Jan 11 2018

Skype finally getting end-to-end encryption

Enlarge (credit: Skype)

Since its inception, Skype has been notable for its secretive, proprietary algorithm. It's also long had a complicated relationship with encryption: encryption is used by the Skype protocol, but the service has never been clear exactly how that encryption was implemented or exactly which privacy and security features it offers.

That changes today in a big way. The newest Skype preview now supports the Signal protocol: the end-to-end encrypted protocol already used by WhatsApp, Facebook Messenger, Google Allo, and, of course, Signal. Skype Private Conversations will support text, audio calls, and file transfers, with end-to-end encryption that Microsoft, Signal, and, it's believed, law enforcement agencies cannot eavesdrop on.

Presently, Private Conversations are only available in the Insider builds of Skype. Naturally, the Universal Windows Platform version of the app—the preferred version on Windows 10—isn't yet supported. In contrast, the desktop version of the app, along with the iOS, Android, Linux, and macOS clients, all have compatible Insider builds. Private Conversations aren't the default and don't appear to yet support video calling. The latter limitation shouldn't be insurmountable (Signal's own app offers secure video calling). We hope to see the former change once updated clients are stable and widely deployed.

Read 2 remaining paragraphs | Comments

Sep 14 2017

Azure Confidential Computing will keep data secret, even from Microsoft

Enlarge / The Trusted Execution Environment means that, even if the application and operating system are compromised, the green code and data can't be accessed. (credit: Microsoft)

Microsoft announced today a new feature coming to its Azure cloud platform named "Confidential Compute." The feature will allow applications running on Azure to keep data encrypted not only when it's at rest (in storage) or in transit (over a network) but when it's being computed on in-memory. This ability to encrypt data when it's in-use means that it can be kept secure even from Microsoft's administrators, government warrants, and hackers.

Confidential Computing will have two modes: one is built on virtual machines, while the other uses the SGX ("Software Guard Extensions") feature found in Intel's recently introduced Skylake-SP Xeon processors. Both modes will allow applications to ringfence certain parts of their code and data so that they operate in a "trusted execution environment" (TEE). Code and data that are inside a TEE cannot be inspected from outside the TEE.

The virtual machine mode uses the Virtual Secure Mode (VSM) functionality of Hyper-V that was introduced in Windows 10 and Windows Server 2016. With VSM, most parts of an application will run in a regular virtual machine atop a regular operating system. The protected, TEE parts will run in a separate virtual machine containing only a basic stub operating system (enough that it can communicate with the regular VM) and only those parts of the application code that need to handle the sensitive data.

Read 4 remaining paragraphs | Comments

Aug 31 2017

Instagram Leak From API Spills High Profile User Info

Instagram Leak From API Spills High Profile User Info

Another high profile Instagram leak, this time no there’s actual tangible repercussions other than it could possibly link to the recent Justin Bieber nudes leaked via a compromise of Selena Gomez’s account.

There isn’t a whole lot of details about what actually happened, in terms of what went wrong with the API? A wild guess would be some kind of authentication or token bug in the API that allowed you to access certain information about other users that you weren’t supposed to be able to get access to.

Read the rest of Instagram Leak From API Spills High Profile User Info now! Only available at Darknet.

Aug 23 2017

Bitcoin Anonymity Compromised By Most Vendors

Cryptocurrency is getting a lot of press lately and some researchers dug a little bit deeper in Bitcoin anonymity as it’s a touted selling point for most cryptocurrencies. It’s not a problem with Bitcoin itself, or any other coin, more the fact that shopping cart implementations and analytics systems aren’t built with the anonymity of...

Read the full post at darknet.org.uk