Group items tagged

"One of the biggest arguments against mandating backdoors in encryption is the fact that, even if you trust the United States government never to abuse that power (and who does?), other criminal hackers and foreign governments will be able to exploit the backdoor to use it themselves. A backdoor is an inherent vulnerability that other actors will attempt to find and try to use it for their own nefarious purposes as soon as they know it exists, putting all of our cybersecurity at risk. "

"In a collaboration between CyberNews Sr. Information Security Researcher Mantas Sasnauskas and researchers James Clee and Roni Carta, suspicious backdoors have been discovered in a Chinese-made Jetstream router, sold exclusively at Walmart as their new line of "affordable" wifi routers. This backdoor would allow an attacker the ability to remotely control not only the routers, but also any devices connected to that network. "

"That's the crux of the problem. While you can legislate to only give state agencies access to terrorists' communications, and with proper oversight and authorisation, you cannot actually build encryption that works like that. If you put a backdoor in, it's there not just for security services to exploit, but for cyber-criminals, oppressive regimes and anyone else."

"Kim Zetter asked them, on behalf of the New York Times, if their products shipped with backdoors allowing remote parties to access and alter them over the internet, they told her unequivocally that they did not engage in this practice. But now, in a letter to Senator Ron Wyden [D-OR], they admit that they lied, and that they "provided pcAnywhere remote connection software … to a small number of customers between 2000 and 2006.""

"David Davis MP, a former shadow home secretary, told the Guardian he has established that police will be able to access the health records of patients when investigating serious crimes even if they had opted out of the new database, which will hold the entire population's medical data in a single repository for the first time from May."

"GCHQ, the UK's spy agency, designed a security protocol for voice-calling called MIKEY-SAKKE and announced that they'll only certify VoIP systems as secure if they use MIKEY-SAKKE, and it's being marketed as "government-grade security." But a close examination of MIKEY-SAKKE reveals some serious deficiencies. The system is designed from the ground up to support "key escrow" -- that is, the ability of third parties to listen in on conversations without the callers knowing about it."

""We have only examined a tiny fraction of this code base and found a critical, election-stealing issue," said Lewis, who is currently executive director of the Open Privacy Research Society, a Canadian nonprofit that develops secure and privacy-enhancing software for marginalized communities. "Even if this [backdoor] is closed its mere existence raises serious questions about the integrity of the rest of the code.""

"In a discussion of how to secure the "critical infrastructure" of the United States he described the phenomenon of compromised computer hardware - namely, chips that have hidden "back doors" inserted into them at the design or manufacturing stage - as "the problem from hell". And, he went on, "frankly, it's not a problem that can be solved"."

"Jim Baker served as the FBI's general counsel from 2014 until 2017, and he presided over the the FBI's attempt to force Apple to undermine its cryptography under the rubric of investigating the San Bernadino shooters; he has long been a prominent advocate for mass surveillance, but he has had a change of heart: in a long, detailed essay on Lawfare, Baker explains why he believes that governments should not seek to introduce defects into cryptographic systems."

""Critical, user-facing vulnerabilities" were found in the Chinese supplier's fixed-broadband products caused by poor code quality and an old operating system, the Huawei Cyber Security Evaluation Centre Oversight Board said in a report. "U.K. operators needed to take extraordinary action to mitigate the risk.""

"Senior executives at Uber ordered the use of a "kill switch" to prevent police and regulators from accessing sensitive data during raids on its offices in at least six countries, leaked files reveal. The instructions to block authorities from accessing its IT systems were part of a sophisticated global operation by the Silicon Valley company to thwart law enforcement."