill was leaked to The Hill late on Thursday night, sparking a swift backlash from technology and privacy groups even before the legislation has been introduced. [more inside]
posted by Bella Donna on Apr 8, 2016 - 108 comments

"Safeguard our right to privacy"

"Law enforcement must be legally able to collect information ..." – Barack Obama, at sxsw. (Full video of talk.) Contrary to the official change.gov agenda item of "Safeguard our right to Privacy," President Obama has come out in favor of law enforcement. This comes at the heels of an article stating that NSA intercepts will be shared with other intelligence agencies, bypassing parallel construction.
posted by xcasex on Mar 12, 2016 - 186 comments

They have asked us to build a backdoor to the iPhone

Investigations into the San Bernardino attack by the FBI have been potentially impeded by information locked in an iPhone 5c found on one of the perpetrators. A federal court judge has ordered Apple to assist the FBI in defeating any and all security measures built into the device. In a turn similar to Ladar Levison's letter to Lavabit users (previously), Apple has written a letter to end users about the civil rights at stake.
posted by a lungful of dragon on Feb 17, 2016 - 533 comments

Of course I'd like to sit around and chat... but someone's listening in

Fresh from The Intercept (that fearless vanguard of journalism helmed by Glenn Greenwald and Laura Poitras): disturbing documents exposing the unfathomable reach of the United Kingdom's GCHQ in its quest for total awareness of global internet traffic. A hundred billion user actions logged per day. A "Black Hole" database of 1.1 trillion logs. Frightening programs like KARMA POLICE, MEMORY HOLE, and MUTANT BROTH that correlate the kilo-crore corpus -- IP addresses, cookies, forum posts, search histories, emails, and passwords all compiled and cross-referenced into a real-time "diary" that gives penetrating insight into the relationships, beliefs, and desires of every web user on the planet. Internal documents suggest only widespread encryption can threaten the regime -- a movement the UK is determined to subdue (previously). [more inside]
posted by Rhaomi on Sep 26, 2015 - 105 comments

Operation Vula

How the ANC sent encrypted messages to one another during the struggle against apartheid. Talking to Vula is a series of six articles by Tim Jenkins about the project from the ANC`s monthly journal Mayibuye from May 1995 to October 1995. (via Schneier) [more inside]
posted by jeffburdges on Jul 29, 2015 - 14 comments

From Theory to Practice-Chatting in Secret while we're all being watched

Micah Lee at The Intercept provides a deep and wide introduction to encryption (with a clever but helpful Romeo & Juliet framing device) then brings us all the way through the doorframe, past thinking or talking about it—Chatting in Secret while we're all being watched. [more inside]
posted by infinite intimation on Jul 15, 2015 - 19 comments

HTTPS crypto protection suffers "FREAK" flaw

Washington Post: Technology companies are scrambling to fix a major security flaw that for more than a decade left users of Apple and Google devices vulnerable to hacking when they visited millions of supposedly secure Web sites, including Whitehouse.gov, NSA.gov and FBI.gov. The flaw resulted from a former U.S. government policy that forbade the export of strong encryption and required that weaker “export-grade” products be shipped to customers in other countries, say the researchers who discovered the problem. These restrictions were lifted in the late 1990s, but the weaker encryption got baked into widely used software that proliferated around the world and back into the United States, apparently unnoticed until this year. [more inside]
posted by Admira on Mar 3, 2015 - 18 comments

FalseCrypt

TrueCrypt is dead, and in an extremely bizarre way. Discussion on /r/netsec, /r/sysadmin, Hacker News and Ars Technica. A popular theory is that the bizarreness is a warrant canary.
posted by WCityMike on May 28, 2014 - 150 comments

"Nothing. You're screwed."

During their Freedom Hosting investigation and malware attack last year, the FBI unintentionally obtained the entire e-mail database of popular anonymous webmail service Tor Mail. And now, they've used it in an unrelated investigation to bust a Florida man accused of stealing credit card numbers. [more inside]
posted by zarq on Jan 27, 2014 - 39 comments

Pond, et al.

Pond provides end-to-end encrypted forward-secure asynchronous messaging that uses Tor to resist traffic analysis, i.e. metadata collection (threat model, technical, github). [more inside]
posted by jeffburdges on Jan 21, 2014 - 24 comments

DissidentX

DissidentX is a new steganography tool by Bram Cohen of BitTorrent fame designed to “vastly simplify the implementation of new steganographic techniques, and allow a universal decoder and encoding of multiple messages to different keys in the same file.” In particular, DissidentX allows encoding multiple plain texts into the same cover text with different keys, so called deniable encryption.
posted by jeffburdges on Jan 16, 2014 - 9 comments

EnCrypt Lock and Buy It

A recent strain of malware called Cryptolocker (technical description from BleepingComputer) has been infecting computers across the Internet. It's of the Ransomware (wiki) genre of attack, and searches a computer's drive for critical files by browsing their extensions (for example, focusing on word processing documents, images and music) and encrypts them with its own key that you can then buy back from the hacker for a fee of $100 to $300 dollars payable in Bitcoins. More information about the virus and how to avoid it is available at Krebs On Security, and the Malwarebytes Blog, with more recent developments on Naked Security.
posted by codacorolla on Nov 7, 2013 - 177 comments

NSA may have secretly made major mathematics breakthrough

If the NSA is able to break through banks' computer security, does that mean it solved the prime factorization problem? The New York Times reported recently that “the agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems.” Since banks' encryption codes rely on the fact that nobody knows how to find the prime factors of really large numbers, it could mean that the NSA has found a way to do that. Or it could mean that the NSA has simply gotten lots of banks to give up their information, or found other ways around their encryption. But if they've cracked this long-standing math problem, might the secret leak? What would be the effects?
posted by Sleeper on Sep 12, 2013 - 60 comments

We'd be happy to help you out with that spec....

The NSA has been spending $250 million a year on its "Sigint Enabling Project". The purpose of this project is to "actively engage[s] the U.S. and foreign IT industries to covertly influence and/or overtly leverage their commercial products’ designs' to make them 'exploitable."

Classified N.S.A. memos appear to confirm that the fatal weakness, discovered by two Microsoft cryptographers in 2007, was engineered by the agency. The N.S.A. wrote the standard and aggressively pushed it on the international group, privately calling the effort “a challenge in finesse.” “Eventually, N.S.A. became the sole editor,” the memo says.

The NSA requested that these reports not be published. [more inside]
posted by lattiboy on Sep 5, 2013 - 450 comments

Probably more secure than the Drafts folder on a shared Gmail account

Today The New Yorker unveiled Strongbox, a service that allows sources to share information with TNY journalists securely and anonymously. As explained in this infographic, Strongbox relies on the Tor network, a dedicated server, PGP encryption, VPNs, and multiple laptops and thumb drives to prevent files from being intercepted or traced. The codebase, which is open source, was designed by the late Aaron Swartz (Previously). Kevin Poulsen, one of the organizers of the project, chronicles how Swartz developed the code and how the project managed to carry on after his death. TNY hopes that Strongbox will help the magazine continue its long tradition of investigative journalism.
posted by Cash4Lead on May 15, 2013 - 34 comments

All your devices belong to US

Wired: DHS Watchdog OKs ‘Suspicionless’ Seizure of Electronic Devices Along Border [Source policy document]. Americans may find it useful to note that the definition of 'border' includes up to 100 miles from the nearest actual international border line.
posted by jaduncan on Feb 10, 2013 - 83 comments

Shhhhhhh …..

Silent Circle, a security start-up led by PGP creator Phil Zimmermann and two ex-Navy SEALs, has been teasing technology that purports to make mobile communications "virtually invulnerable to surveillance efforts" for a few months (previously). Now, they're pushing a "groundbreaking encrypted data transfer app that will enable people to send files securely from a smartphone or tablet at the touch of a button." The company has pledged not to comply with law enforcement surveillance requests, nor to provide backdoor access for the FBI.
posted by jbickers on Feb 5, 2013 - 49 comments

The Brief - A daily briefing of technology news worth caring about

NASA will send you an email or text alert when the International Space Station is visible from your area. IBM scientists have recently made significant advances in nanotechnology. A mathematician thought a poorly-encrypted headhunting email from Google was testing him, but he had actually discovered a major security hole. All of this found via The Brief: A Daily Briefing of Technology News Worth Caring About from MeFi's own nostrich. [via mefi projects]
posted by davidjmcgee on Nov 9, 2012 - 15 comments

TorChat

TorChat is an instant messaging protocol based upon Tor hidden services, making it perhaps the only instant messaging protocol with any substantive resistance to traffic analysis. [more inside]
posted by jeffburdges on Jun 18, 2012 - 19 comments

Eleventh Circuit Protects Right to Encrypt Data

The United States Court of Appeals for the Eleventh Circuit ruled yesterday [.pdf] that a citizen's refusal to decrypt encrypted drives is protected by the Fifth Amendment, at least under some circumstances. In doing so it reversed the district court's contempt order entered against a John Doe defendant after he refused to decrypt his laptop hard drive and five external hard drives in response to a subpoena. This decision arguably conflicts with an earlier decision in which a district court in Vermont required a defendant to provide the password to his encrypted drives. The Eleventh Circuit distinguishes the earlier case on the basis that the government in that case knew of the existence of the files and simply couldn't access them, while in the recent case the government did not know the names of files or even whether or not files actually existed on the encrypted drives.
posted by monju_bosatsu on Feb 24, 2012 - 89 comments

Encrypted database queries

CryptDB executes database queries over encrypted data without ever decrypting it. [more inside]
posted by jeffburdges on Dec 20, 2011 - 37 comments

Spill, Then Poof

When you send people passwords and private links via email or chat, there are copies of that information stored in many places. If you use a one-time link instead, the information persists for a single viewing which means it can't be read by someone else later. This allows you to send sensitive information in a safe way knowing it's seen by one person only. Think of it like a self-destructing message, a One Time Secret.
posted by netbros on Dec 16, 2011 - 35 comments

Homomorphic Encryption

Described as 'cryptography's holy grail', Homomorphic Encryption/Computation is a form of encryption where specific algebraic operations on the plaintext translate into different algebraic operations on the ciphertext, allowing the plaintext's owner to 'outsource' computations to untrusted machines. [more inside]
posted by jeffburdges on Aug 9, 2011 - 17 comments

"...nor shall be compelled in any criminal case to be a witness against himself..."

Public interests will be harmed absent requiring defendants to make available unencrypted contents in circumstances like these. Failing to compel Ms. Fricosu amounts to a concession to her and potential criminals (be it in child exploitation, national security, terrorism, financial crimes or drug trafficking cases) that encrypting all inculpatory digital evidence will serve to defeat the efforts of law enforcement officers to obtain such evidence through judicially authorized search warrants, and thus make their prosecution impossible.

The "if you were innocent, you'd have nothing to hide" argument rears its head, in a big way. [more inside]
posted by fifthrider on Jul 11, 2011 - 215 comments

That Syncing Feeling

Christopher Soghoian, who exposed the latest Facebook PR move, is now filing an FTC complaint (pdf) against Dropbox on the grounds that they gained unfair competitive advantage by lying about how files are encrypted and who has access to them. Dropbox explains how safe your files are.
posted by swift on May 13, 2011 - 44 comments

"Few false ideas have more firmly gripped the minds of so many intelligent men than the one that, if they just tried, they could invent a cipher that no one could break."

An animated Flash demonstration of the Advanced Encryption Standard. [more inside]
posted by grouse on Oct 11, 2010 - 20 comments

Needle program exchange

The Haystack application aims to use steganography to hide samizdat-type data within a larger stream of innocuous network traffic. Thus, civilians in Iran, for example, could more easily evade Iranian censors and provide the world with an unfiltered report on events within the country. Haystack earned its creator Austin Heap a great deal of positive coverage from the media during the 2009 Iranian election protests. The BBC described Heap as "on the front lines" of the protesters' "Twitter revolution", while The Guardian called him an Innovator of the Year. Despite the laudatory coverage, however, the media were never given a copy of the software to examine. Indeed, not much is known about the software or its inner workings. Specialists in network encryption security were not allowed to perform an independent evaluation of Haystack, despite its distribution to and use by a small number of Iranians, possibly at some risk. As interest in the project widens and criticisms of the media coverage and software continue to mount, Heap has currently asked users to cease using Haystack until a security review can be performed.
posted by Blazecock Pileon on Sep 13, 2010 - 31 comments

Position-based quantum cryptography theoretically proved

Our results open a fascinating new direction for position-based security in cryptography where security of protocols is solely based on the laws of physics and proofs of security do not require any pre-existing infrastructure.
posted by Joe Beese on Aug 8, 2010 - 47 comments

AES à la XKCD

A stick figure guide to the Advanced Encryption Standard. [via Bruce Schneier]
posted by Electric Dragon on Sep 26, 2009 - 21 comments

The dry, technical language of Microsoft's October update did not indicate anything particularly untoward.

Its reach is impossible to measure precisely, but more than 3 million vulnerable machines may ultimately have been infected. : The inside story on the Conficker Worm at New Scientist.
posted by The Whelk on Jun 15, 2009 - 84 comments

Clearly unprotected

Clear passenger data stolen. A unencrypted laptop with the personal data, including name, address, SSi number, passport number, date of birth, etc. of every one of the 33,000+ users of the the Clear system has been stolen. The Clear system allows travelers who register and pay an annual fee to bypass airport security lines by using a smart card in some airports. TSA has suspended new registrations until Verified Identity Pass, Inc., a subsidiary of GE, figures out how to install PGP. VIP is the only private contractor allowed to register users to the Clear system. Via
posted by dejah420 on Aug 5, 2008 - 103 comments

Because DRAM doesn't get frostbite.

Whole-disk encryption defeated with canned air. [via.] [more inside]
posted by Skorgu on Feb 21, 2008 - 92 comments

3.14159265itwasthebestoftimesitwastheworstofti...

Ever wondered if and where a specific set of numbers could be found in pi? Maybe you'd like to know where your birthday is? Or maybe just something funny. [prev. here, here] [more inside]
posted by TimeTravelSpeed on Dec 4, 2007 - 68 comments

Want another ID?

New "Hi - tech" passport cracked. Standards for the new passports were set by the International Civil Aviation Organisation (ICAO) in 2003 and adopted by the waiver countries and the US. The UK Home Office has adopted a very high encryption technology called 3DES - that is, to a military-level data-encryption standard times three. However they used non-secret information actually published in the passport to create a 'secret key'. That is the equivalent of installing a solid steel front door to your house and then putting the key under the mat.
posted by adamvasco on Nov 17, 2006 - 53 comments

Quantum Encryption

Quantum Encryption Scientists have created an unbreakable cypher through the use of quantum physics, where a photon is observed and used as the basis for an encryption key. "Uncertainty is the principle we exploit. It's impossible to find the key, because the photon can be measured once and only once. An eavesdropper can't measure it, and so can't get the key." Props to Heisenberg!
posted by PreacherTom on Nov 9, 2006 - 49 comments

Synchronized Chaos

The synchronization of two pendulum clocks was discovered in 1665 by Huygens. Two pendulum clocks mounted on the same wall always fell exactly out of phase with each other no matter what the starting conditions. Regardless of the initial conditions the system always ended up the same. In stark contrast, a chaotic system is extremely sensitive to initial conditions. How can these two seemingly seperate things be tied together? The synchronization of chaos. When two chaotic systems are synchronized together, information can be shared between them. It immediatly brings to mind applications for encryption, but it is still far away from everyday use.
posted by ozomatli on Dec 14, 2005 - 49 comments

technophobia?

Technophobia? or ignorance? or mendacity? A Minnesota appeals court has ruled that the presence of encryption software on a computer may be viewed as evidence of criminal intent. The specific crime here aside, why is encryption - and by extension privacy - viewed as something seedy?
posted by Smedleyman on May 27, 2005 - 10 comments

Homer Simpson: Hack your DVD player.

Homer Simpson: Hack your DVD player. It seems in countries in which the DVD Copy Control Authority doesn't own the government, even the giants of corpmedia don't like the "protection" features the platform foists on consumers. On Fox's Simpsons UK DVD release FAQ page, Homer himself says "I have no idea whatsoever what regional coding means. But it is essential that you buy a multi-regional player. Do it now." Is the DVD region-coding system really only relevant in the United States?
posted by Vetinari on Jul 11, 2002 - 25 comments

Putting free, unencrypted copies on the web increases book sales,

Putting free, unencrypted copies on the web increases book sales, according to science fiction writer Eric Flint.
posted by myl on Apr 29, 2002 - 6 comments

FBI software cracks encryption wall

FBI software cracks encryption wall The FBI is developing software capable of inserting a computer virus onto a suspect’s machine and obtaining encryption keys...
posted by Brilliantcrank on Nov 20, 2001 - 7 comments

The Terrorists Did NOT Use Encryption.

The Terrorists Did NOT Use Encryption. None of the communications, authorities said Sunday, involved the use of encryption or other code to disguise the contents of the messages.
posted by tpoh.org on Oct 1, 2001 - 11 comments

War on Civil Liberties Watch: Usable encryption is in deep doo-doo. A new poll finds 72% of Americans now supporting a ban on unbreakable encryption. (Apparantly breakable, and thus useless, encryption is just fine.) Besides the obvious fact that this stuff is already out there and cannot be taken back, particularly from non-US citizens who don't give a damn about our laws (such as, say, the exact people we're trying to defeat), is there any hope that the courts will find any such new laws unconstitutional?
posted by aaron on Sep 18, 2001 - 36 comments

Terrorism's first win? Bye-Bye crypto.

Terrorism's first win? Bye-Bye crypto. The rubble is still burning and the Republicans are ready to strip of our right to use crypto products. Opportunists feeding off fear. That's how you win at the terrorist game.
posted by skallas on Sep 13, 2001 - 51 comments

The crypto used in 802.11 wireless networking has been cracked.

The crypto used in 802.11 wireless networking has been cracked. The crack is devastating; it's fast and passive. Simply by listening, the 40-bit key can be cracked in 15 minutes. Worse, the crack scales linearly with the number of bits in the key, so raising the key length to 128 bits would raise the crack time to about an hour. 802.11 is used in such products as the Linksys Etherfast Wireless and the Apple Airport. From now on those products should be considered to be completely insecure.
posted by Steven Den Beste on Aug 3, 2001 - 16 comments

A Russian security expert has been arrested for showing how easy it is to crack an e-book.

A Russian security expert has been arrested for showing how easy it is to crack an e-book. All hail the DMCA! Some information is just Too Dangerous to be Revealed! (See also wildly detailed coverage, including the affidavit, from Planet eBook.)
posted by davidchess on Jul 18, 2001 - 6 comments

Page: 1 2