Group items tagged

Let's say you have two hosts, somewhere out on the Internet: Maybe dedicated servers, maybe Amazon EC2 or Rackspace instances, maybe a mix of the above. Now assume it's your job to provide secure, encrypted connectivity between two services running on those hosts. If those services do not use an encrypted protocol by themselves - such as non-SSL capable SMTP mail servers - then the standard answer has always been: "Use stunnel or OpenVPN!". While both of those are good, cross-platform solutions which can forward unsecure traffic over an encrypted tunnel, I believe that they come not only with administrative overhead, but also introduce a significant performance hit. I believe that there are now solutions that are easier to use, more flexible and most importantly, deliver much better performance. In this article, I will compare stunnel performance  characteristics with vCider's virtual private network solution (sign up for use with up to 8 nodes is free). You will see that vCider not only offers more flexibility and is easier to use, but also provides significantly better network performance and reduced CPU load. For my test, I have created two Ubuntu instances on Rackspace. Please note that both stunnel as well as vCider can work across network and cloud provider boundaries.

Scientists at The Scripps Research Institute in California and the Technion - Israel Institute of Technology - have developed a "biological computer" made entirely from biomolecules that is capable of deciphering images encrypted on DNA chips.

"Wikipedia founder Jimmy Wales has spoken out against the Draft Communications Bill, the UK government plans to monitor and store all digital communications, dubbed the "Snooper's Charter". In case Draft Communications Data Bill becomes the law, the US entrepreneur has promised to encrypt all connections between Wikipedia servers and the UK, effectively reducing the government's ability to snoop on use of Wikipedia. Wales was speaking to a  joint committee tasked with scrutinising the proposed Communications Bill before it is debated in the House of Commons."

A flyer designed by the FBI and the Department of Justice to promote suspicious activity reporting in internet cafes lists basic tools used for online privacy as potential signs of terrorist activity.  The document, part of a program called "Communities Against Terrorism", lists the use of "anonymizers, portals, or other means to shield IP address" as a sign that a person could be engaged in or supporting terrorist activity.  The use of encryption is also listed as a suspicious activity along with steganography, the practice of using "software to hide encrypted data in digital photos" or other media.  In fact, the flyer recommends that anyone "overly concerned about privacy" or attempting to "shield the screen from view of others" should be considered suspicious and potentially engaged in terrorist activities.

Android applications downloaded by as many as 185 million users can expose end users' online banking and social networking credentials, e-mail and instant-messaging contents because the programs use inadequate encryption protections, computer scientists have found. The researchers identified 41 applications in Google's Play Market that leaked sensitive data as it traveled between handsets running the Ice Cream Sandwich version of Android and webservers for banks and other online services. By connecting the devices to a local area network that used a variety of well-known exploits, some of them available online, the scientists were able to defeat the secure sockets layer and transport layer security protocols implemented by the apps. Their research paper didn't identify the programs, except to say they have been downloaded from 39.5 million and 185 million times, based on Google statistics.

Last week, the Iranian government apparently started a new censorship program that blocks encrypted Internet traffic. Even Iranians who had taken steps to evade government firewalls were being stymied-and the immediate impact can be seen in usage of the Tor network.