The Privacy BlogPrivacy, Security, Cryptography, and Anonymity

CAT | Internet

As a result of the “Great Firewall of Britain” the Chaos Computer Club discovered it is being blocked by Verifone. It turns out that ThePrivacyBlog is too!

· · · · ·

Engineers at Golden Frog recently discovered that Cricket wireless was automatically disabling their email encryption. It is not at all clear why they were doing this, but we do know how. When an email client attempts to make a secure connection to a server, it sends a STARTTLS command. If the server never sees the […]

· · · · · ·

A new APT called DarkHotel conducts very targeted attacks against executives in Asian hotels. There are several things you can do to protect yourself.

· · · · ·

On September 24, the Russian Duma passed a bill moving the date on which all Internet services must host local data locally from Sept 1, 2016 to Jan 1, 2015. That is an effectively impossible timeline for international Internet companies, which is probably the whole point. While the bill has not been finally passed, the […]

· ·

Attacks On Anonymity Conflate Anonymous Speech With Trollish Behavior | Techdirt It turns out that people say nasty things under their real names, and people also say valuable things anonymously. Shocking! It is amazing how often I see respected academics and other thinkers get incredibly sloppy in their reasoning when it comes to anonymity. They […]

·

Your Anonymous Posts to Secret Aren’t Anonymous After All | Threat Level | WIRED This article describes a clever attack against Secret, the “anonymous” secret sharing app. Their technique allows the attacker to isolate just a single target, so any posts seen are known to be from them. The company is working on detecting and […]

· · · · ·

A New York district judge has ruled that Microsoft must comply with US search warrants for emails stored in European data centers. The argument is that as a US company, Microsoft is subject to the order, and because it has control of its European subsidiary which in turn has control of the data center in […]

· ·

Fake Google Digital Certificates Found & Confiscated On July 2, Google engineers discovered unauthorized certificates for Google domains in circulation. They had been issued by the National Informatics Center in India. They are a trusted sub-authority under the Indian Controller of Certifying Authorities (CCA). They in turn are part of the Microsoft Root Store of […]

· · · · ·

Continuing the pattern of Internet restrictions I talked about before, Russia has passed a new law requiring Internet companies to keep the personal data of Russians in data centers within the country. The ostensible reason for this is to protect Russians against US Government snooping (in the wake of the Snowden leaks), and against other […]

·

Attorney General’s new war on encrypted web services – Security – Technology – News – iTnews.com.au Australia’s Attorney-General’s department is proposing that all providers of Internet services ensure that they can decrypt user communications when so ordered. Any services where the provider has the keys will obviously be able to do this. Australians may want […]

· ·

Older posts >>