Tags Posts tagged with "encryption"


Terrorist groups are increasingly using high-grade, advanced end-to-end encryption technologies so that no law enforcement can catch them.
The deadliest terror attacks in Paris that killed 129 people were the latest example of it.

How did the Terrorists Communicate and Organize the Plot?

The Paris terrorists almost certainly used difficult-to-crack encryption technologies to organize the plot – locking law enforcement out, FBI Director James B. Comey told Congress Wednesday.
The ISIS mastermind behind the Friday’s Paris massacre is identified to be Abdelhamid Abaaoud, who is based in Syria. So to transmit his plans to the suicide bombers and gunmen, he would have made use of secure communication to keep law enforcement out.
FBI’s Comey believes ISIS is making use of popular social media platforms to reach out to potential recruits and smartphone messaging applications that are end-to-end encrypted, meaning even the company cannot read the messages.

Blame Game: Ex-CIA Director Blames Edward Snowden For Paris Attack

Ex-CIA Director James Woolsey, who once said Snowden “should be hanged by his neck until he is dead,”has blamed NSA whistleblower Edward Snowden for revealing the agency’s efforts to break encryption and for teaching terrorists how to avoid being caught.
Woolsey said, Snowden, who leaked a vast trove of classified files detailing the extent and workings of the United States intelligence system, is responsible for the Paris terror attacks and now has ‘blood on his hands.’
According to Woolsey, it was Snowden’s leak of top-secret documents about how American and British spy agencies monitor and track people worldwide that led terrorist groups like…
ISIS and Al-Qaeda to adopt new communication methods, including end-to-end encryption channels, to avoid surveillance.

But, Why Blaming Snowden? It’s Intelligence Failure

The tougher and more important question here is – If terrorists used encryption to plan the strikes in Paris, did they circumvent our spying agencies’ Bulk Interception tools and offensive cyber operations?

“I was a bit surprised just by how quickly and blatantly – how shamelessly – some of them jumped to exploit the emotions prompted by the carnage in France to blame Snowden: doing so literally as the bodies still lay on the streets of Paris,” the journalist Glenn Greenwald said, who has worked with Snowden to expose NSA secrets.

Bulk interception is the collection of the vast quantity of internet data, sometimes from thick undersea cables and then storing it in databases for a limited time.
However, the government’s claims about the NSA bulk surveillance of email and phone records that the operations are to keep the country safe from terrorism are overblown and even misleading.
Surveillance of phone metadata has had no visible impact on preventing terrorist attacks, so it is a total failure of our intelligence agencies, and not Snowden.
The fact that, long before Snowden’s leaks, our so-called intelligence agencies around the world failed to prevent many terrorist attacks, including:
  • The Bali bombing in 2002
  • The Madrid train bombing in 2004
  • The 7/7 London attacks in 2005
  • The series of attacks in Mumbai in 2008
  • The Boston Marathon bombing in 2013 that took place in the intense security at the leading annual event in a major American city
However, after all these terrorist attacks, the government response has been uniform – Give the intelligence agencies more powers and greater abilities to track, surveil and monitor anyone they believe is suspicious.

“The Snowden revelations were not significant because they told The Terrorists their communications were being monitored; everyone  especially The Terrorists  has known that forever,” Greenwald said.

Moreover, one of the leaked GCHQ documents contains what the agency calls a “Jihadist Handbook” of security measures, which was written in 2003, that instructs terrorists to learn and use sophisticated, strong encryption techniques to avoid government surveillance.
So, how could we blame Snowden, who exposed law enforcement’s mass surveillance operations in 2013; almost 10 years after the Jihadist Handbook was written.

After Paris Attack, Government’s arguments about Encryption and Backdoor

Now in the wake of the recent Paris terrorist attacks, the US government has renewed their assault on encryption and revived their efforts to force tech companies to install backdoors in their products, like encrypted messaging apps.
The intelligence agencies have gotten it all wrong. Due to the bulk collection and interception, the overall volume of encrypted internet traffic has gone up and up, that the intercepted data has become inaccessible even to intelligence agencies.

So, it’s not Snowden who is responsible for the Paris attacks, it’s the Failure of our government and intelligence agencies.

Source : THN

Yes, Google wants you to keep your bits and bytes as safe as possible through encryption.
With the launch of Android 5.0 Lollipop last year, Google wanted to make full disk Encryption mandatory, but unfortunately, the idea did not go too well.
However, Google thinks the idea will go right this time, and it will try again to require full-disk encryption by default for devices that release with the newest Android 6.0 Marshmallow and higher versions.
Google has published the new version of the Android Compatibility Definition Document (PDF), mandating Android encryption with a couple of exceptions in Android 6.0 Marshmallow.
The document reads:

“For device implementations supporting full-disk encryption and with Advanced Encryption Standard (AES) crypto performance above 50MiB/sec, the full-disk encryption MUST be enabled by default at the time the user has completed the out-of-box setup experience.”

New smartphones and tablets that ship with Android 6.0 Marshmallow and have certain performance standard must be encrypted by default.

The new Android Compatibility Definition Document for Marshmallow states: If the device implementation supports a secure lock screen… then the device MUST support fulldisk encryption [Resources, 1 32] of the application private data (/data partition), as well as the application shared storage partition (/sdcard partition) if it is a permanent, non-removable part of the device.

For device implementations supporting full-disk encryption and with Advanced Encryption Standard (AES) crypto performance above 50MiB/sec, the full-disk encryption MUST be enabled by default at the time the user has completed the out-of-box setup experience. If a device implementation is already launched on an earlier Android version with full-disk encryption disabled by default, such a device cannot meet the requirement through a system software update and thus MAY be exempted.

Encryption MUST use AES with a key of 1 28-bits (or greater) and a mode designed for storage (for example, AES-XTS, AES-CBC-ESSIV). The encryption key MUST NOT be written to storage at any time without being encrypted.

What is Full Disk Encryption?

Full disk encryption (FDE) is the process of encoding all user’s data on an Android device using an encrypted key. Once encrypted, all data on the device is automatically encrypted before ever written to disk.
In turn, the data is automatically decrypted before it returns to any calling process that asks for it. All you need is the correct key.
Full Disk Encryption is done with a kernel feature that acts directly on the block layer of the storage and has been available in devices since Android 3.0 Honeycomb.
However, Android 6.0 Marshmallow brings some pretty big changes and improvements in the overall working of the full disk encryption.
New Android devices running Marshmallow and having AES crypto performance above 50MiB-per-second require supporting encryption of:
  • The private user data partition (/data)
  • The public data partition (/sdcard)
In other words, Full Disk Encryption is damned secure, and Google has done a pretty good job by making full disk encryption mandatory on Android devices.

What’s the Problem with Full Disk Encryption?

Last year when Google implemented full disk encryption by default on the Nexus 6 devices, you had probably heard about poor device performance for disk reading and writing.
It’s true — the problem with full-disk encryption is a hit on the device performance because when you need to encrypt or decrypt on the fly, disk Input/Output speeds suffer.
In short, there are some drawbacks if encryption becomes mandatory:
  1. Slower Performance: As mentioned above, Encryption always adds some overhead, which causes your device a bit slower.
  2. Encryption is One-Way Only: If you forget the decryption key, you’ll need to factory reset your device that will eventually erase all the data stored on your phone.

Do we Really Need Full Disk Encryption By Default?

In older devices, there is an option to enable full disk encryption, but by default it is turned OFF. This left us with a choice — Do we need full disk encryption?
Many of us will find full disk encryption useful. This helps us to keep secure our sensitive information that we never, ever want to fall into the wrong hands. Full disk encryption also keeps our data secure from snoopers and government agencies who need to see it.
But for others, just the standard lock screen security is enough. If they lose their phone, they have Android Device Manager or other utilities to remotely wipe their data. They quickly change their passwords of Google and other accounts, and they even don’t have a reason to fear any consequences if government snoops into their data.
So, do you need Full Disk Encryption by Default? Share your views with us; Hit the comments below.

Tor – Privacy oriented encrypted anonymizing service, has announced the launch of its next version of Tor Browser Bundle, Tor version 4.0, which disables SSL3 to prevent POODLE attack and uses new transports that are intended to defeat the Great Firewall of China and other extremely restrictive firewalls.

Tor is generally thought to be a place where users come online to hide their activities and remain anonymous. Tor is an encrypted anonymizing network considered to be one of the most privacy oriented service and is mostly used by activists, journalists to circumvent online censorship and surveillance efforts by various countries.

The popularity of the tool can be estimated by the recent announcement of an Internet router called Anonabox which was the highest crowd funded project on Kickstarter this week, generating more than $500,000 in funding since its launch on Monday. Tor privacy router Anonabox is designed to make all your online activity anonymous and conceal your location, but unfortunately the backers have started to pull their funding for the project due to raising questions related to the authenticity of the product.


One of the major new features in this new version is that it now disables SSL3 connections to prevent users against the “POODLE” attack. Padding Oracle On Downgraded Legacy Encryption, or POODLE makes it possible for attackers to spy on your internet browser stemming from a decade old encryption standard, known as SSL version 3.0, which is still being used by majority of Internet users.

“This vulnerability allows the plaintext of secure connections to be calculated by a network attacker,” said Bodo Möller of the Google Security Team. “If a client and server both support a version of TLS, the security level offered by SSL 3.0 is still relevant since many clients implement a protocol downgrade dance to work around serve ­side interoperability bugs.”

Tor Browser Bundle, which is now known as only Tor Browser, is based on an ESR (Extended Support Release) version of the Mozilla Firefox project. Firefox version 24 ESR has been updated to version 31 ESR and offers many security fixes, including seven critical vulnerabilities.

Another major change in this newly launched Tor series is the browser update that has made it possible for people in internet-censored countries like China to bypass the country’s Firewall in order to gain full access to the internet. The censoring of internet access in China is known as the Great Firewall of China.

“More importantly for censored users who were using 3.6, the 4.0 series also features the addition of three versions of the meek pluggable transport. In fact, we believe that both meek-amazon and meek-azure will work in China today, without the need to obtain bridge addresses,” Tor Browser and Tor Performance Developer Mike Perry explained in a blog post.

But, according to the developers, “the meek transport still needs performance tuning before it matches other more conventional transports,” and they plan to work on it.

Download Tor version 4.0 from here in order to keep yourself updated.


“This release also features an in-browser updater, and a completely reorganized bundle directory structure to make this updater possible. This means that simply extracting a 4.0 Tor Browser over a 3.6.6 Tor Browser will not work,” reads the blog post. “Please also be aware that the security of the updater depends on the specific CA that issued the www.torproject.org HTTPS certificate (Digicert), and so it still must be activated manually through the Help (“?”) “about browser” menu option.”

“Very soon, we will support both strong HTTPS site-specific certificate pinning (ticket #11955) and update package signatures (ticket #13379). Until then, we do not recommend using this updater if you need stronger security and normally verify GPG signatures.”


Privacy Tools — Tor Browser 4.0 and Tails 1.2 Released
A new version Tails 1.2 has also been released. Tails, also known as ‘Amnesiac Incognito Live System’, is a free security-focused Debian-based Linux distribution, specially designed and optimized to preserve users’ anonymity and privacy.

The operating system came into limelight when the global surveillance whistleblower Edward Snowden said that he had used it in order to remain Anonymous and keep his communications hidden from the law enforcement authorities.

In spite of all the things smartphones can do, messaging remains one of the most popular activities. Popular messaging apps like WhatsApp, Viber, WeChat support text messages, voice calls, photo & video sharing features, but there is no provision for sharing every file types on these amazing messengers.
But, some or the other day, we all got struck into an awkward situation where we have to share PDF, apk or zip files with our friends while chatting.
However using any other 3rd-party file sharing services, we can share image, video, audio, zip files or any other file type with our friends, but it would be a lengthy process and sometimes require to use computer.
Gone are the days when you relied on your computer to get all of your work done. Telegram Messenger, the most popular and ultra secure messaging application, is now offering file sharing feature that allows its users to share large files and documents (up to 1.5GB) securely.
Telegram is a messaging app that offers end-to-end encryption and also offers a ‘Secret Chat‘ feature, that self-destruct messages after the conversation. The notable thing about Telegram Messenger is that it is free and an open source project, which means that the source code of the project is freely available.


A huge advantage of Telegram over any other tool is sharing large documents,” the company wrote on its blog post Sunday. “You can send files up to 1.5 GB using Telegram and access them from any of your devices. Perfect for everything from studying to sharing personal archives.

For this iOS and Android update, we have fully rewritten the Shared Media section. From now on, you can use the ‘Files’ overview to see all documents that were shared in a chat. It is also possible to search for specific files using the instant search. – They Added.
This means that now any file we receive in Telegram Messenger can be sent to email or any other apps just by opening the file in the app and tapping on the Share button. Moreover, Android users would be given a ‘Share’ option in the file’s context menu that will help them to share large files with their friends.
Newly Added Features:

Mute Notifications

You can now temporarily mute notifications from particular contacts and groups for 1 hour, 8 hours or 2 days. On Android, open the ‘…’ menu in a chat and choose ‘Mute notifications’. On iOS, go to group or contact info and tap on Notifications. iOS8 users can now also use interactive notifications to mute a contact or group for 8 hours.


Instead of looking for the right search box, just type your query in the new universal search field and get instant results — contacts, chats, groups, usernames or messages.


This is rather a very handy feature that many Telegram Messenger users might find useful, since most email providers limit the size of files attachment to 25MB. Also, interesting since none of the competitive service — WhatsApp, Viber, Line allow the transfer of non-media files only.
Telegram Messenger is offering, what the company calls, Bonus for iOS users. As the app is now supported in the iOS 8 sharing menu that could be open while users are viewing any document on their iOS devices.
In addition to sharing large files, the new Telegram Messenger update offers Mute Notifications, where users can temporarily mute notifications from particular contacts and groups for 1 hour, 8 hours or 2 days; andMultisearch, where users can get instant results for particular contacts, chats, groups, usernames or messages.

Download Telegram Messenger

Cryptocat developer’s Peerio secure messaging app also offers file sharing, but the app is not widely used by people, as it is available only for Windows, Mac OS X and Chrome, but not for Android and iOS platform. Android and iOS version of apps are in the progress and will be available soon.
Peerio is an “encrypted productivity suite” designed to offer much more usable alternative to PGP email and file encryption, so that every individual user and business can encrypt everything from Instant Messages to online file storage.