Former National Security Agency contractor Edward Snowden warned New Zealanders in a media blitz on Monday that all of their private emails, phone calls and text messages are being spied on despite government denials.
"If you live in New Zealand, you are being watched," Snowden said in a commentary published by the Intercept, an online news site co-founded by Guardian columnist Glenn Greenwald, Snowden's main conduit for disclosing classified information he absconded with when he fled his NSA job last year.
While the Open Crypt Audit Project, headed by cryptographer Matthew Green and Kenneth White, Principal Scientist at Social & Scientific Systems, has been considering whether to take over the development of TrueCrypt and is working on the second phase of the audit process (a thorough analysis of the code responsable for the actual encryption process), one of TrueCrypt's developers has expressed his disapproval of a project that would fork the software.
I don’t think you can compare Red Hat to other Linux distributions because we are not a distribution company. We have a business model on Enterprise Linux. But I would compare the other distributions to Fedora because it’s a community-driven distribution. The commercially-driven distribution for Red Hat which is Enterprise Linux has paid staff behind it and unlike Microsoft we have a Security Response Team. So for example, even if we have the smallest security issue, we have a guaranteed resolution pattern which nobody else can give because everybody has volunteers, which is fine. I am not saying that the volunteers are not good people, they are often the best people in the industry but they have no hard commitments to fixing certain things within certain timeframes. They will fix it when they can. Most of those people are committed and will immediately get onto it. But as a company that uses open source you have no guarantee about the resolution time. So in terms of this, it is much better using Red Hat in that sense. It’s really what our business model is designed around; to give securities and certainties to the customers who want to use open source.
Less than a day after Apple detailed new efforts in user privacy for its products, Google now says it plans to encrypt user data on all Android devices. Speaking to The Washington Post, Google says data encryption will now be a part of the activation process instead of an optional feature. The end result is that whatever data is stored on that device, be it a phone or tablet, will be inaccessible unless the person has the correct password.
No matter how good the code review process is, or how high the standards for acceptance, applications will always have bugs, says Joanna Rutkowska, founder and CEO of Invisible Things Lab. So will drivers. And filesystems.
“Nobody, not even Google Security Team, can find and patch all those bugs in all the desktop apps we all use,” Rutkowska says in the Q&A interview, below.
Called "Pretty Easy Privacy" (PEP), the project's goal is to integrate the technology with existing communication tools on different desktop and mobile platforms. The development team launched a preview PEP implementation Monday for the Microsoft Outlook email client, but plans to build similar products to encrypt communications in Android, iOS, Firefox OS, Thunderbird, Apple Mail, Jabber, IRC (Internet Relay Chat), WhatsApp, Facebook Messenger, Snapchat and Twitter.
Michael Tremer, a developer for the ipfire.org team, has announced that IPFire 2.13 Core 82, a new stable build of the popular Linux-based firewall distribution, is available, bringing quite a few security fixes.
IPFire releases are not usually very big, but this latest update in the series is quite substantial. A number of features and changes have been made and the devs are working to bring even more options to the masses.
The disclosure by NSA contractor Edward Snowden has exposed the ‘out-of-control’ surveillance system of the US and the UK. The more stories we are getting from Guardian and NYTimes, the more people are losing trust in the proprietary solutions offered by the companies which operate from the US and seemingly work closely with the spy agencies.
This is a category of people who don’t yet understand the dangers of breach of privacy, but the more we are moving our lives into the digital world, the more important it is becoming to take control of our communication and privacy from the prying hands of those for whom we are the product.
Then there are those need this privacy, due to the profession they are in or for purely sensible reasons that our privacy should be respected.