close
  • Be chevron_right

    Year of the OX: OpenPGP for XMPP

    debacle · pubsub.movim.eu / berlin-xmpp-meetup · Monday, 1 February - 02:02 edit

In February 2021, this month, starts the year of the ox. At Berlin XMPP meetup, we will celebrate the new year with an introductionary talk about "XEP-0373: OpenPGP for XMPP" and "XEP-0374: OpenPGP for XMPP Instant Messaging" and the panel of experts:

  • DebXWoody (implementor of OX in Profanity)
  • defanor (implementor of OX in rexmpp)
  • Florian (co-author of the OX standards)
  • lovetox (implementor of OX for Gajim)
  • Paul (implementor of OX in Smack)

When? Wednesday, 2021-02-10 18:00 CET (always 2ⁿᵈ Wednesday of every month)

Where? Online, via our MUC (xmpp:berlin-meetup@conference.conversations.im?join). A Jitsi video conference will be announced there.

See you then!

#yearoftheox #openpgp #xmpp #ox #jabber #encryption #e2ee #privacy #omemo #🐂️ #berlin #meetup #community #profanity #rexmpp #gajim #smack

  • favorite

    3 Like

    DebXWoody , ed00 , Holger Weiß

  • Ga chevron_right

    How law enforcement gets around your smartphone’s encryption: Openings provided by iOS and Android security are there for those with the right tools

    Danie van der Merwe · news.movim.eu / gadgeteerza-tech-blog · Saturday, 16 January - 13:04

It's ironic that it's still unpatched vulnerabilities that catch users and corporations out. And we've seen these on an ongoing basis even with the likes of Cisco, Microsoft, and all the big names. These known exploits lie unpatched often for very long periods as end users and admins don't run patch updates.

Mobile phones are probably worse as they stop receiving updates after relatively short periods of 2 years or more. So even shutting down your phone after each time you use it, the chances are you are not getting all the security patches and updates you should be receiving. Average users just have to go with what they've got, and it all depends on the state of your data at rest on the phone after it is unlocked and in use. Most users want speed and convenience and those are at odds with greater security.

See https://arstechnica.com/information-technology/2021/01/how-law-enforcement-gets-around-your-smartphones-encryption/

#technology #encryption #security #privacy #mobile

  • Ar chevron_right

    How law enforcement gets around your smartphone’s encryption

    news.movim.eu / ArsTechnica · Friday, 15 January - 17:54 · 1 minute

Uberwachung, Symbolbild, Datensicherheit, Datenhoheit

Enlarge / Uberwachung, Symbolbild, Datensicherheit, Datenhoheit (credit: Westend61 | Getty Images)

Lawmakers and law enforcement agencies around the world, including in the United States , have increasingly called for backdoors in the encryption schemes that protect your data , arguing that national security is at stake . But new research indicates governments already have methods and tools that, for better or worse, let them access locked smartphones thanks to weaknesses in the security schemes of Android and iOS.

Cryptographers at Johns Hopkins University used publicly available documentation from Apple and Google as well as their own analysis to assess the robustness of Android and iOS encryption. They also studied more than a decade's worth of reports about which of these mobile security features law enforcement and criminals have previously bypassed, or can currently, using special hacking tools. The researchers have dug into the current mobile privacy state of affairs and provided technical recommendations for how the two major mobile operating systems can continue to improve their protections.

“It just really shocked me, because I came into this project thinking that these phones are really protecting user data well,” says Johns Hopkins cryptographer Matthew Green, who oversaw the research. “Now I’ve come out of the project thinking almost nothing is protected as much as it could be. So why do we need a backdoor for law enforcement when the protections that these phones actually offer are so bad?”

Read 19 remaining paragraphs | Comments

index?i=BL12mfP-nC8:eVi6ShRu6C0:V_sGLiPBpWUindex?i=BL12mfP-nC8:eVi6ShRu6C0:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
  • Ar chevron_right

    WhatsApp users must share their data with Facebook or stop using the app

    news.movim.eu / ArsTechnica · Wednesday, 6 January - 20:29

In this photo illustration a Whatsapp logo seen displayed on

Enlarge (credit: Getty Images )

WhatsApp, the Facebook-owned messenger that claims to have privacy coded into its DNA, is giving its 2 billion plus users an ultimatum: agree to share their personal data with the social network or delete their accounts.

The requirement is being delivered through an in-app alert directing users to agree to sweeping changes in the WhatsApp terms of service. Those who don’t accept the revamped privacy policy by February 8 will no longer be able to use the app.

Image-from-iOS-640x1386.png

Share and share alike

Shortly after Facebook acquired WhatsApp for $19 billion in 2014, its developers built state-of-the-art end-to-end encryption into the messaging app. The move was seen as a victory for privacy advocates because it used the Signal Protocol, an open source encryption scheme whose source code has been reviewed and audited by scores of independent security experts.

Read 8 remaining paragraphs | Comments

index?i=qdQ4vxp-l4Q:_1rRNTcb1ps:V_sGLiPBpWUindex?i=qdQ4vxp-l4Q:_1rRNTcb1ps:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
  • Ga chevron_right

    Moxie Marlinspike clarifies: No, Cellebrite cannot 'break Signal encryption' and that was not what was being claimed

    Danie van der Merwe · news.movim.eu / gadgeteerza-tech-blog · Thursday, 24 December - 14:11

It seems now that the original claim was rather one-sided without Signal's response included. It also appears the claim has to do with an unlocked phone which would simply allow the app to be opened and read.

The moral of the story too is to lock your messaging apps so that they only open when your fingerprint is read (this is the easiest and quickest way vs PIN or password). I know that Whatsapp, Telegram, Signal, Wire, Wickr me, Element, Threema, ProtonMail, Bitwarden, LastPass, etc all have fingerprint biometric login protection as mine already prompt for a fingerprint. Also enable 2-factor authentication to protect from anyone who gains your password and tries to activate the app on a new device. A few basic measures go a long way.

See https://signal.org/blog/cellebrite-and-clickbait/

#technology #signal #encryption #hacking

  • No, Cellebrite cannot 'break Signal encryption.'

    Yesterday, the BBC ran a story with the factually untrue headline, “Cellebrite claimed to have cracked chat app’s encryption.” This is false.Not only can Cellebrite not break Signal encryption, but Cellebrite never even claimed to be able to.Since we weren’t actually given the opportunity to comm...

  • Ar chevron_right

    Kazakhstan spies on citizens’ HTTPS traffic; browser-makers fight back

    news.movim.eu / ArsTechnica · Saturday, 19 December - 15:45

Surveillance camera peering into laptop computer

Enlarge (credit: Thomas Jackson | Stone | Getty Images )

Google, Mozilla, Apple, and Microsoft said they’re joining forces to stop Kazakhstan’s government from decrypting and reading HTTPS-encrypted traffic sent between its citizens and overseas social media sites.

All four of the companies’ browsers recently received updates that block a root certificate the government has been requiring some citizens to install. The self-signed certificate caused traffic sent to and from select websites to be encrypted with a key controlled by the government. Under industry standards, HTTPS keys are supposed to be private and under the control only of the site operator.

A thread on Mozilla’s bug-reporting site first reported the certificate in use on December 6. The Censored Planet website later reported that the certificate worked against dozens of Web services that mostly belonged to Google, Facebook, and Twitter. Censored Planet identified the sites affected as:

Read 3 remaining paragraphs | Comments

index?i=AHn7ZgcQCpU:qC6LRUctJCA:V_sGLiPBpWUindex?i=AHn7ZgcQCpU:qC6LRUctJCA:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
  • Ar chevron_right

    Enigma cipher machine used by the Nazis in WWII found in the Baltic Sea

    news.movim.eu / ArsTechnica · Friday, 4 December - 20:37

The Enigma cipher machine found in the Baltic Sea is lying on a table in front of the archaeological office of Schleswig-Holstein. After its discovery, the machine was handed over to the office by research diver Huber. Photo: Axel Heimken/dpa (Photo by Axel Heimken/picture alliance via Getty Images)

Enlarge / The Enigma cipher machine found in the Baltic Sea is lying on a table in front of the archaeological office of Schleswig-Holstein. After its discovery, the machine was handed over to the office by research diver Huber. Photo: Axel Heimken/dpa (Photo by Axel Heimken/picture alliance via Getty Images) (credit: Getty Images)

Divers scouring the Baltic Sea for discarded fishing nets have stumbled on the rarest of finds: an Enigma encryption machine used by the Nazis to encode secret messages during World War II.

The electromechanical device was used extensively by the Nazi military to encrypt communications, which typically were transmitted by radio in Morse Code. Three or more rotors on the device used a stream cipher to convert each letter of the alphabet to a different letter.

The Enigma had the appearance of a typewriter. An operator would use the keys to type plaintext, and the converted ciphertext would be reflected in 26 lights above the keys—one light for each converted letter. The converted letters would then be transcribed to derive the ciphertext.

Read 7 remaining paragraphs | Comments

index?i=FPIN7bdLH20:DfWRujccHaU:V_sGLiPBpWUindex?i=FPIN7bdLH20:DfWRujccHaU:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA