Electronic Frontier Foundation

Why The Web Needs Perfect Forward Secrecy More Than Ever

~ admin ~ Leave a comment

EFF April 8 2014

EFF has long advocated for websites to support HTTPS instead of plain HTTP to encrypt and authenticate data transmitted on the Internet. However, we learned yesterday of a catastrophic bug, nicknamed “Heartbleed,” that has critically threatened the security of some HTTPS sites since 2011. By some estimates, Heartbleed affects 2 out of 3 web servers on the Internet. 1

Heartbleed isn’t a bug in the design of HTTPS itself but rather the result of a simple programming error in a widely-used piece of software called OpenSSL. It allows an attacker who connects to an HTTPS server running a vulnerable version of OpenSSL to access up to 64KB of private memory space. Doing the attack once can easily cause the server to leak cookies, emails, and passwords. Doing the attack repeatedly in a clever way can potentially leak entire encryption keys, such as the private SSL keys used to protect HTTPS traffic. If an attacker has access to a website’s private SSL key, they can run a fake version of the website and/or steal any information that users send, including passwords, private messages, and credit card numbers. Neither users nor website owners can detect this attack as it happens.

It’s worth emphasizing that some important services that users access everyday were affected by Heartbleed, including Yahoo Mail and LastPass. We weren’t immune either, since most EFF servers were running vulnerable versions of OpenSSL. Even the private identity keys used by Tor Hidden Services may have been compromised, potentially putting some journalist organizations’ communication with anonymous sources at risk.

Continue reading

TPP: NAFTA On Steroids

~ admin ~ Leave a comment

SteveLendman November 18 2013

obama_tpp

The Trans-Pacific Partnership (TPP) is a trade deal from hell. It’s a stealth corporate coup d’etat.

It’s a giveaway to banksters. It’s a global neoliberal ripoff. It’s a business empowering Trojan horse. It’s a freedom and ecosystem destroying nightmare.

The Electronic Frontier Foundation (EFF) calls it “a secretive, multi-national trade agreement that threatens to extend restrictive intellectual property (IP) laws across the globe and rewrite international rules on its enforcement.”

More on TPP below. New York Times editors support it. Two decades ago, they endorsed NAFTA.

On January 1, 1994, its destructive life began. It’s anti-labor, anti-environment, anti-consumer and anti-democratic.

Corporate giants love it. Why not? They wrote it. Hundreds of pages of one-size-fits-all rules benefit them.

They override domestic laws. A race to the bottom followed. NAFTA was a disastrous experiment. In November 1993, New York editors headlined “The ‘Great Debate’ Over NAFTA,” saying:

“The laboriously constructed agreement to phase out trade barriers among the US, Mexico and Canada, which this page has strongly supported, is likely to have a positive, though small, impact on US living standards and provide a modest boost to the Mexican economy.”

“Some American jobs would be lost to cheaper Mexican labor, other jobs would be gained because American exports would increase as Mexico’s high tariffs gradually disappeared.”

“Economics aside, Nafta’s defeat would suggest that the US had abandoned its historical commitment to free trade and would thus discourage other Latin and South American countries thathave moved toward more market-oriented economies in the expectation of freer world trade.”

So-called “free trade” is one-sided. It isn’t fair. NAFTA proponents promised tens of thousands of newly created US jobs.

Ordinary famers would export their way to wealth. Mexican living standards would rise. Economic opportunities would reduce regional immigration to America.

NAFTA’s promises never materialized. Reality proved polar opposite hype. A decade later, about a million US jobs were lost.

America’s Mexican trade deficit alone cost around 700,000 jobs by 2010.

Official government data show nearly five million US manufacturing disappeared since 1994.

Continue reading

The Battle Over Internet Control Rages On

~ admin ~ 1 Comment

RTAmerica | April 16 2012

The Internet freedoms we enjoy are being attacked. In America, Internet legislation is being pushed to stop online piracy but could infringe on Americans’ privacy in the process. This week has been declared “Stop Cyber Spying Week,” but Congress continues to weighs the pros and cons of CISPA – the Cyber Intelligence Spying and Privacy Act viewed by some as just another attempt to push the provisions of SOPA. Trevor Timm, an activist for the Electronic Frontier Foundation, joins us with more on the battle for the Internet.

Related articles
  • Week of Action Against CISPA Begins, But Don’t Expect Web Blackouts (mashable.com)
  • CISPA is US ‘cyber-security loophole’ (rt.com)
  • Civil Liberties Organizations Launch Protests Against CISPA (usnews.com)