LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices

Reply
 
Search this Thread
Old 09-06-2013, 03:28 AM   #1
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
NSA has circumvented much of internet encryption


http://yro.slashdot.org/story/13/09/...net-encryption
Quote:
"The New York Times is reporting that the NSA has 'has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show. ... The agency, according to the documents and interviews with industry officials, deployed custom-built, superfast computers to break codes, and began collaborating with technology companies in the United States and abroad to build entry points into their products. The documents do not identify which companies have participated.'"
So, basically, what they have:
1) Supercomputers designed specifically for breaking encryption.
2) Backdoors into company computers and company products.
3) Backdoors or at least weaknesses introduced into cryptography schemes, to make them more or completely crackable at least by them.
4) Rootkits that can read data before it is encrypted / after it is decrypted.
5) Collaboration with major internet companies (you probably already know them).
6) The ability to obtain (legally and otherwise) master encryption keys if companies are unwilling to cooperate.
7) Influence the development of hardware designed for encryption by adding a backdoor or weakness.
8) Its most intense efforts are focused on SSL, VPN, and 4G.
And there are these notes:
Quote:
A 10-year NSA program against encryption technologies made a breakthrough in 2010 which made "vast amounts" of data collected through internet cable taps newly "exploitable".
...
"Project Bullrun deals with NSA's abilities to defeat the encryption used in specific network communication technologies. Bullrun involves multiple sources, all of which are extremely sensitive." The document reveals that the agency has capabilities against widely used online protocols, such as HTTPS, voice-over-IP and Secure Sockets Layer (SSL), used to protect online shopping and banking.
...
Analysts were instructed: "Do not ask about or speculate on sources or methods underpinning Bullrun." This informaton was so closely guarded, according to one document, that even those with access to aspects of the program were warned: "There will be no 'need to know'."
http://www.theguardian.com/world/201...codes-security

Having said that, it's pretty clear that they see all, they know all. Now, this is their job, but you wonder if all these techniques cannot backfire. The articles also mention this. I mean why can't other people use the backdoors ? Just because they might not know about them ? I would say a full investigation may be a good idea, as their methods may not be 100% towards "national security" as they claim.
 
Old 09-06-2013, 04:57 AM   #2
brianL
LQ 5k Club
 
Registered: Jan 2006
Location: Oldham, Lancs, England
Distribution: Slackware & Slackware64 14.1
Posts: 7,039
Blog Entries: 52

Rep: Reputation: Disabled
Bullrun and Edgehill: both battles in civil wars. Indicates that THEY regard all of US, not only potential terrorists, as the enemy.
 
Old 09-06-2013, 10:39 AM   #3
tangle
Senior Member
 
Registered: Apr 2002
Location: Smithville, TN
Distribution: Slackware
Posts: 1,745

Rep: Reputation: 71
Quote:
Originally Posted by H_TeXMeX_H View Post
http://yro.slashdot.org/story/13/09/...net-encryption
Now, this is their job, but you wonder if all these techniques cannot backfire.
Actually without a warrant it is illegal when it comes to citizens of the US. The 4th Amendment states,

[QUOTE]"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."[/CODE]

So for them to collect data like that is illegal. They are criminals plain and simple. The only way it can backfire is if the American people actually took the Constitution (the law) seriously and demanded justice.
 
Old 09-06-2013, 11:16 AM   #4
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Original Poster
Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
What about the patriot act (section 215):
http://it.slashdot.org/story/13/09/0...-on-nsa-spying
https://threatpost.com/government-to...illance/102177

How can the American people fight what they have created ? It's too late. Fight now and you will be sent to Guantanamo with the rest.
 
Old 09-06-2013, 11:25 AM   #5
tangle
Senior Member
 
Registered: Apr 2002
Location: Smithville, TN
Distribution: Slackware
Posts: 1,745

Rep: Reputation: 71
The Constitution is the law of the land. They only way to change it is to Ammend it. The Patriot Act as a whole is illegal because it violates the Constitution. There are checks and balances formed when the country was formed. In the Constitution, there is a check for a tyrannical government. In no way did the founders of this country ever intend for us to live under a tyrannical government.

Here is a quote from the Delcaration of Independence that you might find interesting. Notice how Thomas Jefferson used the words right and duty.

Quote:
But when a long train of abuses and usurpations, pursuing invariably the same Object evinces a design to reduce them under absolute Despotism, it is their right, it is their duty, to throw off such Government, and to provide new Guards for their future security.
 
Old 09-06-2013, 11:32 AM   #6
LarryLQ
LQ Newbie
 
Registered: Sep 2013
Distribution: pclinuxos 2013
Posts: 13

Rep: Reputation: Disabled
So I guess https, SSL, gpg and ssh tunneling is useless in today's world...

It seems that NSA is above the law. Hell, they have violated court orders on collecting data on American citizens. It's not right for them to treat American citizens as domestic terrorists.

Last edited by LarryLQ; 09-06-2013 at 12:25 PM.
 
Old 09-06-2013, 12:31 PM   #7
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Original Poster
Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
Quote:
Originally Posted by LarryLQ View Post
So I guess https, SSL, gpg and ssh tunneling is useless in today's world...

It seems that NSA is above the law. Hell, they have violated court orders on collecting data on American citizens. It's not right for them to treat American citizens as domestic terrorists.
I wouldn't say useless, but certainly not safe from the NSA.

Quote:
Originally Posted by tangle View Post
Here is a quote from the Delcaration of Independence that you might find interesting. Notice how Thomas Jefferson used the words right and duty.
Yeah, he too would be in Guantanamo if here were alive today.
 
Old 09-07-2013, 01:49 AM   #8
kooru
Senior Member
 
Registered: Sep 2012
Location: Italy
Distribution: Slackware, NetBSD
Posts: 1,330
Blog Entries: 5

Rep: Reputation: 262Reputation: 262Reputation: 262
So to be totally anonymous and safe, the only solution is no connection in internet.
 
Old 09-07-2013, 03:16 AM   #9
dugan
Senior Member
 
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 4,762

Rep: Reputation: 1465Reputation: 1465Reputation: 1465Reputation: 1465Reputation: 1465Reputation: 1465Reputation: 1465Reputation: 1465Reputation: 1465Reputation: 1465
I think the "totally anonymous and safe" part might be a stretch. Internet traffic is only one of the communications channels that the NSA is (supposed to be) monitoring.

Also, I don't know what "terrorists" this is meant to catch, because Bin Laden was communicating exclusively via hand-couriered letters.

Last edited by dugan; 09-07-2013 at 11:34 AM.
 
Old 09-07-2013, 07:59 AM   #10
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Original Poster
Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
New Jersey Congressman Seeks To Bar NSA Backdoors In Encryption
http://politics.slashdot.org/story/1...-in-encryption
 
Old 09-08-2013, 01:53 AM   #11
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Original Poster
Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
John Gilmore Analyzes NSA Obstruction of Crypto In IPSEC
http://linux.slashdot.org/story/13/0...rypto-in-ipsec
Quote:
"In a recent article posted on the cryptography mailing list, long time civil libertarian and free software entrepreneur John Gilmore has analyzed possible NSA obstruction of cryptography in IPSEC. He suggests that packet processing in the Linux kernel had been obstructed by one kernel developer. Gilmore suggests that the NSA has been plotting against strong cryptography on mobile phones."
 
Old 09-08-2013, 09:05 AM   #12
tangle
Senior Member
 
Registered: Apr 2002
Location: Smithville, TN
Distribution: Slackware
Posts: 1,745

Rep: Reputation: 71
Is it still safe to use SSH and AES?
 
Old 09-08-2013, 09:25 AM   #13
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Original Poster
Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
AES was developed with the "help" of the NSA, so you won't find me going anywhere near it.
 
Old 09-08-2013, 09:28 AM   #14
tangle
Senior Member
 
Registered: Apr 2002
Location: Smithville, TN
Distribution: Slackware
Posts: 1,745

Rep: Reputation: 71
Is there a list of encryption algorithms that have been compromised?
 
Old 09-08-2013, 09:51 AM   #15
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Original Poster
Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
NSA Can Spy On Data From Smart Phones, Including Blackberry
http://yro.slashdot.org/story/13/09/...ing-blackberry

As for encryption algorithms that have been compromised, you need to look at each one.

Personally, I would look for ones that have not been compromised, but that have been thoroughly used and analyzed. And, of course, not developed with the "help" of the NSA. I currently recommend twofish, but that's not to say that the NSA can't crack it.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: The NSA is Commandeering the Internet LXer Syndicated Linux News 3 08-16-2013 03:00 AM
LXer: XKeyscore: NSA tool collects 'nearly everything a user does on the internet' LXer Syndicated Linux News 0 07-31-2013 03:02 PM
LXer: XKeyscore: NSA tool collects 'nearly everything a user does on the internet' LXer Syndicated Linux News 0 07-31-2013 12:41 PM
Can Demand Paging be disabled or circumvented? ajmayhall Linux - Newbie 13 12-16-2007 08:04 PM
LXer: AT&T Forwards ALL Internet Traffic Into NSA Says EFF LXer Syndicated Linux News 0 04-06-2006 11:21 AM


All times are GMT -5. The time now is 10:56 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration