Agregátor RSS

Email was one of the earliest forms of communication on the internet, and if you’re reading this you almost undoubtedly have at least one email address. Critics today decry the eventual fall of email, but for now it’s still one of the most universal means of communicating with other people that we have. One of the biggest problems with this cornerstone of electronic communication is that it isn’t very private. By default, most email providers do not provide the means to encrypt messages or attachments. This leaves email users susceptible to hackers, snoops, and thieves.

So you want to start encrypting your email? Well, let’s start by saying that setting up email encryption yourself is not the most convenient process. You don’t need a degree in cryptography or anything, but it will take a dash of tech savvy. We’ll walk you through the process later on in this article.

Alternatively, you can use an off-the-shelf encrypted email client. Tutanota is one such secure email service, with apps for mobile and a web mail client. It even encrypts your attachments and contact lists. Tutanota is open-source, so it can be audited by third parties to ensure it’s safe. All encryption takes place in the background. While we can vouch for Tutanota, it’s worth mentioning that there are a lot of email apps out there that claim to offer end-to-end encryption, but many contain security vulnerabilities and other shortcomings. Do your research before choosing an off-the-shelf secure email app.

If you’d prefer to configure your own email encryption, keep reading.

See Affiliated Events too.

Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity.

Security Keys are inexpensive USB-based devices that offer an alternative approach to two-factor authentication (2FA), which requires the user to log in to a Web site using something they know (the password) and something they have (e.g., a mobile device).

The US Department of Justice (DOJ) this week released the first report from its Cyber Digital Task Force – which was set up in February to advise the government on strengthening its online defenses.
The report [PDF], compiled by 34 people from six different government agencies, examines the challenges facing Uncle Sam´s agencies in enforcing the law and protecting the public from hackers. It also lays out what the government needs to do to thwart looming threats to its computer networks.

Let´s (not) Encrypt

If you´ve been following the news for the last few years it will come as no surprise that the Justice Department is not a fan of the common man having access to encryption.
The report bemoans the current state of encryption and its ability to keep the government from gathering and analyzing traffic for criminal investigations. The word ´encryption´ comes up 17 times in the report, not once in a favorable light.
In the past several years, the Department has seen the proliferation of default encryption where the only person who can access the unencrypted information is the end user, the report reads.
The advent of such widespread and increasingly sophisticated encryption technologies that prevent lawful access poses a significant impediment to the investigation of most types of criminal activity.

The demand for quantum computing services will be driven by some process hungry research and development projects as well as by the emergence of several applications including advanced artificial intelligence algorithms, next-generation encryption, traffic routing and scheduling, protein synthesis, and/or the design of advanced chemicals and materials. These applications require a new processing paradigm that classical computers, bound by Moore’s law, cannot cope with. However, one should not expect quantum computers to displace their classical counterparts anytime soon.

Ray Ozzie thinks he has an approach for accessing encrypted devices that attains the impossible: It satisfies both law enforcement and privacy purists. (?)

EFAIL furore not over yet, even though it´s easy to fix.

However, PGP´s creator Phil Zimmerman, Protonmail´s Any Yenn, Enigmail´s Patrick Brunschwig, and Mailvelope´s Thomas Oberndörfer are still concerned that misinformation about the bug remains in the wild.

Yenn tried to refute the EFAIL “don´t use PGP” on May 25, and the four have followed up with this joint post.

According to a Venafi survey of 512 security professionals attending RSA Conference 2018, sixty-four percent of respondents say their personal encryption usage has increased due to recent geopolitical changes.

Encryption is making it more difficult for law enforcement agencies to detect dangerous offenders, according the the National Crime Agency's (NCA) yearly assessment of serious organised crime in Britain.

Since 2010, communication service providers have migrated to encrypted services ´by default´, a process that accelerated following the Snowden disclosures, said the National Strategic Assessment of Serious and Organised Crime 2018

US lawmakers from both major political parties came together on Thursday to reintroduce a bill that, if passed, would prohibit the American government from forcing tech product makers to undermine the security of their wares.

The National Institute of Standards and Technology wants comments on the best way to design criteria to evaluate new encryption standards for small computing devices.

NIST will eventually ask researchers and cryptographers for algorithms that could be used to encrypt data on small, "constrained devices," such as sensors, RFID tags, industrial controllers and smart cards that are being incorporated into automobiles, internet-of-things devices, the smart grid and distributed control systems.

But first the agency needs to establish the requirements and evaluation criteria that will guide the review of the algorithms.

The vulnerability, called EFAIL, is exploitable against encrypted email, including previously transmitted mail, according to researchers.

Viz také komentáře:

• PGP and S/MIME decryptors can leak plaintext from emails, says infosec professor.
• PGP and EFAIL: Frequently Asked Questions.
• Details on a New PGP Vulnerability
• Efail: Was Sie jetzt beachten müssen, um sicher E-Mails zu lesen
• PGP und S/MIME: So funktioniert Efail

Mark Kaelin: Protecting customers´ personal data is vitally important to the future success of every organization. Encrypting that data with one of these apps is a good place to start.
Numerous high-profile events in 2017 and early 2018 have made it abundantly clear that all enterprises and government agencies are responsible and liable for the protection of personal data collected from customers and clients—no exceptions. New regulations, such as the GDPR, which goes into effect May 25, 2018, will back those expectations of protection with substantial penalties and fines for the noncompliance.
To avoid potential fines, organizations need to demonstrate initiative by establishing measurable security protocols that protect collected personal data. One of most common methods for protecting stored data is encryption.

Různé verze tabulky DEIN STAR, které byly používány agenty BND v NDR do roku 1989 lze vyhledat na tomto zajímavém webu.

In (In)secure Magazine Issue 27, March 2018.

Blockchain technology promises to solve many complex problems across different business sectors and industries, and Bitcoin is breaking value records seemingly every hour. But many don’t understand how the two really work, and use the two words interchangeably as if they were synonymous.
One important thing to remember is that blockchain can exist without Bitcoin, but Bitcoin cannot exist without a blockchain.
Bitcoin is a digital currency that was created in 2009. Only 21 million Bitcoins can ever be created (mined), and it is estimated that the last coin will be produced in 2140.
It is exchanged on a decentralized, peer-to-peer network, meaning that there is no central server or authority (i.e., a central bank) that regulates it. In the beginning, the Bitcoin network was operated by volunteers who had a full Bitcoin protocol stack installed on their private computers. However, the network’s operation has mostly been taken over by specialized data centers.
Bitcoin operates on a cryptographic protocol, is fully transparent and open source. As it’s not backed by a real authority, the health of the system depends entirely on the trust people have in it. The value of Bitcoin is determined by the amount people are willing to pay for it.

Na výrobě letadla se dnes podílejí desítky a stovky dodavatelů • Honeywell patří k těm nejdůležitějším • Navštívili jsme jeho brněnskou inženýrskou pobočku

Kdo řídí digitální transformaci a jakou roli má mít dnes v podniku šéf IT? Výsledky, akvizice a burzy.

You probably have a picture of a typical investigative journalist in your head. Dogged, persistent, he digs through paper trails by day and talks to secret sources in abandoned parking lots by night. After years of painstaking investigation, the journalist uncovers convincing evidence and releases the bombshell report. Cover-ups are exposed, scandals are surfaced, and sometimes the guilty parties are brought to justice.

This is a formula we all know and love. But what happens when, instead of investigating a corrupt politician or a fraudulent business practice, journalists are looking into the behavior of an algorithm?

In an ideal world, algorithmic decision-making would be better than that made by humans. If you don’t program your code to discriminate on the basis of age, gender, race, or sexuality, then you may think these factors shouldn’t be taken into account. In theory, the algorithms should make decisions based purely on the data, in a transparent way.

Reality, however, is not ideal; algorithms are designed by people and draw their datasets from a biased world. Hidden prejudices may lead to unintended consequences. Furthermore, overconfidence in algorithms’ performance, misinterpretation of statistics, and automated decision-making processes can make appealing these decisions extremely difficult.

Even when decisions are appealed, algorithms are usually incapable of explaining “why” they made a decision: careful, statistical analysis is needed to disentangle the effects of all the variables considered, and to determine whether or not that decision was unfair. This can make explaining the case to the general public—or to lawyers—very difficult.

AI Behaving Badly

A classic example of recent investigative journalism about algorithms is ProPublica’s study of Broward County’s recidivism algorithm. The algorithm, which delivers “risk scores” assessing an accused person’s likelihood of committing more crimes, helps judges determine an appropriate sentence.

ProPublica found the algorithm to have a racial bias—it was more often incorrectly assigning high risk scores to black defendants than white. Yet Northpointe, the company that made the software, argued it was unbiased. The higher rate of false positives for black defendants could be due to the fact that they are arrested more often by the police.

It’s illustrative of how algorithms fed on historical data can perpetuate historical biases. Hirevue’s algorithm assigns scores to candidates for jobs, records job applicants, and analyzes their verbal and non-verbal reactions to a series of questions. It then compares that score against the highest-performing employees currently at the company, as a substitute for a personality test. Critics of the system argue that this just ensures your future employees look and sound like those you’ve hired in the past.

Even when algorithms don’t appear to be making obvious decisions, they can wield an outsized influence on the world. Part of the Trump-Russia scandal involves the political ads bought on Facebook; its micro-targeting was enabled by Facebook’s algorithm. Facebook’s experiments in 2012 demonstrated that the ads could nudge people to go to the polls by altering what they saw in the newsfeed. According to Facebook, this experiment pushed between 60,000-280,000 additional voters to go to the polls; that number could easily exceed the margin of victory in a close election.

Just as we worry that legislators will struggle to keep up with rapid developments in technology, and that tech companies will get away with inadequate oversight of bad actors with new tools, journalism must also adapt to cover and explain “the algorithms beat.”

The Algorithms Beat

Nick Diakopoulos, Director of the Computational Journalism Lab at Northwestern University, is one of the researchers hoping to prevent a world where mysterious, black-box algorithms are empowered to make ever more important decisions, with no way of explaining them and no one held accountable when they go wrong.

In characterizing “the algorithms beat,” he identifies four main types of newsworthy stories.

The first type is where the algorithm is behaving unfairly, as in the Broward County case. The second category of algorithmic public-interest stories arise from errors or mistakes. Algorithms can be poorly designed; they can work from incorrect datasets; or they can fail to work in specific cases. Then, because the algorithm is perceived as infallible, errors can persist, such as graphic or disturbing videos that slip through YouTube’s content filter.

The third type of story arises when the algorithm breaks social norms or even laws. Google’s predictive search algorithm has been sued for defamation by an Australian man for suggesting the phrase “is a former hitman” as an autocomplete option after his name. If an advertising company hired people to stand outside closing factories advertising payday loans and hard liquor, there might be a scandal, but an algorithm might view this behavior as optimal. In what might be considered a parallel case, Facebook allowed advertisers to target white supremacists.

Finally, the algorithms may not be entirely to blame: humans can use or abuse algorithms in ways that weren’t intended. Take the case detailed in Cathy O’Neil’s wonderful book, Weapons of Math Destruction. A Washington teacher was fired for having a low “teacher assessment score.” The score was calculated based on whether standardized test scores for the students improved under a specific teacher. But this created a perverse incentive: teachers lied and inflated the scores their students received. Those who didn’t cheat and inflate the scores were fired. The algorithm was being abused by the teachers—but, arguably, it should never have been used as the main factor in deciding who got bonuses and who got fired.

Finding the Story

So how can journalists hope to find stories in this new era? One way is to obtain raw code for an audit. If the code is used by the government, such as in the 250+ algorithms tracked by the website Algorithm Tips, freedom of information requests may allow journalists to access the code.

If the bad behavior arises from a simple coding error, an expert may be able to reveal it, but issues with algorithms tend to be far more complicated. If even the people who coded the system can’t predict or interpret its behavior, it will be difficult for outsiders to infer a personality from a page of Python.

“Reverse-engineering” the algorithm—monitoring how it behaves, and occasionally prodding it with a well-chosen input—might be more successful.

AlgorithmWatch in Germany gathers data from customers to see how they are affected by advertising and newsfeed algorithms; WhoTargetsMe is a browser plugin that collects information about political advertising and tells them who’s trying to influence their vote. By crowdsourcing data from a wide range of people, its behavior in the field can be analyzed.

Investigative journalists, posing as various people, can attempt to use the algorithms to expose how they behave—along with their vulnerabilities. VICE News recently used this to demonstrate that anyone could pose as a US Senator for the purposes of Facebook’s “Paid for by…” feature, which was intended to make political ads transparent.

Who’s Responsible?

Big tech companies derive much of their market value from the algorithms they’ve designed and the data they’ve gathered—they are unlikely to share them with prying journalists or regulators.

Yet without access to the data and the teams of analysts these companies can deploy, it’s hard to get a handle on what’s happening and who’s responsible. Algorithms are not static: Google’s algorithms change 600 times a year. They are dynamic systems that respond to changing conditions in the environment, and therefore their behavior might not be consistent.

Finally, linking the story back to a responsible person can be tough, especially when the organizational structure is as opaque as the algorithms themselves.

As difficult as these stories may be to discover and relate accurately, journalists, politicians, and citizens must start adapting to a world where algorithms increasingly call the shots. There’s no turning back. Humans cannot possibly analyze the sheer volume of data that companies and governments will hope to leverage to their advantage.

As algorithms become ever more pervasive and influential—shaping whole nations and societies—holding them accountable will be just as important as holding politicians responsible. The institutions and tools to do this must be developed now—or we will all have to live with the consequences.

Image Credit: Christopher Edwin Nuzzaco / Shutterstock.com

Analytici zveřejnili statistiky prodejů smartphonů, tabletů a chytrých hodinek. Zatímco první dva segmenty klesají, chytré hodinky po letech chytily druhý dech a meziročně téměř zdvojnásobily! Za takovýmto růstem stojí zejména dvě značky: Apple a FitBit. V příštím kvartále budou mít analytici ...

Vědci vyvinuli nový systém řízení ve zhoršených podmínkách • Autonomní systém si poradí s přísunem omezených dat ze senzorů • Technologie napodobuje chování člověka