-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The Hunt for the Kill Switch
,----[ Quote ]
| It's a pretty sure bet that the National Security Agency doesn't fabricate
| its encryption chips in China. But no entity, no matter how well funded, can
| afford to manufacture its own safe version of every chip in every piece of
| equipment.
`----
http://www.spectrum.ieee.org/may08/6171
There are some semi-proven examples.
Recent:
Chip Design Flaw Could Subvert Encryption
,----[ Quote ]
| Shamir said that if an intelligence organization discovered such a flaw,
| security software on a computer with a compromised chip could be "trivially
| broken with a single chosen message." The attacker would send a "poisoned"
| encrypted message to a protected computer, he wrote. It would then be
| possible to compute the value of the secret key used by the targeted system.
|
| Trouble with Design Secrets
|
| "Millions of PCs can be attacked simultaneously, without having to manipulate
| the operating environment of each one of them individually," Shamir wrote.
`----
http://www.crm-daily.com/story.xhtml?story_id=11200BH5USIO
Cryptome: NSA has access to Windows Mobile smartphones
,----[ Quote ]
| First time in history Cryptome.org has released information about the
| characteristics of NSA’s network surveillance.
`----
http://blogs.securiteam.com/index.php/archives/1028
Related:
Did NSA Put a Secret Backdoor in New Encryption Standard?
,----[ Quote ]
| Which is why you should worry about a new random-number standard that
| includes an algorithm that is slow, badly designed and just might contain a
| backdoor for the National Security Agency.
`----
http://www.wired.com/politics/security/commentary/securitymatters/2007/11/securitymatters_1115
NSA Backdoors in Crypto AG Ciphering Machines
,----[ Quote ]
| We don't know the truth here, but the article lays out the evidence pretty
| well.
|
| See this essay of mine on how the NSA might have been able to read Iranian
| encrypted traffic.
`----
http://www.schneier.com/blog/archives/2008/01/nsa_backdoors_i.html
Dual_EC_DRBG Added to Windows Vista
,----[ Quote ]
| Microsoft has added the random-number generator Dual_EC-DRBG to Windows
| Vista, as part of SP1. Yes, this is the same RNG that could have an NSA
| backdoor.
|
| It's not enabled by default, and my advice is to never enable it. Ever.
`----
http://www.schneier.com/blog/archives/2007/12/dual_ec_drbg_ad.html
Duh! Windows Encryption Hacked Via Random Number Generator
,----[ Quote ]
| GeneralMount Carmel, Haifa – A group of researchers headed by Dr. Benny
| Pinkas from the Department of Computer Science at the University of Haifa
| succeeded in finding a security vulnerability in Microsoft's "Windows 2000"
| operating system. The significance of the loophole: emails, passwords, credit
| card numbers, if they were typed into the computer, and actually all
| correspondence that emanated from a computer using "Windows 2000" is
| susceptible to tracking. "This is not a theoretical discovery. Anyone who
| exploits this security loophole can definitely access this information on
| other computers," remarked Dr. Pinkas.
|
| Editors Note: I believe this "loophole" is part of the Patriot Act, it is
| designed for foreign governments. Seriously, if you care about security,
| privacy, data, trojans, spyware, etc., one does not run Windows, you run
| Linux.
`----
http://www.linuxelectrons.com/news/general/14365/duh-windows-encryption-hacked-via-random-number-generator
Microsoft confirms that XP contains random number generator bug
,----[ Quote ]
| As recently as last Friday, Microsoft hedged in answering questions about
| whether XP and Vista could be attacked in the same way, saying only that
| later versions of Windows "contain various changes and enhancements to the
| random number generator."
`----
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9048438&intsrc=hm_list
"Trusted" Computing
,----[ Quote ]
| Do you imagine that any US Linux distributor would say no to the
| US government if they were requested (politely, of course) to add
| a back-door to the binary Linux images shipped as part of their
| products ? Who amongst us actually uses the source code so helpfully
| given to us on the extra CDs to compile our own version ? With
| Windows of course there are already so many back-doors known and
| unknown that the US government might not have even bothered to
| ask Microsoft, they may have just found their own, ready to
| exploit at will. What about Intel or AMD and the microcode on
| the processor itself ?
`----
http://tuxdeluxe.org/node/164
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIH+UzU4xAY3RXLo4RAmm4AJ9TiUoP4qCG2Wqp9WKyolG4HJeWSQCfYK0l
tCnhAkqR2zJlmBYa6wIqsCA=
=K7QW
-----END PGP SIGNATURE-----
|
|
