from the not-so-cryptic-statements dept.
An anonymous reader writes:
Presidential candidate Jeb Bush has called on tech companies to form a more “cooperative” arrangement with intelligence agencies. During a speech in South Carolina, Bush made clear his opinion on encryption: “If you create encryption, it makes it harder for the American government to do its job — while protecting civil liberties — to make sure that evildoers aren’t in our midst.” He also indicated he felt the recent scaling back of the Patriot Act went too far. Bush says he hasn’t seen any indication the bulk collection of phone metadata violated anyone’s civil liberties.
from the tomb-is-a-nice-friendly-word dept.
Last day we released Tomb version 2.1 with improvements to stability, documentation and translations. Tomb is just a ZSh script wrapping around cryptsetup, gpg and other tools to facilitate the creation and management of LUKS encrypted volumes with features like key separation, steganography, off-line search, QRcode paper backups etc. In designing Tomb we struggle for minimalism and readability, convinced that the increasing complexity of personal technology is the root of many vulnerabilities the world is witnessing today — and this approach turns out to be very successful, judging from the wide adoption, appreciation and contributions our project has received especially after the demise of TrueCrypt.
As maintainer of the software I wonder what Slashdot readers think about what we are doing, how we are doing it and more in general about the need for simplicity in secure systems, a debate I perceive as transversal to many other GNU/Linux/BSD projects and their evolution. Given the increasing responsibility in maintaining such a software, considering the human-interface side of things is an easy to reach surface of attack, I can certainly use some advice and criticism.
Posted by timothy 2 days ago
One of the best first steps in setting up a Windows machine is to install PuTTY on it, so you have a highly evolved secure shell at your command. An anonymous reader writes, though, with a note of caution if you’re installing PuTTY from a source other than the project’s own official page. A malicious version with information-stealing abilities has been found in the wild. According to the article:
Compiled from source, this malicious version is apparently capable of stealing the credentials needed to connect to those servers. “Data that is sent through SSH connections may be sensitive and is often considered a gold mine for a malicious actor. Attackers can ultimately use this sensitive information to get the highest level of privileges on a computer or server, (known as ‘root’ access) which can give them complete control over the targeted system,” the researchers explained.
The Symantec report linked above also shows that (at least for this iteration) the malware version is easy to spot, by hitting the “About” information for the app.
Posted by timothy 10 days ago
from the what-would-you-call-this-zone-that’s-allegedly-associated-with-danger? dept.
Jason Koebler writes:
Leslie Caldwell, an assistant attorney general at the Justice Department, said Tuesday that the department is “very concerned” by the Google’s and Apple’s decision to automatically encrypt all data on Android and iOS devices.
“We understand the value of encryption and the importance of security,” she said. “But we’re very concerned they not lead to the creation of what I would call a ‘zone of lawlessness,’ where there’s evidence that we could have lawful access through a court order that we’re prohibited from getting because of a company’s technological choices.
Posted by Soulskill 2 days ago