aelius Posted December 21, 2013 Report Posted December 21, 2013 The NSA and the GCHQ have compromised much encryption used on the internet through a potent mix of technological theft, spycraft, and collaboration with major technology companies, according to new reports.In a series of news articles that highlight how the code-breaking crypto-fiddling agencies NSA and GCHQ are doing their job, ProPublica, The New York Times, and The Guardian, disclosed on Thursday a wide-ranging campaign by the spies to smash internet crypto methods so to better slurp data from the world+dog.The NSA "has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show," the NYT reports.Though thin on specifics, the stories clearly outline that the agencies have developed a variety of methods to attack and gain access to data secured by either SSL, or inside a virtual private network (VPN). They also imply that they have put backdoors into crypto-systems and potentially widely used digital components, as well.The spies have also worked with technology companies to gain a direct line to data stored in their servers, though the documents do not specify which companies in particular. Analysts can slurp away at the decrypted data through a highly classified program named "Bullrun"."For the past decade, N.S.A. has led an aggressive, multipronged effort to break widely used Internet encryption technologies. ... Cryptanalytic capabilities are now coming online. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable," one memo from 2010 given to the spies at GCHQ, says.New "groundbreaking capabilities" have also let the agencies inspect data that is intercepted from submarine cables, the reports state.The gist of the reports is that the agencies have probably compromised SSL via gaining certificates and encryption keys to the point where they can perform man-in-the-middle attacks on widely used applications. GCHQ is alleged to have broken the security on some 30 VPN systems, and has plans to get into 300 by 2015.Though mega-leaker Edward Snowden has previously claimed end-to-end encryption can protect users, the thorough ways in which the agencies have worked to compromise endpoints makes it unlikely that users on either end of a communication have access to clean hardware.Source: Reports: NSA has compromised most internet encryption • The Register Quote
raynor009 Posted December 29, 2013 Report Posted December 29, 2013 Au compromis ei o pu.. Numa gura este de ei. Deaia le tot sparg hackerii serverele si siteurile ca-s destepti rau. Quote
ehd Posted December 29, 2013 Report Posted December 29, 2013 rusii au spart serverele NSA si au gasit acolo doar un BigMac' si o coca cola, propaganda de asta suntem satui..valabil si pentru chinezi, iranieni si toti care vor access ! Quote
tpad Posted December 29, 2013 Report Posted December 29, 2013 Faptul ca mai gresesc linii nu face ca informatiile furnizate sa fie mai putin credibile. Quote
aelius Posted December 29, 2013 Author Report Posted December 29, 2013 Cred ca ati ratat o chestie. Ati vazut ce echipamente au cei de la NSA ? In plus, chiar stack-ul tcp/ip este vulnerabil.Puteti vedea aici si la ce practici se recurge cand se doreste ceva: https://rstforums.com/forum/78552-fake-google-ssl-certificates-made-france.rstVa rog sa ramaneti on topic.Multumesc Quote