Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Mozilla

Mozilla Puts New Money To Use Fighting For 'Internet Health' (cnet.com) 104

Stephen Shankland, writing for CNET: Mozilla is marshaling public support for political positions, like backing net neutrality, defending encryption and keeping government surveillance from getting out of hand, says Denelle Dixon-Thayer, Mozilla's chief legal and business officer. The organization is funding the efforts with revenue from Firefox searches, which has jumped since 2014 when it switched from a global deal with Google to a set of regional deals. Mozilla brought in $421 million in revenue last year largely through partnerships with Yahoo in the US, Yandex in Russia and Baidu in China, according to tax documents released alongside Mozilla's 2015 annual report on Thursday. Pushing policy work brings new challenges well beyond traditional Mozilla work competing against Google's Chrome browser and Microsoft's Internet Explorer. They include squaring off against the incoming administration of Donald Trump.
Security

Holding Shift + F10 During Windows 10 Updates Opens Root CLI, Bypasses BitLocker (bleepingcomputer.com) 138

An anonymous reader quotes a report from BleepingComputer: Windows security expert and infrastructure trainer Sami Laiho says that by holding SHIFT + F10 while a Windows 10 computer is installing a new OS build, an attacker can open a command-line interface with SYSTEM privileges. This CLI debugging interface also grants the attacker full access to the computer's hard drive data, despite the presence of BitLocker. The CLI debugging interface is present when updating to new Windows 10 and Windows 10 Insiders builds. The most obvious exploitation scenario is when a user leaves his computer unattended during the update procedure. A malicious insider can open the CLI debugger and perform malicious operations under a root user, despite BitLocker's presence. But there are other scenarios where Laiho's SHIFT + F10 trick can come in handy. For example when police have seized computers from users who deployed BitLocker or when someone steals your laptop. Windows 10 defaults help police/thieves in this case because these defaults forcibly update computers, even if the user hasn't logged on for weeks or months. This CLI debugging interface grants the attacker full access to the computer's hard drive, despite the presence of BitLocker. The reason is that during the Windows 10 update procedure, the OS disables BitLocker while the Windows PE (Preinstallation Environment) installs a new image of the main Windows 10 operating system. "This [update procedure] has a feature for troubleshooting that allows you to press SHIFT + F10 to get a Command Prompt," Laiho writes on his blog. "The real issue here is the Elevation of Privilege that takes a non-admin to SYSTEM (the root of Windows) even on a BitLocker (Microsoft's hard disk encryption) protected machine." Laiho informed Microsoft of the issue and the company is apparently working on a fix.
Crime

New York's District Attorney: Roll Back Apple's iPhone Encryption (mashable.com) 215

An anonymous reader quotes Mashable: Manhattan District Attorney Cyrus Vance said Thursday that he wants Apple's encryption to go back to how it was in early 2014. Back then, police could basically extract any information they wanted after getting a warrant. "Doing nothing about this problem will perpetuate an untenable arms race between private industry and law enforcement," Vance said on Thursday. "Federal legislation is our only chance to lay these arms aside."

Vance said he's got 423 "lawfully-seized Apple devices" that his employees can't do anything with. Forty-two of those devices "pertain to homicide or attempted murder cases" according to the district attorney's office, and a similar number "relate to sex crimes." The argument, of course, is that the district attorney's office would have an easier time solving crimes if they had access to these phones... Apple believes being forced to hack into phones at the government's will is an unreasonable burden.

ZDNet adds that "the call for federal legislation could be given a popular boost by president elect Donald Trump, who previously called for a boycott on Apple products when it refused to help the FBI."
Privacy

A $5 Tool Called PoisonTap Can Hack Your Locked Computer In One Minute (vice.com) 172

An anonymous reader quotes a report from Motherboard: A new tool makes it almost trivial for criminals to log onto websites as if they were you, and get access to your network router, allowing them to launch other types of attacks. Hackers and security researchers have long found ways to hack into computers left alone. But the new $5 tool called PoisonTap, created by the well-known hacker and developer Samy Kamkar, can even break into password-protected computers, as long as there's a browser open in the background. Kamkar explained how it works in a blog post published on Wednesday. And all a hacker has to do is plug it in and wait. PoisonTap is built on a Raspberry Pi Zero microcomputer. Once it's plugged into a USB port, it emulates a network device and attacks all outbound connections by pretending to be the whole internet, tricking the computer to send all traffic to it. Once the device is positioned in the middle like this, it can steal the victim's cookies, as long as they come from websites that don't use HTTPS web encryption, according to Kamkar. Security experts that reviewed Kamkar's research for Motherboard agreed that this is a novel attack, and a good way to expose the excessive trust that Mac and Windows computers have in network devices. That's the key of PoisonTap's attacks -- once what looks like a network device is plugged into a laptop, the computer automatically talks to it and exchanges data with it.
Security

Cryptsetup Vulnerability Grants Root Shell Access On Some Linux Systems (threatpost.com) 89

msm1267 quotes a report from Threatpost: A vulnerability in cryptsetup, a utility used to set up encrypted filesystems on Linux distributions, could allow an attacker to retrieve a root rescue shell on some systems. From there, an attacker could have the ability to copy, modify, or destroy a hard disk, or use the network to exfiltrate data. Cryptsetup, a utility used to setup disk encryption based on the dm-crypt kernel module, is usually deployed in Debian and Ubuntu. Researchers warned late last week that if anyone uses the tool to encrypt system partitions for the operating systems, they're likely vulnerable. Two researchers, Hector Marco of the University of the West of Scotland and Ismael Ripoll, of the Polytechnic University of Valencia, in Spain, disclosed the vulnerability on Friday at DeepSec, a security conference held at the Imperial Riding School Renaissance Vienna Hotel in Austria. According to a post published to the Full Disclosure mailing list, the vulnerability (CVE-2016-4484) affects packages 2.1 and earlier. Systems that use Dracut, an infrastructure commonly deployed on Fedora in lieu of initramfs -- a simple RAM file system directory, are also vulnerable, according to the researchers. The pair say additional Linux distributions outside of Debian and Ubuntu may be vulnerable, they just haven't tested them yet. The report adds: "The problem stems from the incorrect handling of a password check when a partition is ciphered with LUKS, or Linux Unified Key Setup, a disk encryption specification that's standard for Linux. Assuming an attacker has access to the computer's console, when presented with the LUKS password prompt, they could exploit the vulnerability simply by pressing 'Enter' over and over again until a shell appears. The researchers say the exploit could take as few as 70 seconds. After a user exceeds the maximum number of three password tries, the boot sequence continues normally. Another script in the utility doesn't realize this, and drops a BusyBox shell. After carrying out the exploit, the attacker could obtain a root initramfs, or rescue shell. Since the shell can be executed in the initrd, or initial ram disk, environment, it can lead to a handful of scary outcomes, including elevation of privilege, information disclosure, or denial of service."
Republicans

US Internet Firms Ask Trump To Support Encryption, Ease Regulations (reuters.com) 173

An anonymous reader quotes a report from Reuters: U.S. internet companies including Facebook Inc and Amazon Inc have sent President-elect Donald Trump a detailed list of their policy priorities, which includes promoting strong encryption, immigration reform and maintaining liability protections from content that users share on their platforms. The letter sent on Monday by the Internet Association, a trade group whose 40 members also include Alphabet's Google, Uber and Twitter, represents an early effort to repair the relationship between the technology sector and Trump, who was almost universally disliked and at times denounced in Silicon Valley during the presidential campaign. Some of the policy goals stated in the letter may align with Trump's priorities, including easing regulation on the sharing economy, lowering taxes on profits made from intellectual property and applying pressure on Europe to not erect too many barriers that restrict U.S. internet companies from growing in that market. Other goals are likely to clash with Trump, who offered numerous broadsides against the tech sector during his campaign. They include supporting strong encryption in products against efforts by law enforcement agencies to mandate access to data for criminal investigations, upholding recent reforms to U.S. government surveillance programs that ended the bulk collection of call data by the National Security Agency, and maintaining net neutrality rules that require internet service providers to treat web traffic equally. The association seeks immigration reform to support more high-skilled workers staying in the United States. While urging support for trade agreements, the letter does not mention the Trans Pacific Partnership, which Trump has repeatedly assailed with claims it was poorly negotiated and would take jobs away from U.S. workers. The technology sector supported the deal, but members of Congress have conceded since the election it is not going to be enacted.
Government

Will Trump's Presidency Bring More Surveillance To The US? (scmagazine.com) 412

An anonymous reader reports that Donald Trump's upcoming presidency raises a few concerns for the security industry: "Some of his statements that industry professionals find troubling are his calls for 'closing parts of the Internet', his support for mass surveillance, and demands that Apple should have helped the FBI break the encrypted communications of the San Bernardino shooter's iPhone," writes SC Magazine. One digital rights activist even used Trump's surprise victory as an opportunity to suggest President Obama begin "declassifying and dismantling as much of the federal government's unaccountable, secretive, mass surveillance state as he can -- before Trump is the one running it... he has made it very clear exactly how he would use such powers: to target Muslims, immigrant families, marginalized communities, political dissidents, and journalists."

Edward Snowden's lawyer says "I think many Americans are waking up to the fact we have created a presidency that is too powerful," and the Verge adds that Pinboard CEO Maciej Ceglowski is now urging tech sites to stop collecting so much data. "According to Ceglowski, the only sane response to a Trump presidency was to get rid of as much stored user data as possible. 'If you work at Google or Facebook,' he wrote on Pinboard's Twitter account, 'please start a meaningful internal conversation about giving people tools to scrub their behavioral data.'"

Could a Trump presidency ultimately lead to a massive public backlash against government surveillance?
Programming

'Here Be Dragons': The Seven Most Vexing Problems In Programming (infoworld.com) 497

InfoWorld has identified "seven of the gnarliest corners of the programming world," which Slashdot reader snydeq describes as "worthy of large markers reading, 'Here be dragons.'" Some examples:
  • Multithreading. "It sounded like a good idea," according to the article, but it just leads to a myriad of thread-managing tools, and "When they don't work, it's pure chaos. The data doesn't make sense. The columns don't add up. Money disappears from accounts with a poof. It's all bits in memory. And good luck trying to pin down any of it..."
  • NP-complete problems. "Everyone runs with fear from these problems because they're the perfect example of one of the biggest bogeymen in Silicon Valley: algorithms that won't scale."

The other dangerous corners include closures, security, encryption, and identity management, as well as that moment "when the machine runs out of RAM." What else needs to be on a definitive list of the most dangerous "gotchas" in professional programming?


Businesses

The Internet Association, Whose Members Include Amazon, Facebook and Google, Writes Open Letter To Donald Trump (cnet.com) 19

The Internet Association -- a group of 40 top internet companies including Airbnb, Amazon, Facebook, Google, LinkedIn, Netflix, Twitter, Uber and Yahoo -- issued an open letter on Monday that congratulates Donald Trump on his victory and offers a long list of policy positions they hope he'll consider during his time as president. From a report on CNET:That list includes:
Upholding Section 230 of the Communications Decency Act so internet companies can't get sued easily for things their users say or do online.
Upholding Section 512 of the Digital Millennium Copyright Act so internet companies can't get easily sued if they quickly remove copyrighted content that users upload (such as infringing photos and YouTube videos).
Reforming the 30-year-old Electronic Communications Privacy Act -- "Internet users must have the same protections for their inbox as they do for their mailbox," states the association. Supporting strong encryption (Trump called for a boycott of Apple when it refused to comply with an FBI order to unlock an iPhone linked to terror.)
Reforming Section 702 of the Foreign Intelligence Surveillance Act, which lets the NSA collect online communications without a warrant.
Providing similar copyright protections for companies that operate outside the US.
Reforming the US Patent Office to deter patent trolls, a term for companies that sue other companies based on patents without actually producing new products.
Here's the full list.
United States

What the Trump Win Means For Tech and Science (arstechnica.com) 382

Republican nominee Donald Trump has won the US Presidential election to become the country's 45th president. Now that he is going to run the government, it's a good time to look back on the kind of policies and changes he is likely to bring in the United States. From an article on ArsTechnica:Trump's presidency could bring big changes to regulation of Internet service providers -- but most of them are difficult to predict because Trump rarely discussed telecom policy during his campaign. The Federal Communications Commission's net neutrality rules could be overturned or weakened, however, if Trump still feels the same way he did in 2014. At the time, he tweeted, "Obama's attack on the internet is another top down power grab. Net neutrality is the Fairness Doctrine. Will target conservative media. [...] With Trump's win, it's still not clear what a Trump administration would do on the issues of cybersecurity and encryption. As Ars reported last month, Trump and his campaign team have been vague on many such details. During the presidential debates, he brushed off the intelligence community's consensus that the attacks against the Democratic National Committee were perpetrated or silently condoned by the Russian government. But Trump did call for a boycott of Apple -- a boycott of which he didn't even abide by -- during Cupertino's fight with federal prosecutors about whether Apple should be forced to help the authorities unlock a killer's encrypted iPhone. [...] Trump's presidency, by some accounts, is likely to be a disaster for science. Most analyses of his proposed budgets indicate they will cause deficits to explode, and a relatively compliant Congress could mean at least some of these cuts will get enacted. That will force the government to figure out how to cut, or at least limit, spending. Will science funding be preserved during that process? Trump's given no indication that it would. Instead, many of his answers about specific areas of science focus on the hard choices that need to be made in light of budget constraints. With the exception of NASA, Trump hasn't identified any areas of science that he feels are worth supporting. More generally, Trump has indicated little respect for the findings of science.The Silicon Valley top heads were largely upset with the outcome of the Presidential Election, to say the least.
Security

User Forks FileZilla FTP Client After Getting Hacked (filezillasecure.com) 166

Slashdot reader Entropy98 writes: A frustrated FileZilla user took matters into his own hands after getting hacked due to the fact that his saved passwords were being saved in plain text files. Despite years of numerous requests over almost 10 years the FileZilla devs refused to add a Master Password option to encrypt the stored passwords. Finally fed up one user forked FileZilla and created FileZilla Secure with the Master Password option.
Chrome

More Than 50 Percent of All Pages In Chrome Are Loaded Over HTTPS Now (onthewire.io) 136

Reader Trailrunner7 writes: After years of encouraging site owners to transition to HTTPS by default, Google officials say that the effort has begun to pay off. The company's data now shows that more than half of all pages loaded by Chrome on desktop platforms are served over HTTPS. Google has been among the louder advocates for the increased use of encryption across the web in the last few years. The company has made significant changes to its own infrastructure, encrypting the links between its data center, and also has made HTTPS the default connection option on many of its main services, including Gmail and search. And Google also has been encouraging owners of sites of all shapes and sizes to move to secure connections to protect their users from eavesdropping and data theft. That effort has begun to bear fruit in a big way. New data released by Google shows that at the end of October, 68 percent of pages loaded by the Chrome browser on Chrome OS machines were over HTTPS. That's a significant increase in just the last 10 months. At the end of 2015, just 50 percent of pages loaded by Chrome on Chrome OS were HTTPS. The numbers for the other desktop operating systems are on the rise as well, with macOS at 60 percent, Linux at 54 percent, and Windows at 53 percent.
Businesses

New Attack Can Seize Control of Drones 40

A new radio transmitter "seizes complete control of nearby drones as they're in mid-flight," reports Ars Technica: From then on, the drones are under the full control of the person with the hijacking device. The remote control in the possession of the original operator experiences a loss of all functions, including steering, acceleration, and altitude... Besides hijacking a drone, the device provides a digital fingerprint that's unique to each craft. The fingerprint can be used to identify trusted drones from unfriendly ones and potentially to provide forensic evidence for use in criminal or civil court cases...

Hijacks could allow law-enforcement officers to safely seize control of vulnerable drones that are endangering or interfering with first responders. The hacks could also provide ordinary citizens with a less-draconian way of disabling a drone they believe is impinging on their property or privacy... A patchwork of federal and state laws makes it unclear if even local authorities have the legal authority to shoot or hack an aircraft out of the sky.

XKCD once proposed solving the problem with butterfly nets, but instead this new attack is exploiting unencrypted DSMx radio signals.
Democrats

Apple Shared User Data With Governments, Says WikiLeaks Email (dailydot.com) 106

"Please know that Apple will continue its work with law enforcement," reads an email from Apple's vice president of Environment, Policy and Social Initiatives, who reports directly to CEO Tim Cook, according to new documents this week on WikiLeaks. An anonymous reader writes: In the email the Apple executive writes "we work closely with authorities to comply with legal requests for data that have helped solve complex crimes. Thousands of times every month, we give governments information about Apple customers and devices, in response to warrants and other forms of legal process. We have a team that responds to those requests 24 hours a day." The email was addressed to Clinton campaign chairman John Podesta.

But the context is missing, and could show a larger attempt to soften Hillary Clinton's position on encryption. While Jackson writes that at Apple, "We share law enforcement's concerns about the threat to citizens," she later writes "Strong encryption does not eliminate Apple's ability to give law enforcement meta-data or any of a number of other very useful categories of data."

The email also compliments Clinton for her "principled and nuanced stance" on encryption in a December debate against Bernie Sanders. Clinton had said "maybe the backdoor is the wrong door, and I understand what Apple and others are saying about that. But I also understand, when a law enforcement official charged with the responsibility of preventing attack...well, if we can't know what someone is planning, we are going to have to rely on the neighbor... I just think there's got to be a way, and I would hope that our tech companies would work with government to figure that out."
Google

Google's AI Created Its Own Form of Encryption (engadget.com) 137

An anonymous reader shares an Engadget report: Researchers from the Google Brain deep learning project have already taught AI systems to make trippy works of art, but now they're moving on to something potentially darker: AI-generated, human-independent encryption. According to a new research paper, Googlers Martin Abadi and David G. Andersen have willingly allowed three test subjects -- neural networks named Alice, Bob and Eve -- to pass each other notes using an encryption method they created themselves. As the New Scientist reports, Abadi and Andersen assigned each AI a task: Alice had to send a secret message that only Bob could read, while Eve would try to figure out how to eavesdrop and decode the message herself. The experiment started with a plain-text message that Alice converted into unreadable gibberish, which Bob could decode using cipher key. At first, Alice and Bob were apparently bad at hiding their secrets, but over the course of 15,000 attempts Alice worked out her own encryption strategy and Bob simultaneously figured out how to decrypt it. The message was only 16 bits long, with each bit being a 1 or a 0, so the fact that Eve was only able to guess half of the bits in the message means she was basically just flipping a coin or guessing at random.ArsTechnica has more details.
Encryption

Nuclear Plants Leak Critical Alerts In Unencrypted Pager Messages (arstechnica.com) 79

mdsolar quotes a report from Ars Technica: A surprisingly large number of critical infrastructure participants -- including chemical manufacturers, nuclear and electric plants, defense contractors, building operators and chip makers -- rely on unsecured wireless pagers to automate their industrial control systems. According to a new report, this practice opens them to malicious hacks and espionage. Earlier this year, researchers from security firm Trend Micro collected more than 54 million pages over a four-month span using low-cost hardware. In some cases, the messages alerted recipients to unsafe conditions affecting mission-critical infrastructure as they were detected. A heating, venting, and air-conditioning system, for instance, used an e-mail-to-pager gateway to alert a hospital to a potentially dangerous level of sewage water. Meanwhile, a supervisory and control data acquisition system belonging to one of the world's biggest chemical companies sent a page containing a complete "stack dump" of one of its devices. Other unencrypted alerts sent by or to "several nuclear plants scattered among different states" included:

-Reduced pumping flow rate
-Water leak, steam leak, radiant coolant service leak, electrohydraulic control oil leak
-Fire accidents in an unrestricted area and in an administration building
-Loss of redundancy
-People requiring off-site medical attention
-A control rod losing its position indication due to a data fault
-Nuclear contamination without personal damage
Trend Micro researchers wrote in their report titled "Leaking Beeps: Unencrypted Pager Messages in Industrial Environments": "We were surprised to see unencrypted pages coming from industrial sectors like nuclear power plants, substations, power generation plants, chemical plants, defense contractors, semiconductor and commercial manufacturers, and HVAC. These unencrypted pager messages are a valuable source of passive intelligence, the gathering of information that is unintentionally leaked by networked or connected organizations. Taken together, threat actors can do heavy reconnaissance on targets by making sense of the acquired information through paging messages. Though we are not well-versed with the terms and information used in some of the sectors in our research, we were able to determine what the pages mean, including how attackers would make use of them in an elaborate targeted attack or how industry competitors would take advantage of such information. The power generation sector is overseen by regulating bodies like the North American Electric Reliability Corporation (NERC). The NERC can impose significant fines on companies that violate critical infrastructure protection requirements, such as ensuring that communications are encrypted. Other similar regulations also exist for the chemical manufacturing sector."
Microsoft

Snapchat, Skype Put Users' 'Human Rights at Risk', Amnesty Int'l Reports (cbsnews.com) 47

Shanika Gunaratna, writing for CBS News: Snapchat and Skype are falling short in protecting users' privacy -- a failure that puts users' "human rights at risk," according to a report by the organization Amnesty International. Snapchat and Skype received dismal grades in a new set of rankings released by Amnesty that specifically evaluate how popular messaging apps use encryption to protect users' private communications. In the report, Amnesty is trying to elevate encryption as a human rights necessity, due to concerns that activists, opposition politicians and journalists in some countries could be put in grave danger if their communications on popular messaging apps were compromised. "Activists around the world rely on encryption to protect themselves from spying by authorities, and it is unacceptable for technology companies to expose them to danger by failing to adequately respond to the human rights risks," Sherif Elsayed-Ali, head of Amnesty's technology and human rights team, said in a statement. "The future of privacy and free speech online depends to a very large extent on whether tech companies provide services that protect our communications, or serve them up on a plate for prying eyes."Microsoft's Skype received 40 out of 100. WhatsApp fared at 73, and Apple scored 67 out of 100 for its iMessage and FaceTime apps. BlackBerry, Snapchat, and China's Tencent did 30 out of 100.
Encryption

VeraCrypt Security Audit Reveals Many Flaws, Some Already Patched (helpnetsecurity.com) 75

Orome1 quotes Help Net Security: VeraCrypt, the free, open source disk encryption software based on TrueCrypt, has been audited by experts from cybersecurity company Quarkslab. The researchers found 8 critical, 3 medium, and 15 low-severity vulnerabilities, and some of them have already been addressed in version 1.19 of the software, which was released on the same day as the audit report [which has mitigations for the still-unpatched vulnerabilities].
Anyone want to share their experiences with VeraCrypt? Two Quarkslab engineers spent more than a month on the audit, which was funded (and requested) by the non-profit Open Source Technology Improvement Fund "to evaluate the security of the features brought by VeraCrypt since the publication of the audit results on TrueCrypt 7.1a conducted by the Open Crypto Audit Project." Their report concludes that VeraCrypt's security "is improving which is a good thing for people who want to use a disk encryption software," adding that its main developer "was very positive along the audit, answering all questions, raising issues, discussing findings constructively..."
Encryption

Firefox Users Reach HTTPS Encryption Milestone (techcrunch.com) 63

For the first time ever, secure HTTPS encryption was used for over half the pageloads served to Mozilla users, representing a big milestone for encryption. TechCrunch reports on the telemetry data tweeted by the Head of Let's Encrypt: Mozilla, which is one of the organizations backing Let's Encrypt, was reporting that 40% of page views were encrypted as of December 2015. So it's an impressively speedy rise...

The Let's Encrypt initiative, which exited beta back in April, is doing some of that work by providing sites with free digital certificates to help accelerate the switch to HTTPS. According to [co-founder Josh] Aas, Let's Encrypt added more than a million new active certificates in the past week -- which is also a significant step up. In the initiative's first six months (when still in beta) it only issued around 1.7 million certificates in all.

The "50% HTTPS" figure is just a one-day snapshot, and it's from "only a subset of Firefox users who are running Mozilla's telemetry browser...not default switched on for most Firefox users (only for users of pre-release Firefox builds)." But the biggest caveat is it's only counting Firefox users, which in July represented just 7.7% of web surfers (according to Statista), behind both Chrome (49.5%) and Safari (13.68%) -- but also ahead of Internet Explorer (5.4%) and Opera (5.99%).
Android

Android Devices That Contain Foxconn Firmware May Have a Secret Backdoor (softpedia.com) 95

An anonymous reader writes from a report via Softpedia: Some Android devices that contain firmware created by Foxconn may be vulnerable via a debugging feature left inside the bootloader, which acts as a backdoor and bypasses authentication procedures for any intruder with USB access to a vulnerable phone. By sending the "reboot-ftm" command to Android devices that contain Foxconn firmware, an attacker would authenticate via USB, and boot the device, running as root with SELinux disabled. There isn't a list of affected devices available yet, but Jon Sawyer, the researchers that discovered this hidden command, provides instructions on how to detect if a phone is affected. "Due to the ability to get a root shell on a password protected or encrypted device, Pork Explosion would be of value for forensic data extraction, brute forcing encryption keys, or unlocking the boot loader of a device without resetting user data. Phone vendors were unaware this backdoor has been placed into their products," Sawyer says.

Slashdot Top Deals