Monday, September 23, 2013

RSA Tells Developers to Stop Using Encryption Algorithm Linked to NSA

Security vendor RSA has sent out a message to customers warning developers not to use one of its 
encryption algorithms. "To ensure a high level of assurance in their application, RSA strongly 
recommends that customers discontinue use of Dual EC DRBG and move to a different PRNG," 
stated the RSA advisory. "Technical guidance, including how to change the default PRNG in most 
libraries, is available in the most current product documentation."
Last week, The New York Times reported that the U.S. National Security Agency (NSA) inserted a 
backdoor into the Dual EC DRBG standard. Many academics and security experts have expressed 
concerns about this particular encryption algorithm in the past.
It isn't known how many commercial products or internally developed enterprise applications 
currently use the standard.
                                                                                                                             Quoted from DevX.

Dual_EC_DRBG means "Dual Elliptic Curve Deterministic Random Bit Generator" and is a
pseudorandom number generator that was designated by the NSA, supposedly it contains a backdoor
that would allow them to know the status of the number generator in any point in time.

Internal documents leaked by Edward Snowden suggested the existence of such backdoor in the
random number generator.

Sunday, September 22, 2013

Thursday, September 5, 2013

Wikileaks Spy Files 3

Hey guys, I wasn't able to read all the documentation yet but in these documents you can see how
companies sell to governments, maybe other companies?, all your internet/phone traffic details.

Documentation is highly technical, who knows maybe I'll post something in plain English about this...
On Wednesday 4 September 2013 at 1600 UTC, WikiLeaks released 'Spy Files #3' – 249 documents
from 92 global intelligence contractors. These documents reveal how, as the intelligence world has
privatised, US, EU and developing world intelligence agencies have rushed into spending millions on
next-generation mass surveillance technology to target communities, groups and whole populations.

Here is a nice Reuters coverage about this:

hit counter script