Feds put heat on Web firms for master encryption keys

The U.S. government has attempted to obtain the master encryption keys that Internet companies use to shield millions of users' private Web communications from eavesdropping.

These demands for master encryption keys, which have not been disclosed previously, represent a technological escalation in the clandestine methods that the FBI and the National Security Agency employ when conducting electronic surveillance against Internet users.

If the government obtains a company's master encryption key, agents could decrypt the contents of communications intercepted through a wiretap or by invoking the potent surveillance authorities of the Foreign Intelligence Surveillance Act. Web encryption -- which … Read more

Options for securing password files in OS X

Password managers like Apple's Keychain or the third-party 1Password utility are exceptionally useful options for managing the numerous credentials we establish and use on a day to day basis with our computers. With these tools set up, you can easily check an option to save your username and password in an encrypted form, to be retrieved whenever you access the respective service.

Despite these tools, some people may still wish to keep a list of usernames and passwords they use in an accessible list, such as a text document or other more simplistic form, even if it's just … Read more

SIM card flaw said to allow hijacking of millions of phones

A vulnerability on SIM cards used in some mobile phones could allow malware infection and surveillance, a security researcher warns.

Karsten Nohl, founder of Security Research Labs in Berlin, told The New York Times that he has identified a flaw in SIM encryption technology that could allow an attacker to obtain a SIM card's digital key, the 56-digit sequence that allows modification of the card. The flaw, which may affect as many as 750 million mobile phones, could allow eavesdropping on phone conversations, fraudulent purchases, or impersonation of the handset's owner, Nohl warned.

"We can remotely install … Read more

Google tests encryption to protect users' Drive files against government demands

Google has begun experimenting with encrypting Google Drive files, a privacy-protective move that could curb attempts by the U.S. and other governments to gain access to users' stored files.

Two sources told CNET that the Mountain View, Calif.-based company is actively testing encryption to armor files on its cloud-based file storage and synchronization service. One source who is familiar with the project said a small percentage of Google Drive files is currently encrypted.

The move could differentiate Google from other Silicon Valley companies that have been the subject of ongoing scrutiny after classified National Security Agency slides revealedRead more

How the U.S. forces Net firms to cooperate on surveillance

By wielding a potent legal threat, the U.S. government is often able to force Internet companies to aid its surveillance demands. The threat? Comply or we'll implant our own eavesdropping devices on your network.

Under federal law, the National Security Agency can serve real-time "electronic surveillance" orders on Internet companies for investigations related to terrorism or national security.

These orders, authorized by the Foreign Intelligence Surveillance Act, are used to feed data into the NSA's PRISM software program that was revealed last month by former intelligence analyst Edward Snowden. PRISM documents indicate that the NSA … Read more

How to password-protect a PDF before e-mailing in OS X

The print-to-PDF feature in OS X is convenient for quickly preserving a document's layout in the PDF format, so it can be viewed on most computers and tablets. If you would like to send someone a formatted document that contains sensitive information, you may want to add the step of protecting it with a password.

To do this, you can use a container format such as a ZIP file or an encrypted disk image (using the Disk Utility program in OS X); however, these may be a bit cumbersome to manage, both for the sender and recipient.

An alternative … Read more

NSA docs boast: Now we can wiretap Skype video calls

Skype now has a backdoor that permits government surveillance of users' video and audio calls, according to a new report in the Guardian.

The report, based on leaked slides from the National Security Agency, appears to confirm growing suspicions about the popular video chat service -- and indicates calls may be monitored as easily as an old-fashioned phone call.

One document quoted by the newspaper says intelligence analysts began to be able to monitor Skype video calls in July 2012: "The audio portions of these sessions have been processed correctly all along, but without the accompanying video. Now, analysts … Read more

Review: Protect your pictures with Image Encrypt Batch Tools' strong encryption

With both 64-bit and 256-bit encryption options and passwords that accept almost any character, Image Encrypt Batch Tools has the power to secure your images so they can't be viewed without your password. Even if snoops get their hands on your pics, they can't open them. As SwMost's documentation points out, no encryption key is completely unbreakable. But Image Encrypt Batch Tools' 256-bit encryption option will take some effort to break.

Image Encrypt Batch Tools opens with a small interface, half of which is taken up with an attractive coastal scene. We had two choices to make … Read more

Pirate Bay founder creating surveillance-free messaging app

In the wake of people learning about the National Security Agency's massive surveillance program, it's become clear that phone records and text messages are not entirely private.

The Pirate Bay co-founder Peter Sunde and a couple of app developers have decided to do something about it. They are working on creating a messaging app that is spy-proof, according to GigaOM.

"All communication on today's networks is being monitored by government agencies and private companies. The politicians are not going to stop it, they're actually asking for more," Sunde said in a video about the … Read more

Two free ways to encrypt Google Drive files

This month marks the sixth anniversary of my Google Drive account. I've been aware since the beginning that the thousands of files I have uploaded to the service are stored unencrypted on Google's servers.

That hasn't prevented me from uploading plenty of sensitive information to Google Drive, including dozens of invoices that list my address and the amount of money I was billing for, although the invoices do not include any bank-account or Social Security numbers.

I could have easily encrypted the files using any number of free services. In last May's "Free services make Gmail, Google Drive, and Google search more private,&… Read more