Tag: encryption

The last day of the year – time for 2007 predictions

It is the last day of 2006. What better time for predictions…

From the experts:

Spamroll says:

  • Spam will not end in late January (and Bill Gates will remain mum thereafter)
  • Some spyware companies will be getting sued again by February, while the rest change their company name
  • The government will quit buying consumer data in March, after determining that who is buying TMX Elmo is in no way correlated with who has a tendency to be a terrorist
  • Everyone will be backing up their hard drives by April, but only if external hard drives are free
  • They’ll be encrypting them by May, because everyone will be running hacked versions of Vista
  • We’ll all take the summer off, since phishers already do
  • Back-to-school will piss off millions of children, and not much else
  • October will be much like September
  • Telcos will implement IPv6 for Thanksgiving, and everyone on the internet will know who everyone else is, once and for all (with the exception of MacBook Pro users, which are already being tracked via heatsink)
  • We’ll get a ton of self-serving predictions for 2008, a week early at Christmas

Happy New Year!

UPDATE: Sarcasm does work – someone is thinking about backup.

Success, and failure, with the systems

I am not a lawyer. Let’s repeat, I am not a lawyer. But I am not a criminal (as far as I know), and I am a laptop encryption user (and a fervent believer in it). Now, I am going to opine on a story…

A guy, one Joseph Edward Duncan II, is accused of murder and kidnapping (i.e. the parents were murdered, and the children were kidnapped). The FBI confiscated a laptop of his, and despite their best efforts, they can’t crack its encryption.

The computer key may provide Duncan some negotiating leverage in the next few weeks when authorities file federal charges that are expected to carry the death penalty. ‘Federal authorities are going to attempt to execute my client,’ said Roger Peven, Duncan’s federal public defender. ‘This is something I’d be happy to talk with federal authorities about.’ Peven is the only person other than Duncan to have seen some of the contents of the laptop. He has declined to say what he saw on the computer.

What is right with this picture is that encryption works. If you are storing sensitive personal and business documents on your machine, I’d bet a thief is not going to get into it any easier that the FBI, if properly encrypted. What a great system.

What is wrong with that picture? Well, this human (if you can call him that), killed a family so he could kidnap a couple of innocent kids to satisfy his sick sexual desires. Authorities found one dead child and another in a terrible state. Duncan plead guilty. Now his lawyer, who has seen the laptop contents, is using the laptop as leverage to keep Duncan alive.

Very sad system indeed.

Veterans Administration heads down encryption route

The VA, who lost a laptop then found it, declaring the data had not been tampered with, has decided to listen to the White House. They are taking the high road, and going to encrypt all laptop data (actually, all sensitive data, which I assume includes that which resides on desktops as well).

All I can say is congratulations. They are “getting it.”

Net neutrality debate may not matter

With all the talk of net neutrality, government snooping, and telco conspiracies, you’d think that web companies would be worried sick. Yet, nobody is running around like a chicken with their head cut off. Techdirt Mike thinks government meddling is going to increase the use of encryption technologies, and I could not agree more. I also believe that is exactly why those slaughtered chicken imitators are so scarce. Internet buffs (and drooling entrepreneurs) know something the bureaucrats can’t ever figure out – like life itself, technology always seems “to find a way.”

Get ready for open, cheap, hardcore stealth communications of the likes you may have never dreamed about (unless you are Kevin Mitnick or Bruce Schneier or Phil Zimmerman). It will be here sooner than you think.

PS: to add to the mess and the potential for distraction: as EmailBattles notes, more data is stolen from governments via burglary than hacking. The government should be worrying more about lock and key, security door, and window bar manufacturers, which in all their intelligence and glory they will probably move to regulate forthwith.

Stupid question on encryption

If encryption is such a simple tool to protect data, then why do so few people use it?

Then again, zip encryption, wrapped in PGP virtual disks, wrapped in FileVault may be taking it a bit too far.

Actually, I am not that obsessive – PGP alone works just fine.

Nothing beats a good padlock

For the singular entrepreneur, consultant or home accountant/mother-of-two, encrypting a computer hard drive is likely protection enough in case the machine is taken. Unless the thief thinks there is something very very valuable hidden on that drive, it will likely get reformatted, for uh, resale.

For big companies, however, encryption alone isn’t enough – the issues are much more complex. You have to know where the data comes in and out of the organization, how it is stored, how much is stored, and where it is stored.

It might also be nice to have employees that don’t leave valuable data in the backseats of cars……ok, I’ll won’t harp on the laptop thing anymore this week.

Rekey the locks, then open more doors

That is essentially what is happening, as Bruce Schneier suggests. ATM networks are upgrading their encryption algorithms. Meanwhile, they are moving off old dedicated lines (I think a lot used frame relay and POTS lines) and onto the internet. That is what is opening them up to potential hacks, not the Triple-DES upgrade.

Now there are two great ways to keep calls private

First, someone noted that Skype technology possessed pretty strong encryption. And while it is only a matter of time before folks crack Skype encryption (or Skype cracks from lawsuits), in the tech sector someone else is always finding a new and better way to do things.

Next up in the “protect your phone conversations” department – Zfone, the latest creation by PGP whiz Phil Zimmerman. Wired calls it “a pretty good way to to foil the NSA”, and coming from Zimmerman, I wouldn’t doubt it. PGP was on the ITAR list for a while, and if my memory serves me correctly, Mr. Zimmerman even got a bit of heat for creating PGP in the first place.

PGP has been available as a commercial app for sometime. I’ve been using it since my Windows 2000 days to secure disk data. Steal my laptop or backup drive and you’ll find it pretty much useless for anything other than hardware resale. It wouldn’t surprise me if Zfone is hardened the same way.

So much for all that wiretapping political rigmarole.
(more…)

Extortion via encryption

A trojan horse is running around, encrypting folks’ data, and demanding cash for its safe unravelling. Sophos has already found the password, but I wouldn’t have been worried anyway. Why?

Because I back my stuff up. And you should too. Whether it is a sneaky virus trying to empty your pockets, or a hard drive head slamming down on a platter, it makes no difference. Your data is now toast.
(more…)

Simple phone tech thwarts government eavesdropping

If the telecomm industry wanted to get a leg up, they should have thought about partnering with real innovators in the industry long ago. Instead, they sat on their uncreative behinds, and let companies like Skype run right over them. Skype fetched a multi-billion dollar purchase price via eBay not too long ago – not bad for a company without any copper lying behind the walls.

Now it seems the product might just be capable of making the Bush Administration, the NSA, and whomever else is lying in wait to douse basic personal privacy, look like the same asses the telecomm executives resemble now. The free product is being called a hell of a way to thwart eavesdropping – the software uses strong encryption, which has been available for things like email for some time, but a little more difficult to apply to voice communications due to the need for “devices” at both ends of the call. The free software is that “device.”

You can bet Skype/eBay executives will be getting hauled in front of Congress any day now to explain.
(more…)