Steve Gibson is on the show to talk about the strange disappearance of TrueCrypt and what your best options might be for whole disk encryption.
Multiple versions (ogg, video etc.) from Archive.org.
Please SUBSCRIBE HERE.
A special thanks to all our Patreon supporters–without you, none of this would be possible.
If you enjoy the show, please consider supporting the show here at the low, low cost of a nickel a day on Patreon. Thank you!
Big thanks to Dan Lueders for the music and Martin Bell for the opening theme!
Big thanks to Mustafa A. from thepolarcat.com for the logo!
Thanks to our mods, Kylde, TomGehrke and scottierowland on the subreddit
Show Notes
Today’s guests: Steve Gibson, of Gibson Research Corporation and Security Now!
Headlines
Can Beats save music? Apple, Senior Vice President of Internet Software and Services Eddy Cue and Beats co-founder Jimmy Iovine took the stage together at the Code Conference last night in the wake of the announcement that Apple has agreed to purchase Beats Electronics and Beats Music. Cue said, “Music is dying in the way that we’ve known it,” referring to declining digital sales in the face of rising streaming services. Iovine thinks the music business is “desperately insecure” and Silicon Valley is “slightly over-confident.” Cue thinks Iovine and Dr. Dre are the men for the job. While Beats hardware is nice, Cue made it clear that the deal is “about music.” Apple expects the deal to close after regulatory approval sometime in September. Cue also stoked excitement for Monday’s WWDC keynote saying, “we’ve got the best product pipeline that I’ve seen in my 25.”
Hey ladies … where are you? BloombergBusinessWeek reports that Laszlo Block, Google’s SVP for people operations posted to Google’s blog about the company’s diversity statistics. Thirty percent of Google workers are women and 39 percent are racial or ethnic minorities. The majority of nonwhite Google employees are of Asian descent. This puts Google close to the middle among tech companies that disclose these sorts of statistics. More companies are feeling pressure to reveal diversity statistics. Facebook COO Sheryl Sandberg has said that Facebook plans to reveal theirs eventually.
ISP ratings coming soon to a computer near you: GigaOm reports on YouTube expanding its video quality report to include regions in the United States. The report, previously released in Canada, gives stats on the streaming quality of YouTube on your ISP and compares it to other ISPs in your region.
Using social media to destroy the world? The Verge has a story on a report from security consulting group iSight Partners that claims a phony news agency called NewsOnAir has been building ties with senior U.S. military and diplomatic officials as well as U.S. and Israeli defense contractors. The group would make social network connections and use fake names over services like Twitter, Facebook, WordPress and LinkedIn. The aim of the site was to present fake login pages to steal credentials. The group’s central domain was registered in Tehran.
Express yourself, Turkey: BBC reports Turkey’s Constitutional Court has ruled a block on YouTube violated freedom of expression laws and have ordered ISPs in Turkey to lift the block. Lower courts have previously ordered the block lifted but the government did not respond, claiming offending material still existed on YouTube.
London cabbies are uber mad: BBC also reports London’s transport authority has announced it does not believe Uber’s car service breaks laws by using an app to determine charges.The authority referred the matter to the High Court to issue a binding ruling on the matter. The taxi drivers claim the app is equivalent to a meter, which private drivers are not allowed to use. The drivers plan a demonstration for June 11.
News From You
Our top story on the SubReddit today was submitted by Nova461. Developers of TrueCrypt are redirecting traffic from their website to a sourceforge page claiming the software may have security vulnerabilities and due to the end of support for Windows XP, they will no longer develop TrueCrypt. The developers posted instructions for using alternative disk encryption on Windows and OSX.
Kylde submitted the Ars Technica story that a group at Brigham Young University has created an app for Google Glass to help the deaf to view an ASL interpreter in dark situations, like a planetarium, without bothering other attendees. The project is called Signglasses. The full results of the group’s research will be published in June at the Interaction Design and Children conference.
KAPT_Kipper passed along the Ars story about researchers at Japanese Telecom NTT publishing a paper that includes a description of a working 115-bit optical Random Access Memory device made of photonic crystals. The crystals can store light in a high-energy state and emit it after a high-energy pulse, thus optical bits. Granted they’ve only achieved 105 optical bits so far. That can be increqased, the bad news is the energy usage. 28-bit memory takes about 150 micro-watts to store which will be hell on your battery life. But if that can be figured out fiber optic singals wouldn’t have to be converted to electronic ones to be useful. Fiber to your RAM!
And SkyJedi & HarryLeeSmith let us know that Ars Technica reports that the Linux Foundations’ Core Infrastructure Initiative, which was formed in response to Heartbleed, has raised enough to fund a security audit of OpenSSL’s code base as well salaries for two full-time developers. OpenSSH and Network Time Protocol will also receive support for developers and infrastructure.
Discussion Section Links:
http://steve.grc.com/2014/05/28/whither-truecrypt/
http://krebsonsecurity.com/2014/05/true-goodbye-using-truecrypt-is-not-secure/
http://steve.grc.com/2014/05/29/an-imagined-letter-from-the-truecrypt-developers/
https://twitter.com/matthew_d_green
http://truecrypt.sourceforge.net/
http://www.theregister.co.uk/2014/05/29/truecrypt_analysis/
https://tails.boum.org/blueprint/replace_truecrypt/
Pick of the day: Lastpass via Alex in drizzly Nottinghamshire, UK
I know you’ve mentioned it on the show before, but it’s not on the picks page (yet), so I thought I’d mention a recent feature that’s been introduced to LastPass that meant that I finally purchased the premium version – and has turned out to be the best £8 / $12 (annual) I’ve spent on an app. (Of course, the best general $1 per month I spend is being a patron for DTNS!)
The killer feature for me is password completion in android apps, including Chrome for website logins. I recently got a Nexus 7 and setting it up with all my apps took no time at all because I first installed the LastPass app which filled in all my logins as I went. The mobile app used to have its own browser so I had to choose between password completion or the functionality of Chrome – but now I can have both.
It’s only on Android for now it seems and it works by pretending to be an accessibility aid – popping up on screen when a prompt is detected which works well about 95% of the time.
Friday’s Guests: Molly Wood and Justin Robert Young!