Justice Department: Default Encryption Has Created a ‘Zone of Lawlessness’

ORIGINAL ARTICLE

from the what-would-you-call-this-zone-that’s-allegedly-associated-with-danger? dept.
Jason Koebler writes:
Leslie Caldwell, an assistant attorney general at the Justice Department, said Tuesday that the department is “very concerned” by the Google’s and Apple’s decision to automatically encrypt all data on Android and iOS devices.

“We understand the value of encryption and the importance of security,” she said. “But we’re very concerned they not lead to the creation of what I would call a ‘zone of lawlessness,’ where there’s evidence that we could have lawful access through a court order that we’re prohibited from getting because of a company’s technological choices.

Posted by Soulskill 2 days ago

Advertisements

FBI Seeks To Legally Hack You If You’re Connected To TOR Or a VPN

Law would allow law enforcement to search electronic data if target computer location has been hidden through Tor or VPN

2015/01/img_2530.jpg
Original Article

by NICOLE KARDELL | FEE | JANUARY 20, 2015

The FBI wants to search through your electronic life. You may think it’s a given that the government is in the business of collecting everyone’s personal data — Big Brother run amok in defiance of the Constitution. But under the limits of the Fourth Amendment, nothing it finds can be used to prosecute its targets. Now the FBI is taking steps to carry out broad searches and data collection under the color of authority, making all of us more vulnerable to “fishing expeditions.”

The investigative arm of the Department of Justice is attempting to short-circuit the legal checks of the Fourth Amendment by requesting a change in the Federal Rules of Criminal Procedure. These procedural rules dictate how law enforcement agencies must conduct criminal prosecutions, from investigation to trial. Any deviations from the rules can have serious consequences, including dismissal of a case. The specific rule the FBI is targeting outlines the terms for obtaining a search warrant.

It’s called Federal Rule 41(b), and the requested change would allow law enforcement to obtain a warrant to search electronic data without providing any specific details as long as the target computer location has been hidden through a technical tool like Tor or a virtual private network. It would also allow nonspecific search warrants where computers have been intentionally damaged (such as through botnets, but also through common malware and viruses) and are in five or more separate federal judicial districts. Furthermore, the provision would allow investigators to seize electronically stored information regardless of whether that information is stored inside or outside the court’s jurisdiction.

The change may sound like a technical tweak, but it is a big leap from current procedure. As it stands, Rule 41(b) only allows (with few exceptions) a court to issue a warrant for people or property within that court’s district. The federal rules impose this location limitation — along with requirements that the agent specifically identify the person and place to be searched, find probable cause, and meet other limiting factors — to reduce the impact an investigation could have on people’s right to privacy. Now the FBI is asking for the authority to hack into and search devices without identifying any of the essential whos, whats, wheres, or whys — giving the FBI the authority to search your computer, tablet, or smartphone even if you are in no way suspected of a crime.

All you have to do is cross the FBI’s virtual path. For instance, the proposed amendment would mean that agents could use tactics like creating online “watering holes” to attract their targets. Anyone who clicked on law enforcement’s false-front website would download the government malware and expose their electronic device to an agent’s search (and also expose the device to follow-on hackers). One obvious target for this strategy is any forum that attracts government skeptics and dissenters — FEE.org, for example. Such tactics could inadvertently impact thousands of people who aren’t investigation targets.

This sort of sweeping authority is in obvious conflict with the Constitution. The Fourth Amendment makes it clear that the government cannot legally search your house or your personal effects, including your electronic devices, without (1) probable cause of a suspected crime (2) defined in a legal document (generally, a search warrant issued by a judge) (3) that specifically identifies what is to be searched and what is to be seized.

The FBI is not the first government agency to find itself challenged by the plain language of the Fourth Amendment. Past overreach has required judges and Congress to clarify what constitutes a legal search and seizure in particular contexts. In the 1960s, when electronic eavesdropping (via wiretaps and bugs) came about, Congress established the Omnibus Crime Control and Safe Streets Act of 1968 (the Wiretap Act). The law addressed concerns about these new surreptitious and invasive investigative tactics and provided several strictures on legal searches via wiretap or bug. Since covert investigative tools can be hard to detect, it was important to institute more rigorous standards to keep agents in line.

The same concerns that Congress addressed in the 1960s are present today, but they take on far greater significance. With our growing reliance on electronic devices to communicate with others, to transact business, to shop, travel, date, and store the details of our private lives, these devices are becoming our most important personal effects. The ability of government actors to enter our digital space and search our electronic data is a major privacy concern that must be checked by Fourth Amendment standards. As the Supreme Court recently pronounced in Riley v. California, the search of a modern electronic device such as a smartphone or computer is more intrusive to privacy than even “the most exhaustive search of a house.”

What seems most troubling, though, is that the FBI is attempting to override the Fourth Amendment, along with the body of law developed over the years to reign in surveillance powers, through a relatively obscure forum. Instead of seeking congressional authority or judicial clarification, it has sought a major power grab through a procedural rule tweak — a tweak that would do away with jurisdictional limitations and specificity requirements, among other important checks on law enforcement. The request seems objectively — and constitutionally — offensive.

Here’s What You Need To Master The Tor Network!

Here’s What You Need To Master The Tor Network!

Monday, May 05, 2014: The anonymous Internet, or the Tor network has been attractive to many since it came to mainstream news. The network provides protection from snooping bodies that steal your personal information online.

What is Tor?

Originally known as The Onion Router, the Tor network was meant to protect the US Navy. Currently, it is a software that sends your signal around a network of open connections. These connections come from volunteers all over the world using the network.

1. Use Tor browsers

Just because it is the anonymous network, that doesn’t mean that Tor will protect your system completely. It protects only the applications and programs that are configured correctly. That is why you should use a Tor browser bundle, which is pre-programmed to suit the Tor network.

2. Say goodbye to browser plugins

You would notice that the Tor browser disables things like Quicktime, RealPlayer and Flash. This it does in order to protect your privacy, as these applications have been known to give out your IP address. Similarly, you should avoid installing any add-ons to the Tor browser because they may cause it to malfunction. This can in turn be a hindrance to the browser’s original purpose of protecting your privacy.

3. Avoid opening downloaded files when working on Tor

Opening PDF or other files using a different application can reveal your non-IP address. You should avoid doing so.

4. Tor and Torrent don’t go together

Even though it may seem so, downloading torrents while on Tor is not a good idea. You can use the network but don’t try to download torrents.

5. HTTPS

Yes, use this at all times while you are on the Tor network. It shouldn’t be any trouble, since the network automatically goes for the always HTTPS option.

6. Tor bridges

This is also important since Tor doesn’t protect you from being watched. Someone can still find out that you’re using Tor.

7. Get more people

The more people near you who use Tor, better will be the protection that you get from the network.

Remove Malware Using These 8 Free Tools!

20140518-110421.jpg

Remove Malware Using These 8 Free Tools!

Malware is a menace, and it’s gaining prominence with each day.

Tuesday, May 13, 2014: Hackers today are not only becoming increasingly successful in finding new ways to break into computers, but achieving a one hundred per cent success rate at the same time. Cybersecurity firms are witnessing a rampant multiplication of cyberattacks categories that now range from malware and spyware to highly sophisticated breaches directed towards large businesses/enterprises. Today we bring you a list of 8 free tools to get rid of malware.

1.Ad-Aware

Anti-spyware and anti-virus program developed by Lavasoft that detects and removes malware, spyware and adware on a user’s computer.

2.Emsisoft Emergency Kit

The Emsisoft Emergency Kit contains a collection of programs that can be used without software installation to scan for malware and clean infected computers.

3.Norman Malware Cleaner

This simple and user friendly tool not only detects malicious software but also removes them from your computer. By downloading and running the program it will clean an infected system completely.

4.SUPERAntiSpyware

Shareware which can detect and remove spyware, adware, trojan horses, rogue security software, computer worms, rootkits, parasites and other potentially harmful software applications. Although it can detect malware, SUPERAntiSpyware is not designed to replace antivirus software.

5.Spybot

Spybot Search & Destroy is a set of tools for finding and removing malicious software. The immunisation feature preemptively protects the browser against threats. System scans and file scans detect spyware and other malicious software and eradicates it.

6.Combofix

Executable software, intended for users with advanced computer skills to run it only on occasions where a regular antivirus would not detect certain malware, or where an antivirus cannot update or otherwise function.

7.Microsoft Security Scanner

Free downloadable security tool that provides on-demand scanning and helps remove viruses, spyware, and other malicious software. It works with your existing antivirus software.

8.Malwarebytes Anti-Malware

Made by Malwarebytes Corporation, it was first released in January 2008 and is available in a free version, which scans for and removes malware when started manually.

Saurabh Singh, EFYTIMES News Network

Cyber Security: CTU Threat Intelligence Services

Intelligence
Cyber Security: CTU Threat Intelligence Services

The Dell SecureWorks Counter Threat UnitSM (CTUSM) research team is a distinguished group of security researchers and experts who analyze data from across thousands of global networks, comb the cyber underground for intelligence and leverage relationships throughout the security community to identify emerging threats, develop countermeasures against new malware and exploits, and protect our customers.

Research

For Dell SecureWorks, research represents the nucleus of our company and operations. Research is breaking down and reverse engineering malware to understand what makes it tick. Research is seeing how disparate events are connected. Research is determining how an exploit is communicating with its Command and Control. Research is identifying who is behind the threat. Research is infused into our managed security services and security consulting practices.

20140517-222407.jpg

This is why we hire only the best and brightest security researchers from private industry, military and intelligence communities – Researchers with proven track records and first-hand technical experience dealing with cyber threats and protecting some of the most sensitive public and private systems and data resources in the world.

The Dell SecureWorks Counter Threat Unit research team’s work underpins the success of our Managed Security Services and Security Operations Centers, and is shared widely with our security consulting teams. In addition, our researchers share pertinent information with our customers and the public at large. Their primary role is understanding the nature of threats our customers face, and creating strategies and countermeasures to address those threats and protect our customers.

The Heartbleed Hit List

The Heartbleed Hit List: The Passwords You Need to Change Right Now

20140410-150906.jpg

An encryption flaw called the Heartbleed bug is already being called one of the biggest security threats the Internet has ever seen. The bug has affected many popular websites and services — ones you might use every day, like Gmail and Facebook — and could have quietly exposed your sensitive account information (such as passwords and credit card numbers) over the past two years.

But it hasn’t always been clear which sites have been affected. Mashable reached out some of the most popular social, email, banking and commerce sites on the web. We’ve rounded up their responses below.

SEE ALSO: How to Protect Yourself From the Heartbleed Bug

Some Internet companies that were vulnerable to the bug have already updated their servers with a security patch to fix the issue. This means you’ll need to go in and change your passwords immediately for these sites. Even that is no guarantee that your information wasn’t already compromised, but there’s also no indication that hackers knew about the exploit before this week. The companies that are advising customers to change their passwords are doing so as a precautionary measure.

Although changing your password regularly is always good practice, if a site or service hasn’t yet patched the problem, your information will still be vulnerable.

Also, if you reused the same password on multiple sites, and one of those sites was vulnerable, you’ll need to change the password everywhere. It’s not a good idea to use the same password across multiple sites, anyway.

We’ll keep updating the list as new information comes in.

Social Networks Affected

Here Are 17 Top Bug And Issue Tracking Apps For Developers!

http://www.efytimes.com/e1/fullnews.asp?edid=130338

Tuesday, February 18, 2014: Developers come across a plethora of bugs and issues while creating hundreds, or even thousands, of lines of code! The same can be quite frustrating. In such a situation, making use of bug and issue tracking within your workflow leads to a better end product.

20140218-070449.jpg