This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 2.5 License.
This morning I received the following notice (read the PDF) from Wuala informing me that their secure storage will no longer be free come January 1, 2015. For those of you not familiar with Wuala, think Dropbox but with end-to-end trust-no-one encryption. Granted, for 5GB of space you need only pay $12/year so I’m thinking I’ll pay it. But there goes the one free secure Dropbox replacement that I was aware of.
Over the weekend I updated from Ubuntu 13.10 to 14.04 LTS and so far I’ve not noticed any significant differences. However, one of my Ubuntu machines is the headless home media server. To remote into that machine while on my internal network I’ve been using RealVNC, sans encryption, to manage the server. Trouble is, post the upgrade, RealVNC wouldn’t connect with an error along the lines of “you’re not using encryption – please use encryption.” Yeah, not something I really wanted to figure out. But after some hunting I found the Ubuntu bug report “Ubuntu 14.04 (Alpha Release) – VNC not working” which did have an answer. Basically:
That should do it.
The National Security Agency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents.
The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show.
Many users assume — or have been assured by Internet companies — that their data is safe from prying eyes, including those of the government, and the N.S.A. wants to keep it that way. The agency treats its recent successes in deciphering protected information as among its most closely guarded secrets, restricted to those cleared for a highly classified program code-named Bullrun, according to the documents, provided by Edward J. Snowden, the former N.S.A. contractor.
Beginning in 2000, as encryption tools were gradually blanketing the Web, the N.S.A. invested billions of dollars in a clandestine campaign to preserve its ability to eavesdrop. Having lost a public battle in the 1990s to insert its own “back door” in all encryption, it set out to accomplish the same goal by stealth.
The agency, according to the documents and interviews with industry officials, deployed custom-built, superfast computers to break codes, and began collaborating with technology companies in the United States and abroad to build entry points into their products. The documents do not identify which companies have participated.
The N.S.A. hacked into target computers to snare messages before they were encrypted. And the agency used its influence as the world’s most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world.
Read the full article @ ProPublica.
Pirate Bay founder Peter Sunde is working on a new messaging platform that will be impossible to spy on, even by the people who operate the network. Using end-to-end encryption in combination with a user-friendly interface, Heml.is hopes to cater to the demands of millions of privacy-concerned Internet users. “In this day and age we can’t do without encryption,” Sunde tells TorrentFreak.
Sunde and two friends are currently working hard on Heml.is (“secret” in Swedish), a spy-proof messaging App for both iOS and Android. Aside from its pretty looks, all messages will be encrypted so no one except the sender and recipient will be able to read their contents.
Read the full article @ TorrentFreak.com.
The PortableApps.com Carbide encrypted USB drive is the world’s most secure, easy to use flash drive. It uses PIN code access with military grade AES 256-bit hardware encryption. It does not require any software or drivers to be installed and is compatible with PC, MAC, Linux. Features:
8GB for $89.95, 16GB for $199.95, and 32GB for $149.95. Details at WorldsBestFlashDrive.com.
BitTorrent Inc. has opened up its Sync app to the public today. The new application is free of charge and allows people to securely sync folders to multiple devices using the BitTorrent protocol. Complete control over the storage location of the files and the absence of limits is what sets BitTorrent’s solution apart from traditional cloud based synchronization services.
Dropbox, Google Drive, Microsoft Skydrive and Mega are just a few examples of the many file-storage and backup services that are available today.
All these services rely on external cloud based hosting to back up and store files. This means that you have to trust these companies with your personal and confidential files, and that your storage space is limited.
For those people who want to be in control of their own data there haven’t been many alternatives, but BitTorrent Sync has the potential to trigger a small revolution on this front.
Read the full article on TorrentFreak.com.
Jeff Atwood over at Coding Horror has posted about something called Rainbow Tables. Now, I don’t want to turn this blog into a discussion of encryption so let me boil it down for you.
Windows passwords are stored in an encrypted format known as “hashes”. When you enter your password, Windows encrypts it for you and compares it to the stored hashed version. If it matches, you’re let in. If it doesn’t you’re not. There’s no way to decrypt the hashed version of your password in any reasonable amount of time, if at all, and is therefore considered a secure method of storage.
The problem now is that you can get a database of pre-hashed content. Known as rainbow tables, these are basically a table with just two columns, first column, a word (or other combination of letters) and in the second, the matching hash. Now, if you have a hash, you can look it up in the table and see what the original password is. In other words, it’s not decrypting the hash, its hashing all possible passwords in advance.
This is such a simple hack. So, why is it coming to light now. Well, the problem is large-scale portable storage. In the past, tables such as these were considered to big to bring to the computer you’re trying to hack. But these days, a 1GB flash drive would allow you to carry a rainbow table that covered all conceivable passwords between one an 14 characters in length, containing just English letters. Here’s Jeff’s chart showing example storage requirements:
If you’re suddenly not worried about a Rainbow Table measuring 64BG I’ve got a 500GB portable USB hard drive I’d like to show you.
Here’s the bottom line, in Jeff’s example, the password “Fgpyyih804423” (one that’s probably a hell of a lot stronger than any password you use) was broken in just 160 seconds using a rainbow table.