Entries Tagged "encryption"

Page 44 of 56

NSA Wants Help Eavesdropping on Skype

At least, according to an anonymous “industry source”:

The spybiz exec, who preferred to remain anonymous, confirmed that Skype continues to be a major problem for government listening agencies, spooks and police. This was already thought to be the case, following requests from German authorities for special intercept/bugging powers to help them deal with Skype-loving malefactors. Britain’s GCHQ has also stated that it has severe problems intercepting VoIP and internet communication in general.

Skype in particular is a serious problem for spooks and cops. Being P2P, the network can’t be accessed by the company providing it and the authorities can’t gain access by that route. The company won’t disclose details of its encryption, either, and isn’t required to as it is Europe based. This lack of openness prompts many security pros to rubbish Skype on “security through obscurity” grounds: but nonetheless it remains a popular choice with those who think they might find themselves under surveillance. Rumour suggests that America’s NSA may be able to break Skype encryption—assuming they have access to a given call or message—but nobody else.

The NSA may be able to do that: but it seems that if so, this uses up too much of the agency’s resources at present.

I’m sure this is a real problem. Here’s an article claiming that Italian criminals are using Skype more than the telephone because of eavesdropping concerns.

Posted on February 23, 2009 at 6:51 AMView Comments

Hard Drive Encryption Specification

There’s a new hard drive encryption standard, which will make it easier for manufacturers to build encryption into drives.

Honestly, I don’t think this is really needed. I use PGP Disk, and I haven’t noticed any slowdown due to having encryption done in software. And I worry about yet another standard with its inevitable flaws and security vulnerabilities.

EDITED TO ADD (2/13): Perceptive comment about how the real benefit is regulatory compliance.

Posted on February 5, 2009 at 7:13 AMView Comments

Remote-Controlled Thermostats

People just don’t understand security:

Mr. Somsel, in an interview Thursday, said he had done further research and was concerned that the radio signal—or the Internet instructions that would be sent, in an emergency, from utilities’ central control stations to the broadcasters sending the FM signal—could be hacked into.

That is not possible, said Nicole Tam, a spokeswoman for P.G.& E. who works with the pilot program in Stockton. Radio pages “are encrypted and encoded,” Ms. Tam said.

I wonder what she’ll think when someone hacks the system?

Posted on December 11, 2008 at 6:55 AMView Comments

Rubber-Hose Cryptanalysis

Cryptographers have long joked about rubber-hose cryptanalysis: basically, beating the keys out of someone. Seems that this might have actually happened in Turkey:

According to comments allegedly made by Howard Cox, a US Department of Justice official in a closed-door meeting last week, after being frustrated with the disk encryption employed by Yastremskiy, Turkish law enforcement may have resorted to physical violence to force the password out of the Ukrainian suspect.

Mr Cox’s revelation came in the context of a joke made during his speech. While the exact words were not recorded, multiple sources have verified that Cox quipped about leaving a stubborn suspect alone with Turkish police for a week as a way to get them to voluntarily reveal their password. The specifics of the interrogation techniques were not revealed, but all four people I spoke to stated that it was clear that physical coercion was the implied method.

Posted on October 27, 2008 at 12:45 PMView Comments

"New Attack" Against Encrypted Images

In a blatant attempt to get some PR:

In a new paper, Bernd Roellgen of Munich-based encryption outfit PMC Ciphers, explains how it is possible to compare an encrypted backup image file made with almost any commercial encryption program or algorithm to an original that has subsequently changed so that small but telling quantities of data ‘leaks’.

Here’s the paper. Turns out that if you use a block cipher in Electronic Codebook Mode, identical plaintexts encrypt to identical ciphertexts.

Yeah, we already knew that.

And -1 point for a security company requiring the use of Javascript, and not failing gracefully for a browser that doesn’t have it enabled.

And—ahem—what is it with that photograph in the paper? Couldn’t the researchers have found something a little less adolescent?

For the record, I doghoused PMC Ciphers back in 2003:

PMC Ciphers. The theory description is so filled with pseudo-cryptography that it’s funny to read. Hypotheses are presented as conclusions. Current research is misstated or ignored. The first link is a technical paper with four references, three of them written before 1975. Who needs thirty years of cryptographic research when you have polymorphic cipher theory?

EDITED TO ADD (10/9): I didn’t realize it, but last year PMC Ciphers responded to my doghousing them. Funny stuff.

EDITED TO ADD (10/10): Three new commenters using dialups at the same German ISP have showed up here to defend the paper. What are the odds?

Posted on October 9, 2008 at 6:44 AMView Comments

1 42 43 44 45 46 56

Sidebar photo of Bruce Schneier by Joe MacInnis.