Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

November 11 2017

3we

DOJ: Strong Encryption That We Don't Have Access To Is 'Unreasonable'

An anonymous reader quotes a report from Ars Technica:

Just two days after the FBI said it could not get into the Sutherland Springs shooter's seized iPhone, Politico Pro published a lengthy interview with a top Department of Justice official who has become the "government's unexpected encryption warrior." According to the interview, which was summarized and published in transcript form on Thursday for subscribers of the website, Deputy Attorney General Rod Rosenstein indicated that the showdown between the DOJ and Silicon Valley is quietly intensifying. "We have an ongoing dialogue with a lot of tech companies in a variety of different areas," he told Politico Pro. "There's some areas where they are cooperative with us. But on this particular issue of encryption, the tech companies are moving in the opposite direction. They're moving in favor of more and more warrant-proof encryption." "I want our prosecutors to know that, if there's a case where they believe they have an appropriate need for information and there is a legal avenue to get it, they should not be reluctant to pursue it," Rosenstein said. "I wouldn't say we're searching for a case. I''d say we're receptive, if a case arises, that we would litigate."

In the interview, Rosenstein also said he "favors strong encryption." "I favor strong encryption, because the stronger the encryption, the more secure data is against criminals who are trying to commit fraud," he explained. "And I'm in favor of that, because that means less business for us prosecuting cases of people who have stolen data and hacked into computer networks and done all sorts of damage. So I'm in favor of strong encryption." "This is, obviously, a related issue, but it's distinct, which is, what about cases where people are using electronic media to commit crimes? Having access to those devices is going to be critical to have evidence that we can present in court to prove the crime. I understand why some people merge the issues. I understand that they're related. But I think logically, we have to look at these differently. People want to secure their houses, but they still need to get in and out. Same issue here." He later added that the claim that the "absolutist position" that strong encryption should be by definition, unbreakable, is "unreasonable." "And I think it's necessary to weigh law enforcement equities in appropriate cases against the interest in security," he said.

November 09 2017

3we

How Cloudflare Uses Lava Lamps To Encrypt the Internet

YouTuber Tom Scott was invited to visit Cloudflare's San Francisco headquarters to check out the company's wall of lava lamps. These decorative novelty items -- while neat to look at -- serve a special purpose for the internet security company. Cloudflare takes pictures and video of the lava lamps to turn them into "a stream of random, unpredictable bytes," which is used to help create the keys that encrypt the traffic that flow through Cloudflare's network. ZDNet reports:

Cloudflare is a DNS service which also offers distributed denial-of-service (DDoS) attack protection, security, free SSL, encryption, and domain name services. Cloudflare is known for providing good standards of encryption, but it seems the secret is out -- this reputation is built in part on lava lamps. Roughly 10 percent of the Internet's traffic passes through Cloudflare, and as the firm deals with so much encrypted traffic, many random numbers are required. According to Nick Sullivan, Cloudfare's head of cryptography, this is where the lava lamps shine. Instead of relying on code to generate these numbers for cryptographic purposes, the lava lamps and the random lights, swirling blobs and movements are recorded and photographs are taken. The information is then fed into a data center and Linux kernels which then seed random number generators used to create keys to encrypt traffic. "Every time you take a picture with a camera there's going to be some sort of static, some sort of noise," Sullivan said. "So it's not only just where the bubbles are flowing through the lava lamp; it is the state of the air, the ambient light -- every tiny change impacts the stream of data."
Cloudflare also reportedly uses a "chaotic pendulum" in its London office to generate randomness, and in Singapore, they use a radioactive source.

November 06 2017

3we

Certificate Authority: Comodo gehört jetzt einem Staatstrojanerbesitzer

Es ist schon die zweite Zertifizierungsstelle, die in diesem Jahr verkauft wird: Comodo stößt das Geschäft mit Zertifikaten an eine Investmentgesellschaft ab. Diese hat unter anderem auch Hersteller von Staatstrojanern im Portfolio.

3we
3we

E-Mail-Verschlüsselung: Pflicht für Apotheker, Ärzte und Rechtsanwälte

Der Sächsische Landesdatenschutzbeauftragte Andreas Schurig hat in seinem aktuellen Tätigkeitsbericht auf die Pflicht zur Verschlüsselung bei E-Mails von Berufsgeheimnisträgern hingewiesen, wenn diese sensible personenbezogene Daten enthalten.

Unverschlüsselte E-Mails rechtswidrig

Laut Schurig ist insbesondere das Versenden von Gesundheitsdaten per unverschlüsselter E-Mail rechtlich unzulässig, da es sich hierbei um besondere Arten von personenbezogenen Daten i.S.v. § 3 Abs. 9 BDSG handelt. Dies würde nicht den Anforderungen der Nr. 4 der Anlage zu § 9 BDSG entsprechen. Danach muss gewährleistet sein, dass personenbezogene Daten bei der elektronischen Übertragung nicht unbefugt gelesen, kopiert, verändert oder entfernt werden können. Schurig begründet dies mit der Tatsache, dass eine unverschlüsselte E-Mail von allen an der Übertragung beteiligten Stellen problemlos mitgelesen werden kann und nicht dem aktuellen Stand der Technik entsprechen.

...[weiter]...

October 24 2017

3we

Europol: EU will "Entschlüsselungsplattform" ausbauen

Die Verschlüsselung privater Kommunikation soll auch auf europäischer Ebene angegriffen werden. Da der Einbau von Hintertüren offenbar vom Tisch ist, geht es nun um Schwachstellen bei der Implementierung und das Hacken von Passwörtern.

October 14 2017

3we

Verschlüsselung: Niemand hat die Absicht, TLS zu knacken

Mit einer vorgeschlagenen Erweiterung für das kommende TLS 1.3 könnte die Verschlüsselung effektiv gebrochen werden. Internet-, Mobilfunk- und Cloud-Provider wollen dazu aber nicht öffentlich Stellung nehmen. Und die nächste ähnliche Idee steht schon wieder auf der Agenda.

Reposted byv2pxsofiasnitrovent

October 11 2017

3we

Justice Department To Be More Aggressive In Seeking Encrypted Data From Tech Companies

An anonymous reader quotes a report from The Wall Street Journal (Warning: source may be paywalled; alternative source):

The Justice Department signaled Tuesday it intends to take a more aggressive posture in seeking access to encrypted information from technology companies, setting the stage for another round of clashes in the tug of war between privacy and public safety. Deputy Attorney General Rod Rosenstein issued the warning in a speech in Annapolis, Md., saying that negotiating with technology companies hasn't worked. "Warrant-proof encryption is not just a law enforcement problem," Mr. Rosenstein said at a conference at the U.S. Naval Academy. "The public bears the cost. When our investigations of violent criminal organizations come to a halt because we cannot access a phone, even with a court order, lives may be lost." Mr. Rosenstein didn't say what precise steps the Justice Department or Trump administration would take. Measures could include seeking court orders to compel companies to cooperate or a push for legislation. A Justice Department official said no specific plans were in the works and Mr. Rosenstein's speech was intended to spur public awareness and discussion of the issue because companies "have no incentive to address this on their own."

August 16 2017

3we

Stiftung Wissenschaft und Politik warnt vor Schwächung der Verschlüsselung

Die Stiftung Wissenschaft und Politik (SWP) warnt in einem Papier (PDF) vor der Schwächung von Verschlüsselung und Cyber-Sicherheit. Gegenwärtig formiere sich weltweit eine unfreiwillige Allianz von Gegnern der Verschlüsselung. Neben autoritären Regimen setzten auch immer mehr westliche Demokratien darauf, die Kommunikationsverschlüsselung zu schwächen und Spionage-Software auf Smartphones zu nutzen. Damit würde ein globaler Normsetzungsprozess beschleunigt, der die Bemühungen um Cyber-Sicherheit konterkariere. Die Stiftung, welche die Bundesregierung berät, empfiehlt, dass sich Deutschland diesem Trend entgegenstellen und seine Ambitionen als Verschlüsselungsstandort Nummer eins verstärken solle.

Das Papier von Matthias Schulze beschreibt einerseits die Bemühungen von Russland und China, den Zugang zu VPNs zu erschweren, geht aber auch auf den britischen Investigatory Powers Bill ein, in dem beispielsweise Hintertüren festgeschrieben sind.

...[weiter]...

Reposted byEinhornZorro EinhornZorro
Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.

Don't be the product, buy the product!

Schweinderl