Group items tagged

Documents leaked by former NSA contractor Edward Snowden show that the NSA created and promulgated a flawed formula for generating random numbers to create a "back door" in encryption products, the New York Times reported in September. Reuters later reported that RSA became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products.Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show.

RSA, meanwhile, was changing. Bidzos stepped down as CEO in 1999 to concentrate on VeriSign, a security certificate company that had been spun out of RSA. The elite lab Bidzos had founded in Silicon Valley moved east to Massachusetts, and many top engineers left the company, several former employees said.And the BSafe toolkit was becoming a much smaller part of the company. By 2005, BSafe and other tools for developers brought in just $27.5 million of RSA's revenue, less than 9% of the $310 million total."When I joined there were 10 people in the labs, and we were fighting the NSA," said Victor Chan, who rose to lead engineering and the Australian operation before he left in 2005. "It became a very different company later on."By the first half of 2006, RSA was among the many technology companies seeing the U.S. government as a partner against overseas hackers.New RSA Chief Executive Art Coviello and his team still wanted to be seen as part of the technological vanguard, former employees say, and the NSA had just the right pitch. Coviello declined an interview request.An algorithm called Dual Elliptic Curve, developed inside the agency, was on the road to approval by the National Institutes of Standards and Technology as one of four acceptable methods for generating random numbers. NIST's blessing is required for many products sold to the government and often sets a broader de facto standard.RSA adopted the algorithm even before NIST approved it. The NSA then cited the early use of Dual Elliptic Curve inside the government to argue successfully for NIST approval, according to an official familiar with the proceedings.RSA's contract made Dual Elliptic Curve the default option for producing random numbers in the RSA toolkit. No alarms were raised, former employees said, because the deal was handled by business leaders rather than pure technologists.

Here, we describe a new acoustic cryptanalysis key extraction attack, applicable to GnuPG's current implementation of RSA. The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away.

Earlier Edward Snowden leaks had revealed that the NSA created a flawed random number generation system (Dual_EC_DRBG), Dual Elliptic Curve, which RSA used in its Bsafe security tool and now Snowden has revealed that RSA received $10 million from NSA for keeping Encryption Weak. So, anyone who knows the right numbers used in Random number generator program, can decipher the resulting cryptotext easily.

A guitar design firm called Born to Rock has won an initial victory over the user-generated T-shirt-printing website CafePress in a legal battle over whether CafePress users will be allowed to use the company's name as part of their T-shirt designs. While the guitar firm initially registered the phrase only for use selling guitars, it has taken the position that any use of the phrase "born to rock" by a CafePress user infringes its trademarks.

On Monday, Prime Minister John Key announced that he had requested an inquiry by the Inspector-General of Intelligence and Security after it was revealed that the Government Communications Security Bureau (GSCB) illegally intercepted the communications of individuals in the Megaupload case.

GCSB is an intelligence agency of the New Zealand government responsible for spying on external entities. It is forbidden by law from conducting surveillance on its own citizens or permanent residents in the country. Now it has been revealed that incorrect information supplied by the police’s Organized and Financial Crime Agency (OFCANZ) led the GCSB to spy on Kim Dotcom and Bram van der Kolk.

During an earlier hearing, Detective Inspector Grant Wormald of OFCANZ said that apart from surveillance carried out by the police, no other surveillance had been carried out against Dotcom. But with the revelation that GCSB had indeed been monitoring the Megaupload founder at the behest of OFCANZ, questions are now being raised about this apparent inconsistency, not least since Wormald previously acknowledged that a secret government unit had been involved in a pre-raid planning meeting in January.

Further evidence of overeager and illegal police work emerged Thursday in New Zealand as Inspector General of Security and Intelligence Paul Neazor released a report on the illegal bugging of Kim Dotcom and Megaupload programmer Bram van der Kolk. Two GCSB officers were present at a police station nearby Dotcom’s mansion as the raid took place.

Police weighed several options for the raid named “Operation Debut,” undertaken at the behest of US authorities, and sought to take Dotcom and associates with the “greatest element of surprise” and to minimise any delays the in executing the search and seizure operation should the German file sharing tycoon’s staff be uncooperative or even resist officers on arrival.

The police planners also noted that “Dotcom will use violence against person’s [sic] and that he has several staff members who are willing to use violence at Dotcom’s bidding” after a U.S. cameraman, Jess Bushyhead, reported the Megaupload founder for assaulting him with his stomach after a dispute. Based on Dotcom’s license plates such as MAFIA, POLICE, STONED, GUILTY, and HACKER, police said this indicates the German “likes to think of himself as a gangster” and is “described as arrogant, flamboyant and having disregard for law enforcement.” However, the documents show that Dotcom had only been caught violating the speed limit in New Zealand. The request for assistance from the STG notes that the US investigation against Mega Media Group and Dotcom was started in March 2010 by prosecutors and the FBI. According to the documents, US prosecutors and FBI “discovered that the Mega Media Group had engaged in and facilitated criminal copyright infringement and money laundering on a massive scale around the world.” FBI in turn contacted NZ Police in “early 2011," requesting assistance with the Mega Media Group investigation as Dotcom had moved to New Zealand at the time.

Kim Dotcom is determined to put the major music labels out of business with Megabox. At the same time he promises to give artists full control over their own work and a healthy revenue stream. Today Dotcom released a video on the making of Megabox which unveils some of the service’s features. The video also shows “The Black Keys,” “Rusko,” “Two Fingers” and “Will.i.am” as exclusive artists.

So why would artists join Megabox in the first place? The goal of Megabox is to give the public access to free music and compensate artists through advertising revenue. Megaupload’s founder believes that this “free music” business model has the potential to decrease music piracy while giving artists proper compensation for their work. This revenue comes from the Megakey application that users have to install. Megakey works like an ad blocker, but instead of blocking ads it replaces a small percentage with Mega’s own ads. Those who prefer not to install the app have the option to buy the music instead.

“These new solutions will allow content creators to keep 90% of all earnings and generate significant income from the untapped market of free downloads,” Dotcom said.

Could a state actor be at play? U.S. Senator Joe Lieberman, without offering any proof, said he believed the assaults were carried out by Iran in retaliation for tightened economic sanctions imposed by the United States and its allies.

only a handful of groups out there that have the technical ability or incentive

“The Art of Deception: Training for Online Covert Operations.”

Among the core self-identified purposes of JTRIG are two tactics: (1) to inject all sorts of false material onto the internet in order to destroy the reputation of its targets; and (2) to use social sciences and other techniques to manipulate online discourse and activism to generate outcomes it considers desirable. To see how extremist these programs are, just consider the tactics they boast of using to achieve those ends: “false flag operations” (posting material to the internet and falsely attributing it to someone else), fake victim blog posts (pretending to be a victim of the individual whose reputation they want to destroy), and posting “negative information” on various forums. 

Critically, the “targets” for this deceit and reputation-destruction extend far beyond the customary roster of normal spycraft: hostile nations and their leaders, military agencies, and intelligence services. In fact, the discussion of many of these techniques occurs in the context of using them in lieu of “traditional law enforcement” against people suspected (but not charged or convicted) of ordinary crimes or, more broadly still, “hacktivism”, meaning those who use online protest activity for political ends. The title page of one of these documents reflects the agency’s own awareness that it is “pushing the boundaries” by using “cyber offensive” techniques against people who have nothing to do with terrorism or national security threats, and indeed, centrally involves law enforcement agents who investigate ordinary crimes:

"The real danger [from] the publicity about [NSA surveillance] is that other countries will begin to put very serious encryption – we use the term 'Balkanization' in general – to essentially split the internet and that the internet's going to be much more country specific," Google executive chairman Eric Schmidt said at an event in New York this month. "That would be a very bad thing, it would really break the way the internet works, and I think that's what I worry about."

Jeffrey Kantor, who was fired by Appian Corporation, sued a host of government officials, including Attorney General Eric Holder, Director of National Intelligence James Clapper, CIA Director John Brennan, Defense Secretary Chuck Hagel and Secretary of State John Kerry in Federal Court, alleging civil rights violations, disclosure of private information and retaliation… He also sued Secretary of Energy Ernest Moniz, Acting Secretary of Homeland Security Rand Beers, Treasury Secretary Jacob Lew, EPA Administrator Regina McCarthy and U.S. Office of Personnel Management Director Katherine Archuleta.

“In the same way that a laser is a hell of a lot more powerful than a light bulb, room-temperature superconductivity would completely change how you transport electricity and enable new ways of using electricity,” said Louis Taillefer, a professor of physics at the University of Sherbrooke in Quebec.

ripples of electrons inside the superconductors that are called charge density waves. The fine-grained structure of the waves, reported in two new papers by independent groups of researchers, suggests that they may be driven by the same force as superconductivity. Davis and his colleagues directly visualized the waves in a study posted online in April, corroborating indirect evidence reported in February by a team led by Riccardo Comin, a postdoctoral fellow at the University of Toronto.

Taken together, the various findings are at last starting to build a comprehensive picture of the physics behind high-temperature superconductivity. “This is the first time I feel like we’re making real progress,” said Andrea Damascelli, a professor of physics at the University of British Columbia who led two recent studies on charge density waves. “A lot of different observations which have been made over decades did not make sense with each other, and now they do.”

Using genetically modified E. coli to generate biofuel isn’t new. U.K. scientists said in April they have developed a process under which the bacterium turns biomass into an oil that is almost identical to conventional diesel–a development that followed similar research by U.S. biotechnology firm LS9 in 2010. But the breakthrough this time is important because the reprogrammed E. coli can produce gasoline, a high-premium oil product that’s more expensive than diesel if the biofuel becomes commercially viable, according to Prof. Lee Sang-yup at the Korea Advanced Institute of Science and Technology. His team’s study was published in the international science journal Nature on Monday.

The significance of this breakthrough is that you don’t have to go through another process to crack the oil created by E. coli to produce gasoline. We have succeeded in converting glucose or waste biomass directly into gasoline,

only a few drops of the fuel per hour—making just 580 milligrams of gasoline from one liter of glucose culture.

the report recognized that email privacy is critical

one issue was left conspicuously unaddressed in the report. The Securities and Exchange Commission, the civil agency in charge of protecting investors and ensuring orderly markets, has been advocating for a special exception to the warrant requirement. No agency can or should have a get-out-of-jail-free card for bypassing the Fourth Amendment.

the algorithm is only as fair as the data fed into it.

The project, which cost a total of $1.8 billion to construct, received a million-dollar loan from the Loan Programs Office. Under its “SunShot” initiative (so-named in the spirit of president John F. Kennedy’s “moon shot” program), the DoE provides guaranteed loans to unproved ventures in solar power in the hopes of promoting innovation and making the technology more cost-effective.* Although Agua Caliente (owned by U.S. energy giant NRG Energy and partner MidAmerican Solar) is now the largest photovoltaic solar facility in the world, it probably will not hold that distinction for long. Other massive solar panel facilities, such as Antelope Valley Solar Ranch One in California’s Mojave Desert, are rapidly springing up across the Southwest.