![]() ![]() The hope is that privacy-centric technology would give consumers more secure options to choose from. A MIT researcher even proposes encrypting genetic information. Jeeves, a programming language in the making, accommodates built-in privacy protocols. ![]() The app comes hot on the heels of the Blackphone, which launched pre-orders for its cryptographically-secured phone last week. Innovative developers are feeding this hunger with an array of technologies. 'Two years ago not a lot of people cared,' he comments. ![]() In an interview with Ars Technica last December, Cryptocat developer Nadim Kobeissi said: Privacy developments have been fueled by a newish hunger. Not to mention, Cryptocat has come a long way since repairing a "rookie" cryptographic mistake made last year. ![]() Private communications have come a very long way since cypherpunks organized an esoteric email group focused on discussing the technical aspects of encrypted communications in the 90's. Cryptocat has been a main player in this movement. Developers have been struggling to make secure communications, of all sorts, more user-friendly. One might think securing information would be a cinch, but secure communications require complex cryptography. It took Cryptocat a year to transit to a mobile app. According to The Verge, the servers are stored "in a Swedish nuclear bunker to protect them from government intrusion." Security measures extend beyond the cryptographic protocols. It utilizes Off-the-Record Messaging (OTR), a cryptographic protocol for secure instant messaging, and perfect forward secrecy, a system that constantly generates new user keys so snoops cannot decrypt older messages. Users of Mozilla, Chrome, Safari, Opera, and Mac OS X – and now iOS, can use the app. It's available for free from the Apple app store. In a demo at RightsCon, a gathering in Silicon Valley that focuses on technology and combating human rights challenges, Cryptocat unveiled its chat-based cryptographically-based private mobile app, a tool they've been cooking up this past year.Ĭryptocat's mission, according to its blog, is "Making encrypted chat easy, fun, and accessible for everyone." While not as simple as using Facebook or GChat, it's easier to use than other encrypted instant messaging services. In the case of the iOS app specifically, the flaws were addressed before the app version was rolled out.Cryptocat, a web application for private chatting, now functions on smartphones. “There were some bugs found in the regular Web version, and those did affect versions already released,” Kobeissi said, “but those bugs were also swiftly fixed in the past few weeks before the audits were published.”Ĭorrection: A previous version of this article was titled “CryptoCat is anything but secure,” but was changed to address the fact that CryptoCat developers had already fixed security flaws detailed in an audit by iSEC Partners, which was commissioned by CryptoCat. In a blog post, “ Recent Audits and Coming Improvements,” CryptoCat’s developers explain in detail their solutions to both the authentication and MITM vulnerabilities, which they say have both been resolved. The conversation carries on without interruption and no one is the wiser-except for the attacker who can now monitor the entire exchange. In addition, the researchers found CryptoCat was vulnerable to MITM (man-in-the-middle) attacks, leaving conversations susceptible to eavesdropping.ĭuring a MITM attack, an attacker secretly establishes connections between the two participants, receiving data from one user and passing it to the other. “After all, there is no need for CryptoCat if one must first communicate securely in order to use it with confidence,” the report said. The first security issue essentially required a user to verify the identity of the person with whom they wish to speak by other secured means prior to initiating CryptoCat, thus negating the entire purpose of the app. Perhaps the most widely read report, written by iSEC Partners researchers, found that the open-source app contained several flaws, which could have permitted attackers to compromise CyptoCat users’ OTR (off-the-record) conversations. “That was the point of asking for these audits.” “It’s important to note that both of these audits were commissioned by us, and that all bugs in the iPhone version were fixed before the iPhone app was released,” Kobeissi told the Daily Dot. Furthermore, he says, all flaws uncovered in the reports were patched weeks before the audits’ publication. A pair of controversial security audits that called into question the effectiveness of cryptographic protocols utilized by the popular browser- and iOS-based chat application CryptoCat were commissioned by CryptoCat itself, says Nadim Kobeissi, CryptoCat’s lead developer. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |