Encoded Message in the Perseverance Mars Lander’s Parachute
news.movim.eu / Schneier · Friday, 26 February - 19:35
Year of the OX: OpenPGP for XMPP
debacle · pubsub.movim.eu / berlin-xmpp-meetup · Monday, 1 February - 02:02 edit
In February 2021, this month, starts the year of the ox. At Berlin XMPP meetup, we will celebrate the new year with an introductionary talk about "XEP-0373: OpenPGP for XMPP" and "XEP-0374: OpenPGP for XMPP Instant Messaging" and the panel of experts:
- DebXWoody (implementor of OX in Profanity)
- defanor (implementor of OX in rexmpp)
- Florian (co-author of the OX standards)
- lovetox (implementor of OX for Gajim)
- Paul (implementor of OX in Smack)
When? Wednesday, 2021-02-10 18:00 CET (always 2ⁿᵈ Wednesday of every month)
Where? Online, via our MUC (xmpp:email@example.com?join). A Jitsi video conference will be announced there.
See you then!
How law enforcement gets around your smartphone’s encryption: Openings provided by iOS and Android security are there for those with the right tools
Danie van der Merwe · news.movim.eu / gadgeteerza-tech-blog · Saturday, 16 January - 13:04
It's ironic that it's still unpatched vulnerabilities that catch users and corporations out. And we've seen these on an ongoing basis even with the likes of Cisco, Microsoft, and all the big names. These known exploits lie unpatched often for very long periods as end users and admins don't run patch updates.
Mobile phones are probably worse as they stop receiving updates after relatively short periods of 2 years or more. So even shutting down your phone after each time you use it, the chances are you are not getting all the security patches and updates you should be receiving. Average users just have to go with what they've got, and it all depends on the state of your data at rest on the phone after it is unlocked and in use. Most users want speed and convenience and those are at odds with greater security.
How law enforcement gets around your smartphone’s encryption
news.movim.eu / ArsTechnica · Friday, 15 January - 17:54 · 1 minute
Lawmakers and law enforcement agencies around the world, including in the United States , have increasingly called for backdoors in the encryption schemes that protect your data , arguing that national security is at stake . But new research indicates governments already have methods and tools that, for better or worse, let them access locked smartphones thanks to weaknesses in the security schemes of Android and iOS.
Cryptographers at Johns Hopkins University used publicly available documentation from Apple and Google as well as their own analysis to assess the robustness of Android and iOS encryption. They also studied more than a decade's worth of reports about which of these mobile security features law enforcement and criminals have previously bypassed, or can currently, using special hacking tools. The researchers have dug into the current mobile privacy state of affairs and provided technical recommendations for how the two major mobile operating systems can continue to improve their protections.
“It just really shocked me, because I came into this project thinking that these phones are really protecting user data well,” says Johns Hopkins cryptographer Matthew Green, who oversaw the research. “Now I’ve come out of the project thinking almost nothing is protected as much as it could be. So why do we need a backdoor for law enforcement when the protections that these phones actually offer are so bad?”
WhatsApp users must share their data with Facebook or stop using the app
news.movim.eu / ArsTechnica · Wednesday, 6 January - 20:29
WhatsApp, the Facebook-owned messenger that claims to have privacy coded into its DNA, is giving its 2 billion plus users an ultimatum: agree to share their personal data with the social network or delete their accounts.
Share and share alike
Shortly after Facebook acquired WhatsApp for $19 billion in 2014, its developers built state-of-the-art end-to-end encryption into the messaging app. The move was seen as a victory for privacy advocates because it used the Signal Protocol, an open source encryption scheme whose source code has been reviewed and audited by scores of independent security experts.
Moxie Marlinspike clarifies: No, Cellebrite cannot 'break Signal encryption' and that was not what was being claimed
Danie van der Merwe · news.movim.eu / gadgeteerza-tech-blog · Thursday, 24 December - 14:11
It seems now that the original claim was rather one-sided without Signal's response included. It also appears the claim has to do with an unlocked phone which would simply allow the app to be opened and read.
The moral of the story too is to lock your messaging apps so that they only open when your fingerprint is read (this is the easiest and quickest way vs PIN or password). I know that Whatsapp, Telegram, Signal, Wire, Wickr me, Element, Threema, ProtonMail, Bitwarden, LastPass, etc all have fingerprint biometric login protection as mine already prompt for a fingerprint. Also enable 2-factor authentication to protect from anyone who gains your password and tries to activate the app on a new device. A few basic measures go a long way.
Kazakhstan spies on citizens’ HTTPS traffic; browser-makers fight back
news.movim.eu / ArsTechnica · Saturday, 19 December - 15:45
Google, Mozilla, Apple, and Microsoft said they’re joining forces to stop Kazakhstan’s government from decrypting and reading HTTPS-encrypted traffic sent between its citizens and overseas social media sites.
All four of the companies’ browsers recently received updates that block a root certificate the government has been requiring some citizens to install. The self-signed certificate caused traffic sent to and from select websites to be encrypted with a key controlled by the government. Under industry standards, HTTPS keys are supposed to be private and under the control only of the site operator.
A thread on Mozilla’s bug-reporting site first reported the certificate in use on December 6. The Censored Planet website later reported that the certificate worked against dozens of Web services that mostly belonged to Google, Facebook, and Twitter. Censored Planet identified the sites affected as:
Enigma cipher machine used by the Nazis in WWII found in the Baltic Sea
news.movim.eu / ArsTechnica · Friday, 4 December - 20:37
Divers scouring the Baltic Sea for discarded fishing nets have stumbled on the rarest of finds: an Enigma encryption machine used by the Nazis to encode secret messages during World War II.
The electromechanical device was used extensively by the Nazi military to encrypt communications, which typically were transmitted by radio in Morse Code. Three or more rotors on the device used a stream cipher to convert each letter of the alphabet to a different letter.
The Enigma had the appearance of a typewriter. An operator would use the keys to type plaintext, and the converted ciphertext would be reflected in 26 lights above the keys—one light for each converted letter. The converted letters would then be transcribed to derive the ciphertext.