Archive for the ‘backdoors’ Category
Cyrus Vance, Jr., the Manhattan district attorney and an outspoken critic of encryption, called on Congress to adopt legislation mandating that mobile phone makers like Apple and Google bake backdoors into their smartphones.
Vance said it is "government's principal responsibility to keep its residents safe, and that a government cannot fulfill that responsibility if huge amounts of vital information directly related to public safety are inaccessible to the government."
The district attorney's proposal provided data saying that in a span of 12 months ending in October, as many as 111 prosecutions in his office for a variety of crimes like homicide, attempted murder, sexual abuse of a child, sex trafficking, assault, and robbery were hindered because of encrypted mobile phones connected to the cases. He also cited a litany of prosecutions in which evidence obtained from mobile phones helped solve the same types of cases.
With more than 120 people killed in Paris, US government officials are already touting the City of Light as the case against encryption.
The post After Paris Attacks, Here’s What the CIA Director Gets Wrong About Encryption appeared first on WIRED.
FBI General Counsel James Baker today spoke about how encryption is making it increasingly difficult for law enforcement agencies to conduct surveillance. While the FBI has previously argued in favor of backdoors that let authorities defeat encryption, Baker said the issue must ultimately be decided by the American people.
“We are your servants,” Baker said. “The FBI are your servants, we will do what you want us to do.”
Baker was speaking in a panel discussion titled “Going Dark: The Balance Between Encryption, Privacy, and Public Safety” at the annual Advanced Cyber Security Center conference in Boston.
Apple chief Tim Cook took to the WSJDLive stage Monday night to again declare that Apple would not bake encryption backdoors into its products.
"We said no backdoor is a must," Cook said at the Laguna Beach, California conference. "Do we want our nation to be secure? Of course. No one should have to decide between privacy or security. We should be smart enough to do both. Both of these things are essentially part of the Constitution."
The National Security Agency and government officials have been arguing that the nation's security demands require the tech sector to provide law enforcement officials with a key to their encrypted consumer products. James Comey, the FBI director, announced two weeks ago that the Obama administration would not seek legislation toward that goal and instead declared that authorities would "continue conversations with industry" in a bid to guilt them into giving up their customers' privacy.
The White House has denied the FBI's pleas for an encryption backdoor. But don't forget that feds can still sneak in through the window.
The post Cops Don’t Need a Crypto Backdoor to Get Into Your iPhone appeared first on WIRED.
FBI Director James Comey told a congressional panel that the Obama administration won't ask Congress for legislation requiring the tech sector to install backdoors into their products so the authorities can access encrypted data.
Comey said the administration for now will continue lobbying private industry to create backdoors to allow the authorities to open up locked devices to investigate criminal cases and terrorism.
"The administration has decided not to seek a legislative remedy now, but it makes sense to continue the conversations with industry," Comey told a Senate panel of the Homeland Security and Governmental Affairs Committee on Thursday.
Attackers are infecting a widely used virtual private network product sold by Cisco Systems to install backdoors that collect user names and passwords used to log in to corporate networks, security researchers said.
A researcher from security firm Volexity told Ars that he's aware of about a dozen attacks successfully infecting Cisco's Clientless SSL VPN, but he said he suspects the total number of hacks is higher. The attacks appear to be carried out by multiple parties using at least two separate entry points. Once the backdoor is in place, it may operate unnoticed for months as it collects credentials that employees enter as they log in to company networks.
The Clientless SSL VPN is a virtual private network product that works with Cisco's Adaptive Security Appliance. Once users have authenticated themselves, the Web-based VPN allows employees to access internal webpages and internal file shares plus launch plug-ins that allow them to connect to other internal resources through telnet, SSH, or similar network protocols.