Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

October 05 2013

The Snowden files : why the British public should be worried about GCHQ | John Lanchester — The…

The Snowden files: why the British public should be worried about #GCHQ | John Lanchester — The Guardian
http://www.theguardian.com/world/2013/oct/03/edward-snowden-files-john-lanchester

What this adds up to is a new thing in human history: with a couple of clicks of a mouse, an agent of the state can target your home phone, or your mobile, or your email, or your passport number, or any of your credit card numbers, or your address, or any of your log-ins to a web service.

http://static.guim.co.uk/sys-images/Guardian/Pix/pictures/2013/10/3/1380820803133/LanchesterreadsSnowdenfiles.jpg
(...)

Google ... know[s] you’re gay before you tell your mum; it knows you’re gay before you do. And now ...[spies] too.

#surveillance #PRISM #NSA #privacy via @zackieachmat

September 05 2013

N.S.A. Foils Much Internet Encryption - NYTimes.com

N.S.A. Foils Much Internet Encryption - NYTimes.com
http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html?pagewanted=all

#NSA documents show that the agency maintains an internal database of #encryption keys for specific commercial products, called a Key Provisioning Service, which can automatically decode many messages. If the necessary key is not in the collection, a request goes to the separate Key Recovery Service, which tries to obtain it.

How keys are acquired is shrouded in secrecy, but independent cryptographers say many are probably collected by hacking into companies’ computer servers, where they are stored. To keep such methods secret, the N.S.A. shares decrypted messages with other agencies only if the keys could have been acquired through legal means. “Approval to release to non-Sigint agencies,” a GCHQ document says, “will depend on there being a proven non-Sigint method of acquiring keys.”

Simultaneously, the N.S.A. has been deliberately weakening the international encryption standards adopted by developers. One goal in the agency’s 2013 budget request was to “influence policies, standards and specifications for commercial public key technologies,” the most common encryption method.

Cryptographers have long suspected that the agency planted vulnerabilities in a standard adopted in 2006 by the National Institute of #Standards and Technology, the United States’ encryption standards body, and later by the International Organization for Standardization, which has 163 countries as members.

Classified N.S.A. memos appear to confirm that the fatal weakness, discovered by two Microsoft cryptographers in 2007, was engineered by the agency. The N.S.A. wrote the standard and aggressively pushed it on the international group, privately calling the effort “a challenge in finesse.”

Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.

Don't be the product, buy the product!

Schweinderl