#Europe mulls open sourcing #TETRA emergency services' #encryption algorithms

source: https://www.theregister.com/2023/10/12/etsi_tetra_open_source/

The European Telecommunications Standards Institute (ETSI) may #OpenSource the proprietary encryption algorithms used to secure #emergency #radio communications after a public backlash over security flaws found this summer.

#security #communication #ETSI #news #software

Mathematician warns US spies may be weakening next-gen encryption

Quantum computers may soon be able to crack encryption methods in use today, so plans are already under way to replace them with new, secure algorithms. Now it seems the US National Security Agency may be undermining that process

https://www.newscientist.com/article/2396510-mathematician-warns-us-spies-may-be-weakening-next-gen-encryption/

#science #math #encryption #computers #networks

Mathematician warns US spies may be weakening next-gen encryption

Quantum computers may soon be able to crack encryption methods in use today, so plans are already under way to replace them with new, secure algorithms. Now it seems the US National Security Agency may be undermining that process

#UK's #Online Safety Bill finally passed by #parliament

Source: https://www.reuters.com/world/uk/uks-online-safety-bill-passed-by-parliament-2023-09-19/

#Messaging platforms led by #Meta's (META.O) #WhatsApp have opposed a provision in the law that they say could force them to break #end-to-end #encryption.

We can't trust anymore #software from #UK.

😱

#e2e #security #privacy #politics #news #surveillance #bigbrother #orwell #1984

UK's Online Safety Bill finally passed by parliament

Britain's long-awaited Online Safety Bill setting tougher standards for social media platforms such as Facebook, YouTube and TikTok has been agreed by parliament and will soon become law, the government said on Tuesday.

Today The #UK #Parliament Undermined The #Privacy, #Security, And #Freedom Of All #Internet #Users  | #ElectronicFrontierFoundation

Politicians showing they know nothing about how online security actually works.

https://www.eff.org/deeplinks/2023/09/today-uk-parliament-undermined-privacy-security-and-freedom-all-internet-users

#Encryption #DataProtection

Today The UK Parliament Undermined The Privacy, Security, And Freedom Of All Internet Users 

The U.K. Parliament has passed the Online Safety Bill (OSB), which says it will make the U.K. “the safest place” in the world to be online. In reality, the OSB will lead to a much more censored, locked-down internet for British users. The bill...

#Downfall attacks targets a critical weakness found in #Intel CPUs

Source: https://downfall.page

#CPU #bug #vulnerability #hack #problem #security #hardware #software #encryption #news

The British Government Is Coming For Your Privacy

#currentevents #news #encryption #onlinesafetybill #privacy #uk #hackaday
posted by pod_feeder_v2

The British Government Is Coming For Your Privacy

The list of bad legislation relating to the topic of encryption and privacy is long and inglorious. Usually, these legislative stinkers only affect those unfortunate enough to live in the country t…

#security #fail: https://www.wired.com/story/tetra-radio-encryption-backdoor/

#encryption #police #tetra #backdoor #hack #hacker #CyberSecurity #news #technology

Code Kept Secret for Years Reveals Its Flaw—a Backdoor

A secret encryption cipher baked into radio systems used by critical infrastructure workers, police, and others around the world is finally seeing sunlight. Researchers say it isn’t pretty.

Ciao a tutti, sono un #NuovoUtente.I miei interessi sono #arte, #blender, #bosque, #c, #c64, #commodore64, #dibujo, #dividends, #django, #dudh, #educación, #encryption, #hack, #hispagatos, #inktober, #música, #openshot, #programación, #python, #retrogaming, #roland, #session, #synth, #synthesizer e #ukraine.

End-to-end encryption; the will of the British people

https://element.io/blog/end-to-end-encryption-the-will-of-the-british-people/

Ideally, this section would introduce a guarantee that this type of notice would not be imposed on providers of end-to-end encrypted communications. Instead it relies on questionable concepts such as “accredited technology” to wistfully wave some form of assurance that ‘this sort of thing’ is technically possible and it’ll all be fine, secure and appropriate.

Be under no illusion; “accredited technology” is no more reassuring than a lock which can be opened by a skeleton key.

It’s this aspect of the Online Safety Bill - the potential for undermining of end-to-end encryption - that we refute as completely flawed. It is not possible to have both secure communications and blanket surveillance, in the same way you cannot “have your cake and eat it.”

#encryption #privacy #security #matrix #element #whatsapp #signal #uk #britain

End-to-end encryption; the will of the British people

83% of UK citizens believe personal conversations on messaging apps such as Element, WhatsApp or Signal should have the highest level of security and privacy possible.

Desktop Linux Hardening | PrivSec - A practical approach to Privacy and Security | #linux #desktop #hardening #security #privacy #encryption

Desktop Linux Hardening

Linux is not a secure desktop operating system. However, there are steps you can take to harden it, reduce its attack surface, and improve its privacy. Before we start… Some of the sections will include mentions of unofficial builds of...

KryptEY - Secure E2EE communication

An Android keyboard for secure end-to-end-encrypted messages through the signal protocol in any messenger. Communicate securely and independent, regardless of the legal situation or whether messengers use E2EE. No server needed.

Motivation
Breaking of end-to-end encryption (E2EE) by laws such as the planned EU chat control is an ongoing issue. Content in messengers that use E2EE, such as Whatsapp or Signal, could thus be monitored by third parties. E2EE is often, but not always, standard in messengers. There are proven methods for E2EE such as PGP. However, these methods are sometimes cumbersomely integrated and require a lot of effort to use.

KryptEY is an Android keyboard that implements the Signal protocol. The keyboard works messenger-independently and both the X3DH Key Agreement Protocol and the Double Ratchet Algorithm work without a server, thus it enables a highly independent use of the protocol.

https://github.com/amnesica/KryptEY

#e2ee #Android #Security #encryption #CIA #BND #EU #USA

GitHub - amnesica/KryptEY: Android keyboard for secure E2EE communication through the signal protocol in any messenger. Communicate securely and independent, regardless of the legal situation or whether messengers use E2EE

Android keyboard for secure E2EE communication through the signal protocol in any messenger. Communicate securely and independent, regardless of the legal situation or whether messengers use E2EE -...

Am Tag der Pressefreiheit fordern 45+ Organisationen Verschlüsselung zu schützen

#Pressefreiheit #Presse #Meinungsfreiheit #Medien #Politik #encryption #Eu

Am Tag der Pressefreiheit fordern 45+ Organisationen Verschlüsselung zu schützen

Was früher das Briefgeheimnis war, ist heute die Verschlüsselung von Mails und Chats im Internet. Das betrifft nicht nur private Kommunikation, sondern ganz besonders auch die Kommunikation von Journalistinnen und Journalisten, die das Internet...

#Signal app warns it will quit #UK if #law weakens end-to-end #encryption

Source: https://www.theguardian.com/technology/2023/feb/24/signal-app-warns-it-will-quit-uk-if-law-weakens-end-to-end-encryption

Is it still UK or is it China? European Union is working on the same thing for security and child protection yoz understand?

#news #internet #security #privacy #problem #cryotowar #politics #freedom #conversation #messenger #software

SUPERCON 2022: Kuba Tyszko Cracks Encrypted Software

#cons #hackadaycolumns #softwarehacks #2022hackadaysupercon #aes #encryption #openssl #hackaday
posted by pod_feeder_v2

SUPERCON 2022: Kuba Tyszko Cracks Encrypted Software

[Kuba Tyszko] like many of us, has been hacking things from a young age. An early attempt at hacking around with grandpa’s tractor might have been swiftly quashed by his father, but likely th…

'Exclu' #Messenger Under #Investigation by European #Police Forces After Its #Decryption was Used by Criminals

source: https://www.techtimes.com/articles/287283/20230207/exclu-messenger-under-investigation-by-european-police-forces-after-its-decryption-was-used-by-criminals.htm

#Exclu is a chat messenger service that allows users to exchange messages, photos, videos, notes, and voice memos in a heavily shielded environment. The service was costly, as a six-month license would cost around 800 euros.

I'm surprised that you can't develop secure #encryption for the price and that criminals are so stupid and don't go for secure #e2e encryption with open source.

#software #crime #cybercrime #news #security #fail

'Exclu' Messenger Under Investigation by European Police Forces After Its Decryption was Used by Criminals

Police are now investigating the Exclu messenger app to crack down on criminals using decryption to contact each other. Learn more.

#UK Proposes Making the #Sale and Possession of Encrypted #Phones #Illegal

Source: https://www.vice.com/en/article/z34p49/uk-proposes-making-sale-possession-of-encrypted-phones-illegal-encrochat-sky

In other words, this change would criminalize owning an encrypted phone, selling one, or making one for use in crime, a crime in itself.

So the #cryoto wars are starting again :(

#technology #security #privacy #surveillance #crime #police #law #politics #news #encryption #messenger #e2e

UK Proposes Making the Sale and Possession of Encrypted Phones Illegal

The Home Office says it wants to target “bespoke” devices used for crime, but critics say it is unclear what a bespoke device is.

Find the LUKS encryption key in a memory dump file of a Proxmox VM

• Get the partitions from the VM's qcow2 file

ls -alh
-rw-r----- 1 root root 33G Jan 3 19:17 vm-102-disk-0.qcow2
-rw-r----- 1 root root 448M Jan 3 18:05 vm-102-state-luks.raw

modprobe nbd max_part=8
qemu-nbd --connect=/dev/nbd0 vm-102-disk-0.qcow2
fdisk -l

Device        Start      End  Sectors Size Type
/dev/nbd0p1    2048     4095     2048   1M BIOS boot
/dev/nbd0p2    4096  4198399  4194304   2G Linux filesystem
/dev/nbd0p3 4198400 67106815 62908416  30G Linux filesystem

• Find the master key in the memory state dump of the VM with findaes

findaes vm-102-state-luks.raw
Searching vm-102-state-luks.raw
Found AES-256 key schedule at offset 0xb1428dc:
23 02 57 16 22 c1 d4 4f 13 09 00 fa 6c 63 e7 4c 84 91 e1 a3 c5 99 c9 ee 6a 17 cc c7 1f 01 21 f5
Found AES-256 key schedule at offset 0xb142cdc:
22 d2 a6 2e 48 b4 13 d9 4e 1b ed 0c 0b d0 ec 13 e6 39 02 ea 8f b1 dc 70 78 71 89 3f 67 76 a4 2f
Found AES-256 key schedule at offset 0xd97da7a:
38 f3 74 9a 2e 31 92 b0 b4 95 3f 91 c0 cf a7 b9 8b 3e e8 7e bd a0 88 c8 18 4d 8a b0 ee 83 76 66
Found AES-256 key schedule at offset 0xd97dc4a:
38 f3 74 9a 2e 31 92 b0 b4 95 3f 91 c0 cf a7 b9 8b 3e e8 7e bd a0 88 c8 18 4d 8a b0 ee 83 76 66
Found AES-256 key schedule at offset 0xd97deda:
00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f
Found AES-256 key schedule at offset 0xd97e4ba:
d0 b1 91 2f 5b e4 1a c2 7b 96 2f 61 ad bd 25 7d 8a b7 fc 58 f6 99 07 77 dc bd bd b6 fa 18 5a 79
Found AES-256 key schedule at offset 0xd97f69a:
d0 b1 91 2f 5b e4 1a c2 7b 96 2f 61 ad bd 25 7d 8a b7 fc 58 f6 99 07 77 dc bd bd b6 fa 18 5a 79
Found AES-256 key schedule at offset 0xd97f92a:
00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f
Found AES-256 key schedule at offset 0xd9898ac:
31 31 1a 7b 47 92 f6 b8 d5 a4 c2 fb f7 cb a5 ff 5a 28 4d 3b d5 d8 7e 63 fa 8a d0 73 86 79 e3 15
Found AES-256 key schedule at offset 0xd989a7c:
31 31 1a 7b 47 92 f6 b8 d5 a4 c2 fb f7 cb a5 ff 5a 28 4d 3b d5 d8 7e 63 fa 8a d0 73 86 79 e3 15
Found AES-256 key schedule at offset 0xd989d0c:
00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f

• In this case the first 2 matches combined are the master key (2x 256 bits = 512 bits key length)

This may not always be the case. Your best bet is to find two 256 bit keys with successive memory addresses.

• Copy the combined key to a textfile

echo "2302571622c1d44f130900fa6c63e74c8491e1a3c599c9ee6a17ccc71f0121f522d2a62e48b413d94e1bed0c0bd0ec13e63902ea8fb1dc707871893f6776a42f"
> masterkey.txt

• Convert masterkey to binary format

xxd -r -p masterkey.txt masterkey.bin

• Open luks volume

cryptsetup --master-key-file masterkey.bin luksOpen /dev/nbd0p3 myluks

• Open LVM and mount the VM's filesystem

mkdir /mnt/myluks
vgscan --mknodes
Found volume group "ubuntu-vg" using metadata type lvm2

mount /dev/mapper/ubuntu--vg-ubuntu--lv /mnt/myluks
ls -alh /mnt/myluks/
total 2,1G
drwxr-xr-x 19 root root 4,0K Jan 3 18:03 .
drwxr-xr-x 6 root root 4,0K Jan 3 19:15 ..
lrwxrwxrwx 1 root root 7 Aug 9 13:53 bin -> usr/bin
drwxr-xr-x 2 root root 4,0K Jan 3 17:57 boot
drwxr-xr-x 4 root root 4,0K Aug 9 13:56 dev
drwxr-xr-x 78 root root 4,0K Jan 3 18:04 etc
drwxr-xr-x 3 root root 4,0K Jan 3 18:04 home
lrwxrwxrwx 1 root root 7 Aug 9 13:53 lib -> usr/lib
lrwxrwxrwx 1 root root 9 Aug 9 13:53 lib32 -> usr/lib32
lrwxrwxrwx 1 root root 9 Aug 9 13:53 lib64 -> usr/lib64
lrwxrwxrwx 1 root root 10 Aug 9 13:53 libx32 -> usr/libx32
drwx------ 2 root root 16K Jan 3 17:57 lost+found
drwxr-xr-x 2 root root 4,0K Aug 9 13:53 media
drwxr-xr-x 2 root root 4,0K Aug 9 13:53 mnt
drwxr-xr-x 2 root root 4,0K Aug 9 13:53 opt
drwxr-xr-x 2 root root 4,0K Apr 18 2022 proc
drwx------ 4 root root 4,0K Jan 3 18:41 root
drwxr-xr-x 9 root root 4,0K Aug 9 13:57 run
lrwxrwxrwx 1 root root 8 Aug 9 13:53 sbin -> usr/sbin
drwxr-xr-x 2 root root 4,0K Jan 3 18:04 snap
drwxr-xr-x 2 root root 4,0K Aug 9 13:53 srv
-rw------- 1 root root 2,0G Jan 3 17:58 swap.img
drwxr-xr-x 2 root root 4,0K Apr 18 2022 sys
drwxrwxrwt 8 root root 4,0K Jan 3 18:59 tmp
drwxr-xr-x 14 root root 4,0K Aug 9 13:53 usr
drwxr-xr-x 13 root root 4,0K Aug 9 13:57 var

#proxmox #luks #encryption #linux #opensource #virtualization #security

Encryption Faces an Existential Threat in Europe

The CEO of Proton says new competition laws have finally given him a voice in Brussels, even as he fights the EU’s anti-encryption campaign. (...)

(...) [legislation] forcing encrypted platforms to carry out automated searches for child sexual abuse material. (...)

The problem with these legislations is they are written too broadly; they are trying to cover too many unrelated issues. (...)

Complete article

Tags: #privacy #encryption #eu #european_union #dma #digital_markets_act #Online_Safety_Bill #uk

Encryption Faces an Existential Threat in Europe

The CEO of Proton says new competition laws have finally given him a voice in Brussels, even as he fights the EU’s anti-encryption campaign.

#Google to roll out end-to-end #encryption for #Gmail users

Source: https://www.geo.tv/latest/459308-google-to-roll-out-end-to-end-encryption-for-gmail-users

Why so late? The #technology for this has been available for decades.

#e2ee #email #security #privacy #software #change #communication #web #internet #news

Google to roll out end-to-end encryption for Gmail users

Once enabled, Gmail client-side encryption will make sure that even the Google servers will not be able to decrypt any information sent as an attachment or as part of an email

1. It’s about time.
2. This is fantastically good news.
3. I’ll be this was technically difficult to achieve, considering the enormous amount of data involved.

https://www.wired.com/story/apple-end-to-end-encryption-icloud-backups/

#apple #icloud #encryption #security

Apple Expands End-to-End Encryption to iCloud Backups

The company will also soon support the use of physical authentication keys with Apple ID, and is adding contact verification for iMessage in 2023.