NNSquad - Network Neutrality Squad
[ NNSquad ] Bad kitty! "Rookie mistake" in Cryptocat chat app makes cracking a snap
Bad kitty! "Rookie mistake" in Cryptocat chat app makes cracking a snap http://j.mp/15le1ez (ars technica) "Developers of the Cryptocat application for encrypting communications of activists and journalists have apologized for a critical programming flaw that made it trivial for third parties to decipher group chats. The precise amount of time the vulnerability was active is in dispute, with Cryptocat developers putting it at seven months and a security researcher saying it was closer to 19 months. Both sides agree that the effect of the bug was that the keys used to encrypt and decrypt conversations among groups of users were easy for outsiders to calculate. As a result, activists, journalists, or others who relied on Cryptocat to protect their group chats from government or industry snoops got little more protection than is typically available in standard chat programs. Critics said it was hard to excuse such a rudimentary error in an open-source piece of software held out as a way to protect sensitive communications." - - - It is axiomatic that bad crypto is *worse* than no crypto -- because when you *believe* you have a secure channel and you really don't, you say things you wouldn't have said in the clear, but without real protection. --Lauren-- Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info Founder: - Network Neutrality Squad: http://www.nnsquad.org - PRIVACY Forum: http://www.vortex.com/privacy-info - Data Wisdom Explorers League: http://www.dwel.org - Global Coalition for Transparent Internet Performance: http://www.gctip.org Member: ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com Google+: http://vortex.com/g+lauren / Twitter: http://vortex.com/t-lauren Tel: +1 (818) 225-2800 / Skype: vortex.com _______________________________________________ nnsquad mailing list http://lists.nnsquad.org/mailman/listinfo/nnsquad