Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: privacy

A much broader array of stakeholders must engage with the problems that DNA databases present. In particular, governments, policymakers and legislators should tighten regulation and reduce the likelihood of corporations aiding potential human-rights abuses by selling DNA-profiling technology to bad actors — knowingly or negligently. Researchers working on biometric identification technologies should consider more deeply how their inventions could be used. And editors, reviewers and publishers must do more to ensure that published research on biometric identification has been done in an ethical way.

Corporations selling DNA-profiling technology are aiding human-rights abuses. Governments, legislators, researchers, reviewers and publishers must act.

Read more | >

We face complexity, ambiguity, and uncertainty about the future consequences of cryptocurrency use. There are doubts about the positive and negative impacts of the use of cryptocurrencies in the financial systems. In order to address better and deeper the contradictions and the consequences of the use of cryptocurrencies and also informing the key stakeholders about known and unknown emerging issues in new payment systems, we apply two helpful futures studies tools known as the “Future Wheel”, to identify the key factors, and “System Dynamics Conceptual Mapping”, to understand the relationships among such factors. Two key scenarios will be addressed. In on them, systemic feedback loops might be identified such as a) terrorism, the Achilles’ heel of the cryptocurrencies, b) hackers, the barrier against development, and c) information technology security professionals, a gap in the future job market. Also, in the other scenario, systemic feedback loops might be identified such as a) acceleration of technological entrepreneurship enabled by new payment systems, b) decentralization of financial ecosystem with some friction against it, c) blockchain and shift of banking business model, d) easy international payments triggering structural reforms, and e) the decline of the US and the end of dollar dominance in the global economy. In addition to the feedback loops, we can also identify chained links of consequences that impact productivity and economic growth on the one hand, and shift of energy sources and consumption on the other hand.

Watch the full length presentation at Victor V. Motti YouTube Channel

The National Security Agency develops advanced hacking tools in-house for both offense and defense—which you could probably guess even if some notable examples hadn’t leaked in recent years. But on Tuesday at the RSA security conference in San Francisco, the agency demonstrated Ghidra, a refined internal tool that it has chosen to open source. And while NSA cybersecurity adviser Rob Joyce called the tool a “contribution to the nation’s cybersecurity community” in announcing it at RSA, it will no doubt be used far beyond the United States.

No one’s better at hacking than the NSA. And now one of its powerful tools is available to everyone for free.

Read more | >

Apple’s FaceID authentication system started moving smartphone users away from relying on fingerprints to secure their mobile devices, which are arguably less secure. But researchers think they’ve come up with an even better biometric tool for protecting a device that uses a part of the body that’s nearly impossible to spoof: a user’s ear canals.

A team of researchers led by Zhanpeng Jin, an associate professor in the Department of Computer Science and Engineering in the University of Buffalo’s School of Engineering and Applied Sciences, created a new authentication tool called EarEcho, which is somewhat self-explanatory. The team modified a set of off the shelf earbuds with a tiny microphone that points inside the wearer’s ear, not out towards the world around them. It’s not there to pick up ambient sounds to facilitate a noise-canceling or feature, or even the wearer’s voice for making calls; the tiny mic is instead tuned to listen to the echo of sounds as they’re played and then propagate through the ear canal.

Read more | >

SHA-256 is a one way hashing algorithm. Cracking it would have tectonic implications for consumers, business and all aspects of government including the military.

It’s not the purpose of this post to explain encryption, AES or SHA-256, but here is a brief description of SHA-256. Normally, I place reference links in-line or at the end of a post. But let’s get this out of the way up front:

One day after Treadwell Stanton DuPont claimed that a secret project cracked SHA-256 more than one year ago, they back-tracked. Rescinding the original claim, they announced that an equipment flaw caused them to incorrectly conclude that they had algorithmically cracked SHA-256.

All sectors can still sleep quietly tonight,” said CEO Mike Wallace. “Preliminary results in this cryptanalytic research led us to believe we were successful, but this flaw finally proved otherwise.

Yeah, sure! Why not sell me that bridge in Brooklyn while you backtrack?

The new claim makes no sense at all—a retraction of an earlier claim about a discovery by a crack team of research scientists (pun intended). The clues offered in the original claim, which was issued just one day earlier, cast suspicion on the retraction. Something fishy is going on here. Who pressured DuPont into making the retraction—and for what purpose? Something smells rotten in Denmark!

Let’s deconstruct this mess by reviewing the basic facts:

  • Wall Street, financial services firm claims they have solved a de facto contest in math & logic
  • They cracked the code a year ago, yet— incredibly—kept it secret until this week
  • A day later (with no outside review or challenge),* they admit the year-old crack was flawed

Waitacottenpickensec, Mr. DuPont!! The flaw (an ‘equipment issue’) was discovered a year after the equipment was configured and used—but just one day after you finally decided to disclose their past discovery? Poppycock!

I am not given to conspiracy theories (a faked moon landing, suppressing perpetual motion technology, autism & vaccinations, etc)—But I recognize government pressure when I see it! Someone with guns and persuasion convinced DuPont to rescind the claim and offer a silly experimental error.

Consider the fallout, if SHA-256 were to suddenly lose public confidence…

  • A broken SHA-256 would wreak havoc on an entrenched market. SHA-256 is a foundational element in the encryption used by consumers & business
  • But for government, disclosing a crack to a ubiquitous standard that they previously discovered (or designed) would destroy a covert surveillance mechanism—because the market would move quickly to replace the compromised methodology.

I understand why DuPont would boast of an impressive technical feat. Cracking AES, SSL or SHA-256 has become an international contest with bragging rights. But, I cannot imagine a reason to wait one year before disclosing the achievement. This, alone, does not create a conundrum. Perhaps DuPont was truly concerned that it would undermine trust in everyday communications, financial transactions and identity/access verification…

But retracting the claim immediately after disclosing it makes no sense at all. There is only one rational explanation. The original claim undermines the interests of some entity that has the power or influence to demand a retraction. It’s difficult to look at this any other way.

What about the everyday business of TS DuPont?

If the purpose of the original announcement was to generate press for DuPont’s financial services, then they have succeeded. An old axiom says that any press is good press. In this case, I don’t think so! Despite the potential for increased name recognition (Who knew that any DuPont was into brokerage & financial services?) I am not likely to think positively of TS DuPont for my investment needs.

* The cryptographic community could not challenge DuPont’s original claim, because it was not accompanied by any explanation of tools, experimental technique or mathematical methodology. Recognizing that SHA-256 is baked into the global infrastructure banking, of commerce and communications, their opaque announcement was designed to protect the economy. Thank you, Mr. DuPont, for being so noble!

Philip Raymond co-chairs CRYPSA, hosts the Bitcoin Event and is keynote speaker at Cryptocurrency Conferences. He is a top writer at Quora.

Biometric mobile wallets — payment technologies using our faces, fingerprints or retinas — already exist. Notable technology companies including Apple AAPL, +2.62% and Amazon AMZN, +0.26% await a day when a critical mass of consumers is sufficiently comfortable walking into a store and paying for goods without a card or device, according to Sinnreich, author of “The Essential Guide to Intellectual Property.”

Removing the last physical barrier — smartphones, watches, smart glasses and credit cards — between our bodies and corporate America is the final frontier in mobile payments. “The deeper the tie between the human body and the financial networks, the fewer intimate spaces will be left unconnected to those networks,” Sinnreich said.

Read more | >

The blockchain is public, yet a Bitcoin wallet can be created anonymously. So are Bitcoin transactions anonymous? Not at all…

Each transaction into and out of a wallet is a bread crumb. Following the trail is trivial. Every day, an army of armchair sleuths help the FBI. That’s how Silk Road was brought down.

The problem is that some of that money eventually interacts with the real world (a dentist is paid, a package shipped or a candy is purchased at a gas station). Even if the real-world transaction is 4 hops before or after hitting the “anonymous” wallet, it creates a forensic focal point. Next comes a tax man, an ex-spouse or a goon.

The first article linked below addresses the state of tumblers (aka “mixers”). They anonymize an open network by obfuscating the trail of bread crumbs.

Mixers/tumblers aren’t the only way to add a layer of privacy to Bitcoin transactions. The Lightning Network spec includes an optional 17-hop onion routing (just like TOR’s 4 step onion routing). I have not yet seen the feature expressed in wallets or services, but if implemented, it will be even more private and trustworthy than a mixer, because there is no middle party to trust (by you) or squeeze (by investigators). It has the potential to makes any crypto Bitcoin even more anonymous than cash.

Certain cryptocurrencies (not Bitcoin) have anonymity baked in by design. Monero, ZCash and Dash are privacy tokens that use very different approaches to eliminate the bread crumbs. Monero appears to have one distinct advantage: Like the TOR network, it is trustless. But there are benefits to each approach.

Philip Raymond co-chairs CRYPSA, hosts the Bitcoin Event and is keynote speaker at Cryptocurrency Conferences. He is a top writer at Quora.

Just five months ago at the RSA conference, the NSA released Ghidra, a piece of open source software for reverse-engineering malware. It was an unusual move for the spy agency, and it’s sticking to its plan for regular updates — including some based on requests from the public.

In the coming months, Ghidra will get support for Android binaries, according to Brian Knighton, a senior researcher for the NSA, and Chris Delikat, a cyber team lead in its Research Directorate, who previewed details of the upcoming release with CyberScoop. Knighton and Delikat are discussing their plans at a session of the Black Hat security conference in Las Vegas Thursday.

Before the Android support arrives, a version 9.1 will include new features intended to save time for users and boost accuracy in reverse-engineering malware — enhancements that will come from features such as processor modules, new support for system calls and the ability to conduct additional editing, known as sleigh editing, in the Eclipse development environment.

Read more | >