Browse Tag: Encryption

EFF Says HTTPS Deployment Saw Major Growth in 2016

In an end-of-the-year summary, the Electronic Frontier Foundation noted that deployment of HTTPS grew dramatically in 2016,

By some measures, more than half of page loads in Firefox and in Chrome are now secured with HTTPS—the first time this has ever happened in the Web’s history. That’s right: for the first time ever, most pages viewed on the Web were encrypted! (As another year-in-review post will discuss, browsers are also experimenting with and rolling out stronger encryption technologies to better protect those connections.)

The EFF sites the availability of tools and services such as Let’s Encrypt that make obtaining and deploying certificates easier, as well as increasing pressure on companies to encrypt all traffic rather than just specific subsets.

The one troubling spot is that this increase isn’t necessarily distributed well geographically,

A caveat: data from Google shows that use of HTTPS varies significantly from country to country, remaining especially uncommon in Japan. We’ve also heard that it’s still uncommon across much of East and Southeast Asia. Next year, we’ll have to find ways to bridge those gaps.

I’ve used HTTPS on 99 percent of my server for years now, but there was a tiny portion that was not HTTPS because of a specific application that used its own non-Apache server that did not play well with the Wildcard SSL certificate I use. This year, finally, I was able to use Let’s Encrypt to flawlessly install a certificate just for that. The process for doing so was ridiculously easy and took about 10 minutes from beginning to end to configure and test.

Black Hat Presentation – Bypassing Local Windows Authentication to Defeat Full Disk Encryption

Ian Haken makes a fascinating presentation of his research on bypassing Bitlocker on a Windows machine if you have physical access to the machine you’re trying to crack into. Especially interesting is the point Haken makes at the end that this particular attack worked (Microsoft has since fixed this particular issue)  because of assumptions about the security model that Microsoft made years ago that are no longer true–but those assumptions are instantiated in the way that various parts of Windows authentication works.

 

Noisecrypt–A Distributed, Encrypted Social Network

Noisecrypt is a github-hosted project aimed at creating “a decentralized social network with end-to-end encryption. You can save your user data on a server of your choice while you can still interact (write messages, visit profiles, etc.) with people on other servers. Furthermore messages, private posts and private profile information are end-to-end encrypted.”

Still in active development, although there are preview versions of the client and the server available at github (both of which, the project maintainers make clear, are for testing purposes only as the encryption and identity protection features are both in active development).

 

Noisecrypt Screenshot

DiskCryptor – Open Source Whole Disk Encryption for Windows

Bruce Sterling has said he’s been using Symantec’s Endpoint Encryption software for full disk encryption ever since the demise of TrueCrypt. I used Symantec’s product — which is really just a commercialization of PGP — many years ago before TrueCrypt became so popular. It worked well and I’m sure it is still a great solution IF you can afford the $85/workstation license.

So instead, I’ve been using the open source DiskCryptor for all of my whole disk encryption needs for Windows.So far I haven’t had any issues with it and from what I can tell it is a least as secure as TrueCrypt was (i.e., it’s likely to stymie local cops, but state actors have many ways to obtain passphrases if they want to devote sufficient resources — not sure they’re likely to do so for my porn collection, however).