惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

罗磊的独立博客
Forbes - Security
Forbes - Security
Blog — PlanetScale
Blog — PlanetScale
P
Proofpoint News Feed
Apple Machine Learning Research
Apple Machine Learning Research
Google DeepMind News
Google DeepMind News
MyScale Blog
MyScale Blog
GbyAI
GbyAI
B
Blog RSS Feed
S
SegmentFault 最新的问题
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
小众软件
小众软件
The Last Watchdog
The Last Watchdog
W
WeLiveSecurity
Webroot Blog
Webroot Blog
S
Security @ Cisco Blogs
Hugging Face - Blog
Hugging Face - Blog
Microsoft Security Blog
Microsoft Security Blog
月光博客
月光博客
博客园 - 聂微东
F
Fortinet All Blogs
H
Hacker News: Front Page
A
About on SuperTechFans
Application and Cybersecurity Blog
Application and Cybersecurity Blog
C
Check Point Blog
V
V2EX
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Y
Y Combinator Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
N
News | PayPal Newsroom
Cisco Talos Blog
Cisco Talos Blog
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
The Cloudflare Blog
P
Privacy & Cybersecurity Law Blog
N
Netflix TechBlog - Medium
C
CXSECURITY Database RSS Feed - CXSecurity.com
Recorded Future
Recorded Future
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Google DeepMind News
Google DeepMind News
大猫的无限游戏
大猫的无限游戏
美团技术团队
Security Latest
Security Latest
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
I
InfoQ
Recent Announcements
Recent Announcements
The GitHub Blog
The GitHub Blog
Google Online Security Blog
Google Online Security Blog
T
The Exploit Database - CXSecurity.com

ashishb.net

A day in Luxembourg - the richest country in the world I was asked to install malware during a fake interview Book summary: Breakneck - China's quest to engineer the future by Dan Wang Book summary: How to Teach Your Baby to Read Book Summary: The Discontented Little Baby Book by Pamela Douglas Introducing Amazing Sandbox - run third-party tools and AI agents securely on your machine Why software outsourcing gets a bad reputation? Book summary: The Natural Baby Sleep Solution by Polly Moore A day in Antwerp, Belgium Journey of online influencers Two days in Brussels, Belgium Shortcuts - when we love them and when we don't A visit to Rakhigarhi Three days in overhyped Paris Empty Japan, crowded Tokyo The real lock-in in GitHub is not the code, but the stars 11-day Norwegian Breakaway East Caribbean cruise Sanskrit and Sri Lankan Air Force Use REST with Open API The Achilles heel of American capitalism Costa Rica in 4 days At a juice stall in Sri Lanka A short stay at Warsaw, Poland Best practices for using Python & uv inside Docker Two days in Vilnius, Lithuania How IntelliJ IDEs waste disk space Pregnancy Why there aren't many digital nomads from India Two days in Riga, Latvia To keep your machine secure, run third-party tools inside Docker Family Ties in Your DNA: Some relatives are closer than others Doctors per capita Two days in Tallinn, Estonia Ship tools as standalone static binaries Made in America Two days in Helsinki, Finland Maintaining an Android app is a lot of work The land of good deals Two days in Oslo, Norway FastAPI vs Flask performance comparison Google Search is losing to Perplexity Two days in Dublin, Ireland Continuous integration ≠ Continuous delivery World's simplest project success heuristic London in 5 days It is hard to recommend Python in production Inflation, IRS, Credit cards, and Vendors Temu and the Chinese approach Things to do in Miami Florida Revenue vs Cost Axis Language learning as an adult The unanchored babies of the green card limbo Price variance in the United States A day in Louisville, Kentucky A surprisingly positive experience with Air India Unhospitable Airports Android: Don't use stale views USA = Union of Sales and Advertisement A day in Nashville, Tennessee Minimize Javascript in your codebase A day in Birmingham, Alabama In defense of ad-supported products Real vs artificial world The science behind Punjabi singers Hiking Mt. Fuji The Indian startup bubble is insane Repairing database on the fly for millions of users Book Summary: One up on Wall Street by Peter Lynch It is hard to recommend Google Cloud At the Prague airport Kyoto in three days Migrating from WordPress to Hugo Book summary: Sick Societies by Robert B. Edgerton Statistical outcomes require statistical games Illegal immigrants to Europe via Cairo Tokyo in three days Mobs are Status Games Writing Script matters as much as the spoken language Sri Lanka in 5 days LLMs: great for business but bad business Book Summary: Safe Haven by Mark Spitznagel Mac shortcut for typing Avagraha symbol On a bus with an asylum seeker Nicaragua in 5 days When to commit Generated code to version control Why I always buy a local SIM in a foreign country Use Makefile for Android Four days in Guadalajara, Mexico Android Navigation: Up vs Back Hotels vs Airbnb vs Hostels Currency issues in Argentina Abstractions should be deep not wide Some data on podcasting Always support compressed response in an API service A day in El Calafate - Patagonia, Argentina Hermetic docker images with Hugging Face machine learning models American Elections The sound of "ch" API services should always have usage Limits Hiking in El Chaltén - trekking capital of Argentina
BlackBerry Controversy in India
Ashish Bhatia · 2010-09-13 · via ashishb.net

Indian Govt. has asked RIM (maker of the BlackBerry smartphone) to provide access to the data going through its servers for intelligence purposes and it appears that BlackBerry has accepted the demands. Due to the lack of understanding of encryption on the part of Indian media, misleading and ambiguous reports have been published on the same. This blog post is an effort to clarify the same.

BlackBerry and Encryption

BlackBerry has two types of customers

  1. Enterprise Customers
  2. Normal Customers

For enterprise customers, a single secret key cryptography across the enterprise is used and this key is known only to enterprises. (roughly, the equivalent of saying that all enterprise employees have a copy of the key to the main gate of the office and no one except the office staff has the key). Given the current state of encryption technology, no one can “read” the actual(plain text) messages without getting hold of the key. So, any end-to-end encrypted communication cannot be deciphered by a third party( including RIM).

" RIM was also asked to give access to its algorithms so that security agencies here could decrypt messages."[ ET] Now, this kind of reporting is a pure pig-shit and ignorance of technology on the part of the media. Even if the government knows the algorithm, it will not be of any use. In fact, for that matter, the source code of most encryption algorithms is publicly known. The power of encryption lies not in the algorithm but in the key which is used by the algorithm to generate encrypted text from plain text.

Interestingly, it seems that for normal customers, messages are sent from handset to server in an encrypted format (I believe it should be using public-key cryptography) using the sender’s key. De-encrypted at the server and re-encrypted for the receiver. So, the traditional approach of eavesdropping fails in this case. The only way to access “data” is through servers. That is what, I believe the Indian government(and a lot of other governments) is trying to get access to.

Is BlackBerry a “low-hanging fruit”

Well, there are two problems with this approach

  1. Too much hue and cry Given the hue and cry the government has created in the name of security, no terrorist is ever going to use BlackBerry anymore. Also, if they are adamant, they can always ask their Pakistani/Middle-east funders to establish some dummy enterprise and all of them become enterprise customers of the service and hence, “un-interceptable” again.
  2. Current state of the smartphone market What if someone implements an android/iPhone app to do encryption on-the-fly between communicating parties? In fact, there are algorithms where even the key can be established over the wiretapped channel rendering the rest of communication encrypted, so even, after listening to initial communication, it becomes impossible to decipher the rest.

What it actually means (in my opinion) Given the track record of the government in wiretapping for political purposes. I see no reason, why the government is irked at un-interceptable phones.

Suggestions

  1. It is being planned that a similar restriction will be put on Google(for Gmail) and Skype. I believe even if the government is planning to do something of this sort, any announcement of this type defeats the [honest part of] intent.
  2. Rather than going ahead with blind wire-tapping which will obviously fail as encrypted communication becomes more pervasive and the mammoth amount of data which is too much to be handled manually, so probably, NTRO should try a newer approach (perhaps pattern-based identification of terrorists)

Note: This article is factually correct to the best of my knowledge. I might be lacking understanding but not a will to understand, so in case, there is a factual mistake or a logical flaw, please do point that out in the comments.

References:

  1. https://futureoftheinternet.org/blackberry-22
  2. https://www.schneier.com/blog/archives/2010/08/uae_to_ban_blac.html
  3. https://cpj.org/blog/2010/08/why-governments-dont-need-to-crack-the-blackberry.php
  4. https://economictimes.indiatimes.com/infotech/hardware/BlackBerry-to-open-code-for-security-check/articleshow/6249666.cms
  5. https://online.wsj.com/article/SB10001424052748704271804575405403458659166.html
  6. https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
  7. https://www.outlookindia.com/article.aspx?265191