The security services are stripping us of basic Internet security

Posted in the Laval Forum

Since: Dec 12

Montréal, Canada

#1 Oct 20, 2013
Open Rights Group International - The latest revelations from the Guardian give good evidence of why they have recently been the target of government harassment, and also why this is entirely unjustified.

Their reports of NSA and GCHQ attacks on fundamental Internet security really matter. These are the basics of trust on the Internet; they are the reason you trust your bank, your credit card payments or Virtual Private Networks not to leak this information to criminals, blackmailers or governments.

Thus the real impact will not just be about security, it is about economics.

Of course we all expect for NSA/GCHQ to try to break encryption systems from time to time, it's their job. The problems arise when they make us all vulnerable as a result.
From the Guardian article, it appears they use threats and secret orders given to commercial companies to insert backdoors that must now undermine our trust in very common software products. They covertly insert vulnerabilities that weaken security of technical systems for everyone, not just their targets.

The idea that this won't be abused by yet unknown parties can only be naïve optimism, plain stupidity or complete disregard for anything other than the NSA and GCHQ's mission.

How it works
This isn't about breaking the maths - at least not usually - it's about exploiting the 'joins' between the pieces of software, introducing flaws in the implementation of cryptology, and more general 'backdoors' to the communications, which don't rely on the cryptology. Schneier gives some good examples.

Basically, the NSA asks companies to subtly change their products in undetectable ways: making the random number generator less random, leaking the key somehow, adding a common exponent to a public-key exchange protocol, and so on. If the back door is discovered, it's explained away as a mistake

The agencies seem to be doing this directly with companies and standards bodies, on a very wide basis. Many of the exploits are better thought of as exploiting software vulnerabilities.

Thus their strategy relies on people trusting big companies, or not paying attention to the work of standards bodies choosing security protocols.

READ FULL ARTICLE:
https://www.openrightsgroup.org/blog/2013/the...

Tell me when this thread is updated:

Subscribe Now Add to my Tracker

Add your comments below

Characters left: 4000

Please note by submitting this form you acknowledge that you have read the Terms of Service and the comment you are posting is in compliance with such terms. Be polite. Inappropriate posts may be removed by the moderator. Send us your feedback.

Laval Discussions

Title Updated Last By Comments
News Comments { 0 } Apr 29 kulo 1
News BMO bogus $100 bills - customer worried she won... Jan '15 Intelligence 1
QVF Group Fraud Investigators Civil Risk Manage... Dec '14 leighphe 1
Polar Bear Air Conditioning & Heating, Inc on I... Dec '14 leighphe 1
News Take a Boeing 737 for a spin at the AeroSim Exp... (Nov '14) Nov '14 Andre 1
Wholesale Medical Marijuana supplier (Oct '14) Oct '14 good supplier 1
Hass & Associates Online Reviews: Er det pa tid... (Aug '14) Aug '14 xenahelios22 1
More from around the web