https://tls.ulfheim.net/
34c3 Highlights
English Language
German Language
John Oliver on Encryption
Good news everyone:
EFF’s Game Plan for Ending Global Mass Surveillance
The Guardian – Mass surveillance is fundamental threat to human rights
Would you like to know more?
http://www.reddit.com/r/privacy
Let’s Encrypt – bringing crypto to the masses
https://letsencrypt.org
Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. Let’s Encrypt is a service provided by the Internet Security Research Group (ISRG).
The key principles behind Let’s Encrypt are:
- Free: Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost.
- Automatic: Software running on a web server can interact with Let’s Encrypt to painlessly obtain a certificate, securely configure it for use, and automatically take care of renewal.
- Secure: Let’s Encrypt will serve as a platform for advancing TLS security best practices, both on the CA side and by helping site operators properly secure their servers.
- Transparent: All certificates issued or revoked will be publicly recorded and available for anyone to inspect.
- Open: The automatic issuance and renewal protocol will be published as an open standard that others can adopt.
- Cooperative: Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint effort to benefit the community, beyond the control of any one organization.
There was a talk at 31c3, which you can find here
Reconstructing narratives – 31c3
Great and Inspiring talk by Laura Poitras and Jacob Applebaum.
All talks from 31c3 can be found here http://media.ccc.de/browse/congress/2014/index.html
https://www.youtube.com/watch?v=0SgGMj3Mf88
United States of Secrets Documentary
Great PBS documentary on the NSA surveillance “program”
Part 1 mainly focuses on the NSA program post 9/11 and the events that lead people like Thomas Drake, William Binney and Edward Snowden to blow the whistle.
Part 2 covers the ties between the US government and Data Mining companies like Google, Facebook and Apple.
Crypto 101
Crypto for everyone:
Crypto 101 is an introductory course on cryptography, freely available for programmers of all ages and skill levels.
Crypto 101: the presentation
Crypto 101 started as a presentation at PyCon 2013. It tries to go through all of the major dramatis personae of cryptography to make TLS work in 45 minutes. This book is the natural extension of that, with an extensive focus on breaking cryptography.
CVE-2014-0092: GnuTLS Certificate verification issue
A vulnerability was discovered that affects the certificate verification functions of all gnutls versions. A specially crafted certificate could bypass certificate validation checks. The vulnerability was discovered during an audit of GnuTLS for Red Hat.
Source: http://gnutls.org/security.html
goto fail, anyone? 🙂
Bruce Schneier Talk at MIT: NSA Surveillance and What To Do About It
http://bigdata.csail.mit.edu/node/154
Edward Snowden has given us an unprecedented window into the NSA’s surveillance activities. Drawing from both the Snowden documents and revelations from previous whistleblowers, this talk describes the sorts of surveillance the NSA conducts and how it conducts it. The emphasis will be on the technical capabilities of the NSA, and not the politics or legality of their actions. I will then discuss what sorts of countermeasures are likely to frustrate any nation-state adversary with these sorts of capabilities. These will be techniques to raise the cost of wholesale surveillance in favor of targeted surveillance: ubiquitous encryption, target dispersal, anonymity tools, and so on.
Direct Link here if your Browser has embed Issues