Thursday, March 03, 2016

Security Roundup

I've been blogging a lot about security lately, but there is a lot going on to blog about. Here is a roundup of some hot news items.

ACLU: You can kiss trust in software updates goodbye if Apple's forced to help the FBI: "What the government seeks here is an authority that would undermine American and global trust in software security updates, with catastrophic consequences for digital security and privacy."

We are currently dealing with the consequences of intentionally weak cryptography. The latest is the DROWN attack which exploits bad decisions made by the U.S. government during the 1990s Crypto Wars. "Today, some policy makers are calling for new restrictions on the design of cryptography in order to prevent law enforcement from 'going dark,'...[H]istory's technical lesson is clear: Weakening cryptography carries enormous risk to all of our security."

The U.S. government has funded projects like TOR and Open Whisper with the intention of giving dissidents across the world the ability to communicate freely. So, is the government fighting itself on encryption? "We thought the risks of not allowing the Internet to be secure and a vehicle for free speech was more detrimental than the risks of bad guys using it in ways that made it harder to go after them."

Could the Feds get into iPhones without Apple's help? Maybe they should ask the NSA.

No comments: