Google has announced an open source tool for testing network traffic security called Nogotofail. The project is now available on GitHub, and Google is inviting the community to work with it and help improve the security of networks and the Internet.
Many people are familiar with the “HTTPS everywhere” tool, and a related Firefox add-on, which protect online security. Nogotofail is a roughly similar tool, but is more robust. Here are the details.
Similarly, moves by both Microsoft and Amazon, among others, to set up local data centres in the EU will not on their own protect European data unless that is encrypted by the companies themselves, and the cloud computing providers do *not* have access to the keys. Indeed, if the data is encrypted in this way, local storage is not so important, since the NSA will have an equally hard time decrypting it wherever it is held - as far as we know, that is.
Because of that recent US court judgment ordering Microsoft to hand over emails held in Ireland, many people are now aware of the dangers of cloud computing in the absence of encryption under the control of the customer. But very few seem to have woken up to the problems of backdoors in proprietary software that I mentioned at the start of this post. One important exception is the German government, which according to Sky News is working on an extremely significant law in this area
GnuPG, also known as GPG, allows to encrypt and sign data and
communication, features a versatile key management system as well as
access modules for public key directories. GnuPG itself is a command
line tool with features for easy integration with other applications.
A wealth of frontend applications and libraries making use of GnuPG
are available. Since version 2 GnuPG provides support for S/MIME and
Secure Shell in addition to OpenPGP.
The internet of things (IoT) offers endless possibilities for smart devices and their applications. So it’s no wonder that the IoT is as equally tempting to hackers, as it is to developers, keen to showcase their latest developments.
A lack of security issues doesn’t mean you’re OK – you’re probably just not being targeted yet.
This paper is designed to help anyone who is developing an internet-enabled Linux device for personal or business use. It highlights the main areas to consider and provides a practical checklist for developing applications for Embedded Linux.
LastPass has published an open source command line application to provide terminal-loving devs with alternative access to their passwords and login data.
The outfit says the app improves user security, with a growing list of commands that lets users edit their LastPass data. It also supports functions such as regular automated password changes and the ability to generate and store passwords for servers.
LastPass community manager Amber Gott said it welcomed community pull requests.
It has advanced far beyond the primitive proof of concept demonstrated more than four years ago. Release 2 (beta), which arrived in late September, is a powerful desktop OS.
Qubes succeeds in seamless integrating security by isolation into the user experience. However, comparing Qubes to a typical Linux distro is akin to comparing the Linux OS to Unix.
If you are using a Sony Xperia device running either Android 4.4.2 or 4.4.4 it’s advised (by me) that you install a custom ROM on your device. Several reports have appeared online that the stock firmware on these devices contains Baidu spyware that is discreetly sending data back to servers in China, you do not need to have installed any software on your phone as it’s bundled into the firmware.