Free Republic

Meet the groundbreaking new encryption app set to revolutionize privacy and freak out the feds. For the past few months, some of the world’s leading cryptographers have been keeping a closely guarded secret about a pioneering new invention. Today, they’ve decided it’s time to tell all. Back in October, the startup tech firm Silent Circle ruffled governments’ feathers with a “surveillance-proof” smartphone app to allow people to make secure phone calls and send texts easily. Now, the company is pushing things even further—with a groundbreaking encrypted data transfer app that will enable people to send files securely from a smartphone...

New tool and service can decrypt any PPTP and WPA2 wireless sessions using MS-CHAPv2 authenticationSecurity researchers released two tools at the Defcon security conference that can be used to crack the encryption of any PPTP (Point-to-Point Tunneling Protocol) and WPA2-Enterprise (Wireless Protected Access) sessions that use MS-CHAPv2 for authentication. MS-CHAPv2 is an authentication protocol created by Microsoft and introduced in Windows NT 4.0 SP4. Despite its age, it is still used as the primary authentication mechanism by most PPTP virtual private network (VPN) clients. MS-CHAPv2 has been known to be vulnerable to dictionary-based brute force attacks since 1999, when a...

Researchers have spotted a new banking Trojan subbed 'Tinba' that appears to have hit on a simple tactic for evading security - be as small as possible. An astonishing 20KB in size, Tinba ('Tiny Banker') retains enough sophistication to match almost anything that can be done by much larger malware types. Its main purpose is to burrow into browsers in order to steal logins, but it can also use 'obfuscated' (i.e disguised) web injection and man-in-the-browser to attempt to finesse two-factor web authentication systems. A particularly interesting feature is the way it tries to evade resident security, injecting itself into...

Researchers at Microsoft have built a virtual vault that could work on medical data without ever decrypting it. Imagine getting a friend's advice on a personal problem and being safe in the knowledge that it would be impossible for your friend to divulge the question, or even his own reply. Researchers at Microsoft have taken a step toward making something similar possible for cloud computing, so that data sent to an Internet server can be used without ever being revealed. Their prototype can perform statistical analyses on encrypted data despite never decrypting it. The results worked out by the software...

The Colorado prosecution of a woman accused of a mortgage scam will test whether the government can punish you for refusing to disclose your encryption passphrase. The Obama administration has asked a federal judge to order the defendant, Ramona Fricosu, to decrypt an encrypted laptop that police found in her bedroom during a raid of her home. Because Fricosu has opposed the proposal, this could turn into a precedent-setting case. No U.S. appeals court appears to have ruled on whether such an order would be legal or not under the U.S. Constitution's Fifth Amendment, which broadly protects Americans' right to...

The September11 terror attacks in the US were staged to overcome disunity in al-Qa'ida, confidential computer records reveal. Alan Cullison reports on what happened after his laptop was wrecked while he was covering the combat in Afghanistan IN the autumn of 2001, I was one of scores of journalists who ventured into northern Afghanistan to write about the US-assisted war against the Taliban. After losing use of my computer in an accident, I scrawled stories by candlelight with a ballpoint pen and read dispatches to my editors at The Wall Street Journal over a satellite phone. When the Taliban's defences...

Techniques that reliably erase hard disk drives don't produce the same results for solid state drives, warn University of California at San Diego researchers.Solid state drives (SSDs) have a small security problem: they're tough to erase. That warning comes from researchers at the University of California at San Diego. "Sanitization is well-understood for traditional magnetic storage, such as hard drives and tapes," said the researchers' in their study summary. "Newer solid state disks, however, have a much different internal architecture, so it is unclear whether what has worked on magnetic media will work on SSDs as well." Accordingly, the researchers...

HAGERSTOWN, Md. — A key figure in the government's investigation of thousands of leaked secret war records says the suspected culprit had help. Adrian Lamo is the computer hacker who turned in Army intelligence analyst Bradley Manning. Lamo says someone told him that he helped Manning set up encryption software that Manning allegedly used to send classified information to the whistleblower website Wikileaks. Lamo isn't naming the apparent accomplice. But he says the man is among a group of people in the Boston area who work with Wikileaks.

Much to the chagrin of the entertainment industry, the encryption that protects most high-definition video content may have just been cracked. Intel Corp. officials confirmed Tuesday to FoxNews.com an investigation into a security breach, possibly a fundamental compromise of High-bandwidth Digital Content Protection (HDCP) -- the digital rights management software that governs every device that plays high-def content.

Three rifle volleys echoed through the Hills Tuesday afternoon, bidding farewell to the nation’s last Oglala Lakota code talker. Clarence Wolf Guts, an 86-year-old World War II veteran, was laid to rest in the Black Hills National Cemetery with the Lord’s Prayer and drum beat resonating inside the rock rotunda. A procession of 30 vehicles -- including one white Chevy Impala with the sign “We love you Grandpa Clarence, forever in our heart.” -- followed a white van that carried Wolf Guts from a traditional Lakota ceremony in Wanblee to Sturgis. A crowd of over 60 traveled to pay their...

07 June 2010 "JIHADIS DISCOVER GOOGLE'S ENCRYPTED SEARCH" SNIPPET: "What this means is that their connection to Google's servers is encrypted. Their search terms are not encrypted."

Note: The following text is a quote: Manhattan U.S. Attorney Charges Two Brooklyn Men with Conspiring to Provide Material Support to al Qaeda PREET BHARARA, the United States Attorney for the Southern District of New York, GEORGE VENIZELOS, the Special Agent-in-Charge of the New York Office of the Federal Bureau of Investigation ("FBI"), and RAYMOND W. KELLY, the Police Commissioner of the City of New York, announced the indictment of U.S. citizens WESAM EL-HANAFI and SABIRHAN HASANOFF for allegedly conspiring to provide material support, including computer advice and assistance, to al Qaeda. EL-HANAFI and HASANOFF are expected to be presented...

SAN FRANCISCO – Deep inside millions of computers is a digital Fort Knox, a special chip with the locks to highly guarded secrets, including classified government reports and confidential business plans. Now a former U.S. Army computer-security specialist has devised a way to break those locks.The attack can force heavily secured computers to spill documents that likely were presumed to be safe. This discovery shows one way that spies and other richly financed attackers can acquire military and trade secrets, and comes as worries about state-sponsored computer espionage intensify, underscored by recent hacking attacks on Google Inc.The new attack discovered...

Senior U.S. military officers working for the Joint Chiefs of Staff discussed the danger of Russia and China intercepting and doctoring video from drone aircraft in 2004, but the Pentagon didn't begin securing the signals until this year, according to people familiar with the matter. The disclosure came after The Wall Street Journal reported insurgents in Iraq had intercepted video feeds from drones, downloading unencrypted communications from the unmanned planes. Shiite fighters in Iraq used software programs such as SkyGrabber -- available for as little as $25.95 on the Internet -- to regularly capture drone video feeds, said a person...

A MAN who established a sophisticated network of peepholes and cameras to spy on his flatmates has escaped a jail sentence after police were unable to crack an encryption code on his home computer. Rohan James Wyllie, 39, yesterday pleaded guilty in Southport District Court to charges of attempting to visually record one of his flatmates when she was in a private place without her consent. But police were unable to prove his elaborate surveillance system had actually been used. Wyllie's three flatmates, two women and a man, grew suspicious that he was up to something when they noticed lights...

Computer scientists in Japan say they've developed a way to break the WPA encryption system used in wireless routers in about one minute. The attack gives hackers a way to read encrypted traffic sent between computers and certain types of routers that use the WPA (Wi-Fi Protected Access) encryption system. The attack was developed by Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University, who plan to discuss further details at a technical conference set for Sept. 25 in Hiroshima. Last November, security researchers first showed how WPA could be broken, but the Japanese researchers have taken the...

An Apple expert and hacker has shown that the iPhone, in all its various forms and moltings, is child’s play to compromise. This comes despite assurances from Apple regarding the 3GS’s encryption feature. Bad news for businesspeople of the 21st century, who have glommed onto the iPhone and its service halo like no other device. The wonder-phone has certainly changed the way smartphones and other devices are made, but this isn’t the first time Apple’s security measures have been described as being seriously lacking. It seems that with a little creative coding, or access to an insecure computer, the iPhone...

Note: The following text is a quote: Former State Department Official and Wife Arrested for Serving as Illegal Agents of Cuba for Nearly 30 Years Couple Allegedly Conspired to Provide Classified Information to Cuban Government A former State Department official and his wife have been arrested on charges of serving as illegal agents of the Cuban government for nearly 30 years and conspiring to provide classified U.S. information to the Cuban government. The arrests were announced today by David Kris, Assistant Attorney General for National Security; Channing D. Phillips, Acting U.S. Attorney for the District of Columbia; Joseph Persichini, Jr.,...

DVDs are set to explore new dimensions.Punchstock Spreading into extra dimensions could help next-generation DVDs to store even more data than they currently do. The new technique could squeeze around 140 times the capacity of the best Blu-rays into a standard-sized disk. Traditional DVDs and Blu-ray disks store data in two dimensions, and there's been a recent push to increase their capacity by creating multi-layered disks that store data across three dimensions. But, asks James Chon at the Swinburne University of Technology in Melbourne, Australia, why stop there?Chon and his colleagues are stepping into hyperspace, by encoding information in two...

For some, the internet is merely a hiding place — a web of secret corridors where all manner of shameful deeds unfold. But the police never expected that it might become a strategic platform where two groups of society's outcasts, terrorists and child sex abusers, could meet to exchange operational secrets. The realisation that there might be something in common between violent Muslim fanatics known for their supposed piety and sexual deviants who prey on children has only slowly dawned on officers. Cracking the mystery of how these worlds overlap is expected to improve understanding of the mindsets of both...

Defendants can't deny police an encryption key because of fears the data it unlocks will incriminate them, a British appeals court has ruled. The case marked an interesting challenge to the UK's Regulation of Investigatory Powers Act (RIPA), which in part compels someone served under the act to divulge an encryption key used to scramble data on a PC's hard drive. Failure to do so could mean a two-year prison sentence or up to five years if the case involves national security. The appeals court heard a case in which two suspects refused to give up encryption keys, arguing that...

New mathematical attack works against a broad range cryptographic functions.Unless you're a dyed in the wool cryptographic geek you probably didn't know that there was a Crypto conference, or even a chain of worldwide crypto conferences that take place each year. Fortunately, for the most of us that aren't crypto geeks there are a handful of very highly skilled people who are; they can take the highly theoretical and complex mathematical proofs and arguments that make up most of modern cryptographic and cryptanalytic research and put it into plain language. Probably the best known is Bruce Schneier, who is a...

The growing use of encryption software -- like Microsoft's own BitLocker -- by cyber criminals has led Microsoft to develop a set of tools that law enforcement agents can use to get around the software, executives at the company said...Microsoft first released the toolset, called the Computer Online Forensic Evidence Extractor (COFEE)...Microsoft gives the software to agents for free.

Security approach common on Vista, Apple and Linux laptops The disk encryption technology used to secure the data in your Windows, Apple and Linux laptops can be easily circumvented, according to new research out of Princeton University. The flaw in this approach, the researchers say, is that data previously thought to disappear immediately from dynamic RAM (DRAM) actually takes its time to dissolve, leaving the data on the computer vulnerable to thievery regardless of whether the laptop is on or off. That's because the disk encryption key, unlocked via a password when you log on to your computer, then is...

Today eight colleagues and I are releasing a significant new research result. We show that disk encryption, the standard approach to protecting sensitive data on laptops, can be defeated by relatively simple methods. We demonstrate our methods by using them to defeat three popular disk encryption products: BitLocker, which comes with Windows Vista; FileVault, which comes with MacOS X; and dm-crypt, which is used with Linux. The research team includes J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, and Edward W. Felten. Our site has links to the...

A recently released tool that allegedly was designed to help al-Qaeda supporters encrypt their Internet-based communications is a well-written and easily portable piece of code, according to a security researcher who has analyzed the software.

An Arabic-language Web site hosted on a server located in Tampa, Fla., is apparently offering a new version of software that was designed to help al-Qaeda supporters encrypt their Internet communications. The new encryption tool is called Mujahideen Secrets 2 and appears to be an updated version of easier-to-crack software that was released early last year, said Paul Henry, vice president of technology evangelism at Secure Computing Corp. in San Jose. The tool is being distributed free of charge on a password-protected Web site that belongs to an Islamic forum known as al-Ekhlaas, according to Henry and a blog posting...

A couple of years ago, Michael T. Arnold landed at the Los Angeles International Airport after a 20-hour flight from the Philippines. He had his laptop with him, and a customs officer took a look at what was on his hard drive. Clicking on folders called “Kodak pictures” and “Kodak memories,” the officer found child pornography. The search was not unusual: the government contends that it is perfectly free to inspect every laptop that enters the country, whether or not there is anything suspicious about the computer or its owner. Rummaging through a computer’s hard drive, the government says, is...

An international team of mathematicians announced in May that they had factored a 307-digit number—a record for the largest factored number and a feat that suggests Internet security may be on its last legs. “Things are becoming less and less secure,” says Arjen Lenstra, a computer scientist at the École Polytechnique Fédérale (EPFL) in Switzerland, who organized the effort. Messages in cyberspace are encrypted with a random 1,024-bit number generated by multiplying two large primes together. But if hackers using factorization can break the number into its prime multipliers, they can intercept the message. Factorization currently takes too long to...

Random numbers are critical for cryptography: for encryption keys, random authentication challenges, initialization vectors, nonces, key-agreement schemes, generating prime numbers and so on. Break the random-number generator, and most of the time you break the entire security system. Which is why you should worry about a new random-number standard that includes an algorithm that is slow, badly designed and just might contain a backdoor for the National Security Agency. Generating random numbers isn't easy, and researchers have discovered lots of problems and attacks over the years. A recent paper found a flaw in the Windows 2000 random-number generator. Another paper...

Canadian encryption vendor Certicom yesterday filed a wide-ranging lawsuit against Sony, claiming that many of the products offered by the electronics giant infringe on two Certicom patents. This might sound like business as usual until you realize what's being targeted: AACS and (by extension) the PlayStation 3. Certicom has done extensive work in elliptic curve cryptography (ECC), and the patents in question build on this work. The patents have already been licensed by groups like the US National Security Agency, which paid $25 million back in 2003 for the right to use 26 Certicom patents, including the two in the...

Excerpt - The folks at Digg.com have let the social news genie out of the bottle, and now they can't control it. Since the HD-DVD encryption code was discovered and published, readers at Digg have been repeatedly submitting stories with the 16 digit hex code in the titles and bodies. Just as quickly as these posts crawl up the Digg charts, admins seem to be deleting them. Just search Google for 09 F9 and you'll find the key. Will AACS send a Cease and Desist to InfoWorld because I posted the text "09 F9"? If so, we might as well...

TAIPEI—Within four years, the U.S. government will cease to use SHA-1 (Secure Hash Algorithm) for digital signatures, and convert to a new and more advanced "hash" algorithm, according to the article "Security Cracked!" from New Scientist . The reason for this change is that associate professor Wang Xiaoyun of Beijing's Tsinghua University and Shandong University of Technology, and her associates, have already cracked SHA-1. Wang also cracked MD5 (Message Digest 5), the hash algorithm most commonly used before SHA-1 became popular. Previous attacks on MD5 required over a million years of supercomputer time, but Wang and her research team obtained...

"Second Life," the fast-growing online site where hundreds of thousands of people play out fantasy lives online, has suffered a computer security breach that exposed the real-world personal data of its users. Linden Lab, the San Francisco-based company behind the "Second Life" site, said in a letter to its 650,000 users this weekend that its customer database, including names, addresses, passwords and some credit card data, had been compromised. All users--or residents in "Second Life" parlance--are being required to request a new password. Some 286,000 residents have used the site in the past 60 days, according to a count on...

Two Atlanta-area men met with Islamic extremists in Toronto, where they discussed "strategic locations in the United States suitable for a terrorist strike," according to an FBI affidavit made public Friday. Syed Haris Ahmed and Ehsanul Islam Sadequee -- U.S. citizens from the Atlanta area -- met with at least three other targets of FBI terrorism investigations during a trip to Toronto last month, according to the affidavit. The affidavit said the men discussed attacks against oil refineries and military bases. They also planned to travel to Pakistan for military training at a terrorist camp, which authorities said the 21-year-old...

INTELLIGENCE OPERATIONS: Phone Taps Just Got Impossible April 12, 2006: Eavesdropping on phone calls just got a lot harder. Phil Zimmermann, the guy who invented PGP encryption for Internet mail, has developed a similar product, Zfone, for VOIP (telephone calls over the Internet). Zfone, like PGP, is free and easy to use. PGP drove intelligence agencies nuts, because it gave criminals and terrorists access to industrial grade cryptography. PGP doesn't stop the police or intel people from reading encrypted email, but it does slow them down. Zfone, however, uses stronger encryption. This means more delays, perhaps fatal delays, in finding...

BEIJING (AP) - The world industrial-standards association has rejected China's controversial wireless encryption standard for global use, news reports said Monday, dealing a blow to Beijing's effort to promote its own standards for computers and telecoms. China is promoting its WAPI system in a campaign to reduce reliance on foreign technology and give its companies a competitive edge. Members of the International Organization for Standardization rejected WAPI in favor of an American standard known as 802.11i in balloting that ended March 8, the U.S.-based electronics industry newspaper EE Times and the Chinese government's Xinhua News Agency said. But Chinese officials...

UK officials are talking to Microsoft over fears the new version of Windows could make it harder for police to read suspects' computer files. Windows Vista is due to be rolled out later this year. Cambridge academic Ross Anderson told MPs it would mean more computer files being encrypted. He urged the government to look at establishing "back door" ways of getting around encryptions. The Home Office later told the BBC News website it is in talks with Microsoft....

New 'spy' cell phone costs $2,500 06/11/2005 13:59 Russian Federal Security Service (FSB) has unveiled a cell phone at the International Show of Military Equipment, Technologies, and Arms VTTV-Omsk-2005 held in the city of Omsk. The special cell phone SPM-Atlas (M-539) was developed by Atlas Research and Development Center under the FSB. It is designed for scrambling voice data transmission. According to a representative of the FSB, the phone is already on sale in Moscow cell phone stores, its retail price is $2,500, Newsru.com reports. Western data encoding algorithms used to ensure the safety of cell phone conversations have not...

A Minnesota appeals court has ruled that the presence of encryption software on a computer may be viewed as evidence of criminal intent. Ari David Levie, who was convicted of photographing a nude 9-year-old girl, argued on appeal that the PGP encryption utility on his computer was irrelevant and should not have been admitted as evidence during his trial. PGP stands for Pretty Good Privacy and is sold by PGP Inc. of Palo Alto, Calif. But the Minnesota appeals court ruled 3-0 that the trial judge was correct to let that information be used when handing down a guilty verdict....

Internet security takes a hit Report says computer-code experts concerned after flaw discovered in popular encryption technique. NEW YORK (CNN/Money) - The discovery of a crack in a commonly used Internet encryption technique raised concerns among government agencies and computer-code experts, according to a report by The Wall Street Journal. "Our heads have been spun around," Jon Callas, chief technology officer at encryption supplier PGP Corp., told the newspaper. The technique, called a "hash function," has been commonly used by Web site operators to scramble online transmissions containing credit-card information, Social Security numbers and other personal information. Hash functions were...

Microsoft RC4 Flaw One of the most important rules of stream ciphers is to never use the same keystream to encrypt two different documents. If someone does, you can break the encryption by XORing the two ciphertext streams together. The keystream drops out, and you end up with plaintext XORed with plaintext -- and you can easily recover the two plaintexts using letter frequency analysis and other basic techniques. It's an amateur crypto mistake. The easy way to prevent this attack is to use a unique initialization vector (IV) in addition to the key whenever you encrypt a document. Microsoft...

"The Electronic Frontier Foundation (EFF) just announced that it has become a financial sponsor of Tor, an open-source project to help people 'engage in anonymous communication online.' It sounds like a simpler version of Freenet, e.g. 'a network-within-a-network that protects communication from ... traffic analysis.' Like Freenet, the source-code is freely available and binaries exist for Windows, Linux, etc." Read on for more details.The submitter continues "It also allows you to install Tor-aware apps, such as an HTTP proxy (for private browsing), or maybe private P2P? Unlike Freenet, it doesn't use massive encryption (as far as I can tell) and...

RFID Passports Since the terrorist attacks of 2001, the Bush administration--specifically, the Department of Homeland Security--has wanted the world to agree on a standard for machine-readable passports. Countries whose citizens currently do not have visa requirements to enter the United States will have to issue passports that conform to the standard or risk losing their nonvisa status. These future passports, currently being tested, will include an embedded computer chip. This chip will allow the passport to contain much more information than a simple machine-readable character font, and will allow passport officials to quickly and easily read that information. That is...

Be advised. This will show you some nefarious things that can happen to your system. You're all reading this online so, yes, it affects you. Please read, then act accordingly. Click here. This is not a joke. You'll now be returned to your regular programming. A.K.A. Sleepy Brown

'This goes no further...'By Brian Wheeler BBC News Online Magazine Following revelations about bugging at the United Nations, is there any way of ensuring that your private conversations stay that way? News that Kofi Annan and other senior UN figures may have been routinely bugged by US or British security services has caused a huge political row around the world. But it will also have caused alarm among other people in the public eye who deal with sensitive information - or anyone, indeed, who values their privacy. If the secretary general of the United Nations cannot prevent his private conversations...

Intel's CTO to meet Chinese government over WAPI Pat Gelsinger to discuss concerns over China's national WLAN security standard By Martyn Williams, IDG News Service March 04, 2004 Pat Gelsinger, chief technology officer of Intel Corp., is to meet with Chinese government officials during the next few days to discuss Intel's concerns over China's national wireless LAN (WLAN) security standard and an impending June 1 deadline for compliance with the standard. The Standardization Administration of China (SAC) announced the development of a national WLAN standard in May 2003 and is demanding that all WLAN products sold in the country from...

Electronic Frontier Foundation Media Advisory DVD Descrambling Code Not a Trade Secret DVD CCA Surrenders in Bunner DVD Descrambling Case For Immediate Release: Thursday, January 22, 2004 San Jose, California - In a surprising retreat today, the consortium of entertainment and technology companies known as DVD CCA is seeking dismissal of a lawsuit against Andrew Bunner, a republisher of a computer program created to allow movie lovers to play their DVDs on computers running the Linux operating system. DVD CCA effectively gave up a multi-year effort to have the republication of the program, called DeCSS, declared a violation of trade...

The RIAA Succeeds Where the Cypherpunks Failed First published December 17, 2003 on the "Networks, Economics, and Culture" mailing list. Subscribe to the mailing list. For years, the US Government has been terrified of losing surveillance powers over digital communications generally, and one of their biggest fears has been broad public adoption of encryption. If the average user were to routinely encrypt their email, files, and instant messages, whole swaths of public communication currently available to law enforcement with a simple subpoena (at most) would become either unreadable, or readable only at huge expense. The first broad attempt by the...

Encryption Promises Unbreakable Codes BRIAN BERGSTEIN Associated Press NEW YORK - Code-makers could be on the verge of winning their ancient arms race with code-breakers. After 20 years of research, an encryption process is emerging that is considered unbreakable because it employs the mind-blowing laws of quantum physics. This month, a small startup called MagiQ Technologies Inc. began selling what appears to be the first commercially available system that uses individual photons to transfer the numeric keys that are widely used to encode and read secret documents. Photons, discrete particles of energy, are so sensitive that if anyone tries to...