The security services are stripping us of basic Internet security

Short Story by: godoficepantheon

Summary

Open Rights Group International - The latest revelations from the Guardian give good evidence of why they have recently been the target of government harassment, and also why this is entirely unjustified.

Content

Submitted: October 20, 2013

A A A | A A A

Content

Submitted: October 20, 2013

A A A

A A A


Open Rights Group International - The latest revelations from the Guardian give good evidence of why they have recently been the target of government harassment, and also why this is entirely unjustified.

Their reports of NSA and GCHQ attacks on fundamental Internet security really matter. These are the basics of trust on the Internet; they are the reason you trust your bank, your credit card payments or Virtual Private Networks not to leak this information to criminals, blackmailers or governments.

Thus the real impact will not just be about security, it is about economics.

Of course we all expect for NSA/GCHQ to try to break encryption systems from time to time, it's their job. The problems arise when they make us all vulnerable as a result.

From the Guardian article, it appears they use threats and secret orders given to commercial companies to insert backdoors that must now undermine our trust in very common software products. They covertly insert vulnerabilities that weaken security of technical systems for everyone, not just their targets.

The idea that this won't be abused by yet unknown parties can only be naïve optimism, plain stupidity or complete disregard for anything other than the NSA and GCHQ's mission.

How it works

This isn't about breaking the maths - at least not usually - it's about exploiting the 'joins' between the pieces of software, introducing flaws in the implementation of cryptology, and more general 'backdoors' to the communications, which don't rely on the cryptology. Schneier gives some good examples.

Basically, the NSA asks companies to subtly change their products in undetectable ways: making the random number generator less random, leaking the key somehow, adding a common exponent to a public-key exchange protocol, and so on. If the back door is discovered, it's explained away as a mistake

The agencies seem to be doing this directly with companies and standards bodies, on a very wide basis. Many of the exploits are better thought of as exploiting software vulnerabilities.

Thus their strategy relies on people trusting big companies, or not paying attention to the work of standards bodies choosing security protocols. READ FULL ARTICLE ATOPENRIGHTSGROUP.ORG


© Copyright 2016 godoficepantheon. All rights reserved.

The security services are stripping us of basic Internet security

Status: Finished

Genre: Non-Fiction

Houses:

Details

Status: Finished

Genre: Non-Fiction

Houses:

Summary

Open Rights Group International - The latest revelations from the Guardian give good evidence of why they have recently been the target of government harassment, and also why this is entirely unjustified.

Add Your Comments:

Comments

Other Content by godoficepantheon

Add picture

Paste the link to picture in the entry below:

— or —

Drag a picture from your file manager into this box,
or click to select.

Add video

Paste the link to Youtube video in the following entry:

Existing Comments:
Bad selection

Cannot annotate a non-flat selection. Make sure your selection starts and ends within the same node.

(example of bad selection): This is bold text and this is normal text.
(example of good selection): This is bold text and this is normal text.
Bad selection

An annotation cannot contain another annotation.

Anonymous
Really delete this comment?
Anonymous
Really delete this comment?

There was an error uploading your file.


    
Anonymous