Summary:
Open Whisper Systems produces a messaging app that uses end-to-end encryption. All the keys and usage information are contained in the user devices --- the company collects no information from them. The secrecy of the communication has been put to the test by a subpoena from the US government demanding information about one of its users. The ACLU is representing the small company in the matter. The company does not have the information that the government wants because the app is designed with user privacy in mind.

Summary:
If you missed out on the genesis of the Whisper app and its creator Moxie Marlingspike, this is a good synopsis of the story of a peculiar coder. The story is behind a paywall, but if you are a subscriber, it's worth perusing.

Summary:
It was a different world back in 2010 when Secretary of State Hillary Clinton started an initiative to use the Internet to help foster political change in countries with severe political censorship. After some twists and turns in funding authorities, an agency called Radio Free Asia created the Open Technology Fund. From that fund, Moxie Marlinspike got $2.3 million dollars to develop an end-to-end encrypted messaging app, the same technology that now underlies WhatsApp, a company that was acquired by Facebook for $22 billion dollars in 2014.

Summary:
An amendment to Rule 41 of the Federal Rules of Criminal Procedure is set to go into effect in December, and it will dramatically change how the government obtains warrants that allow it to hack computers in the course of criminal investigations. The warrants will not be bound to a particular jurisdiction if the government cannot identify the location of the computers. Instead, any judge will be able to issue a warrant that will apply regardless of jurisdiction. The government argues that it cannot investigate computer crimes without this tool, critics say it may violate the Fourth Amendment.

Summary:
The former NSA contractor accused of copying a massive amount of classified data apparently had the hacker tools produced by NSA and released onto the Internet by an anonymous group in August. His motive in taking the information remains unknown, as does his possible sharing of the information with the anonymous group.

Summary:
Yahoo complied with a US government subpoena by scanning all email in real time and reporting the results to the government. A staff attorney for the ACLU called the demand "unprecedented and unconstitutional." According to insiders, Yahoo's CEO did not consult the security staff when ordering the reconfiguration of the company's email servers. The solution that was implemented may have made all of Yahoo's email vulnerable to hackers.

Summary:
The US government demanded that Yahoo search all email for a digital pattern that it associated with foreign terrorist organizations, and the company complied by adapting a filter that it had developed for detecting child pornography. The subpoena was issued by the secret Foreign Intelligence Court. Yahoo cannot disclose any information about the matter, but Apple commented that it received nearly 600 "gag orders" related to government data collection in the first several months of 2016.

Summary:
Two Boston area experts, Roy Wattanasin and Ming Chow, are trying to raise awareness of the fragmented state of cybersecurity education in computer science curricula. No school in the Boston area seems to offer a course that focuses primarily on cybersecurity, and there is no agreement on the skill set that should be taught. They gave a presentation about their survey findings at the Hackers on Planet Earth (HOPE) conference in July of this eyar.

Summary:
Researchers have called into question the security of the prime numbers underlying some commonly used implementations of the Diffie-Hellman protocol. The numbers are secure if the associated discrete logarithm problem is hard to solve, but not all prime numbers lead to hard problems. If a nefarious party (or NSA) chooses a prime for which he has secret information that makes discrete logarithms relatively easy, then the resulting communication protocol will be easy for him to decipher. This distressing fact has no silver lining because there is no simple way to determine if a given prime is easy. The details of the number field sieve algorithm provide the mathematical underpinning to the weakness.

Summary:
Although Apple has asserted that it does not collect or share data about its users private information, that protection does not cover the "metadata" of iMessage conversations. Documents obtained from the Florida Department of Law Enforcement's Electronic Surveillance Support Team show that information about contacts, IP addresses, and the dates and times of conversations are share with law enforcement.

Summary:
The New York Times broke a story in 2012 about secret malware that delayed Iran's nuclear development program. The apparent source of that story, retired four-star Marine Corps general James E. “Hoss” Cartwright, pleaded guilt to lying to FBI in an investigation into a leak of classified information. Cartwright denies being the source of the New York Times story, but acknowledges that he mislead the FBI about his conversations with reporters. The story was about the the Stuxnet virus, and its exact origin remains a mystery.

Summary:
A denial-of-service attack brought parts of the Internet to its knees for a day, and the source of the traffic was a surprise. Someone had harnassed perhaps millions of "Internet ready" devices such as webcams and thermostats for the purpose of inundating a major DNS provider, Dyn, with useless traffic that prevented it from dealing with real requests. Because many "Internet of Things" devices are shipped with little or no security, they are easy targets for hackers.

Summary:
Eleven years ago Linus Torvalds noticed an obscure kernel bug in the Linux operating system. Being the "kernel boss" and the figure credited with the creation of Linux in the first place, he was the natural person to both notice the bug and to fix it. Because it was had to trigger the bug, he felt it was a low priority problem. But Linux has changed a lot in the last decade, and with one thing and another, the bug became easier to trigger, and the consequences could be a complete compromise of security. The "copy-on-write" feature of the kernel had a timing problem that would allow a user to overwrite privileged executables. A patch was issued quickly, but there are Linux systems in so many devices that it is unrealistic to think that they will all be upgraded immediately.

Summary:
There were surprises in the US elections this year, one of them being that international cyberhacking figured heavily in the speculations about leaks and social media influence. David Rothkopf, the chief executive and editor of Foreign Policy, who has written two histories of the National Security Council, comments that "Most of the biggest stories of this election cycle have had a cybercomponent to them — or the use of information warfare techniques that the Russians, in particular, honed over decades." The specter of information theft and information manipulation will hang over us for a long time to come.

Summary:
A Chinese company wrote software that was installed on many Android phones, and that software deliberately sent copies of text messages to a server in China. The security firm Kryptowire discovered the communication inadvertantly when company executive noticed that a phone he had recently bought seemed to have unexplained network activity. The "feature" was not disclosed to users. The Chinese company, Adups, said it was all a configuration control problem. The software was not supposed to be installed on American phones. It was intended to help a Chinese customer provide better customer support.

Summary:
Some DNS experts thought to help out with the security of the US election by looking for patterns of suspicious activity associated with accessing Internet sites associated with the parties, the candidates, and other information sites. They found some puzzling patterns for a server associated with Trump enterprises. That server seemed to be communicating with Alfa Bank, an entity located in Russia that operates in the West. Because the DNS information does not in itself prove that the two companies communicated, there is no accusation of collaboration. Nonetheless, in the view of some experts, the pattern is consistent with an uncommon sort of communication channel.