22 May 2008

EE - Battling Botnets and Online Mobs - Estonia's Defense Efforts during the Internet War

(Georgetown Journal of International Affairs)
by Gadi Evron. What would happen if tomorrow the Internet ceased to function? To most critics, and particularly state officials and policy makers, the possibility that the Internet could one day suddenly disappear is no more than a mere speculation, a highly improbable concept. On May 2007, the events that took place in Tallinn, the capital of Estonia, proved everyone wrong. On that day, Estonia fell victim to the first-ever, real Internet war. This article delves into the political context that shaped the incident and analyzes some of the key lessons and policy implications that emerged as a consequence.

Labels:

27 April 2008

Thieves set up data supermarkets

(BBC News)
Web criminals are stepping back from infecting computers themselves and creating "one-stop shops" which offer gigabytes of data for a fixed price. Speaking at InfoSecurity Europe, security firm Finjan said it had seen thousands of such online services. Experts at the conference said web fraud was skyrocketing and called for police to urgently address the problem. Security guru Bruce Schneier said anti-cyber crime efforts needed to be closely allied to the scale of threats. See also Economist article.

Labels:

19 April 2008

Paypal to block 'unsafe browsers'

(BBC)
Web payment firm Paypal has said it will block "unsafe browsers" from using its service as part of wider anti-phishing efforts. Customers will first be warned that a browser is unsafe but could then be blocked if they continue using it. Paypal said it was "an alarming fact that there is a significant set of users who use very old and vulnerable browsers such as Internet Explorer 4".

Labels:

24 February 2008

RU - Russia edges China as top malware source

(Techworld.com)
For the second time in a week, Russia has been named and shamed for its rising profile as a global malware hub. Last week, Sophos ranked Russia as number 2 on its league table of spam-relaying countries, behind the U.S., but well ahead of the usual suspect, China. Now Australian security company PC Tools reckons that Russia has overtaken China again, but this time as a producer of active malware such as viruses, Trojans and spyware.

Labels:

03 February 2008

EE - Estonia fines man for 'cyber war'

(BBC)
A 20-year-old ethnic Russian man is the first person to be convicted for taking part in a "cyber war" against Estonia. Dmitri Galushkevich was fined 17,500 kroons (£830) for an attack which blocked the website of the Reform Party of Prime Minister Andrus Ansip. The assault, between 25 April and 4 May 2007, was one of a series by hackers on Estonian institutions and businesses. At the time, Estonia accused the Russian government of orchestrating the attacks. Moscow denied any involvement. Kremlin spokesman Dmitry Peskov told the BBC in May 2007 that the allegations were "completely untrue".

Labels:

27 January 2008

Web vigilantes attack Scientology website

(Times)
A shadowy internet group has succeeded in taking down a Scientology website after effectively declaring war on the Church and calling for it to be destroyed. The group, which goes by the name of Anonymous, is a disparate collection of hackers and activists. It called for a wave of attacks against Scientology after accusing the Church of "campaigns of misinformation" and "suppression of dissent."

Labels:

23 January 2008

UK - Whitehall staff face laptop ban

(Press Association)
A new ban on Whitehall staff removing unencrypted laptops containing personal data from their offices has begun. A massive operation to ensure that civil servants comply with the new rule, laid down by Cabinet Secretary Sir Gus O'Donnell on Monday night, is now under way. As well as communicating the policy to all staff, departments will have to ensure that officials can continue to do their jobs within the constraints of the ban.This is likely to involve the encryption of large swathes of data.

Labels: ,

UK - Ministry of Defence lost three unencrypted laptops

(ZDNet.co.uk)
Secretary of state for defence Des Browne has admitted that the laptop lost by the Ministry of Defence containing details of up to 600,000 defence personnel was not encrypted, and also that services personnel have previously lost two more laptops containing similar unencrypted recruitment information. On 9 January, the unencrypted laptop was stolen from a recruiting officer's car which had been left overnight in a car park in Edgbaston, Birmingham. The information on the stolen laptop included 3,700 people's bank details, as well as other data on up to 600,000 people, including their names. Approximately 153,000 people also had data including addresses, passport details, national insurance numbers, driver's licence details, doctors' addresses and National Health Service numbers compromised.

Labels: ,

16 January 2008

FBI takes biometrics database proposal to U.K.

(CNET News.com)
Police in the U.K. are in talks with the FBI about establishing an international biometric database for tracking down the world's most wanted criminals and terrorists. The so-called "server in the sky" database would share criminals' biometric data, such as fingerprints and iris scans, internationally. The Washington Post reported last month that the FBI is spending $1 billion to develop the world's largest centralized biometrics database, a system the agency calls Next Generation Identification.

Labels: , ,

08 January 2008

UK - TV presenter hoist with own petard

(Press Association)
Top Gear presenter Jeremy Clarkson has admitted he was wrong to brand the scandal of lost CDs containing the personal data of millions of Britons a "storm in a teacup" after falling victim to an internet scam. The outspoken star printed his bank details in a newspaper to try and make the point that his money would be safe and that the spectre of identity theft was a sham. He also gave instructions on how to find his address on the electoral roll and details about the car he drives. However, in a rare moment of humility Clarkson has now revealed the stunt backfired and his details were used to set up a £500 direct debit payable from his account to the British Diabetic Association. see also Twice bitten: acts of stupidity can lead to identity theft (Cnet).

Labels: ,

01 January 2008

EU - Commission welcome intervention by Dutch regulator OPTA against spyware and malware

(RAPID)
The Dutch Telecom Regulator OPTA has imposed a fine totalling 1 million euro on three Dutch enterprises for illegally installing software - so called spyware and adware - on more than 22 million computers in the Netherlands and elsewhere. The companies fined now by OPTA operated together under the name DollarRevenue, which was considered to be among the 10 largest spyware distributors in the world. They managed to install the software on personal computers via downloads from the Internet and by exploiting security loopholes in computer programmes. The illegally installed software allowed the companies to spy on the consumer's on line behaviour and triggered pop-up windows containing specific advertising material. Unlawful access to a personal computer to stall information such as spyware and adware is prohibited under European law, namely article 5(3) of the EU's ePrivacy Directive of 2002. National regulators are called upon to enforce this prohibition by deterrent measures. Yesterday's decision by OPTA is the first time that a national regulator has resorted to drastic fines against a company acting in violation of the EU ban.

Labels: ,

17 December 2007

UK - Millions of L-drivers' data lost

(BBC)
The details of three million candidates for the driving theory test have gone missing, Ruth Kelly has told MPs. Names, addresses and phone numbers - but not financial data - were among details on a computer hard drive which went missing in the US in May. It belonged to a contractor to the Driving Standards Agency, the transport secretary told MPs.

Labels: ,

05 December 2007

UK - Government offers reward in hunt for lost data

(Guardian)
The government has offered a £20,000 reward for the safe return of two missing CDs containing personal details of half the British population. The Metropolitan police, which has been heading the search for the data, has asked thousands of government workers to check their desks and homes "in case the package or discs have turned up".

Labels: , ,

01 December 2007

EU - Public Security, Privacy and Technology:

(RAPID)
Technology developments can enhance the protection of privacy and at the same time allow law enforcement authorities for a secure and timely access to information, including personal data. The Conference on Public Security, Privacy and Technology, organised by the European Commission brings together public and private sectors representatives to discuss this topics. See Closing speech on Public Security, Privacy and Technology by Franco Frattini, European Commissioner responsible for Justice, Freedom and Security. Programme.

Labels: ,

Hackers hijack web search results

(BBC)
A huge campaign to poison web searches and trick people into visiting malicious websites has been thwarted. The booby-trapped websites came up in search results for search terms such as "Christmas gifts" and "hospice". Windows users falling for the trick risked having their machine hijacked and personal information plundered. The criminals poisoned search results using thousands of domains set up to convince search index software they were serious sources of information.

Labels: ,

22 November 2007

UK - Watchdog: Protecting data is not 'rocket science'

(ZDNet.co.uk)
In the wake of the largest-ever data breach to hit the UK, the Information Commissioner's Office has criticised the apparent lack of technological safeguards in government departments and called for "privacy-enhancing technologies" to be built into future projects.

Labels: , ,

21 November 2007

UK - Ministers under fire over records

(BBC)
The UK government's "basic competence" has been questioned by the Tories after the loss in the post of computer discs with 25m people's personal details on them. The child benefit data on them includes names, ages, bank and address details.

Labels: , ,

20 November 2007

UK - Campaigners hit by decryption law

(BBC)
Animal rights activists are thought to be the first Britons to be asked to hand over to the police keys to data encrypted on their computers. The request for the keys is being made under the controversial Regulation of Investigatory Powers Act (RIPA). Police analysing machines seized during raids on activist's homes carried out in May have asked for the keys. The activists could face jail if they do not comply and snub a further formal request to hand over the keys.

Labels: ,

20 October 2007

UK - Law requiring disclosure of decryption keys in force

(OUT-LAW)
Users of encryption technology can no longer refuse to reveal keys to UK authorities after amendments to the powers of the state to intercept communications took effect yesterday. The Regulation of Investigatory Powers Act (RIPA) has had a clause activated which allows a person to be compelled to reveal a decryption key. Refusal can earn someone a five-year jail term. The measure has been criticised by civil liberties activists and security experts who say that the move erodes privacy and could lead a person to be forced to incriminate themselves.

Labels:

30 September 2007

Virtually clean

(Economist)
Hacking used to be done by kids for kicks or bragging rights. Nowadays, it's big business for organised crime, often out of reach of the law, on the far side of the world. Connect an unprotected personal computer to the internet for more than 15 seconds and it will almost certainly be attacked by a virus or worse. That's how ruthlessly effective the army of malicious robots, dispatched by criminals to scour the net for vulnerable computers, has become.

Labels:

12 September 2007

EU - EC funds counterterrorism tech research

(CNET News)
The European Commission will commit $212.16 million to research on counterterrorism technologies. The grants will cover 44 research projects, including the development of automatic surveillance systems for water distribution systems. Funding will also be allocated for the development of a European ballistic database, which will analyze and store firearms information and allow sharing of information among European police forces, the Commission said in a statement.

Labels: , ,

US - DirecTV faces setback in dubious antipiracy campaign

(CNET Blog)
DirecTV lost an important case : Programmers, security researchers, and anyone who believes in a limited government won. The 9th Circuit Court of Appeals tossed out a default judgment against a pair of alleged DirecTV television pirates, saying an "unauthorized decryption device" law the company invoked against them does not apply. That law promises statutory damages of $100,000 per violation.

Labels: ,

EU - Considers ban on using Internet to distribute bomb-making instructions

(Arstechnica)
In a presentation before the European Parliament last week, EU security commissioner Franco Frattini outlined a new set of anti-terror proposals, including plans for a Europol explosives database, airplane passenger list databases, and legislation that would criminalize publication of bomb-making instructions on the Internet. The proposals are based on the findings of a research group that included law enforcement officials and experts from private industry.

Labels: , ,

01 September 2007

Second Monster hack affects millions

(vnunet.com)
Monster.com has admitted that the number of job seekers on its website who had their personal data stolen is greater than the 1.3 million originally reported. Monster.com kept the original attack secret for five days before alerting users to the problem. The company's database holds around 73 million CVs. Iannuzzi claimed that only a few hundred had cancelled their accounts, along with a "handful" of employers.

Labels: ,

22 August 2007

EU - Information security awareness raising activities.

(ENISA) ENISA presents the 1st European report on current practices on measuring successful awareness raising initiatives in information security across the EU, with responses from 67 European organisations headquartered in 9 different countries. The main areas studied are: The importance of information security awareness, Techniques to raise information security awareness, and Mechanisms to measure the effectiveness of awareness programmes.

Labels:

13 August 2007

Facebook's code leak raises fears of fraud

(Guardian)
Experts are warning internet users to be more careful with their private information after secret code from the popular social-networking site Facebook was published on the internet. This is the first time that some of the site's secret operational code has been made public. Although it does not allow hackers to access private information directly, it could help criminals close in on personal data, according to one expert.

Labels: , ,

04 August 2007

Warning of webmail wi-fi hijack

(BBC)
Using public wi-fi hotspots has got much riskier as security experts unveil tools that nab login data over the air. Demonstrated at the Black Hat hacker conference in Las Vegas, the tools make it far easier to steal account details, said Robert Graham of Errata Security. Identifying files called cookies are stolen in the attack which let hackers pose as their victim. This gives attackers access to mail messages or the page someone maintains on sites such as MySpace or Facebook.

Labels:

01 August 2007

The bounty hunters

(Economist)
Suppose you are a computer hacker and you discover a bug in a piece of software that, if it were known to the bad guys, would enable them to steal money or even a person's identity. How might you sell your discovery for the highest price? A service has been launched intended to make the whole process of selling bugs more transparent while giving greater rewards to hackers who do the right thing.

Labels:

28 July 2007

US - Peer-to-peer networks can pose a "national security threat"

(CNET News)
The US Congress really doesn't get tech. Politicians charged that peer-to-peer networks can pose a "national security threat" because they enable federal employees to share sensitive or classified documents accidentally from their computers.

Labels: ,

22 July 2007

US - Identity theft? What identity theft?

(Infoworld)
The GAO reports that identity theft really isn't a problem. The problem, apparently, is that the process of notifying consumers whenever their personal financial information has been compromised is confusing us simple-minded folks.

Labels: ,

21 July 2007

Net criminals shun virus attacks

(BBC)
Hi-tech criminals have found novel ways to carry out web-based attacks that are much harder to spot and stop, warn security experts. Some cyber criminals have exploited file-sharing networks and popular webpages to attack targets.

Labels:

22 June 2007

US - Hacker attack on Pentagon e-mail

(BBC)
A hacker has managed to penetrate one of the Pentagon's e-mail systems, leading officials to take up to 1,500 accounts offline. The e-mail system did not contain classified information relating to military operations, a spokesman said.

Labels:

UK - Electronic vote 'threat' to UK democracy

(BBC)
British democracy could be undermined by moves to use electronic voting in elections: the risks involved in swapping paper ballots for touch screens far outweigh any benefits they may have, says the Open Rights Group report.

Labels: ,

EU - Evaluation of the European Network and Information Security Agency (ENISA)

(Europa)
A public consultation has started on the future of ENISA, the European Network and Information Security Agency. This public consultation was announced on 1 June in a Commission Communication on the evaluation of ENISA. ENISA was established in order to enhance the capability of the Community, the Member States and consequently the business community to prevent, to address and to respond to major network and information security risks, from 14 March 2004 for an initial period of five years. The ENISA Regulation mandates an evaluation of the Agency by 17 March 2007, notably with the aim to determine whether the duration of the Agency should be extended beyond the period of five years.

Labels:

ENISA and ITU launching Security Standards Portal

(Euroap)
ENISA, the European Network and Information Security Agency together with the International Telecommunication Union (ITU), is launching a new portal for IT security standards, for the first time giving Europe one, single access point for IT security standards. The project, called 'ICT Security Standards Roadmap', was initiated by the ITU Telecommunication Standardisation Sector (ITU-T). From the beginning of 2007, it became a collaborative effort between ENISA, ITU-T, and the Network and Information Security Steering Group (NISSG). One of the objectives of this security standards portal is to provide a central tracking facility for NIS standards. It facilitates identification of standards and standardization activities, as well as coordination among standardization bodies, reduction of duplicate work and easier identification of existing gaps.

Labels:

15 June 2007

NATO says addressing cyberattacks is urgent

(Reuters)
NATO defense ministers agreed that fast action is needed to tackle the threat of cyberattacks on key Internet sites. Estonia suffered an onslaught of cyberattacks on private and government Internet sites, peaking in May after a decision to move a Soviet-era statue from a square in Tallinn prompted outrage from Russian nationals in Estonia and a diplomatic row with Moscow.

Labels:

13 June 2007

EU - Evaluation of the European Network and Information Security Agency (ENISA)

(Europa)
A public consultation has started on the future of ENISA, the European Network and Information Security Agency. This public consultation was announced on 1 June in a Commission Communication on the evaluation of ENISA. ENISA was established in order to enhance the capability of the Community, the Member States and consequently the business community to prevent, to address and to respond to major network and information security risks, from 14 March 2004 for an initial period of five years.

Labels:

02 June 2007

New DVD DRM "fix" hacked in a day

(Ars Technica)
The ongoing war between content producers and hackers over the AACS copy protection used in HD DVD and Blu-ray discs continues the hackers came out on top. The hacker "BtCB" posted the new decryption key for AACS on the Freedom to Tinker web site, just one day after the AACS Licensing Authority (AACS LA) issued the key.

Labels: ,

Cyberattack in Estonia--what it really means

(CNET News)
On April 27, officials in Estonia relocated a Soviet-era war memorial. The move incited rioting by ethnic Russians and the blockading of the Estonian Embassy in Moscow. The event also marked the beginning of a large and sustained distributed denial-of-service attack on several Estonian national Web sites, including those of government ministries and the prime minister's Reform Party. A distributed denial-of-service, or DDoS, attack occurs when hundreds or thousands of compromised computers are enlisted.

Labels:

21 May 2007

RU - Russia accused of unleashing cyberwar to disable Estonia

(Guardian)
A three-week wave of massive cyber-attacks on the small Baltic country of Estonia, the first known incidence of such an assault on a state, is causing alarm across the western alliance, with Nato urgently examining the offensive and its implications.

Labels:

12 May 2007

Google searches web's dark side

(BBC)
One in 10 web pages scrutinised by search giant Google contained malicious code that could infect a user's PC. Researchers from the firm surveyed billions of sites, subjecting 4.5 million pages to "in-depth analysis". About 450,000 were capable of launching so-called "drive-by downloads", sites that install malicious code.

Labels:

09 May 2007

US - DRM group vows to fight bloggers

(BBC)
Bloggers 'crossed the line' when they posted a software key that could break the encryption on some HD-DVDs, the AACS copy protection body has said. A row erupted on the internet after popular website Digg began taking down pages that its members had highlighted were carrying the key. The website said it was responding to legal "cease and desist" notices from the Advanced Access Content System. Digg's users responded by posting ever greater numbers of websites with the key, and the site eventually sided with its users. see also In Web Uproar, Antipiracy Code Spreads Wildly (New York Times);

Labels: ,

31 March 2007

2007-05-14 Geneva 2nd WSIS Action Line C5 Facilitation Meeting

(ITU)
WSIS Action Line C5: Building Confidence and Security in the Use of ICTs. The 2nd WSIS Action Line C5 facilitation meeting will be held 14-15 May 2007 at ITU Headquarters (Room K) in Geneva, Switzerland from 9:30-17:30 both days. The meeting is open to all stakeholders and will be held in conjunction with a cluster of events 14-25 May surrounding World Telecommunication and Information Society Day (May 17th). The invitation letter and draft agenda is available here. See also Partnerships for Global Cybersecurity Web site and Background on WSIS Action Line C5.

Labels: ,

18 August 2006

UK - Police: Let us seize encryption keys

(CNET)
Because British law enforcement officers don't have the authority to seize encryption keys, an increasing number of criminals are able to evade justice, a senior police officer said. Suspected terrorists, pedophiles and burglars have all walked free because encrypted data couldn't be opened. Earlier this summer, the British government announced that it plans to activate Part 3 of the Regulations of Investigatory Powers (RIP) Act, which will give the police the power, in some circumstances, to demand an encryption key from a suspect. This part of the RIP Act has been heavily criticized in the past by some security professionals and academics who believe that it is a dangerous and badly written piece of legislation that cannot be properly implemented.

Labels:

15 August 2006

UK - Police want power to seize encryption keys

(ZDNet UK)
Hundreds of computers belonging to suspected terrorists or paedophiles are gathering dust as investigators are unable to decrypt the data on their hard drives, claim police.

Labels:

11 June 2006

CN - China Walks Out of Encryption Meeting

(AP)
An international dispute over a wireless computing standard took a bitter turn with the Chinese delegation walking out of an IEEE meeting. The delegation's walkout escalated an already rancorous struggle by China to gain international acceptance for its homegrown encryption technology known as WAPI. It follows Chinese accusations that IEEE used underhanded tactics to prevent global approval of WAPI.

Labels:

07 May 2005

UK - Software pirates go to jail

(Silicon.com)
A City banker at the heart of the DrinkOrDie software piracy ring has been sentenced to two-and-a-half years in prison at the Old Bailey in London. Alex Bell, 29, was one of four criminals involved in the DrinkOrDie group which cracked encryption and digital rights management code on software. Two of the others were handed lesser sentences while a third was released on a suspended sentence. The maximum penalty would have been 10 years. Although they billed themselves as latter day Robin Hood's the judge at the centre of the case said their motives were not benevolent but owed more to self-promotion and the kudos in tech circles linked to such criminal activity.

Labels:

21 November 2003

DE - Company Touts High-Security Phone

(Reuters)
A German company launched a new mobile handset targeted at business executives that secures that lines are free from eavesdroppers, sparking criticism that it could also make criminals harder to catch. Berlin-based Cryptophone, a unit of privately held GSMK, developed the phone by inserting an encryption software inside a standard handheld computer phone. This ensures that calls can only be decoded by a similar handset or a computer running the software. But the phone is seen as a mixed blessing in some European countries. While the benefits for business managers exchanging sensitive information are obvious, such a device could potentially have the side effect of helping criminals. Security specialists in the Netherlands said the device could threaten criminal investigation by the Dutch police, which is one of the world's most active phone tappers, listening in to 12,000 phone numbers every year. But privacy lobbyists say the new handset is a "freedomphone" much more than a "terrorphone." "It's a tremendous step forward, because the level of surveillance by authorities is breathtaking," said Simon Davies, director of Privacy International in Britain.

Labels:

15 September 2003

UK - Government laptops 'not secure'

(BBC)
Hundreds of government laptops with potentially sensitive information are being lost or stolen, a study shows. One in 17 key public sector workers, like government or defence officials, say they have either lost theirs or had them stolen, said security firm Thales. Those who do hold on to them admit they do not use any kind of encryption to protect sensitive information.

Labels:

07 September 2003

EU - Software patents - A clicking bomb

(Economist)
An explosive row over how to protect intellectual property in Europe. Should a new piece of encryption software or an internet business method be covered by patents, or do copyright and trade secrets suffice? These questions underlie a heated controversy in Europe pitting open-source advocates, software developers and academics against big software firms, intellectual property lawyers and the European Commission. Because of the row, the European Parliament has again postponed the first reading of a directive on computer-related inventions.

Labels: , ,

18 August 2003

2003-09-18 UK, London - Fair Play & Fair Pay

(EPSG)
organised by British Computer Society Electronic Publishing Specialist Group and the Copyright Licensing Agency. This one-day seminar will look at the philosophical issues surrounding copyright in a digital environment (authenticity, ethics, privacy, manipulability, knowledge-sharing) and some practical aspects of safeguarding the current laws (rights management, encryption, collective administration, education). It will also enquire into the view that these laws are out-moded as well as ask what there is to replace them.

Labels: ,

08 August 2003

UK - Encryption row delays BBC talks on showing US films

(FT)
The BBC is trying to placate the concerns of Hollywood film studios at its decision to broadcast TV channels unencrypted. The concerns have stalled negotiations with the studios as the BBC seeks to secure broadcasting rights for Hollywood films.

Labels:

02 May 2003

UK - BBC channels may share listings with TV porn

UK - BBC channels may share listings with TV porn (BBC)
The BBC has warned that its regional channels BBC Wales and BBC Scotland will be demoted to positions on the Sky on-screen guide alongside porn channels such as Playboy if TV watchdogs don't intervene. The corporation claimed BSkyB has threatened to relegate BBC1 and BBC2 to slots 214 and 215 on Sky's electronic version of the Radio Times, which 6.6 million subscribers must use find and tune into channels. The threat was made after the corporation decided to go it alone and not pay BSkyB for encryption and its slots on the programme guide. Viewers in Scotland, Wales and Northern Ireland would have to trawl through hundreds of channels to find their local versions because they would be listed in the 900s next to adult channels such as Playboy TV and Fantasy TV.

Labels:

22 April 2003

Inside Cisco's eavesdropping apparatus

Inside Cisco's eavesdropping apparatus (CNET News.com)
Cisco Systems has created a more efficient and targeted way for police and intelligence agencies to eavesdrop on people whose Internet service provider uses their company's routers.The company recently published a proposal that describes how it plans to embed "lawful interception" capability into its products. Among the highlights: Eavesdropping "must be undetectable," and multiple police agencies conducting simultaneous wiretaps must not learn of one another. If an Internet provider uses encryption to preserve its customers' privacy and has access to the encryption keys, it must turn over the intercepted communications to police in a descrambled form. Cisco's decision to begin offering "lawful interception" capability as an option to its customers could turn out to be either good or bad news for privacy.

Labels:

22 April 2002

Keeping e-mail encryption alive (AP)
Phil Zimmermann's invention for encrypting e-mail, Pretty Good Privacy, was so good that the government considered it munitions subject to tough export controls. Prosecutors threatened him with criminal charges when others leaked it overseas. The government ultimately backed off. But now, the company that makes the most popular version of PGP is the one pulling the plug.

Labels:

12 March 2002

Microsoft makes moves to avoid Brussels fine (FT)
Microsoft has made concessions that addressed some of the key concerns raised by Brussels. It would make available to the industry information on two technical standards, an encryption language called Kerberos and an internet standard known as Common Internet File System.

Labels:

29 November 2001

Judge Dismisses Felten Encryption Lawsuit Against RIAA (Newsbytes
A federal judge has thrown out a lawsuit by civil liberties groups who claimed that the Recording Industry Association of America (RIAA) was planning to use the Digital Millennium Copyright Act (DMCA) to keep a Princeton University professor from publishing research on security flaws in music industry anti-piracy software.

Labels:

21 November 2001

FBI software cracks encryption wall (MSNBC)
The FBI is developing software capable of inserting a computer virus onto a suspect?s machine and obtaining encryption keys, a source familiar with the project told MSNBC.com. The software, known as ?Magic Lantern,? enables agents to read data that had been scrambled, a tactic often employed by criminals to hide information and evade law enforcement.

Labels:

05 October 2001

High-Tech Leaders Slam Encryption Back Door Bill (Newsbytes)
A coalition of high-tech companies urged Sen. Judd Gregg not to move forward with legislation that would give law enforcement back door access to all U.S.-made encryption products.

Labels:

30 September 2001

No Regrets About Developing PGP (Phil Zimmermann)
Open letter: The Washington Post carried an article that misrepresents my views on the role of PGP encryption software in the September 11th terrorist attacks. The article states that as the inventor of PGP, I was "overwhelmed with feelings of guilt". I never implied that in the interview, and specifically went out of my way to emphasize to her that that was not the case. This misrepresentation is serious, because it implies that under the duress of terrorism I have changed my principles on the importance of cryptography for protecting privacy and civil liberties in the information age.

Labels:

27 September 2001

Stopping Bin Laden: How Much Surveillance Is Too Much? (Newsbytes)
Alleged terrorism mastermind Osama Bin Laden is as reliant on modern technology as were the thousands of people killed Sept. 11 in deadly terrorist hijackings according to one expert on cyber-security and encryption policy.

Labels:

26 September 2001

Opening Encryption 'Back Door' Problematic -Experts (Reuters)
Lawmakers may be asked to give the FBI a "software key" to encryption technology that would allow the agency to unlock secret Internet messages but experts warn the measure would impair commerce and violate privacy right without deterring terrorism.

Labels:

20 September 2001

UK government rejects key-escrow resurrection (ZDNet UK)
The Home Office has confirmed that it will not try to resurrect the key escrow debate in light of last week's terrorist attacks on America, but will continue with the enforcement of current encryption laws later this year.

Labels:

26 August 2001

Professor unveils anti-copying flaws (ZDNet News)
A talk speech on cracking digital watermarks went ahead, as encryption researcher Edward Felten addressed security experts as planned at a conference in Washington, D.C.

Labels:

18 July 2001

Hong Kong Mulls Measures To Fight Computer Crime (Newsbytes)
The Hong Kong government is considering a number of legislative and other initiatives to tackle cyber crime, including forcing people to hand over encryption keys and requiring Internet service providers (ISPs) to keep subscriber records longer.

Labels:

23 June 2001

The Key to Encryption (Wired)
Personal data used in online transactions is often encrypted at the least significant time. Virtually all cases of credit card theft happen when a malicious hacker gains access to an e-commerce site's server, and is then able to access the database that contains customer information -- which by then is often unencrypted and exposed. see also E-Commerce Fears? Good Reasons and DoDoes Media Fuel Buyers' Fears? .

Labels:

08 June 2001

EU proposes plan to secure Internet (CNET News.com )
In an effort to eradicate security threats to the member countries of the European Union, the European Commission released a plan to increase cooperation between members to better secure the Internet. The plan calls for more effective threat-warning systems, larger investments in security research and education, a standardized policy for encryption, and harsher punishments for cybercriminals.

Labels:

30 May 2001

EU warns on e-mail spy threat (FT)
Public users of e-mail in the European Union should use encryption technology for their personal e-mails to ensure that they are not spied on by a US-led spy network called Echelon, the European parliament said.

Labels:

18 May 2001

Anti-piracy program for digital TV (Los Angeles Times)
In a letter sent to the Federal Communications Commission, the Consumer Electronics Association said the majority of TV makers plan to equip their digital TVs with a new technology that can block viewers from making digital copies. FireWire raises the bar for those seeking to copy protected material. Instead of just one secret encryption key that might easily be defeated, digital cable networks will have dynamic encryption that is different for every user.

Labels:

05 May 2001

'No limits' browser planned (BBC)
A group of hackers are developing a web browser that it claims will make it easier for people to circumvent censorship and avoid the attentions of law enforcers. The software, which is due to be unveiled in July, uses a combination of encryption and a Gnutella-like network to avoid any of the limits corporations and governments are trying to place on anyone using the web.

Labels:

07 March 2001

Descramble That DVD in 7 Lines (Wired)
Descrambling DVDs just got even easier, thanks to a pair of MIT programmers. Using only seven lines of Perl code, Keith Winstein and Marc Horowitz have created the shortest-yet method to remove the thin layer of encryption that is designed to prevent people from watching DVDs without proper authorization.

Labels:

Yahoo! shows tougher line on piracy than child porn (ZDNet UK)
Internet piracy is given a higher priority, by Yahoo!, than protecting children online, it emerges this week, as the Internet portal removes 13 chatrooms found to be trading encryption techniques, whilst ignoring hundreds of paedophile groups that it was alerted to six months ago.

Labels: ,

23 February 2001

Music Meets Technology (EMF)
Brussels 8 & 9 March 2001. Be up-to-date with the latest in online music! The European Multimedia Forum would like to invite you to participate in Europe in Music: Music Meets Technology and its Concert Gala featuring Music from Central and Eastern Europe. The Europe in Music programme brings together all actors of the online music value chain to share knowledge and become partners to legally move music online. It is the sole initiative of this kind in Europe. Conference topics include: - Legal update; - Watermarking & encryption systems, digital rights management systems; - Payment systems and customer care tools; marketing & sales; - New distribution business models; - the PACT project, through which you can have your project funded by the EU.

Labels:

03 February 2001

Anti-virus becoming less important than content control (Register)
By 2007 firms will spend more on content filtering and encryption technology than they do on anti-virus software according to a report by industry analysts Frost & Sullivan. The growth of content filtering will be driven by companies increased desire to control their employees' use of email and the Internet.

Labels:

01 November 2000

Revised encryption rules (DoC)
The U.S. Department of Commerce's Bureau of Export Administration (BXA) published an amendment to its export regulations on encryption products. The new rule amends the Export Administration Requirements (EAR) and liberalizes exports and re-exports of encryption products to the fifteen European Union member states plus Australia, the Czech Republic, Hungary, Japan, New Zealand, Norway, Poland and Switzerland.

Labels:

31 October 2000

US presidential candidates' position on encryption techology (Web White & Blue 2000)
The presidential candidates have responded to a question about encryption techology at the Web White & Blue Network, which is hosting the 1st-Ever online presidential debate. see also Bush Blasts Clinton Administration Encryption Stance (Newsbytes).

Labels:

18 July 2000

Movie Studios Seek to Stop DVD Copies (New York Times)
In the first day of a case that could test the limits of Hollywood's control over its digital properties, lawyers for eight movie studios yesterday urged a federal judge to stop a Web site operator from distributing a software program that unscrambles the encryption on DVD movie disks. The lawyers asked the court to act before they have the same fate as the record labels, which have seen their songs traded freely by millions of Internet users.

Labels:

Administration Announces New Encryption Regulations (Newsbytes)
The Clinton administration today said it plans to change laws governing the export of powerful encryption technologies to allow export of all information-scrambling products to any end user in the European Union and to eight other trading partners.

Labels:

11 July 2000

US May Announce New Encryption Rules This Week (Newsbytes)
Following closely on the heels of the European Union's relaxing of export and encryption controls, William Reinsch, head of the Commerce Department's Bureau of Export Administration (BXA) said today that the US was prepared to announce similar regulations in an effort to keep US companies competitive with foreign manufacturers.

Labels:

10 July 2000

Foundation Opposes DVD-Crypto Injunction (Newsbytes)
The Electronic Frontier Foundation (EFF) on Wednesday fired off its final brief in what amounts to the opening salvo of its California courtroom battle against the Digital Video Disc (DVD) industry over DVD encryption codes. The EFF, which is defending a group of Web site operators who posted hacked DVD encryption codes on their Web sites, filed Wednesday's brief in opposition to a preliminary injunction that called for the Web site operators to remove the codes.

Labels:

03 July 2000

New Encryption System Would Protect Digital Music (New York Times)
Various companies have proposed forms of encryption as solutions to the problem of the anonymous swapping of digital music files. Now add another candidate: three mathematicians at Brown University have capped six years of research with a patent for an encryption code they say will make it impractical - if not impossible -- to infringe copyrighted data like digital music.

Labels:

26 June 2000

RIP code to guide police (ZDNet.uk)
The Home Office is drawing up a code of practice to govern how law enforcement agencies employ the Regulation of Investigatory Powers Bill, in an attempt to appease the bill's critics. The code, which is due to be published in July, will address the most pressing areas of concern, such as how authorities should handle encryption keys obtained under the legislation.

Labels:

22 June 2000

OFTEL promotes competition in interactive digital tv services (Press Release)
OFTEL has today required Sky Subscribers Services to allow other companies to have access to its encryption services to provide interactive services over digital TV sets. Sky Subscribers Services Ltd (SSSL) encryption and customer recognition technology is used in BSkyB?s digital set top boxes to provide secure interactive services such as home banking and e-commerce to consumers. OFTEL has determined that SSSL is a Regulated Supplier in a dominant position under the Access Control Services Licence. This means SSSL must allow other companies to have fair access to its services so they can provide their own interactive services to customers.

Labels:

19 June 2000

Expert: Encryption Gets Better, but Remains Imperfect (Newsbytes)
A hacker cracks an e-commerce site, claims to have stolen 300,000 credit cards. An online banking site discovers crooks have transferred money out of legitimate customers' accounts. Microsoft's Windows e-mail platform, having already sustained a withering frontal assault from the Melissa e-mail virus, fails in its next implementation to install corrections that would have kept the subsequent ILOVEYOU attack at bay. Mick Bauer, security practice leader at California-based consulting firm ENRG Inc., says implementing the technology is difficult.

Labels:

06 June 2000

U.S to Follow EU Crypto Lead (Wired)
If the European Union votes next week to relax encryption regulations, the United States says it will take similar steps. Commerce Department Undersecretary William Reinsch said Monday that any change, designed to make sure American high-tech companies aren't disadvantaged, will have to wait until the Europeans reach a decision. see also U.S. to Track Crypto Trails and Europe Stalls on Crypto Exports

Labels:

04 May 2000

U.S. to Track Crypto Trails (Wired)
President Clinton has authorized the federal government to begin keeping track of how often suspected criminals use encryption to thwart police wiretaps. Clinton has signed a bill that requires the Justice Department to report how frequently it encounters encrypted conversations. Over 2,450,000 telephone conversations were legally intercepted in 1999, according to government statistics released this week.

Labels:

25 April 2000

EU Commissioner: We need a sense of urgency
Interview with Erkki Liikanen, EU Commissioner for Enterprise and Information Society, about the European strengths and misses, the chances that Linux might bring for the EU, his views on privacy, copyright, encryption, filtering and consumer rights in the digital age (Telepolis)

Labels:

04 April 2000

Group Appeals DVD Crypto Injunction (Newsbytes)
Continuing its California courtroom battle against the Digital Video Disk (DVD) industry over DVD encryption codes, the Electronic Frontier Foundation has appealed an injunction granted against more than 50 Web site operators.

Labels:

03 April 2000

Some Countries Seek Keys to Digital Code-Scramblers (New York Times)
Governments around the world are relaxing their controls on the technology used to scramble computer communications and keep them secure. But according to the third international review of encryption policies that has been conducted by the Electronic Privacy Information Center (EPIC), that trend is coupled with attempts by law enforcement authorities to gain new surveillance powers.

Labels:

11 March 2000

French Banks Hacked (Newsbytes)
An unknown hacker or group of hackers caused havoc in French banking circles after the 96-digit encryption algorithm underlying the Cartes Bancaires system was posted on the Internet.

Labels:

24 February 2000

Prof Can Post His Crypto (Reuters)
The United States will allow a computer scientist to put instructions for writing a powerful computer data-scrambling program on his Web site, but his high-profile lawsuit challenging U.S. export restrictions on encryption may continue.

Labels:

16 February 2000

Irish, UK Crypto Regs Far Apart (Wired)
Britain is likely to become the first country in the world to make imprisonment a possible consequence of refusing to surrender, or even losing, one's private encryption keys. At the same time, neighboring Ireland is preparing legislation that would make it the first country to prohibit law enforcement from forcing encryption users to hand over their private keys.

Labels:

10 February 2000

UK publishes 'impossible' decryption law (BBC)
The UK Government came under fire from the internet community after it published the Regulation of investigatory Powers Bill to regulate covert surveillance. The critics say the legislation, if passed, could lead to innocent people being sent to jail simply because they have lost their data encryption codes.

Labels:

09 February 2000

An appraisal of technologies of political control (STOA)
Development of Surveillance Technology & Risk of Abuse of Economic Information 1/4 Economic Risks of Electronic Interception 1999 2/4 Legality of Interception of Electronic Communications 1999 3/4 Encryption/Cryptosystems in Electronic Surveillance (FR) 1999 3/4 Encryption/Cryptosystems in Electronic Surveillance (EN) 1999 4/4 Interception Capabilities 2000

Labels:

28 January 2000

Wrinkle in Mitnick Case Hints at Encryption Battles to Come (New York Times (registration required))
Llittle-known legal skirmish in the case of the computer hacker Kevin Mitnick was a preview of similar fights to come as more people use encryption software to protect their files, lawyers who were involved in the case say. Mitnick left federal prison last week after serving nearly five years for a series of crimes involving computer fraud and wire fraud. But his lawyers say they are still troubled by the judge's answer to a legal question raised early in the case: When federal agents seize encrypted files from a defendant, can they refuse to return them unless the defendant turns over the secret "key" to decode the files?

Labels:

25 January 2000

Another DVD Crypto Injunction (computer currents)
The news just keeps getting worse for civil liberties proponents involved in an ongoing fight with the digital video disk (DVD) industry and the Motion Picture Association of America (MPAA). Less than 48 hours after a federal judge in New York granted an injunction ordering three individuals to remove information about DVD encryption from their Websites, a California superior court judge late Friday issued an almost identical ruling in a case against roughly 50 defendants there.

Labels:

24 January 2000

NEC Claims World's Strongest Encryption System (IDG.net)
NEC Corp. today announced it has developed a new encryption technology, CipherUnicorn-A, which it claims to be the strongest in the world. The technology is based upon common key encryption - in which a single key is used for both the encoding and the decoding functions - but has a twist, explained Hiroshi Miyauchi, research manager at NEC's C&C Media Laboratories.

Labels:

22 January 2000

DVD Crypto Injunction (Newsbytes)
In a setback for civil liberties proponents, the Motion Picture Association of America (MPAA) convinced a federal judge to grant an injunction ordering three individuals to remove information about DVD encryption from their Websites.

Labels:

21 January 2000

Clinton Favors Computer Snooping (wired.com)
Visions of stealthy black helicopters landing on your lawn and disgorging Nomex-clad troops to steal your PGP keys aren't just for conspiracy theorists. The Clinton administration wants to be able to send federal agents armed with search warrants into homes to copy encryption keys and implant secret back doors onto computers.

Labels:

18 January 2000

New Encryption Rules Leave Civil Libertarians Unhappy (New York Times (registration required))
While most high-tech companies are applauding the new encryption regulations as delivering on Vice President Al Gore's promises to eliminate cumbersome licensing rules on exporting software, civil libertarians say they fail to fix the constitutional questions at the heart of pending court cases.

Labels:

Open new window when link clicked
Subscribe to Newsletter
text | HTML
Daily Digest
RSS feed