zlacker

[return to "Inside the NSA's War on Internet Security"]
1. dmix+Y5[view] [source] 2014-12-28 22:16:53
>>Fabian+(OP)
This would be a good time to wait and let security professionals analyze the documents and take what you read in this article lightly, as I've found a number of sensationalist examples.

For example, they claim Canada is monitoring hockey sites:

> Canada's Communications Security Establishment (CSEC) even monitors sites devoted to the country's national pastime: "We have noticed a large increase in chat activity on the hockeytalk sites. This is likely due to the beginning of playoff season," it says in one presentation.

But if you look at the actual slide https://i.imgur.com/2GO8H6L.png, it is clearly a fake sample report of what a real one might look like. It even uses the name 'Canukistan' as the country name.

There are 44 slide decks, one of the biggest leaks so far. It will take time to make sense of the noise. And any misinformation from reporting by non-technical journalists doesn't help the cause.

◧◩
2. nsansa+g8[view] [source] 2014-12-28 23:11:39
>>dmix+Y5
> reporting by non-technical journalists doesn't help the cause

non-technical journalists

Ever heard of a certain Jacob Appelbaum?

◧◩◪
3. acqq+G8[view] [source] 2014-12-28 23:18:37
>>nsansa+g8
That guy you mention in spite of his very technical background also avoided the technical details and possibly also tried to sensationalize: I was worried as he claimed that the SSH is broken, but it seems that there is no document that states that for the passive capture of the SSH traffic (at least the documents are there and everybody can analyse them).

However we already knew for a while that the active attacks are being done:

http://www.theguardian.com/technology/2014/dec/07/north-kore...

The active attack can of course obtain enough information to decrypt the traffic automatically afterwards or even record it unencrypted. It appears that's the context of the SSH decryption in the documents.

◧◩◪◨
4. spacef+W8[view] [source] 2014-12-28 23:23:02
>>acqq+G8
When will you guys all wake up? GCHQ does the full take on the cables, and there is no document yet, that claims NSA doesn't.

So, all your sessions are hosed at some point in time. Either now or in the future.

And yes, sensationalize is sometimes necessary to get more folks onboard to work with the documents.

◧◩◪◨⬒
5. dmix+f9[view] [source] 2014-12-28 23:30:01
>>spacef+W8
So what if they are stored? There has been a big shift towards using perfect-forward-secrecy as default in the last 18 months.
◧◩◪◨⬒⬓
6. spacef+L9[view] [source] 2014-12-28 23:40:17
>>dmix+f9
Can't you see the pattern? Take all, break the crypto later. PFS might be next, who knows.

Yes, for now OTR and PGP is fine. There must be a big speculation on future breakthroughs regarding breaking crypto - otherwise they wouldn't build Bluffdale.

Edit: Instead of downvoting, how about taking position?

◧◩◪◨⬒⬓⬔
7. acqq+V9[view] [source] 2014-12-28 23:44:30
>>spacef+L9
It's not that the PFS is known to be broken, it's that it's actually still very rarely used (1)

The present is problematic enough, we don't even need to hypothesize on the future breakages.

1) http://en.wikipedia.org/wiki/Forward_secrecy

"As of December 2014, 20.0% of TLS-enabled websites are configured to use cipher suites that provide forward secrecy to web browsers."

IPSEC is also often configured with the disabled PFS, even if the RFC is from 1998 ( http://tools.ietf.org/html/rfc2412 )

[go to top]