|
|
Check out the search engines for other news articles related to security and cryptography.
Find out where your elected representatives stand on privacy and security issues.
 |
Will quantum cryptography be able to preserve our secrets from the quantum computer? [01, 02, 03] This is a question the researchers involved in Los Alamos' quantum crypto experiment hope to be able to answer. |
|
The trial of Nicodemo Scarfo in Newark, NJ
on charges of loan-sharking could prove to be a landmark case in defining
the limits to which the Government may go to obtain electronic data
protected by encryption. Frustrated by their inability to crack the
defendant's encryption, the FBI installed a keystroke monitor on Mr.
Scarfo's PC to learn his encryption keys. The judge in the case will soon
rule whether or not the evidence obtained as a result of the keystroke
monitor are admissible as evidence. More: [01,
02, 03,
04] UPDATE: Judge Nicholas Politan has ruled that evidence obtained through use of the keystroke monitor was legally obtained, and that details of the keystroke monitor's operation will not be disclosed. [05, 06, 07, ] |
|
After delivering his paper at DEFCON in Las Vegas, a Russian hacker was arrested for breaking Adobe Software's encryption. He was charged with violating the Digital Millenium Copyright Act. More: [01, 02] |
|
Ouch! Weak crypto bites the movie industry real hard! The
CSS encryption scheme used to copy-protect DVDs was broken by some amateur enthusiasts
from Norway calling themselves the Masters of Reverse Engineering (MoRE). The two primary
flaws contributing to the system's failure were apparently 1) a "very weak" CSS
crypto algorithm, and 2) human error (one of the licensees left his key unprotected).
Threats against the developers of DeCSS prompted a group of Linux aficionados to "mirror" download sites for the software
worldwide. More details on the caper are available from Wired News (1, 2, 3, 4);
technical details are available on Frank Stevenson's
website. UPDATE: This case rambles on through the court system... After some setbacks, the "Crackers" have won a battle: a California state Appealate Court has ruled that the DeCSS code is protected under the First Amendment as "free speech". |
|
Recent security compromises of e-commerce websites have resulted in a consensus: 81 percent of surveyed consumers believe that online shopping will expose their credit card data to fraud and unauthorized use. Security professionals point out that encrypting sensitive e-commerce data prior to storage is the best protective technique available. |
|
Just when you thought it was safe to... A new "security" product developed by Raytheon called "SilentRunner" makes the FBI's "carnivore" look wimpy by comparison. Proponents of the software claim it is extraordinarily effective technology; critics see it as a tool employers may use to violate personal privacy. Raytheon demonstrated the effectiveness of the program by ferreting out and filing suit against 21 of its own employees for criticizing the company in a public forum. Meanwhile, the product's chief architect may be for hire. See Jeffrey Benner's article in WiredNews for more details, and his report on privacy in the workplace. More:[01] |
|
One of the FBI's own agents rats out NSA secrets to Russians for cash... Philip "Ramon" Hanssen allegedly used encryption technologies to deliver sensitive information to the Russian FAPSI. It is bizarre irony that Hanssen's boss, Louis Freeh - the Director of the FBI, may use this incident to renew his campaign to have encryption technology banned. More:[01, 02, 03] |
 |
On October 2, 2000 the US Secretary of Commerce announced that the National Institute of Standards and Technology (NIST) has selected the algorithm called "Rijndael" for the Advanced Encryption Standard. If approved, Rijndael could become the new DES as soon as Spring of 2001. |
|
Now it seems that the US Treasury Dept. is fretting about widespread use of encryption technology. In an address to the CIAT General Assembly on July 10, 2000 Secretary of the Treasury Lawrence Summers expressed concern that encryption could be used to hide relevant tax details from tax administrators. See the article in WiredNews. |
|
Will the FBI's "carnivore" eat the Fourth Amendment? The American Civil Liberties Union (ACLU), the Electronic Privacy Information Center (EPIC) and others are concerned that it might. See articles in WiredNews and CNN. |
|
The FBI is flush with cash to fund the implementation of CALEA (see also) - legislation that requires the "telephone companies" to redesign their network equipment to make it easier for the FBI to set up wiretaps. (NOTE: If you want to visit the FBI's website, you can't use Zero Knowledge Systems' privacy service.) |
|
The Electronic Signatures in Global and National Commerce Act (1, 2, 3) was signed into law by President Bill Clinton on June 30, 2000. The bill has been heralded as a boon for electronic commerce, but in fact it simply gives e-signatures the same force under the law as traditional, pen-and-ink signatures. While legal recognition is an important step, the infrastructure required to validate e-signatures remains incomplete. As an historical sideline, we note that President Clinton's first experience with digital signatures occurred in September, 1998 when he and Ireland's Prime Minister signed an e-commerce agreement. |
|
Variances in the political and legislative agendas of Ireland and the UK regarding encryption technology provide real food for thought. According to WiredNews the UK is considering legislation that provides for a two-year prison term for individuals refusing to surrender their encryption keys to the Government. Ireland on the other hand is pondering legislation that specifically denies law enforcement access to encryption keys. Hmmm - perhaps living in a "privacy-friendly" country is far more important than the size of your encryption keys? |
|
Will relaxation of the export restrictions on encryption software cost US citizens their Bill of Rights? The Clinton Administration continues their march toward increasing the Government's powers to wiretap, and conduct search-and-seizure operations if "they" feel encryption is being used to avoid detection. There is mounting evidence that wholesale violations of Americans' rights occur as a result of a practice known as a "handoff". Meanwhile, S.1769 has been signed into law requiring law enforcement to report encounters of encrypted communications. |
|
We're reminded by President Clinton's recent visit to the Navajo reservation that cryptography doesn't have to be based on arcane mathematical algorithms to be effective. During WWII Navajo "code talkers" played a critical role in The Allies' victories in the Pacific theater - while other ciphers in use at the time were broken, the Navajo's native tongue provided secure communications channels that the Japanese were unable to decode. However - it's not entirely clear that the Navajos appreciated Clinton's attention; only a dozen or so of the code talkers showed up for the ceremony. Perhaps as WiredNews suggested their sparse attendance signified their feelings about war... or maybe they just didn't like Clinton's agenda? |
|
Still not satisfied? On April 4, 2000 the Sixth Circuit US Court of Appeals issued a decision reversing a lower court ruling made in July, 1998 that cryptographic software was not covered by the First Amendment. This decision is the latest development in a lawsuit filed by Prof. Peter Junger, a professor at Case Western University's law school, after being informed that he would need a license to post a chapter of his book online. The ruling is consistent with the ruling by the Ninth Circuit US Court of Appeals in May, 1999 in the Bernstein case. While neither court's decisions struck down current regulations, analysts believe it will make it very difficult for the US Government to successfully prosecute violations. |
|
Dick Armey (g-r-r-r-reat name) the House Majority Leader says, "The Administration is full of double-talk on Internet privacy". "While the President lectures the IT industry about the importance of privacy to consumers, his Administration wants to let Big Brother track our every move on the web." Want more?... see WiredNews. |
|
Did we hear the other shoe drop? Less than a week after relaxing export controls on cryptographic software, it has been learned that the Clinton administration is pushing for broad new powers to break into and monitor the computers of suspects for the purpose of obtaining their encryption keys. Privacy advocates call the originally proposed legislation "scary"; it was revised, but a recent letter from Janet Reno to the House Majority leader indicates the Administration seems to think that they don't need the legislation to break into computers. |
|
The long-awaited regulations to implement the Clinton administration's promise to relax export controls have been postponed no longer. The new regulations have been posted without a lot of fanfare or publicity. |
|
The long-awaited regulations to implement the Clinton administration's promise to relax export controls have been postponed. The administration had previously stated that the new regulations would be in place by Dec. 15, 1999. Media reports (1, 2) now indicate that representatives of the Dept of Commerce's Bureau of Export Administration have indicated the regulations will be issued on Jan 14, 2000. |
|
The SAFE Bill (H.R. 850) has passed through all five committees, and is finally headed for consideration by the full House of Representatives in September or October. Among other things, H.R. 850 would make it illegal for the US Government to require key escrow ("backdoor") features in encryption software, and could liberalize export restrictions. A summary of the bill is available on the "Thomas Jefferson" website. The ACP has made it easy if you want to let your Representative know you support this bill. |
|
RSA, a business component of Security Dynamics, and sponsor of the "Crack DES" contests may be learning the old adage "those who live in glass houses shouldn't throw stones". Their corporate jewel, the RSA public key algorithm has fallen to a brute force attack conducted by a group of researchers in the Netherlands armed with a supercomputer. See the AP article at MSNBC under the heading of Technology Goofs and Glitches, and check out RSA's spin control page. |
|
A couple of articles (1, 2) show the dichotomy in the current "crypto debate"... A recent survey shows that security breaches of corporate networks has doubled in the last year, while the FBI and Clinton Administration continue to lobby for "back doors" and stronger controls over a technology that provides protection from these breaches. |
|
They're ba-a-a-ck! The US Department of Justice has petitioned for a rehearing of the recent decision by the Ninth US Circuit Court of Appeals that struck down President Clinton's executive order restricting cryptographic software exports as unconstitutional. Meanwhile, on the legislative front... |
|
Are we alone? Maybe not alone, but lonely... the Electronic Privacy Information Center (EPIC) conducted a worldwide survey of encryption policies, and found that few of the 230 countries surveyed support key escrow (aka key recovery) or domestic controls. The study also found a trend toward liberalization, contrary to that promoted by US law enforcement and the White House. See also: WiredNews |
|
The Ninth US Circuit Court of Appeals has ruled that the
US Government's restrictions on the export of encryption software is a violation of the
First Amendment. However, the decision apparently applies only to source code, and not
compiled executable code. See: CNN | WiredNews | Yahoo | San Jose Mercury | Washington Post |
|
Ehud Tenebaum, a.k.a. "Analyzer", the hacker Israeli Prime Minister Benjamin Netanyahu referred to as "damn good... and dangerous" finds himself under indictment by the Israeli gov't for his exploits. |
|
Using a free e-mail account? The FBI believes that attacks against the 50-100 million free online email accounts are the "most widespread form of online intrusion". |
|
Dan Froomkin and Amy Branson did an article entitled "Deciphering Encryption" for the Washington Post. It gives a good overview of the current political debate between those in Government who seek to control the sale and use of cryptography, and those who oppose them. |
|
Intel has designed a unique ID feature
into its new Pentium III line of processors that has privacy activists up in arms. While
the company is no stranger to adverse publicity (remember the Pentium "floating point
bug"?), it is unclear whether the pressure of public opinion will cause the company
to change course. Some are calling for a boycott of products built with the new
processors, while industry supporters of the concept like Scott McNealy (Pres., Sun
Microsystems) say "get
over it". |
|
Code-Breaking Record Shattered... A new record was established for a successful brute-force attack on a DES-encrypted message. Using their $250,00 machine the Electronic Frontier Foundation collected its second $10,000 prize from contest sponsor RSA Data Security for deciphering the encrypted message in 22.25 hours. |
|
Dec 10, 1998 was the 50th birthday of the United Nations, the organization that authored the Universal Declaration of Human Rights. The recent agreement-in-principle among the member Governments of the Wassenaar Arrangement to restrict cryptographic software is seen as counter to human rights by some... are secure communications (and thus strong cryptography) a human right? See the article below about the Wassenaar Arrangement. |
|
Wired News reports that an analysis conducted by an Australian security firm shows that 79% of the ISP users surveyed there were "infected" with the Back Orifice (BO) hacker code. One wonders if these statistics are representative of the infection rates for the rest of the world... if so, this is a BIG problem! Also see.... |
|
A really good follow-up on the NY Times hacking incident: an interview with "Slut Puppy" and "Master Pimp" in an article by Adam Penenberg in Forbes Magazine. |
|
An article in Wired News reports that Hewlett-Packard has announced a new hardware-based cryptosystem called Embassy that provides your friendly local Government to control the type and strength of encryption you use. It will begin shipping with NEC computers next year. Like it?... neither does the EFF. |
|
The Legions of the Underground claimed responsibility for hacking China's human rights website, calling the website's contents "total bullshit propoganda". Further details are available from the Antionline site and Wired News. |
|
A free software program called "John the Ripper" is said to be the primary tool used by an unknown hacker to obtain over 48,000 passwords from computer systems all over the world. According to published articles (cbs.com), despite FBI involvement the hacker's identity will probably never be known. |
|
More security issues in the Netscape Navigator browser were revealed by Dan Brumleve, the discoverer of the original "Cache-Cow" flaw in Navigator version 4.06. Brumleve has labeled the new flaw "Son of Cache-Cow". Brumleve has demonstrated that it is possible for a website operator to pilfer credit card numbers and other sensitive information stored in the browser's cache. To quickly see what Cache-Cow is about, simply type "about:cache" in Netscape's location box. |
|
A Wired News article suggests that the ACP campaign to overhaul the US Government's restrictive posture on export of crypto software may be wearing thin after an expensive campaign that has produced uncertain results. |
|
What's the Wassenaar Arrangement, and what does it have to do with export policies on cryptographic software? Chris Jones explains all in this article in Wired News. |
|
The Canadian Government announces their new policies on export of cryptographic software at a National Press Club meeting on October 1, 1998. |
|
In a statement released by the White House Press Secretary on September 16, 1998 the Clinton Administration announced that they are updating US policy governing the export of strong encryption software (the text of the briefing). The new policy allows for export of 56-bit DES encryption products to all but seven terrorist countries after a "one-time review" of the product, and allows for export of unlimited keylength encryption products for selected industries in 45 countries under what is referred to as a "license exception" (see Fact Sheet for other details). Procedures for conducting "one-time reviews" and "license exceptions" have not been put in place as yet; exports will be delayed until these procedures are put in place by the US Dept of Commerce. Is this good news? - The ACP says "maybe". |
|
What the heck is CALEA, and why should you care? The Communications Assistance for Law Enforcement Act was signed into law by President Clinton in 1994. It was designed to give law enforcement the capability to conduct wiretaps of digital lines, and required the telecommunications carriers to alter their networks to support these wiretaps by October, 1998. The FCC recently announced it will extend this deadline to allow time for some critical issues to be resolved. CALEA is a "biggie"... the implementation costs are big ($??? -to be borne by telco customers), and the scale of wiretaps is big (2.2 million in 1996 according to the Dept of Justice). The Telecommunications Industry Association has a page devoted to their efforts to achieve compliance with CALEA. The Center for Democracy and Technology has published a review and comments to CALEA (for those interested in the details), and a discussion of the relationship between CALEA and domestic encryption controls. The Electronic Privacy Information Center has gone on record as recommending CALEA implementation be delayed to address potential abuses in its implementation, and the FBI's disregard for Congressional limitations. |
|
A group calling itself "H4CK1NG F0R G1RL13Z" (HFG) has claimed responsibility for hacking the New York Times' website on Monday, Sep. 14, 1998. According to an article in Wired News, this was the first attack on a "major media Web site". Antionline also carried details on the hack including an archive of the hacked site. Also, see this follow-up article on the NY Times hack (9/16/98), and a very good article at news.com. HFG claimed the hack was conducted as revenge for two recently published books, one about Kevin Mitnick that was co-authored by a John Markoff, a NY Times reporter, the other by Carolyn Meinel titled "The Happy Hacker". |
|
U.S. Representative Bill Tauzin (R-LA) stated in an interview with ZDNN that he was optimistic that the Congress would pass a crypto bill this session that would not "... give the FBI the keys to the encryption system". |
|
Digital signatures were used by President Clinton and Bertie Ahern, the Prime Minister of Ireland, to sign an agreement on electronic commerce. While noteworthy due to the fact that it was the first agreement signed by two heads of state using digital signature technology, it is perhaps more interesting that President Clinton was made a dupe by the Irish. The cryptographic technology Clinton used to sign the agreement was supplied by an Irish company, thus underscoring the impact of US export regulations on cryptographic technology. It is not known whether Clinton's decision to use foreign cryptographic technology for this historic event was due to ignorance, or in deference to laws restricting his ability to take US cryptographic technology to Ireland with him. |
|
The fifteen candidates for the Advanced Encryption Standard were announced by the NIST on August 20, 1998. According to the release, the required analysis and final selection are unlikely to be completed before 2001. The NIST maintains a website devoted to AES. |
|
Former employee performs an expensive hack on the US Coast Guard's personnel database... according to a cnn.com article it was recently revealed that a frustrated former employee of the US Coast Guard hacked into a key database containing personnel information and deleted much of the data. Compounding the problem, Coast Guard administrators apparently had made a faulty backup tape which resulted in $40,000 in labor costs to re-enter the data. |
|
Charles Booher, a programmer living in Sunnyvale, CA posted an encryption program on the Internet last year that has made him $20 richer and the subject of a Federal investigation. Wired News and CMPnet carried stories on Booher's struggles. |
|
Some serious security bugs have been found in e-mail clients from Netscape, Microsoft, and Eudora. The bugs allow hackers to covertly install and run malicious code disguised as an email attachment. All three developers have promised quick fixes for the problem. An update... |
|
The political battle over Government control of cryptographic technology heats up... John Hamre, the Secretary of Defense, told Fortune 500 executives at a conference in Aspen, CO on July 21 that no company has a "God-given right" to export encryption technology (Refs: #1, #2). Meanwhile, after unproductive negotiations with leading Government proponents of key recovery Americans for Computer Privacy launched a national TV ad campaign to generate support for removing Government restrictions on the export of cryptographic software. |
|
More new security bugs announced for Microsoft products: The Cult of the Dead Cow announced a utility named "Back Orifice" which would allow a hacker to remotely monitor and control Windows '95 and '98 systems (follow-on articles cover the debate over how serious a threat Back Orifice poses, and how to detect it: 01, 02). Also, a group of programmers from India have discovered a "privelege elevation vulnerability" that allows a user to gain Administrative control using undocumented Windows NT API calls. |
|
The "Pentagon Hackers", two teenagers who broke into US military computer systems learned that justice is swift and sure. |
|
Hackers diversifying? Two recent reports state that Time-Warner's television satellite system and PageMart's national paging system were hacked. |
|
Doing business in China? Look out for the Hong Kong Blondes! |
|
Cisco, H-P, Sun and Network Associates propose placing a "backdoor" into routers they call a "private doorbell" to allow law enforcement access to network traffic. A Wired News article suggests that this was a "sell out" on key recovery, but in fact it allows access to traffic before it is encrypted. Relax... it could be worse! |
|
While export of cryptographic technology is tightly controlled by the US Government for national security reasons, the present controversy over technology sales to China begs the question, "Does national security take a back seat to commercial considerations if the price is right?" The recent controversy over export of technology to China suggests that national security issues may be overlooked for due consideration. The Clinton administration has been accused of pushing sales of supercomputers, machine tools and satellites to the Chinese Government - a Government that has refused to discontinue sales of missiles to third-world nations with nuclear capabilities. Allegations have been made that these recommendations may have been bought by both Chinese and US commercial interests with campaign contributions. |
|
On 23 June, 1998 the US Dept of Defense announced that the NSA would release the specifications for its previously-classified "Skipjack" encryption algorithm. Skipjack is a symmetric encryption algorithm with an 80-bit keylength, and is used in NSA's FORTEZZA™ smart-card system for protection of sensitive-but-unclassified DoD information. Skipjack was the cornerstone of the notorious "Clipper chip" technology - the US Government's initial attempt to require domestic use of cryptosystem with a "back door" for eavesdropping on encrypted transmissions. It is noted that specifications for the Law Enforcement Access Field (LEAF) remain classified; LEAF was the mechanism which provided the back door to Skipjack-encrypted communications. Reactions to the announcement range from suspiscion to scorn to acceptance at face value. Eli Biham et al have already published an initial review of the algorithm, and suggest that its design may not have huge safety margins - this review is an interesting contrast to the analysis sponsored by the NSA in 1993. Publication of Skipjack may also provide an answer to the long-standing mystery of the anonymous posting of the S-1 algorithm in 1995. |
|
In an interesting contrast to Deputy Assistant Attorney General Robert Litt's opinions (see next article), there are those who believe that encryption technology will save lives. Stephen Hansen of the Association of the Advancement of Science, Roberto Quezada of Amnesty International and others feel that availability of encryption technology is a matter of life-and-death in the struggle for human rights. |
|
We turn our spotlight on Robert Litt, Deputy Assistant Attorney General of the US, and the Clinton Administration's "point man" for securing Government access to private communications. Litt's name is frequently mentioned in press coverage as one of the Government's champions for key escrow legislation. Litt has an established history of disregard for personal privacy demonstrated by championing unrestricted law enforcement access to patient medical records. Recent events however suggest the cause may be taking its toll on Mr. Litt. At the EPIC Cryptography Conference on June 8 he admitted publicly that he has never read the Government's own report on cryptography, but assured the audience that the spread of strong cryptography means that lives will be lost. |
|
In an article in
Wired News, James Glave reports an interview he held with three teenagers who claim to
have broken into computer systems at India's Bhabha Atomic Research Centre. The trio
claimed to have taken "total control" of six servers, hacked their website,
downloaded files and erased all data from two of the servers in an attack that lasted a
total of 13 minutes and 52 seconds. Copies of email messages which appear to contain
detailed technical discussions of nuclear testing were submitted to Wired News by the
group as proof of their escapades. The motivation for the attack was India's nuclear
testing; their next target may be Pakistan's nuclear weapons program. In a follow-up article: one Indian official acknowledges the attack, another claims "They have not got anything" (sic). Meanwhile, back in the USA the Central Intelligence Agency reviews the hacked data. |
|
Testimony from two diverse groups highlights computer security issues. In testimony before the Senate Committee on Governmental Affairs representatives of L0pht Heavy Industries stated that they could render the entire Internet unusable in 30 minutes or less. The Government Accounting Office also testified that they have found "serious" security weaknesses that jeopardize operations of the Department of State and Federal Aviation Administration (see GAO Report on Information Security). Press Coverage: NY Times, CNN, ZDNet, Fox News. Internet Week |
|
Bruce Schneier, author of Applied Cryptography, labels Microsoft's implementation of the Point-to-Point Tunneling Protocol (PPTP) as "kindergarten cryptography". Counterpane Systems has published a press release summarizing the findings, and Chris Oakes has written an article appearing in Wired News. |
|
Failure to encrypt data on their smart cards will cost Deutsche Telekom an estimated $34 Million. According to an article in Wired News, a weak security scheme has allowed hackers to "recharge" depleted debit telephone cards to make them indistinguishable from new cards. |
|
Is the US Government guilty of two-faced policies? In his commencement speech at NYU Al Gore called for an "electronic bill of rights", and re-iterated Americans' right to privacy in today's networked economy. At the same time the Clinton Administration continues to support efforts by law enforcement and other groups in the Government who want a "back door" into encrypted communications. |
|
In an article in CMPnet Jeffrey Harrow reports that poor security costs U.S. companies $3 - $5 Billion each year, and summarizes three recent security incidents to illustrate the magnitude of the problem. |
|
A group calling themselves the Masters of Downloading
(MOD) have furnished evidence that they have hacked systems run by the US Department of
Defense (DoD) and NASA. Evidence furnished by MOD includes copies of software used by the
DoD for critical functions such as submarine communication, the Global Positioning System
and management of military computer networks. Breaches at NASA included disabling
intrusion detection systems at the Jet Propulsion Laboratory. Reactions from DoD and NASA
officials included "no comment" and "so what?". From articles in Wired
News(1, 2) and AntiOnline. Follow-up: AntiOnline operator John Vranesevich has been threatened by the Department of Defense for reporting on the MOD exploits. Read the letter from DoD, and the Wired News article. |
|
Does computer crime pay? An article in CMPnet reports that many Fortune 1000 companies have incurred significant losses due to computer break-ins, and suggests that external threats may account for more losses than previously estimated. |
|
The Computer Security Institute released their 1998 Computer Crime and Security Survey compiled with the FBI's participation. Of the 520 respondents 64% reported security breaches during the previous year with monetary losses estimated in excess of $136 Million. A related article in Federal Computer Week suggests that the problem may be more severe than suggested in CSI's survey due to ignorance. More in this article from ComputerWorld. |
|
Commerce Secretary William Daley chides the Clinton Administration for failure to implement their own policies concerning export of cryptographic software. An article by Wired News. |
|
In his remarks introducing the report "The Emerging Digital Economy" Secretary of Commerce William Daley says that implementation of US policies regulating cryptographic technology has been a failure. ACP Executive Director Ed Gillespie calls Daley's remarks a "much needed reality check". |
|
They always get their man... eventually. Wired News reports the Royal Canadian Mounted Police arrested an unemployed former computer science student believed to have broken into NASA'a computer systems in early 1997. |
|
Eli Biham & Lars Knudsen announced that they have found a flaw in ANSI's proposed X9.52 standard for triple-DES. The flaw involves the CBCM mode (one of five modes available in X9.52), potentially rendering it no more effective than 56-bit DES. An article in the New York Times reports that Biham & Knudsen have stressed that their findings reveal only a theoretical weakness, not a practical means of breaking triple-DES. |
|
A representative of the US Justice Department and the Clinton administration gave testimony to the Senate Judiciary Committee on 17 March about what they really want out of the current "Key Recovery" debate. Can you figure it out? An article by Wired News is available, and the ACP has made a multimedia record of the hearing. |
|
A Massachusetts teenager will face federal charges for hacking an airport control tower system. His actions disrupted operations at the Worcester, MA airport, and knocked out phone service for 600 residences in the vicinity of the airport. From Wired News. |
|
Americans for Computer Privacy (ACP) held their inaugral press conference on Wednesday, 4 March, 1998 in Washington, DC. In addition to their press release, they have published an excellent multimedia news release on encryption and privacy (requires RealPlayer). Press coverage of the ACP press conference is available from C|NET, and Wired News. |
|
Hear an interview with John Gilmore, one of the founders of the Electronic Frontier Foundation and the Cypherpunk group. He talks about the significance of the Bernstein case in the fight to liberalize cryptographic software, and why John Q. Citizen should be interested. |
|
What's a person to do? A new wave of attacks against Windows NT hosts has been reported in Wired News. The CERT has posted a description of this attack (a variant on the teardrop and boink attacks), and points to a Microsoft-provided fix. However, Microsoft says that the patch has "not been fully regression tested" and recommends users not apply the patch now unless "severely impacted". |
|
The story of "The Pentagon
Hackers" continues to attract attention. On Feb 25 '98 the Secretary of Defense
announced the attacks (01); later the same day the homes of two teenagers
charged with the break-ins were raided by the FBI (02). Since then a number of
articles have been posted reporting possible "hidden agendas
(03)", the teens' mysterious mentor (04, 05, 13), threats of
retaliation (06, 07, 08, 09,
10), and details
on how the attacks were accomplished (11, 12).
AntiOnline, itself the
subject of some recent controversy, has set up a web page devoted to coverage of the story.
UPDATE... 4/8/98: Ehud
Tenebaum (a.k.a. Analyzer), the mysterious mentor, is now featured in
computer ads. On 9 Feb '99 the Israeli government handed down indictments against
Ehud Tenebaum ("damn
good... and dangerous"), and four of his associates. PC World Online (11)
| SJ Mercury News (6)
| San
Francisco Chronicle (9) | CNN (19, 20) |
|
Pro-encryption political forces have mobilized their efforts under a coalition called the Americans for Computer Privacy (formerly known as The Alliance for a Secure Tomorrow). Reports indicate that this will be a well-financed and organized effort employing some political insiders as well as a top-rated public relations firm. |
|
The case of Vladimir Levin (1, 2) was closed on 25 Feb 1998 in Federal court in New York when he was sentenced to serve three years in prison, and pay restitution of $240,000. Levin, a Russian citizen, has been awaiting trial since his arrest at London's Heathrow airport in March, 1995 on charges of stealing $12 million from Citibank by hacking into their computer systems. Some of the events in this case were chronicled in this series of articles St. Petersburg Press: 1, 2, 3, 4, 5, 6, 7, 8. A few other tidbits: A, B. |
|
The outlook for greater Government restrictions on cryptography was discussed by a panel at the Computers, Freedom and Privacy conference... the panel's consensus was not particularly bright for advocates of reduced controls. By Chris Jones in Wired News. |
|
In an article in TechWeb
News, Andrew Craig reported on two new denial-of-service attacks: Teardrop & Land.
However, perhaps the most interesting item in the article is the following: "In 1995, DISA (Defense Information Systems Agency) used attack tools gathered from Web sites and bulletin boards to conduct a penetration study on 18,000 U.S. government systems connected to the Internet. Eighty-eight percent of the attacks were successful, and of those successful attacks, 95 percent went undetected. Only three successful attempts in every 1,000 elicited responses from systems administrators." |
|
In a paper published days before his death, James Ellis, a retired cryptographer with the British Secret Service claims they invented public-key cryptography 10 years prior to Whitfield Diffie and Martin Hellman. The controversial claim is supported by Dorothy Denning, a well-known US cryptographer at George Washington University. An article by Douglas Hayward in TechWeb News. |
|
The Organization for Economic Cooperation and Development (OECD) met in Paris on Dec 8 & 9 to discuss laws surrounding the use and export of encryption technology. A report by Alan Tillier in TechWeb News. |
|
Export approval for strong encryption without key recovery/key escrow features for financial service providers is being discussed by representatives from several Departments of the US Government including the FBI and the Arms Control and Disarmament Agency. From an article in Internet Week by Rutrell Yasin. |
|
Whitfield Diffie shared his views on the current debate over Government controls on encryption technology with Margie Semilof in this article from Computer Reseller News. |
|
Lance Cottrell, author of the Mixmaster anonymous remailer, outlines his views on the issues of privacy and anonymity following a conference sponsored by the American Association for the Advancement of Science - from an article by Theta Pavis in Wired News. |
|
Hackers claim another victim... the encryption code used to protect Digital Video Discs (DVD) from unauthorized copying has fallen to hackers according to an article in the Nov 24 issue of EE Times. |
|
A Digital Signature Standard is required to further electronic banking and commerce according to Sen. Bob Bennett (R-Utah), chairman of the Senate Banking Subcommittee on Financial Services and Technology. An article by David Braun from the Oct 28 TechWeb News. |
|
RSA's publicity mill grinds on... a simple message encrypted with their 56 bit RC5 encryption algorithm was recovered by a team using a "brute force" trial-and-error search of the keyspace. From the Oct 27 Internet Week, by Rutrell Yasin. Also see the related article on DES, and our response. |
|
The guys at the Chaos Computer Club are at it again. Annaliza Savage reports in Wired News that they conducted a demonstration for the German press showing how to hack ATM cards. |
|
More on the perilous journey and tenuous future of the SAFE bill. An article by David Braun for TechWeb News. |
|
Good news, bad news?... The House Energy and Commerce Committee defeated the Oxley-Manton amendment to the SAFE bill favored by some in Government to create sweeping new controls over the domestic use of cryptographic technology. But, the White-Eshoo-Markey amendment was approved which may leave the door open for further tinkering with the SAFE bill. An article by John Rendleman in the Sep. 29 issue of Internet Week. |
|
Is the National Security Agency "running scared"? An interesting hypothesis from Loring Wirbel in the Sep. 29 issue of EE Times. |
|
Is this funny or just pathetic? You decide which by reading a very brief, but insightful piece showing the depth of understanding our lawmakers have over the technologies they would regulate. From Wired News. |
|
Why would Microsoft meet with Hobbit, Mudge & Yobie in Las Vegas? Larry Lange answers this question in an interesting article in the 22 Sep. issue of EE Times: "The Rise of the Underground Engineer". |
|
Winn Schwartau, author of the book "Information Warfare: Chaos on the Electronic Superhighway" was interviewed by Larry Lange in the 22 Sep. EE Times. |
|
Where does the FBI stand on encryption? They believe we should turn our keys over to the Government! Read FBI Director Louis Freeh's testimony given to Congress on 9 September, 1997. This is particularly interesting in light of the FBI recommendation to use encryption to protect your data from hackers. |
|
The news gets worse... US Congressmen Weldon and Dellums sponsor an amendment to kill the popular Security and Freedom through Encryption Act - an article by Rebecca Sykes for InfoWorld. |
|
David Braun reports in TechWeb that US policies on cryptography are seen as violations of agreements made with two dozen other countries in the Organization for Economic Cooperation and Development earlier during this year. |
|
An excellent article on the personal privacy issue in corporate America by Dana Hawkins in the 9/15/97 issue of US News and World Report. |
|
Al Berg has been busy... two articles in the August 14 LAN Times: one describes Simple Nomad's hacks for Novell passwords, the other describes hacking websites. |
|
Applications and issues associated with digital certificates are covered by Lynda Radosevich in the July 28 issue of InfoWorld. |
|
In the June 30 issue of InfoWorld Lynda Radosevich reports on the outcome of the DES Challenge sponsored by RSA. ... and our response. |
|
An article titled simply "CRACKER" from the June 2 U.S. News and World Report is an adaptation of a new book titled "At Large" by David Freedman and Charles Mann... fascinating! |
|
"Who's Reading Your E-Mail?", the widely read article which appeared in the Feb. 3 issue of Fortune Magazine. |
|
The Jan. 2 Federal Register announced that the NIST will begin "shopping" for a new data encryption standard. |
|
In the Dec. 6 New York Times John Markoff reports that many in industry feel the Administration has reneged on their promise to ease export controls. |
|
An interesting piece from Tim Clark in the 22 November issue of CNET News linking cryptography and taxation of electronic commerce. |
|
On 15 November VP Gore announced movement toward implementation of the Government's "new deal" for export controls on cryptographic software |
|
John McChesney's interview with Whitfield Diffie (of Diffie-Hellman fame) - hear Whit's views on the role of cryptography in our society. Note: You'll need the RealAudio plug-in for this link. |
|
Scott Raynovich discusses issues in deploying comprehensive, integrated security solutions in the 10/14/96 "LAN Times" |
|
VP Al Gore's 10/1/96 statement defining the Government's "new deal" for export controls on cryptographic software |
 |
 crypto | privacy | encryption | hackers | cryptography
|
 |
 archive of articles-noframe |
Copyright ©, 1995-2001 Bokler Software Corp. All rights reserved. DEScipher, TDEScipher and HASHcipher are trademarks of Bokler Software Corp. The "animated_cipher.gif" is copyrighted by Bokler Software Corp. Microsoft, Windows, Visual Basic, Visual C++ and ActiveX are trademarks of Microsoft Corp.
