Former US cybersecurity official gets 25 years for child porn charges

On Monday, a federal judge in Nebraska sentenced the former acting director of cybersecurity for the US Department of Health and Human Services to 25 years in prison on child porn charges.

Timothy DeFoggi, who was convicted back in August 2014, is the sixth person to be convicted in relations to a Nebraska-based child porn Tor-enable website known as PedoBook. That site’s administrator, Aaron McGrath, was sentenced to 20 years last year by the same judge. McGrath famously did not have an administrator password, a mistake that federal investigators were easily able to make use of.

DeFoggi's attorneys did not immediately respond to Ars' request for comment, but he was almost certainly unmasked via an FBI-created malware exploit designed to expose him and other PedoBook users.

Read 3 remaining paragraphs | Comments

Lavabit founder wants to make “dark” e-mail secure by default

Ladar Levison is probably most well-known to Ars readers as the founder of the secure e-mail service Lavabit, which he shut down in mid-2013 in an effort to avoid being forced to comply with a US government demand to turn over users’ e-mails. But his latest project is a lot grander in scope than a single hosted e-mail service: Levison is attempting, with the aid of some fellow crypto-minded developers, to change e-mail at large and build encryption into its fundamental nature.

As one of the members of the Darkmail Technical Alliance, Levison—along with Jon Callas, Mike Janke, and PGP designer Phil Zimmermann—is working on a project collectively referred to as DIME, the Dark Internet Mail Environment. DIME will eventually take the form of a drop-in replacement for existing e-mail servers that will be able to use DMTP (the Dark Mail Transfer Protocol) and DMAP (Dark Mail Access Protocol) to encrypt e-mails by default.

Conceptually, DIME applies multiple layers of encryption to an e-mail to make sure that the actors at each stage of the e-mail’s journey from sender to receiver can only see the information about the e-mail that they need to see. The e-mail’s author and recipient both know who sent the message and where it was bound, but the author’s e-mail server doesn’t—it can only decrypt the part of the message containing the recipient’s e-mail server. The recipient e-mail server knows the destination server and the recipient, but it doesn’t know the sender. So if you arrange the four steps in a line from left to right—author, origin server, destination server, and recipient—each step in the line is only aware of the identity of the entity directly to its left or right.

Read 7 remaining paragraphs | Comments

McAfee Labs Researchers Offer Master Class in Security at Oregon State

For McAfee Labs the New Year will start with a lot of excitement. During the next 10 weeks, several of us researchers will teach a master class at Oregon State University. During this class, “Defending against the Dark Arts,” more than 60 students will be served a diversity of topics, including malware, forensics, memory analysis, exploits, rootkits, and mobile threats.

The master class is part of the Multiple Engineering Cooperative Program (MECOP). The program began in 1978 as collaboration between OSU and Oregon-based manufacturing companies that hired engineering graduates. Its purpose is to provide the highest level of engineering graduate, and bridge academic theory with industrial reality. Since 2013, Intel Security Group (McAfee) has been a member. Both classroom instruction and internships are part of the program. More than 70 percent of the students end up with a job offering from the more than 120 participating MECOP companies.

Personally, I’m really looking forward to teaching the first two weeks of classes: malware basics and incident response/forensics. In these two weeks we will build a foundation of terminology, tools, and practices. During malware basics, students will start to interact with real malware samples, to understand how they work and how to conduct basic analysis. In the second week, we will spend a few hours as an incident responder and forensic investigator. We will end that week with a great challenge in which the students will compete with each other.

It is fulfilling to inspire young people who are about to graduate and choose a career path. We hope we can share some of the passion for the areas we work in. As John Wesley said, “When you set yourself on fire, people love to come and see you burn.”

The post McAfee Labs Researchers Offer Master Class in Security at Oregon State appeared first on McAfee.

A Look Back At 2014 – Tools & News Highlights

So it’s back to normal programming today, here’s a look back at 2014 (ups and down) and interesting happenings over the past 12 months – including tools and news stories. 2014 News Stories So Bitcoin and cryptocurrency in general was a pretty hot topic in 2014, and the year started out with Yahoo! spreading malware [...] The...

Read the full post at