Skip to main content

Home/ Future of the Web/ Group items tagged to laptop

Rss Feed Group items tagged

Alexandra IcecreamApps

Things to Consider When Buying a Laptop - Icecream Tech Digest - 0 views

  •  
    Modern laptops have plenty of advantages compared to stationary PCs: they are portable, they don’t occupy the whole table in a room thanks to a much smaller size, plus today’s laptops can be as powerful as PCs. Due to constant … Continue reading →
  •  
    Modern laptops have plenty of advantages compared to stationary PCs: they are portable, they don’t occupy the whole table in a room thanks to a much smaller size, plus today’s laptops can be as powerful as PCs. Due to constant … Continue reading →
Paul Merrell

Cy Vance's Proposal to Backdoor Encrypted Devices Is Riddled With Vulnerabilities | Jus... - 0 views

  • Less than a week after the attacks in Paris — while the public and policymakers were still reeling, and the investigation had barely gotten off the ground — Cy Vance, Manhattan’s District Attorney, released a policy paper calling for legislation requiring companies to provide the government with backdoor access to their smartphones and other mobile devices. This is the first concrete proposal of this type since September 2014, when FBI Director James Comey reignited the “Crypto Wars” in response to Apple’s and Google’s decisions to use default encryption on their smartphones. Though Comey seized on Apple’s and Google’s decisions to encrypt their devices by default, his concerns are primarily related to end-to-end encryption, which protects communications that are in transit. Vance’s proposal, on the other hand, is only concerned with device encryption, which protects data stored on phones. It is still unclear whether encryption played any role in the Paris attacks, though we do know that the attackers were using unencrypted SMS text messages on the night of the attack, and that some of them were even known to intelligence agencies and had previously been under surveillance. But regardless of whether encryption was used at some point during the planning of the attacks, as I lay out below, prohibiting companies from selling encrypted devices would not prevent criminals or terrorists from being able to access unbreakable encryption. Vance’s primary complaint is that Apple’s and Google’s decisions to provide their customers with more secure devices through encryption interferes with criminal investigations. He claims encryption prevents law enforcement from accessing stored data like iMessages, photos and videos, Internet search histories, and third party app data. He makes several arguments to justify his proposal to build backdoors into encrypted smartphones, but none of them hold water.
  • Before addressing the major privacy, security, and implementation concerns that his proposal raises, it is worth noting that while an increase in use of fully encrypted devices could interfere with some law enforcement investigations, it will help prevent far more crimes — especially smartphone theft, and the consequent potential for identity theft. According to Consumer Reports, in 2014 there were more than two million victims of smartphone theft, and nearly two-thirds of all smartphone users either took no steps to secure their phones or their data or failed to implement passcode access for their phones. Default encryption could reduce instances of theft because perpetrators would no longer be able to break into the phone to steal the data.
  • Vance argues that creating a weakness in encryption to allow law enforcement to access data stored on devices does not raise serious concerns for security and privacy, since in order to exploit the vulnerability one would need access to the actual device. He considers this an acceptable risk, claiming it would not be the same as creating a widespread vulnerability in encryption protecting communications in transit (like emails), and that it would be cheap and easy for companies to implement. But Vance seems to be underestimating the risks involved with his plan. It is increasingly important that smartphones and other devices are protected by the strongest encryption possible. Our devices and the apps on them contain astonishing amounts of personal information, so much that an unprecedented level of harm could be caused if a smartphone or device with an exploitable vulnerability is stolen, not least in the forms of identity fraud and credit card theft. We bank on our phones, and have access to credit card payments with services like Apple Pay. Our contact lists are stored on our phones, including phone numbers, emails, social media accounts, and addresses. Passwords are often stored on people’s phones. And phones and apps are often full of personal details about their lives, from food diaries to logs of favorite places to personal photographs. Symantec conducted a study, where the company spread 50 “lost” phones in public to see what people who picked up the phones would do with them. The company found that 95 percent of those people tried to access the phone, and while nearly 90 percent tried to access private information stored on the phone or in other private accounts such as banking services and email, only 50 percent attempted contacting the owner.
  • ...8 more annotations...
  • Vance attempts to downplay this serious risk by asserting that anyone can use the “Find My Phone” or Android Device Manager services that allow owners to delete the data on their phones if stolen. However, this does not stand up to scrutiny. These services are effective only when an owner realizes their phone is missing and can take swift action on another computer or device. This delay ensures some period of vulnerability. Encryption, on the other hand, protects everyone immediately and always. Additionally, Vance argues that it is safer to build backdoors into encrypted devices than it is to do so for encrypted communications in transit. It is true that there is a difference in the threats posed by the two types of encryption backdoors that are being debated. However, some manner of widespread vulnerability will inevitably result from a backdoor to encrypted devices. Indeed, the NSA and GCHQ reportedly hacked into a database to obtain cell phone SIM card encryption keys in order defeat the security protecting users’ communications and activities and to conduct surveillance. Clearly, the reality is that the threat of such a breach, whether from a hacker or a nation state actor, is very real. Even if companies go the extra mile and create a different means of access for every phone, such as a separate access key for each phone, significant vulnerabilities will be created. It would still be possible for a malicious actor to gain access to the database containing those keys, which would enable them to defeat the encryption on any smartphone they took possession of. Additionally, the cost of implementation and maintenance of such a complex system could be high.
  • Privacy is another concern that Vance dismisses too easily. Despite Vance’s arguments otherwise, building backdoors into device encryption undermines privacy. Our government does not impose a similar requirement in any other context. Police can enter homes with warrants, but there is no requirement that people record their conversations and interactions just in case they someday become useful in an investigation. The conversations that we once had through disposable letters and in-person conversations now happen over the Internet and on phones. Just because the medium has changed does not mean our right to privacy has.
  • In addition to his weak reasoning for why it would be feasible to create backdoors to encrypted devices without creating undue security risks or harming privacy, Vance makes several flawed policy-based arguments in favor of his proposal. He argues that criminals benefit from devices that are protected by strong encryption. That may be true, but strong encryption is also a critical tool used by billions of average people around the world every day to protect their transactions, communications, and private information. Lawyers, doctors, and journalists rely on encryption to protect their clients, patients, and sources. Government officials, from the President to the directors of the NSA and FBI, and members of Congress, depend on strong encryption for cybersecurity and data security. There are far more innocent Americans who benefit from strong encryption than there are criminals who exploit it. Encryption is also essential to our economy. Device manufacturers could suffer major economic losses if they are prohibited from competing with foreign manufacturers who offer more secure devices. Encryption also protects major companies from corporate and nation-state espionage. As more daily business activities are done on smartphones and other devices, they may now hold highly proprietary or sensitive information. Those devices could be targeted even more than they are now if all that has to be done to access that information is to steal an employee’s smartphone and exploit a vulnerability the manufacturer was required to create.
  • Vance also suggests that the US would be justified in creating such a requirement since other Western nations are contemplating requiring encryption backdoors as well. Regardless of whether other countries are debating similar proposals, we cannot afford a race to the bottom on cybersecurity. Heads of the intelligence community regularly warn that cybersecurity is the top threat to our national security. Strong encryption is our best defense against cyber threats, and following in the footsteps of other countries by weakening that critical tool would do incalculable harm. Furthermore, even if the US or other countries did implement such a proposal, criminals could gain access to devices with strong encryption through the black market. Thus, only innocent people would be negatively affected, and some of those innocent people might even become criminals simply by trying to protect their privacy by securing their data and devices. Finally, Vance argues that David Kaye, UN Special Rapporteur for Freedom of Expression and Opinion, supported the idea that court-ordered decryption doesn’t violate human rights, provided certain criteria are met, in his report on the topic. However, in the context of Vance’s proposal, this seems to conflate the concepts of court-ordered decryption and of government-mandated encryption backdoors. The Kaye report was unequivocal about the importance of encryption for free speech and human rights. The report concluded that:
  • States should promote strong encryption and anonymity. National laws should recognize that individuals are free to protect the privacy of their digital communications by using encryption technology and tools that allow anonymity online. … States should not restrict encryption and anonymity, which facilitate and often enable the rights to freedom of opinion and expression. Blanket prohibitions fail to be necessary and proportionate. States should avoid all measures that weaken the security that individuals may enjoy online, such as backdoors, weak encryption standards and key escrows. Additionally, the group of intelligence experts that was hand-picked by the President to issue a report and recommendations on surveillance and technology, concluded that: [R]egarding encryption, the U.S. Government should: (1) fully support and not undermine efforts to create encryption standards; (2) not in any way subvert, undermine, weaken, or make vulnerable generally available commercial software; and (3) increase the use of encryption and urge US companies to do so, in order to better protect data in transit, at rest, in the cloud, and in other storage.
  • The clear consensus among human rights experts and several high-ranking intelligence experts, including the former directors of the NSA, Office of the Director of National Intelligence, and DHS, is that mandating encryption backdoors is dangerous. Unaddressed Concerns: Preventing Encrypted Devices from Entering the US and the Slippery Slope In addition to the significant faults in Vance’s arguments in favor of his proposal, he fails to address the question of how such a restriction would be effectively implemented. There is no effective mechanism for preventing code from becoming available for download online, even if it is illegal. One critical issue the Vance proposal fails to address is how the government would prevent, or even identify, encrypted smartphones when individuals bring them into the United States. DHS would have to train customs agents to search the contents of every person’s phone in order to identify whether it is encrypted, and then confiscate the phones that are. Legal and policy considerations aside, this kind of policy is, at the very least, impractical. Preventing strong encryption from entering the US is not like preventing guns or drugs from entering the country — encrypted phones aren’t immediately obvious as is contraband. Millions of people use encrypted devices, and tens of millions more devices are shipped to and sold in the US each year.
  • Finally, there is a real concern that if Vance’s proposal were accepted, it would be the first step down a slippery slope. Right now, his proposal only calls for access to smartphones and devices running mobile operating systems. While this policy in and of itself would cover a number of commonplace devices, it may eventually be expanded to cover laptop and desktop computers, as well as communications in transit. The expansion of this kind of policy is even more worrisome when taking into account the speed at which technology evolves and becomes widely adopted. Ten years ago, the iPhone did not even exist. Who is to say what technology will be commonplace in 10 or 20 years that is not even around today. There is a very real question about how far law enforcement will go to gain access to information. Things that once seemed like merely science fiction, such as wearable technology and artificial intelligence that could be implanted in and work with the human nervous system, are now available. If and when there comes a time when our “smart phone” is not really a device at all, but is rather an implant, surely we would not grant law enforcement access to our minds.
  • Policymakers should dismiss Vance’s proposal to prohibit the use of strong encryption to protect our smartphones and devices in order to ensure law enforcement access. Undermining encryption, regardless of whether it is protecting data in transit or at rest, would take us down a dangerous and harmful path. Instead, law enforcement and the intelligence community should be working to alter their skills and tactics in a fast-evolving technological world so that they are not so dependent on information that will increasingly be protected by encryption.
Paul Merrell

NSA Spying Inspires ProtonMail 'End-to-End' Encrypted Email Service | NDTV Gadgets - 0 views

  • ne new email service promising "end-to-end" encryption launched on Friday, and others are being developed while major services such as Google Gmail and Yahoo Mail have stepped up security measures.A major catalyst for email encryption were revelations about widespread online surveillance in documents leaked by Edward Snowden, the former National Security Agency contractor."A lot of people were upset with those revelations, and that coalesced into this effort," said Jason Stockman, a co-developer of ProtonMail, a new encrypted email service which launched Friday with collaboration of scientists from Harvard, the Massachusetts Institute of Technology and the European research lab CERN.Stockman said ProtonMail aims to be as user-friendly as the major commercial services, but with extra security, and with its servers located in Switzerland to make it more difficult for US law enforcement to access.
  • "Our vision is to make encryption and privacy mainstream by making it easy to use," Stockman told AFP. "There's no installation. Everything happens behind the scenes automatically."Even though email encryption using special codes or keys, a system known as PGP, has been around for two decades, "it was so complicated," and did not gain widespread adoption, Stockman said.After testing over the past few months, ProtonMail went public Friday using a "freemium" model a basic account will be free with some added features for a paid account.
  • As our users from China, Iran, Russia, and other countries around the world have shown us in the past months, ProtonMail is an important tool for freedom of speech and we are happy to finally be able to provide this to the whole world," the company said in a blog post.Google and Yahoo recently announced efforts to encrypt their email communications, but some specialists say the effort falls short."These big companies don't want to encrypt your stuff because they spy on you, too," said Bruce Schneier, a well-known cryptographer and author who is chief technology officer for CO3 Systems."Hopefully, the NSA debate is creating incentives for people to build more encryption."Stockman said that with services like Gmail, even if data is encrypted, "they have the key right next to it if you have the key and lock next to each other, so it's pretty much useless."
  • ...3 more annotations...
  • By locating in Switzerland, ProtonMail hopes to avoid the legal woes of services like Lavabit widely believed to be used by Snowden which shut down rather than hand over data to the US government, and which now faces a contempt of court order.Even if a Swiss court ordered data to be turned over, Stockman said, "we would hand over piles of encrypted data. We don't have a key. We never see the password."
  • Lavabit founder Ladar Levison meanwhile hopes to launch a new service with other developers in a coalition known as the "Dark Mail Alliance."Levison told AFP he hopes to have a new encrypted email system in testing within a few months and widely available later this year."The goal is to make it ubiquitous, so people don't have to turn it on," he said.But he added that the technical hurdles are formidable, because the more user-friendly the system becomes, "the more susceptible it is to a sophisticated attacker with fake or spoofed key information."Levison said he hopes Dark Mail will become a new open standard that can be adopted by other email services.
  • on Callas, a cryptographer who developed the PGP standard and later co-founded the secure communications firm Silent Circle, cited challenges in making a system that is both secure and ubiquitous."If you are a bank you have to have an email system that complies with banking regulations," Callas told AFP, which could allow, for example, certain emails to be subject to regulatory or court review."Many of the services on the Internet started with zero security. We want to start with a system that is totally secure and let people dial it down."The new email system would complement Silent Circle's existing secure messaging system and encrypted mobile phone, which was launched earlier this year."If we start competing for customers on the basis of maximum privacy, that's good for everybody," Callas said.
  •  
    They're already so swamped that you have to reserve your user name and wait for an invite. They say they have to add servers. Web site is at https://protonmail.ch/ "ProtonMail works on all devices, including desktops, laptops, tablets, and smartphones. It's as simple as visiting our site and logging in. There are no plugins or apps to install - simply use your favorite web browser." "ProtonMail works on all devices, including desktops, laptops, tablets, and smartphones.
Gonzalo San Gil, PhD.

5 Ways to Repurpose an Old PC with Open Source Software - 1 views

  •  
    "Most small businesses refresh their desktops and laptops every three to five years, but that process brings up a thorny question: What should you do with the old equipment? Answer: learn how to repurpose old PCs and laptops."
  •  
    "Most small businesses refresh their desktops and laptops every three to five years, but that process brings up a thorny question: What should you do with the old equipment? Answer: learn how to repurpose old PCs and laptops."
Paul Merrell

He Was a Hacker for the NSA and He Was Willing to Talk. I Was Willing to Listen. - 2 views

  • he message arrived at night and consisted of three words: “Good evening sir!” The sender was a hacker who had written a series of provocative memos at the National Security Agency. His secret memos had explained — with an earthy use of slang and emojis that was unusual for an operative of the largest eavesdropping organization in the world — how the NSA breaks into the digital accounts of people who manage computer networks, and how it tries to unmask people who use Tor to browse the web anonymously. Outlining some of the NSA’s most sensitive activities, the memos were leaked by Edward Snowden, and I had written about a few of them for The Intercept. There is no Miss Manners for exchanging pleasantries with a man the government has trained to be the digital equivalent of a Navy SEAL. Though I had initiated the contact, I was wary of how he might respond. The hacker had publicly expressed a visceral dislike for Snowden and had accused The Intercept of jeopardizing lives by publishing classified information. One of his memos outlined the ways the NSA reroutes (or “shapes”) the internet traffic of entire countries, and another memo was titled “I Hunt Sysadmins.” I felt sure he could hack anyone’s computer, including mine. Good evening sir!
  • The sender was a hacker who had written a series of provocative memos at the National Security Agency. His secret memos had explained — with an earthy use of slang and emojis that was unusual for an operative of the largest eavesdropping organization in the world — how the NSA breaks into the digital accounts of people who manage computer networks, and how it tries to unmask people who use Tor to browse the web anonymously. Outlining some of the NSA’s most sensitive activities, the memos were leaked by Edward Snowden, and I had written about a few of them for The Intercept. There is no Miss Manners for exchanging pleasantries with a man the government has trained to be the digital equivalent of a Navy SEAL. Though I had initiated the contact, I was wary of how he might respond. The hacker had publicly expressed a visceral dislike for Snowden and had accused The Intercept of jeopardizing lives by publishing classified information. One of his memos outlined the ways the NSA reroutes (or “shapes”) the internet traffic of entire countries, and another memo was titled “I Hunt Sysadmins.” I felt sure he could hack anyone’s computer, including mine.
  • I got lucky with the hacker, because he recently left the agency for the cybersecurity industry; it would be his choice to talk, not the NSA’s. Fortunately, speaking out is his second nature.
  • ...7 more annotations...
  • He agreed to a video chat that turned into a three-hour discussion sprawling from the ethics of surveillance to the downsides of home improvements and the difficulty of securing your laptop.
  • In recent years, two developments have helped make hacking for the government a lot more attractive than hacking for yourself. First, the Department of Justice has cracked down on freelance hacking, whether it be altruistic or malignant. If the DOJ doesn’t like the way you hack, you are going to jail. Meanwhile, hackers have been warmly invited to deploy their transgressive impulses in service to the homeland, because the NSA and other federal agencies have turned themselves into licensed hives of breaking into other people’s computers. For many, it’s a techno sandbox of irresistible delights, according to Gabriella Coleman, a professor at McGill University who studies hackers. “The NSA is a very exciting place for hackers because you have unlimited resources, you have some of the best talent in the world, whether it’s cryptographers or mathematicians or hackers,” she said. “It is just too intellectually exciting not to go there.”
  • The Lamb’s memos on cool ways to hunt sysadmins triggered a strong reaction when I wrote about them in 2014 with my colleague Ryan Gallagher. The memos explained how the NSA tracks down the email and Facebook accounts of systems administrators who oversee computer networks. After plundering their accounts, the NSA can impersonate the admins to get into their computer networks and pilfer the data flowing through them. As the Lamb wrote, “sys admins generally are not my end target. My end target is the extremist/terrorist or government official that happens to be using the network … who better to target than the person that already has the ‘keys to the kingdom’?” Another of his NSA memos, “Network Shaping 101,” used Yemen as a theoretical case study for secretly redirecting the entirety of a country’s internet traffic to NSA servers.
  • “If I turn the tables on you,” I asked the Lamb, “and say, OK, you’re a target for all kinds of people for all kinds of reasons. How do you feel about being a target and that kind of justification being used to justify getting all of your credentials and the keys to your kingdom?” The Lamb smiled. “There is no real safe, sacred ground on the internet,” he replied. “Whatever you do on the internet is an attack surface of some sort and is just something that you live with. Any time that I do something on the internet, yeah, that is on the back of my mind. Anyone from a script kiddie to some random hacker to some other foreign intelligence service, each with their different capabilities — what could they be doing to me?”
  • “You know, the situation is what it is,” he said. “There are protocols that were designed years ago before anybody had any care about security, because when they were developed, nobody was foreseeing that they would be taken advantage of. … A lot of people on the internet seem to approach the problem [with the attitude of] ‘I’m just going to walk naked outside of my house and hope that nobody looks at me.’ From a security perspective, is that a good way to go about thinking? No, horrible … There are good ways to be more secure on the internet. But do most people use Tor? No. Do most people use Signal? No. Do most people use insecure things that most people can hack? Yes. Is that a bash against the intelligence community that people use stuff that’s easily exploitable? That’s a hard argument for me to make.”
  • I mentioned that lots of people, including Snowden, are now working on the problem of how to make the internet more secure, yet he seemed to do the opposite at the NSA by trying to find ways to track and identify people who use Tor and other anonymizers. Would he consider working on the other side of things? He wouldn’t rule it out, he said, but dismally suggested the game was over as far as having a liberating and safe internet, because our laptops and smartphones will betray us no matter what we do with them. “There’s the old adage that the only secure computer is one that is turned off, buried in a box ten feet underground, and never turned on,” he said. “From a user perspective, someone trying to find holes by day and then just live on the internet by night, there’s the expectation [that] if somebody wants to have access to your computer bad enough, they’re going to get it. Whether that’s an intelligence agency or a cybercrimes syndicate, whoever that is, it’s probably going to happen.”
  • There are precautions one can take, and I did that with the Lamb. When we had our video chat, I used a computer that had been wiped clean of everything except its operating system and essential applications. Afterward, it was wiped clean again. My concern was that the Lamb might use the session to obtain data from or about the computer I was using; there are a lot of things he might have tried, if he was in a scheming mood. At the end of our three hours together, I mentioned to him that I had taken these precautions—and he approved. “That’s fair,” he said. “I’m glad you have that appreciation. … From a perspective of a journalist who has access to classified information, it would be remiss to think you’re not a target of foreign intelligence services.” He was telling me the U.S. government should be the least of my worries. He was trying to help me. Documents published with this article: Tracking Targets Through Proxies & Anonymizers Network Shaping 101 Shaping Diagram I Hunt Sys Admins (first published in 2014)
Paul Merrell

Edward Snowden Explains How To Reclaim Your Privacy - 0 views

  • Micah Lee: What are some operational security practices you think everyone should adopt? Just useful stuff for average people. Edward Snowden: [Opsec] is important even if you’re not worried about the NSA. Because when you think about who the victims of surveillance are, on a day-to-day basis, you’re thinking about people who are in abusive spousal relationships, you’re thinking about people who are concerned about stalkers, you’re thinking about children who are concerned about their parents overhearing things. It’s to reclaim a level of privacy. The first step that anyone could take is to encrypt their phone calls and their text messages. You can do that through the smartphone app Signal, by Open Whisper Systems. It’s free, and you can just download it immediately. And anybody you’re talking to now, their communications, if it’s intercepted, can’t be read by adversaries. [Signal is available for iOS and Android, and, unlike a lot of security tools, is very easy to use.] You should encrypt your hard disk, so that if your computer is stolen the information isn’t obtainable to an adversary — pictures, where you live, where you work, where your kids are, where you go to school. [I’ve written a guide to encrypting your disk on Windows, Mac, and Linux.] Use a password manager. One of the main things that gets people’s private information exposed, not necessarily to the most powerful adversaries, but to the most common ones, are data dumps. Your credentials may be revealed because some service you stopped using in 2007 gets hacked, and your password that you were using for that one site also works for your Gmail account. A password manager allows you to create unique passwords for every site that are unbreakable, but you don’t have the burden of memorizing them. [The password manager KeePassX is free, open source, cross-platform, and never stores anything in the cloud.]
  • The other thing there is two-factor authentication. The value of this is if someone does steal your password, or it’s left or exposed somewhere … [two-factor authentication] allows the provider to send you a secondary means of authentication — a text message or something like that. [If you enable two-factor authentication, an attacker needs both your password as the first factor and a physical device, like your phone, as your second factor, to login to your account. Gmail, Facebook, Twitter, Dropbox, GitHub, Battle.net, and tons of other services all support two-factor authentication.]
  • We should armor ourselves using systems we can rely on every day. This doesn’t need to be an extraordinary lifestyle change. It doesn’t have to be something that is disruptive. It should be invisible, it should be atmospheric, it should be something that happens painlessly, effortlessly. This is why I like apps like Signal, because they’re low friction. It doesn’t require you to re-order your life. It doesn’t require you to change your method of communications. You can use it right now to talk to your friends.
  • ...4 more annotations...
  • Lee: What do you think about Tor? Do you think that everyone should be familiar with it, or do you think that it’s only a use-it-if-you-need-it thing? Snowden: I think Tor is the most important privacy-enhancing technology project being used today. I use Tor personally all the time. We know it works from at least one anecdotal case that’s fairly familiar to most people at this point. That’s not to say that Tor is bulletproof. What Tor does is it provides a measure of security and allows you to disassociate your physical location. … But the basic idea, the concept of Tor that is so valuable, is that it’s run by volunteers. Anyone can create a new node on the network, whether it’s an entry node, a middle router, or an exit point, on the basis of their willingness to accept some risk. The voluntary nature of this network means that it is survivable, it’s resistant, it’s flexible. [Tor Browser is a great way to selectively use Tor to look something up and not leave a trace that you did it. It can also help bypass censorship when you’re on a network where certain sites are blocked. If you want to get more involved, you can volunteer to run your own Tor node, as I do, and support the diversity of the Tor network.]
  • Lee: So that is all stuff that everybody should be doing. What about people who have exceptional threat models, like future intelligence-community whistleblowers, and other people who have nation-state adversaries? Maybe journalists, in some cases, or activists, or people like that? Snowden: So the first answer is that you can’t learn this from a single article. The needs of every individual in a high-risk environment are different. And the capabilities of the adversary are constantly improving. The tooling changes as well. What really matters is to be conscious of the principles of compromise. How can the adversary, in general, gain access to information that is sensitive to you? What kinds of things do you need to protect? Because of course you don’t need to hide everything from the adversary. You don’t need to live a paranoid life, off the grid, in hiding, in the woods in Montana. What we do need to protect are the facts of our activities, our beliefs, and our lives that could be used against us in manners that are contrary to our interests. So when we think about this for whistleblowers, for example, if you witnessed some kind of wrongdoing and you need to reveal this information, and you believe there are people that want to interfere with that, you need to think about how to compartmentalize that.
  • Tell no one who doesn’t need to know. [Lindsay Mills, Snowden’s girlfriend of several years, didn’t know that he had been collecting documents to leak to journalists until she heard about it on the news, like everyone else.] When we talk about whistleblowers and what to do, you want to think about tools for protecting your identity, protecting the existence of the relationship from any type of conventional communication system. You want to use something like SecureDrop, over the Tor network, so there is no connection between the computer that you are using at the time — preferably with a non-persistent operating system like Tails, so you’ve left no forensic trace on the machine you’re using, which hopefully is a disposable machine that you can get rid of afterward, that can’t be found in a raid, that can’t be analyzed or anything like that — so that the only outcome of your operational activities are the stories reported by the journalists. [SecureDrop is a whistleblower submission system. Here is a guide to using The Intercept’s SecureDrop server as safely as possible.]
  • And this is to be sure that whoever has been engaging in this wrongdoing cannot distract from the controversy by pointing to your physical identity. Instead they have to deal with the facts of the controversy rather than the actors that are involved in it. Lee: What about for people who are, like, in a repressive regime and are trying to … Snowden: Use Tor. Lee: Use Tor? Snowden: If you’re not using Tor you’re doing it wrong. Now, there is a counterpoint here where the use of privacy-enhancing technologies in certain areas can actually single you out for additional surveillance through the exercise of repressive measures. This is why it’s so critical for developers who are working on security-enhancing tools to not make their protocols stand out.
  •  
    Lots more in the interview that I didn't highlight. This is a must-read.
Gary Edwards

Windows XP: How end of support sparked one organisation's shift from Microsoft | ZDNet - 1 views

  •  
    Good story of how a UK Company responded to Microsoft's announcement if XP end of life. After examining many alternatives, they settled on a ChromeBook-ChromeBox - Citrix solution. Most of the existing desktop hardware was repurposed as ChromeTops running Chrome Browser apps and Citrix XenDesktop for legacy data apps. excerpt/intro: "There are the XP diehards, and the Windows 7 and 8 migrators. But in a world facing up to the end of Windows XP support, one UK organisation belongs to another significant group - those breaking with Microsoft as their principal OS provider. Microsoft's end of routine security patching and software updates on 8 April helped push the London borough of Barking and Dagenham to a decision it might otherwise not have taken over the fate of its 3,500 Windows XP desktops and 800 laptops. "They were beginning to creak but they would have gone on for a while. It's fair to say if XP wasn't going out of life, we probably wouldn't be doing this now," Barking and Dagenham general manager IT Sheyne Lucock said. Around one-eighth of corporate Windows XP users are moving away from Microsoft, according to recent Tech Pro Research. Lucock said it had become clear that the local authority was locked into a regular Windows operating system refresh cycle that it could no longer afford. "If we just replaced all the Windows desktops with newer versions running a newer version of Windows, four years later we would have to do the same again and so on," he said. "So there was an inclination to try and do something different - especially as we know that with all the budget challenges that local government is going to be faced with, we're going to have to halve the cost of our ICT service over the next five years." Barking and Dagenham outsourced its IT in December 2010 to Elevate East London, which is a joint-venture between the council and services firm Agilisys. Lucock and systems architect Rupert Hay-Campbell are responsible for strategy, policy
  •  
    Meanwhile, some organizations missed the end of life deadline and are now paying Microsoft for extended support. E.g., the U.S. Internal Revenue Service, which is still running 58,000 desktops on WinXP. http://arstechnica.com/information-technology/2014/04/irs-another-windows-xp-laggard-will-pay-microsoft-for-patches/
Paul Merrell

Federal Court Rules Suspicionless Searches of Travelers' Phones and Laptops Unconstitut... - 1 views

  • n a major victory for privacy rights at the border, a federal court in Boston ruled today that suspicionless searches of travelers’ electronic devices by federal agents at airports and other U.S. ports of entry are unconstitutional. The ruling came in a lawsuit, Alasaad v. McAleenan, filed by the American Civil Liberties Union (ACLU), Electronic Frontier Foundation (EFF), and ACLU of Massachusetts, on behalf of 11 travelers whose smartphones and laptops were searched without individualized suspicion at U.S. ports of entry.“This ruling significantly advances Fourth Amendment protections for millions of international travelers who enter the United States every year,” said Esha Bhandari, staff attorney with the ACLU’s Speech, Privacy, and Technology Project. “By putting an end to the government’s ability to conduct suspicionless fishing expeditions, the court reaffirms that the border is not a lawless place and that we don’t lose our privacy rights when we travel.”
  • The district court order puts an end to Customs and Border Control (CBP) and Immigration and Customs Enforcement (ICE) asserted authority to search and seize travelers’ devices for purposes far afield from the enforcement of immigration and customs laws. Border officers must now demonstrate individualized suspicion of illegal contraband before they can search a traveler’s device. The number of electronic device searches at U.S. ports of entry has increased significantly. Last year, CBP conducted more than 33,000 searches, almost four times the number from just three years prior. International travelers returning to the United States have reported numerous cases of abusive searches in recent months. While searching through the phone of Zainab Merchant, a plaintiff in the Alasaad case, a border agent knowingly rifled through privileged attorney-client communications. An immigration officer at Boston Logan Airport reportedly searched an incoming Harvard freshman’s cell phone and laptop, reprimanded the student for friends’ social media postings expressing views critical of the U.S. government, and denied the student entry into the country following the search.For the order:https://www.eff.org/document/alasaad-v-nielsen-summary-judgment-order For more on this case:https://www.eff.org/cases/alasaad-v-duke
Gary Edwards

Box, Dropbox rethink future in midst of price war - San Jose Mercury News - 0 views

  • "Right now there is a huge arms race between Apple, Google, Microsoft, and now Amazon has thrown their hat in the ring," said Vineet Jain, co-founder and CEO of Egnyte, a Mountain View company that sells software that allows companies to store data both in the cloud and on premise. "These four guys are capable of making it free or nearly free, and the price points that you're seeing from these vendors such as Box will have to come down, or they will have a shrinking user base. You cannot out-compete Microsoft and Google on price -- you just can't."
  • For Box and Dropbox -- and the investors who have poured millions of dollars into them -- there's a lot of money on the line. In 2013, cloud storage companies raised $1.2 billion from venture capitalists, compared to $427 million in 2010 and $185 million in 2009, according to the Dow Jones. Silicon Valley cloud storage companies accounted for 14 of the top 20 venture-backed deals, with Box leading with more than $350 million in funds raised; Dropbox raised $250 million.
  • "The problem is pricing on storage has just been collapsing," said Randy Chou, CEO and co-founder of Panzura, which sells hardware and software that allows businesses to collaborate on massive documents, and counts Electronic Arts and the U.S. Department of Justice among its customers. "Whatever anyone is paying today, they'll pay half next year, and half the year after that."
  •  
    Commentary on the expected Box and Dropbox IPO, which are being delayed. The author explains the delay, but misses the incredibl eimpact Office 365 is having on the mobile Cloud Productivity platform. And this is the platform war of all wars. It is the race to dominate the 3rd Wave of computing. "It wasn't long ago that cloud storage companies such as Box and Dropbox were among the hottest startups in Silicon Valley, blessed with vast amounts of venture capital and poised to go public in blockbuster IPOs. But now, thanks to a price war launched by Google, Amazon and other tech giants, almost anyone with a laptop or tablet can get cloud storage for less than the price of a latte. That means Box and Dropbox, which sell software for businesses and consumers to store and use files on the Internet rather than a machine, are confronting a precarious future: They must figure out how to go head-to-head with the world's most powerful tech companies. The jockeying has forced both startups to rethink their plans to go public -- Box filed for an IPO in March, but has delayed trading, and Dropbox, once poised to be one of the biggest tech IPOs of the year, may not have a public offering in its immediate future."
Gonzalo San Gil, PhD.

[# ! #Tech:] How do I permanently erase hard disk? - 1 views

  •  
    "I am going to sell my laptop soon. Before discarding my system, I want to make sure that no one should be able to use my personal data using any method (format do not work). Is there any open source software out there that can help me permanently erase my hard disk?"
  •  
    "I am going to sell my laptop soon. Before discarding my system, I want to make sure that no one should be able to use my personal data using any method (format do not work). Is there any open source software out there that can help me permanently erase my hard disk?"
Paul Merrell

The Wifi Alliance, Coming Soon to Your Neighborhood: 5G Wireless | Global Research - Ce... - 0 views

  • Just as any new technology claims to offer the most advanced development; that their definition of progress will cure society’s ills or make life easier by eliminating the drudgery of antiquated appliances, the Wifi Alliance  was organized as a worldwide wireless network to connect ‘everyone and everything, everywhere” as it promised “improvements to nearly every aspect of daily life.”    The Alliance, which makes no pretense of potential health or environmental concerns, further proclaimed (and they may be correct) that there are “more wifi devices than people on earth”.   It is that inescapable exposure to ubiquitous wireless technologies wherein lies the problem.   
  • Even prior to the 1997 introduction of commercially available wifi devices which has saturated every industrialized country, EMF wifi hot spots were everywhere.  Today with the addition of cell and cordless phones and towers, broadcast antennas, smart meters and the pervasive computer wifi, both adults and especially vulnerable children are surrounded 24-7 by an inescapable presence with little recognition that all radiation exposure is cumulative.    
  • The National Toxicology Program (NTP), a branch of the US National Institute for Health (NIH), conducted the world’s largest study on radiofrequency radiation used by the US telecommunications industry and found a ‘significantly statistical increase in brain and heart cancers” in animals exposed to EMF (electromagnetic fields).  The NTP study confirmed the connection between mobile and wireless phone use and human brain cancer risks and its conclusions were supported by other epidemiological peer-reviewed studies.  Of special note is that studies citing the biological risk to human health were below accepted international exposure standards.    
  •  
    ""…what this means is that the current safety standards as off by a factor of about 7 million.' Pointing out that a recent FCC Chair was a former lobbyist for the telecom industry, "I know how they've attacked various people.  In the U.S. … the funding for the EMF research [by the Environmental Protection Agency] was cut off starting in 1986 … The U.S. Office of Naval Research had been funding a fair amount of research in this area [in the '70s]. They [also] … stopped funding new grants in 1986 …  And then the NIH a few years later followed the same path …" As if all was not reason enough for concern or even downright panic,  the next generation of wireless technology known as 5G (fifth generation), representing the innocuous sounding Internet of Things, promises a quantum leap in power and exceedingly more damaging health impacts with mandatory exposures.      The immense expansion of radiation emissions from the current wireless EMF frequency band and 5G about to be perpetrated on an unsuspecting American public should be criminal.  Developed by the US military as non lethal perimeter and crowd control, the Active Denial System emits a high density, high frequency wireless radiation comparable to 5G and emits radiation in the neighborhood of 90 GHz.    The current Pre 5G, frequency band emissions used in today's commercial wireless range is from 300 Mhz to 3 GHZ as 5G will become the first wireless system to utilize millimeter waves with frequencies ranging from 30 to 300 GHz. One example of the differential is that a current LANS (local area network system) uses 2.4 GHz.  Hidden behind these numbers is an utterly devastating increase in health effects of immeasurable impacts so stunning as to numb the senses. In 2017, the international Environmental Health Trust recommended an EU moratorium "on the roll-out of the fifth generation, 5G, for telecommunication until potential hazards for human health and the environment hav
Gonzalo San Gil, PhD.

4 gui applications for installing Linux from USB key | LinuxBSDos.com - 0 views

  •  
    "The traditional and most common method of installing Linux is by burning the installation ISO image to a CD or DVD. But with many laptops, notebooks, ultra notebooks, subnotebooks shipping without an optical drive, installation via USB flash stick has become the most common method for installing Linux on these types of computers" # ! #Freedom to #Go.
  •  
    "The traditional and most common method of installing Linux is by burning the installation ISO image to a CD or DVD. But with many laptops, notebooks, ultra notebooks, subnotebooks shipping without an optical drive, installation via USB flash stick has become the most common method for installing Linux on these types of computers"
Paul Merrell

FBI director: Cover up your webcam | TheHill - 0 views

  • The head of the FBI on Wednesday defended putting a piece of tape over his personal laptop's webcam, claiming the security step was a common sense one that most should take.  “There’s some sensible things you should be doing, and that’s one of them,” Director James Comey said during a conference at the Center for Strategic and International Studies.ADVERTISEMENT“You go into any government office and we all have the little camera things that sit on top of the screen,” he added. “They all have a little lid that closes down on them.“You do that so that people who don’t have authority don’t look at you. I think that’s a good thing.”Comey was pilloried online earlier this year, after he revealed that he puts a piece of tape over his laptop camera to keep away prying eyes. The precaution is a common one among security advocates, given the relative ease of hacking laptop cameras.  
  • But many found it ironic for Comey, who this year launched a high profile battle against Apple to gain access to data locked inside of the iPhone used by one of the San Bernardino, Calif., terrorists. Many viewed that fight as a referendum on digital privacy.Comey was “much mocked for that,” he acknowledged on Wednesday.But he still uses the tape on his laptop.“I hope people lock their cars,” he said. “Lock your doors at night… if you have an alarm system, you should use it.”“It’s not crazy that the FBI director cares about personal security as well,” the FBI director added. “So I think people ought to take responsibility for their own safety and security.”
Gonzalo San Gil, PhD.

Teaching kids game design with open source software | Opensource.com - 2 views

  •  
    "Youth Digital just moved into their new offices, tucked away in a nondescript office park in Chapel Hill, North Carolina. It's a big step up from their humble beginnings, when company founder and director Justin Richards hauled a laptop to his students' houses, tutoring them on web and graphic design. "
  •  
    "Youth Digital just moved into their new offices, tucked away in a nondescript office park in Chapel Hill, North Carolina. It's a big step up from their humble beginnings, when company founder and director Justin Richards hauled a laptop to his students' houses, tutoring them on web and graphic design. "
Gonzalo San Gil, PhD.

Build a home music server with Linux | Opensource.com - 0 views

  •  
    "In this article, I am going to focus on the hardware, software, and configuration issues that we need to resolve to set up a Linux-based music server as part of the home music system. Specifically, I'll look at the Raspberry Pi, Cubox-i, and Fit-PC as options for hosting your digital home music system. Some of the material in this article can equally be applied to my previous article on the Linux laptop as a high-quality music player"
Gonzalo San Gil, PhD.

Poll: nearly 50% of year 10 students feel addicted to the internet | Technology | The G... - 0 views

  •  
    "Survey also finds more than three quarters of similarly aged pupils take a laptop, phone or tablet to bed at night Share Tweet this Email Peter Walker The Guardian, Friday 9 May 2014" # ! better than the current Addiction to TV...
Gary Edwards

SXSW: Big Browsers Butt Heads - AppScout - 0 views

  •  
    From AppScout: ... "For the third year in a row, leading minds from the major browsers got together at SXSW Interactive to spar with one another over issues like Web standards and openness. As in years past, Mozilla's Brendan Eich, Microsoft's Chris Wilson, Opera's Charles McCathieNevile, and moderator Arun Ranganathan (also from Mozilla) were present, and this year they were joined by Google's Darin Fisher.

    As always, Apple was absent from the panel. Wilson told me that Apple is active in the standards discussion, but the company's famously closed corporate policy prevents Apple reps from participating in panels like this (almost every laptop I saw in the room was a Mac, so apparently the policy hasn't hurt them much). In any case, Safari's WebKit was represented by Chrome (Fisher), which is also built on WebKit....."

    AppScout does a great job of collecting some of the best snippets to come out of this panel discussion. Really though, how can anyone have a browser discussion without edge of the Web WebKit device browsers? And then there's this: the discussions today isn't about "browsers". It's about RiA platforms and how browsers are used to launch rich internet applications. Microsoft has XAML-Silverlight. Adobe has AiR-WebKit-SWF. And the Open Web has WebKit-HTML+. That's the battle!
Paul Merrell

Canadian risks prison for not giving up phone's passcode - Yahoo News - 0 views

  • Montreal (AFP) - A Canadian charged for refusing to give border agents his smartphone passcode was expected Thursday to become the first to test whether border inspections can include information stored on devices.Alain Philippon, 38, risks up to a year in prison and a fine of up to Can$25,000 (US$20,000) if convicted of obstruction.He told local media that he refused to provide the passcode because he considered information on his smartphone to be "personal."Philippon was transiting through the port city of Halifax on his way home from a Caribbean vacation on Monday when he was selected for an in-depth exam.
  • "Philippon refused to divulge the passcode for his cell phone, preventing border services officers from their duties," Canada Border Services Agency said in an email.The agency insists that the Customs Act authorizes its officers to examine "all goods and conveyances including electronic devices, such as cell phones and laptops."But, according to legal experts, the issue of whether a traveler must reveal the password for an electronic device at a border crossing has not been tested in court. "(It's) one thing for them to inspect it, another thing for them to compel you to help them," Rob Currie, director of the Law and Technology Institute at Dalhousie University, told public broadcaster CBC.Philippon is scheduled to appear in court on May 12.
Gonzalo San Gil, PhD.

Readers Say 'No' to Antivirus on Linux | FOSS Force - 0 views

  •  
    "FOSS Force Staff The FOSS Force Poll A few weeks back when Ken Starks wrote an anecdotal column on an experience with a false positive from Avast antivirus on GNU/Linux, we started thinking. We run antivirus on our LAMP servers with the intent of protecting poor suckers on Windows, but on our Linux desktops and laptops? Pretty much, no. Some of us had tried the open source ClamAV at one time or another, mainly out of curiosity, but none of us had stuck with it. To our knowledge, until Starks wrote his column none of us even knew anybody who had ever run proprietary AV on Linux boxes."
Gonzalo San Gil, PhD.

Troubleshot & repair Linux networks | Linux User & Developer - the Linux and FOSS mag f... - 1 views

  •  
    "Posted by Gavin Thomas No network connection on your laptop or problems with your web hosting? We're here to help "The Network is the computer," is the famous, prescient quote made by Sun Microsystem's chief scientist and employee number five, John Gage, in 1984. The growth of the web, mobile and cloud computing have borne out that phrase, and a computer without a network connection is just an expensive paperweight."
1 - 20 of 28 Next ›
Showing 20 items per page