It would appear that the NSA has cracked SSL. That is the same SSL that gives you an HTTPS connection every time you connect to your bank, when you use gmail (not like the latter is private anyway … ), and numerous other services. This technology is pivitol to the trust that people hold with various web sites on the net. The fact that this can be cracked is not just disturbing, it is terrifying. The US Government have reserved the “right” to snoop on absolutely ANYTHING you do on the net, and you will have no power to stop them. Worse yet, if the yanks are at it, you can be assured that the UK, and other allies will have access to this technology. I have little dooubt that the Chinese and Russians will be far behind.
All I can recommend is that you take valuable services off line (internet banking being the big one. Still, the Police here can go on fishing expedtions on your accounts. I know of at least one person this has happened to, all so the Police could find out if the person in question could pay a court fine on a traffic related matter. Of course the New Zealand police would never abuse their powers … ). This situation is absolutely ripe for abuse, and it leaves the validity of things like cloud services wide open. The only way to fight back really is to stop using anything that uses SSL (and its related cousin TLS), encrypt EVERYTHING, and keep it local. That is a tall order, and I doubt anyone will heed that advice. Just what they want, ambivalence.
- Has the NSA broken SSL? TLS? AES? (zdnet.com)
- [News] Here’s how to best secure your data now that the NSA can crack almost any encryption (pcworld.in)
- Bullrun: The NSA Backdoor Anti-Encryption Bug Program That Breaks Most Encryption on the Internet (siliconangle.com)
- Good SSL for your website is absurdly difficult in practice (utcc.utoronto.ca)
- What To Take Away From NSA Leaks In Regards To Security and Privacy (bauer-power.net)
- NSA Breaks Encryption – Here We Go Again There is nobody and nothing they have not tapped (armstrongeconomics.com)
- Goodbye Privacy, Hello GCSB. (besachembo.wordpress.com)
- On the NSA (cryptographyengineering.com)
- NSA’s (and GCHQ) Decryption Capabilities: Truth and Lies (fortinet.com)