This is part one of a four-part series where security expert Jon Callas breaks down the fatal flaws of a recent proposal to add a secret user — the government — to our encrypted conversations. Twenty-five years ago, the FBI decided it needed a surveillance system built into the nation’s telephone network to enable it to listen […]
Katie Jones sure seemed plugged into Washington’s political scene. The 30-something redhead boasted a job at a top think tank and a who’s-who network of pundits and experts, from the centrist Brookings Institution to the right-wing Heritage Foundation. She was connected to a deputy assistant secretary of state, a senior aide to a senator and […]
We are surrounded by surveillance cameras that record us at every turn. But for the most part, while those cameras are watching us, no one is watching what those cameras observe or record because no one will pay for the armies of security guards that would be required for such a time-consuming and monotonous task. […]
The world of espionage is facing tremendous technological, political, legal, social, and commercial changes. The biggest disruptive force is technological. Traditional spycraft has always relied on deception based on identity. Spotting, developing, recruiting, running, and servicing intelligence sources involves concealing what you are doing. Not anymore. A cover identity that would have been almost bulletproof […]
After several months of testing, the first stable, public build of a Tor browser for Android is finally available on the Google Play Store. The Tor Project team says it made special considerations for the Android version, since mobile browsing tends to incur even more surveillance than desktop browsing and because users have less control over the mobile browsing […]
When it comes to online security, confusion about the risks can lead people to obsess over obscure threats while ignoring key innovations that could truly protect them. Even highly-targeted users like politicians and activists don’t fully appreciate the scourge of phishing, and many aren’t familiar with an emerging form of two-factor authentication known as “Security […]
They are weird in the way they write data, and even weirder in the way they delete information. In the good old days of striped magnetic recording, one could delete a file and rest assured its content was still there until overwritten at some (hopefully distant) moment in the future; not so on an SSD.
Granting permissions to apps takes a certain level of trust—trust that an app is honest about the parts of your phone’s hardware and operating system it has access to, and what it does with the data therein. Trust is especially crucial with VPN apps, the point of which is to obfuscate your mobile internet activity from unwanted […]
There’s new research on the security of password managers, specifically 1Password, Dashlane, KeePass, and Lastpass. This work specifically looks at password leakage on the host computer. That is, does the password manager accidentally leave plain text copies of the password lying around memory? Don’t forget to read the Comments!
Password managers allow the storage and retrieval of sensitive information from an encrypted database. Users rely on them to provide better security guarantees against trivial exfiltration than alternative ways of storing passwords, such as an unsecured flat text file. In this paper we propose security guarantees password managers should offer and examine the underlying workings […]