Like FREAK before it, Logjam shows why governments shouldn’t undermine encryption

Featured Image -- 20179

Originally posted on PandoDaily:

nsa

A newly-disclosed vulnerability undermines several common security protocols and leaves information sent over many connections vulnerable to surveillance. It’s called the Logjam bug, and it could affect thousands of sites and services.

The researchers who discovered the vulnerability guess that it might have been used by the National Security Agency to surveil its targets. It could also be used by other attackers who wish to “read and modify any data” someone is sending. Here’s how the researchers describe the problem on the vulnerability’s website:

Millions of HTTPS, SSH, and VPN servers all use the same prime numbers for Diffie-Hellman key exchange. Practitioners believed this was safe as long as new key exchange messages were generated for every connection. However, the first step in the number field sieve—the most efficient algorithm for breaking a Diffie-Hellman connection—is dependent only on this prime. After this first step, an attacker can quickly break individual connections.

View original 320 more words

Apple and others ask Obama to reject backdoors for cops and other snoops

Originally posted on Eideard:

Yes, this is what it says on my wife’s iPhone, same on my iPad

In a letter…delivered to President Barack Obama on Tuesday, Apple is among a group of signatories requesting the White House reject incoming government proposals that would modify current policies to allow law enforcement access to encrypted user data.

As reported by The Washington Post, which gained access to the letter on Monday, Apple joins a cadre of more than 140 tech companies, security experts and interested civil groups concerned with upcoming legislation that could force access to consumer data, even if it is encrypted.

“Strong encryption is the cornerstone of the modern information economy’s security,” the letter reads. Further, signatories unanimously recommend that government agencies should “fully support and not undermine efforts to create encryption standards.”

According to The Post, three signatories were on a five-member presidential review team formed to investigate U.S. technology policy in…

View original 175 more words

The hacking attack #GoldenHour: Why do businesses need to react to threats within 60 minutes?

Featured Image -- 20173

Originally posted on LIFARS:

GoldenHour Hacking AttackA recent report written by Enterprise Strategy Group (and commissioned by Intel Security), reveals slow responses to cyber-attacks from enterprises are leaving companies vulnerable to targeted online crime.

This research is one of the latest attempts to persuade IT users to check their defences against cyber-threats and equally importantly to make some investments into dealing with attacks. Raj Samani, EMEA Chief Technical Officer at Intel Security, said that customers have a ‘golden hour’ in which they can detect and deflect an attack, but delaying much beyond this short time frame can result in widespread contamination and failure of IT and data systems.

According to the report a substantial number of customers were unsure as to what to do on detecting a cyber-attack.

Indeed their research showed that:

  • 25% of UK IT professionals took more than two weeks just to discover that they had been targeted.
  • Once the threat had…

View original 700 more words

How We Deal with Surveillance

Originally posted on POTs and PANs:

SpyVsSpyThe fact that governments spy on us has been in the news a lot in the last two years since Edward Snowden revealed the extent of the US spying. It’s not just the US government; similar revelations have come out even in countries like Canada.

The folks at the Pew Research Center asked Americans how the knowledge that they are being watched has changed their behavior. Not surprisingly, a pretty large majority of people have made no changes. But the survey found that some people have changed their behavior, and here are some of the key findings in this survey:

  • 87% of people said that they had heard about the government surveillance. Only 31% said they had heard a lot about it and 56% said they had heard a little about it.
  • 34% of those who were aware of the surveillance had made at least one change to shield or…

View original 432 more words

Practical IT: What is encryption and how can I use it to protect my corporate data?

Featured Image -- 20167

Originally posted on Naked Security:

encryption-550There’s been a lot of talk about encryption in the media lately.

You hear about who uses encryption, and who doesn’t (lots of companies don’t, to their own detriment).

And you hear about who wants to be able to bypass encryption (some law enforcement and national security agencies), and who doesn’t (Google, Apple, privacy advocates, etc.).

The encryption debate is important, but unfortunately, encryption is complex and the discussion can be hard to follow for people outside of the security community.

Businesses often don’t realise why encryption is important, and how they can use it to protect their data.

In this article I will seek to answer some common questions about encryption by covering two areas: 1) a very brief explanation of encryption, and 2) a couple of the most common use-cases which business needs to be aware of.

What is encryption?

Encryption is a method of scrambling…

View original 862 more words

Italië: moslims bedreigen en beschimpen een katholieke processie

oogenhand:

” In Frankrijk: de eerste 4 maanden van 2015 zijn er al 104 R.K.Kerken “ontheiligd” ”

Monotheisme, interreligieuze dialoog, gezinswaarden, heiligheid van het leven. Zoveel raakvlakken toch…

Originally posted on E.J. Bron:

Screenshot_23

(Door:Raymond Ibrahim– Vertaling: “Wachteres”)

Op zondag 10 mei, na de mis in de kerk, heeft een groep jonge islamitische immigranten een katholieke processie ter ere van de Maagd Maria verstoord. Ze slingerden verbale beledigingen, geschreeuw en bedreigingen naar de groep, toen die aan de voorkant van het Islamitische Culturele Centrum in Conselice, een klein stadje in lager Romagna, passeerde. Ongeveer 100 katholieke christenen, waaronder een aantal kleine kinderen, werden voorbereid op hun eerste heilige communie, toen moslims uit het Islamitisch Centrum luidkeels verbale beledigingen en bedreigingen naar de passerende stoet uitten.

View original 146 more words

Majesteitsschennis is wel het lichtste vergrijp dat je Al-Jaberi kunt aanrekenen

oogenhand:

Al-Jaberi blijft een interessante man.

Originally posted on E.J. Bron:

Screenshot_30

Al-Jaberi

(Door: Stephan Sanders)

Al-Jaberi is een klassieke relschopper: waar hij ook komt, schopt hij net zo lang tot er een rel komt.

Aanvankelijk had het Openbaar Ministerie dus besloten om de politieke activist Abulkasim Al-Jaberi te vervolgen wegens majesteitsschennis, want op 16 november, op een anti-Zwarte Piet demonstratie riep Al-Jaberi: ‘Fuck de koning, fuck de koningin, fuck het koningshuis.’ Volgens de letter van de wet is dat strafbaar, maar om de man juist hiervoor te vervolgen, heeft iets uitermate komisch: het is alsof een automobilist eerst met 200 kilometer per uur over de snelweg scheurt, later in de bebouwde kom nog wat auto’s ramt en voetgangers belaagt, ondertussen lijntjes coke snuift om vervolgens gearresteerd te worden omdat hij niet tijdig richting aangaf. Majesteitsschennis is wel het lichtste vergrijp dat je deze Al-Jaberi kan aanrekenen.

Lees verder>>>
(h/t Robert Kern)

View original