Encrypted calls for Android
RedPhone provides end-to-end encryption for your calls, securing your conversations so that nobody can listen in.
Tag Archives: encryption
Think your Skype messages get end-to-end encryption? Think again
With the help of independent privacy and security researcher Ashkan Soltani, Ars used Skype to send four Web links that were created solely for purposes of this article. Two of them were never clicked on, but the other two—one beginning in HTTP link and the other HTTPS—were accessed by a machine at 65.52.100.214, an IP address belonging to Microsoft.
via Think your Skype messages get end-to-end encryption? Think again | Ars Technica.
First Bitcoin Hedge Fund Launches From Malta
The private key itself is AES-256 encrypted. After exporting Bitcoin private keys from wallet.dat file, data is stored in a TrueCrypt container on three separate flash drives. Using Shamir’s Secret Sharing algorithm, the container password is then split into three parts utilizing a 2-of-3 secret sharing model. Incorporating physical security with electronic security, each flash drive from various manufacturers is duplicated several times and, together with a CD-ROM, those items are vaulted in a bank safety deposit box in three different legal jurisdictions. To leverage geographic distribution as well, each bank stores only part of a key, so if a single deposit box is compromised, no funds are lost.
Hands On With Kim Dotcom’s New Mega
So what’s to stop Mega from going down just the way Megaupload did? Mega’s privacy, which is a no-foolin’ stroke of genius. See, all of your files are encrypted locally before they’re uploaded, so Mega has no idea what anything is. It could be family photos or work documents, or an entire discography of your favorite band. Poof: online and easy to share. And importantly, Mega doesn’t have the decryption key necessary to get in. See? It’s a masterstroke of copyright subversion.
via Hands On With Kim Dotcom’s New Mega: This Service Could Dismantle Copyright Forever.
Technically you should be able to do this with any cloud storage service. The key here is that the encryption is done locally. There are many ways to encrypt your stuff locally so why would it matter which cloud storage provider you use? Maybe I’m missing something but this doesn’t seem all that novel of an idea other than perhaps the new Mega provides the software and user interface to make the entire process easier. Mega is supposed to launch tomorrow so more information will surface.
Has World War II carrier pigeon message been cracked?
“You will see the World War I artillery acronyms are shorter, but, that is because, you have to remember, that, the primitive radio-transmitters that sent the Morse code were run by batteries, and, those didn’t last much more than a half-hour tops, probably less.
“Thus all World War I codes had to be S-n-S, Short-n-Sweet.
via BBC News – Has World War II carrier pigeon message been cracked?.
“Anonymous” File-Sharing Darknet Ruled Illegal by German Court
A court in Hamburg, Germany, has granted an injunction against a user of the anonymous and encrypted file-sharing network RetroShare . RetroShare users exchange data through encrypted transfers and the network setup ensures that the true sender of the file is always obfuscated. The court, however, has now ruled that RetroShare users who act as an exit node are liable for the encrypted traffic that’s sent by others.
via “Anonymous” File-Sharing Darknet Ruled Illegal by German Court | TorrentFreak.
Quantum cryptography conquers noise problem
Physicists have attempted to solve the problem by sending photons through a shared fibre along a ‘quantum channel’ at one characteristic wavelength. The trouble is that the fibre scatters light from the normal data traffic into that wavelength, polluting the quantum channel with stray photons. Andrew Shields, a physicist at the Toshiba Cambridge Research Laboratory, UK, and his colleagues have now developed a detector that picks out photons from this channel only if they strike it at a precise instant, calculated on the basis of when the encoded photons were sent. The team publishes its results in Physics Review X.
via Quantum cryptography conquers noise problem : Nature News & Comment.
Still, 90 kilometres is a “world record that is a big step forward in demonstrating the applicability of quantum cryptography in real-world telecommunications infrastructures”, says Vicente Martín, a physicist at the Technical University of Madrid.
Lies We Tell Our CEOs About Database Security
What makes that so dangerous, of course, is that distorted views of security often lead to bad risk decisions. Because when senior executives of any public or private organizations don’t understand industry best practices or what really constitutes a sophisticated attack, they’ll probably fail to properly fund protection measures against securing sensitive databases.
via Lies We Tell Our CEOs About Database Security – Dark Reading.
“I think she’s right, an attack is inevitable; losing 3.8 million social security numbers is not,” Murray says. “That someone bad is going to keep trying to do something bad to you, yes, that’s absolutely inevitable. That they’re going to be very, very successful like they were here, not so much.”
PlayStation 3: The Final Hack?
The release of the new custom firmware – and the LV0 decryption keys in particular – poses serious issues. While Sony will almost certainly change the PSN passphrase once again in the upcoming 4.30 update, the reveal of the LV0 key basically means that any system update released by Sony going forward can be decrypted with little or no effort whatsoever. Options Sony has in battling this leak are limited – every PS3 out there needs to be able to decrypt any firmware download package in order for the console to be updated (a 2006 launch PS3 can still update directly to the latest software). The release of the LV0 key allows for that to be achieved on PC, with the CoreOS and XMB files then re-encrypted using the existing 3.55 keys in order to be run on hacked consoles.
Crack in Internet’s foundation of trust allows HTTPS session hijacking
The technique exploits web sessions protected by the Secure Sockets Layer and Transport Layer Security protocols when they use one of two data-compression schemes designed to reduce network congestion or the time it takes for webpages to load. Short for Compression Ratio Info-leak Made Easy, CRIME works only when both the browser and server support TLS compression or SPDY, an open networking protocol used by both Google and Twitter. Microsoft’s Internet Explorer, Google’s Chrome and Mozilla’s Firefox browsers are all believed to be immune to the attack, but at time of writing smartphone browsers and a myriad of other applications that rely on TLS are believed to remain vulnerable.
via Crack in Internet’s foundation of trust allows HTTPS session hijacking | Ars Technica.
A side effect of compression, security experts have long known, is that it leaks clues about the encrypted contents. That means it provides a “side channel” to adversaries who have the ability to monitor the data. A research paper published in 2002 by John Kelsey looks eerily similar to CRIME, but only in retrospect.