New TLS Encryption-Busting Attack also Impacts the newer TLS 1.3

If you use encryption (and I certainly hope you do!), you should be aware that a team of academics has revealed a new cryptographic attack this week that can break encrypted TLS traffic, allowing attackers to intercept and steal data previously considered safe and secure. This includes the encryption used by many, but not all, VPNs.

This new downgrade attack works even against the latest version of the TLS protocol, TLS 1.3, released last spring and considered to be secure.

You can find an article by Catalin Cimpanu describing the newly-discovered weakness in the ZDnet web site at: https://zd.net/2N2RPRS.

Comments: While this new obviously does pose a security risk for thousands of individuals and organizations that use encryption, I don’t think there is any need for immediate panic. First of all, there is no indication that the low-life hackers and government spies are already using the weakness. I am sure these miscreants will start exploiting the weakness as soon as they can read about the inner workings of the hack required, but that will take a few weeks. In the meantime, all the companies that create encryption software using TLS 1.3 should be updating their software.

Continue reading

Tor is Easier to Use than Ever. Perhaps it is Time to Give It a Try

Good news: The Tor anonymity service is easier to use and more accessible than ever. The digital anonymity service Tor is also one of the best methods of keeping your web browsing private.

According to an article by Lily Hay Newman in the Wired web site: “Tor has been relatively accessible for years now, largely because of the Tor Browser, which works almost exactly like a regular browser and does all the complicated stuff for you in the background. But in 2018 a slew of new offerings and integrations vastly expanded the available tools, making 2019 the year to finally try Tor. You may even end up using the network without realizing it.”

Continue reading

Signal Private Messenger for Safe and Secure Text, Voice, and Video Messaging

“Privacy is possible. Signal makes it easy.”

Signal is a very popular safe and secure replacement for cell phone text messaging systems. Best of all, it is available FREE of charge. If you have an Android device, an iPhone, an iPad, or an iPod Touch, Signal will supplement or replace your present text messaging app. Your cell phone will continue to send and receive normal text messages as it always has plus it will now securely send and receive private, encrypted text messages to and from anyone else who is using Signal.

Millions of cell phone users have installed Signal and use it every day to keep their communications secure and away from prying eyes. Users include many senior politicians in Washington, business professionals, journalists, movie stars, sports professionals, and private individuals alike worldwide. It blocks credit card thieves, identity thieves, nosey neighbors, and (probably) government agencies from tapping into your private communications.

Continue reading

Police Decrypt 258,000 Messages After Breaking IronChat Crypto App

Your public servants at work: spying on you.

Police in the Netherlands said they decrypted more than 258,000 messages sent using IronChat, an app billed as providing end-to-end encryption that was endorsed by National Security Agency leaker Edward Snowden. In a statement published Tuesday, Dutch police said officers achieved a “breakthrough in the interception and decryption of encrypted communication” in an investigation into money laundering. The encrypted messages, according to the statement, were sent by IronChat, an app that runs on a device that cost thousands of dollars and could send only text messages.

“Criminals thought they could safely communicate with so-called crypto phones which used the application IronChat,” Tuesday’s statement said. “Police experts in the east of the Netherlands have succeeded in gaining access to this communication. As a result, the police have been able to watch live the communication between criminals for some time.”

Continue reading

Australian Bill Spells Trouble for Data Privacy Around the World

Australian politicians want to make it easy for governments, hackers, identity thieves, credit card thieves, and other spies to steal your most private information. That by itself seems incredible. However, the entire issue gets pushed to the nearly unbelievable level when you realize the result could be similar gaping holes in privacy for residents of all other countries in the world!

Do you want the thieves to be able to read YOUR messages and YOUR transactions via gaping “back doors” in today’s encryption techniques that are designed to keep your private communications private? If this bill passes, we all will suffer. Several world governments, including the United States, want to compromise citizen’s liberties for the sake of national security. Don’t citizens also have a right to security?

Shockingly, the Australian bill could even ban companies from informing their customers about these security and privacy weaknesses.

Continue reading

Ads Will Soon Appear in WhatsApp

Bad news: Advertisements are coming to WhatsApp. Like we need more advertising on the Internet?

I guess we shouldn’t be surprised. WhatsApp once was a successful freeware and cross-platform encrypted messaging and Voice over IP (VoIP) product that treated its customers like real human beings. Then the company was bought out by Facebook for approximately US$19.3 billion. Since then, the encrypted service has been abused by various groups. See https://en.wikipedia.org/wiki/WhatsApp#Reception_and_criticism for the details.

Continue reading

Other Governments are Listening to the Cell Phone Calls of Heads of State and Maybe to Your Calls as Well

From Bruce Schneier’s excellent Schneier on Security blog:

“Earlier this week, the New York Times reported that the Russians and the Chinese were eavesdropping on President Donald Trump’s personal cell phone and using the information gleaned to better influence his behavior. This should surprise no one. Security experts have been talking about the potential security vulnerabilities in Trump’s cell phone use since he became president. And President Barack Obama bristled at — but acquiesced to — the security rules prohibiting him from using a “regular” cell phone throughout his presidency.

“Three broader questions obviously emerge from the story. Who else is listening in on Trump’s cell phone calls? What about the cell phones of other world leaders and senior government officials? And — most personal of all — what about my cell phone calls?”

You can read Bruce’s article at: https://www.schneier.com/blog/archives/2018/10/cell_phone_secu_1.html.

Later in the article, Bruce states, “Unfortunately, there’s not much you can do to improve the security of your cell phone.

I partially disagree.

Continue reading