Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
Editorials & Other Articles
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
Economy
In reply to the discussion: STOCK MARKET WATCH -- Monday, 23 December 2013 [View all]Demeter
(85,373 posts)20. Review Group Falsely Claims No NSA Backdoors in U.S. Software
http://www.moonofalabama.org/2013/12/review-group-falsly-claims-no-nsa-backdoors-in-us-software.html
In its 28th recommendation Obama's NSA Review Group, which included no technological experts, asserted (pdf via emptywheel):
Upon review, however, we are unaware of any vulnerability created by the US Government in generally available commercial software that puts users at risk of criminal hackers or foreign governments decrypting their data. Moreover, it appears that in the vast majority of generally used, commercially available encryption software, there is no vulnerability, or “backdoor,” that makes it possible for the US Government or anyone else to achieve unauthorized access.
Like other seemingly assuring assertions from the NSA and related entities this one turns out to be false:
As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10 million contract with RSA, one of the most influential firms in the computer security industry, Reuters has learned.
Documents leaked by former NSA contractor Edward Snowden show that the NSA created and promulgated a flawed formula for generating random numbers to create a "back door" in encryption products, the New York Times reported in September. Reuters later reported that RSA became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products.
Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract.
RSA security products, widely used so far, are not secure. The NSA paid RSA to use a weak encryption which the NSA can easily break. If the NSA can break these others can too. They thereby have a backdoor into RSA software and whoever uses those insecure products should do away with them.
If the NSA Review Group was unaware of paid for NSA backdoors in commercial products how many of its other recommendations tackle the real problems?
Yeah. Thought so.
In its 28th recommendation Obama's NSA Review Group, which included no technological experts, asserted (pdf via emptywheel):
Upon review, however, we are unaware of any vulnerability created by the US Government in generally available commercial software that puts users at risk of criminal hackers or foreign governments decrypting their data. Moreover, it appears that in the vast majority of generally used, commercially available encryption software, there is no vulnerability, or “backdoor,” that makes it possible for the US Government or anyone else to achieve unauthorized access.
Like other seemingly assuring assertions from the NSA and related entities this one turns out to be false:
As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10 million contract with RSA, one of the most influential firms in the computer security industry, Reuters has learned.
Documents leaked by former NSA contractor Edward Snowden show that the NSA created and promulgated a flawed formula for generating random numbers to create a "back door" in encryption products, the New York Times reported in September. Reuters later reported that RSA became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products.
Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract.
RSA security products, widely used so far, are not secure. The NSA paid RSA to use a weak encryption which the NSA can easily break. If the NSA can break these others can too. They thereby have a backdoor into RSA software and whoever uses those insecure products should do away with them.
If the NSA Review Group was unaware of paid for NSA backdoors in commercial products how many of its other recommendations tackle the real problems?
Yeah. Thought so.
Edit history
Please sign in to view edit histories.
Recommendations
0 members have recommended this reply (displayed in chronological order):
53 replies
= new reply since forum marked as read
Highlight:
NoneDon't highlight anything
5 newestHighlight 5 most recent replies
RecommendedHighlight replies with 5 or more recommendations
= new reply since forum marked as read
Highlight:
NoneDon't highlight anything
5 newestHighlight 5 most recent replies
RecommendedHighlight replies with 5 or more recommendations
Five Years After Lehman's: Did We Learn Anything? By L. Randall Wray - EconoMonitor
Demeter
Dec 2013
#4
Obama Exempts “If You Like It You Can Keep It” Cancelees from the Individual Mandate
Demeter
Dec 2013
#5
I never thought I'd be an outlaw, but the Affordable Care Act might make me one By Diane Snyder
Demeter
Dec 2013
#24