NEW YORK — A former New York City police officer whose bizarre online exchanges about kidnapping and eating women landed him behind bars and earned him tabloid infamy as the “cannibal cop” was sentenced to time served on Wednesday after telling a judge that the women were “never in danger.”
Gilberto Valle had faced a possible life term after his 2013 conviction for kidnapping conspiracy. But U.S. District Judge Paul Gardephe threw out the jury’s guilty verdict earlier this year, clearing the way for Valle to be sentenced on a misdemeanor charge of using a restricted law enforcement database to secretly look up personal information about women he knew.
“I just hope they know they were never in danger,” Valle said. “I would never do the things I talked about on the Internet — never.”
Recently, Verizon was caught tampering with its customer’s web requests to inject a tracking super-cookie. Another network-tampering threat to user safety has come to light from other providers: email encryption downgrade attacks. In recent months, researchers have reported ISPs in the US and Thailand intercepting their customers’ data to strip a security flag—called STARTTLS—from email traffic. The STARTTLS flag is an essential security and privacy protection used by an email server to request encryption when talking to another server or client.1
By stripping out this flag, these ISPs prevent the email servers from successfully encrypting their conversation, and by default the servers will proceed to send email unencrypted. Some firewalls, including Cisco’s PIX/ASA firewall do this in order to monitor for spam originating from within their network and prevent it from being sent. Unfortunately, this causes collateral damage: the sending server will proceed to transmit plaintext email over the public Internet, where it is subject to eavesdropping and interception.
This type of STARTTLS stripping attack has mostly gone unnoticed because it tends to be applied to residential networks, where it is uncommon to run an email server2. STARTTLS was also relatively uncommon until late 2013, when EFF started rating companies on whether they used it. Since then, many of the biggest email providers implemented STARTTLS to protect their customers. We continue to strongly encourage all providers to implement STARTTLS for both outbound and inbound email. Google’s Safer email transparency report and starttls.info are good resources for checking whether a particular provider does.
Several Standards for Email Encryption
The SMTP protocol, the underpinning of email, was not originally designed with security in mind. But people quickly started using it for everything from shopping lists and love letters to medical advice and investigative reporting, and soon realized their mail needed to be protected from prying eyes. In 1991, Phil Zimmerman implemented PGP, an end-to-end email encryption protocol that is still in use today. Adoption of PGP has been slow because of its highly technical interface and difficult key management. S/MIME, with similar properties as PGP, was developed in 1995. And in 2002, STARTTLS for email was defined by RFC 3207.
While PGP and S/MIME are end-to-end encryption, STARTTLS is server-to-server. That means that the body of an email protected with, e.g. PGP, can only be read by its intended recipient, while email protected with STARTTLS can be read by the owners of the sending server and the recipient server, plus anyone else who hacks or subpoenas access to those servers. However, STARTTLS has three big advantages: First, it protects important metadata (subject lines and To:/From/CC: fields) that PGP and S/MIME do not. Second, mail server operators can implement STARTTLS without requiring users to change their behavior at all. And third, a well-configured email server with STARTTLS can provide Forward Secrecy for emails. The two technologies are entirely compatible and reinforce each other. The most secure and private approach is to use PGP or S/MIME with a mail service that uses STARTTLS for server-to-server communication.
There are several weak points in the STARTTLS protocol, however. The first weakness is that the flag indicating that a server supports STARTTLS is not itself encrypted, and is therefore subject to tampering, which can prevent that server from establishing an encrypted connection. That type of tampering is exactly what we see today. EFF is working on a set of improvements to STARTTLS, called STARTTLS Everywhere, that will make server-to-server encryption more robust by requiring encryption for servers that are already known to support it.
It is important that ISPs immediately stop this unauthorized removal of their customers’ security measures. ISPs act as trusted gateways to the global Internet and it is a violation of that trust to intercept or modify client traffic, regardless of what protocol their customers are using. It is a double violation when such modification disables security measures their customers use to protect themselves.
Update: the footnote in an earlier version of this post incorrectly described port 587 as “TLS-wrapped.”
1. If you have netcat (nc) installed, you can test your connection for STARTTLS downgrades using the commands shown here.
2. Desktop email clients like Thunderbird generally send outbound email on a different port, 465 or 587, and may not be commonly affected. But there are some exceptions, like the software used by the Golden Frog engineer who spotted an issue on AIO Wireless.
According to new FBI statistics released this week, violent crime rates in the US fell over 4% in the past year alone, bringing the amount of violent crimes lower than it has been in nearly 40 years. The statistics showed that there were an estimated 1.16 million violent crimes in the year of 2013, which is the lowest number since 1978, when 1.09 million were recorded.
Broken down, the report revealed that manslaughter dropped by 4.4% to 14,196, the lowest rate since 1968, while instances of rape were down 6.3%. Despite the tough economic times, robbery is also down by 2.8% and property crimes were down by 4.1%.
Don’t trust everything you read on the Internet—especially when it comes to op-eds decrying the value of net neutrality.
Time and the Wall Street Journal both published opinion stories this week from people who oppose strong net neutrality protections—without disclosing that each of them did or do receive money from Internet service providers.
This appears to be glaring evidence of corporate astroturfing—the idea that Internet providers are secretly filtering their opinions to the public, a practice ISPs have been repeatedly accused of.
Law-abiding Californians may not need to justify their need to carry concealed weapons, after the same three-judge panel that struck down restrictions on the permits earlier this year ruled Wednesday that it is too late for new opponents to join the fight against the ruling.
The decision by the 9th U.S. Circuit Court of Appeals would bar other law enforcement officials, including state Attorney General Kamala Harris, from appealing its ruling in a case originally brought by an independent journalist who sued the San Diego County Sheriff’s Department over its policy of requiring a specific reason for being allowed to carry a concealed weapon in public.
In this video Luke Rudkowski travels to the U.K to learn about a horrible situation with social services taking away children from parents. The parents in this case are Bhupeshkumar Navinchandra Patel and they explain in detail what they had to go through.
Jeff interviews Dan Dicks independent journalist for Press for Truth, topics include: Canada’s growing nationalism and militarism, the North American Union, terrorist threat used to grow state controls, false flag attacks, the importance of unbiased journalism, internet media, old media dying, joining the fight against the new world order, Luke Rudkowski, Anarchapulco media workshop…
Gun sales in Ferguson and surrounding areas have increased by 50 percent in recent weeks, as residents and law enforcement alike prepare for what might come from the grand jury’s ruling of Darren Wilson, the police officer who shot teenage Michael Brown.
“So maybe I get trapped here or something and have to have a John Wayne shootout,” said Dan McMullen, the owner of an insurance agency located near the site of the August shooting death of Brown, 18, CNNreported. “That’s the silly part about it: Is that going to happen? Not a chance. But I guess, could it? I’m the only white person here.”
Metro Shooting Supplies owner Steven King said that gun sales over the weekend skyrocketed from 30 to about 100, and that fear is the driving factor for the purchases.
More than two years ago, the IRS used a controversial policy known as civil forfeiture to empty the bank account of a small business owned by three Long Island brothers.The brothers, Jeff, Mitch, and Rich Hirsch, haven’t even been charged with a crime.
But the IRS is holding their $446,651 hostage while they struggle to run their convenience-store distribution business without that cash.”We’re very angry about this,” Jeff, 55, said recently over the phone. “I think it’s wrong, especially when you do nothing wrong, and you can prove you’ve done nothing wrong, and they still have your money.”The process of civil forfeiture allows the government — often police, but in this case, the IRS — to seize money thought to have been obtained illegally.
Families of the victims of the Sept. 11 attacks today celebrated a federal court’s ruling that allows relatives of people who died in the 9/11 terror attacks to sue Saudi Arabia.
Most of the hijackers who attacked the World Trade Center and the Pentagon in 2001 were from Saudi Arabia, and the complaint states that much of the funding for the al-Qaeda terrorists came from Saudi Arabia.
An attempt to Saudi Arabia in 2002 was blocked by a federal court ruling that said the kingdom had sovereign immunity. That ruling was reversed Thursday by a three-judge federal panel.
New York City, the marijuana arrest capital of the world, is reportedly poised to pull back its longstanding, controversial policy regarding marijuana arrests and make possession of small amounts just a ticketable offense.
NEW YORK — The New York Police Department, the largest and most influential police force in the United States, is reportedly set to reform one of its most controversial street tactics in minority neighborhoods: busting those found with small amounts of pot.
For nearly two decades, New York City has been the marijuana arrest capital of the world, booking hundreds of thousands of people – the vast majority of them black and Latino young men – and charging them with felony-level crimes for possessing small amounts of the drug.