Slashdot Mirror
NSA Targeted 'The Two Leading' Encryption Chips (theintercept.com)
Advocatus Diaboli sends a report from Glenn Greenwald at The Intercept about the NSA's efforts to subvert encryption. Back in 2013, several major publications reported that the NSA was able to crack encryption surrounding commerce and banking systems. Their reports did not identify which specific technology was affected. The recent backdoor found in Juniper systems has caused the journalists involved to un-redact a particular passage from the Snowden documents indicating the NSA targeted the "two leading encryption chips" in their attempts to compromise encryption.
Quoting:
The reference to "the two leading encryption chips" provides some hints, but no definitive proof, as to which ones were successfully targeted. Matthew Green, a cryptography expert at Johns Hopkins, declined to speculate on which companies this might reference. But he said that "the damage has already been done. From what I've heard, many foreign purchasers have already begun to look at all U.S.-manufactured encryption technology with a much more skeptical eye as a result of what the NSA has done. That's too bad, because I suspect only a minority of products have been compromised this way."
Good on them. That's their job. They succeed. There was a time at Slashdot when we would be congratulating the NSA for doing this stuff.
Then the Snowden tards came...
It's only cheating if you get caught. Now the NSA has to deal with the blowback for daring greatly.
Is for sure a compromised system on a chip. Intel ME is a ring-0 backdoor.
So assume Snowden never existed.
Who here is shocked that a government agency whose job it is to FUCKING BREAK CRYPTOGRAPHY would target products that people actually use for cryptography?
This isn't news. This is stating that water is wet with a clickbait conspiracy spin to sucker in the usual crowd.
Remember the big scare a while back about backdoors in Huawei network switches and routers? Looks like we weren't that far behind.
Use a one time pad.
Not just encryption, but pretty much any US created technology ... cloud services or anything else.
If the US has made their technology companies part of their spy apparatus, then who the hell would trust a US technology company? You simply can't.
So don't go all boo-hoo that people are looking at your products with some skepticism they can trust you when you created the situation in which they can't trust you.
Anybody outside of the US has no choice but to look at US technologies and ask "given that it's almost certain they're under the thumb of the NSA, what are my alternatives?"
You can't have it both ways. And you don't get to whine if people stop buying your products because they can't trust you anymore.
Lost at C:>. Found at C.
I think it's more because of the NSA, CIA, etc and the general feeling we get from the U.S.A. that we cannot trust anything you do, period.
Signed,
the rest of the world.
These backdoors are starting to feel more like goatse with every disclosure.
The failure is applying it FAR too broadly and in domestic surveillance which they are specifically prohibited by law from performing.
The Russian and Chin versions are also targeting these chipsets. However the USAian idiots on /. will not complain about this because they only hate their own country. The NSA is doing God's work. Get this you brain dead liberals: It is a dangerous world. Russia and Chinese officials want you dead. The only thing protecting you is an overbearing military and NSA spying apparatus.
Why is it that liberals always complain about GITMO when they do nothing about the prisons in their own country. Sure innocents get locked up in GITMO, but you are 10x more likely to be innocent and get locked up in you own country if you do not have enough money for a high priced lawyer. The thing that characterizes a democratic state is high prison incarceration rates. The limousine liberals who own stock in the prison corporations of America are making shit tons of money off of dumb poor people who fall through the cracks to enrich the share holder value of the prison system. The problem is not GITMO, it is not the NSA. It is for profit law enforcement that will kill someone for selling cigarettes illegally on the state of NY's territory while ignoring the drug dealers that are paying their tribute to the democratic political apparatus. The difference between the USA, and the rest of the world is that the USA is the only country that has politicians that actively try to undermine it's own citizens (eg lottery) . I wish we had a President that said, 'yea we spy, and will continue to spy. We will use every dirty trick and subterfuge to advance the USA and undermine our enemies. ' However this is not the case. We have a pres who hate his own subjects and will lock them up for not paying the political tribute that is demanded of them. The citizens of the USA should want the NSA to spy on everything and anything. USAian citizens should not want law enforcement to spy on everyone. Law enforcement's job is to keep the prisons full and the politicians rich. The NSA's job is to advance the interest of the USA. Law enforcement protects and serves the media moguls and politically connected. The NSA protects the citizens of the formally sovereign state residing in the middle of North America.
Now if I were a citizen of Russia or China, I would be up in arms about NSA spying. However for right or wrong I am a citizen of the USA. I have to support my own team, because I know the other team does not give a fuck about me, nor should it.
INTEL SKYLAKE
"From what I've heard, many foreign purchasers have already begun to look at all U.S.-manufactured encryption technology with a much more skeptical eye as a result of what the NSA has done. That's too bad, because TECHNOLOGY FROM OTHER COUNTRIES IS ABSOLUTELY *NOT* ANY SAFER, and certain other countries have, you know ACTUALLY killed activists for actions that would be, without question, protected by US free speech rights even if the US government happened to have been able to access some of the encrypted data."
It was time for some more NSA red-meat to rile up the rabid /. base
*BSD but FreeBSD Networkingy test. endless conflict tired arguments
More interesting is the claim that they "reach full capability for SIGINT access to a major Internet peer-to-peer and text communications system." That means Skype to me. My guess is the VPN chips mentioned are the Broadcom 53xx chips that were widely used around that time.
When you have a 55-gallon drum of sewage with a teaspoon of pure water in it, you have a 55-gallon drum of sewage.
When you have a 55-gallon drum of pure water with a teaspoon of sewage in it, you have a 55-gallon drum of sewage.
Purposeful, nonconsensual, warrantless, bit manipulation of a private computer, located inside a home (or other constitutionally protected zone of privacy) within the United States is very likely a clear civil rights violation.
Should this become provable, the NSA won't be able to stay out of Federal Court.
I would like to trust the NSA (I really would), but J. Edgar Hoover.
Fool me once....
TPM and?
With the way America behaves, I don't see how US hardware is even an option for corporate entities. The post WW2 plunder of European technology, and attempts to control and dominate the foreign policies of other countries, should offer sufficient evidence.
If there were even some attempt to prosecute those responsible for the criminality within the US regime, then there might be some belief that there was anything other than malicious intent, but there isn't.
CYRIX 6X86
We are also due for SJW post.
love is just extroverted narcissism
Fall back to one time pads for your embassies. No more huge networks chattering on crypto hardware from "trusted" fast, imported brands that seem to work for every other embassy. The big foreign brands are selling out your networking to competing nations every decade. Reduce the imports and use of any systems that report back to other nations by default as designed, as sold, as installed.
Great for interacting with tourists but dont put the entire nations secrets on foreign systems.
Have staff fly back home and talk in secure vaults and start using a constant flow of embassy staff. Stay away from anything sold as "networked" and "cryptographic" at low prices by competing nations.
Learn to fab your own chips. Create your own compilers. Work on programming languages and cryptography over a new generation of students. Teach all the mistakes of trusting imported crypto, chips, systems, networks. The chips created will be slow, hot, not very efficient but they will be your chips and your nations designers will understand every aspect of them.
Hold meetings about long term issues and international bids/trade, in person in suitable vaults. Stop using imported computer equipment to set and create policy on before its in public and final.
Use imported digital networks and the imported brands to flood other nations security services with crafted, long term disinformation.
Set up entire departments just to create shadow flows of expected information. Some advanced nations only have digital collection as the entirety of their clandestine services. So spread some interesting news in the expensive junk hardware.
We aware of staff going to other nations and returning with a huge shopping list of hardware and software for international integration and cooperation.
The same staff will then have to go on training or refresher courses, conferences and meetings with foreign manufacturer. The friendships, lifestyle are a form of been handled and turned. Use such contacts for long term disinformation by trusted staff over decades.
Harden networks between mil, gov, banking sites with more human contact and less chatter on fully imported digital "crypto" networks.
Use number station like efforts in world wide digital radio to pass out messages rather that per person contact on the internet.
If all that is too hard or expensive, just stop the staff chatter on sensitive national topics on fully imported crypto and networks.
All the news about trapdoors and backdoors is nothing new. France suffered total collection of its embassy codes by the US and GCHQ in the after WW2 into 1950's. Why? Their crypto was weak and their hardware was well understood by the crypto staff working for the US and UK.
Domestic spying is now "Benign Information Gathering"
if u want security:
pencil
one sheet of edible paper at a time on a glass surface
clean glass when done
always have a way to dispose of the paper
Social justice, how terrible. Geez Americans are fucked in the head.
"Trust but verify." The ability to verify, usually referred to as transparency, is necessary for the establishment of trust. Anything you cannot understand or verify is not trustworthy. You may be forced by circumstances to "trust" it, but if it says "no user serviceable parts inside," the trust is hollow
At this point it's full on "Dis-Trust and Verify" for me.
I'd mod you up, but the patriarchy has all the mods points today.
https://www.eff.org/https-everywhere