What NSA sabotage does to security

[Permalink]

2 Likes

Them’s the brakes.

5 Likes

a car without breaks

I’m not on 4Chan guys.

I’d like to see Dianne Feinstein try and assert the NSA’s constitutional right to sabotage.

If Manning’s level of recklessness was enough to warrant a charge of Aiding The Enemy (for publishing what is essentially historical data) I refuse to believe that actively sabotaging and concealing the sabotage of signals security is not.

Tweet this:

“The NSA sabotaged YOUR security. #NSAisAidingTheEnemy”

3 Likes

NSA has put it’s spying power above the safety and security of Americans. That is perfectly clear. I don’t ever want to hear a single word about patriotism or honor out of these guys mouths again.

4 Likes

They should change the name of the NSA to National Surveillance Agency, since they’re no longer in the Security business. It’s sad that criminals are making us vulnerable to criminals ostensibly to protect us from criminals. Separating the three types of criminals is increasingly an impossible business, since the methodology they use is essentially the same thing, and it only matters what team jersey you’re wearing, rather than the ‘righteousness’ of your cause.

It seems that when it comes to open security standards, the simplest thing to do is exclude everything that the NSA contributes, or that anyone with any connection to the NSA contributes.

1 Like

It seems that when it comes to open security standards, the simplest thing to do is exclude everything that the NSA contributes, or that anyone with any connection to the NSA contributes.

None of that will keep you safe, unfortunately. The NSA is hacking into corporations and stealing private keys and other intellectual property to further their own ends. They are also planting agents within corporations and open source projects to introduce backdoors. It’s all there in the NYT/Guardian/ProPublica revelations last week. It’s been known since late 2010 that this goes on, however pre-Snowden such reports about IPSEC and OpenBSD were dismissed as sensationalist dross.

Read everything, understand that, and I narrowly confined my response to one aspect of internet security. The idea is civil resistance, or civil disobedience. Essentially, make it harder for them to do their job, rather than capitulating to the notion that there should be no security and no defense against their intrusions.

If you’ve ever read the story of PGP you would know that Phil Zimmerman eventually caught the attention of the NSA spooks. He stated that they even gave him something close to pointers about some things along the way. It seems pretty clear now that what they were doing was attempting to get him to build in something that would be beneficial to them later.

I met PKZ a couple times back in the day. The way it seems to me is no one will ever know the “true” story of PGP, its more of a Roshomon thing.

Seems to me that now that NSA’s disruption and penetration of commercial security standards is public knowledge, any IT organization that continues to use commercial encryption products is negligent and likely in violation of SOX compliance.

3 Likes

As I understand it, they haven’t successfully sabotaged squat.

So they nosed around an IETF working group? And they entered their own, highly undesirable protocol into the NIST standard? Flatfooted bumbling may be a more appropriate term.

Anyone can attend IETF meetings and float their ideas in working groups. No group chair is going to take a suggestion from an NSA employee without a HUGE grain of salt, or anyone else they don’t know well for that matter. People that contribute to the development of security standards are a highly suspicious bunch.

I think you’re interpreting something benign as a grandiose subversion of the open source development community.

The NSA sabotage might result in the world economy going back to the economic development pace of the pre-WWII era. (I predict booming business for typewriter manufacturers and repairmen and ink ribbon producers.)

Slower even since you, as a small business man or inventor, can’t trust that your own electronic devices aren’t ratting on you and selling you out to your competition, big corporations who have deeper pockets and so can offer the NSA more money for your development efforts.

The NSA is in the enviable position of being middle man in between everybody, even when they weren’t invited.

Seems to me that now that NSA’s disruption and penetration of commercial security standards is public knowledge, any IT organization that continues to use commercial encryption products is negligent and likely in violation of SOX compliance.

I like your theory, but that would have to be proven in a civil case. If push came to shove, the AG would just seek to adjudicate any such case in a FISC court. The federal courts are mostly complicit in these problems, although neither as bad as the executive (worst) nor legislative branches (clueless).

This topic was automatically closed after 5 days. New replies are no longer allowed.