Tech News

An NSA presentation released by Edward Snowden contains mixed news for Tor users. The anonymizing service itself appears to have foxed US and UK government snoops, but instead they are using a zero-day flaw in the Firefox browser bundled with Tor to track users. "These documents give Tor a huge pat on the back," security guru Bruce Schneier told The Register. "If I was a Tor developer, I\'d be really smiling after reading this stuff." The PowerPoint slide deck, prepared in June last year and entitled "Tor stinks", details how the NSA and the UK\'s Government Communications Headquarters (GCHQ) have been stymied by trying to track Tor users, thanks to the strength of the open source system. "We will never be able to de-anonymize all Tor users all the time," the presentation states. "With manual analysis we can de-anonymize a very small fraction of Tor users, however, no success de-anonymizing a user." The presentation says that both the NSA and GCHQ run Tor nodes themselves (the Brits use Amazon Web Services for this under a project entitled Newton\'s Cradle), but these are only a very small number in comparison to the whole system. This makes tracking users using traditional signals-intelligence methods impossible. The agencies have also tried to use "quantum" cookies to track targets who are using Tor. Source: http://www.theregister.co.uk/2013/10/04/nsa_using_firefox_flaw_to_snoop_on_tor_users/

At the Linuxcon conference in New Orleans today, Linus Torvalds and the other top Linux developers, talked to the Linux faithful about Linux, Microsoft, and other issues. During a question-and-answer session at the LinuxCon, Linux Torvalds admitted to questions from the audience that the U.S. Government approached him to put a backdoor into his open-source operating system. Torvalds responded \"no\" while shaking his head \"yes,\" as the audience broke into spontaneous laughter. Then someone asked if Linus would be interested in becoming Microsoft\'s CEO, which was answered with a big smile and because he is fully satisfied with the development of Linux and his life.

If an Android device (phone or tablet) has ever logged on to a particular Wi-Fi network, then Google probably knows the Wi-Fi password. Considering how many Android devices there are, it is likely that Google can access most Wi-Fi passwords worldwide. Recently IDC reported that 187 million Android phones were shipped in the second quarter of this year. That multiplies out to 748 million phones in 2013, a figure that does not include Android tablets. Many (probably most) of these Android phones and tablets are phoning home to Google, backing up Wi-Fi passwords along with other assorted settings. And, although they have never said so directly, it is obvious that Google can read the passwords. As the folks over at Computerworld point out, this feature isn\'t widely known because it is bundled in with Android\'s settings backup feature, and until recently, it was never mentioned that WiFi passwords were parts of the backup feature. In Android 4.2, the feature under Settings > Backup and reset then lists WiFi passwords as part of the data that is stored, but earlier versions merely say \"Back up my data\" or \"Back up my settings.\" Sounds like a James Bond movie. Android devices have defaulted to coughing up Wi-Fi passwords since version 2.2. And, since the feature is presented as a good thing, most people wouldn\'t change it. I suspect that many Android users have never even seen the configuration option controlling this. After all, there are dozens and dozens of system settings to configure. And, anyone who does run across the setting can not hope to understand the privacy implication. I certainly did not....

Given the privacy concerns swirling around much of our digital activity these days, the idea of handing over one\'s fingerprints to Apple via its new iPhone 5S has some people nervous. The phone, which goes on sale September 20, will feature a fingerprint sensor in its Home button for added security. Users must \"register\" their print with the device, after which they can unlock the phone by placing a finger or thumb on the button. The idea is that fingerprints, being unique to each person, augment users\' passcodes to offer an additional safeguard against hackers or thieves. But can we trust Apple or its partners with our fingerprints? And couldn\'t hackers, those resourceful and relentless probers of digital firewalls, find new ways to trick the phone\'s sensor? The answers, experts say, appear to be: 1) Probably, at least for now, and 2) Yes, although that\'s unlikely. \"There should always be some concern with new technologies or functionality that has such a large base of users,\" says Joe Schumacher, a consultant for security firm Neohapsis, in an e-mail to CNN. \"The fingerprint reader is more of a sales tactic than a strong security enhancement. \"What still needs to be researched is how this digital fingerprint can be used once it is leaked, hacked or opened up to iCloud.\"

It was revealed last week that the NSA had done everything in its power to weaken or bypass encryption on the web and elsewhere. The agency put pressure on companies to build backdoor access into their supposedly secure tools and even pushed for deliberately insecure encryption standards which it could break. It did this by controlling the standardization process at the National Institute of Standards and Technology (NIST). NIST technically oversees the standards to be used by US agencies and administration, but many private companies and organizations adopt the standards thanks to their rigorous creation process. NIST works closely with the NSA, which has plenty of cryptography experts, and is legally required to consult with the agency on cryptography standards.

National Security Agency has the capability to access a broad range of data on most Smartphones out there, including iPhine, Blackberry, and Android devices. according to the documents provided by former US intelligence contractor Edward Snowden to the German news agency Der Spiegel report. A 2009 NSA document states that it can \"see and read SMS traffic\". This data includes Contact, call lists, SMS traffic, notes and location data about where a user has been, the NSA has set up teams to specialize in cracking each operating system. The leaked information also revealed that the NSA has organized a working group for each operating system.The documents also state the NSA has successfully access system BlackBerry email data, a system previously thought to be very secure.