Let’s Encrypt is not in Beta anymore

Let’s Encrypt – anew Certificate Authority, which is free, open, and automated – announced that it’s leaving beta.  Just look at how many SSL certificates they’ve issued, and at what rate!

Issuance-April-10-2016

I’ve first written about Let’s Encrypt back in November 2014.  It hasn’t been that long ago, but boy, what a journey!

WhatsApp introduces end-to-end encryption for everything

WhatsApp introduces end-to-end encryption for all communications – chats, pictures, videos, etc.  I’m sure it’ll help them get more individuals and businesses on the network, as well as probably ban the app in a handful of countries.

WhatsApp has always prioritized making your data and communication as secure as possible. And today, we’re proud to announce that we’ve completed a technological development that makes WhatsApp a leader in protecting your private communication: full end-to-end encryption. From now on when you and your contacts use the latest version of the app, every call you make, and every message, photo, video, file, and voice message you send, is end-to-end encrypted by default, including group chats.

The idea is simple: when you send a message, the only person who can read it is the person or group chat that you send that message to. No one can see inside that message. Not cybercriminals. Not hackers. Not oppressive regimes. Not even us. End-to-end encryption helps make communication via WhatsApp private – sort of like a face-to-face conversation.

You are your phone

Fig 1
Barcode of smartphone use over two weeks.Black areas indicate times where the phone was in use and Saturdays are indicated with a red dashed line. Weekday alarm clock times (and snoozing) are clearly evident.

Here are a couple of quotes from the “You are your phone” article:

Even obscure variables such as how frequently a user recharges the phone’s battery, how many incoming text messages they receive, how many miles they travel in a given day or how they enter contacts into their phone — the decision to add last name correlates with creditworthiness — can bear on a decision to extend credit.

and

The test subjects used their phones more than five hours a day, on average. Much of that usage went on unconsciously, the researchers found. When the subjects were asked to estimate how often they checked their phone during a day, the average answer was 37 times. The tracking data revealed, however, that the subjects actually used their phones 85 times a day on average, more than twice as often as they thought.

It’s an interesting read, though not too surprising.

Weird New Tricks for Browser Fingerprinting

I’ve given up on privacy and security a long time ago.  So I don’t really care much.  But every time when my position is reinforced with things like “Weird New Tricks for Browser Fingerprinting“, I still lose some sleep for some reason.  And she is on the good side too …

Alex Stamos : AppSec is Eating Security

I’m throwing this into the pile of arguments for “security and privacy are little but myths” discussions.  If top of the top companies, with multi-million budgets and hundreds or thousands of top security professionals get compromised, how realistic is it for the average Joe to protect his business?  I say – not very.

I think 80% of problems can be prevented with the 20% time and effort investment: minimize attack surface by removing and disabling everything you don’t need or use and limiting access to everything else, use layered defense where possible, use encryption where possible and strong passwords if you have to, don’t rely on security through obscurity, have log analyzers and/or intrusion detection system installed, etc.  But most importantly, make peace with the fact that being compromised is not the question of “if”, but “when”.  Prepare yourself.  Have an offsite backup and know how to restore your services in a completely new environment, if necessary.

And as far as your privacy goes, if you put anything private on the Internet, as well, prepare for it to be stolen and leaked.  If it never happens, consider yourself lucky.  Otherwise, just learn to deal with it.  It’s very unpleasant in a variety of ways, but seldom deadly.

Via EtherealMind.

10 Conspiracy Theories That Turned Out To Be True

10 Conspiracy Theories That Turned Out To Be True – some I’ve heard about before, some are new to me.  I’ll keep the list here for further reading and research.

  1. The Gulf of Tonkin Incident
  2. Tuskegee Syphilis Experiment
  3. Project MKUltra
  4. Operation Northwoods
  5. CIA Drug Trafficking
  6. Operation Mockingbird
  7. COINTELPRO
  8. Operation Snow White
  9. Secret Global Economic Policies
  10. The US Government Illegally Spies On Its Own Citizens

Citizenfour

citizenfour

It’s been a long while (almost two years in fact), since I posted a movie review.  It’s not that I haven’t seen any good movies in this period, but more of the fact that I tend to sound repetitive when I write these.  Watch that, this one is awesome, etc.

Last night I’ve watched “Citizenfour“, and I have to say I’m shaken by that documentary.   And I’m not a privacy or security freak, and I was somewhat familiar with Edward Snowden’s story.  This film, while portraying his personality, is not so much about him, as it is about the state of affairs.

As a non-US citizen, I have very little interest in what the US government is doing.  I don’t particularly care if someone is recording my Internet traffic, Google searches, or the phone calls I make.  I’m not worried about ending up “on the list”, or anything like that.

But not everyone is like that.  I do understand how government surveillance can be used, how data can be analyzed, and how pressure can be applied.  And I do share the point of view that the balance of power between the government and the people is way off (and not only in the US), and that we are beyond the point of any meaningful individual resistance.  It’s just that I don’t do anything about it, and Edward Snowden did.

For me personally, quite a few things were new in this film.  It was interesting to learn about the variety of NSA and CIA programs, the depth of their rich, and the technology that is in place already.  Some of it does sound like science fiction future, but is in fact very possible.   The stuff about security access in the NSA, drone video feeds, data gathering, analysis and search, with real time notifications, etc – all that was insightful.

The other side to the movie that I found interesting was the whole process that was used to expose these documents.  There is in fact no framework as to how such things can be done, what should and shouldn’t be published, how things can be verified, etc.  The move to remove his own bias and pass on the responsibility onto the journalists was interesting.

Overall, I think that the more people see this movie, the better.  The issues raised are very important and we should know about them.  It doesn’t only affect criminals or terrorists or Americans.  It affects everyone.  In particular everyone who has a phone, or a computer with an Internet connection, or a credit card.  After all, there are 1,200,000 people on the US watch lists, and from what I understand, this list is growing fast.