Microsoft responsabiliza a la Agencia de Seguridad Nacional de EE.UU. de propiciar el ciberataque masivo que afectó al menos a 150 países – El Mostrador

El gigante de la informática criticó el papel de los gobiernos y organizaciones que coleccionan vulnerabilidades informáticas que después pueden ser robadas o vendidas a delincuentes informáticos. La empresa pide que lo sucedido sea una lección para erradicar esta práctica en el mundo.

Fuente: Microsoft responsabiliza a la Agencia de Seguridad Nacional de EE.UU. de propiciar el ciberataque masivo que afectó al menos a 150 países – El Mostrador


WannaCry: por qué los expertos creen que puede haber otro ciberataque muy pronto – El Mostrador

Expertos en informática advierten que un nuevo ataque global con un brote de ransomware es “inminente” y que incluso podría ser lanzado el lunes. BBC Mundo te cuenta los detalles y cómo protegerte de estos virus.

Fuente: WannaCry: por qué los expertos creen que puede haber otro ciberataque muy pronto – El Mostrador


Google Chrome Will Start Shaming Unencrypted Websites in January | Motherboard

Starting in January of 2017, Google’s Chrome browser will start flagging some websites that don’t use web encryption as “Not Secure”—the first step in Google’s eventual plan to shame all sites that don’t use encryption.

Fuente: Google Chrome Will Start Shaming Unencrypted Websites in January | Motherboard


El pionero satélite cuántico chino que puede revolucionar las comunicaciones del mundo – El Mostrador

Se trata de un millonario y ambicioso proyecto apodado QUESS, que pone al gigante asiático a la cabeza de una revolución tecnológica: crear nuevas redes de comunicación globales a prueba de hackeos.

Fuente: El pionero satélite cuántico chino que puede revolucionar las comunicaciones del mundo – El Mostrador


Security Tips Every Signal User Should Know

Although Signal is well-designed, there are extra steps you must take if you want to maximize the security for your most sensitive conversations — the ones that could be misinterpreted by an employer, client, or airport security screener; might be of interest to a snooping government, whether at home or abroad; or could allow a thief or hacker to blackmail you or steal your identity.

Fuente: Security Tips Every Signal User Should Know


Take that, FBI: Apple goes all in on encryption | Technology | The Guardian

The new feature is just the latest move towards more widespread encryption in consumer technology products following Apple’s standoff with the FBI earlier in 2016, in which it refused to help the agency weaken its own security processes to access information on an iPhone belonging to a terrorist. Facebook and Google both pledged support for Apple during the fight, and both are subsequently reported to be planning encrypted versions of their messaging apps.

Fuente: Take that, FBI: Apple goes all in on encryption | Technology | The Guardian


El celular de 16 mil dólares que ofrece seguridad militar a los famosos – El Mostrador

El nuevo celular de la startup londinense Sirin Labs se jacta de ser el mejor en lo que a seguridad se refiere: tiene un sistema de cifrado “nivel militar”.

Fuente: El celular de 16 mil dólares que ofrece seguridad militar a los famosos – El Mostrador


¿Hasta qué punto son seguras las telecomunicaciones cifradas? – El Mostrador

Con la mirada puesta en la anhelada meta de la privacidad, la universalización del cifrado para la seguridad de las telecomunicaciones en internet se perfila ya como un camino sin retorno, avalado por los últimos movimientos de populares plataformas en el sector, aunque teñido de sombras.

Fuente: ¿Hasta qué punto son seguras las telecomunicaciones cifradas? – El Mostrador


Forget Apple's fight with the FBI – our privacy catastrophe has only just begun | Technology | The Guardian

The privacy crisis is a disaster of our own making – and now the tech firms who gathered our data are trying to make money out of privacy

Fuente: Forget Apple’s fight with the FBI – our privacy catastrophe has only just begun | Technology | The Guardian


Obama Wants Nonexistent Middle Ground on Encryption, Warns Against “Fetishizing Our Phones”

Obama’s first extended disquisition on the contentious issue of encryption suggests he’s only been listening to one side.

Fuente: Obama Wants Nonexistent Middle Ground on Encryption, Warns Against “Fetishizing Our Phones”


Snowden: FBI's claim it can't unlock the San Bernardino iPhone is 'bullshit' | Technology | The Guardian

NSA whistleblower rubbishes claims that only Apple can unlock killer’s iPhone 5C, indicating FBI has the means itself

Fuente: Snowden: FBI’s claim it can’t unlock the San Bernardino iPhone is ‘bullshit’ | Technology | The Guardian


NSA Is Mysteriously Absent From FBI-Apple Fight

The Federal Bureau of Investigation insisted that it was helpless. The bureau told a judge in February that Apple has the “exclusive technical means” to try to unlock the contents of San Bernardino shooter Syed Rizwan Farook’s iPhone — and that’s why it should be forced to do so. But notably missing from the FBI’s argument was any mention of whether it had consulted spies and sleuths from the government’s intelligence community — particularly the National Security Agency. The Twitterverse exploded with q

Fuente: NSA Is Mysteriously Absent From FBI-Apple Fight


Apple gains support from tech rivals in FBI case – FT.com

ft.com > Companies >TechnologySubscribe Sign in Home World Companies Energy Financials Health Industrials Luxury 360 Media Retail & Consumer Tech Telecoms Transport By Region Tools Markets Global Economy Lex Comment Management Life & Arts March 4, 2016 2:25 amApple gains support from tech rivals in FBI caseTim Bradshaw in San Francisco Share Print Clip CommentsFBI and Apple logos©FBI/AppleAmerica’s largest technology companies have joined Apple’s fight against the government over data protection and security, in an unusual display of unity by the Silicon Valley rivals.More than a dozen motions filed on Thursday sided with Apple as it tries to resist a demand to write software that would help the FBI unlock the San Bernardino shooter’s iPhone. Civil liberties groups and IT trade associations lined up alongside dozens of law professors and cryptography experts, after Apple filed its own motion for the judicial order to be withdrawn last week.

Fuente: Apple gains support from tech rivals in FBI case – FT.com


What has the FBI ordered Apple to do and why is it refusing? – FT.com

What has Apple been ordered to do?The US court has told Apple to write a piece of software that lowers an iPhone’s defences, enabling the FBI to use brute force to break in by bombarding the device with many possible passwords until it gets the right answer. The new tool would do three things:

Fuente: What has the FBI ordered Apple to do and why is it refusing? – FT.com


Wanting it badly isn't enough: backdoors and weakened crypto threaten the net / Boing Boing

As you know, Apple just said no to the FBI’s request for a backdoor in the iPhone, bringing more public attention to the already hot discussion on encryption, civil liberties, and whether “those in authority” should have the ability to see private content and communications — what’s referred to as “exceptional access.”

Fuente: Wanting it badly isn’t enough: backdoors and weakened crypto threaten the net / Boing Boing


EFF, ACLU, and Amnesty International voice support for Apple in FBI battle | The Verge

The American Civil Liberties Union (ACLU), Electronic Frontier Foundation (EFF), and Amnesty International have come out in support of Apple, after the company said it would contest a judge’s order to unlock an iPhone used by one of the San Bernardino shooters.

Fuente: EFF, ACLU, and Amnesty International voice support for Apple in FBI battle | The Verge


Apple’s FBI Battle Is Complicated. Here’s What’s Really Going On | WIRED

The news this week that a magistrate ordered Apple to help the FBI hack an iPhone used by one of the San Bernardino shooter suspects has polarized the nation—and also generated some misinformation.  In the interest of clarifying the facts and correcting some misinformation, we’ve pulled together a summary of the issues at hand.

Fuente: Apple’s FBI Battle Is Complicated. Here’s What’s Really Going On | WIRED


We cannot trust our government, so we must trust the technology | US news | The Guardian

Apple’s battle with the FBI is not about privacy v security, but a conflict created by the US failure to legitimately oversee its security service post Snowden

Fuente: We cannot trust our government, so we must trust the technology | US news | The Guardian


Bill Gates backs FBI in battle with Apple over San Bernardino killer's phone | Technology | The Guardian

US government is asking for a particular case, and Apple should comply, says Microsoft co-founder Gates

Fuente: Bill Gates backs FBI in battle with Apple over San Bernardino killer’s phone | Technology | The Guardian


Hillary Clinton and Bernie Sanders Refuse to Choose Between Apple and the FBI

Both candidates tried to occupy a middle ground that doesn’t really exist – either in the war between Apple and the FBI, or when it comes to the spread of unbreakable encryption.

Fuente: Hillary Clinton and Bernie Sanders Refuse to Choose Between Apple and the FBI


FBI Says Apple Court Order Is Narrow, But Other Law Enforcers Hungry to Exploit It

The Justice Department says Apple can destroy the hacking software it makes after it’s used once. But other law enforcers are already lining up to use it themselves.

Fuente: FBI Says Apple Court Order Is Narrow, But Other Law Enforcers Hungry to Exploit It


Cómo empezar a utilizar el navegador anónimo Tor, paso a paso

Tor es una de las mejores herramientas para conectarse a Internet de manera segura (si no la mejor). Aunque no es perfecta, configurarla es tan sencillo que cualquier persona que acceda a la web con frecuencia debería tenerla instalada y lista para usarse. Te explicamos cómo hacerlo. Dejando a un lado el apartado técnico, conectarse […]

Fuente: Cómo empezar a utilizar el navegador anónimo Tor, paso a paso


Comey Calls on Tech Companies Offering End-to-End Encryption to Reconsider “Their Business Model”

The FBI director essentially wants tech companies to roll back secure encryption to something less secure that law enforcement can intercept.

Fuente: Comey Calls on Tech Companies Offering End-to-End Encryption to Reconsider “Their Business Model”


Hacker-fighting prowess on show at cyber security conference – FT.com

Hacker-fighting prowess on show at cyber security conference – FT.com.

A man types on a laptop computer in an arranged photograph taken in Tiskilwa, Illinois, U.S., on Thursday, Jan. 8, 2015. U.S. officials are discussing whether new standards should be set for government action in response to hacks like the one suffered by Sony Pictures Entertainment, such as if a certain level of monetary damage is caused or if values such as free speech are trampled, National Security Agency Director Michael Rogers said in an interview with Bloomberg News. Photographer: Daniel Acker/Bloomberg©Bloomberg

When cyber security start-ups set out their stalls at the industry‘s largest annual conference on Monday, they will be looking to show off their hacker-fighting prowess not just to buyers of security products, but also to Wall Street investors.

A new generation of cyber security companies is preparing to go public, as analysts predict a rise in security spending by boards desperate to protect themselves from becoming the next Sony Pictures, Home Depot or Target.

Dan Ives, an analyst at FBR Capital Markets, says investors will be flocking to the RSA Conference in San Francisco this week because cyber security is a $15bn-$20bn market opportunity in the next three years.

“Seven or eight years ago you could hear a pin drop at RSA,” he said. “Now it is going to be like a Bon Jovi rock concert.”

“It is the seminal event in cyber security: the new year’s eve, the wedding, the bar mitzvah,” he added.

VC funds have been flooding into cyber security, surpassing $1bn for the first time in the first quarter of 2015, according to data from private company research firm PrivCo. VC funding for security software start-ups hit $2.3bn in 2014, up more than a third from the year before. Just four years ago, less than $1bn was raised by cyber security companies for a whole year.

 


Qué es y cómo usar PGP en tu vida diaria – FayerWayer

Qué es y cómo usar PGP en tu vida diaria – FayerWayer.

El sistema de cifrado PGP cifra tus correos y comunicaciones de forma segura, de persona a persona.

Cuando Edward Snowden y Laura Poitras lograron ponerse en contacto y burlar a las agencia de seguridad estadounidenses y sus aliados gracias a que una de sus primeras comunicaciones fue encriptada. En ese correo electrónico Snowden le pedía a Poitras que aumentara el nivel de seguridad de su correo con una nueva llave más segura ya que la NSA es capaz de generar un trillón de contraseñas por segundo.

 

Snowden, Poitras y millones de personas ahora usan cada día cifrado para proteger sus comunicaciones. No se trata de hacer más difícil a la NSA saber qué dices, se trata de proteger cualquier tipo de información persona de cualquier otra persona, organización o sistema exterior que intenta espiarte.

 

PGP es uno de los sistemas de cifrado más comunes y usados del mundo, también uno de los más seguros. El acrónimo de Pretty Good Privacy es un desarrollo original de Phil Zimmermann, que hoy en día tiene sus esfuerzos puestos en Silent Cirle, una empresa que quiere crear sistemas seguros para comunicaciones globales cuyo primer producto físico fue BlackPhone, que recientemente se actualizó en su segunda edición Blackphone 2.

 

PGP es un criptosistema que cifra el contenido de un texto comprimiéndolo buscando patrones repetitivos en el texto, de la misma forma que por ejemplo la compresión de un archivo JPEG busca patrones repetitivos en la imagen para hacer más ligero el archivo.

 

¿Por qué cifrar tus comunicaciones?

 

No se trata de que tengas algo que esconder, si no de que tienes comunicaciones que no tienen porque ser escuchadas o leídas por otras personas.

El cifrado de mensajes es algo que hoy por hoy es tedioso y que requiere que un mínimo de dos personas tengan llaves públicas para poder enviarse un correo cifrado y no fallar en el intento. Pero como muchas de las tecnologías que se veían complicadas, poco a poco hay más aplicaciones y servicios que ponen la seguridad por delante, ya sea haciendo extremadamente fácil el cifrar un email como lo hace Yahoo, o integrando en una aplicación cifrado por defecto.


Passphrases That You Can Memorize — But That Even the NSA Can't Guess – The Intercept

Passphrases That You Can Memorize — But That Even the NSA Can’t Guess – The Intercept.

Featured photo - Passphrases That You Can Memorize — But That Even the NSA Can’t Guess

It’s getting easier to secure your digital privacy. iPhones now encrypt agreat deal of personal information; hard drives on Mac and Windows 8.1computers are now automatically locked down; even Facebook, which made a fortune on open sharing, is providing end-to-end encryption in the chat tool WhatsApp. But none of this technology offers as much protection as you may think if you don’t know how to come up with a good passphrase.

A passphrase is like a password, but longer and more secure. In essence, it’s an encryption key that you memorize. Once you start caring more deeply about your privacy and improving your computer security habits, one of the first roadblocks you’ll run into is having to create a passphrase. You can’t secure much without one.

For example, when you encrypt your hard drive, a USB stick, or a document on your computer, the disk encryption is often only as strong as your passphrase. If you use a password database, or the password-saving feature in your web browser, you’ll want to set a strong master passphrase to protect them. If you want to encrypt your email with PGP, you protect your private key with a passphrase. In his first email to Laura Poitras, Edward Snowden wrote, “Please confirm that no one has ever had a copy of your private key and that it uses a strong passphrase. Assume your adversary is capable of one trillion guesses per second.”

In this post, I outline a simple way to come up with easy-to-memorize but very secure passphrases. It’s the latest entry in an ongoing series of stories offering solutions — partial and imperfect but useful solutions — to the many surveillance-related problems we aggressively report about here atThe Intercept.

It turns out, coming up with a good passphrase by just thinking of one is incredibly hard, and if your adversary really is capable of one trillion guesses per second, you’ll probably do a bad job of it. If you use an entirely random sequence of characters it might be very secure, but it’s also agonizing to memorize (and honestly, a waste of brain power).

But luckily this usability/security trade-off doesn’t have to exist. There is a method for generating passphrases that are both impossible for even the most powerful attackers to guess, yet very possible for humans to memorize. The method is called Diceware, and it’s based on some simple math.


Proyecto Tor: cómo es la comunidad alrededor de la red que resiste a la NSA

Proyecto Tor: cómo es la comunidad alrededor de la red que resiste a la NSA.


En la Deep Web no hay sólo delitos, también existe la mayor red de seguridad y privacidad que navega sobre internet y permite que activistas, periodistas, empresas y hasta fuerzas de seguridad compartan trabajen de forma segura

Hablamos con Nick Mathewson, uno de sus fundadores y otros miembros de la organización para entender cómo funciona una comunidad que trabaja para proteger la libertad de expresión y la privacidad de personas en todo el mundo

Cómo se financian, cómo trabajan con fuerzas de seguridad y las dudas sobre su vulnerabilidad después del ataque en enero del año pasado

¿Qué fue primero en la Deep Web: la oscura leyenda del anonimato y los mercaderes sórdidos de Silk Road o la comunidad de hackers y activistas que luchan por los derechos de la sociedad civil en lo que quizás ya sea el único reducto no controlado por la NSA? De lo primero se ha hablado ya demasiado en los medios de forma bastante desinformada, como si uno escribiese sobre un barrio sólo cuando hay un asesinato en una de sus calles. De lo que no se habla tanto -quizás  porque la mayoría de periodistas y medios tradicionales en España no lo usan aún- es de la red Tor y la comunidad que trabaja alrededor de ellos en lo que se denomina Proyecto Tor.
Alrededor de 60 miembros de Tor aprovecharon elCircumvention Tech Festival en Valencia para verse las caras. Hablamos con ellos para saber más sobre las personas detrás de la red segura que la misma NSA definió como “ el rey de la seguridad del anonimato en internet, sin sucesores al trono“.

PGP creator Phil Zimmermann: 'Intelligence agencies have never had it so good' | Technology | The Guardian

PGP creator Phil Zimmermann: ‘Intelligence agencies have never had it so good’ | Technology | The Guardian.

Phil Zimmermann: 'End-to-end encryption is everywhere now: in browsers, online banking...'

 Phil Zimmermann: ‘End-to-end encryption is everywhere now: in browsers, online banking…’

The recent hack against Sony Pictures is likely to have made companies of all sizes consider upping their cybersecurity measures. Perhaps, though, it’s also a different kind of wake-up call: a reason to think less about security, and more about privacy.

That’s the belief of Phil Zimmermann – the creator of email encryption software Pretty Good Privacy (PGP), and now president and co-founder of secure communications company Silent Circle – initially expressed in a blog post, and expanded on in an interview with the Guardian.

“Sony had all kinds of things: intrusion detection, firewalls, antivirus … But they got hacked anyway. The security measures that enterprises do frequently get breached. People break in anyway: they overcome them,” says Zimmermann.

“A lot of this stuff could have been encrypted. If those emails had been encrypted with PGP or GnuPG, the hackers wouldn’t have gotten very far. Those movie scripts that they stole? They could have been encrypted too.”

Zimmermann hopes that companies will look at what happened to Sony, and use it as a spur to explore encryption as a way to protect their employees’ privacy, rather than ramping up their spending on security measures to protect their data.

“People don’t think of privacy much when they think about enterprises, but enterprise privacy is a real thing: it’s the collective privacy of everybody in the company, and the privacy of the company assets as well,” he says.

“In Sony’s case, there were emails about Hollywood actresses that got breached. That’s connected with personal privacy. I think companies retain too much information.”

If more businesses shift their thinking from security to privacy, it’ll be good news for Silent Circle, which offers technology for encrypted voice calls, video chat and messaging, as well as being a key part of the privacy-focused Blackphonesmartphone.


¿Reemplazar Gmail y Dropbox por una alternativa segura? Nadim Kobeissi (@kaepora) muestra que es posible | Manzana Mecánica

¿Reemplazar Gmail y Dropbox por una alternativa segura? Nadim Kobeissi (@kaepora) muestra que es posible | Manzana Mecánica.

Peerio es un innovador sistema de mensajería y almacenamiento con énfasis en ser fácil de usar, permitir comunicaciones seguras y la posibilidad de compartir grandes archivos. Utiliza encriptación punto-a-punto, lo que significa que la gente que opera Peerio intencionalmente excluye la posibilidad de tener acceso a tus mensajes o tus archivos.

Para registrarse en Peerio, hay que descargar alguno de los programas disponibles: hay versiones para Google Chrome (multi-platforma), Windows y Mac, y versiones para Android e iOS están en desarrollo. Es necesario descargar el programa porque la encriptación ocurre localmente, algo que no es posible hacer de forma completamente segura cuando uno utiliza un sitio web, a menos que uno confíe ciegamente en los desarrolladores de tal sitio (que en general no es buena idea).


“Nuestra privacidad se ha terminado y es casi imposible recuperarla” | Tecnología | EL PAÍS

“Nuestra privacidad se ha terminado y es casi imposible recuperarla” | Tecnología | EL PAÍS.

Leonard Kleinrock gana el Premio Fundación BBVA Fronteras del Conocimiento

Leonard Kleinroc, uno de los padres fundadores de Internet. / FBBVA

El lado oscuro de Internet. No es metáfora periodística, sino cómo define uno de los padres de la red, el ingeniero estadounidense Leonard Kleinroc, la cara más amarga de la globalización digital que vivimos. El ataque de ayer a las redes sociales del Comando Central de Estados Unidos o la ciberguerra entre Estados Unidos y Corea del Norte son dos de los últimos ejemplos de una tendencia creciente: “Muestran ese lado oscuro de Internet que ha emergido últimamente y que crecerá en el futuro”.

La felicidad por haber ganado hoy el Premio Fundación BBVA Fronteras del Conocimiento —que considera “un galardón a todos los pioneros que contribuyeron a la creación de Internet”— no es óbice para que hable sobre los nubarrones en la era digital sin tapujos. Especialmente en si esa esfera privada que creemos tener existe ya: “En su mayor parte, nuestra privacidad se ha terminado y es casi imposible recuperarla”, sentencia Kleinroc. Es más, cree que los culpables en realidad somos todos: “La dimos voluntariamente, al menos en pequeñas fracciones, a lo largo del camino”. Kleinroc cree además que la gente es “inconsciente de hasta que punto organizaciones y grupos de individuos explotan sus datos para sus intereses”.


You Can Get Hacked Just By Watching This Cat Video on YouTube – The Intercept

You Can Get Hacked Just By Watching This Cat Video on YouTube – The Intercept.

By 190

Many otherwise well-informed people think they have to do something wrong, or stupid, or insecure to get hacked—like clicking on the wrong attachments, or browsing malicious websites. People also think that the NSA and its international partners are the only ones who have turned the internet into a militarized zone. But according to research I am releasing today at the Citizen Lab at the University of Toronto’s Munk School of Global Affairs, many of these commonly held beliefs are not necessarily true. The only thing you need to do to render your computer’s secrets—your private conversations, banking information, photographs—transparent to prying eyes is watch a cute cat video on YouTube, and catch the interest of a nation-state or law enforcement agency that has $1 million or so to spare.

To understand why, you have to realize that even in today’s increasingly security-conscious internet, much of the traffic is still unencrypted. You might be surprised to learn that even popular sites that advertise their use of encryption frequently still serve some unencrypted content or advertisements. While people now recognize that unencrypted traffic can be monitored, they may not recognize that it also serves as a direct path into compromising their computers.

Companies such as Hacking Team and FinFisher sell devices called “network injection appliances.” These are racks of physical machines deployed inside internet service providers around the world, which allow for the simple exploitation of targets. In order to do this, they inject malicious content into people’s everyday internet browsing traffic. One way that Hacking Team accomplishes this is by taking advantage of unencrypted YouTube video streams to compromise users. The Hacking Team device targets a user, waits for that user to watch a YouTube clip like the one above, and intercepts that traffic and replaces it with malicious code that gives the operator total control over the target’s computer without his or her knowledge. The machine also exploits Microsoft’s login.live.com web site in the same manner.

Fortunately for their users, both Google and Microsoft were responsive when alerted that commercial tools were being used to exploit their services, and have taken steps to close the vulnerability by encrypting all targeted traffic. There are, however, many other vectors for companies like Hacking Team and FinFisher to exploit.

In today’s internet, there are few excuses for any company to serve content unencrypted. Anyunencrypted traffic can be maliciously tampered with in a manner that is invisible to the average user. The only way to solve this problem is for web providers to offer fully encrypted services.


Privacy boom brings digital paranoia into the open – FT.com

Privacy boom brings digital paranoia into the open – FT.com.

High quality global journalism requires investment. Please share this article with others using the link below, do not cut & paste the article. See our Ts&Cs and Copyright Policy for more detail. Email ftsales.support@ft.com to buy additional rights. http://www.ft.com/cms/s/0/f970d000-0291-11e4-a68d-00144feab7de.html#ixzz36Vcdb6PE

The growing interest in secrecy should serve as a wake-up call
Cyber crime security ID©Dreamstime

There seems to be a booming market in paranoia. The Blackphone, which went on sale in the US this week, is purpose-built for the post-Snowden era: it encrypts all of a user’s data and comes preloaded with apps designed with secrecy in mind to block “information leakage”.

Then there is Wickr, a messaging system that boasts far more robust encryption than that available on other widely used services. It raised a hefty $30m in venture capital last week.

In a telling sign of the times, the Wickr investment was led by Jim Breyer, a Silicon Valley venture capitalist best known for making a killing on Facebook. The culture of secrecy-minded companies such as Wickr is far removed from the heightened transparency that fuels Facebook’s social network.

This is still a decidedly niche market. The vast audiences of companies such as Google and Facebook have not turned away because governments have sought to penetrate their systems or because of their periodic privacy gaffes.

For most internet users, the immediate gratification of using a search engine or social network – and the advantages of bringing their “real world” identities online – far outweighs any abstract concern about notional privacy trade-offs.

But the growing interest in secrecy should come as a wake-up call. The Snowden leaks have served as a reminder of the information-gathering practices of the internet companies. “Big data” has become an industry branding nightmare, conjuring images of vast pools of private information waiting to be tapped by spies or sold to the highest bidder.

Internet companies are only just beginning to combat this conflation of illicit surveillance and commercial data gathering.

The first response has been to try to show that they are serious about taking their users’ side against overreaching governments. That has meant greater use of encryption in their networks and a more robust rejection of official requests that stop short of legally binding orders.

But it is hard to mount a convincing argument that users’ interests always come first when one of the longest-running privacy debates – about the use of cookies to track users and send targeted advertising – remains unresolved. In the US, the failure of the online advertising industry to come up with an effective “do not track” system has been an enduring reminder of the contradiction that lies at the heart of advertising-driven services.

Mobile apps have become another sore point. They usually involve a take it or leave it choice: most require users to consent to them accessing a wide array of personal information while giving little idea about how it will be used.

Trusting the companies that hold data will require a leap of faith. That explains why Apple made much of privacy at its recent developers’ conference when it revealed the digital platforms it was building for the internet of things

The Blackphone’s default settings block apps that seek to tap into things such as a user’s location and contact lists. But given the data promiscuity of the average smartphone app, anyone opting for these settings would be barred from many of the most widely used smartphone services.

The internet of things – the coming mass of smartwatches, intelligent home thermostats and other connected gadgets – is about to present a new test.

Much of the information collected by these devices will have even greater personal sensitivity. In some cases it will involve health data, gathered from fitness trackers or from sensors around the body. In others, it will include intimate details of what is happening inside users’ homes, collected through things such as security cameras and other smart monitors.

Trusting the companies that hold this data will require a leap of faith. That explains why Apple made much of privacy at its recent developers’ conference when it revealed the digital platforms it was building for the internet of things.

Its HealthKit and HomeKit are intended to become two of the data hubs of the connected physical world. They will draw information from many devices to assemble a comprehensive, deeply personal picture of their users’ lives.

It also explains why chief executive Tim Cook broke with his normal tempered delivery to pour scorn on Google’s Android mobile operating system, quoting an article describing it as a “toxic hellstew of vulnerabilities”. Apple, with its reputation for managing a controlled, “closed” system, may start in a stronger position in this new world than Google, with its preference for more open platforms.

For now, convenience still trumps paranoia when it comes to the use of everyday digital services. But without a concerted effort to address the proliferating privacy issues, that won’t be something that can always be taken for granted.

Richard Waters is the Financial Times’ West Coast Editor

 


Guardian launches SecureDrop system for whistleblowers to share files | Technology | theguardian.com

Guardian launches SecureDrop system for whistleblowers to share files | Technology | theguardian.com.

SecureDrop platform allows sources to submit documents and data while avoiding most common forms of online tracking

SecureDrop
SecureDrop makes use of well-known anonymising technology such as the Tor network and the Tails operating system

The Guardian has launched a secure platform for whistleblowers to securely submit confidential documents to the newspaper’s reporters.

The launch comes a year to the day since the Guardian posted the first of a series of NSA documents leaked by former NSA contractor Edward Snowden, sparking a worldwide debate on surveillance, privacy, and civil liberties.

Free speech and privacy groups alongside popular sites including Reddit, BoingBoing and Imgur, are marking the day with a Reset the Net campaign, encouraging internet users to take direct action to secure their privacy online. Several technology companies are also expected to announce new steps to protect users’ privacy over the course of the day.

The SecureDrop open-source whistleblowing platform provides a way for sources, who can choose to remain anonymous, to submit documents and data while avoiding virtually all of the most common forms of online tracking.

It makes use of well-known anonymising technology such as the Tor network and the Tails operating system, which was used by journalists working on the Snowden files.


10 talking points about cybersecurity and your business | Technology | theguardian.com

10 talking points about cybersecurity and your business | Technology | theguardian.com.

PwC, Interbrand, Symantec and the Institute of Risk Management talk security, crisis control and planning for the ‘absolute worst’

 

 

No company is too small to face a cybersecurity attack.
No company is too small to face a cybersecurity attack. Photograph: Pawel Kopczynski/Reuters

 

It’s the large-scale cybersecurity breaches that make the headlines: Target, Adobe, Sony and the recent concerns about the Heartbleed bug being obvious examples.

Yet businesses of every size are grappling with how to secure their networks, devices and data. A roundtable this week in London organised by Symantec – disclosure: the company sponsors The Guardian’s Secure + Protect blog – explored the issues.

Participants included Graham Hales, global CMO at Interbrand; Richard Horne, partner at PricewaterhouseCoopers; Richard Anderson, chairman of the Institute of Risk Management; and Sian John, senior cyber security strategist at Symantec. It was moderated by Tim Weber, director at Edelman.

Here are 10 of the main talking points from the event:


La NSA desmiente haber estado al tanto de la falla de Internet “Heartbleed” – BioBioChile

La NSA desmiente haber estado al tanto de la falla de Internet “Heartbleed” – BioBioChile.


Heartbleed.com

Heartbleed.com

Publicado por Gabriela Ulloa | La Información es de Agencia AFP
La agencia estadounidense encargada de interceptar comunicaciones, la NSA, desmintió el viernes las revelaciones de la agencia Bloomberg según la cual sabía de la falla de seguridad en el programa de conexiones seguras conocida como “Heartbleed”, y la habría utilizado en su beneficio.

Bloomberg, que mencionó “fuentes cercanas al caso”, afirmó que la agencia de inteligencia sabía desde hacía “al menos dos años” que existía esta falla, pero no lo había revelado sino que la había utilizado en su beneficio para obtener datos.

“Heartbleed” afecta ciertas versiones de OpenSSL, un programa libre usado para conexiones seguras en Internet, que se reconoce por ejemplo en las direcciones web que empiezan con https o un pequeño candado durante operaciones bancarias y de identificación en internet. Su existencia fue revelada al inicio de esta semana.

“La NSA no estaba al tanto de la vulnerabilidad identificada recientemente en OpenSSL, llamada falla Heartbleed, hasta que se hizo pública en el informe de una firma privada de seguridad informática. Las informaciones que establecen lo contrario son falsas”, declaró a la AFP una portavoz de la NSA, Vanee Vines.


Una grieta en la seguridad de la Red | Tecnología | EL PAÍS

Una grieta en la seguridad de la Red | Tecnología | EL PAÍS.

 

OpenSSL se crea de manera desinteresada por la comunidad informática. / KACPER PEMPEL (REUTERS / Cordon Press)

 

Un error en uno de los principales programas de conexión segura utilizado en Internet ha tenido potencialmente expuestos a millones de usuarios desde hace dos años. El lunes, Google difundió un punto débil en el sistema de cifrado que utiliza para sus conexiones seguras, llamado OpenSSL, que también ha afectado a gigantes como Yahoo y Amazon. Esta grieta, existente desde 2011 y descubierta en diciembre de 2013 por un técnico de Google, podría haber permitido a hackers robar contraseñas de los usuarios.

 

El problema afecta a las conexiones seguras, las que comienzan con “https” y aparecen en la barra de direcciones cuando el usuario introduce datos delicados, habitualmente contraseñas. El fallo ha sido bautizado en inglés como Heartbleed, o “corazón sangrante”, porque afecta a un tipo de intercambio de información en web, el Heartbeat (latido de corazón).

 

El agujero de seguridad está en el código fuente (los bloques de construcción que componen un programa informático) de las versiones 1.0.1 a 1.0.1f de OpenSSL. Ya existe una nueva versión lista para descargar que subsana el fallo: la 1.0.1g. Los internautas de las páginas que utilizan este código habrían sido potencialmente vulnerables desde 2011. Y si alguien hubiera accedido a información confidencial, no habría dejado rastro. Pero los expertos llaman a la calma porque no hay razones para suponer que la seguridad haya sido violada desde entonces.

 

Open SSL es un sistema de seguridad utilizado por algunas de las principales web que existen, y “entre el 50% y el 70%” de servidores según Igor Unanue, técnico de la empresa de seguridad S21SEC. Ricardo Galli, fundador de Menéame, rebaja los servidores afectados a unos 500.000. Es gratuito y funciona como una herramienta que las web utilizan para cifrar la información que intercambian con los usuarios individuales, para que esta no pueda ser robada por terceros.

 

Open SSL es un programa de código abierto. Es decir, supuestamente cualquier programador puede participar en la escritura de su ADN, aunque eso no quiere decir que lo pueda alterar a voluntad como los artículos de Wikipedia.

 

Lo usan desde Yahoo, Google, Facebook o Amazon, a la plataforma de juegos Steam, pasando por el software de conexión segura Tor. Potencialmente podría haber dejado sin cobertura de seguridad a millones de usuarios que almacenan los datos de sus tarjetas bancarias en páginas de pago, o que utilizan el e-mail o los mensajes instantáneos.


“Heartbleed”: La grave falla que amenaza la seguridad de los usuarios en Internet – BioBioChile

“Heartbleed”: La grave falla que amenaza la seguridad de los usuarios en Internet – BioBioChile.


Heartbleed.com

Heartbleed.com

Publicado por Gabriela Ulloa
Esta semana se dio a conocer un preocupante problema de seguridad web que afecta a dos tercios de Internet: se trata de un error (bug) llamado “Heartbleed”, el cual permite a cualquier cibercriminal con acceso a la red robar datos protegidos en un servidor.

Precisamente corresponde a una falla en OpenSSL, un software de encriptación de código abierto usado por cerca del 66% de los servidores existentes en Internet, y que podría poner en riesgo los datos sensibles de los usuarios como contraseñas, datos de tarjetas de créditos y correos electrónicos, entre otros.

Uno de los aspectos más críticos es que dicha tecnología está detrás de múltiples sitios HTTPS que recogen información personal o financiera, los cuales se identifican con el ícono de un pequeño candado ubicado en la barra de direcciones y que avisa a los cibernautas que sus datos están a salvo de los espías web.

Al respecto, se precisó que actualmente los cibercriminales pueden explotar el bug para acceder a los datos personales de los usuarios y a las contraseñas criptográficas de los sitios, con el fin de crear imitaciones de las páginas para engañar a quienes navegan.


Heartbleed: don't rush to update passwords, security experts warn | Technology | theguardian.com

Heartbleed: don’t rush to update passwords, security experts warn | Technology | theguardian.com.

The severity of the Heartbleed bug means that rushing to change passwords could backfire

 

 

The Heartbleed logo.
The Heartbleed logo. Photograph: Codenomicon

 

Internet security researchers say people should not rush to change their passwords after the discovery of a widespread “catastrophic” software flaw that could expose website user details to hackers.

The flaw, dubbed “Heartbleed”, could reveal anything which is currently being processed by a web server – including usernames, passwords and cryptographic keys being used inside the site. Those at risk include Deutsche Bank, Yahoo and its subsidiary sites Flickr and Tumblr, photo-sharing site Imgur, and the FBI.

About half a million sites worldwide are reckoned to be insecure. “Catastrophic is the right word,” commented Bruce Schneier, an independent security expert. “On the scale of 1 to 10, this is an 11.”

But suggestions by Yahoo and the BBC that people should change their passwords at once – the typical reaction to a security breach – could make the problem worse if the web server hasn’t been updated to fix the flaw, says Mark Schloesser, a security researcher with Rapid7, based in Atlanta, Georgia.

Doing so “could even increase the chance of somebody getting the new password through the vulnerability,” Schloesser said, because logging in to an insecure server to change a password could reveal both the old and new passwords to an attacker.


'Heartbleed': for hundreds of thousands of servers at risk around the world from catastrophic bug | Technology | theguardian.com

‘Heartbleed’: for hundreds of thousands of servers at risk around the world from catastrophic bug | Technology | theguardian.com.

Code error means that websites can leak user details including passwords through ‘heartbeat’ function used to secure connections

 

 

The Heartbleed logo
The Heartbleed logo. Photograph: /Codenomicon

 

Hundreds of thousands of web and email servers worldwide have a software flaw that lets attackers steal the cryptographic keys used to secure online commerce and web connections, experts say.

They could also leak personal information to hackers when people carry out searches or log into email.

The bug, called “Heartbleed”, affects web servers running a package called OpenSSL.

Among the systems confirmed to be affected are Imgur, OKCupid, Eventbrite, and the FBI’s website, all of which run affected versions of OpenSSL. Attacks using the vulnerability are already in the wild: one lets a hacker look at the cookies of the last person to visit an affected server, revealing personal information. Connections to Google are not vulnerable, researchers say.

SSL is the most common technology used to secure websites. Web servers that use it securely send an encryption key to the visitor; that is then used to protect all other information coming to and from the server.

It is crucial in protecting services like online shopping or banking from eavesdropping, as it renders users immune to so-called man in the middle attacks, where a third party intercepts both streams of traffic and uses them to discover confidential information.


Blackphone: el smartphone que quiere ser la pesadilla de los espías – BioBioChile

Blackphone: el smartphone que quiere ser la pesadilla de los espías – BioBioChile.


Visitas
Blackphone | Silent Circle

Blackphone | Silent Circle

Publicado por Denisse Charpentier | La Información es de Agencia AFP
Es negro, se parece a un teléfono inteligente cualquiera, pero el Blackphone tiene una cosa más: sus creadores prometen a sus propietarios que tendrán comunicaciones seguras, al amparo de los “grandes oídos” gubernamentales o de los piratas informáticos.

En pleno debate sobre la extensión de la vigilancia de los servicios de inteligencia estadounidenses, el lanzamiento del Blackphone, concebido por la firma estadounidense Silent Circle y la española Geeksphone, no se habría beneficiado de una mejor publicidad.

Pero el jefe de Silent Circle, Mike Janke, dice no haber buscado esa oportuna publicidad. Su empresa, explicó a la AFP, trabajaba sobre ese aparato desde mucho antes que el exconsultor de la agencia de inteligencia NSA Edward Snowden comenzará a divulgar documentos secretos acerca del espionaje estadounidense.

“Hicimos esto porque el problema de las comunicaciones seguras no estaba regulado”, señaló este exmiembro del cuerpo de élite de la marina estadounidense Navy Seal, quien se unió a compañeros de armas y expertos en criptografía de Silicon Valley para crear la empresa Silent Circle.

“Ofrecemos a los usuarios la posibilidad de comunicarse de manera encriptada a través de videos, textos o de llamadas orales sobre redes compatibles IP”, destacó Janke.

Su empresa no se estrena con el Blackphone. En el pasado colaboró con multinacionales y hasta con el gobierno de Tíbet en el exilio.

Las habilidades de Silent Circle han que hecho que “casi todos los grandes fabricantes de smartphones se volviesen hacia nosotros” para trabajar en un aparato seguro.


Twitter adds more security to thwart predators – and government agencies | Technology | The Observer

Twitter adds more security to thwart predators – and government agencies | Technology | The Observer.

Company joins Google and Facebook in using ‘perfect forward secrecy’ to protect data of its 218 million users
Lady Gaga

Lady Gaga has the third most followed Twitter account Photograph: Henry Lamb/Photowire/BEI/REX

Twitter has announced a significant increase in its data security as it moves to protect users from attacks by the “apex predators” of theinternet.

An internal team of security engineers has spent several months implementing “perfect forward secrecy”, which adds an extra layer of security to the widely used https encryption deployed by banks online, by retailers and, increasingly, consumer web services.

Google, Facebook, Dropbox and Tumblr have all implemented forward secrecy already, and LinkedIn is understood to be introducing it in 2014.

Users may not immediately notice any difference, other than a barely perceptible time lag as they use the service across desktop, mobile and through third-party services, but for Twitter the move asserts its credentials as a company fiercely protective of its users’ data.

That data includes not only messages that users choose to publish publicly, but also direct, private messages, protected tweets and data on what users say, who they comment on and who else they read. Collectively, large datasets, such as those of Twitter’s 218 million users, can be analysed to identify connections between people, locations and interests.

Announcing the new implementation, which has been running as a trial since 21 October, a detailed post on Twitter’s engineering blog encouraged other sites to “defend and protect the users’ voice” by implementing https and forward secrecy.


BitTorrent teases secure chat program | Technology | theguardian.com

BitTorrent teases secure chat program | Technology | theguardian.com.

The peer-to-peer software company is planning an encrypted chat service as demand for secure communications tools rises

 

 

A BitTorrent sticker.
BitTorrent is planning a secure P2P messaging service. Photograph: Anna Hanks/Flickr

 

BitTorrent, the company which maintains the popular peer-to-peer downloading protocol, has announced an entry into the world of secure communications.

 

With the launch of the alpha version of BitTorrent Private Chat, users are able to use a similar version of the distributed network that enables fast (and frequently illegal) downloads of large files in order to chat privately and securely.