Snowdon leaks and leaks and leaks again.
It would appear that the sky is falling. Somehow, the NSA and it's British buddies, GCHQ, are able to break the "strong" encryption we use every day. It's not yet clear how they're doing it, but the agencies apparently see this as a civil war with their own citizens, judging by the codename they chose.
In IT Blogwatch, bloggers fix bayonets. Not to mention: The French president goes back to school...
Your humble blogwatcher curated these bloggy bits for your entertainment.
Grant Gross gets going:
[The NSA] has been circumventing many online encryption efforts...that protects global commerce, banking, trade secrets and medical records, according to...documents leaked by...Edward Snowden.
...In addition, British intelligence agency GCHQ...has been attempting to hack into the protected traffic at Google, Yahoo, Facebook and Microsoft's Hotmail...develop[ing] "new access opportunities" into Google. ... NSA memos appear to confirm that the agency planted vulnerabilities in an encryption standard adopted in 2006. MORE
Just before these revelations, it was Bruce Schneier's analysis that this was "impossible":
I’m skeptical. Whatever the NSA has up its top-secret sleeves, the mathematics of cryptography will still be the most secure part of any encryption system.
...It’s very probable that the NSA has newer techniques [but] such techniques are unlikely to result in a practical attack that can break actual encrypted plaintext...converting that into practical attacks on the sorts of data it is likely to encounter seems so impossible as to be fanciful. MORE
But now, he's totally changed his tune:
Government and industry have betrayed the internet, and us. ... We need to take it back...by we, I mean the engineering community. ...there are several things engineers can – and should – do.
...Your employer obligations don't cover illegal or unethical activity. ...expose what you know.
...We need to figure out how to re-engineer the internet to prevent this kind of wholesale spying. [The IETF] needs to dedicate its next meeting to this task. This is an emergency.
...The NSA's actions are legitimizing the internet abuses by China, Russia, Iran and others. We need...new means of internet governance.
...To the engineers, I say this: we built the internet, and some of us have helped to subvert it. Now, those of us who love liberty have to fix it. MORE
Allen Hall Noticed something suspicious:
I believe there was some discussion that [subverting encryption certificates] ocurred with Lavabit. ... The certs were coming back from a different CA, and couldn't be traced back directly to Lavabit's CA.
...I noted as well that the CA was not correct when I attempted to sign up right after the Snowden news hit. MORE
But "Mike" waxes sanguine while waving the flag:
Someone owning the internet is inevitable. People should be happy that it's the good guys and not the Russians or the Chinese. Does everyone here really want Iran, China, Russia, Syria, etc to be able to do their business without the intelligence community being able to keep tabs on it?
This sort of pwnage is why people should be proud to be American and they should be irate that Snowdon is giving a huge leg up to our geopolitical adversaries. Hey, if you want to stop using American products go right ahead. All technology should be considered to have little goodies from its host government hiding inside of it. Anarchists who think that we can enter some sort of stateless utopia through radical transparency are delusional. MORE
Subscribe now to the Blogs Newsletter for a daily summary of the most recent and relevant blog posts at Computerworld.