Category Archives : Computer Security


Judge orders Microsoft to turn over data held overseas 1

In a case closely watched in the United States and overseas, a federal judge in New York held Thursday that Microsoft must comply with a U.S. search warrant to turn over a customer’s e-mails held in a server overseas.
Judge Loretta Preska — in a surprise ruling from the bench — upheld a magistrate judge’s opinion in December ordering the Redmond, Wash., company to allow federal authorities to obtain copies of the data, which is stored in Ireland.

Source: www.washingtonpost.com

Ryan Seifert‘s insight:
This is really a painful ruling for cloud providers operating in the States. While it was still possible to comply with the requests before; there were substantially more steps involved (Mutual Legal Assistance procedures). This ruling sidesteps those steps to grant quicker access. 

The major concern of the ruling is that it could easily push international companies to select cloud hosts that are not US based (for instance a medical software service selecting to host with an Open Stack cloud provider rather than AWS or Azure).

 

On a good note, Microsoft is appealing again and the judge actually suspended her order until the appeal is decided. It is not surprising to see Microsoft fight this; their cloud services have been quickly growing in the last couple years. I would expect to see Amazon and Google take the same position; as both also provide cloud base services.


TrueCrypt Shuts Down

See on TrueCrypt Shuts Down

Support for decade-old crypto program pulled, touching off Internet firestorm.

 

“WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues,” text in red at the top of TrueCrypt page on SourceForge states. The page continues: “This page exists only to help migrate existing data encrypted by TrueCrypt. The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.”

Ryan Seifert‘s insight:

One of the most popular and trusted file encryption systems was closed today; there is a huge amount of controversy over the event. What is even stranger is the suggestion to migrate to Bitlocker, Microsoft’s integrated encryption offering.

 

TrueCrypt was the common answer for easy and provable secure encryption; due to its open source nature and multi-platform support. Being open source allowed everyone (including security auditors) to review the code and point out any potential weaknesses or problems. The multi-platform support allowed the same encrypted partition to be accessed from Windows, Mac, or Linux.

 

The controversy is stemming around the the reason given for shutting down TrueCrypt (the sunset of Windows XP) and the suggestion to migrate to BitLocker. TrueCrypt supported up to Windows 8.1 (Current version) and everything between down to XP; it also supported many versions of Mac’s OSX as well as various flavors of Linux. The amount of development work required to support so many different platforms securely is immense; this disputes the shutdown reason stated pretty directly. Many proponents of TrueCrypt are very outspoken on closed source implementations of security applications (such as BitLocker).

 

Overall it is a strong blow to computer security and privacy in general to see such a strong and loved open source encryption system be closed.