Google Chrome Will Start Shaming Unencrypted Websites in January | Motherboard

Starting in January of 2017, Google’s Chrome browser will start flagging some websites that don’t use web encryption as “Not Secure”—the first step in Google’s eventual plan to shame all sites that don’t use encryption.

Fuente: Google Chrome Will Start Shaming Unencrypted Websites in January | Motherboard


El pionero satélite cuántico chino que puede revolucionar las comunicaciones del mundo – El Mostrador

Se trata de un millonario y ambicioso proyecto apodado QUESS, que pone al gigante asiático a la cabeza de una revolución tecnológica: crear nuevas redes de comunicación globales a prueba de hackeos.

Fuente: El pionero satélite cuántico chino que puede revolucionar las comunicaciones del mundo – El Mostrador


Qué es y cómo usar PGP en tu vida diaria – FayerWayer

Qué es y cómo usar PGP en tu vida diaria – FayerWayer.

El sistema de cifrado PGP cifra tus correos y comunicaciones de forma segura, de persona a persona.

Cuando Edward Snowden y Laura Poitras lograron ponerse en contacto y burlar a las agencia de seguridad estadounidenses y sus aliados gracias a que una de sus primeras comunicaciones fue encriptada. En ese correo electrónico Snowden le pedía a Poitras que aumentara el nivel de seguridad de su correo con una nueva llave más segura ya que la NSA es capaz de generar un trillón de contraseñas por segundo.

 

Snowden, Poitras y millones de personas ahora usan cada día cifrado para proteger sus comunicaciones. No se trata de hacer más difícil a la NSA saber qué dices, se trata de proteger cualquier tipo de información persona de cualquier otra persona, organización o sistema exterior que intenta espiarte.

 

PGP es uno de los sistemas de cifrado más comunes y usados del mundo, también uno de los más seguros. El acrónimo de Pretty Good Privacy es un desarrollo original de Phil Zimmermann, que hoy en día tiene sus esfuerzos puestos en Silent Cirle, una empresa que quiere crear sistemas seguros para comunicaciones globales cuyo primer producto físico fue BlackPhone, que recientemente se actualizó en su segunda edición Blackphone 2.

 

PGP es un criptosistema que cifra el contenido de un texto comprimiéndolo buscando patrones repetitivos en el texto, de la misma forma que por ejemplo la compresión de un archivo JPEG busca patrones repetitivos en la imagen para hacer más ligero el archivo.

 

¿Por qué cifrar tus comunicaciones?

 

No se trata de que tengas algo que esconder, si no de que tienes comunicaciones que no tienen porque ser escuchadas o leídas por otras personas.

El cifrado de mensajes es algo que hoy por hoy es tedioso y que requiere que un mínimo de dos personas tengan llaves públicas para poder enviarse un correo cifrado y no fallar en el intento. Pero como muchas de las tecnologías que se veían complicadas, poco a poco hay más aplicaciones y servicios que ponen la seguridad por delante, ya sea haciendo extremadamente fácil el cifrar un email como lo hace Yahoo, o integrando en una aplicación cifrado por defecto.


You Can Get Hacked Just By Watching This Cat Video on YouTube – The Intercept

You Can Get Hacked Just By Watching This Cat Video on YouTube – The Intercept.

By 190

Many otherwise well-informed people think they have to do something wrong, or stupid, or insecure to get hacked—like clicking on the wrong attachments, or browsing malicious websites. People also think that the NSA and its international partners are the only ones who have turned the internet into a militarized zone. But according to research I am releasing today at the Citizen Lab at the University of Toronto’s Munk School of Global Affairs, many of these commonly held beliefs are not necessarily true. The only thing you need to do to render your computer’s secrets—your private conversations, banking information, photographs—transparent to prying eyes is watch a cute cat video on YouTube, and catch the interest of a nation-state or law enforcement agency that has $1 million or so to spare.

To understand why, you have to realize that even in today’s increasingly security-conscious internet, much of the traffic is still unencrypted. You might be surprised to learn that even popular sites that advertise their use of encryption frequently still serve some unencrypted content or advertisements. While people now recognize that unencrypted traffic can be monitored, they may not recognize that it also serves as a direct path into compromising their computers.

Companies such as Hacking Team and FinFisher sell devices called “network injection appliances.” These are racks of physical machines deployed inside internet service providers around the world, which allow for the simple exploitation of targets. In order to do this, they inject malicious content into people’s everyday internet browsing traffic. One way that Hacking Team accomplishes this is by taking advantage of unencrypted YouTube video streams to compromise users. The Hacking Team device targets a user, waits for that user to watch a YouTube clip like the one above, and intercepts that traffic and replaces it with malicious code that gives the operator total control over the target’s computer without his or her knowledge. The machine also exploits Microsoft’s login.live.com web site in the same manner.

Fortunately for their users, both Google and Microsoft were responsive when alerted that commercial tools were being used to exploit their services, and have taken steps to close the vulnerability by encrypting all targeted traffic. There are, however, many other vectors for companies like Hacking Team and FinFisher to exploit.

In today’s internet, there are few excuses for any company to serve content unencrypted. Anyunencrypted traffic can be maliciously tampered with in a manner that is invisible to the average user. The only way to solve this problem is for web providers to offer fully encrypted services.


Cryptocat, el chat que burló a la NSA, lanza una campaña de crowdfunding

Cryptocat, el chat que burló a la NSA, lanza una campaña de crowdfunding.

Cryptocat es una extensión para Firefox, Google Chrome, Safari, Opera, iPhone y OS X que permite cifrar nuestras conversaciones de manera sencilla

Su creador pide 30.000 euros para desarrollar una aplicación para Android, mejorar la de iPhone e implementar chats de audio y vídeo

 

 

Nadim Kobeissi, creador de Cryptocat, en la RightsCon Rio 2012

Nadim Kobeissi, creador de Cryptocat, en la RightsCon Rio 2012. / Jim Killock

 

 

Glenn Greenwald, el periodista que destapó la vigilancia de la NSA, reconoce en su nuevo libro que cuando estaba en Hong Kong con Edward Snowden y Laura Poitras y no pudo conectarse por el protocolo de mensajería cifrada OTR, usó Cryptocat para comunicarse con The Guardian de manera segura.

Este plugin para el navegador acaba de lanzar una campaña en Kickstarter para financiar su desarrollo este verano. Su creador, el libanés Nadim Kobeissi, pretende acercar las conversaciones cifradas a todos los públicos, y pide cerca de 30.000 euros (45.000 dólares canadienses) para lanzar una versión para Android, mejorar la aplicación de iPhone y comenzar a trabajar en chats de audio y vídeo cifrados.

Cryptocat es, por ahora, una extensión para los navegadores Firefox, Google Chrome, Safari y Opera, y una aplicación para OSX y para iPhone. Su uso es muy sencillo, uno instala la extensión, elige un apodo y entra en una sala de chat segura. Se pueden tener conversaciones uno a uno o con más participantes, al estilo IRC. La sesión OTR, que funciona a través del protocolo XMPP, se ejecuta en el navegador de manera local, aumentando así la seguridad de las conversaciones. Todas ellas están cifradas extremo a extremo, aunque como ellos mismos avisan en su página web, “no es una herramienta infalible a la que debas confiar tu vida”. La última versión soporta conversaciones a través de Facebook Messenger y transferencia de archivos segura.


Edward Snowden urges professionals to encrypt client communications | World news | theguardian.com

Edward Snowden urges professionals to encrypt client communications | World news | theguardian.com.

Exclusive: Whistleblower says NSA revelations mean those with duty to protect confidentiality must urgently upgrade security• Watch Snowden’s interview with the Guardian in Moscow• Read the full interview with Snowden by Alan Rusbridger and Ewen MacAskill on Friday

The NSA whistleblower, Edward Snowden, has urged lawyers, journalists, doctors, accountants, priests and others with a duty to protect confidentiality to upgrade security in the wake of the spy surveillance revelations.

Snowden said professionals were failing in their obligations to their clients, sources, patients and parishioners in what he described as a new and challenging world.

“What last year’s revelations showed us was irrefutable evidence that unencrypted communications on the internet are no longer safe. Any communications should be encrypted by default,” he said.

The response of professional bodies has so far been patchy.

A minister at the Home Office in London, James Brokenshire, said during a Commons debate about a new surveillance bill on Tuesday that a code of practice to protect legal professional privilege and others requiring professional secrecy was under review.

Snowden’s plea for the professions to tighten security came during an extensive and revealing interview with the Guardian in Moscow.

The former National Security Agency and CIA computer specialist, wanted by the US under the Espionage Act after leaking tens of thousands of top secret documents, has given only a handful of interviews since seeking temporary asylum in Russia a year ago.

Edward Snowden during his interview with Guardian editor Alan Rusbridger and reporter Ewen MacAskill Edward Snowden during his interview with the Guardian in Moscow. Photograph: Alan Rusbridger for the Guardian

During the seven hours of interview, Snowden:

• Said if he ended up in US detention in Guantánamo Bay he could live with it.

• Offered rare glimpses into his daily life in Russia, insisting that, contrary to reports that he is depressed, he is not sad and does not have any regrets. He rejected various conspiracy theories surrounding him, describing as “bullshit” suggestions he is a Russian spy.

• Said that, contrary to a claim he works for a Russian organisation, he was independently secure, living on savings, and money from awards and speeches he has delivered online round the world.

• Made a startling claim that a culture exists within the NSA in which, during surveillance, nude photographs picked up of people in “sexually compromising” situations are routinely passed around.

• Spoke at length about his future, which seems destined to be spent in Russia for the foreseeable future after expressing disappointment over the failure of western European governments to offer him a home.

• Said he was holding out for a jury trial in the US rather a judge-only one, hopeful that it would be hard to find 12 jurors who would convict him if he was charged with an offence to which there was a public interest defence. Negotiations with the US government on a return to his country appear to be stalled.


Yahoo unveils encryption measures to protect users' data | Technology | theguardian.com

Yahoo unveils encryption measures to protect users’ data | Technology | theguardian.com.

Response to Snowden revelations aims to make encryption the default for all traffic through Yahoo

 

 

Marissa Mayer:
Marissa Mayer: ‘intimately involved’ in encryption project. Photograph: Peter Kramer/AP

 

Yahoo has announced major steps to encrypt its users’ data in the wake of whistleblower Edward Snowden’s revelations about the extent of government surveillance of private citizens.

Alex Stamos, Yahoo’s recently appointed chief information security officer, said on Wednesday his ultimate aim was to make sure “all traffic through Yahoo will be encrypted by default”.

The company set out details of its moves in a blog post. They include:

  • Traffic moving between Yahoo data centres is now fully encrypted.
  • Yahoo has enabled encryption of mail between its servers and other mail providers.
  • The Yahoo homepage and all search queries that run on it have https encryption enabled by default.
  • Yahoo News, Yahoo Sports, Yahoo Finance, and Good Morning America on Yahoo can be encrypted by typing “https” before the site URL in their web browser.
  • A new, encrypted, version of Yahoo Messenger will be deployed within months to stop mass government spying on webcam chats.

Stamos, a well-known security researcher, was an outspoken critic of the National Security Agency’s (NSA) mass surveillance programme before he joined Yahoo.

He said the moves would make it much more difficult for governments, or other parties, to collect information wholesale from the public.


Has the NSA’s mass spying made life easier for digital criminals? | Technology | theguardian.com

Has the NSA’s mass spying made life easier for digital criminals? | Technology | theguardian.com.

In flooding the internet with malware, and by increasing wariness of data sharing, the NSA’s actions have had a negative impact on the fight against cybercrime

A man hands out 'RSA sold us out' ribbons near Moscone West for the badges of people attending the RSA conference.
A man hands out ‘RSA sold us out’ protest ribbons near Moscone West to people attending the RSA conference. Photograph: Steve Rhodes/Demotix/Corbis

Thousands of the world’s security professionals, mostly of them middle-aged white males, gathered in San Francisco last week for the annual RSA Conference.

Traditionally, it’s the time of year vendors hawk their gear in halls containing a perturbing whiff of ammonia, research announcements provide relief from the festival of commerce, and government mandarins hobnob with corporate types – all with the implied intent to work together to protect people’s data.

Yet 2014’s event was always going to be a bit different. RSA, the security company hosting the event, had to defend itself against criticism over an alleged $10m deal with the National Security Agency (NSA) to include flawed encryption in its products.

The company’s chief, Art Coviello, outright denied any wrongdoing, saying RSA was only following advice given by the US government’s National Institute of Standards and Technology (NIST).

RSA’s excuses have convinced some onlookers, others remain sceptical. But the organisation that took far more flak this week was the NSA itself, which had its own booth on the trade floor, albeit a considerably plainer one than the surrounding neon-clad stalls of commercial firms.

There was one criticism, amid the understandable ire around the damage done to global privacy, which stood out: that the NSA’s mass spying had perversely made life easier for digital criminals.

Data sharing in danger

Cross-border data-sharing mechanisms – a critical part in both online and non-internet crime investigations – have come under threat since the Edward Snowden leaks. Even though information-sharing deals covering banking and airline passenger data just about survived calls to suspend them, the Snowden files have caused problems for collaboration between public and private bodies.

The heightened tensions lie not between law enforcement agencies, but between police and other organisations that potentially hold valuable information for investigations. “The impact is more [with] third parties giving more consideration to sharing their data with agencies or other departments,” said Charlie McMurdie, formerly the head of the defunct Metropolitan Police Central e-Crime Unit and now senior crime adviser at PricewaterhouseCoopers.

“This can have a negative impact on law enforcement ability to respond to or progress investigations, but on the positive side [this] has also made third parties think more about where their data exists, security and sharing protocols, which isn’t a bad thing.”

A recent European Commission report on trust between the US and the EU following the leaks last year said: “Information sharing is … an essential component of EU-US security cooperation, critically important to the common goal of preventing and combating serious crime and terrorism. However, recent revelations about US intelligence collection programmes have negatively affected the trust on which this cooperation is based. In particular, it has affected trust in the way personal data is processed.”

Discussions are ongoing about an umbrella agreement covering law enforcement data sharing, with much talk of the need to ensure safeguards are in place, with “strict conditions”.

The US government has already seen the impact. In response to a Guardian question on the effect of Snowden’s revelations on data sharing, Phyllis Schneck, the chief cybersecurity official at the US Department of Homeland Security, said the government body’s partners were “feeling it”.