Political Wrinkles  

Go Back   Political Wrinkles > General Forum > Opinions & Editorials
Register FAQDonate PW Store PW Trivia Members List Calendar Search Today's Posts Mark Forums Read

Opinions & Editorials Discuss Should all locks have keys? Phones, Castles, Encryption, and You. at the General Forum; You Tube You Tube I think the video discusses it well. People do not seem to grasp that we're talking ...

Reply
 
Share LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 04-19-2016, 07:00 PM
foundit66's Avatar
Moderator
 
Join Date: Oct 2007
Location: California
Gender: Male
Posts: 24,742
Thanks: 9,764
Thanked 14,861 Times in 8,995 Posts
Post Should all locks have keys? Phones, Castles, Encryption, and You.


I think the video discusses it well.
People do not seem to grasp that we're talking about creating a "keyhole" availability that others can and will use.

The iPhone saga itself helps document this.
Apple refused to create one, but others had already found an existing vulnerability.

It's only logical that if you create a vulnerability for the government, others will inevitably find it as well.
__________________
“Labor is prior to, and independent of, capital. Capital is only the fruit of labor, and could never have existed if labor had not first existed. Labor is the superior of capital, and deserves much the higher consideration.”
~Abraham Lincoln
Reply With Quote
The Following 2 Users Say Thank You to foundit66 For This Useful Post:
  #2 (permalink)  
Old 03-10-2017, 03:40 PM
Scholar
 
Join Date: Dec 2011
Location: Okolona
Gender: Male
Posts: 2,202
Thanks: 1,627
Thanked 599 Times in 512 Posts
Cool Re: Should all locks have keys? Phones, Castles, Encryption, and You.

Data-scrambling encryption works, and the industry should use more of it...

What the CIA WikiLeaks Dump Tells Us: Encryption Works
March 10, 2017 — If the tech industry is drawing one lesson from the latest WikiLeaks disclosures, it's that data-scrambling encryption works, and the industry should use more of it.
Quote:
Documents purportedly outlining a massive CIA surveillance program suggest that CIA agents must go to great lengths to circumvent encryption they can't break. In many cases, physical presence is required to carry off these targeted attacks. "We are in a world where if the U.S. government wants to get your data, they can't hope to break the encryption,'' said Nicholas Weaver, who teaches networking and security at the University of California, Berkeley. "They have to resort to targeted attacks, and that is costly, risky and the kind of thing you do only on targets you care about. Seeing the CIA have to do stuff like this should reassure civil libertarians that the situation is better now than it was four years ago.''

More encryption

Four years ago is when former NSA contractor Edward Snowden revealed details of huge and secret U.S. eavesdropping programs. To help thwart spies and snoops, the tech industry began to protectively encrypt email and messaging apps, a process that turns their contents into indecipherable gibberish without the coded "keys'' that can unscramble them.

The NSA revelations shattered earlier assumptions that internet data was nearly impossible to intercept for meaningful surveillance, said Joseph Lorenzo Hall, chief technologist at the Washington-based civil-liberties group Center for Democracy & Technology. That was because any given internet message gets split into a multitude of tiny "packets,'' each of which traces its own unpredictable route across the network to its destination.

The realization that spy agencies had figured out that problem spurred efforts to better shield data as it transits the internet. A few services such as Facebook's WhatsApp followed the earlier example of Apple's iMessage and took the extra step of encrypting data in ways even the companies couldn't unscramble, a method called end-to-end encryption.

Challenges for authorities
See also:

Alleged CIA Hacking Techniques Lay Out Online Vulnerability
March 10, 2017 | WASHINGTON — If this week’s WikiLeaks document dump is genuine, it includes a CIA list of the many and varied ways the electronic device in your hand, in your car, and in your home can be used to hack your life.
Quote:
It’s simply more proof that, “it’s not a matter of if you’ll get hacked, but when you’ll get hacked.” That may be every security expert’s favorite quote, and unfortunately they say it’s true. The WikiLeaks releases include confidential documents the group says exposes “the entire hacking capacity of the CIA.” The CIA has refused to confirm the authenticity of the documents, which allege the agency has the tools to hack into smartphones and some televisions, allowing it to remotely spy on people through microphones on the devices.

WikiLeaks also claimed the CIA managed to compromise both Apple and Android smartphones, allowing their officers to bypass the encryption on popular services such as Signal, WhatsApp and Telegram. For some of the regular tech users, news of the leaks and the hacking techniques just confirms what they already knew. When we’re wired 24-7, we are vulnerable. “The expectation for privacy has been reduced, I think,” Chris Coletta said, “... in society, with things like WikiLeaks, the Snowden revelations ... I don’t know, maybe I’m cynical and just consider it to be inevitable, but that’s really the direction things are going.”

The internet of things

The problem is becoming even more dangerous as new, wired gadgets find their way into our homes, equipped with microphones and cameras that may always be listening and watching. One of the WikiLeaks documents suggests the microphones in Samsung smart TV’s can be hacked and used to listen in on conversations, even when the TV is turned off. Security experts say it is important to understand that in many cases, the growing number of wired devices in your home may be listening all the time.

“We have sensors in our phones, in our televisions, in Amazon Echo devices, in our vehicles,” said Clifford Neuman, the director of the Center for Computer Systems Security, at the University of Southern California. “And really almost all of these attacks are things that are modifying the software that has access to those sensors, so that the information is directed to other locations. Security practitioners have known that this is a problem for a long time.”

Neuman says hackers are using the things that make our tech so convenient against us. “Certain pieces of software and certain pieces of hardware have been criticized because, for example, microphones might be always on,” he said. “But it is the kind of thing that we’re demanding as consumers, and we just need to be more aware that the information that is collected for one purpose can very easily be redirected for others.”

Tools of the espionage trade
__________________
The water's always turbulent where two great rivers meet.

Last edited by waltky; 03-10-2017 at 03:49 PM..
Reply With Quote
  #3 (permalink)  
Old 03-12-2017, 10:23 AM
jamesrage's Avatar
Master
 
Join Date: Jan 2008
Location: A place where common sense still exist.
Gender: Male
Posts: 1,620
Thanks: 707
Thanked 880 Times in 566 Posts
Default Re: Should all locks have keys? Phones, Castles, Encryption, and You.

Quote:
Originally Posted by foundit66 View Post
http://www.youtube.com/watch?v=VPBH1eW28mo

I think the video discusses it well.
People do not seem to grasp that we're talking about creating a "keyhole" availability that others can and will use.

The iPhone saga itself helps document this.
Apple refused to create one, but others had already found an existing vulnerability.

It's only logical that if you create a vulnerability for the government, others will inevitably find it as well.
No company should be forced to make their products easy for governments to crack. So hopeful tech companies will use that wiki leaks CIA data dump on how to make their products more secure.
__________________
"There can be no divided allegiance here. Any man who says he is an American, but something else also, isn’t an American at all. We have room for but one flag, the American flag… We have room for but one language here, and that is the English language… and we have room for but one sole loyalty and that is a loyalty to the American people.”—Theodore Roosevelt
Reply With Quote
  #4 (permalink)  
Old 03-19-2017, 04:44 AM
Scholar
 
Join Date: Dec 2011
Location: Okolona
Gender: Male
Posts: 2,202
Thanks: 1,627
Thanked 599 Times in 512 Posts
Red face Re: Should all locks have keys? Phones, Castles, Encryption, and You.

Glitches been fixed...

Popular Messaging Apps Vulnerable to Hackers
March 15, 2017 - Those encrypted messaging apps you may have been using to avoid prying eyes had a major flaw that could have allowed access to hackers, according to a cybersecurity firm.
Quote:
According to Check Point Software Technologies, both Telegram and WhatsApp, which is owned by Facebook, were vulnerable. The company said it withheld the information until the security holes were patched, saying “hundreds of millions” of users could have been compromised.

The vulnerability involved infecting digital images with malicious code that would have been activated upon clicking the pic. That, according to Check Point, could have made accounts susceptible to hijacking. "This new vulnerability put hundreds of millions of WhatsApp Web and Telegram Web users at risk of complete account take over," Check Point head of product vulnerability Oded Vanunu said in a news release. "By simply sending an innocent looking photo, an attacker could gain control over the account, access message history, all photos that were ever shared, and send messages on behalf of the user."

Both apps tout so-called end-to-end encryption to ensure privacy, but according to Check Point, that made it hard to spot malicious code. Patching the vulnerability involved blocking the code before the messages were encrypted. WhatsApp claims to have more than one billion users, while Telegram has more than 100 million.

2 Popular Messaging Apps Vulnerable to Hackers
__________________
The water's always turbulent where two great rivers meet.
Reply With Quote
  #5 (permalink)  
Old 03-20-2017, 04:46 AM
winston53660's Avatar
PW Enlightenment
 
Join Date: Oct 2007
Posts: 10,220
Thanks: 1,852
Thanked 4,259 Times in 3,189 Posts
Default Re: Should all locks have keys? Phones, Castles, Encryption, and You.

Quote:
Originally Posted by waltky View Post
Glitches been fixed...

Popular Messaging Apps Vulnerable to Hackers
March 15, 2017 - Those encrypted messaging apps you may have been using to avoid prying eyes had a major flaw that could have allowed access to hackers, according to a cybersecurity firm.
Well at least Porn Hub wasn't on the list
__________________
Originally Posted by TiredRetired View Post
Damn shame it couldn't have been a father / son event. IMHO.
Reply With Quote
The Following User Says Thank You to winston53660 For This Useful Post:
  #6 (permalink)  
Old 10-23-2017, 02:17 AM
Scholar
 
Join Date: Dec 2011
Location: Okolona
Gender: Male
Posts: 2,202
Thanks: 1,627
Thanked 599 Times in 512 Posts
Red face Re: Should all locks have keys? Phones, Castles, Encryption, and You.

FBI Couldn't Access more than 6,900 mobile devices Devices Because of Encryption...

FBI Couldn't Access Nearly 7K Devices Because of Encryption
October 22, 2017 — The FBI hasn't been able to retrieve data from more than half of the mobile devices it tried to access in less than a year, FBI Director Christopher Wray said Sunday, turning up the heat on a debate between technology companies and law enforcement officials trying to recover encrypted communications.
Quote:
In the first 11 months of the fiscal year, federal agents were unable to access the content of more than 6,900 mobile devices, Wray said in a speech at the International Association of Chiefs of Police conference in Philadelphia. “To put it mildly, this is a huge, huge problem,” Wray said. “It impacts investigations across the board - narcotics, human trafficking, counterterrorism, counterintelligence, gangs, organized crime, child exploitation.” The FBI and other law enforcement officials have long complained about being unable to unlock and recover evidence from cellphones and other devices seized from suspects even if they have a warrant, while technology companies have insisted they must protect customers' digital privacy.

The long-simmering debate was on display in 2016, when the Justice Department tried to force Apple to unlock an encrypted cellphone used by a gunman in a terrorist attack in San Bernardino, California. The department eventually relented after the FBI said it paid an unidentified vendor who provided a tool to unlock the phone and no longer needed Apple's assistance, avoiding a court showdown. The Justice Department under President Donald Trump has suggested it will be aggressive in seeking access to encrypted information from technology companies. But in a recent speech, Deputy Attorney General Rod Rosenstein stopped short of saying exactly what action it might take. “I get it, there's a balance that needs to be struck between encryption and the importance of giving us the tools we need to keep the public safe,” Wray said.


WhatsApp and Facebook messenger are among app icons seen on an iPhone.

In a wide-ranging speech to hundreds of police leaders from across the globe, Wray also touted the FBI's partnerships with local and federal law enforcement agencies to combat terrorism and violent crime. “The threats that we face keep accumulating, they are complex, they are varied,” Wray said, describing threats from foreign terror organizations and homegrown extremists.

Wray also decried a potential “blind spot” for intelligence gathering if Congress doesn't reauthorize an intelligence surveillance law set to expire at the end of the year. The Foreign Intelligence Surveillance Act allows the government to collect information about militants, people suspected of cyber crimes or proliferation of weapons of mass destruction, and other foreign targets outside the United States. Intelligence and law enforcement officials say the act is vital to national security. A section of the act permits the government, under the oversight of the Foreign Intelligence Surveillance Court, to target non-Americans outside the United States. “If it doesn't get renewed or reauthorized, essentially in the form that it already is, we're about to get another blind spot,” Wray said.

https://www.voanews.com/a/fbi-encryption/4081470.html
See also:

US Warns About Attacks On Energy, Industrial Firms
October 21, 2017 - The Department of Homeland Security and Federal Bureau of Investigation warned in a report distributed by email late on Friday that the nuclear, energy, aviation, water and critical manufacturing industries have been targeted along with government entities in attacks dating back to at least May.
Quote:
The agencies warned that hackers had succeeded in compromising some targeted networks, but did not identify specific victims or describe any cases of sabotage. The objective of the attackers is to compromise organizational networks with malicious emails and tainted websites to obtain credentials for accessing computer networks of their targets, the report said. U.S. authorities have been monitoring the activity for months, which they initially detailed in a confidential June report first reported by Reuters. That document, which was privately distributed to firms at risk of attacks, described a narrower set of activity focusing on the nuclear, energy and critical manufacturing sectors.

Department of Homeland Security spokesman Scott McConnell declined to elaborate on the information in the report or say what prompted the government to go public with the information at this time. "The technical alert provides recommendations to prevent and mitigate malicious cyber activity targeting multiple sectors and reiterated our commitment to remain vigilant for new threats," he said. The FBI declined to comment on the report, which security researchers said described an escalation in targeting of infrastructure in Europe and the United States that had been described in recent reports from private firms, including Symantec Corp. "This is very aggressive activity," said Robert Lee, an expert in securing industrial networks.


The Watts Bar Nuclear Plant cooling towers Unit 1, left, and Unit 2 rise near Spring City, Tenn.

Lee, chief executive of cyber-security firm Dragos, said the report appears to describe hackers working in the interests of the Russian government, though he declined to elaborate. Dragos is also monitoring other groups targeting infrastructure that appear to be aligned with China, Iran, North Korea, he said. The hacking described in the government report is unlikely to result in dramatic attacks in the near term, Lee said, but he added that it is still troubling: "We don’t want our adversaries learning enough to be able to do things that are disruptive later." The report said that hackers have succeeded in infiltrating some targets, including at least one energy generator, and conducting reconnaissance on their networks. It was accompanied by six technical documents describing malware used in the attacks. Homeland Security "has confidence that this campaign is still ongoing and threat actors are actively pursuing their objectives over a long-term campaign," the report said.

The report said the attacker was the same as one described by Symantec in a September report that warned advanced hackers had penetrated the systems controlling operations of some U.S. and European energy companies. Symantec researcher Vikram Thakur said in an email that much of the contents of Friday's report were previously known within the security community. Cyber-security firm CrowdStrike said the technical indicators described in the report suggested the attacks were the work of a hacking group it calls Berserk Bear, which is affiliated with the Russian Federation and has targeted the energy, financial and transportation industries. "We have not observed any destructive action by this actor," CrowdStrike Vice President Adam Meyers said in an email.

https://www.voanews.com/a/us-warns-a...s/4081021.html
__________________
The water's always turbulent where two great rivers meet.

Last edited by waltky; 10-23-2017 at 02:28 AM..
Reply With Quote
  #7 (permalink)  
Old 10-23-2017, 08:15 AM
jamesrage's Avatar
Master
 
Join Date: Jan 2008
Location: A place where common sense still exist.
Gender: Male
Posts: 1,620
Thanks: 707
Thanked 880 Times in 566 Posts
Default Re: Should all locks have keys? Phones, Castles, Encryption, and You.

Quote:
Originally Posted by waltky View Post
FBI Couldn't Access more than 6,900 mobile devices Devices Because of Encryption...

FBI Couldn't Access Nearly 7K Devices Because of Encryption
October 22, 2017 — The FBI hasn't been able to retrieve data from more than half of the mobile devices it tried to access in less than a year, FBI Director Christopher Wray said Sunday, turning up the heat on a debate between technology companies and law enforcement officials trying to recover encrypted communications.

Its good news that the FBI can't access those devices because of encryption. Because if they can access those phones then so can hackers and thieves.
__________________
"There can be no divided allegiance here. Any man who says he is an American, but something else also, isn’t an American at all. We have room for but one flag, the American flag… We have room for but one language here, and that is the English language… and we have room for but one sole loyalty and that is a loyalty to the American people.”—Theodore Roosevelt
Reply With Quote
The Following 2 Users Say Thank You to jamesrage For This Useful Post:
Reply

Tags
all, and, castles, encryption, have, keys, locks, phones, should, you

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Forum Jump


All times are GMT -5. The time now is 08:04 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2017, vBulletin Solutions, Inc.

Content Relevant URLs by vBSEO 3.2.0