amuck-landowner

drmike

100% Tier-1 Gogent
Just when you thought it couldn't get any worse, well it did.

No mention about SSH and other "open" standards.

Bet you ass everything from Microsloth, Gaggle and Crapple are compromised from top to bottom.

I wonder how much more dirty ops money this trio and others are receiving annually from spook agencies?  Could it me that a very big chunk of their incomes is directly from government?  Possibly.
 
Last edited by a moderator:

jarland

The ocean is digital
NSA needs a powerful database leak, that's all. Dump everything, expose every single one of them and every single one of us. It's worth it. I'll donate money to that cause. I'd gladly have my private life zipped on media fire for anyone to download if they fall with me. I don't care about my privacy all that much, I care about my right to care about my privacy.
 
Last edited by a moderator:

KuJoe

Well-Known Member
Verified Provider
Wow, the NSA continues to impress me more and more. If I knew about this kind of stuff in high school my life would be completely different right now.
 

wdq

Quade
This really isn't too surprising, it's just something that I always hoped wouldn't be true. If you think about it, sending a letter to someone physically may be more secure than sending someone an encrypted email. 
 

wlanboy

Content Contributer
Every problem based on math just needs time - so we all knew that encryption can break. But having backdoor all around ... wow.

• A 10-year NSA program against encryption technologies made a breakthrough in 2010 which made "vast amounts" of data collected through internet cable taps newly "exploitable".

• The NSA spends $250m a year on a program which, among other goals, works with technology companies to "covertly influence" their product designs.
This really isn't too surprising, it's just something that I always hoped wouldn't be true. If you think about it, sending a letter to someone physically may be more secure than sending someone an encrypted email. 
No, all physically sent letters are automatically scanned.

If they pick one address - all mail is forwarded to a special basket. Even in the EU - so guaranteed in the US.
 

Shados

Professional Snake Miner
Just when you thought it couldn't get any worse, well it did.

No mention about SSH and other "open" standards.

Bet you ass everything from Microsloth, Gaggle and Crapple are compromised from top to bottom.

I wonder how much more dirty ops money this trio and others are receiving annually from spook agencies?  Could it me that a very big chunk of their incomes is directly from government?  Possibly.
Yeah, this is pretty much just reading as "encryption on closed-source or hosted solutions has government backdoors", but honestly that's to be expected. What competent spook agency wouldn't leverage large companies into covertly sabotaging their encryption methodologies? And NIST deliberately pushing weak standards also shouldn't be a surprise, given they are ultimately a government agency - you cannot expect them to be independent.

TL;DR: Rely on open-source, internationally recognized encryption technology.
 

drmike

100% Tier-1 Gogent
This really isn't too surprising, it's just something that I always hoped wouldn't be true. If you think about it, sending a letter to someone physically may be more secure than sending someone an encrypted email. 
Well, that's not true to some extent in the US.

For a decade or better the US Postal service has been scanning every parcel and piece of mail.  All those images have been indexed and intelligence made of them. Has been used to mine for all sorts of clues about people.

No, they don't open the envelope and scan it, but still, depending on package might be some revealing info you wouldn't want correlated to you personally.
 

stim

New Member
Unsurprising but still a wake-up call. It's bound to trigger innovation in more secure systems, which surely is a good thing.

I suspect that further revelations will show how corporate espionage on this scale is being used to manipulate the markets. In the end, this only damages business trust, and economic repercussions are guaranteed.

To suggest that these programs are only targeted at catching 'terrorists 'is truly laughable. NSA operatives have been caught spying on ex-lovers and family members - to the extent that there is an official term for such behaviour - LOVEINT. Hundreds of thousands of people have ghost access to these tools. There seems to be no oversight whatsoever.

It would appear that the Legislators are either technically ignorant, or willfully tramping on our Human Rights.
 
Last edited by a moderator:

drmike

100% Tier-1 Gogent
TrueCrypt is a wildcard since the developer(s) have been uber secretive.

Unsure if it is a honeypot or not.
 

kaniini

Beware the bunny-rabbit!
Verified Provider
Yeah, this is pretty much just reading as "encryption on closed-source or hosted solutions has government backdoors", but honestly that's to be expected. What competent spook agency wouldn't leverage large companies into covertly sabotaging their encryption methodologies? And NIST deliberately pushing weak standards also shouldn't be a surprise, given they are ultimately a government agency - you cannot expect them to be independent.

TL;DR: Rely on open-source, internationally recognized encryption technology.
Actually, the malarkey with Dual_EC_PRNG was forced through NIST process by the NSA.  NIST was given the reigns of standardization of crypto after the DES stuff was found to be intentionally weak, and the AES process was well-executed.

Beyond that, NIST does not recommend use of Dual_EC_PRNG, they just publish the specification because they were strongarmed by NSA into doing it.

NIST really isn't the problem here...
 

patz

New Member
According to this,

Cryptography itself has not been breached....
The security services have not broken cryptography, they have been subverting commercial cryptography products to be defective...
I wonder if these and other statements in the article are true.

 
 
Top
amuck-landowner