Skip to comments.N.S.A. Foils Much Internet Encryption
Posted on 09/05/2013 12:14:05 PM PDT by Alter Kaker
The National Security Agency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents.
The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show.
Many users assume or have been assured by Internet companies that their data is safe from prying eyes, including those of the government, and the N.S.A. wants to keep it that way. The agency treats its recent successes in deciphering protected information as among its most closely guarded secrets, restricted to those cleared for a highly classified program code-named Bullrun, according to the documents, provided by Edward J. Snowden, the former N.S.A. contractor.
(Excerpt) Read more at nytimes.com ...
And what they can’t break, they record until they can.
Bingo. But nobody is listening in... there’s no “there” there.
keep your friends close and your enemies closer...
Our government practically owns and operates Google and Facebook, too.
I remember freepers trying to assure us that loyalty cards and asking for zip codes was not to track us but to make their service better. We were assured that it didn’t get specific enough to track us personally.
Then my Brother In Law recieved some awesome coupons for the items he bought all the time. The coupons were specifically tailored to his buying habits. I kid you not.
Properly implemented strong crypto systems are one of the few things that you can rely on, he said, though cautioning that the N.S.A. often bypasses the encryption altogether by targeting the computers at one end or the other and grabbing text before it is encrypted or after it is decrypted.”
The usual method used is either to steal the encryption passphrase, or use a passphrase-guessing program. These programs are quite useful if you know a lot about the target.
The NSA are wussies living in their mothers’ basements reading everyone’s emails to get their jollies.
Haven’t stopped a single terrorist attack, by all indications.
The Tsarnaevs are laughing at them.
I think it's like cracking WEP, but not WPA2.
US telecoms fight claims of illegal spying [Bush wins, case dismissed]
Ruling: Telcoms Not Liable for ‘Illegal Spying
Publius’ Forum ^ | 6/04/09 | Warner Todd Huston
But back then, spying on Americans was ‘good’.
Not just that, they've also apparently come up with a mechanism for storing encryption keys for commercial encryption technologies, found a way to break SSL and hack into VPNs. This will cause every country in the world to create new encryption technologies -- unbelievably broad leak.
Except WPA2 is already hackable by 13 year old kids, not just the National Security Agency.
Stopping terrorism is only a new priority of theirs -- their original mission is foreign intelligence. And this leak will cause the Russians, the Chinese, the Pakistanis and probably every other country in the world to switch technologies.
Wait until people start getting health insurance premium hikes based on the groceries they bought. Oh, and some stores (I’m looking at you, Target!) are requiring the cashiers to swipe the driver’s license into the cash register for all alcohol purchases. I left the cashier with that bottle of Baringer and bought one at walmart instead.
They are apprently using key-stealing to do this. The algorithms are mathmatically unbreakable, but that doesn’t matter if you swipe the key somehow.
You have to understand how SSL works to understand how this is possible. It is a three-step handshake. The server sends you a signed message, which you verify against the public certificates in your browser’s keystore. You then send it an message encrypted with its public key, and it replies with an encrypted message with a proposed symmetric key. You then accept the symmetric key, and from then on communicate in a symmetric cipher.
Now all the NSA has to have is the server’s private certificate, and it can read the asymmetric traffic and pick up the symmetric key as it is sent. If you have a buddy at Verisign, this is easily done.
Because this leak contained information they weren’t already aware of...
I need to find that article about the 4000+ security risks who work for NSA.
Here we go:
All this leak does is let the REST of us know that encryption is teetering on the edge of nonusefulness.
This is why passwords should not be words but instead ramdom characters, # and if you know how to make special ascii characters even better.
What if you present a US passport rather than a driver’s license?