security | Infinite Diaries - Part 5Infinite Diaries

How the FBI Fumbled the Ball →

February 20, 2016 · 23:52

John Paczkowski:

The Apple ID password linked to the iPhone belonging to one of the San Bernardino terrorists was changed less than 24 hours after the government took possession of the device, senior Apple executives said Friday. If that hadn’t happened, Apple said, a backup of the information the government was seeking may have been accessible.

The FBI has claimed that the password was changed by someone at the San Bernardino Health Department. Friday night, however, things took a further turn when the San Bernardino County’s official Twitter account stated, “The County was working cooperatively with the FBI when it reset the iCloud password at the FBI’s request.”

This is either ridiculous or planned. I’m thinking they should know what they’re doing, so the latter seems a better fit. Especially since the iPhone in question has probably little to no relevant information.

The FBI Is Going All in →

February 20, 2016 · 03:26

Katie Benner and Nicole Perlroth:

Apple had asked the F.B.I. to issue its application for the tool under seal. But the government made it public, prompting Mr. Cook to go into bunker mode to draft a response, according to people privy to the discussions, who spoke on condition of anonymity. The result was the letter that Mr. Cook signed on Tuesday, where he argued that it set a “dangerous precedent” for a company to be forced to build tools for the government that weaken security.

Like I said a few days ago, the FBI most probably doesn’t care about Farook’s phone. They’re all in for getting access to all iPhones.

Nobody Apart From the FBI Has Ever Asked This of Apple →

February 20, 2016 · 03:03

Matthew Panzarino:

The Apple executive also noted that no other government in the world — including China — has ever asked it to perform the kind of iPhone cracking that the FBI is asking it to do. But, if it were to comply, those requests would surely not be far behind.

This is going to get a whole lot worse before it gets better. I am starting to wonder if the US will not actually make ‘unbreakable’ encryption illegal, to solve all their headaches.

Compromising Apple →

February 20, 2016 · 02:56

Jonathan Zdziarski:

Not only is Apple being ordered to compromise their own devices; they’re being ordered to give that golden key to the government, in a very roundabout sneaky way. What FBI has requested will inevitably force Apple’s methods out into the open, where they can be ingested by government agencies looking to do the same thing. They will also be exposed to private forensics companies, who are notorious for reverse engineering and stealing other people’s intellectual property. Should Apple comply in providing a tool, it will inevitably end up abused and in the wrong hands.

‘Go Away’ →

February 18, 2016 · 02:20

Matthew Panzarino:

If I had to bet, Apple is probably working double time to lock it down even tighter. Its reply to the next order of this type is likely to be two words long. You pick the two.

Despite my being delicate in the title, I assume that Panzer had two entirely different words in mind.

Speculation on Whether the Secure Enclave Is Secure →

February 18, 2016 · 02:17

Dan Guido :

I initially speculated that the private data stored within the SE was erased on update but I now believe this is not true. After all, Apple has updated the SE with increased delays between passcode attempts and no phones were wiped. In all honestly, only Apple knows the exact details.

A lot of ideas have been thrown out there over the past few hours. I wonder what the next few will bring — this is all extremely interesting.

John Gruber: Pichai’s Stance Is ‘Lukewarm’ →

February 18, 2016 · 02:04

John Gruber:

Could Pichai’s response be any more lukewarm? He’s not really taking a stand, and the things he’s posing as questions aren’t actually in question. I’m glad he chimed in at all, and that he seems to be leaning toward Apple’s side, but this could be a lot stronger.

Glad I’m not the only one in thinking that his response was weak.

The Verge: ‘Google’s CEO just sided with Apple
in the encryption debate’ — Not Exactly →

February 18, 2016 · 01:28

I didn’t read his tweets that way — Sundar Pichai just said that this ‘could be a troubling precedent’ and that he’s ‘looking forward to a thoughtful and open discussion on this important issue’.

Nothing concrete.

FBI and/or Government Vehicles Reported at Apple HQ →

February 17, 2016 · 23:29

Berkeleynerd on Hacker News:

A friend of mine at Apple reported multiple Black Vehicles (Lincoln Town Cars and Escalades) with at least one having MD License Plates at the Apple Executive Briefing Center this morning between 11AM and Noon. Occupants had ear pieces and sun glasses and were accompanied by a CHP (California Highway Patrol) cruiser and three motorcycle escorts.

EFF to Support Apple in Encryption Battle →

February 17, 2016 · 22:51

Kurt Opsahl:

EFF applauds Apple for standing up for real security and the rights of its customers. We have been fighting to protect encryption, and stop backdoors, for over 20 years. That’s why EFF plans to file an amicus brief in support of Apple’s position.

Tim Cook’s Letter to Apple’s Customers on the Subject of the FBI →

February 17, 2016 · 22:25

Tim Cook:

The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand.

This moment calls for public discussion, and we want our customers and people around the country to understand what is at stake.

The FBI has been working on Apple to give them access to iPhones for a long time now, and now it appears that they’re using the tragic death of the victims of the San Bernardino attack as a way to force Apple’s hand. Public opinion is a strong weapon, especially if they can get the people behind them.

I’m happy to see Tim and Apple fighting this.

Keybase — An End-to-End Encrypted File Sharing Service →

February 5, 2016 · 15:07

Keybase is an open directory — no API key needed — so you can request maria’s key, get her proofs, and verify her identity in any software. The goal of Keybase is to let any security software be powered by usernames instead of offline key exchanges.

This looks very promising, although the fact that they have no monetisation strategy in place is a little worrying.

P.S. Jon Russel wrote more about Keybase here, on TechCrunch.

French Government Rejects Crypto Backdoors →

January 16, 2016 · 20:52

Glyn Moody:

Speaking on behalf of the French government, the deputy minister for digital affairs Axelle Lemaire has rejected an amendment to the new “Law for the Digital Republic,” which called for computer companies to provide backdoors to encrypted systems.

A sensible decision, which is surprising considering the bullshit politicians have been saying lately.

Ulysses’ Backups Are Automatic on Both Mac and iOS →

January 14, 2016 · 14:14

Frank Steffens:

With Ulysses, you can write all kinds of texts, even novels. For you as a writer, your works certainly are very valuable, to the point that loosing them is not an option. For this reason, Ulysses will automatically back up your entire library. You can be sure that your works are safe.

This is my current go-to text editor and I did not know about this. I really hope they add Dropbox integration to the iOS version of Ulysses though — that’s the only thing that’s currently missing and it totally screws with my workflow.

Apple’s Tim Cook Lashes Out at White House Officials for Defending Encryption →

January 13, 2016 · 10:18

Jenna McLaughlin:

Apple CEO Tim Cook lashed out at the high-level delegation of Obama administration officials who came calling on tech leaders in San Jose last week, criticizing the White House for a lack of leadership and asking the administration to issue a strong public statement defending the use of unbreakable encryption.

The White House should come out and say “no backdoors,” Cook said. That would mean overruling repeated requests from FBI director James Comey and other administration officials that tech companies build some sort of special access for law enforcement into otherwise unbreakable encryption. Technologists agree that any such measure could be exploited by others.

But Attorney General Loretta Lynch responded to Cook by speaking of the “balance” necessary between privacy and national security – a balance that continues to be debated within the administration.

And they’re still probably using the recent and tragic Paris attacks as an excuse, despite the fact that the terrorists were using regular unencrypted SMS.

Microsoft Uploads Windows 10 Encryption Keys to Their Servers →

December 30, 2015 · 07:23

Micah Lee:

ONE OF THE EXCELLENT FEATURES of new Windows devices is that disk encryption is built-in and turned on by default, protecting your data in case your device is lost or stolen. But what is less well-known is that, if you are like most users and login to Windows 10 using your Microsoft account, your computer automatically uploaded a copy of your recovery key — which can be used to unlock your encrypted disk — to Microsoft’s servers, probably without your knowledge and without an option to opt out.

It’s as if they want you to go and get a Mac.