How did the NSA hack our emails?
And, and explanation of RSA:
-
And, and explanation of RSA:
Last edited by GreyGeek; Dec 22, 2013, 11:19 AM."A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
– John F. Kennedy, February 26, 1962. -
Interesting videos, thanks. That second freeze frame is so unflattering! Lol -
At the moment there is a feeling they (the NSA) bribed/compelled RSA into weakening their code.
http://www.reuters.com/article/2013/...9BJ1C220131220
(Reuters) - As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10 million contract with RSA, one of the most influential firms in the computer security industry, Reuters has learned.
Documents leaked by former NSA contractor Edward Snowden show that the NSA created and promulgated a flawed formula for generating random numbers to create a "back door" in encryption products, the New York Times reported in September. Reuters later reported that RSA became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products.
Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show.
The earlier disclosures of RSA's entanglement with the NSA already had shocked some in the close-knit world of computer security experts. The company had a long history of championing privacy and security, and it played a leading role in blocking a 1990s effort by the NSA to require a special chip to enable spying on a wide range of computer and communications products.
RSA, now a subsidiary of computer storage giant EMC Corp, urged customers to stop using the NSA formula after the Snowden disclosures revealed its weakness.
RSA and EMC declined to answer questions for this story, but RSA said in a statement: "RSA always acts in the best interest of its customers and under no circumstances does RSA design or enable any back doors in our products. Decisions about the features and functionality of RSA products are our own."
The NSA declined to comment.
Comment
-
I saw that article, Teunis. It makes me wonder how much more damaging information Snowdon has waiting to release. If that released so far is the minor stuff, what he held back must be explosive."A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
– John F. Kennedy, February 26, 1962.Comment
-
True, it's also possible that he had multiple documents that support his general point about the NSA acting outside the public interest, and he simply chose to release the ones that wouldn't put opeeratives' lives in danger, holding back the ones that would.
I think the reason they're so edgy about him releasing certain things is that they don't know exactly what he took. No doubt he could have dumped the whole lot on Wikileaks and caused one hell of a s#!tstorm, but chose a more measured approach aimed to highlight certain things and focus the outrage on what really matters.
Pure speculation, of course...
I wonder how much longer he'll be releasing documents for?Comment
-
The second video is well done. When the speaker was comparing the strengths of the various key lengths (512 bits, 768 bits, etc.), I wish he would have made the point that each additional bit doubles the time required to refactor the product of the primes -- that helps explain the scale.
The first video is, alas, not so good. "Clock math" is a poor explanation of modulo arithmetic. The focus on Dual_EC_DRBG is also misplaced: it's been known for quite a while that this PRNG is weak, and it never received much use despite NIST's urging (which now they've backed away from). Finally, the NSA was reading clear-text emails, they weren't "hacking" anything. They were going around the encryption, as widely reported. Encryption is still fine. Trust the math.
The trickle feed of revelations is purely Glen Greenwald's doing. See here, here, and here. Not only is Greenwald a self-aggrandizing adulation junkie, his reporting is in cahoots with the very government agencies he pretends to loathe. Snowden should have dumped everything at once, to multiple journalists. That would have had a far greater, immediate, and lasting impact. Now, it's just background noise -- perfect for those who wish to apply a veneer of "reform" without actually changing one damn thing.Originally posted by Feathers McGraw View PostComment
-
That seems to be the current sum total of all the leaks. The Dems are doing absolutely nothing, and the Repubs are barely doing anything more themselves.Originally posted by SteveRiley View Post"A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
– John F. Kennedy, February 26, 1962.Comment
-
Do you really think Snowden just dumped everything to "some journalist" without vetting it first? I just don't believe that he would trust anyone to that extent. I reckon he took some bits out, and then dumped what was left to Greenwald to do with as he saw fit.Originally posted by SteveRiley View Post
An interesting question: if he'd released it all in one, do you think it would still be in the news, apart from when tech firms react to specific pieces of information? I genuinely don't know, I'd be interested to hear what you all think.
One benefit of the trickle feed is that the cover-up lies of the NSA have been given even more exposure, i.e. a document is released, the NSA (and other agencies) lie about it to Congress and to the public, and then another document is leaked to rub the lie in everyone's faces. A good example is the "we don't spy on allies" lie - Snowden/Greenwald were able to counter it by releasing a document that shows that the NSA were tapping Merkel's phone. The cover-up lies are despicable, and deserve to be exposed. If the whole lot was dumped at once, the NSA could have crafted a better lie that worms its way around all the evidence, and gained undeserved trust back from the public/congress/whatever.
FeathersComment
-
I agree. Releasing this piece by piece has a greater effect. They are forced to defend themselves every time something new comes out.Originally posted by Feathers McGraw View PostsigpicComment
-
There were multiple levels of filtering. Snowden didn't dump everything to Greenwald. He conducted his own filtering, and gave only a portion to Greenwald and to the Washington Post. Then each of these organizations conducted another filtering pass. (Details in the previous links.)Originally posted by Feathers McGraw View Post
But it also allows the NSA et. al. time to develop defensive PR strategies. One such strategy is to threaten and bully the media. Yes, a trickle permits a sustained period of media coverage. But people become bored and stop paying attention -- which is exactly what the government wants to happen.Originally posted by Feathers McGraw View Post
Not now, no. But a single massive dump back in July would have likely had a much more immediate effect: it would have been so explosive and so damaging to the spy-industrial complex that it would have had a much greater likelihood of stopping them.Originally posted by Feathers McGraw View Post
I encourage you to read the three links I posted before. Yes, they're lengthy, but also quite revealing about motives and methods of everyone involved. Our secret-obsessed government conceals much from the people it supposedly serves. We should be appalled that journalists feel compelled to act in exactly the same fashion.Comment
-
Probably much more info than most realize. LBJ probably marked the watershed event when he faked the Gulf of Tonkin incident in order to justify sending in troops. On to Nixon it got worse with the HMO scam and the Watergate fiasco, and it went rapidly down hill from there.Originally posted by SteveRiley View Post
There have been SEVEN MAJOR scandals in the Obama administration, beginning with the false flag operation when the DOJ gave guns to Mexican drug cartels with the intent of claiming that the source of those weapons were legal gun dealers so that the administration could bolster its gun control/confiscation arguments, that the media either ignored, glossed over or even supported because they were in the same ideological camp.Originally posted by SteveRiley View Post
The old USSR proverb applies: "There is no Izvestia (news) in the Pravda (truth) and no truth in the news." Izvestia and Pravda were USSR newspapers that actually functioned as PR organs for the Communist Party. Ditto for all the major media in the USA."A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
– John F. Kennedy, February 26, 1962.Comment
-
Conspiracies abound all around us!!!!Linux because it works. No social or political motives in my decision to use it.
Always consider Occam's Razor
RichComment
-
In this post I am not making a judgement about the Government's surveillance programs. This is more of an overall view.
It seems to me there is an inherent contradiction in what we, citizens, ask of our Government. That is, keep us safe and at the same time protect our privacy. I am neither a security expert nor a constitutional lawyer. But I think there is a balance to be drawn between these two competing expectations and that it is a difficult one to navigate. That is why I have not weighed in to either criticize the specific programs, or defend them. I can find articles that argue either way and convincingly, so posting them as an argument that I would espouse seems irrelevant to me.
What I can say is that keeping these programs completely secret with little or no oversight is problematic. If not the whole citizenry, (we are a representative democracy), at least our elected representatives, should be made aware of these programs and their extent. That is as far as I will take a position on this issue.Linux because it works. No social or political motives in my decision to use it.
Always consider Occam's Razor
RichComment
-
"Keeping us safe" is very different than...
1. Invading sovereign nations for reasons of revenge ("he tried to kill my daddy") and resources (oil)
2. Lying to the world about why ("weapons of mass destruction")
3. Systematically murdering anyone, anywhere, for any reason (drones)
4. Inventing and perpetuating reasons for indiscriminate and illegal spying (terrorism)
That list requires erecting a massive security-industrial complex that would have no need to exist if we would just leave everyone else the fsck alone. There would be far less to "keep us safe" from if America would just stop acting like a pariah on the world stage.Comment
-
I referenced "keep us safe" in the context of privacy only, not the other items on your list.Linux because it works. No social or political motives in my decision to use it.
Always consider Occam's Razor
RichComment
Comment