1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Snowden leaks point to cryptography backdoors

Discussion in 'Article Discussion' started by Gareth Halfacree, 6 Sep 2013.

  1. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    17,066
    Likes Received:
    6,610
  2. GeorgeStorm

    GeorgeStorm Aggressive PC Builder

    Joined:
    16 Dec 2008
    Posts:
    6,996
    Likes Received:
    547
    Read the Guardian article earlier, not great stuff :/

    “Those who would give up Essential Liberty, to purchase a little Temporary safety, deserve neither Liberty nor Safety" is the phrase that comes to mind.
     
  3. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    17,066
    Likes Received:
    6,610
    I'm just pleased that pretty much all the software I use is open source - no backdoors there. Just a shame about my Gmail account and Android phone, really...
     
  4. Krikkit

    Krikkit All glory to the hypnotoad! Super Moderator

    Joined:
    21 Jan 2003
    Posts:
    23,925
    Likes Received:
    655
    A nicely-written piece again Gareth!

    I suppose I should be more surprised to hear this kind of thing goes on, but I'm not tbh. Clever though, to insert back-doors into the source with big corporates in the first place.
     
  5. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    17,066
    Likes Received:
    6,610
    Why thank you!
    The real issue, and one I didn't have room to get into in the already-lengthy piece, is the possibility that the NSA's 'relationships' extend beyond software vendors and into hardware vendors. Let's imagine a processor manufacturer called, I don't know, Acumen. Acumen builds a popular line of processors called the Crux family, which account for a massive percentage of the world's computing systems. Each Acumen Crux chip has inside it a random number generator and cryptographic acceleration engine, used by the OS for all encryption and decryption operations.

    Some time ago, however, the NSA approached Acumen and asked them nicely if they wouldn't mind modifying the design of the RNG and cryptographic accelerator such that it introduced a handy-dandy flaw into proceedings. To the end-user, everything looks normal; if you know what the flaw is, however, you can easily break the encryption in a fraction of the time it would otherwise have taken. Acumen does this, and hides it from its customers by dint of not releasing the design files for the chip - which isn't a problem, because it never releases those anyway.

    The users of Acumen Crux processors don't realise this, of course. The more paranoid use open-source software, confident that they are secure because there can be no back-door in the source code - little realising that the back-door is right there in the hardware. Their handy-dandy open-source encryption engine is relying on hardware that is introducing a weakness - a weakness that the NSA can easily exploit. Whoops!

    Sounds less crazy today than it did yesterday - and a whole lot less crazy than when free software giant Richard Stallman announced he was switching to China's homebrew Loongson processor for his computing needs out of a fear of exactly this scenario should he use a chip from a US-based company.
     
  6. [USRF]Obiwan

    [USRF]Obiwan What's a Dremel?

    Joined:
    9 Apr 2003
    Posts:
    1,721
    Likes Received:
    5
    Seems like the best protection you can get is not to connect to anything that requires a connection. What basically means that you shut down the power and throw away your processor based hardware you have like phones, television, pc, laptop, mediaboxes etc.

    Maybe the Amish got it right all that time...
     
  7. MightyBenihana

    MightyBenihana Do or do not, there is no try

    Joined:
    8 Sep 2011
    Posts:
    1,462
    Likes Received:
    115
    Although not completely the fault of the US, it is the legalised bribary (though campaign donations to politicians) that exists there and the US's power to influence other countries that is the reason that everyone should be up to date on US politics, and by this I don't mean watch Fox, MSNBC or CNN and by the same reasonng not the other extreme like Alex Jones. Couple this global power and corruption with the vast wealth and lack of accountability of corporations that do the bribing and there is no way anyone should be surprised by this.

    Did anyone really think that corporations give money to politicains because they just want to be nice to them?

    Also it has to be remembered that corporations in some ways are more powerful than governments as they are not constrained by a countries borders. So next time a large corporation claims it is 'American' or 'British', remember this is propoganda designed to play on national pride. they are no more American or British than the moon.

    If you think all this is scary then you should see the legislation that is trying to be pushed thorough that would for all intents and purposes allow corporations to declare war on countries (using national defences such as the army). Sound crazy? Well, I'm sure the information in this article did too a few years ago.

    As Noam Chomsky said so well, "In today's world, democracy is little more than manufactured consent, you won't fight a system your believe you have choosen, that you believe you can change, but in reality the puppets on both hands are joined to the same body and you have no choice over the choice of people you have to choose from".
     
  8. rollo

    rollo Modder

    Joined:
    16 May 2008
    Posts:
    7,887
    Likes Received:
    131
    If you want to stay protected, Stay of the internet simple enough.
     
  9. ferret141

    ferret141 Minimodder

    Joined:
    18 Oct 2010
    Posts:
    1,314
    Likes Received:
    40
    Did anyone notice how there's a North American router/access point firmware and an international one?
    I don't think it is purely for radio spectrum regulation.
     
  10. Red 5

    Red 5 What's a Dremel?

    Joined:
    1 Aug 2008
    Posts:
    683
    Likes Received:
    39
    It brings a whole new meaning to "Intel inside".
     
  11. Nexxo

    Nexxo * Prefab Sprout – The King of Rock 'n' Roll

    Joined:
    23 Oct 2001
    Posts:
    34,731
    Likes Received:
    2,210
    Didn't that already happen with the invasion of Iraq?
     
  12. patrickk84

    patrickk84 What's a Dremel?

    Joined:
    27 Dec 2005
    Posts:
    193
    Likes Received:
    5
    Why do you think the US government has specifically stopped using certain hardware products made in China? Huawei and ZTE...
     
  13. GravitySmacked

    GravitySmacked Mostly Harmless

    Joined:
    2 Mar 2009
    Posts:
    3,933
    Likes Received:
    73
    Not true; what about phone monitoring, snail mail surveillance, monitoring of your transactions, the near constant watch of security cameras, number plate tracking etc? Also it's easy to say stay off the internet but just doing that isn't easy to do in this day and age.
     
  14. CraigWatson

    CraigWatson Level Chuck Norris

    Joined:
    9 Apr 2009
    Posts:
    721
    Likes Received:
    33
    I see what you did there ;)
     
  15. Nexxo

    Nexxo * Prefab Sprout – The King of Rock 'n' Roll

    Joined:
    23 Oct 2001
    Posts:
    34,731
    Likes Received:
    2,210
    Stay off the grid. There's a storm coming. :worried:
     
  16. MightyBenihana

    MightyBenihana Do or do not, there is no try

    Joined:
    8 Sep 2011
    Posts:
    1,462
    Likes Received:
    115
    To an extent, yes. Lobbying by private interests created public policy. However the new legislation would remove the requirement for the government to be involved in the declaration of war. I will try to find the FOI docs on the proposed legislation so you can have a read. It is certainly very interesting
     
  17. forum_user

    forum_user forum_title

    Joined:
    4 Jan 2012
    Posts:
    511
    Likes Received:
    3
    I always wondered why hackers were always able to find the next hole to exploit. Is it because the holes are there for a reason?

    Is it time for a tech site to compile a list of 'safe' software and services?
     
  18. Corky42

    Corky42 Where's walle?

    Joined:
    30 Oct 2012
    Posts:
    9,648
    Likes Received:
    388
    I don't think there is such a thing as 'safe' software or services.

    Although all the talk of back-doors and the NSA does make me wounder how useful something like that would be. Wouldn't it also provide access for other organisations ? Admittedly they would have to find the back door first, but aren't country's like China big into the whole cyber hacking stuff, so wouldn't it be just a matter of time before they identified any back-doors ?
     
  19. PlayLoud

    PlayLoud What's a Dremel?

    Joined:
    29 Apr 2011
    Posts:
    26
    Likes Received:
    0
    No fate
     
  20. Gradius

    Gradius IT Consultant

    Joined:
    3 Feb 2009
    Posts:
    288
    Likes Received:
    1
    If you got it right it means by 2015 (perhaps they already have it) EVERY bank accounts and passwords will be INSECURE, every credit card and password too! You name it. It means they can EMPTY your bank account at ANY time and sink you in debt just typing few things on a keyboard. Think about it. And I see nothing about the media talking on Impeachment Obama... RIGHT NOW!
     
    Last edited: 8 Sep 2013

Share This Page