I was remembering about the summer 2013. It was middle June, right after the first Edward Snowden’s revelations about the massive surveillance activity of NSA against alleys but also the same US citizens she has to protect. In these days there was really some kind of revolution, all the media were involved in the World biggest disclosure about control technologies and, in reaction to this pacific revolution, we have gained knowledge and safety. Government infrastructures are more safe, citizen computing is more safe, cryptography is spread as never before but what about now?
On a article appeared on Security Affairs, is reported the analysis of NSA Director Admiral Mike Rogers, confirming the risks of efficient cyber espionage by at least two countries other than China.
This fact, joined to the continuation of massive data gathering activity on US citizens (even if data harvesting rules have been changed after the datagate) has an incredible side effect: in fact, not only the US government has spied or continue to spy on his citizens but what’s worst is that they can’t provide an effective protection to this data.
But are we able to renounce to all of this? Or we are totally dependent from machines?
A little essay, analyzing how modern society needs technology to evolve or simply to survive.
4 pages of 2000 chars.
or search it on your country Amazon store.
This question is “old like the World”, we use to say in my Country. How can we trust of a secrecy protocol or implementation that the worldwide community can’t study, test and modify? Who may assure us that the rules of the game are clear and there’s a full respect of them?
When we are going to use a closed encryption protocol or implementation for our communications we can only trust on the service. It’s like telling a secret to our best friend: we choose someone we trust and we tell him our secret but, in fact, who knows if he will respect our privacy. Maybe our best friend may approach his cousin and say: “Hey, can you keep a secret?” and obviously the answer is “Yes!”.
In an article published on Wall Street Journal we have leaned about a new (for us) spy technology used by U.S. Government security agencies (this time doesn’t seem a matter of NSA) to track criminals and assure the internal State security. By the way who can say if there’s also a use of this technology beyond the legal and security purposes.
The core of technology is a device that, mounted on an airplane (e.g. a Cessna like plane) may replicate a cellphone tower. Acting as a BTS, the device may setup a man in the middle attack, intercepting phone calls, sms and all the traffic routed by the cellular infrastructure. It’s also possible (standing to this information leak) to track a cellphone (and the owner) with a 3 meters precision.
That’s a new amazing technology revelation that we have to add to the possible privacy threats and “state of control” issues even if this technique seems to be used only for legal purposes, like fighting criminality and terrorism.
Even if these news let us scared and have a big impact on the media, we have always to remember that this kind of control is more surgical than the kind exercised by economical reasons. In fact, it’s more probable that we are spied by commercial companies to track our behavior in the internet or collecting metadata on our emails etc… that we have a plane on our head listening our phone calls.
I’ve developed LockWallet, a simple password manager to use in a terminal environment.
With lockwallet you can manage a password database encrypted with AES128 algorithm and automatically recall in the clipboard the password desired to be pasted in the login form.
I’ve created lockwallet to use on internet point computers or, generically, on computer that I do not own. For this reason I’ve written it in java and stored on a pen drive with a Windows stand alone jre for both win32 and win64 in the case the OS doesn’t have a jvm installed.
To download LockWallet you can click on this link for GitHub
This software is in beta stage. I’m not responsible for any problem and security flaw derived from its use.
Few weeks ago, Google has made available in his services the 2 factor authentication via security key, implementing the FIDO u2f authentication standard.
The security key is a device like a usb pen drive but slim as a smartcard with a chip on the usb plug. This chip contains a key pair and cryptographic functions.You can register the public key on a service like the ones provided by Google and, in future, use the security key as the second step authentication.
At moment, the security key works with any of the major OSes (GNU/Linux, Windows and OSX) and only with Google Chrome browser.
I’ve ordered a security key on Amazon (the cheap one), so I’m going to test this security token soon with google gmail and make some usage reports.
By the way, Google may be one of the first big companies to adopt the FIDO u2f security key standard. In the future, Yahoo and other big companies may provide the security key authentication as an alternative to the sms pin. Paypal has also a security key protection but his implementation seems to be proprietary.
Here’s the Google help page of the security key token.