Posts Tagged ‘encryption’

Slowly Moving The Web To HTTPS

The EFF has a pretty good post on the move to make HTTPS closer to the new normal on the web. It’s hardly normal yet, but it’s improving. Already some of the bigger sites on the internet like Google, Facebook and Twitter are serving up HTTPS for almost everything. They do it for security as […]

Silent Circle Finally Bringing Security To Mobile?

Silent Circle is a pretty interesting sounding app: It’s a model for the nested cryptography of Silent Circle. The “safe room” is the iPhone processor, where all the encryption happens. By the time your text leaves the phone, it’s been completely encrypted, unrecoverable without the key. To keep the key safe, Silent Circle uses the […]

iPhone Too Secure From Law Enforcement?

According to the US Department of Justice (DOJ) the iPhone is largely uncrackable at this point: “I can tell you from the Department of Justice perspective, if that drive is encrypted, you’re done,” Ovie Carroll, director of the cyber-crime lab for the CCIPS division of the Department of Justice, said earlier this month during his […]

GPRS Cracked

I mentioned the work of Karsten Nohl to expose how insecure cell phones really are back in 2009. It’s great work since many people assume cell phones are secure, while they likely aren’t nearly as secure as one would think or hope. He’s done a lot more since then as The Register reports: “The interception […]

Project 365 Week 13

Another week, another set. The end of this set and the next set is going to be a bit week, I’ve been fighting a cold among other things that have been distracting me. That said, I kinda like how “Along the NEC” and “Cheap Hack” turned out.

Wanted: Native JS Encryption

I’d like to challenge all browser vendors to put together a comprehensive JS API for encryption. I’ll use this blog post to prove why it’s necessary and would be a great move to do so. The Ultimate Security Model I consider Mozilla Sync (formerly known as “Weave”) to have the ultimate security model. As a […]

Decrypting The Internet

Bruce Schneier on the new wiretapping proposal: Any surveillance system invites both criminal appropriation and government abuse. Function creep is the most obvious abuse: New police powers, enacted to fight terrorism, are already used in situations of conventional nonterrorist crime. Internet surveillance and control will be no different. Official misuses are bad enough, but the […]

The Future Of SSL

Google announced the other day that it will now enable HTTPS by default on Gmail. Previously a user had to either manually type in HTTPS or change a setting to default to it, something most people likely never bothered to do. Google says it’s not related but it seems oddly coincidental that this chance coincides […]

Security Through Obscurity TSA/GSM Edition

It’s impossible to write code these days without having to study security to some extent. The byproduct of this is that since digital security concepts are based largely on real life, you see the obvious gaps in real life “security”. The quotes are intentional because many/most attempts only provide the feeling of security as opposed […]

Unobstructed HTTPS

There’s an interesting discussion on Slashdot about SSL certificates. It brings up two valid points: Invalid certificates, while providing a secure mechanism between the client/server are extremely annoying to use in Firefox 3 for many people because of the multi-step process. Previously it was just a warning dialog. There are no free SSL certificates that […]