last week, two major events have further demonstrated the need for defense in depth and for encryption end to end. It was revealed that monitoring bodies had broken into the mobile network and stole all cryptokeys, and that the computer maker Lenovo has been wiretapping all secure communications users to insert advertising in she. These are two profound betrayals that force us to rethink what level of security is good enough
The flight NSA / GCHQ cryptographic keys -. Likely billion of them - certainly a crime when carried out by any other person or organization. But when performed by supervisors, it forces us to reassess what is on listening and what is not. In this case, it becomes clear that any phonecall on a cell phone is decrypted and tapped, and that oversight bodies have ensured that they have access to multiple methods to achieve this.
Do not say anything on a regular phonecall you do not want to make public. In this case, we turn to end at the end of encryption, where nobody but you and the person you are communicating with have cryptokeys. This principle is essential: as soon as your call is deciphered somewhere in the middle - in this case, the telephone network - you no longer have encryption end-to-end . This is a requirement today minimum to stay unwiretapped.
Mobile phone applications and RedPhone Signal, Open Whisper Systems, have been found to be difficult to solve by the supervisors. They provide end to end encryption for voicecalls and are compatible with each other -. iPhone signal of RedPhone for the Android ecosystem
However, as a serious wake-up call, encryption end to end is not enough in some cases that appeared to last week. Lenovo computers were compromised from the factory, so that you need to trust your computer to perform encryption end to end for you, but computer was overthrown by its manufacturer .
This brings us to the second principle :. defense in depth
defense in depth means that a security solution is not good enough. Just like when you dress warm in winter, you will not rely on a warm jacket: you need many layers of security. Indeed, at least one of them will be subverted and compromised. In this case, the operating system of your machine has been very adversely affected, which would normally be a game situation - but even these situations can be mitigated, as running Tails
As always, privacy remain your own responsibility ..
0 Komentar