'Dark Mail Alliance' looks to create user-friendly e-mail encryption

Encrypted e-mail "easy enough for your grandma to use"?

That's the goal of the Dark Mail Alliance, a new project from the founders of two e-mail services that recently shut down amid government efforts to nab encryption keys, as well as the larger revelations regarding the NSA's surveillance efforts.

Lavabit's Ladar Levison, who pulled the plug on his service after being pushed to hand the FBI his SSL keys, and Mike Janke of Silent Circle, which saw the Lavabit closure as "writing on the wall" and similarly shuttered its Silent Mail offering, are … Read more

CNET hosting Lavabit's Ladar Levison tonight: Join us!

You're invited to join CNET at our headquarters in downtown San Francisco tonight to meet Ladar Levison, who created the Lavabit e-mail service that's now at the center of a high-profile lawsuit over government surveillance and Americans' privacy rights. Please RSVP if you're able to come.

Levison, who pulled the plug on Lavabit to avoid becoming "complicit in crimes against the American people," has graciously agreed to join us to talk about his lawsuit pitting him against the US government. Lavabit's e-mail services were used by Edward Snowden, the source of leaks that have … Read more

Free online encrypted notepad keeps it simple

The biggest knock on the encryption offered by many cloud storage services is that the company itself can decrypt the data. The free ProtectedText encrypted online notepad claims it can't decrypt the text you save on its servers.

In addition, ProtectedText requires no registration, and the company promises not to track you. Nor does it display any ads, which do their own tracking. Lack of a business model aside, the new service appears to have a lot going for it.

You devise the text file's URL: protectedtext.com/[anyURLnotalreadytaken]. This gives you a second level of protection atop … Read more

Apple Contacts vulnerability fixed in OS X Mavericks

One of the new features Apple has included in OS X Mavericks may help put to ease worries some might have about snooping from government agencies such as has been the case surrounding the National Security Agency recently.

According to Johnathan Mayer, a Stanford University computer science doctoral student and security researcher, in prior versions of OS X, online account information set up in the Accounts system preferences were synchronized unencrypted, meaning they could be intercepted en-route between your system and services like Google and Yahoo.

In Mavericks, Apple has set address book updates for these accounts to be only … Read more

Yahoo Mail finally turns on SSL

Years after Microsoft, Google, and many others made Secure Sockets Layer (SSL) security the standard for their Web mail systems, Yahoo says that it too will modernize Yahoo Mail's security.

SSL is a cryptographic protocol that encrypts Web mail as it travels between Yahoo's servers and your computer's browser. Yahoo says that it will activate the protection for all Yahoo Mail users on January 8, 2014, a full year after it first offered SSL protection as an option that users had to activate on their own, reports the Washington Post.

Yahoo has lagged behind every other major … Read more

How Google could have made the Web secure and failed -- again

You probably didn't notice, but this week, your searching activity on Google got a little safer from prying eyes. When you go to Google, it likely will transfer you automatically to its "encrypted" service, one designed to prevent potential "eavesdropping" on your searches. What's not to like with that? Chiefly, a loophole Google has left in for its advertisers and a lost opportunity to get all sites to go secure.

Blocking "eavesdropping" of search activity Encrypted search -- officially, Google SSL Search -- protects you from "eavesdroppers" in the same … Read more

Windows Phone 8 gets security thumbs-up from US government

Windows Phone 8 has received a key government accreditation called FIPS 140-2, Microsoft said on Wednesday.

Robert Hoover, a Windows Phone project manager, wrote on the official Windows Phone blog that Win Phone 8 has reached an "important new security milestone," which could make the platform a prospect for governments and organizations that require high security and encryption on their networks and communications platforms.

The U.S. government has granted Win Phone 8 the FIPS 140-2 (PDF) security accreditation. FIPS 140-2 is used to scrutinize and assign a level of security to devices, including tablets and smartphones, that … Read more

Secure SMS app Wickr finally hits Android

Wickr isn't the only encrypted text messaging app around, but it does provide a hard-to-replicate level of protection for your texts. Previously for iOS only, it launched Monday in beta on Android.

The app's argument is simple: its San Francisco-based makers claim that Wickr, now cross-platform between Android and iOS, provides the most secure text messaging apparatus currently available. It uses AES-256, RSA-4096, ECDH-521, Transport Layer Security, and SHA-256 to encode data while it's being stored on a server and while being transferred between devices.

Nico Sell, a Wickr co-founder, doesn't hesitate to talk about her … Read more

Johns Hopkins apologizes for yanking prof's NSA blog

Johns Hopkins University is now aiming to prove it made a mistake in trying to censor a professor's blog post about the National Security Agency. After a back-and-forth on Monday, the dean of the university's Whiting School of Engineering wrote an apologetic letter to the professor.

"I write to apologize for any difficulty I caused you yesterday over the post on your blog. I realize now that I acted too quickly, on the basis of inadequate and -- as it turns out -- incorrect information," Dean Andrew Douglas wrote. "I requested that you take down … Read more

Prevent OS X FileVault keys from being stored in standby mode

If you have FileVault encryption enabled on your Mac and your system goes into standby mode, it will save the FileVault encryption keys in the memory so the system can be quickly woken and resume work without needing to unlock the volume again. This feature is convenient, but some people may wish to prevent it from happening in order to ensure maximum security for their systems.

To prevent the system from storing the keys, you need to change a small setting in the system management controller (SMC), which can be done by running the following command in the OS X … Read more