The documents provided by Edward J. Snowden seem to be never-ending: today’s drop is a set of secrets surrounding the NDA’s full code-breaking abilities on the internet: essentially speaking on how much they’re actually able to see of any and all web-based data. This information was reportedly restricted to those cleared for a highly classified […]
As reporters at the New York Times, the Guardian and ProPublica dig deeper into the documents leaked by Edward Snowden, new and disturbing revelations continue to be made. Two programs, dubbed Bullrun (NSA) and Edgehill (GCHQ), have just come to light, that focus on circumventing or breaking the security and encryption tools used across the internet. The effort dwarfs the $20 million Prism program that simply gobbled up data. Under the auspices of “Sigint (signals intelligence) enabling” in a recent budget request, the NSA was allocated roughly $255 million dollars this year alone to fund its anti-encryption program.
The agencies’ efforts are multi-tiered, and start with a strong cracking tool. Not much detail about the methods or software are known, but a leaked memo indicates that the NSA successfully unlocked “vast amounts” of data in 2010. By then it was already collecting massive quantities of data from taps on internet pipelines, but much of it was safely protected by industry standard encryption protocols. Once that wall fell, what was once simply a torrent of scrambled ones and zeros, became a font of “exploitable” information. HTTPS, VoIP and SSL are all confirmed to have been compromised through Bullrun, though, it appears that some solutions to the NSA’s “problem” are less elegant than others. In some cases a super computer and simple brute force are necessary to peel back the layers of encryption.
Filed under: Internet
Source: New York TImes, Guardian, ProPublica
Bad news, America. All that effort you and your favorite companies have put into encrypting data was for nothing. After spending billions on research and supercomputers, the NSA can now get around almost any type of encryption according to documents leaked by Edward Snowden. Nothing is safe.
     |
It’s no secret that our phones are often vulnerable to the occasional malicious hack, no matter how much we believe our passwords to be secure. But what if the encryption methods we used were based on the laws of physics instead of just mathematical formulas? The answer might just lie in quantum cryptology or quantum key distribution, which uses photon modification to encode and transmit data. However, the technology has typically required gear only found in top laboratories. Both sender and recipient need to have a source of those photons, the equipment has to be perfectly aligned and the encryption tends to be highly susceptible to noise.
Yet, Jeremy O’Brien and his physicist cohorts from the University of Bristol might have come upon a mobile-friendly solution. Their proposed method only requires the transmitting party to have the appropriate photon-sending equipment while the recipient needs just a simple device — say, a phone — to change them and send the information back. Called “reference frame independent quantum key distribution” or rfiQKD, the technique is robust enough to not rely on proper alignment and is apparently able to withstand a high level of noise as well. In a recent paper submitted to arXiv.org, O’Brien and his co-authors state that “the results significantly broaden the operating potential for QKD outside the laboratory and pave the way for quantum enhanced security for the general public with handheld mobile devices.” While we’re not sure if the method will solve all our security woes, it’s certainly a start. If you feel you’re able to grok the science, head on over to the source for more details on the team’s findings.
Source: arXiv
As the world of cybersecurity becomes increasingly volatile, more advanced solutions to problems like encryption couldn’t come soon enough. This is why everybody’s excited about a team of British physicists’ testing a method that would put quantum cryptology in everybody’s pocket.
| |
Wikileaks has stirred up its share of trouble in its day, but it might be up to something more. The site’s been posting links to a trio of encrypted files pretty insistently on Facebook, and one of them is a whopping 349GB. What’s in there?
| |
There’s little doubt Google knows a thing or two when it comes to encrypting its own data, and now the company’s kindly sharing some of that cryptographical love. Starting now, data uploaded to the Cloud Storage platform will be encrypted on the server side of things before being uploaded. The company’s promised that the added safety won’t impact performance, and no additional setup will be needed on your end. Also, once you, the authorized reader, are ready, that data will be auto-transferred and decrypted. The company’s also going to start encrypting older data, but that migration is likely to take a few months.
Filed under: Google
Source: Google Cloud Platform Blog
Google’s coasting on the wave of cyber anxiety following the NSA leaks with some new encryption features. From now on everything you put on Cloud Storage will be automatically encrypted on Google servers. Which raises the question: Why isn’t everything encrypted on Google servers?
| |
Between constant password breaches
| |
Two encrypted emails services – Silent Circle and Lavabit – shut down last week, the latter for reasons said to be refusal to conspire against the American people, with Silent Circle pulling the plug on its own service as a preemptive strike against the same reality. Mega’s CEO Vikram Kumar calls this “privacy seppuku,” and […]
This is site is run by Sascha Endlicher, M.A., during ungodly late night hours. Wanna know more about him? Connect via Social Media by jumping to about.me/sascha.endlicher.
