What Is the U.S. Doing About Wassenaar, and Why Do We Need to Fight It? On May 20, 2015, the U.S.
Department of Commerce's Bureau of Industry and Security (BIS) published its proposed implementation of the December 2013 changes to the Wassenaar Arrangement. Untitled. SHB 2014. Security and Human Behaviour 2014. Obama orders US to draw up overseas target list for cyber-attacks. Barack Obama has ordered his senior national security and intelligence officials to draw up a list of potential overseas targets for US cyber-attacks, a top secret presidential directive obtained by the Guardian reveals.
The 18-page Presidential Policy Directive 20, issued in October last year but never published, states that what it calls Offensive Cyber Effects Operations (OCEO) "can offer unique and unconventional capabilities to advance US national objectives around the world with little or no warning to the adversary or target and with potential effects ranging from subtle to severely damaging".
It says the government will "identify potential targets of national importance where OCEO can offer a favorable balance of effectiveness and risk as compared with other instruments of national power". The aim of the document was "to put in place tools and a framework to enable government to make decisions" on cyber actions, a senior administration official told the Guardian. Heroku Forces Customer Upgrade To Fix Critical PostgreSQL Security Hole.
Heroku customers are getting first access to a critical update to the PostgreSQL database system that will patch a major security hole.
The overall PostgreSQL community will get access to an update on Thursday. Cyber-espionage and the Growing New Internet Nationalism. For something that was supposed to ignore borders and bring the world closer, the Internet is fostering an awful lot of nationalism right now.
We’re seeing increased concern about where IT products and services come from: U.S. companies are worried about hardware from China, European companies are worried about cloud services in the U.S., and Russia and China might each be building their own operating systems to avoid using foreign ones. A framework for building privacy-oriented apps. Posted on 25 February 2013.
At the RSA Conference 2013 in San Francisco, SpiderOak announced it is launching privacy into the mainstream with the unveiling of Crypton, a "zero-knowledge" application framework for building cryptographically secure applications. Such applications offer meaningful privacy assurance to end users because the servers running the application cannot read the data stored by end users. In the past, using cloud technologies meant definitively sacrificing privacy (having plaintext information viewable by 3rd party servers). This has changed as Crypton now empowers companies and developers to realize "zero-knowledge" privacy cloud environments out-of-the-box.
This is accomplished by transparently handling the complicated cryptography layers through Crypton and allowing companies to focus on domain specific challenges instead of figuring out how to push privacy and security after-the-fact. The Citizen Lab - University of TorontoThe Citizen Lab. 10 New Year’s Resolutions to Browse the Internet Safely in 2013. At Global Voices Advocacy (GVA), we are dedicated to defending freedom of expression online.
We have always been keen on publishing guides and tools to help our fellow netizens navigate the internet safely, circumvent censorship and protect themselves online. That is why, in 2013, we are committed to continue to defend your rights as netizens by publishing original reports and a new series of guides covering areas as diverse as circumvention, anonymity, surveillance, privacy, citizen journalism, visualization, online activism and advocacy. As 2012 draws to a close, dear reader, here at team Advox, we've decided to suggest 10 resolutions for 2013, presented in the form of a review of the tools and strategies to protect yourself online. This is a selection of the best ways and methods we've come across in 2012.
Remember that no one tactic will ever provide you with 100% security and safety online. . #1 – Hide your identity when using your mobile #2 – Learn good mobile reporting practices. Privacy in Ubuntu 12.10: Full Disk Encryption. See part 1 of Privacy in Ubuntu 12.10: Amazon Ads and Data Leaks.
Full Disk Encryption (FDE) is one of the best ways you can ensure all of the private information on your laptop stays private in case it's lost, seized, stolen, or if you choose to sell or give away your computer in the future. Unsafe at Any Bitrate News. Virtual machine used to steal crypto keys from other VM on same server. Piercing a key defense found in cloud environments such as Amazon's EC2 service, scientists have devised a virtual machine that can extract private cryptographic keys stored on a separate virtual machine when it resides on the same piece of hardware.
The technique, unveiled in a research paper published by computer scientists from the University of North Carolina, the University of Wisconsin, and RSA Laboratories, took several hours to recover the private key for a 4096-bit ElGamal-generated public key using the libgcrypt v.1.5.0 cryptographic library. When It Comes to Human Rights, There Are No Online Security Shortcuts. Photo courtesy Benetech As one of people who built Martus, an encrypted database used by thousands of human rights activists around the world, I routinely confront the needs of users who are not in wealthy countries, as well as the difficult problem that creating real, easy-to-use security poses.
My thoughts here are focused on the democracy activists, citizen journalists, and human rights workers in the world’s toughest political environments. These are our Martus users, and my colleagues and friends. These are people who need security more than just about anyone: it can be literally a question of life and death. Patrick Ball has spent over 20 years applying scientific measurement to human rights. One thing that makes that already difficult situation worse, though, is when otherwise well-informed people give bad advice about what is and is not secure.
To Profile or Not to Profile? Internet & location privacy/security. Travel - privacy/security.