>... , where Islamic terrorist groups that threaten the West have bases."
Yes, and regularly negotiate trade agreements with these terrorists, in this case for buying shrimps (the Buba Gump kind) as was the case for the spying here.
> But don't forget that big pharma, for all its problems still is the number one creator of new drugs. In 2012 alone, the U.S. government and private companies spent a combined $130 billion (PDF) on medical research."
That is not true. That research is done in universities often with taxpayer money and big pharma snaps it up for a song. Watch Big Bucks, Big Pharma https://www.youtube.com/watch?...https://www.youtube.com/watch?... or read Marcia Angell - The Truth About the Drug Companies,
Ben Goldacre - Bad Pharma - How Drug Companies Mislead Doctors and Harm Patients, Irving Kirsch The Emperor's New Drugs Exposed (SSRIs) and
Jacky Kaw - Big Pharma - Exposing the Global Health Industry Agenda.
> Users of Truecrypt should be extra careful of physical security of their systems to prevent investigators from gaining access to the contents of physical memory."
By investigators, do you mean government workers conducting industrial espionage?
I trust Bruce Schneider. If he's a sleeper agent, they've put in so much effort it would seem churlish not to use him.
And really, I'd use Blowfish ahead of any NSA encraption algorithm or LOL AES. If history has a sense of irony, China will pwn the entire US IT infrastructure using NSA backdoors.
WTF? News organisations can, but but bloggers or amateur astronomers can't? Can't use it for reports about other things? It's a shitty low resolution image anyway. Are they scared someone will write an best selling game around it? Usual institutional anti-fair use paranoia off something probably spawned from a public research grant anyway.
LOL all these "anonymous cowards" posting pro-government public relations. If they're tonguing government's balls why would they need anonymity? I smell government public relations all paid for with your taxpayer dollar.
> Snowden is a sellout who took what he had and likely ran to the highest bidder with the info.
Not a shred of evidence do you have. Now get a real fucking job, you piece of shit government shill.
Illegal contracts are unenforceable in court so there is no point even writing them down. Hilarious precedent when a bunch of highwaymen tried to sue each other over broken contract. Court hanged them all. Let us hope for same outcome with NSA and RSA Bonnie and Clueless.
RSA's official response is limp and evasive. It makes no mention of the $10M payment. Even the PR spokesliars couldn't turn this truck load of pig shit into a silk purse https://blogs.rsa.com/news-media-2/rsa-response/
> We made the decision to use Dual EC DRBG as the default in BSAFE toolkits in 2004, in the context of an industry-wide effort to develop newer, stronger methods of encryption. At that time, the NSA had a trusted role in the community-wide effort to strengthen, not weaken, encryption.
Then why did they have to pay you to use a 'good' algorithm? If all they had to do is convince you it was awesome that would have been enough. How fucking dumb do you think we are?
> This algorithm is only one of multiple choices available within BSAFE toolkits, and users have always been free to choose whichever one best suits their needs.
Fuck you, RSA. You made it the default, knowing most people would trust and use it for that reason. You fucking well know if one of the options was starred 'NSA paid us $10M to make this one the default' no one would have touched it. Remember the public suspicion when Microsoft's NSAKEY was discovered. Don't bullshit us that RSA didn't know about that.
> We continued using the algorithm as an option within BSAFE toolkits as it gained acceptance as a NIST standard and because of its value in FIPS compliance. When concern surfaced around the algorithm in 2007, we continued to rely upon NIST as the arbiter of that discussion.
Then you should have gone back to NSA and said "Hey look, you paid us $10M to use a flawed algorithm. You are supposedly experts in encryption. We aren't stupid. What the fuck are you trying to pull on us and our customers?"
And that's the scenario that assumes they *didn't* know.
> When NIST issued new guidance recommending no further use of this algorithm in September 2013, we adhered to that guidance, communicated that recommendation to customers and discussed the change openly in the media.
Fuck you. It was out in the open by then. You could hardly hide it them, and you still didn't warn your customers their data might have been compromised.
> RSA, as a security company, never divulges details of customer engagements,
Like $10M Bribes? Or agreements with one customer to fraudulently sell flawed software to other customers? I bet lawyers everywhere can smell big class actions off this one!
> but we also categorically state that we have never entered into any contract or engaged in any project with the intention of weakening RSAâ(TM)s products, or introducing potential âbackdoorsâ(TM) into our products for anyoneâ(TM)s use.
Oh fucking puleaze. "intention" is a bullshit cop out that means you did it but didn't fucking us over wasn't the primary reason. If that $10M was so clean, show us the contract and the minutes of meetings. If you don't, don't expect us to trust you. And if they don't exist even though this is all above board, why?
RSA is either incompetent or malicious. Either way it can't be trusted again. Security companies can't operate unless their customers trust them. RSA is dead.
What you are saying is incorrect. In the UK if I tell you a lie about someone, and you repeat it publicly, you can be sued for libel. The fault is yours for not verifying the damaging information before you published it. Merely printing a retraction isn't enough, because once the accusation is made it sticks in the public mind. Otherwise I can call you a pedo, and retract it later. It doesn't work that way. Sometimes a retraction might satisfy the defamed party, but if the damage is significant they can decide to sue you anyway. In this case no one would ever trust RSA again, so the damage is severe. If the story was fake, RSA could sue the Guardians arse off.
As for your theory that competitors leaked this to damage RSA, you have not offered a shred of evidence, and your premise that the Guardian can print untrue stories without being sued for libel is false.
Microsoft handed the NSA access to encrypted messages
â Secret files show scale of Silicon Valley co-operation on Prism
â Outlook.com encryption unlocked even before official launch
â Skype worked to enable Prism collection of video calls
â Company says it is legally compelled to comply
http://www.theguardian.com/world/2013/jul/11/microsoft-nsa-collaboration-user-data
If this story turns out to be true, then RSA's name is mud. Only a complete and utter moron would buy from them after this.
Same goes for the other companies who have been selling us out. Even Google and Microsoft who are now leaking stories about them boldly protecting their backbones from the NSA have been handing over our data, and in the case of Microsoft took cold hard cash to add backdoors to Skype and God knows what else. If you trust *any* of these companies you are a complete and utter moron.
You must read it like a lawyer: "should not be permitted to collect and store all mass, undigested, non-public personal information about individuals to enable future queries and data-mining for foreign intelligence purposes. Any program involving government collection or storage of such data must be narrowly tailored to serve an important government interest."
That means "non-mass" "digested" or "public personal information about individuals" can be stored. Information on social networks is public. So are business records, like what your phone company charged you to call someone or what you're doing with your credit card. Then after a veiled lie that they won't collect it, they then say "Any program involving government collection or storage of such data must be narrowly tailored to serve an important government interest." See what they did there? And they will declare whatever suits them is an important government interest, like economic espionage.
Unfortunately people being people she will use her knowledge of Google's concerns and her prior connections with Google to advance their agenda. That's human nature. To claim it won't affect her decision making is naive.
Slashdot Mirror
> ... , where Islamic terrorist groups that threaten the West have bases."
Yes, and regularly negotiate trade agreements with these terrorists, in this case for buying shrimps (the Buba Gump kind) as was the case for the spying here.
> But don't forget that big pharma, for all its problems still is the number one creator of new drugs. In 2012 alone, the U.S. government and private companies spent a combined $130 billion (PDF) on medical research."
That is not true. That research is done in universities often with taxpayer money and big pharma snaps it up for a song. Watch Big Bucks, Big Pharma https://www.youtube.com/watch?... https://www.youtube.com/watch?... or read Marcia Angell - The Truth About the Drug Companies, Ben Goldacre - Bad Pharma - How Drug Companies Mislead Doctors and Harm Patients, Irving Kirsch The Emperor's New Drugs Exposed (SSRIs) and Jacky Kaw - Big Pharma - Exposing the Global Health Industry Agenda.
Accenture, from the multinational corporation formerly known as Arthur Andersen, changed their name after the Enron scandal, formerly residents of tax haven Bermuda, now residents of tax haven Ireland http://www.forbes.com/sites/taxanalysts/2013/11/06/if-ireland-is-not-a-tax-haven-what-is-it/ https://en.wikipedia.org/wiki/Arthur_Andersen#Enron_scandal
Also Adware vendors buy Chrome Extensions to send ad- and malware-filled updates http://arstechnica.com/security/2014/01/malware-vendors-buy-chrome-extensions-to-send-adware-filled-updates/
Sorry Blanchfield, but Adblock can fetch the ads and then simply not show them.
And Yablonka, Adbock can simply block *all* images since most are superfluous anyway and only allow through those it really trusts.
Sorry to break it to you the both of you Blanchfield and Yablonka, but no plan survives its first encounter with the enemy.
> Users of Truecrypt should be extra careful of physical security of their systems to prevent investigators from gaining access to the contents of physical memory."
By investigators, do you mean government workers conducting industrial espionage?
http://www.washingtonsblog.com/2013/10/nsa-busted-conducting-industrial-espionage-in-france-mexico-brazil-and-other-countries.html
http://www.abc.net.au/news/2013-12-04/asio-arrests-key-witness-in-east-timor-spying-scandal/5132954
http://www.globalresearch.ca/canada-spied-on-brazils-government-as-part-of-global-commercial-espionage-campaign/5353642
http://www.smh.com.au/national/australian-spy-agency-helped-bhp-negotiate-trade-deals-20131106-2x1sw.html
https://www.techdirt.com/articles/20131111/11532125198/australia-spied-japan-to-help-companies-negotiate-trade-deals.shtml
http://www.crikey.com.au/2013/12/02/revealed-the-government-agency-stealing-ideas-from-businesses/
http://the-japan-news.com/news/article/0000940560
http://www.theguardian.com/uk/2013/jun/16/gchq-intercepted-communications-g20-summits
> In addition, if what Kaplan says is correct and he did this in a premeditated manner then his whole story starts to unravel.
And what if Snowden assassinated JFK? If I am correct then Snowden's whole story starts to unravel.
Before: "BUSH ELECTED PRESIDENT"
After: "ANONYMOUS ELECTED PRESIDENT"
Hey! There is an up side!
I've seen the feed. They are all tiger sharks. Another shameful example of racial profiling.
I trust Bruce Schneider. If he's a sleeper agent, they've put in so much effort it would seem churlish not to use him.
And really, I'd use Blowfish ahead of any NSA encraption algorithm or LOL AES. If history has a sense of irony, China will pwn the entire US IT infrastructure using NSA backdoors.
http://www.eurekalert.org/multimedia/pub/66682.php?from=257191 Credit: NASA & ESA, STScI-PRC14-06b Usage Restrictions: News organizations may use this image in connection with reports about exoplanetary research.
WTF? News organisations can, but but bloggers or amateur astronomers can't? Can't use it for reports about other things? It's a shitty low resolution image anyway. Are they scared someone will write an best selling game around it? Usual institutional anti-fair use paranoia off something probably spawned from a public research grant anyway.
Problem is it's way beyond terrorism and well into commercial espionage. Here a politician used Australia's spy agency to spy Timor Leste's government to help Woodside Petroleum screw them over in negotiations. The politician is now an employee of Woodside Petroleum. This is one case we know about. http://www.independent.co.uk/news/world/australasia/lawyer-acting-for-east-timor-is-raided-by-australian-agents-8983566.html
LOL all these "anonymous cowards" posting pro-government public relations. If they're tonguing government's balls why would they need anonymity? I smell government public relations all paid for with your taxpayer dollar.
Way to ignore another story and the FISA finding that the government was breaching the Constitution. http://www.usatoday.com/story/news/nation/2013/12/16/judge-nsa-surveillance-fourth-amendment/4041995/ http://news.firedoglake.com/2013/08/22/fisa-court-ruled-nsa-program-unconstitutional-said-nsa-misled-them/ That you're ignoring these smacks of a shill. The right and left are united on this. On the other side are government workers like yourself living a parasitic existence off the hard-working taxpayer.
> Snowden is a sellout who took what he had and likely ran to the highest bidder with the info.
Not a shred of evidence do you have. Now get a real fucking job, you piece of shit government shill.
Illegal contracts are unenforceable in court so there is no point even writing them down. Hilarious precedent when a bunch of highwaymen tried to sue each other over broken contract. Court hanged them all. Let us hope for same outcome with NSA and RSA Bonnie and Clueless.
RSA's official response is limp and evasive. It makes no mention of the $10M payment. Even the PR spokesliars couldn't turn this truck load of pig shit into a silk purse https://blogs.rsa.com/news-media-2/rsa-response/
> We made the decision to use Dual EC DRBG as the default in BSAFE toolkits in 2004, in the context of an industry-wide effort to develop newer, stronger methods of encryption. At that time, the NSA had a trusted role in the community-wide effort to strengthen, not weaken, encryption.
Then why did they have to pay you to use a 'good' algorithm? If all they had to do is convince you it was awesome that would have been enough. How fucking dumb do you think we are?
> This algorithm is only one of multiple choices available within BSAFE toolkits, and users have always been free to choose whichever one best suits their needs.
Fuck you, RSA. You made it the default, knowing most people would trust and use it for that reason. You fucking well know if one of the options was starred 'NSA paid us $10M to make this one the default' no one would have touched it. Remember the public suspicion when Microsoft's NSAKEY was discovered. Don't bullshit us that RSA didn't know about that.
> We continued using the algorithm as an option within BSAFE toolkits as it gained acceptance as a NIST standard and because of its value in FIPS compliance. When concern surfaced around the algorithm in 2007, we continued to rely upon NIST as the arbiter of that discussion.
Then you should have gone back to NSA and said "Hey look, you paid us $10M to use a flawed algorithm. You are supposedly experts in encryption. We aren't stupid. What the fuck are you trying to pull on us and our customers?"
And that's the scenario that assumes they *didn't* know.
> When NIST issued new guidance recommending no further use of this algorithm in September 2013, we adhered to that guidance, communicated that recommendation to customers and discussed the change openly in the media.
Fuck you. It was out in the open by then. You could hardly hide it them, and you still didn't warn your customers their data might have been compromised.
> RSA, as a security company, never divulges details of customer engagements,
Like $10M Bribes? Or agreements with one customer to fraudulently sell flawed software to other customers? I bet lawyers everywhere can smell big class actions off this one!
> but we also categorically state that we have never entered into any contract or engaged in any project with the intention of weakening RSAâ(TM)s products, or introducing potential âbackdoorsâ(TM) into our products for anyoneâ(TM)s use.
Oh fucking puleaze. "intention" is a bullshit cop out that means you did it but didn't fucking us over wasn't the primary reason. If that $10M was so clean, show us the contract and the minutes of meetings. If you don't, don't expect us to trust you. And if they don't exist even though this is all above board, why?
RSA is either incompetent or malicious. Either way it can't be trusted again. Security companies can't operate unless their customers trust them. RSA is dead.
Yes! America went so far as making a special law to protect their citizens exercising their free speech rights from being sued by British libel laws http://www.theguardian.com/media/greenslade/2010/aug/11/medialaw-barack-obama
What you are saying is incorrect. In the UK if I tell you a lie about someone, and you repeat it publicly, you can be sued for libel. The fault is yours for not verifying the damaging information before you published it. Merely printing a retraction isn't enough, because once the accusation is made it sticks in the public mind. Otherwise I can call you a pedo, and retract it later. It doesn't work that way. Sometimes a retraction might satisfy the defamed party, but if the damage is significant they can decide to sue you anyway. In this case no one would ever trust RSA again, so the damage is severe. If the story was fake, RSA could sue the Guardians arse off.
As for your theory that competitors leaked this to damage RSA, you have not offered a shred of evidence, and your premise that the Guardian can print untrue stories without being sued for libel is false.
The Guardian ran the story. If it wasn't true RSA could sue their arses off in court for the value of their now worthless business. Guardian wouldn't dare run it unless they could prove it is true. http://www.theguardian.com/world/2013/dec/20/nsa-internet-security-rsa-secret-10m-encryption
Microsoft handed the NSA access to encrypted messages â Secret files show scale of Silicon Valley co-operation on Prism â Outlook.com encryption unlocked even before official launch â Skype worked to enable Prism collection of video calls â Company says it is legally compelled to comply http://www.theguardian.com/world/2013/jul/11/microsoft-nsa-collaboration-user-data
"Collection directly from the servers of these U.S. Service Providers: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple" http://gizmodo.com/google-to-government-let-us-publish-national-security-512647113
And look at the chronology of this:
23 September 2013: BBC News - RSA warns over NSA link to encryption algorithm http://www.bbc.co.uk/news/technology-24173977
21 December 2013: NSA Gave RSA $10 Million To Promote Crypto It Had Purposely Weakened https://www.techdirt.com/articles/20131220/14143625655/nsa-gave-rsa-10-million-to-promote-crypto-it-had-purposely-weakened.shtml How apt: Techdirt said the story was from the "from the say-bye-bye-to-credibility,-rsa dept"
Fuck you RSA. Fuck you NSA.
RSA denying it? "Well, he would, wouldn't he?" - Mandy Rice-Davies
If this story turns out to be true, then RSA's name is mud. Only a complete and utter moron would buy from them after this.
Same goes for the other companies who have been selling us out. Even Google and Microsoft who are now leaking stories about them boldly protecting their backbones from the NSA have been handing over our data, and in the case of Microsoft took cold hard cash to add backdoors to Skype and God knows what else. If you trust *any* of these companies you are a complete and utter moron.
You must read it like a lawyer: "should not be permitted to collect and store all mass, undigested, non-public personal information about individuals to enable future queries and data-mining for foreign intelligence purposes. Any program involving government collection or storage of such data must be narrowly tailored to serve an important government interest."
That means "non-mass" "digested" or "public personal information about individuals" can be stored. Information on social networks is public. So are business records, like what your phone company charged you to call someone or what you're doing with your credit card. Then after a veiled lie that they won't collect it, they then say "Any program involving government collection or storage of such data must be narrowly tailored to serve an important government interest." See what they did there? And they will declare whatever suits them is an important government interest, like economic espionage.
Amen!
The people should build a statue of Snowden next to Lincoln's with those words on a plaque underneath.
And then...
General Alexander: 'Guantanamo? That seems like a demotion!'
Prosecutor: 'You won't be on that side of the fence, asshole!'
Before it was terrorists, it was smugglers. http://libertyfirstfl.org/?p=253
... that this is what happens when a country puts its energy into space travel and not spying on its own people, but China is of course doing both.
Where as the US is only doing one of these.
Oh ZING! YEAH! THAT'S GOTTA HURT!
Unfortunately people being people she will use her knowledge of Google's concerns and her prior connections with Google to advance their agenda. That's human nature. To claim it won't affect her decision making is naive.