2015: Guess Who Wasn’t Invited to the CIA’s Hacker Jamboree?

Apple, that’s who. Or Microsoft, or any of the other vendors whose products US government contractors have successfully exploited according to a recent report in the Intercept. While we’re not surprised that the Intelligence Community is actively attempting to develop new spycraft tools and capabilities—that’s their job—we expect them to follow the administration’s rules of engagement. Those rules require an evaluation under what’s known as the “Vulnerabilities Equities Process.” In the White House’s own words , the process should usually result in disclosing software vulnerabilities to vendors, because “in the majority of cases, responsibly disclosing a newly discovered vulnerability is clearly in the national interest.” Nevertheless, the Intercept article describes an annual CIA conference known as the Trusted Computing Base (TCB) Jamboree 1 at which members of the intelligence community present extensively on software vulnerabilities and exploits to be used in spying operations. At the 2012 TCB Jamboree, presenters […] Read More

2014: WhatsApp Works To Achieve Greater User Privacy By Encrypting Messages

More than 500 million people are using the WhatsApp Android application now. the most widely used instant messaging service in the world announced that it has started encrypting messages in order to protect its users from hackers, says Open Whisper Systems, a software development group associated with the company. Last Tuesday, WhatsApp declared that it is out, performing end-to-end encryption, an upgrade to its privacy protections that make it nearly impossible for anyone to read users’ messages—even the company itself, WhatsApp claims it will not be able to decrypt any messages even if it is asked to do so by the authorities. This will be achieved via TextSecure protocol, which scrambles messages with a cryptographic key that only the user can access and never leaves his or her device. That’s why end-to-end encryption is so hard to break. WhatsApp, which became a Facebook subsidiary, will use an encryption system […] Read More

2014: 5 Reasons To Question Apple’s Data Security

Submitted by Mike Krieger of Liberty Blitzkrieg blog, I’m the furthest thing in the world from a technology or security expert, but what I have learned in recent years is that a dedicated, sophisticated and well funded hacker can pretty much own your data no matter how many precautions you take. Nevertheless, the major technology companies on the planet shouldn’t go out of their way to make this as easy as possible. In the wake of the theft of private images from several prominent celebrities, many people are rightly wondering whether how vulnerable their data is. The answer appears to be “very,” and if you use Apple, the following article from Slate may leave you seething with a sense of anger and betrayal. David Auerbach wrote the following for Slate. Read it and weep: >In the wake of the theft of the private data and photos of dozens of celebrities, there […] Read More

2013: Google & Microsoft Hire Hackers To Identify Software Vulnerabilities

By Susanne Posel Occupy Corporatism Thanks to HackerOne , rewards will be given to hackers who can identify software vulnerabilities for programmers to overcome. Microsoft and Google have come together to fund this project. These “bug bounties” will not be tied to a specific technology. Criteria for a bounty exposing cheese holes in software include the widespread and severity of the compromise. First a hacker must crack Chrome, Internet Explorer 10 EPM, Adobe Reader, and Adobe Flash. Programs of interest include: • PHP • Open SSL • Ruby • Apache Google’s bounty program has been running for several years and paid out an estimated $2 million to hackers under the Chromium and Google Web Vulnerability Reward Programs (CGW-VRP). Microsoft has their own bounty program that has poured out $128,000 to hackers for uncovering issues with Windows 8.1. Facebook has invested $1.5 million for research into bounties and have hired full-time employees to ensure bugs are exposed and security […] Read More