FBI wants backdoors

Recently, the director of the FBI, James Comey, stated that unless the government is give special access cell phone encryption will prevent them from doing their job, ie stopping terrorists. He noted “both real-time communication and stored data are increasingly encrypted,” which prevents them for “lawfully pursuing criminals”.

He wishes to expand on the Communications Assistance for Law Enforcement Act(CALEA) from 1994 which mandated that telephone companies build backdoors in their equipment for wiretapping. But currently law forces communication companies to do so.

The director of the FBI stated that the default encryption in iOS 8 and the soon to be default for Android, will block law enforcement from gathering all evidence against a suspects and the solution to the problem is the tech companies build “front-doors” on the cell phones.

“”We aren’t seeking a back-door approach,” Comey said, referring to a common term          for encryption that has been intentionally weakened. “We want to use the front door,            with clarity and transparency, and with clear guidance provided by law,” including court      orders, he said.”

He also notes that “adversaries will exploit any vulnerability they find” and to reduce the risk from the backdoor there should be a development of “intercept solutions during the design phase”.

-Chris Lazarus

Navajo Code Talkers

-Chad Johnson

The Navajo Code Talkers program was proposed and implemented at the beginning of WWII by Philip Johnston. Johnston was a WWI vet that was raised on a Navajo reservation and was one of only about an estimated 30 non-Navajo’s who could understand the language.

The reason the Navajo language was so appealing was because of the complexity and uniqueness of the grammar, dialect, and the language itself. It was an unwritten langue and so complicated even the closest of other tribes could not understand it. It was approved after a demonstration Johnston had set up where he demonstrated, under simulated combat conditions, that Navajo men code encode, transmit, and decode a 3-line message in 20 seconds. Given the technology at the time, this same message would take approximately 30 minutes to do with machines.

Most of the code was a variation on the military’s phonetic alphabet, although specific code words were given to more commonly used military terms and definitions (I.E.  “silver oak leaf” given to the rank of lieutenant colonel).

During the first few days of Iwo Jima Major Howard Connor of the 5th Marine Division had Navjo Code Talkers working around the clock and would later credit them to the victory, saying “”Were it not for the Navajos, the Marines would never have taken Iwo Jima.”

The deployment of the Navajo code talkers continued through the Korean War and after, until it was ended early in the Vietnam War. The Navajo code is the only spoken military code never to have been deciphered.

China attacking iCloud

Apple is once again experiencing drama surrounding its iCloud service, as China has begun man in the middle attacks against iCloud users in its country.  A man in the middle attack is like eavesdropping on a connection: the attack poses as a connection between the victim and the service of choice to record the information the victim sends then forward it on to the service.  This makes the connection appear normal to the victim while in fact their information is being compromised.  This attack against iCloud is a clear attempt by China to gain the personal information of its citizens, including data from iMessage, photos, contacts, and credentials.

There is much speculation as to the reason for the attacks.  Some believe that this attack is in response to Apple’s new default security measures being placed on their mobile devices.  Another possibility is that the attacks are linked to the so-called “Umbrella Revolution” currently taking place in Hong Kong.  Whatever the true cause, this is not the first time China has performed such attacks and surely will not be the last.

https://en.greatfire.org/blog/2014/oct/china-collecting-apple-icloud-data-attack-coincides-launch-new-iphone

Tyler Zimmermann

Another Leaky Cloud – Dropbox gets Breached

It seems as though it’s been a double whammy for the cloud storage service, Dropbox, this week. After announcing a bug that caused peoples files to get deleted unintentionally they have been victim to a third-party breach. Hackers infiltrated a third-party service used for storing peoples Dropbox logins and made a database out of them. The hackers are taking Bitcoin donations to show more of the database.

Don’t worry, Dropbox has reset everyone’s passwords already, and most of the passwords were expired anyway. However, you should still change your password. This also goes to show the internet is a dangerous place and you should only use a typewriter. Also, buy tinfoil hats or the government will read your thoughts.

http://9to5mac.com/2014/10/13/hackers-claim-to-have-a-database-of-nearly-7-million-dropbox-credentials-service-denies-it-was-breached/

You May Soon Regret Sending that Snapchat

Snapchat has been quite popular among smartphone users in the past two years. It has given users the ability to send possibly embarassing photos of themselves to others without the fear of anyone else seeing them ever again. For a while, Snapchat blocked the ability to screenshot the photos, and during that time, websites like SnapSaved have allowed users to secretly save every snapchat that they receive.

That has been great for users, until now. SnapSaved.com has announced that

[We] would like to inform the public that snapsaved.com was hacked… We had a misconfiguration in our Apache server. SnapChat has not been hacked, and these images do not originate from their database.

This can spell trouble for many people. With Snapchat being used by people of all ages and many of these people using SnapSaved.com, this is a huge privacy leak. Nearly two hundred thousand Snapchats were leaked.

A blogger named Kenny Withers has been keeping updated posts of 4Chan about the leak, and claims that there is a torrent of 13GB of all the photos and videos. It is believed that a large amount of these photos are of intimate nature. This leak comes as a harsh reminder to users that even though it seems like the photo “disappears,” it really doesn’t go away.

You can read the original article here: http://nakedsecurity.sophos.com/2014/10/13/the-snappening-snapchat-images-flood-the-internet-after-snapsaved-com-hack/