Heartbleed? What the hell is that?

Heartbleed_svgHeartbleed is a software bug in the open-source cryptography library OpenSSL, which allows an attacker to read the memory of the host computer, allowing them to retrieve potentially privacy-sensitive data.  Based on examinations of audit logs by researchers, it has been reported that some attackers may have exploited the flaw for at least five months before discovery and announcement.  It also appears that the NSA knew about this flaw for at least 2 years and did nothing.  Nothing except further infringe on your privacy rights.  The author of the bug, Robin Seggelmann, stated that he “missed validating a variable containing a length” and denied any intention to submit a flawed implementation.  Friends, maybe this guy is an NSA contractor…  Check this out:

Interesting alternative to passwords…

Friends, how many passwords do you have?  If you’re like me, you have a $hitload.  I currently use KeePass to maintain all my account information & passwords but what if your password changes every minute and you never have to remember it?  Watch:

Tor is building an anonymous instant messenger…

tor_nsaTor, the team behind the world’s leading online anonymity service, is developing a new anonymous instant messenger client, according to documents produced at the Tor 2014 Winter Developers Meeting in Reykjavík, Iceland.  The Tor Instant Messaging Bundle (TIMB) is set to work with the open-source InstantBird messenger client in experimental builds released to the public by March 31, 2014. The developers aim to build in encrypted off-the-record chatting and then bundle the client with the general Tor Launcher in the following months.

Pidgin, an older and more popular open-source chat client, was originally considered to be the foundation of the TIMB but was thrown out in favor of InstantBird. However, Tor still plans to hire independent security contractors to audit the new software and test its mettle so that “people in countries where communication for the purpose of activism is met with intimidation, violence, and prosecution will be able to avoid the scrutiny of criminal cartels, corrupt officials, and authoritarian governments.”

Over the long term, TIMB will likely become the messenger of choice for Tor users. Software such as TorChat and BitMessage already have significant userbases and smart advocates, but with the full weight of the Tor Launcher and team behind it, there’s little reason to imagine TIMB won’t succeed.  The creation of the TIMB is yet another step in what has been a years-long improvement in Tor software. A decade ago, the anonymity program was available only to tech-savvy users who knew enough to dive into their operating system’s command line.  Now, the Tor user interface has progressed to the point that almost anyone can anonymously surf the Web with just a few clicks. If TIMB follows in those footsteps, it will be another powerful anonymity tool at the fingertips of of both the tech literate and humanity at large.

The Tor Project, a $2 million per year nonprofit consisting of 30 developers spread out over 12 countries, is pushing forward on TIMB as part of an overall initiative to make Tor even easier to use for the average person. Also in the pipeline are more localized support staff as well as “point-click-publish Hidden Services,” to make it extremely easy for anyone to create a Deep Web site.  When it comes to the sort of security that Tor provides, ease of use is of paramount importance. Many users can’t or won’t take the time to learn about encryption programs like Pretty Good Privacy (PGP), leaving themselves open to surveillance.

SOURCE – The Daily Dot

Squeaky Dolphin?

squeakydolphin-640x456Documents obtained by former NSA contractor Edward Snowden show that NSA analysts monitored content on The Pirate Bay and used the agency’s surveillance systems to track where it came from. The documents also show that the NSA’s British partners at the GCHQ used XKeyscore data as part of a surveillance program on sites that included WikiLeaks. That was part of a broader psychological profiling and targeting program to collect intelligence, influence individuals online, and disrupt groups like Anonymous that were considered threats.  The new documents show that the GCHQ conducted “broad real-time monitoring of social media activities, processing data on activities like watching YouTube videos and Facebook Likes to profile, categorize, and target individuals for psychological operations.” The NSA documents in the latest disclosure refer to monitoring for content that could be considered “malicious foreign activity.” But it’s clear that the NSA also used its XKeyscore surveillance to dig through traffic to the torrent-sharing site, and it could very well have profiled foreign users of sites like WikiLeaks and monitored their access to that and other websites.

However, the documents—one an internal NSA “frequently asked questions” Wiki page and the other a set of GCHQ slides on psychological operations—do not provide a picture of how much information about people accessing WikiLeaks was shared between the GCHQ and the NSA. And while the documents point to NSA monitoring of Pirate Bay, there’s no suggestion of how the information gathered was used or if it was used at all.  A third, unpublished document shows that the Obama administration apparently encouraged foreign governments in 2010 (including the UK) to pursue charges against WikiLeaks for the publication of diplomatic “wires” provided by Chelsea Manning, formerly known as Bradley Manning.

The GCHQ slide deck, published in 2012, highlights two tools used to conduct social networking, Web monitoring, and profiling. The first, called “Squeaky Dolphin,” pulls online activities within Web traffic caught by the agency’s monitoring systems. The monitoring systems are called “Airwolf” in the slides, which may be a UK codeword for the GCHQ’s equivalent of XKeyscore. That data includes webmail, blogs visited, YouTube views, Facebook “likes” clicked on websites themselves, and other data culled from individual users’ captured activity.

It runs those activities, captured in real-time, through IBM’s InfoSphere Streams processing software to create analytical feeds. Those feeds are then piped into a Splunk database and surfaced through a “dashboard” view that allows analysts to find trends in sentiment. As an example, the slides showed activity related to cricket matches in London and the surge in Facebook likes for Conservative member of Parliament Liam Fox. It can also be used to spot trends in traffic that might indicate upcoming events such as protests or other civil unrest.

While Squeaky Dolphin tends to look at things with a wider view, “AnticrisisGirl” is a bit more targeted. It can be used to passively monitor specific websites—including traffic to WikiLeaks, as the slides demonstrate. The tool can be tuned to a specific set of Internet user signatures or keywords, and it provides analytics of their behavior in real time, capturing search terms or direct Web addresses used to get to the sites in question.

SOURCE – arstechnica.com

From NSA to Gmail: Ex-Spy Launches Free Email Encryption Service

The surveillance bombshells revealed by Edward Snowden have prompted many Americans to reconsider what they say and do online.

Hoping to seize upon amplified privacy concerns, a former National Security Agency architect launched a free service this week that allows users to easily encrypt their Gmail, Yahoo and Outlook emails.

Virtru, which has received $4 million in angel financing and emerged from stealth mode to attracted significant interest from a number of potential corporate customers, including big Wall Street banks.

“There is mass concern about privacy. The issue is people don’t know where to go to take action. We’re trying to meet that need,” said John Ackerly, a former White House official who co-founded Virtru with his brother Will.

While working at the NSA, Will Ackerly helped invent an encryption format that has become the standard for sharing sensitive data between U.S. intelligence agencies. Seeing the great demand to protect personal and commercial documents, the Ackerly brothers are now deploying that platform to a much wider audience.

“Services like Virtru will probably give most commercial users a degree of security that only governments have enjoyed to this point,” said Cedric Leighton, a former NSA official who does not know the Ackerly brothers.

Virtru appears to be launching at a perfect time given the enormous amount of attention on government surveillance, which classified documents leaked by Snowden show is far greater than the American public realized.  According to a poll of 2,000 U.S. adults by Harris Interactive that Virtru commissioned, 73% of Americans online are concerned about the privacy of their email communications. But just 34% of online adults said they had taken steps like using a secure email provider or encrypted technologies.

While the Snowden revelations “caused the country tremendous harm in terms of national security,” John Ackerly said the “issues are real and the balance of power has shifted away from the individual.”

Using the open-source Trusted Data Format that Will Ackerly helped create in 2008, Virtru allows users to encrypt emails from Google’s Gmail, Yahoo, Microsoft’s Outlook and Apple’s Mac Mail. The service is powered by 256-bit AES encryption.

VIDEO – See how Virtru works…

SOURCE – foxbusiness.com

  • Ads