Hotspot Shield for iPhone
http://hotspotshield.com/clientless/iphone/get_started.php

97586s

Hotspot Shield

Xkcd o dlouhem rsa klici a jinem francouzskem...

We've covered oodles of privacy apps and topics over the years at Lifehacker, but here are some of our personal favorites:

Encriptación, navegación anónima, gestión de passwords, borrado seguro de ficheros, encriptación de comunicaciones...

Today is Data Privacy Day, during which we're encouraged to reflect on the state of our data and bolster security where we can—so let's take a closer look at our favorite data privacy tips.

Data Privacy Day, during which we're encouraged to reflect on the state of our data and bolster security where we can—so let's take a closer look at our favorite data privacy tips

** Posted using Viigo: Mobile RSS, Sports, Current Events and more **

movement in the banking security industry

Hackers are getting our bank security pin codes!

Hackers have crossed into new frontiers by devising sophisticated ways to steal large amounts of personal identification numbers, or PINs, protecting credit and debit cards, says an investigator. The attacks involve both unencrypted PINs and encrypted PINs that attackers have found a way to crack, according to an investigator behind a new report looking at the data breaches.

Some of the attacks involve grabbing unencrypted PINs, while they sit in memory on bank systems during the authorization process. But the most sophisticated attacks involve encrypted PINs. Sartin says the latter attacks involve a device called a hardware security module (HSM), a security appliance that sits on bank networks and on switches through which PIN numbers pass on their way from an ATM or retail cash register to the card issuer. The module is a tamper-resistant device that provides a secure environment for certain functions, such as encryption and decryption, to occur. According to the payment-card industry, or PCI, standards for credit card transaction security, PIN numbers are supposed to be encrypted in transit, which should theoretically protect them if someone intercepts the data. The problem, however, is that a PIN must pass through multiple HSMs across multiple bank networks en route to the customer's bank. These HSMs are configured and managed d

Yves & TWA (comments) say this article has some fact checking issues

According to the payment-card industry, or PCI, standards for credit card transaction security, PIN numbers are supposed to be encrypted in transit, which should theoretically protect them if someone intercepts the data. The problem, however, is that a PIN must pass through multiple HSMs across multiple bank networks en route to the customer's bank. These HSMs are configured and managed differently, some by contractors not directly related to the bank. At every switching point, the PIN must be decrypted, then re-encrypted with the proper key for the next leg in its journey, which is itself encrypted under a master key that is generally stored in the module or in the module's application programming interface, or API.

A-E

UTF8Encoding

Professional crypto people don’t even get this stuff right. But if you have to encrypt something, you might as well use something that has already been tested.

Matasano Chargen

"list of recommendations for using cryptography which, if followed, will make sure you get things right in the vast majority of situations"

Thanks to my background as FreeBSD Security Officer, as a cryptographic researcher, and as the author of the Tarsnap secure online backup system, I am frequently asked for advice on using cryptography as a component in secure systems. While some people argue that you should never use cryptographic primitives directly and that trying to teach people cryptography just makes them more likely to shoot themselves in their proverbial feet, I come from a proud academic background and am sufficiently optimistic about humankind that I think it's a good idea to spread some knowledge around. In light of this, I've put together a list of "Cryptographically Right Answers" -- which is to say, a list of recommendations for using cryptography which, if followed, will make sure you get things right in the vast majority of situations.

Recommendations about cryptography

Tales from the encrypt: If you care about the integrity of your data, it's time to investigate solutions for accessing and securing it – and not just for the here and now

"But what if I were killed or incapacitated before I managed to hand the passphrase over to an executor or solicitor who could use them to unlock all this stuff that will be critical to winding down my affairs – or keeping them going, in the event that I'm incapacitated? I don't want to simply hand the passphrase over to my wife, or my lawyer. Partly that's because the secrecy of a passphrase known only to one person and never written down is vastly superior to the secrecy of a passphrase that has been written down and stored in more than one place. Further, many countries's laws make it difficult or impossible for a court to order you to turn over your keys; once the passphrase is known by a third party, its security from legal attack is greatly undermined, as the law generally protects your knowledge of someone else's keys to a lesser extent than it protects your own."

Program that makes email self destruct

ehind Vanish in detail. Briefly, as mentioned above, the user never knows the encryption key. This means that there is no risk of the user exposing that key at some point in the future, perhaps through coercion, court order, or compromise. So what do we do with the key? We could escrow it with a third party, but that raises serious trust issues (e.g., the case with Hushmail).

copies of Vanish encrypted data — even archived or cached copies — will become permanently unreadable at a specific time, without any action on the part of the user or any third party or centralized service.

Storing the decryption key across many p2p nodes means you can "lose" the key at a specified time. As long as one of the p2p nodes you have used destroys the key, we can no longer decrypt the message. The theory is certainly sound, lets hope the implementation is.

Vanish is a research system designed to give users control over the lifetime of personal data stored on the web or in the cloud. Specifically, all copies of Vanish encrypted data — even archived or cached copies — will become permanently unreadable at a specific time, without any action on the part of the user or any third party or centralized service.

In short words jCryption is a javascript HTML-Form encryption plugin, which encrypts the POST/GET-Data that will be sent when you submit a form. It uses the Multiple-precision and Barrett modular reduction libraries for the calculations and jQuery for the rest.

** Posted using Viigo: Mobile RSS, Sports, Current Events and more **

In short words jCryption is a javascript HTML-Form encryption plugin, which encrypts the POST/GET-Data that will be sent when you submit a form. It uses the Multiple-precision and Barrett modular reduction libraries for the calculations and jQuery for the rest. jCryption is completly free and dual licensed under the MIT and GPL licenses like jQuery.

Removes restrictions on PDFs through an upload.

Advanced Encryption Standard (AES)

good explanation of AES Rijndael.

Using a password sniffer to get around full disk encryption.

Encrypt data sentback to a server - quickly

We offer a fast, small symmetric encryption library written in Javascript. Though several such libraries exist, jsCrypto offers several advantages.

Militants in Iraq have used $26 off-the-shelf software to intercept live video feeds from U.S. Predator drones, potentially providing them with information they need to evade or monitor U.S. military operations. Senior defense and intelligence officials said Iranian-backed insurgents intercepted the video feeds by taking advantage of an unprotected communications link in some of the remotely flown planes' systems. Shiite fighters in Iraq used software programs such as SkyGrabber -- available for as little as $25.95 on the Internet -- to regularly capture drone video feeds, according to a person familiar with reports on the matter. some officials to conclude that militant groups trained and funded by Iran were regularly intercepting feeds. A Reaper costs between $10 million and $12 million each and is faster and better armed than the Predator

Shiite fighters in Iraq used software programs such as SkyGrabber -- available for as little as $25.95 on the Internet -- to regularly capture drone video feeds, according to a person familiar with reports on the matter.

Militants in Iraq have used inexpensive, off-the-shelf software to intercept video feeds from Predator drones.

US Aircrafts hacked by Insurgents from Iraq

SecureFiles, protect your documents easily.

SecureFiles is a simple app which allows you to create encrypted Disk Images to store your sensitive documents.

ink is really cool, though, is that the photo also shows the agent’s worksheet:

German

I know very little about cryptography, but I do find it fascinating. This article seems to have solid, real-world advice, yet it is written in a way that even I can understand it. People who can write like this impress me.

why hash is not security

Interesting, though the codebreaker did use a computer to solve it.

200 anos depois um texto criptografado é decodificado.

WSJ.com is available in the following editions and languages:

A cipher by Mr. Patterson. Simple to use without a computer, hard to crack.

For more than 200 years, buried deep within Thomas Jefferson's correspondence and papers, there lay a mysterious cipher -- a coded message that appears to have remained unsolved. Until now.

bcrypt

2010-01-31, by Coda Hale, "Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt."

Great comment on using XFS and snapshots to reduce downtime.

パスワード

A variety of random keys that can be used for passwords, encryption keys, etc. - all randomly generated

Here you will find a variety of random keys that can be used for passwords, encryption keys, etc. - all randomly generated, just for you! Simply refresh this page for a completly new set of keys.

A PasswordCard is a credit card-sized card you keep in your wallet, which lets you pick very secure passwords for all your websites, without having to remember them! You just keep them with you, and even if your wallet does get stolen, the thief will still not know your actual passwords.

* Don't read along with your finger, or the smudge will tell a thief where your password is. * Keep your PasswordCard on your person, don't leave it lying around near your computer. * Clear your browser cache and history after printing this page.

A tool that forces people to commit a crime if they want to prove an archive contains stolen content. Turning the DMCA against those who try to use it. Cute in a contrarian activist sort of way.

staple is a program that inseparably binds together the data in a file using a cryptographic mechanism known as an All-or-nothing transform. In its most basic form (when executed as staple 0), the transformation is keyless; that is, no key is required to reverse it, however all the data is required. Thus, running unstaple on the output .staple file yields the original file, but running it on any subset of the .staple file yields nothing.

[...]It has been suggested that this scenario occurs if Alice is a content producer/owner, Bob is a content piracy group, and Charlie is a user unconcerned about copyright infringement. Taking their last example: Alice could pretend to have brute-forced the key k rather than recovered from B and r, no? And is all-or-nothing so hard to do? what about making c=k xor H(Ek(m)) | Ek(m) ? You need the full data to compute the hash on the encrypted message to recover the key and decrypt the message. And you can throw away part of the key also in this scheme UPDATE: hum actually it appears that it's precisely what he's doing :-)

all or nothing cryptographic transform

"staple is a program that inseparably binds together the data in a file using a cryptographic mechanism known as an All-or-nothing transform. In its most basic form (when executed as staple 0), the transformation is keyless; that is, no key is required to reverse it, however all the data is required. Thus, running unstaple on the output .staple file yields the original file, but running it on any subset of the .staple file yields nothing. staple can also be asked to do something slightly strange: in the process of executing the All-or-nothing transform, a random key is used for encryption of the data - staple can be instructed to throw away part of that key. (The only argument staple takes is the number of key bytes to throw away; only 0, 2, and 4 are accepted currently.)"

Encrypted VOIP and SMS for Android phones.

crypto apps for the Android phone: voip and secure text

RedPhone provides end-to-end encryption for your calls, securing your conversations so that nobody can listen in. It's easy to use, and functions just like the normal dialer you're accustomed to. RedPhone uses your normal mobile number for addressing, so there's no need to have yet another identifier or account name; if you know someone's mobile number you know how to call them using RedPhone. And when you receive a RedPhone call your phone will ring just like normal, even if it is asleep.

SSL is not expensive

Technical Analysis by Peter Eckersley Today EFF and the Tor Project are launching a public beta of a new Firefox extension called HTTPS Everywhere.

Encrypt the Web with the HTTPS Everywhere Firefox Extension | Electronic Frontier Foundation http://bit.ly/9PRtyX

This Firefox extension was inspired by the launch of Google's encrypted search option. We wanted a way to ensure that every search our browsers sent was encrypted. At the same time, we were also able to encrypt most or all of the browser's communications with some other sites: * Google Search * Wikipedia * Twitter and Identi.ca * Facebook * EFF and Tor * Ixquick, DuckDuckGo, Scroogle and other small search engines * and lots more!