Holder urges tech companies to leave device backdoors open for police – The Washington Post


Attorney General Eric H. Holder Jr. said on Tuesday that new forms of encryption capable of locking law enforcement officials out of popular electronic devices imperil investigations of kidnappers and sexual predators, putting children at increased risk.

via Holder urges tech companies to leave device backdoors open for police – The Washington Post.


TL;DR: “we need to snoop on everything, for the kids”. Shameless, spineless, embarassing.

Categories : News  News  Privacy

The Criminal Indictment That Could Finally Hit Spyware Makers Hard | WIRED


The indictment this week of the man behind an app designed for surreptitiously monitoring cellphone activity is only the second federal case filed against someone involved in the commercial sale of so-called spyware and stalkingware. But the case could have negative implications for others who make and sell similar snooping tools, experts hope.

The case involves StealthGenie, a spy app for iPhones, Android phones and Blackberry devices that until last week was marketed primarily to people who suspected their spouse or lover of cheating on them but it also could be used by stalkers or perpetrators of domestic violence to track victims. The app secretly recorded phone calls and siphoned text messages and other data from a target’s phone, all of which customers of the software could view online until the government succeeded to temporarily close the Virginia-based site (.pdf) that hosted the stolen data.

via The Criminal Indictment That Could Finally Hit Spyware Makers Hard | WIRED.

Categories : News  News  Privacy

Cory Doctrow on the need for easy to use security mechanisms


Cory Doctrow via The Guardian:

Technical people need our non-technical friends to adopt good privacy practices. Every communications session has at least two parties, the sender and the recipient(s), and your privacy can leak out of either end of the wire. It doesn’t matter if I keep all my email offline, encrypted on my laptop, if it all ends up in the inboxes of people who leave it sitting on Gmail’s servers.

So this is critical, and not just for “normal people”. Even technically sophisticated people often find it difficult to follow security protocol in their own communications and computing. Things that aren’t usable just don’t get used. Making crypto as easy as your favourite websites and apps is the only way to make privacy a reality for everyone.

via Privacy technology everyone can use would make us all more secure | Technology | theguardian.com.


That’s all well and good, but how do you do it? If you’re reading this, it’s a safe bet you’re at least interested in the idea of data security. But how do you implement this among the nontechnical? It’s easy enough to tell a group of technical people “install PGP, encrypt and sign everything, don’t use weak keys” etc. But how do you get your mom to use it? Or the 62-year-old accountant that prefers to not have to deal with computers except to buy things online and email old friends or distant relatives?

Categories : News  Security

A Google Site Meant to Protect You Is Helping Hackers Attack You | Threat Level | WIRED

Categories : News

Official Gmail Blog: A first step toward more global email


But all that could change. In 2012, an organization called the Internet Engineering Task Force IETF created a new email standard that supports addresses with non-Latin and accented Latin characters e.g. ?????.????. In order for this standard to become a reality, every email provider and every website that asks you for your email address must adopt it. That’s obviously a tough hill to climb. The technology is there, but someone has to take the first step.

via Official Gmail Blog: A first step toward more global email.


The TL;DR is: Google is enabling non-latin chars in email addresses (cf RFC6530). Whether this will encourage widespread acceptance of this is going to be interesting to see; like IPv4, everyone’s gotten used to The Way We Do It Now. And like IPv6, I doubt there’s going to be much switchover unless it’s forced.

One obvious benefit would be to employ char-sets in the email header as part of heuristic anti-spam measures in a more nuanced way (as opposed to “anything non-LATIN-1 gets more weight when spam/ham score is being calculated”) — you’d be able to say “well, we have customers in Russia, so Cyrillic is OK, but we have no market in Asia so Asian languages have a higher spam score”.

Categories : News

Lorem Ipsum: Of Good & Evil, Google & China — Krebs on Security


Steganography by gaming google translate with Lorem Ipsum

Lorem Ipsum: Of Good & Evil, Google & China — Krebs on Security.


Categories : News
Tags :       

Yahoo email anti-spoofing policy breaks mailing lists

Categories : News

Schneier on Security


Schneier on Security. One of the best infosec blogs out there.

Categories : News  Security
Tags :   

Cryptolocker keys made available

Categories : News

Why the Security of USB Is Fundamentally Broken | Threat Level | WIRED

Categories : News  Security