The NSA is just a juggernaut. Not only does it appear to be ignoring the rules that disallows following Americans unless they are interacting with foreign entities, they are forming all sorts of relations from the data. Not just “x talked to y” type of data, much more comprehensive than that. Who you hang out with, what professional affiliations the list goes on. And they are demanding more power, as there are “holes” in their data. Not just sure how much more they could, or should find out.
There are suggestions that the NSA may have had in a hand in weakening SHA-3. Judging by revelations that they have cracked AES (used in encrypting the private key for transactions using SSL, HTTPS in essence), I find this quite likely. Worryingly for SSL, the only other option to protect keys is 3-DES, so you may as well leave your keys plain text, oh, and have a file called “passwords.asc” on your web server.
Oh, to make matters really dire, RSA have suggested not trusting their random number generator, integral for encryption. Really, what they are saying is “don’t use our software at all it is compromised”, and it doesn’t take two guesses as to who did that. What worries me is that leaves pretty much GNU Privacy Guard as the only kid on the block. Is RSA safe for Public/Private key encryption. To be honest, no one is really sure. If the NSA has figured out a mathematical back door, then key size won’t help (and judging by their enormous budget, this may be possible). Matters are made worse by peoples tardy security practices, making the theft of the key easy, exacerbated by key passwords. No need to crack the key then (snowden had warned frequently on this). Elliptic Curve Cryptography is the new kid on the block, but there is mounting evidence that the NSA has screwed with the specification on this too, making it a dead horse at the gate (I wouldn’t use it, put it that way). and if RSA is secure beyond a second key length, it will only be secure for a few years, so if they can’t crack it now, they will a few years down the road. Just pray you didn’t steal the Presidents favourite recipe for strawberry cake, because it could be used against you. And if quantum computers take off (last I checked, they were building 512 qubit machines commercially. I think they are viable, and are the future), you are totally screwed.
So be careful out there, and don’t say it unless it needs to be said. and get smart on using crypto, your life may one day depend on it.
In a something of an unprecidented move, Brazillian president Dilma Rousseff let Obama have what for, for violating her states sovereignty with the NSA. Seeing as he was next batter up, I can only imagine “uncomfortable” would have been on the table.
This small blog article spells it out. Even if the likes of the NSA and GCSB are**ONLY** gathering metadata (and I frankly don’t believe them. Remember the Boston bombing? The CIA let slip they had LISTENED to the offenders calls over the last years … ), it still amounts to surveillance.
This makes pretty depressing reading. Obama has granted himself the power to seize ANY communication system he sees fit, on the grounds of “national security”. The plan, apparently, is to allow the White house to communicate with all Americans, at any time. Seems just a touch heavy handed in my opinion. Be interesting to see if it happens here.
Quite a good article written by Greenwald. No real surprises, but drives home just how invasive the NSA have become.
Anonymous files for NZ campaign rehosted on Google Drive (not exactly ideal … )