EFF Analyzes Secure Messaging
The Electronic Frontier Foundation has published an interesting look at secure messaging, as it exists today, including a super-handy scorecard. Yay!
The Electronic Frontier Foundation has published an interesting look at secure messaging, as it exists today, including a super-handy scorecard. Yay!
Bletchley Park pays homage to the popularly monikered Bombe Girls (Eight Wrens - Women’s Royal Naval Service), who had arrived at Bletchley Park seventy five years go, and focused on operating the Turing-Welchman Bombe Machine.
Interesting post at NODE, proffering advice to 中本哲史 Nakamoto Satoshi on the method to attain the penultimate viral outcome. Bitcoin users, rejoice...
Ars Technica's Megan Geuss reports the apparent defeat of security technologies associated with so-called 'secure chip-and-pin' credit cards. Today's Must Read.
Google, Inc. (NasdaqGS:GOOG) has warned Symantec Corporation (NASDAQ:SYMC) of imposed requirements applied to the Symantec Certificate Authority due to apparent malfeasence in managing the company's Certificate Authority infrastructure and specifically Certificates issued without notifying the holders of same.
The implications of the action are range far both in scope (related to the specific certificates under scrutiny ("Symantec performed another audit and, on October 12th, announced that they had found an additional 164 certificates over 76 domains and 2,458 certificates issued for domains that were never registered. - posted by Ryan Sleevi, Software Engineer at Google, Inc.)), and in Google's efforts to enforce the WebTrust in the Digital Certificate realm. This is why I say, Trust - But Verify...
"It’s obviously concerning that a CA would have such a long-running issue and that they would be unable to assess its scope after being alerted to it and conducting an audit. Therefore we are firstly going to require that as of June 1st, 2016, all certificates issued by Symantec itself will be required to support Certificate Transparency. In this case, logging of non-EV certificates would have provided significantly greater insight into the problem and may have allowed the problem to be detected sooner." - Posted by Ryan Sleevi, Software Engineer at Google, Inc.
Interesting source this time, coming from Roger Fingas, writing for Apple Insider, detailing the current Lame-Duck Administrations' decision to avoid forcing corporate entities to decrypt communications for Law Enforcement Agencies.
Litany of the quiet heroism of William Gordon Welchman at Bletchley Park, his modern day connections (in this case his granddaughter's well-placed esteem). Today's Must Read.
In a well-engineered screed, targeting both laptop and phone encryption modalities, Andrew Cunningham writing at Ars Technica's gadget section provides us with a tell-all discussion of how, in fact, to protect thyself from the evil that lurketh without. Today's Must Read.
Presented for your consideration - a 1997 paper entitled The Use of Encrypted, Coded and Secret Communications is an "Ancient Liberty" Protected by the United States Constitution, published by the University of Virginia Journal of Law and Technology]*.
John Fraser III the author of this superlative screed (now an attorney in Washington, DC) presents his fascinating argument on encryption, and the 'ancient right' to utilize cryptographic artifacts in the course of communications, protected, of course, by our nations' Constitution. Today's Must Read.
*Va. J.L. & Tech. 2 Fall 1997 1522-1687 / © 1997 Virginia Journal of Law and Technology Association
Presentation by Anja Drephal detailing a Сою́з Сове́тских Социалисти́ческих Респу́блик (also known as the CCCP) or the Union of Soviet Socialist Republics (USSR) espionage cell, operating within the national boundaries of Nippon in the 1930s and 1940s along with it's success in crypto. Whilst nearly two years old and delivered to the assembled at the Chaos Communication Congress 2013 (30C3), Drephal's presentation is assuredly worth directing your attention to (the math in the second half of the presentation is chock full of Import & Intrigue); Tuesday's Must View documentary...
A more complete explanation, via Sophos security blog Naked Security author Paul Ducklin, of steganography in-the-round, as it were...
Certainly an eponymous panel of cryptographic scientists, inclusive of Paul Kocher (Moderator) , Adi Shamir, Whitfield Diffie, Ed Giorgio, Ronald Rivest holding forth, as it were...
Good news for TrueCrypt, via the inimitable Dan Goodin, writing at Ars Technica, of the apparent clean bill of cryptographic health, as it were...
"The TL;DR is that based on this audit, TrueCrypt appears to be a relatively well-designed piece of crypto software," Matt Green, a Johns Hopkins University professor specializing in cryptography and an audit organizer, wrote in a blog post accompanying Thursday's report. "The NCC audit found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances." via Dan Goodin at Ars Technica