Deviant Abstraction

This post claims Skype is sending on startup to its server your unique PC indentifier to their server. They send the BIOS content containing some unique informations.

Anonymity on Skype seems something from the past. Since you have bought your PC: those UUID are on a bill or an invoice order somewhere, hence a link to your name and your Skype calls.

There are others UUID in a PC (ie MAC address), so this is clearly to allow identification of a call. In a way this is no surprise and easy to defeat, still sad.

Since I am on Linux, I cannot check. Did someone else found this file?

Link

This software from Voylent Software encrypts on the fly your phone conversation. It forbids anyone to overhear it or intercept it. There is the same issue for landline. Maybe they should port their software there too?

Question: their website do not specify the encryption algorithm used. Is it a strong one? Breakable? We know GSM conversation interception is really hard to achieve (because of frequency hopping) but really easy at the carrier center as landline. How strong is the encryption? Is it legal to use in France or anywhere else?

On a marketing side, if you use it, all your friends have to use it too if you want to have a secure talk.

One last issue: this software is political. GSM encryption is weak and phone interception is easy because of political and security issues. It is really a good idea. The old issue between security and privacy might be solved by the market. I am not sure it is the best solution for both sides.

Link

Via Boing Boing

For those who have not heard, the EFF is suing AT&T for its participation in an illegal NSA surveillance program. Wired has published a good article on this and some evidence provided by the EFF, especially AT&T’s internal documents provided by one of their technician (on EFF side).

Computer geeks know how to protect themselves from the NSA (basically encrypting everything and not being from Al Qaeda) and even though the NSA is way more advanced than civilian cryptanalysts, huge keys should still work (>= 4096 bits for instance) They could use computing breakthrough (quantum computing, new algorithms,…) to break them, but I doubt they have had.
The US way is to declassify fast any technology that can have a lot of impact on US economy and a breakthrough such as this would. This is how it happened with transistor and computers. A few month after their inventions, they were declassified. We are not anymore in the Cold War, so there is even less need to act like this.

It is true though it seems US military (including NSA) have a lot of advances in cryptanalysis techniques. The DES is using some techniques find by civilians years after. Actually, some techniques were found after (and not because) the DES was declassified. They found out then it was already used in DES. (told by Stéphane Natkin in a CNAM class).