Posts Tagged NSA

RSA Product Weakened by NSA

Posted by Brian in News, Threat Watch on 25/Sep/2013 12:58

From The Guardian:

RSA, the security arm of the storage company EMC, sent an email to customers telling them that the default random number generator in a toolkit for developers used a weak formula, and they should switch to one of the other formulas in the product.

, , , ,

No Comments

Did the NSA Build a Backdoor into U.S. Crypto?

Posted by Gary in Comms, News, Threat Watch on 24/Sep/2013 13:37

From: Threat Level

… The talk was only nine slides long (.pdf). But those nine slides were potentially dynamite. They laid out a case showing that a new encryption standard, given a stamp of approval by the U.S. government, possessed a glaring weakness that made an algorithm in it susceptible to cracking. But the weakness they described wasn’t just an average vulnerability, it had the kind of properties one would want if one were intentionally inserting a backdoor to make the algorithm susceptible to cracking by design.

more

, , , ,

No Comments

NSA May Have Impersonated Google

Posted by Brian in Comms, Law, News on 13/Sep/2013 14:00

From Cnet.com:

Earlier this week, Techdirt picked up on a passing mention in a Brazilian news story and a Slate article to point out that the US National Security Agency had apparently impersonated Google on at least one occasion to gather data on people. (Mother Jones subsequently pointed out Techdirt’s point-out.)

A technique commonly used by hackers, a MITM attack involves using a fake security certificate to pose as a legitimate Web service, bypass browser security settings, and then intercept data that an unsuspecting person is sending to that service. Hackers could, for example, pose as a banking Web site and steal passwords.

, , , , , , , ,

No Comments

Silent Circle Comments on the NSA

Posted by Brian in Law, News on 12/Sep/2013 13:46

Here is an excerpt of Silent Circle’s  editorial from their company blog:

We at Silent Circle believe these revelations and disclosures are some of the best things that could happen to the technology sector. In fact, the battle for your digital soul has turned strongly towards Privacy’s corner because we now know what we are up against. We are beginning to define the capabilities and tactics of the world’s surveillance machine. Before all of this -we speculated, guessed and hypothesized that it was bad –we were all way off. It’s horrendous. It’s Orwell’s 1984 on steroids. It doesn’t matter –we will win the war.

, , , , , , , ,

No Comments

The NSA and the Obama Administration

Posted by Brian in Comms, Law, News, Threat Watch on 11/Sep/2013 13:01

Just after the revelations about the NSA’s encryption-breaking abilities, there is now a story that the Obama administration let the leash off the NSA in 2011. In the encryption story published by The Guardian, New York Times and Pro Publica there was an interesting nugget of information. The programs run by the NSA are named after Civil War battles. Does that mean that the NSA sees the American public as its enemy? I have no problem with the NSA doing what they do and focusing that effort outward but as soon as that capability is turned inward on our own citizens that is when we have a problem. There is that pesky Fourth Amendment to the Constitution that specifically prohibits looking at our “effects”:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Bruce Schneier, a security technologist, is now calling on engineers who work in the government or for companies that contract with the government to start blowing the whistle on these type of programs. This administration has a history of citing the dangers that certain citizens pose while ignoring the explicit threats from outside. Targeting Americans with these programs is unacceptable.

, , , , , , , , ,

No Comments

NRA and ACLU Join Forces to Fight NSA Spying Program

Posted by Brian in News, Threat Watch on 8/Sep/2013 08:59

From Reuters:

In a brief backing the American Civil Liberties Union’s lawsuit against senior U.S. government officials, the NRA said the collection of vast communications threatens privacy and could allow the government to create a registry of gun owners.

, , , , ,

No Comments

NSA Employing 35,000 to Break Encrypted Communications

Posted by Brian in Comms, News on 2/Sep/2013 12:42

From Wired.com:

The Post’s article doesn’t detail the “groundbreaking cryptanalytic capabilities” Clapper mentions, and there’s no elaboration in the portion of the document published by the paper. But the document shows that 21 percent of the intelligence budget — around $11 billion — is dedicated to the Consolidated Cryptologic Program that staffs 35,000 employees in the NSA and the armed forces.

, , , , , ,

No Comments

US Government Resorting to Mob Tactics

Posted by Brian in Law, News on 26/Aug/2013 08:17

According to Reason.com the owner of the Lavabit email service has been threatened with arrest for shutting down the service rather than cooperate with the government.

, , , , , ,

No Comments

Silent Circle Can’t Guarantee Customers’ Privacy From NSA

Posted by Brian in Comms, News, Threat Watch on 10/Aug/2013 13:42

From Tech Crunch:

“We knew USG would come after us”. That’s why Silent Circle CEO Michael Janke tells TechCrunch his company shut down its Silent Mail encrypted email service. It hadn’t been told to provide data to the government, but after Lavabit shut down today rather than be “complicit” with NSA spying, Silent Circle told customers it has killed off Silent Mail rather than risk their privacy.

Full press release from Silent Circle.

What Silent Circle does:

, , , , , , , , , ,

No Comments

NSA Targeted TOR Network With Malware

Posted by Brian in Comms, News, Threat Watch on 8/Aug/2013 13:06

From BoingBoing.net:

Initial investigations traced the address to defense contractor SAIC, which provides a wide range of information technology and C4ISR (Command, Control, Communications, Computers, Intelligence, Surveillance, and Reconnaissance) support to the Department of Defense. The geolocation of the IP address corresponds to an SAIC facility in Arlington, Virginia.

, , , , , , ,

No Comments

Keeping the NSA in Perspective

Posted by Brian in News, Threat Watch on 24/Jul/2013 08:21

Keeping the NSA in Perspective is republished with permission of Stratfor.”

By George Friedman

In June 1942, the bulk of the Japanese fleet sailed to seize the Island of Midway. Had Midway fallen, Pearl Harbor would have been at risk and U.S. submarines, unable to refuel at Midway, would have been much less effective. Most of all, the Japanese wanted to surprise the Americans and draw them into a naval battle they couldn’t win.

The Japanese fleet was vast. The Americans had two carriers intact in addition to one that was badly damaged. The United States had only one advantage: It had broken Japan’s naval code and thus knew a great deal of the country’s battle plan. In large part because of this cryptologic advantage, a handful of American ships devastated the Japanese fleet and changed the balance of power in the Pacific permanently. Read the rest of this entry »

, , , , , , , ,

No Comments

NSA Admits Spying On More People Than Previously Reported

Posted by Brian in Law, News, Threat Watch on 19/Jul/2013 13:39

From The Atlantic:

But Inglis’ statement was new. Analysts look “two or three hops” from terror suspects when evaluating terror activity, Inglis revealed. Previously, the limit of how surveillance was extended had been described as two hops. This meant that if the NSA were following a phone metadata or web trail from a terror suspect, it could also look at the calls from the people that suspect has spoken with—one hop. And then, the calls that second person had also spoken with—two hops. Terror suspect to person two to person three. Two hops. And now: A third hop.

, , , , , ,

No Comments

Obama Administration Sued By ACLU Over NSA Spying

Posted by Brian in Law, News on 18/Jun/2013 13:02

From New York Times:

The lawsuit could set up an eventual Supreme Court test. It could also focus attention on this disclosure amid the larger heap of top secret surveillance matters revealed by Edward J. Snowden, the former N.S.A. contractor who came forward Sunday to say he was their source.

, , , , , , , , , , ,

No Comments

Keeping The NSA Out of Your Life

Posted by Brian in Law, News on 18/Jun/2013 08:00

The Washington Post has a list of some things you can do to increase your security and make it harder for the government to keep tabs on you.

If recentreports are to be believed, the National Security Agency has broad powers to capture private information about Americans. They know who we’re calling, they have access to our Gmail messages and AOL Instant Messenger chats, and it’s a safe bet that they have other interception capabilities that haven’t been publicly disclosed. Indeed, most mainstream communications technologies are vulnerable to government eavesdropping.

Here is an explanation of TOR, software that allows anonymous browsing on the internet:

, , , , , , , ,

No Comments

Congress Renews Warrantless Spying

Posted by Brian in Law, News, Threat Watch on 12/Jan/2013 15:29

From the EFF:

The common-sense amendments the Senate hastily rejected were modest in scope and written with the utmost deference to national security concerns. The Senate had months to consider them, but waited until four days before the law was to expire to bring them to the floor, and then used the contrived time crunch to stifle any chances of them passing.

, , , , , ,

No Comments