Wednesday, September 29, 2010

FBI Drive for Encryption Backdoors Is Déjà Vu for Security Experts

From Wired Magazine via the New York Times,

The FBI now wants to require all encrypted communications systems to have back doors for surveillance, according to a New York Times report, and to the nation’s top crypto experts it sounds like a battle they’ve fought before.

Back in the 1990s, in what’s remembered as the crypto wars, the FBI and NSA argued that national security would be endangered if they did not have a way to spy on encrypted e-mails, IMs and phone calls. After a long protracted battle, the security community prevailed after mustering detailed technical studies and research that concluded that national security was actually strengthened by wide use of encryption to secure computers and sensitive business and government communications.

Now the FBI is proposing a similar requirement that would require online service providers, perhaps even software makers, to only offer encrypted communication unless the companies have a way to unlock the communications.

In the New York Times story that unveiled the drive, the FBI cited a case where a mobster was using encrypted communication, and the FBI had to sneak into his office to plant a bug. One of the named problems was RIM, the maker of BlackBerrys, which provides encrypted e-mail communications for companies and governments, and which has come under pressure from India and the United Arab Emirates to locate its severs in its countries.

According to the proposal, any company doing business in the States could not create an encrypted communication system without having a way for the government to order the company to decrypt it, and those who currently do offer that service would have to re-tool it. It’s the equivalent of outlawing whispering in real life.

Read the full article here.

Sunday, September 26, 2010

DDOS Botnets in Action

The Shadowserver Foundation is an all volunteer group of security researchers that monitor and report on online malicious activity. They occasionally blog about some of there more interesting findings. A found a recent post about DDOS botnets particularly interesting.

One of the uses of botnets that I find particularly interesting are Distributed Denial of Service(DDoS) attacks. I spend a fair amount of time tracking the various botnet related attacks that Shadowserver sees, especially when the list of victims is of fairly high profile. I've been watching a DDoS group that has been attacking a wide variety of victims in several different countries. This groups uses the BlackEnergy botnet to carry out its attacks.

The rest of the post can be found here.

Saturday, September 25, 2010

ATM Skimmers in Action

From Wired Magazine,

Authorities in Europe have seized a nice video recorded by a group of carders showing the criminals installing a skimming device and hidden camera at an ATM in the United Kingdom to steal customer PINs. Filmed from the hidden pinhole camera itself, installed above the ATM, the video shows how easy it is to capture the PINs as customers enter them on the keypad. But a few wily customers, who are wise to the carders’ tricks, manage to thwart their scheme by shielding the keypad as they type in their number.

Google's Eric Schmidt on Privacy

The Colbert ReportMon - Thurs 11:30pm / 10:30c
Eric Schmidt
Colbert Report Full Episodes2010 ElectionFox News

Microsoft Seeks Privacy Law to Aid Cloud Computing


Microsoft Corp. is urging an overhaul of U.S. laws for electronic privacy to help new services such as cloud computing, a technology that may double sales in five years.
As more data are stored on remote servers and away from personal computers, a 1986 digital law needs to be updated to give consumers confidence their information is protected, Brad Smith, Microsoft’s general counsel, said yesterday at a Senate Judiciary Committee hearing in Washington

Read more here