Security

Fine, OK, no backdoors, says Deputy AG. Just keep PLAINTEXT copies of everyone's messages

Sure, that won’t go wrong at all


The US Deputy Attorney General has told business leaders that Uncle Sam won't demand mandatory backdoors in encryption – so long as companies can cough up an unencrypted copy of every message, call, photo or other form of communications they handle.

Speaking at the 2017 North American International Cyber Summit in Detroit on Monday, Deputy Attorney General Rod Rosenstein appeared to shift tack on his earlier position that end-to-end encryption systems, such as instant messengers and video call apps, should grant special access exclusively to crime investigators on demand.

Tech giants are resisting weakening their strong end-to-end and filesystem crypto just to help cops and Feds arbitrarily decipher suspects' messages and files on devices. So, Rosenstein has another approach: let people send stuff encrypted as normal, but a plaintext copy of everything – from communications to files on devices – must be retained in an unencrypted form for investigators to delve into as needed.

"Encryption serves a valuable purpose. It is a foundational element of data security and essential to safeguarding data against cyber-attacks. It is critical to the growth and flourishing of the digital economy, and we support it. I support strong and responsible encryption," he said.

"I simply maintain that companies should retain the capability to provide the government unencrypted copies of communications and data stored on devices, when a court orders them to do so."

Despite the fact that doing this would be a massive money and time suck, in terms of storage capacity and processing, it also kind of takes the point out of using encrypted conversations for privacy. It also means that any hacker who breaks into these archives would have access to the crown jewels of personal and corporate secrets.

'There has never been a right to absolute privacy' – US Deputy AG slams 'warrant-proof' crypto

READ MORE

Mind you, that would surely never happen. We never come across stories about servers getting hacked, and certainly the government is immune from such incidents, especially where they involve staffers' fingerprints and security clearances.

Rosenstein prefaced his suggestions with dire warnings about the effects of online crime. Since January 1 last year, there has been an average of 4,000 ransomware "attacks" a day, up 300 per cent on the previous year, he claimed, and said the FBI warned him ransomware infects more than 100,000 computers a day around the world.

In other scary news, Rosenstein warned that botnets – commandeered internet-of-things devices – could end up crashing large chunks of the internet. Speaking of crashing, he also warned that hackers could launch devastating attacks against autonomous cars that could leave passengers injured or killed.

He said that some CEOs had told him that they were reluctant to report hacking attacks to the authorities. Rosenstein said he understood those concerns but that it was vital for businesses to get in touch so that the perpetrators could be stopped from using the same attacks against others.

"Many cyberattacks are directed by foreign governments. When you are up against the military or intelligence services of a foreign nation-state, you should have our federal government in your corner," he said.

"By alerting law enforcement about a cyber incident, your organization performs a public service; it helps strengthen the cyber defenses of others. When law enforcement understands the details of an attack, we can promptly work on trying to apprehend the perpetrator, potentially before the next attack." ®

Send us news
99 Comments

Earthquake halts operations at two of Toshiba's chip factories

6.6-rated rumble joins fire, snow, plague, and trade war as source of recent semiconductor supply chain SNAFUs

A 6.6 magnitude earthquake that hit southwestern Japan around 1:00 AM last Saturday has led to the closing of Toshiba’s Oita semiconductor plant.

The Japan Meteorological Agency (JMA) said the 'quake may have caused significant shaking, making it difficult to walk unassisted and causing items on shelves to fall.

The agency also warned that more tremors and earthquakes could occur in the immediate days following the seismic activity.

Continue reading

Pakistan considers ten-year tax holiday for freelance techies

Could clean up dispute over who collects tax and when, but unlikely to worry outsourcing rivals

Pakistan’s minister for IT and Telecom, Syed Aminul Haque, has floated the idea of a ten-year tax holiday for freelancers, suggesting the move could improve the nation’s services exports.

The idea was mentioned in Pakistan's 2021 Draft Freelancing Policy [PDF] and the minister minister raised the idea again last week at a meeting of Pakistan’s Committee on IT Exports Growth, a forum whose name says a lot about what the nation hopes to achieve with the policy.

In 2020 Pakistan revealed a plan to grow tech services exports from $1.25bn to $5bn within three years.

Continue reading

Meta says it's building world's largest AI supercomputer out of Nvidia, AMD chips

Facebook owner needs 16,000 GPUs, 4,000 Epyc processors – good luck, everyone else

Facebook owner Meta is building the world's largest AI supercomputer to power machine-learning research that will bring the metaverse to life in the future, it claimed on Monday.

The new super – dubbed the Research Super Computer, or RSC – will contain 16,000 Nvidia A100 GPUs and 4,000 AMD Epyc Rome 7742 processors. Each compute node is an Nvidia DGX-A100 system, containing eight GPU chips and two Epyc microprocessors, totaling 2,000 nodes.

It's expected to hit a peak performance of 5 exaFLOPS at mixed precision – FP16 and FP32 – and can feed in 16 terabytes of training information per second from up to 1EB of cache-based storage, we're told.

Continue reading

Farm machinery giant John Deere plows into two right-to-repair lawsuits

It's Deere hunting season in Illinois and Alabama

Two lawsuits have been filed in the past two weeks against farm equipment maker Deere & Company for allegedly violating antitrust laws by unlawfully monopolizing the tractor repair market.

The first [PDF] was filed on January 12 in Illinois on behalf of Forest River Farms, a farming business based in North Dakota; the second, was filed in Alabama last week on behalf of farmer Trinity Dale Wells [PDF].

The lawsuits each claim what right-to-repair advocates have been saying for years: that Deere & Co., maker of John Deere brand farming equipment, denies customers the ability to repair and maintain their own agricultural machinery.

Continue reading

Twitter's top security staff out after incoming CEO shakes things up

Plus: Nigerian BEC gang bust, NSO woes, and more

In brief Twitter's head of security and CISO both ejected from the social media biz this month.

Infosec guru Mudge, aka Peiter Zatko, joined Twitter in 2020 in the aftermath of 130 high-profile accounts, including those of Elon Musk, Bill Gates, Barack Obama, and Joe Biden, being hijacked by miscreants. You may remember Mudge as an original member of The Cult of the Dead Cow and L0pht.

He's now out of the micro-blogging site, as is CISO Rinki Sethi, who was also recruited in 2020 to fix up Twitter's security. According to an internal memo seen by the New York Times, both are the latest victims of new CEO Parag Agrawal's move to remake the business under his management after Jack Dorsey's resignation.

Continue reading

Indiana, Texas, Washington DC AGs sue Google for using UI design 'dark patterns' to harvest your location

Position of data permission controls designed to deceive, trio of lawsuits claim

The Attorneys General of Indiana, Texas, and Washington DC on Monday each filed lawsuits against Google alleging that the search giant uses deceptive user interface designs known as "dark patterns" to obtain customer location data without adequate consent.

"We're leading a bipartisan group of AGs from Texas, Indiana, [and] Washington, each suing in state court to hold Google accountable," said Karl Racine, Attorney General of Washington DC, in a statement via Twitter. "We're seeking to stop Google’s illegal use of 'dark patterns' [and] claw back profits made from location data."

Dark patterns is a term for describing user interface design that is intended to produce a specific response, such as making the button to consent to data sharing more visually appealing than the button to reject it. They can be realized by incorporating manipulative digital design elements into webpages and app interfaces to steer behavior through the use of colors, button placement, screen layout, text labeling, and so on. They can be thought of as the visual and interactive equivalent of "push polling," which is the careful wording of survey questions to elicit a preferred response.

Continue reading

Assange can go to UK Supreme Court (again) to fend off US extradition bid

Top Brit judges may consider whether an American prison is just too much

Julian Assange has won a technical victory in his ongoing battle against extradition from the UK to the United States, buying him a few more months in the relative safety of Her Majesty's Prison Belmarsh.

Today at London's High Court, the Lord Chief Justice of England and Wales Lord Burnett approved a question on a technical point of law, having refused Assange immediate permission to appeal to the UK Supreme Court. The WikiLeaker's lawyers had asked for formal permission to pose this legal conundrum about Assange's likely treatment in US prisons to the Supreme Court:

Continue reading

They see us Cinnamon Rolling, they're rating: GeckoLinux incorporates kernel 5.16 with familiar installation experience

A nice, clean community distro that works well

Most distros haven't got to 5.15 yet, but openSUSE's downstream project GeckoLinux boasts 5.16 of the Linux kernel and the latest Cinnamon desktop environment.

Some of the big-name distros have lots of downstream projects. Debian has been around for decades so has umpteen, including Ubuntu, which has dozens of its own, including Linux Mint, which is arguably more popular a desktop than its parent. Some have only a few, such as Fedora. As far as we know, openSUSE has just the one – GeckoLinux.

The SUSE-sponsored community distro has two main editions, the stable Leap, which has a slow-moving release cycle synched with the commercial SUSE Linux Enterprise; and Tumbleweed, its rolling-release distro, which gets substantial updates pretty much every day. GeckoLinux does its own editions of both: its remix of Leap is called "GeckoLinux Static", and its remix of Tumbleweed is called "GeckoLinux Rolling".

Continue reading

Running Windows 10? Microsoft is preparing to fire up the update engines

Winter Windows Is Coming

It's coming. Microsoft is preparing to start shoveling the latest version of Windows 10 down the throats of refuseniks still clinging to older incarnations.

The Windows Update team gave the heads-up through its Twitter orifice last week. Windows 10 2004 was already on its last gasp, have had support terminated in December. 20H2, on the other hand, should be good to go until May this year.

Continue reading

Throw away your Ethernet cables* because MediaTek says Wi-Fi 7 will replace them

*Don't do this

MediaTek claims to have given the world's first live demo of Wi-Fi 7, and said that the upcoming wireless technology will be able to challenge wired Ethernet for high-bandwidth applications, once available.

The fabless Taiwanese chip firm said it is currently showcasing two Wi-Fi 7 demos to key customers and industry collaborators, in order to demonstrate the technology's super-fast speeds and low latency transmission.

Based on the IEEE 802.11be standard, the draft version of which was published last year, Wi-Fi 7 is expected to provide speeds several times faster than Wi-Fi 6 kit, offering connections of at least 30Gbps and possibly up to 40Gbps.

Continue reading

Windows box won't boot? SystemRescue 9 may help

An ISO image you can burn or drop onto a USB key

The latest version of an old friend of the jobbing support bod has delivered a new kernel to help with fixing Microsoft's finest.

It used to be called the System Rescue CD, but who uses CDs any more? Enter SystemRescue, an ISO image that you can burn, or just drop onto your Ventoy USB key, and which may help you to fix a borked Windows box. Or a borked Linux box, come to that.

SystemRescue 9 includes Linux kernel 5.15 and a minimal Xfce 4.16 desktop (which isn't loaded by default). There is a modest selection of GUI tools: Firefox, VNC and RDP clients and servers, and various connectivity tools – SSH, FTP, IRC. There's also some security-related stuff such as Yubikey setup, KeePass, token management, and so on. The main course is a bunch of the usual Linux tools for partitioning, formatting, copying, and imaging disks. You can check SMART status, mount LVM volumes, rsync files, and other handy stuff.

Continue reading