Nadim, I hope you, Arturo, and other clueful people will reach out to reporters who may be interested in covering these issues. Let me know if I can assist with making contacts.
Brian On Mon, Jul 1, 2013 at 1:45 PM, Nadim Kobeissi <na...@nadim.cc> wrote: > Silent Circle's response to critical security vulnerabilities has been > *extremely* bad. They recently quietly fixed numerous critical > vulnerabilities that could lead to a full compromise, without informing > their users or submitting and advisory in any way. > > Pointing to the vulnerable code on their GitHub led to both myself and > Arturo (from GlobaLeaks) to be censored. > > More information: > https://github.com/SilentCircle/silent-phone-base/issues/5#issuecomment-20232374 > > NK > > On 2013-07-01, at 2:35 PM, Yosem Companys <compa...@stanford.edu> wrote: > > > > http://gcn.com/blogs/cybereye/2013/06/agencies-sudden-interest-encrypted-comm.aspx > > > > Agencies showing sudden interest in encrypted comm > > > > Silent Circle, the company that provides end-to-end BYOD encryption, > > has introduced a Web-based management console to support large > > deployments of crypto licenses. It was developed largely in response > > to government demand for a tool to manage enterprisewide licensing, > > said CEO Mike Janke. > > > > Government was always a primary market for Silent Circle, but the > > speed of adoption has caught the company by surprise. > > > > “We had no idea that government customers would need a thousand > > subscriptions,” said Janke, a former Navy SEAL. “We didn’t see any of > > this coming. We envisioned 10 special ops guys, reporters in Sudan or > > some individuals around the world.” > > > > Silent Circle’s secure voice, text, mail and video communications have > > gone in less than a year from being a point-to-point solution to an > > enterprise tool. There has been strong adoption in the financial > > industry and with oil companies, but “most of it was from [the Defense > > Department] and other government agencies,” Janke said. > > > > The company has benefited from current events, particularly recent > > revelations about the National Security Agency’s surveillance of > > Internet and telephone communications. Growth, already a strong 100 > > percent month-over-month, rocketed to 420 percent in the last > > two-and-a-half weeks. Agencies that were buying 50 subscriptions now > > are buying hundreds as concerns grow not only about government > > snooping, but also of government leaking. > > > > Encrypted communications is not new. What Silent Circle has done is > > make it practical for bring-your-own-device environments by harnessing > > the computing power of smart phones for crypto key management, cutting > > the middle man out of the security equation. Keys remain in the hands > > of the end users rather than a server, eliminating the need for trust > > in a third party. > > > > Secure peer-to-peer connections with Silent Circle Android and iOS > > apps use the Zimmermann Real Time Transport Protocol, a crypto key > > agreement protocol for voice over IP that uses the Diffie-Hellman key > > exchange and the Secure Real Time Transport Protocol. Encryption is > > done with NSA Suite B cryptography, a public interoperable set of > > crypto tools that include the Advanced Encryption Standard, Secure > > Hash Algorithm 2 and elliptic curve digital signature and key > > agreement algorithms. The company operates its own network with SIP > > servers and codecs, but all encryption and security remain on endpoint > > devices. > > > > Just 35 percent of the company’s business is in North America, with > > the rest of it off-shore in countries where security has long been a > > bigger issue than here. “We look at things in a bit of a bubble here > > compared to the rest of the world,” Janke said. People in Europe and > > Asia not only have to worry about NSA snooping, but also about their > > own intelligence agencies. > > > > Although it is available in time to take advantage of the post-PRISM > > boom in secure communications, the new console was in the works well > > before the NSA leaks. “It took five months for our team to create > > this,” Janke said, primarily because of the security required for the > > portal. The console is a business management tool only and has nothing > > to do with encryption. It does not hold or manage keys and does not > > have access to message content. “It in no way, shape or form touches > > the technology.” > > > > Despite the unexpected growth, Janke said Silent Circle is holding to > > its course for releasing new products this year, several of which, > > requested by government customers, now are in beta. These include > > encrypted file transfer from desktops, secure video conference calling > > and encrypted voice mail. > > > > Posted by William Jackson on Jun 28, 2013 at 9:41 AM > > -- > > Too many emails? Unsubscribe, change to digest, or change password by > emailing moderator at compa...@stanford.edu or changing your settings at > https://mailman.stanford.edu/mailman/listinfo/liberationtech > > -- > Too many emails? Unsubscribe, change to digest, or change password by > emailing moderator at compa...@stanford.edu or changing your settings at > https://mailman.stanford.edu/mailman/listinfo/liberationtech > -- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley
-- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
