Encryption Archives

Open Source, Multi-Platform, Secure IM Client

I saw a question recently from somebody who was looking for a secure Instant Messaging client that was both open source and could be implemented across several platforms.  While I haven’t had a whole lot of need for Instant Messaging and I have no idea why most people would need secure IM except for planning those Orlando vacations getaways where you leave the (presumeably grown) kids at home (or send them someplace else for their vacation), I’ve done a bit of reading and checked out some software.

The big winner that answers all of the stated requirements is to use a Jabber server and Pidgin clients with the OTR plugin.

Jabber is an open source IM server that’s been gaining in popularity in the last year or more, enough so that Jabber has been bought by Cisco.  While that means that there’s no doubt all sorts of changes going on, including the fact that a casual look at Cisco’s site didn’t turn up an easy to find section about Jabber, there are plenty of open source implementations of the Jabber protocol.

Openfire (formerly know as Wildfire) is an Open Source freeware package that’s not only stable and reportedly easy to use, it’s also under active development which usually means it’s here to stay.

Pidgin is an IM client that has the ability to connect to accounts on a variety of servers such as AIM, Yahoo!, Google Talk, MySpaceIM and of course, XMPP (also known as Jabber).  There is quite a number of plugins available for it to customise it for your needs.

Pidgin is also available in a Portable Apps version that can be installed on a flash drive.

One of these is the OTR pluggin.  The OTR plugin, which is also available for several other IM clients including Miranda, KDE’s Kopete, mICQ, and several others.

Like I said earlier, I don’t have much, if any need for Secure IM these days but if I did then this is the solution that I’d use.

Technorati Tags: secure im, otr, secure instant messaging, otr encryption, pidgin, instant messaging, jabber, im

UK Government Claims More Spying Needed

As if Briton wasn’t already one of, if not actually THE most surveilled nation on the planet, their government has decided to spend billions on a program that is intended to monitor every phone call, email and all internet usage.

And I thought WE had a problem with domestic spying here in the US!

As you can easily predict, the reason for doing all this is not to provide work to unemployed drivers of moving trucks.  They’re of course waving the very tired, worn out flag of the war on terrorism to justify this wholesale invasion of privacy by a government.

It’s things like this that are part of the reason that governments need to be not only watched, but held in check by their citizens.  They seem to have a bad habit of forgetting that the only reason they exist is to serve the citizens.

How long before they not only spy on everybody, but start censoring anything that’s contrary to what the government likes?

This kind of thing is also a good reason why everybody should have and regularly use the strongest encryption, privacy and anonymity tools available.  It’s not about having anything to hide, it’s about some things in life are none of the government’s flippin business!

Technorati Tags: domestic spying, privacy, war on terror, monitor internet, monitor email, monitor phone

Chinese Skype Client Makes Snooping Easy

If you use Skype to connect with people in China, you’ll want to check this one out, especially if you use Skype for anything more private than Thanksgiving recipes.

It seems that the version that’s distributed in China, called “TOM-Skype”, is definitely up to no good and any encryption that Skype claims is in use to protect the privacy of Skype users apparently doesn’t count in China.

The EFF reports that “TOM-Skype” monitors the private text conversations of users.  It blocks “sensitive” keywords from chat conversations and it reports the contents of those private text conversations to some remote server in China (presumably operated by the Chinese Government of course.)

There’s some 42 Million people using the compromised TOM-Skype client, and it only takes one side of a conversation to be on a compromised client for the whole thing to be snooped.

The Eff recommends that anyone who wants to chat securely, consider using Off the Record Messaging (OTR) and a different client such as Pidgin, Miranda or Adium.

While OTR can’t stop messages from being snooped, the content of those messages is safe even if the “bad guys” get a copy of it because strong encryption is used in the form of a Diffie-Hellman key exchange, the AES symmetric-key algorithm, and the SHA-1 hash function.  This allows OTR to provides “perfect forward secrecy” and deniable encryption.

Technorati Tags: chat, china, tom-skype, otr messaging, off the record, deniable encryption, privacy, otr, text messaging, backdoor, security, forward secrecy

Another Internet Inventor In Favor Of Throttling P2P

Lawrence Roberts is one of those names that most people using the Internet have probably never heard or read before.  He’s one of the people that were involved in developing what has come to be the Internet that we all use today.  Specifically, He did a lot of the groundbreaking work in “networking through data packets”

Recently however, He’s got something else going on and it touches one of the hot topics in today’s Internet: P2P file sharing.

He’s put together a company called “Anagran” that’s producing “deep packet inspection” devices that he claims can detect which file transfers are P2P and is therefore able to throttle those transfers “in favor of other, more ‘high-priority’ traffic”

All I can say is that it’s a good thing that P2P software developers are continuing their work to stay ahead of efforts to block or throttle people’s ability to share files.  Other than that, he’s just about guaranteed himself a place of high prominence in the pantheon of the most despised people online.

Technorati Tags: p2p software, detect p2p, p2p, bittorrent, file sharing, deep packet inspection, throttle p2p, throttling, bandwidth

[update: Since this was written there’s been at least one solution to fix Gpcode problems

The folks at Kaspersky Labs have run into a new variant of a nasty little bugger known as Gpcode.  This virus encrypts files on the infected computer and then demands payment for a key that will allow the victim to decrypt the files and recover their data.

Thing is, this version of Gpcode is using the RSA encryption algorithm with a 1024-big key.  This is a strong encryption algorithm that is, given current computer and software technology, impossible to crack without the author’s private key.

The RSA Algorithm uses two keys, one public and one private.  Something that is encrypted with the public key cannot be decrypted without the private key.  The Gpcode virus contains a public key which it uses to encrypt the files.

Gpcode adds “._CRYPT” to the filename of the encrypted files and puts a text file named !_READ_ME_!.txt in the folder with the encrypted files.  The text file contains a message telling the victim that their files have been encrypted and then offers to sell them a “decryptor” program to restore them:

Your files are encrypted with RSA-1024 algorithm.
To recovery your files you need to buy our decryptor.
To buy decrypting tool contact us at: ********@yahoo.com

On the upside, Kaspersky Labs (and I presume by now other AV software) are able to detect Gpcode, but if it encrypts something you’d better have a backup someplace safe because you’re not going to crack 1024-bit RSA encryption anytime within a human lifetime.

Of course, I’m sure that it’s occurred to somebody that the thing to do is for somebody to go ahead and buy the “decryptor” and then reverse engineer it to recover the private key, which can then be used to build a trusted freeware tool to recover Gpcoded files.

Technorati Tags: Security, Exploit code, Rootkits, Worms, Passwords, Cyberthreats, Microsoft, Virus, public key, Key, Private Key, Spyware and Adware, File, Complex Attacks, Viruses and Worms, Yahoo!, Hackers, Spam and Phishing, Encryption, RSA Algorithm, Privacy, Vulnerability research

 Page 4 of 8  « First  ... « 2  3  4  5  6 » ...  Last »