Encryption Archives

How To Deal With Identity Theft

Identity theft is getting to be a really big issue these days.  It’s in the news all the time, usually two or three times a week you’ll see the talking heads relating yet another story about identity theft or something that this or that congresscritter is proposing to do about it.  Theres the seemingly endless stories about how to prevent identity theft, most of which are relating the same common sense advice that basically boils down to “be careful, think before you act”.

The thing is, there’s plenty of people who do their best to do all the right things and yet they still manage to get burned.  Partly because there was something they could have done had they thought of it and had the time.

Now anyone can see that there’s a potential here, a problem in search of a solution.  There’s been a lot of scams that claim to protect or repair the damage from identity theft, only to turn out to be an identity theft scam in themselves.  One of the only legit services I’ve ever heard of is lifelock.  That’s the one where the CEO, Todd Davis has his actual social security number posted on the website.  I’ve seen commercials showing large trucks with his social security number printed on the side in six foot high numbers.  He’s confident enough that lifelock has him covered that he openly publishes his SSN.

Basically what lifelock does is watch the credit reporting agencies and take actions to opt you out of credit card offers and a lot of junk snail-mail as well.  Because this is their business, they can keep current on loads of people.  This way something like checking your credit report for problems or updating your desire to not receive credit card offers doesn’t get forgotten because you lost track of when it needs to be updated.

Technorati Tags: credit+card+offers, identity+theft, identity+theft+prevention

Border Agents Can Search Laptops Without Cause

Anyone considering traveling outside of the US would do well to read this item on the Wired.com blog about a recent federal appeals court decision that border agents can search laptops, phones and other electronics without cause (and presumably without a warrant either).

What it means is that anyone crossing the border needs to be aware that Agents at the boarder are permitted to search your phone, laptop, etc.  Obviously, while this means that they’ve got the potential to catch assorted nasty, evil people with evidence on their hard drives & phones.  There is also the fact that it’s a serious invasion of privacy and has a major potential here for abuse.

This means that if you plan to be crossing the border anytime soon, you’ll want to be prepared for this possibility.  If there’s anything on your drive that you consider private, that you don’t want anyone snooping into for any reason, then there are two possibilities.

1) Remove the files in question… burn ’em on cd, leave ’em on a flash drive at home, whatever it takes to make sure the only thing found on your laptop, phone, ipod, etc is boring stuff.

2) Keep anything private or sensitive in the hidden volume of a truecrypt container.  Keep the size of the containers as small as possible and hide them in various places on your computer with cryptic looking names.

The advantage of using a hidden volume is that if somebody does decide that xyz file is a truecrypt container and gets insistent about you opening it, you can give them the passphrase for the outer container which you would have pre-loaded with stuff that searchers would be willing to believe that you’re keeping hidden but wouldn’t actually be illegal.

Of course, in the case of the truecrypt container, you need to be prepared.  As in a backup in a secure location you can recover it from after you return home because it’s always possible that you’ll need to allow the container to be destroyed to protect it’s contents.

Hmm.. this gives me an idea.  Sometime soon I’m going to try to work up a tutorial for using a truecrypt container with both an ‘outer’ volume and a ‘hidden’ volume.

Technorati Tags: border+agents, hidden+volume, search+laptop, search+phone, truecrypt, truecrypt+container, without+cause, without+reason, without+warrant

NXP Mifare Classic RFID encryption cracked

We can now raise a cheer for a group of a group of bright people in the Chaos Computer Club of Hamburg, Germany along with colleagues from the University of Virginia have succeeded in cracking the encryption scheme used on the Mifare Classic RFID chip sold by NXP.

It turns out that the proprietary encryption scheme has only 48 bits as opposed to modern algorithms that use 128 bit and 256 bit (or more) encryption.  Apparently cracking this encryption took “relatively little effort”.

This means that because these chips are in fairly wide use in a number of applications such as “contactless smartcard applications including fare collection, loyalty cards or access control cards.”, it’s possible for a determined individual (or corporation / criminal organization) could do quite a bit with it, from making it a lot easier for unscrupulous advertisers to track every time you purchase something and use the information to target advertising.. or more.  For example, say you decide to discreetly try a weight loss cream.  You don’t particularly want it generally known because of embarrassment or simply because you don’t know if it’ll work or not.  advertiser gets the information and you start getting more ads in email, on the phone and anywhere else you might see targeted ads, for other weight loss products and advice etc.  Your insurance company sees this information and your premiums go up because some number cruncher has decided that you’re now an increased risk for weight related health problems.

It’s bad enough that these infernal things are being used as much as they are but to have them out there with weak encryption only aggravates and already bad situation.  Of course, NXP, the maker of the chips in question, isn’t planing to change anything

Technorati Tags: chips, credit+cards, Encryption, loyalty+cards, Opinion, payment+systems, Privacy, rfid, Security, Technology, Tracking, tracking+chips

Freenet 0.7.0 release candidate 1 released

First, I’ll quote the “official” announcement that appeared on the Freenet support list this morning:

Freenet is a global peer-to-peer network designed to allow users to publish and consume information without fear of censorship.  To use it, you must download the Freenet software, available for Windows, Mac, Linux and other operating systems.  Once you install and run Freenet, your computer will join a global, decentralized P2P network. You will be able to publish and consume information anonymously, either through your web browser, or through a
variety of third party applications.

Freenet 0.7 is a ground-up rewrite of Freenet.  The key user-facing feature in Freenet 0.7 is the ability to operate Freenet in a “darknet” mode, where your Freenet node will only talk to other Freenet users that you trust.  This makes it much more difficult for an adversary to discover that you are using Freenet, let alone what you are doing with it. 0.7 also includes significant improvements to both security and performance.

Freenet 0.7 RC1 can be downloaded from:

http://freenetproject.org/download.html

There’s been a lot of work done on 0.7 since it was split off from 0.5 back in Dec 2005 and yes, 0.7 is faster … for small files and Frost messages.  I understand that large files can still take two to three times longer to retrieve or insert on 0.7 as the same files will take on 0.5

However, 0.7 is worth checking out and looking around.  It will probably take a while for people new to freenet to become familiarized with how things work and get a feel for best practices.  However, with either version there are some basics:

1), For best results, your node should run 24/7 or as much of the time as possible.

2), The larger your node’s data store, the better.  I’d recommend at least 1GB and preferably more. My 0.5 node has 25GB of store and my 0.7 node is set to use 10GB for now.

3), When a new node first starts up, it can take anywhere from a few hours to a day or so to get sufficiently integrated into the network for freesites and files to start loading at a decent pace.

4), On 0.7, you’re better off to exchange darknet refs with ~ 10 to 15 other nodes and disable “promiscuous mode” (opennet)

I personally intend to stay with 0.5 as my primary freenet experience.  Especially since development work has re-started on it a few months ago.

I will also continue to maintain my own “unofficial freenet alternative download” page with installers for several recent builds of freenet, a seednodes.ref file and a little bit of help getting it installed and started.  I’ve just started some update work on this page and will be adding several more pages to cover several freenet utilities as time permits.

Technorati Tags: anonymous+p2p, anonymous+file+sharing, 0.7+release, alternative+download, alternative+freenet+download, download, Freenet, freenet+0.5, freenet+0.7, freenet+download, freenet+help, freenet+utilities, node+reference, seednodes, unofficial+freenet

Japan to Cut Internet Access for Winny Users

Japan’s four main Internet provider organizations have gotten together and worked out an arrangement where they’re going to be cutting Internet access to people using the “WinNy” P2P file sharing program.

Their big reason for this is the big battle against piracy.  They’re claiming that most of the files being traded by the 1.75 million or so WinNy users in Japan are illegal copies of:

3.55 million examples of illegally copied gaming software, worth about 9.5 billion yen at regular software prices, and 610,000 examples of illegally copied music files, worth 440 million yen,

I have to say that it’s interesting that they claim there is so much more trading of games than there is of music which, as far as I know, is totally backwards from claims made elsewhere about what’s being shared.

They haven’t gone into any details of course as to HOW they’re deciding that a particular WinNy user is sharing “illegal copies” of programs and music, which is particularly interesting because while I understand that WinNy message forums aren’t anonymous, the file transfer system itself *IS* anonymous.  Given that, there’s no real way to be sure that any one user has, in fact, uploaded or downloaded any given file (at least, without searching their hard drives and even then if the user in question maintains good security practices, that will also prove fruitless.)

Don’t get me wrong, I’m sure that WinNy is and has been used for trading a lot of “illegal copies” of stuff, but it also serves as an anonymous means of sharing information and as such is valuable in spite of any illegal use.

The thing is though, that it apparently can be detected and therefore blocked and it’s also possible to identify users by tracing the non-anonymous forum part of it’s network to identify the IP addresses of users.

I’m thinking that this is a situation in which the people using WinNy would do well to consider switching to Freenet.  Freenet has a distinct advantage in that ALL of it’s traffic is 100% anonymous and encrypted.  Content being distributed over freenet cannot be identified by an observer, nor is it possible to determine who is inserting or requesting any particular file.

Freenet also has a messaging system that keeps all of the message exchanges within the same encrypted, anonymous transport layer that is used to store and move files.  I believet that it’s also been reported that Freenet nodes can often communicate even in situations where other networks have been blocked.

There are currently two main branches of freenet in use:

Freenet 0.5, which is considered by many to be the “stable” version, has been around for quite a while and is once again under active development.

Freenet 0.7, which is the new version that’s currently in “alpha” state of development where a lot of new code is being developed and tested.

Because of the anonymous nature of Freenet it is not possible to know exactly but it’s estimated that both versions have several thousand users with that number growing all the time on both versions of the network (note: Freenet 0.5 and Freenet 0.7 are separate networks and do not [currently, I think that may change someday] communicate with each other directly.

I think that both networks would benefit greatly by the increase in the number of nodes that’s possible if WinNy users switch to one or the other network.

Technorati Tags: Anonymity, anonymous+p2p, file+sharing, Freenet, internet+access, japan, japanese+isp, p2p, winny

 Page 6 of 8  « First  ... « 4  5  6  7  8 »