We\’ll have a frank discussion about the encryption Arms race underway, the side channel attack against gpg research have found, headlines from Back Hat…

And then an epic batch of your questions, our answers!

— Show Notes —

Thanks to:

GoDaddy.com Use our code tech249 to score .COM for $2.49! Get private registration FOR FREE with a .COM! code: free5
UnitySync Visit dirwiz.com/unitysync use code tech for an extended trial and a year of maintenance.

Researchers have found a side-channel attack which could possibly be used to steal your gnupg keys

• Researchers Yuval Yarom and Katrina Falkner from The University of Adelaide presented their paper at Blackhat
• The Flush+Reload attack is a cache side-channel attack that can extract up to 98% of the private key
• The attack is based on the L3 cache, so it works across all cores, unlike previous attacks where the attacker had to be on the same CPU core as the victim
• This attack works across VMs, so an attacker in one VM could extract the GnuPG from another VM, even if it is executing on a different CPU
• Research Paper

More Encryption Is Not the Solution

• Poul-Henning Kamp (PHK) wrote an article for ACM Queue about how Encryption is not the answer to the spying problems
• Inconvenient Facts about Privacy
• Politics Trumps Cryptography – Nation-states have police forces with guns. Cryptographers and the IETF (Internet Engineering Task Force) do not.
• Not Everybody Has a Right to Privacy – Prisoners are allowed private communication only with their designated lawyers
• Encryption Will Be Broken, If Need Be – Microsoft refactors Skype to allow wiretapping
• Politics, Not Encryption, Is the Answer
• “There will also always be a role for encryption, for human-rights activists, diplomats, spies, and other professionals. But for Mr. and Mrs. Smith, the solution can only come from politics that respect a basic human right to privacy—an encryption arms race will not work”
• PHK postulates that a government could approach a cloud service as say “on all HTTPS connections out of the country, the symmetric key cannot be random; it must come from a dictionary of 100 million random-looking keys that I provide” and then hide it in the Cookie header

Interview with Brendan Gregg

• Buy on Amazon: DTrace: Dynamic Tracing in Oracle Solaris, Mac OS X and FreeBSD
• Yelling at hard drives

Feedback:

• When will we see IPv6?

• What good habits should I force myself into?

• Ubuntu Forums

• Creating a Virtual LAN for Learning?

• ZFS Array Quest & GPG Key Managment

• The Age Old Certs Question

• Convert a Production FreeBSD into pfSense

• ZFS Summer Project

• Looking for Input on a new AP

• Amazon.com: TP-LINK TL-WR1043ND Ultimate Wireless N300 Router , Gigabit, 300Mbps, USB port , 3 Detachable Antenna x3/ IP QoS/ QSS Button: Electronics

Correction Section

• MegaFeedback

• In Defence of RHEL

• Pluggable CC in Linux

Echos from the Hall of Shame

• [HallOfShame] Microsoft not allowing passwords longer than 16 characters. Not hashing? : techsnap

• [HallOfShame] Commonwealth Bank Password Limitations : techsnap

Round Up:

• Gmail, Outlook.com and e-voting \’pwned\’ on stage in crypto-dodge hack
• Judge blocks researching from disclosing vulnerability in Volkswagen immobiliation system
• Researchers reveal how to hack an iPhone in 60 seconds
• Edward Snowden is not the story, the Death of the Internet is
• Moscow Subway To Use Devices To Read Data On Phones
• Black Hat paper spells out how advertising networks will build future botnets
• Google changes stance on Net Neutrality
• Black Hat: Disabling a car’s brakes by backing its onboard computer
• Google Copyright Infringement Reports to Quadruple This Year
• PHK’s musings and rants about HTTP/2.0