Reminder: We’re meeting in Columbus on Wednesday

Reminder: We’re meeting in Columbus on Wednesday

I’ll be in Columbus, Ohio, on Wednesday, August 10, to hold a night of pitches and open mic shenanigans so bring your guitar and pitch deck. The event will be at O’Toole’s 4796 W Broad St, right off I-270.

We’ll start at 7 p.m. sharp with pitches, so get there after work. And at 8 p.m. we’ll have an open stage with live music – I’m going to play with my friend Rick so bring your phones – and networking.

Want to pitch? Fill out this form and I’ll pick 8 companies to pitch on stage. First prize is a table at Disrupt in SF, and two other teams will receive tickets to the event.

We could also use a few sponsors for beer and what not. Get in touch if you’re interested. Also if you can think of any cool people who’d like to be judges, please let me know at john@techcrunch.com.

Special thanks to the folks at Kinsta for grabbing the first round of beers!

I’ll see you all next week!

Featured Image: Larry Knupp/Shutterstock
Source: TechCrunch

Let’s meet in Columbus, Ohio next week

Let’s meet in Columbus, Ohio next week

This is going to be fun. I’ll be in Columbus, Ohio next week, Wednesday, August 10, and I’ll be holding a night of pitches and open mic shenanigans so bring your guitar. The event will be at O’Toole’s 4796 W Broad St, right off I-270. We’ll start at 7pm sharp with pitches so get there after work and at 8pm we’ll have an open stage with live music – I’m going to play with my friend Rick so bring your phones – and networking.

Want to pitch?
Fill out this form and I’ll pick 8 companies to pitch on stage. First prize is a table at Disrupt in SF and two other teams will receive tickets to the event.

We could also use a few sponsors for beer and what not. Get in touch if you’re interested. Also if you can think of any cool people who’d like to be judges please let me know at john@techcrunch.com.

I’ll see you all next week!

Image By Wiki Historian N OH at English Wikipedia, CC BY-SA 3.0

Source: TechCrunch

The new age of empathy

The new age of empathy

I’ve been rolling past videos on Facebook and Twitter for a while now, wondering why social media is so fascinated by puppies being saved from floods, babies hearing for the first time, and grandmothers who have something sassy and wise to say about body acceptance. And, recently, I’ve come to realize what is going on.

Whether it seems like it or not we are entering a new age of empathy. Our nervous systems, once self-contained and controlled, have expanded on essentially a global scale and every twitch on some distant shore is felt in the grey matter between our eyes. Although the Internet is generally known as a cesspool of trolls and racism, it is also a way to connection to billions of people. On the Internet you can find others like you and others who like you. On the Internet you can talk to amazing artists as if you were friends and they talk back. On the Internet no one knows you’re a dog and if they knew they’d send an MP3 of a special ultrasonic whistle just for you.

Last week I addressed the fact that, on the surface, the Internet isn’t much fun. It’s full of anonymous trolls and angry rhetoric and the most inane ideas quickly gain a cult following thanks to exponentially growing Twitter accounts. In short, the Internet sucks.

But even in my grumpy state I notice I tear up at nice things in the news. I tear up at people talking forcefully about politics. I tear up at school shootings and refugee crises and little girls who get 3D-printed arms. I’m not ashamed of this fact but I was confused by it. Why was my nervous system so jacked up that everything had a real effect on me? What was going on?

The Internet is an emotion-generation machine. It sends a torrent of things at us, good and bad, and the hivemind bubbles the good things to the surface and buries the bad. This isn’t always the case, to be clear, but, most recently, I think the hivemind of social media is reacting to negative stimuli and building up defenses. I think the Internet, as a whole, is trying to show us we’re not all bad.

Before we start talking about SkyNet, perhaps there’s a biological answer to this odd behavior. First, we know that our brains are changed by Internet use. A study published in 2011 showed us that ” hat internet savvy middle-aged and older adults showed dramatically greater brain activity when searching online compared with age-matched ‘internet-naïve’ volunteers.”

“When these older naïve volunteers started searching online for an hour a day, after only one week their frontal lobe neural circuits showed significant activity increases during internet searching,” wrote the researchers. “Brains of any age seem sensitive and reactive to exposure to technology.”

Further, another study found that “going online had little impact upon empathy and improved face-to-face communication.” In other words, the Internet doesn’t rot your brain and can make it better.

In the market of ideas hate rarely wins. The best books, the books that stay with us, are tinged with both comedy and sorrow, humor and anger. We remember things that make us feel. The Internet, in its petulant and infantile glory, is slowly moving towards that ideal.

I want to think that humanity is getting better. This is objectively true. Our access to 24/7 media blows war and unrest all out of proportion to its real effects and we worry far too much about things that will never touch us. We live in constant fear of a world that has, in the words of futurist Ben Hammersley, become overrun with cafes, coffee, and croissants. Ask any Digital Nomad: you can interchangeably move from one country to the next and feel, if not at home, then safe enough to venture out for a soft drink.

In the end this new era of empathy might be an mirage, a calm before the dystopian storm. Or it could be a signpost aiming us forward, unto higher heights and better worlds. The answer is within us and how we choose to react in this moment. We are the ones who take the darkened hill and shout “Excelsior.” The Internet is the lantern in our hands.

Featured Image: PhotoAlto/Odilon Dimier/Getty Images

BrightWork launches to bring easy web app building for front end folks

BrightWork launches to bring easy web app building for front end folks

Front end folks and back end folks just can’t get together. The back end folks are always like “Node.js” and the front end folks are like “Node what?” and then there’s a fight and someone gets the hose and it just turns into a big mess. BrightWork, a TechStars Chicago company, has a solution.

Founded by former Twilio engineer Josh Carter and Nike developer Phil Taylor, the company has raised $200,000 so far to make it simple to deploy back end technology instantly.

“This was something both Phil and I struggled with in our own projects. We had been building applications for companies like Disney, Taco Bell, and Pabst Blue Ribbon. The issue was having to build the backend and microservices for every one of those solutions which ate away at our bottom line,” said Carter. “Phil had a very similar problem where he was having issues finding the best way to build a solution or infrastructure for a client that was much more agile. This problem resinated with both of us so we felt this was the right time to build Brightwork.”

Think of Brightwork as a series of scripts akin to the old Cpanel days. When you need particular API or service you simply press a button and everything is done for you. You then manage it from your front end and design your interface around the little chunks you’ve spun up. It’s very nerdy stuff but useful.

They have about 300 users on their waitlist and they’ve just launched.

“The product has been in the hands of a small select group of people who have been providing great feedback, but we knew we had to get this out to a broader audience if we were going to grow,” said Carter.

While back ends aren’t as sexy as front ends, it’s clear that having access to both creates a delicious hunk of back-end nougat enrobed in the finest front-end chocolate. The melding of the two, as you can imagine, sounds amazing. And you don’t have to bring out the hose.

Source: TechCrunch

Talking the future of education with Convergent Media founder Rob Anderson

Talking the future of education with Convergent Media founder Rob Anderson

This week on Technotopia I talk to Rob Anderson, founder of Convergent Media Group and a former founding team member at MTV Russia. Anderson has some interesting ideas on education and the necessity for a true way to assess and hire based on personality types and skills.

Anderson is constantly hiring for his media company and he’s looking forward to a future when we will all be working a few hours a week at jobs perfectly suited for our aptitudes. While personality is a bit difficult to pin down, talent and skill can be measured and you can be placed on an educational track the could make you more than happy. The mission, then, is the sci-fi-like notion that humans are not one-size-fits-all and that smarter systems will slot us into exactly the right place at the right time.

You can download the MP3 or subscribe to the podcast here.

<input type="hidden" name="fallback" value="

This embed is invalid

“/>

[embedded content]

Incidentally, if you’re looking for something a bit funnier and a lot raunchier (NSFW language), I’d encourage you to visit with Rich “Lowtax” Kyanka, founder of SomethingAwful. I didn’t get much about the future out of him but he was funny.

<input type="hidden" name="fallback" value="

This embed is invalid

“/>

[embedded content]
Source: TechCrunch

The Freewrite is the ultimate distraction-free writing tool

The Freewrite is the ultimate distraction-free writing tool

Writing on a computer is awful. Without discipline – in my case, at least – an effort to get out 1,000 words of non-fiction usually ends up consisting of thirty minutes of web browsing before writing, intermittent Facebook trips while tapping out a few hundred words, and a nice jaunt through Hacker News at the 750 word mark. I get the job done, but I know my brain isn’t doing its best work.

So what’s the solution? I’ve tried all of the distraction-free tools – OmmWriter, Scrivener, and I even bought a Alphasmart NEO to pull myself away from the computer. None of them really worked.

Then I got my hands on the Freewrite and found some real freedom.

The Freewrite looks like a little piece of hipster paradise. It is a mechanical keyboard connected to an E-ink screen and it has two honking big mechanical switches and a big, jolly power button. You have three draft “folders” – selected by the left arrow crank – and you can connect to Wi-Fi and upload your drafts to Freewrite’s service or almost any other file storage solution including Google Drive and Dropbox. There are no arrow keys and the assumption is that you turn it on, select a draft, and start writing. A small window under the main editing window shows the time, the time elapsed, or word count. It has a massive, clicky mechanical keyboard and it’s design specifically for writing.

Your text appears on a fast-refreshing E-ink screen. It lasts a few weeks on one charge via USB-C.
IMG_5822
It may look like a toy but the Freewrite is a serious writing machine. The fact that it is specifically designed to wean you off of distractions is massively important as a writer and I was able to begin a project quickly and I could foresee myself finishing a novel on this thing without much trouble and with a great deal of pleasure. The Freewrite enables a certain kind of, shall we say, violent writing. Because it has no filters your words can come out as a torrent. However, for serious writing you need to edit as you puke words onto the page. This is impossible with the Freewrite. It is designed primarily for the word excretion process and has no editing features. What you end up with is good if unedited copy, a simulacrum of what you used to get with a regular paper typewriter.

But we moved away from typewriters for a reason. Using computers gives you better, more readable copy faster, which is not a benefit if you’re trying to get your Zombie-fied satire of Remembrance of Things Past out the door before the end of NaWriMo but great if you’re trying to write a history paper or non-fiction tome. In that case, unless you have a powerful sense of the entire arc of your story, the Freewrite hobbles more than helps.

The Freewrite is also very big. It is 9×12 inches and about three inches thick – far bigger than any modern laptop. You can’t put this into your laptop back with your laptop. You have to choose. Thankfully it has a big handle on the back so you can lug it from cafe to cafe.
IMG_5826
What’s the bottom line? I could see myself writing a novel on one of these things. I actually did start one and found that the writing was more succinct and focused, a true benefit in an era of distractions. I wrote a bit of a horror novel on the Freewrite just to try it out and I found the lack of editing features quite freeing. I was able to scroll back and check on character facts as necessary but instead of skipping around I wrote in a sort of daze, one word in front of the other, until I hit my goal. It felt good. You’ll notice plenty of typos, however, and a few errors. The Freewrite assumes always that you will edit somewhere else.

<input type="hidden" name="fallback" value="

This embed is invalid

“/>

[embedded content]

Am I enough of a fan to abandon a computer for a Freewrite? Not completely, but it’s definitely a tool I would incorporate into my daily writing habit. The Freewrite costs $499. For that price you could buy a cheap computer or 40 nice notebooks. The decision you’re making when you bring the Freewrite into your writing life is whether or not you need – absolutely – the ability to sit in a flow state and just let words come out onto the e-ink screen. If you think you do – and I know I do – it’s a good investment and will truly help you get words onto paper (or hard drive). If you never find yourself distracted or don’t mind being distracted while writing fiction, the Freewrite would be just a toy that will make your writing less efficient if more focused. In the end the question remains: is your brain such a muddle that you need a standalone hardware device to keep us from clicking over to Facebook? If the answer to that question is “Yes” then the Freewrite is the ultimate solution to that age-old problem.

  1. IMG_5828

  2. IMG_5826

  3. IMG_5825

  4. IMG_5824

  5. IMG_5820

  6. IMG_5822

Source: TechCrunch

TSA key cracker Johnny Xmas tells us how to stay safe while traveling

TSA key cracker Johnny Xmas tells us how to stay safe while traveling

[embedded content]

A few days ago we reported that a group of hackers at the HOPE Conference in New York told the world that they had cloned the last TSA Master Key. These keys, which were leaked in a Washington Post article, are a bit of security theatre coupled with a lot of poor engineering. Xmas believes, however, that personal security is important and he wanted to tell us how they cracked the keys and how you can protect yourself in the future.

TC: What’s your goal in cracking these keys?
J: We’re trying to provide a tangible means of understanding the problems with entrusting 3rd parties with master keys we can’t revoke, such as happened recently with the Apple/FBI fiasco.

TC: Tell me about this project? Why did this final key take so long?

Johnny: We (with the help of several others) released CAD designs of the first 7 keys in mid-2015. Jenna’s article from The Intercept has some good general detail on that, specifically that those 7 were recreated from photos obtained via TravelSentry documents. Fun fact – the CAD of the TSA006 key is not complete, and thus nonfunctional because the key is of a type that requires much more information than a 2D photograph can provide. This was publicly discussed often by those involved, but glossed over by reporters.

The 8th key took much longer to figure out because it is not based off the Travel Sentry standard. It was designed by another company the TSA partnered with to design a lock/key standard: Safe Skies. You can see this notation on the lock in the cover photo you used on the article. To date, we have found no evidence that photographs of the Safe Skies master key have been discovered anywhere, or taken and leaked. As such, we had to reverse-engineer the key master key for this system.

TC: How did you crack it?

J: Long story short, Nite 0wl stumbled upon the Rosetta Stone of the Safe Skies system in the form of a TSA-approved combination lock. This combination lock had a keyway as well, but shipped with no key for the user. You may recall similar locks from High School or so, where you’d buy a combo lock from the bookstore, and it would have a keyway in the back of it for school administrators to be able to bypass the combination.

Removal and disassembly of this lock tumbler revealed something terrible: the keyway was not dual-pinned to support both a master key and a “user” key; it only supported one single key. Since all TSA-approved locks are required to comply with a master key, and this lock could only take a single key, could Safe Skies really have broken the cardinal rule of key escrow and actually used the master key as the ONLY key for a lock?

TC: How did you figure out the key configuration?
J: The process of filing down a key to fit a lock is fairly easy and straightforward (pending you can disassemble the lock, which we had done). Once the key for this lock had been devised, it was tried on various other Safe Skies locks and it was confirmed: this was, in fact, the missing Safe Skies Master Key. Work was then begun on the CAD design, which was much more straightforward now that exact measurements could be made directly from a physical key.

TC: You guys took umbrage when I suggested that luggage locks were pointless. Why?
J: While I understand the irony you were attempting to convey with your mention of luggage locks being pointless, it’s somewhat misplaced. While yes, using a TSA-approved padlock to lock your luggage is pointless now, it has actually always been pointless. We have yet to come across a TSA-approved padlock that didn’t border on worthless garbage as far as strength and general “pickability” goes. Note the 006-style of locks are actually very secure as far as ability to be picked, though I’ve only seen these in use as built-in locks on Rimowa luggage. On top of that, it seems very few people are aware that you are not required to use TSA locks on your luggage. You can use any lock you want, you just need to be aware that the TSA will cut it if they believe your luggage requires “enhanced screening.” Our good friend and longtime locksport pioneer Deviant Ollam likes to use famously insanely difficult to cut Abloy PL330 padlocks on his luggage. TSA often deems this not worth the hassle, though on at least on occasion his locks have been broken off by chaining them to the back of a truck.

This brings up another important matter: most luggage itself is worthless garbage, as far as security is concerned. Putting a lock on junk luggage is like locking a paper bag. So, yeah, if you’re luggage is junk, don’t bother locking it. And if you’re not going to bother locking it, stop putting your valuables in it. Keep them in your carry-on that every airline allows you to have for free. If there’s nothing valuable in there to begin with, then this entire conversation is moot.

[embedded content]
Source: TechCrunch

What’s this whole email thing about anyway?

What’s this whole email thing about anyway?

What do you know about the Clinton email scandal? If you’re anything like me, not much – yet! Let’s take a stroll into our political Swamp of Sadness where both parties are currently mired. One candidate became stuck there while trying to beat the dead horse of the Crooked Hillary meme and the other candidate is sinking simply because government email is just so damn crappy.

Ready, Atreyu?

What is an email server?

This is the primary question and the one that I suspect not many of us understand. An email server is a computer designed to send and receive email. It is not difficult to set up – anyone with some knowledge of Ubuntu can do it – but it is generally discouraged with the rise of cloud solutions like Google Apps and the endless updates and tweaks necessary to keep it secure are often daunting. If you’re not careful your email server can turn into a spam factory or hackers can crack your account and read your email. This is very common.

Currently most of us have two email addresses, one for work and one on a service like Gmail. The Clintons have their own email system – Clintonemail.com – and it runs on Microsoft Exchange Server 2010. You can visit the server here. There are a few other domains associated with the Clintons as well but she primarily used the ClintonEmail.com domain on her Blackberry.

Screen Shot 2016-07-28 at 4.56.20 PM

Why would you want your own?

You would want your own mail server if you didn’t like the one someone made you use. You’d also want your own if you want complete control of your email from stem to stern. Both of these things are true in the Clintons’ case.

The initial impetus for the private server came in 2009 when Clinton and her friends wanted to use Blackberries for communicating with each other and for reading, presumably, State Department mail. There was no practical solution for Clinton to check her email on the go as the system required a secure laptop to connect to secure government servers. Therefore she relegated secure email to a standalone, secure laptop and used her own email address for correspondence with her staff.

In fact, Clinton and her staffers complained about the government email system in 2011. A Anne-Marie Slaughter, former director ofthe State Department of policy planning wrote:

I’m sure you’ve thought of this, but it would be a great time for someone inside or outside to make a statement/ write an op-ed that points out that State’s technology is so antiquated that NO ONE uses a State-issued laptop and even high officials routinely end up using their home email accounts to be able to get their work done quickly and effectively. Further cuts to State’s budget just makes matters much much worse. We actually need more funds to significantly upgrade our technology.

560c50821b00002f00dfe050

A solution was proposed wherein Clinton could set up a server to forward secure email from her office but this was too difficult and Clinton balked. Ultimately she continued to use her Blackberry after being warned by security personnel that it was unsafe. This means she may have sent an email regarding State Department business using her Blackberry. Coincidentally, the FBI found that the ClintonEmail email server contained eight top secret email chains and 36 secret email chains.

The desire to have a private email address is strong in government. House Oversight Committee Chairman Rep. Jason Chaffetz (R-UT) used his Gmail address on his official-looking super-cool-looking business cards. This is the same guy who wanted Clinton indicted for using her own server.

Why does Rep. Chaffetz get a pass? Check this out:

In light of intensified scrutiny on Clinton’s email practices, it seems a worthwhile question to answer: Why are members of agencies such as the State Department required to use government email accounts, while members of Congress are not?

The answer lies in federal open records laws — most of which don’t apply to Congress.

The Associated Press (AP) reported on this extensively last year, finding that members of Congress aren’t required to “use official email accounts, or to retain, archive or store their emails, while in office or after.” The Freedom of Information Act (FOIA) — the law that allows the public to request internal documents from government agencies — for example, does not cover members of Congress. Congress is also not subject to the Federal Records Act, which requires all federal agency employees to keep accurate records of their activities.

Federal agency employees, of course, include Clinton, who was found to have violated the Federal Records Act by using a private email server while serving as secretary of state.

The reason Congress is not subject to these rules, however, is because Congress makes its own rules. And Congress has never decided that it needs a law requiring its members to maintain records and make those records available to the public.

Clinton, as a Federal agency employee, works under different rules but she’s not alone in flouting the rules. Former Secretary of State Colin Powell, under the Bush administration, ran his own email server and later wiped it, saying of the files stored therein: “I don’t have any to turn over. I did not keep a cache of them. I did not print them off. I do not have thousands of pages somewhere in my personal files.”

Jeb Bush, while Governor of Florida, did the same thing:

The former governor conducted all his communication on his private Jeb@jeb.org account and turned over the hand-selected batch to the state archives when he left office. Absent from the stash are emails the governor deemed not relevant to the public record: those relating to politics, fundraising and personal matters while he was governor.

Finally in 2009 it was discovered that 22 million emails were deleted from a server run by the Republican National Committee called gwb43.com. Bush staffers including Karl Rove used this email domain – which stood for George W Bush, 43rd President – and the staffers wiped it when congress began to investigate the dismissals of the U.S. Attorneys. This “required the Bush administration to reveal that not all internal White House emails were available.”

So clearly there’s a precedent for this “extraordinary” behavior.

Why shouldn’t government employees have their own servers?

Running your own server could be a way for government officials to skirt the Freedom Of Information Act. This was a very pressing concern early on but it’s unclear if this was the true impetus. Because government email servers are managed and archived by the State Department they can be searched at will and a record of official business be kept. Clinton’s server couldn’t be audited in this way.

It’s also very dangerous to run your own server.

“Although the American people didn’t know about this, it’s almost certain that foreign intelligence agencies did, just as the NSA knows which Indian and Spanish officials use Gmail and Yahoo accounts,” ACLU technologist Chris Soghoian told Wired. “She’s not the first official to use private email and not the last. But there are serious security issue associated with these kinds of services…When you build your house outside the security fence, you’re on your own, and that’s what seems to have happened here.”

The biggest problem arose when it was discovered that to use the servers for government employees had to disable many of the features of their government email servers in order to receive email from the ClintonEmail domain. This included phishing programs that kept staffers from being scammed.

VcDzeQi

Were Clinton’s emails hacked? We don’t know although security experts believe that it could have been probed by China, South Korea, and Germany. After all Exchange Server is a Microsoft product. There’s bound to be a bug.

What is the current fuss about exactly?
MediaMatters describes the situation succicntly:

…after she took questions from the reporters yesterday about the email saga, the press focused in on the fact in reviewing her private emails, Clinton found roughly 60,000 messages. She handed over 30,000 to the State Department and determined the other 30,000 were personal in nature and disgarded them.

It’s these 30,000 “personal emails” that are creating a stir. The Trump camp is also suggesting that these emails probably contain classified information, that they could have been compromised, and that having your own email server while acting as Secretary of State is tantamount to treason. Luckily, precedent (see above) shows us otherwise.

What was the ultimate verdict?

FBI Director James Comey said that “Although there is evidence of potential violations of the statutes regarding the handling of classified information, our judgment is that no reasonable prosecutor would bring such a case. In looking back at our investigations into the mishandling or removal of classified information, we cannot find a case that would support bringing criminal charges on these facts.”

Clinton was “careless” but not criminal.

What about all these emails that Wikileaks just released?
There is a concurrent narrative spreading about a trove of emails release by Wikileaks. These emails came from DNC servers unconnected with the Clinton’s. That’s right: none of the recently released emails – which experts are blaming Russian intelligence for leaking – came from that Exchange Server we talked about above. Trump often conflates the two in public suggesting that the Russians or Chinese may have emails related specifically to the Clinton email server. This is still unclear and apparently Trump meant the suggestion as a fun joke.

So now what?
So now a few things should happen: the government should rework its email and security protocols to take into account a world beyond Blackberry. It should maintain records of government correspondence as stringently as banks are required to store their correspondence and it should ensure that the email system be up to date and usable. Knowing what I know about government tech services I suspect this will take longer than expected and there’s very little budget to upgrade everyone to iPhones and hardened Postfix. Until this happens, however, White House staffers will probably be checking their Gmail more than they check their secure mail.

Ultimately the FBI found that nothing was untoward in Clinton’s situation and while the decision to run her own server was reckless it was not unprecedented. This will not stop the Artax the beloved political horse from sinking into this particular political swamp but I hope this digest is helpful when arguing on Facebook.

Scuro’s titanium dive watch hits on all cylinders

Scuro’s titanium dive watch hits on all cylinders

As TC’s resident watch hound I like to try to find you all a few interesting crowdfunded timepieces. What’s important to me, however, is the quality and the uniqueness of the piece. That’s why I like the perfect storm of crowdfunded watch magic called the Scuro. It is a massive dive watch with a unique design, titanium case, and automatic movement. Plus you can get it for about $220.

b12a32e044909434032f028b83d0dccd_original

Scuro is taking an ultralight titanium case and sticking a Miyota 9015 automatic movement inside it. The watches, at 40mm across, are surprisingly beefy yet light enough not to bother you on the wrist. There is a crown at four o’clock and they stuck the date window at six. The fact that you’re getting a solid, bespoke piece for less than $300 is the real story, however, that that’s what particularly enamors me about this piece.

Dive watches are a dime a dozen to be sure. However, by playing with the standards – lume on the hands, the size and shape of the bezel, the style of band – you can create something unique. While you won’t be able to tell when the tide is coming in or figure out the time in Paris, this mechanical watch is well worth a second look if you’re into something other than the Apple Watch.

Scuro has almost hit its goal of $48,000 and they will ship next November.

69931cdd332831f2d63d75a8df3fd454_original

<input type="hidden" name="fallback" value="

This embed is invalid

“/>

[embedded content]
Source: TechCrunch

Security experts have cloned all seven TSA master keys

Security experts have cloned all seven TSA master keys

Key escrow — the process of keeping a set of keys for yourself “just in case” — has always been the U.S. government’s modus operandi when it comes to security. From the disastrous Clipper chip to today, the government has always wanted a back door into encryption and security. That plan backfired for the TSA.

The TSA, as you’ll remember, offers a set of screener-friendly locks. These locks use one of seven master keys that only the TSA can use — until 2014. In an article in The Washington Post, a reporter included a shot of all seven keys on a desk. It wasn’t long before nearly all the keys were made available for 3D printing and, last week, security researchers released the final key.

At last week’s HOPE Conference in New York, hackers calling themselves DarkSim905, Johnny Xmas, and Nite 0wl explained how — and why — they cracked the TSA keys.

“This was done by legally procuring actual locks, comparing the inner workings, and finding the common denominator. It’s a great metaphor for how weak encryption mechanisms are broken — gather enough data, find the pattern, then just ‘math’ out a universal key (or set of keys),” said Johnny Xmas. “What we’re doing here is literally cracking physical encryption, and I fear that metaphor isn’t going to be properly delivered to the public.”

The keys, should you be interested, are here and can be printed on a 3D printer.

The TSA, for their part, doesn’t care, telling The Intercept that “The reported ability to create keys for TSA-approved suitcase locks from a digital image does not create a threat to aviation security. These consumer products are ‘peace of mind’ devices, not part of TSA’s aviation security regime.”

In other words, you might as well not use locks at all.

Source: TechCrunch