17 May 2017

About WannaCry and strong crypto

We have been offered by the Mobile Ecosystem Forum to write a little something about the hot topic of the days, the WannaCry ransomware, who is causing damage to many individuals and organizations. The article has been published: ransomware attacks and lessons to be learnt, but we only had room for 200 words and what we wanted to say is too complex for the room they had for me. So here is a longer version of what we wanted to share with the Cozy community.

MEF’s question was: “What what should we do as an industry to better prepare for such attacks and protect consumers?”. Here is our response:

As an industry we need to remember the famous Spiderman quote[1]: “With great power comes great responsibility”. Our power is increasing as software eats the world. We need to do a better job at making safer products, products that are easier to update in order to stay secure. We need to do a better job at educating users too.

great_power_great_responsibility.jpg

But there is something more important or at least as important but less obvious. It’s two-fold.

First, we need to remember that the WannaCry ransomware was made possible because the US NSA (National Security Agency) had created a cyber attack tool called EternalBlue based on a bug in Microsoft software. The NSA could have chosen to communicate the bug so that Microsoft would fix it in their Windows products. Users would have been in a more secure place. But the NSA decided not to. They decided to keep the information for themselves, putting users at risk.

The second issue is that the NSA has got the EternalBlue tool stolen from them. Hackers leveraged the EternalBlue tool to create the WannaCry ransomware. This proves that even the most funded US agencies can’t keep a secret secret. Microsoft’s Chief Legal Officer puts it squarely:

An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen.

At the same time, the same government officials are advocating that strong encryption should have “golden keys” that would be handed to government agencies. Those in possession of such golden keys could decrypt data easily. But we’ve seen over and over, and the WannaCry scandal is yet another proof, that the government cannot be trusted to keep such keys secret. Eventually the golden keys will become compromised, which means that so-called “strong encryption” will be weak. Computer security will be gone for ever. No more secure banking, no more trust in anything that relies on computers. In other words, the world’s economy will grind down to a halt.

Overall, the WannaCry cyber attacks proves one thing: we, as an industry, must stay strong and refuse compromises with regards to encryption strength. As an industry, we have to stand with strong encryption, because with great power comes great responsibilities.

Note

[1] Note that the quote is from Spiderman’s uncle Ben, not Spiderman himself.

14 Apr 2017

Benjamin Bayart on privacy, freedoms and democracy

We have invited Benjamin Bayart to talk about privacy, freedoms and democracy. Benjamin is known for his involvement in the Quadrature du Net, the “Exégètes Amateurs” and the French Data Network FDN, as well as the FDN Federation.

What is the relationship between targeted advertising, mass surveillance and a dictatorship? Why is there more lobbying in Brussels around personal data than around energy? How is it that the metadata are so “talkative” and how can it be even more complex than data? Here are all the questions Benjamin tackles, by showing an extraordinary pedagogy to explain why we need to regain control over our personal data and our digital devices.

We are really sorry for our anglophone readers, the video is only available in French.

Christophe presents the upcoming developments on My Accounts

Christophe Thiriot, developer at Cozy Cloud and maintainer of the My Accounts application (formerly Konnectors) introduces us to it. He also presents the various developments planned with the coming arrival of Cozy V3. What are they? Who is this application for? What can it bring to your daily  […]

Continue reading

M4dz introduces us to Cozy's Devtools

M4dz, front-end developer at Cozy Cloud, presents the various Cozy Devtools. Want to find out more about how we work? Do you want to help us? All the necessary information is unveiled in this video! We are really sorry for our anglophone readers, the video is only available in French.  […]

Continue reading

13 Apr 2017

Release of Cozy V3 Alpha! Aka the light at the end of the tunnel

1-onboarding_1.png

It’s a big moment here at Cozy Cloud, as we are launching the Alpha 3 version of our Cozy software. In itself, an Alpha version (pre-version of a still barely usable software) doesn’t generate a lot of excitement. However this launch is a special one for the Cozy community, insofar as it makes it  […]

Continue reading

- page 1 of 5