The U.S. House Judiciary Committee and House Energy and Commerce Committee Encryption Working Group has released its Year-End Report. It makes four specific observations: 1. Any measure that weakens encryption works against the national interest. 2. Encryption technology is a global technology that is widely and increasingly available around the world. 3. The variety of stakeholders, technologies, and other factors create different and divergent challenges with respect to encryption and the “going dark'' phenomenon, and therefore there is no one-size-fits-all solution to the encryption challenge. 4. Congress should foster cooperation between the law enforcement community and technology companies. https://judiciary.house.gov/wp-content/uploads/2016/12/20161220EWGFINALReport.pdf These observations are pithy and relevant to other nations as well. The Keys Under Doormats report (RISKS-28.75) appears to have had considerable influence on the committee, and is cited on the first text page of their report. [Reminder: The subsequent published version of that report is available online: Harold Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, Matthew Green, Susan Landau, Peter G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller, Bruce Schneier, Michael Specter, Daniel J. Weitzner, Keys Under Doormats: Mandating Insecurity by Requiring Government Access to All Data and Communications, published in the Journal of Cybersecurity, vol 1 no 1, Oxford University Press, 17 November 2015. http://www.cybersecurity.oxfordjournals.org/content/1/1/69 The authors received the 2016 Pioneer Award (given annually by the Electronic Freedom Foundation) for the paper.]
GoogleBlog via NNSquad https://security.googleblog.com/2016/12/project-wycheproof.html We're excited to announce the release of Project Wycheproof, a set of security tests that check cryptographic software libraries for known weaknesses. We've developed over 80 test cases which have uncovered more than 40 security bugs (some tests or bugs are not open sourced today, as they are being fixed by vendors). For example, we found that we could recover the private key of widely-used DSA and ECDHC implementations. We also provide ready-to-use tools to check Java Cryptography Architecture providers such as Bouncy Castle and the default providers in OpenJDK.
Vindu Goel, *The New York Times*, via NNSquad http://mobile.nytimes.com/2016/12/20/technology/forgers-use-fake-web-users-to-steal-real-ad-revenue.html In a twist on the peddling of fake news to real people, researchers say that a Russian cyberforgery ring has created more than half a million fake Internet users and 250,000 fake websites to trick advertisers into collectively paying as much as $5 million a day for video ads that are never watched. The fraud, which began in September and is still going on, represents a new level of sophistication among criminals who seek to profit by using bots—computer programs that pretend to be people—to cheat advertisers.
Item in London UK *The Standard* newspaper, 16 Dec 2016 http://www.standard.co.uk/news/crime/police-must-be-given-power-to-shut-websites-in-child-abuse-and-revenge-porn-fight-a3422131.html Police need new powers to shut websites and curb access to social media to fight the threat of child abuse and revenge porn attacks, a chief constable said today. Stephen Kavanagh, the National Police Chiefs Council lead on digital crime, said officers should also be ready to push the boundaries of the law and sometimes go beyond what the regulations or courts accept to protect the public from Internet offending. Mr Kavanagh said he was deeply concerned at the scale of the problem and felt the privacy lobby had been allowed to dominate discussions for too long at the expense of public safety. He insisted that a tougher law enforcement response, including updated legislation, was needed. The Internet is a hugely witty broad set of opinions but that should not be blurred with the ability to buy drugs or guns, harass, share imagery without consent or, worse, engage in the industrialising of child abuse imagery. On powers to access Internet communications, Mr Kavanagh said critics were wrong to label the legislation a Snoopers Charter and insisted existing rules contained some of the best regulation of police intrusive powers in the world. He said, however, that officers should be prepared to risk occasionally stepping beyond the limits of the law and added: Police tend to be too cautious about how they can use those powers to protect the public. Um... what about sites outside the UK?
http://www.nytimes.com/2016/12/19/technology/google-digital-maps-railroad-crossings-ntsb.html The National Transportation Safety Board asked tech companies to add the locations of grade crossings into digital maps and to provide alerts for drivers.
Here's the advice I give to people relating to interacting with Internet resources: "There's lots of information on the Internet. Some of it's even true!"
> Either that or we all sit down and write competing web pages ... If many people do this, then these hundreds of pages will all end up off the top page of results since they will "split the vote". To "game" Google so that your preferred answer to a question becomes the top hit, you need to select *one* page with that answer and get as many people as possible to link to that page. Dr Martin Ward STRL Principal Lecturer & Reader in Software Engineering email@example.com http://www.cse.dmu.ac.uk/~mward/
> The U.S. state of Georgia traces 10 cyberattacks to U.S. federal agency DHS > (Dept of Homeland Security). It really gets dicey when this attribution is coupled with what is called "active defense" or "hack back". That is when a hacking victim invades the hacker's computers to investigate, or to deter, or to claw back stolen information. Is hack-back a felony if the hacker is the US government? What about when attribution goes to an enemy or allied foreign state? I suspect that the reason that the US government seems so reluctant to sanction foreign state hackers is that the US government is itself among the worlds biggest hackers. If we retaliate, we invite others to do the same to us, and we are said to have the most to lose. Apropos The long history of the U.S. interfering with elections elsewhere: https://www.washingtonpost.com/news/worldviews/wp/2016/10/13/the-long-history-of-the-u-s-interfering-with-elections-elsewhere
On 20/12/16 00:21, RISKS List Owner wrote: > Of course, there are already drivers who turn off their engines at traffic > lights. And there are vehicles that automatically turn themselves off now ... I've recently started driving an "ecotec" van, and when I stop at the lights and engage neutral (as drivers should!) the engine will stop of its own accord. Pushing the clutch down to engage gear triggers an automatic restart. imho (as a user of this technology) this is not a problem, as a properly functioning car (yes, I know ...) would restart without the driver's active intervention.
Please report problems with the web pages to the maintainer