Tag: encryption

Apple vs. FBI

Published on by BriAlys

The FBI ordered Apple to create a “backdoor” so it can break into the San Bernardino shooter’s iPhone 5c. Apple basically said no, challenging the FBI on encryption.

Official_Apple_Logo_2013_Pictures_5_HD_WallpapersSurely Apple saw this coming which is why CEO Tim Cooke started his appeal months ago. I’m 100% convinced that if we were not living in a post-Snowden world, Apple would have never had the “balls” (pardon my language) to stand up to the FBI. Apple must think it has the support of the American people; however, most in the tech community would support its position. The average Joe? We can’t be so sure so an uphill battle is almost a given. This case could make its way all the way to the Supreme Court... oh, wait, we only have 8. So in a tie breaker, the ruling of the lower court stands <== important point here

Supreme Court: What happens in case of a tie? The high court’s ruling is rendered almost meaningless; it leaves the most recent decision intact, usually from a federal appeals court or a top state court. There is no new, national precedent created by the nation’s highest court. USA Today

fbi-sealThe FBI’s case was brought forth in the STATE of CALIFORNIA. Recently, a lawmaker introduced a law that would ban encryption on ALL phones in the state starting in 2017. In essence he wants all phones to be, “capable of being decrypted and unlocked by its manufacturer or its operating system provider.” There’s also a similar bill in New York.

It remains to be seen where other tech giants like Microsoft, Samsung and Google will land in this debate. You better believe if Apple is FORCED to do this,  other cell phone manufactures will be on the hook as well. If they all side with Apple, #GameOn. Either way, it’s an interesting dialogue to have!  Regardless of your position on this issue, pay attention people! (I just turned notifications on for Eric Snowden on Twitter… can’t wait to hear what he as to say).

***BTW, do you know how much money do we spend on the FBI each year?? Wikipedia said the number was $8.3 billion in 2014 (2 years ago). If breaking into an iPhone is the only “chance” we have to catch a terrorist network/cell, we may already be doomed.

Watch a preview of Tim Cooke’s 60-minute interview from December 2015 here:

Screen Shot 2016-02-17 at 6.35.27 AM

View the statement issued by Apple last night (click the image to read more)

Screen Shot 2016-02-17 at 6.36.41 AM

Ransomware & Bitcoins

Published on by BriAlys

Ok ladies, it’s time for some heavy lifting! So let’s get right to it:

  • Question: What is Ransomware?
  • Answer: Ransomware is a type of malware that prevents or limits users from accessing their system. It forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems, or to get their data back. (Trend Micro)

Let me give you a real life example to help you relate. If a criminal kidnaps a child, like in the popular Denzel movie, Man on Fire, they often demand cash in exchange for returning the person to their relative/loved one. During the time of the kidnapping, the family has no access to the child – they cannot even see the child or perform everyday tasks like eating dinner together or talking about what happened at school that day. Imagine that the child got their report card on the day they were kidnapped – the family would not be able to see what was on the report card – not the child’s name, not their grades, nothing. Access to the child and everything the child has is completely cut off. No family member can get to the child or access to the information they may hold until the ransom is paid and the child is returned. #InThatOrder

Ransomware is technical jargon; but, it basically means the same situation as described above; but, in this case the kidnapper is a computer hacker and the kidnapee is a computer systemA hospital in Southern California, Hollywood Presbyterian, is under a ransomware attack as we speak. Their computer system is completely shut down and workers do not have access to patient information, records, etc. Patient  registration, notes, medical records and conditions are all being handled the old way – by pen and paper. This is serious: the FBI has been called in to investigate and help!

The ransom being demanded is 9,000 bitcoins (or 3.4 million dollars). In exchange, the hackers would send back the key code to restore the system.

video.yahoofinance.com@8dfea102-b1a8-362e-9e14-5554f85eab4c_FULLBitcoins are a sort to encrypted virtual currency – think of it as electronic money (they are not real dollars) that can be transferred between entities or people digitally and ANONYMOUSLY. Your bank keeps track of everything you send/receive but that’s not possible with Bitcoins. Users simply have a Wallet ID and that’s it. You can “never” know who the buyer or seller is. This virtual currently is not ensured by the FDIC and this industry, praised by Bill Gates and others, is largely unregulated.

Screen Shot 2016-02-15 at 5.23.03 PM

Today, it’s a hospital, tomorrow maybe it’ll be the Social Security Administration or your bank. Then what? Sure, those agencies/companies spend millions of dollars fighting cyber attacks – President Obama recently announced that he wants$3 billion from Congress to to fight such crimes as these, cyberattacks; but, we, very much live in a digital world and it only takes one lucky attempt or try for a hacker to do “virtual” damage.

Ransomware is not just for companies, individuals can be targeted as well. Even you! So, what can you do? Don’t open email from people you don’t know, especially attachments. Don’t click on UNKNOWN links – seriously, if the sender’s email address is something like “info@yourbank.com” this should a RED FLAG. If you haven’t paid attention to that before, spend 5 seconds to look NOW! Don’t download FREE software you think is going to solve your problem (i.e. my computer is slow software X claims to be able to fix it”, etc.) Don’t play games online that require you to DOWNLOAD something. PERIOD. FREE != GOOD != SAFE… I just taught you a bit of computer programming there 🙂 And finally, get a Mac. Seriously… read more here.

I included a few videos below in case you want to learn more about Ransomware or Bitcoins. #StaySafeOnline

Screen Shot 2016-02-15 at 5.43.17 PM

Screen Shot 2016-02-15 at 5.47.44 PM

Encrypted Communications

Published on by BriAlys

m6BFtJQW_400x400Telegram is the Berlin-based competitor to Facebook’s WhatsApp. Using two layers of encryption, the app claims to be ‘faster and more secure’ than other messaging services. Users can message and send files to friends, create group chats with up to 200 members, or opt for ‘special secret chats’ where messages self-destruct. ISIS terrorists are turning to encrypted underground apps like Telegram to communicate. Laith Alkhouri, director of Research at Flashpoint Global Partners, called it ‘the new hot thing among jihadists.'” (CNN Money)

(See also Encryption 101 by yours truly)

This is the EXACT type of communication that continues to drive the debate about privacy and national security in America. It also puts Silicone Valley (the tech community) against governments around the world, including the US, and continues to come up in the Democratic & Republic Presidential Debates. Here’s what Tim Cook, CEO of Apple, said in a recent 60-minutes interview:

I don’t believe that the tradeoff here is privacy versus national security. If the government lays a proper warrant on us today then we will give the specific information that is requested. Because we have to by law. In the case of encrypted communication, we don’t have it to give. And so if like your iMessages are encrypted, we don’t have access to those. There have been people that suggest that we should have a back door. But the reality is if you put a back door in, that back door’s for everybody, for good guys and bad guys.

Remember when Carla Dean (Will Smith’s wife in Enemy of the State) said, “Who’s going to monitor the monitors?” That’s exactly the point critics raise with spying on encrypted communications in general. China actually just passed legislation that, “mandate[s] internet companies operating in China provide encryption keys and passwords to the government when requested.” Make no mistake, the US wants to go this way as well. The TED talk below argues against government spying and Rand Paul is one of the few presidential candidates that has consistently argued against NSA spying on Americans – it’s one of the points I DO agree with him on.

The United States of America has THE strongest and most funded military in the world. Surely it can find a way to use all the intelligence information collected legally by the CIA, NSA, and Department of Defense, and pool both their resources and talent to STAY AHEAD of the curve without violating the rights of ordinary americans, no? #tobecontinued!

Screen Shot 2015-12-26 at 11.21.36 PM

Encryption

Published on by BriAlys

EncryptionToday I watched Eric Snowden’s address at SXSW, transcript. It was a very interesting discussion. One of the more interesting and recurring themes mentioned as a way to protect personal data is called Encryption. It dawned on me that some people may not know what this is, so I’m here to explain!

There’s a whole lot of information that we don’t want other people to see, such as:

  • Credit-card information

  • Social Security numbers

  • Private correspondence

  • Personal details

  • Sensitive company information

  • Bank-account information 

Encryption is the process of encoding (or making secret) information so that only the person (or computer) with the key can decode it (HowStuffWorks). While there are many ways to encrypt information what I want to focus on the easiest way to tell if a website you frequent is encrypting the information you provide. The way to tell is with HTTPS (Hypertext Transfer Protocol Secure ). It describes HOW websites should transmit data.

Let me give you an example – You open your browser and head over to your bank’s website, say Chase. When you get to the site, you enter your username, password and click on the button that says Log In.

chase

What happens to the information (username, password) that you entered? How do we make sure that no one can easily intercept (or hack) the data and log in to your account later?? As mentioned earlier, the HTTPS protocol mandates that this information be transmitted in a secure way… For the sake of this post, you don’t have to understand any more details than that!

What I want to focus on is how you can tell if a website you frequent is following the HTTPS protocol. That’s important because if you log into a site that does not use HTTPS, it’s like the equivalent of writing your username and password on a postcard and mailing it for the entire world to see (Slashdot). The simplest way is to look at the browser bar – you know, where you typed “chase.com”. If the site is using one of many encryption methods, you will see https://www.chase.com/ instead of http://www.chase.com/. Go ahead and try it out on your favorite sites…

https

So, you may be asking to yourself… “If HTTPS is more secure, why doesn’t every website use it?” Well, that’s because it’s expensive and requires more processing power (computer hardware). Or you be thinking, “Why doesn’t someone mandate that personal data always be transmitted in this way?” Queue Congress and the NSA! …

I just want you to be AWARE of the situation. If you are asked to make a payment on a website and you don’t see HTTPS in the browser, politely decline! If there’s a new, hot social media site that you want to join that utilizes your personal information and you don’t see HTTPS, think again!

Now, I hate to burst any bubbles, but encryption algorithms CAN BE HACKED. In the case of Target and the recent credit card debacle, they actually were encrypting credit card data and pin numbers. The problem is with the method of encryption they used. And yes, you can combine more than one encryption method to make information transmission more secure. It would be sort of like using a key to lock your doors + having a dog + setting your house alarm before you leave for work each day (yes, someone can still break into your house, but AT LEAST you’ve taken measures to protect your assets.) Just keep in mind that the method and approach is currently left up to the individual business or entity.

Knowledge is Power!