Crypto Privacy Security

Swiss government submits criminal complaint over CIA Crypto spying scandal

The Swiss government has filed a criminal complaint relating to the alleged practices of US and German intelligence agencies in spying on other governments over the course of decades. 

The complaint in question is centered around Operation Rubicon, the focus of a recent investigation by the Washington Post, ZDF, and SRF into Swiss company Crypto AG. 

Crypto AG is a seller of encoded and encrypted devices deemed suitable — and secure enough — for confidential government communications. It is estimated that over 100 governments worldwide have been counted as Crypto AG clients over the course of decades. 

Rumors concerning the CIA and its German counterpart BND being able to crack these devices have been around for some time, and now the recent inquiry — which reveals that Crypto AG was owned by these authorities until recently — claims that the agencies deliberately introduced backdoors and weaknesses in products sold by Crypto AG to intercept and eavesdrop on users. 

Full article here:

Crypto Privacy Security

HTTPS for all: Let’s Encrypt reaches one billion certificates issued

Let’s Encrypt, the Internet Security Research Group‘s free certificate signing authority, issued its first certificate a little over four years ago. Today, it issued its billionth.

The ISRG’s goal for Let’s Encrypt is to bring the Web up to a 100% encryption rate. When Let’s Encrypt launched in 2015, the idea was pretty outré—at that time, a bit more than a third of all Web traffic was encrypted, with the rest being plain text HTTP. There were significant barriers to HTTPS adoption—for one thing, it cost money. But more importantly, it cost a significant amount of time and human effort, both of which are in limited supply.

Let’s Encrypt solved the money barrier by offering its services free of charge. More importantly, by establishing a stable protocol to access them, it enabled the Electronic Frontier Foundation to build and provide Certbot, an open source, free-to-use tool that automates the process of obtaining certificates, installing them, configuring webservers to use them, and automatically renewing them.

Full Article:

Crypto Security

Android malware can steal Google Authenticator 2FA codes

Security researchers say that an Android malware strain can now extract and steal one-time passcodes (OTP) generated through Google Authenticator, a mobile app that’s used as a two-factor authentication (2FA) layer for many online accounts.

Google launched the Authenticator mobile app in 2010. The app works by generating six to eight-digits-long unique codes that users must enter in login forms while trying to access online accounts.

Google launched Authenticator as an alternative to SMS-based one-time passcodes. Because Google Authenticator codes are generated on a user’s smartphone and never travel through insecure mobile networks, online accounts who use Authenticator codes as 2FA layers are considered more secure than those protected by SMS-based codes.

Full article: