Archive for the ‘Privacy and Security’ Category

Bruce Schneier says: “The Internet of Things Will Turn Large-Scale Hacks into Real World Disasters“.

Security engineers are working on technologies that can mitigate much of this risk, but many solutions won’t be deployed without government involvement. This is not something that the market can solve. Like data privacy, the risks and solutions are too technical for most people and organizations to understand; companies are motivated to hide the insecurity of their own systems from their customers, their users, and the public; the interconnections can make it impossible to connect data breaches with resultant harms; and the interests of the companies often don’t match the interests of the people.

Read Full Post »

I have been a user of TextSecure (now Signal) on Android for many years. Not that I have much to hide, nor do I have many family members or friends that use the same application to profit from the message encryption – no, just as a matter of principle. But it was only recently that I could peer into the mind of the man who created the tool: Moxie Marlinspike (this pseudonym would not look out of place in a cyberpunk novel). So thanks, Wired, for this opportunity to “Meet Moxie Marlinspike, the Anarchist Bringing Encryption to All of Us“.

Just as knives can be used to stage a terrorist attack, so can any tool be used for good as well as for bad. Does that mean we have to cripple the tool, which is what some people are asking when talking about encryption? From the Wired article:

Marlinspike follows this remark with a statement that practically no one else in the privacy community is willing to make in public: that yes, people will use encryption to do illegal things. And that may just be the whole point. “I actually think that law enforcement should be difficult,” Marlinspike says, looking calmly out at the crowd. “And I think it should actually be possible to break the law.”

Up to a degree, I concur with that statement. Of course, it does not mean that any law is there to be broken all day long, every time it is possible. But how can you make better laws, if the existing ones cannot be broken? Laws are just one of the tools humans use to organise their lives. When society evolves, e.g. because of fundamental changes in technology, laws have to change as well… Let’s just make sure we pick the right law to break.

(View his talk on Vimeo by clicking on the image)

(View his talk on Vimeo by clicking on the image)

PS. Marlinspike is not a prolific blogger, but the writing on his blog is nevertheless a good way to get an idea of how he thinks. Recommended reading – not just about encryption.

Read Full Post »

I like the NYMAG.COM article titled “I, Snowbot”. In it, the author describes the current life of Edward Snowden. The (long) text manages to include themes like telepresence, encryption and ethics, and is very much worth reading – even if you do not agree with Snowden and everything he did.

I agree with this quote, by the way:

Surveillance is ultimately not about safety. Surveillance is about power. Surveillance is about control.
Edward Snowden

Is the Snowbot part of the team, or isn't he?

Is the Snowbot part of the team, or isn’t he?

His telepresence in the USA, where he is a wanted criminal, is special, of course: as a ‘robot’, he can go where he wants… Strange for a man who never leaves Moskow, and strange too, I guess, for US law enforcement. But hey, that’s the force of the Internet – digital disruption, anyone?

Read Full Post »

I have been writing about KeePass since 2009, since I have been using this tool (in one of its many guises) since then. Last year, around June, I tried to upgrade to the then latest version 2.29 of the official release. On my Mac, all in all, things did not work out that well. To install the (.NET version of the) program, you have to:

  • Install Mono
  • Install XQuartz
  • Download keepassXXX.zip (where XXX is the chosen version number)
  • Start a terminal session, go to the unzipped folder and start the app using this command:

    mono keepass.exe

    (which looks silly on a Mac, and there are ways around it, but nevertheless…)

  • Choose the correct XML type if your data are coming from a KeePassX 1.x “export to XML”.

Using it isn’t intuitive – remember: KeePass is not a Mac app, and that means Command-S will NOT save your file; you have to use Ctrl-S. If you resize a window, or change the width of a column, strange things will happen on the screen. Don’t try drag-and-drop operations: they will crash the app with error messages saying: “System.NotSupportedException: Implement me” or worse.

After a few edits (an import of the old database in XML format + choosing a new icon for a group), trying to edit a second group entry crashed the app. In the console I saw this error message:

<Error>: CGContextDrawImage: invalid context 0x0. This is a serious error. This application, or a library it uses, is using an invalid context and is thereby contributing to an overall degradation of system stability and reliability. This notice is a courtesy: please fix this problem. It will become a fatal error in an upcoming update.

Well, I did not find a good explanation for this problem, and ended up deleting everything so that I could continue to use the older KeePassX version I have since long.


But a few weeks ago, I did find a relatively simple way to replace that old version: Keeweb. It’s a multiplatform application, built on the same principles as the Atom editor: both are based on the ‘electron’ framework. So basically you’re running a local application built with web technologies. And yes, it does work in the same manner on my Macs, on Linux machines and even on Windows. I like it, because it is devoid of complicated installation procedures, and that simplifies things when you only need it occasionally on your desktop. To top it off, there is also an offline web version of the same application. What more can you want? Check it out, you may like it too.

Read Full Post »

Impressive language:

But wherever information gathers and flows, two predators follow closely behind it: censorship and surveillance. The case of digital money is no exception. Where money becomes a series of signals, it can be censored; where money becomes information, it will inform on you.

See also: project "Liberty in the Information Age"

See also: project “Liberty in the Information Age”

Source: “How a Cashless Society Could Embolden Big Brother” on “The Atlantic” website. That’s a must-read article!

Read Full Post »

xkcd: Public Key (Click to go to the orginal)

xkcd: Public Key (Click to go to the orginal)

If you want to brush up your understanding of cryptography (which may be required to understand the ‘xkcd’ joke), try this short video as an introduction:

Read Full Post »

There is a serious problem in Android-land, reports Dan Goodin: “950 million Android phones can be hijacked by malicious text messages“. In short: almost all but the oldest Android devices are vulnerable to attacks. The errors exist in a system library called Stagefright, developed by Google, that handles media processing.There is no fast patch available, since the update has to come from the company that built or supplied your device.

(see http://arstechnica.com/security/2015/07/950-million-android-phones-can-be-hijacked-by-malicious-text-messages/ )

(Photo from BGR Media LLC)

The vulnerability is in fact a series of several bugs. For 100% protection from attacks you will have to install all relevant firmware updates for your device, as soon as they become available. Samsung, Huawei, LG, HTC, etc. will have to prepare those updates… or so we can hope.

You can limit your exposure a bit, says Ars Technica:

For now, there’s not much end users can do to protect themselves other than to install a patch as soon as one becomes available for their specific Android device. People can also prevent MMS messages from automatically loading in Google Hangouts or other text apps.

To stop those MMS’es from loading automatically in Hangouts, check out this Google forum post: “Change Hangouts text message settings on Android“.

As for me, I hope that Samsung rapidly does what it is supposed to do: patch my phone! Or will that brand-new OnePlus phone be patched sooner ;-?

Read Full Post »

Older Posts »