According to reports, there may be a back door built into Skype, which allows connections to be bugged. The company has declined to expressly deny the allegations. At a meeting with representatives of ISPs and the Austrian regulator on lawful interception of IP based services held on 25th June, high-ranking officials at the Austrian interior ministry revealed that it is not a problem for them to listen in on Skype conversations.
The UK banking industry chose to deploy Chip & PIN cards that do not encrypt the data exchanged between the card and the PED during a transaction. By tapping these communications, fraudsters can obtain the PIN and create a magnetic strip version of the card to make ATM withdrawals in the UK and abroad. We examined two of the most popular PEDs used in the UK and found that cardholders are exposed to simple and cheap attacks.
Our investigations of why this failure took place also discovered flaws in the certification system which is supposed to protect customers. Overall responsibility for certification lies with the banking industry itself and the process of evaluation is hidden from the public. Despite our findings, none of the PEDs we examined are to be removed from service.
In a story in today's Washington Post, Assistant Attorney General for National Security Kenneth Wainstein candidly admitted that the problems with FISA (the asserted impetus to the need for new surveillance legislation) are not with foreign-to-foreign telephone calls.
Hooray for GPG.
Today eight colleagues and I are releasing a significant new research result. We show that disk encryption, the standard approach to protecting sensitive data on laptops, can be defeated by relatively simple methods.
Silently tapping into a private cell phone conversation is no longer a high-tech trick reserved for spies and the FBI. Thanks to the work of two young cyber-security researchers, cellular snooping may be soon be affordable enough for your next-door neighbor.
...
Combined with a radio receiver, the pair say their technique allows an eavesdropper to record a conversation on these networks from miles away and decode it in about half an hour with just $1,000 in computer storage and processing equipment.
Hulton, director of applications for the high-performance computing company Pico, and Muller, a researcher for mobile security firm CellCrypt, plan to make their decryption method free and public. In March, however, they say they'll start selling a faster version that can crack GSM encryption in just 30 seconds, charging between $200,000 and $500,000 for the premium version.
A federal judge in Vermont has ruled that prosecutors can't force a criminal defendant accused of having illegal images on his hard drive to divulge his PGP (Pretty Good Privacy) passphrase.
U.S. Magistrate Judge Jerome Niedermeier ruled that a man charged with transporting child pornography on his laptop across the Canadian border has a Fifth Amendment right not to turn over the passphrase to prosecutors. The Fifth Amendment protects the right to avoid self-incrimination.
Local mirror of ruling that one cannot be forced to give up one's encryption passphrase
