VB Migration

Tag: nsa

  • We shouldn’t forget those most vulnerable in our digital world

    The new UK government has passed a far-reaching surveillance law . The new US government has stripped privacy rights from non-citizens. Surely, those who have warned about the threat of Western intelligence agencies have a reason to feel vindicated. In the post-Snowden era of IT security, many improvements to technology have made it a lot…

  • We shouldn’t forget those most vulnerable in our digital world

    The new UK government has passed a far-reaching surveillance law . The new US government has stripped privacy rights from non-citizens. Surely, those who have warned about the threat of Western intelligence agencies have a reason to feel vindicated. In the post-Snowden era of IT security, many improvements to technology have made it a lot…

  • NSA, GCHQ found to target anti-virus products

    Agencies looked for vulnerabilities to exploit and for submitted malware samples. New documents from NSA whistle-blower Edward Snowden have revealed the agency and its British counterpart GCHQ have actively been targeting anti-virus companies, The Intercept reports . The agencies have been found to be looking for weaknesses in anti-virus products and to have obtained intelligence…

  • Weak keys and prime reuse make Diffie-Hellman implementations vulnerable

    ‘Logjam’ attack possibly used by the NSA to decrypt VPN traffic. A group of researchers have discovered a number of vulnerabilities in the way the Diffie-Hellman key exchange protocol is deployed and have demonstrated an attack (dubbed ‘ Logjam ‘) that exploits these vulnerabilities. Diffie-Hellman is used by two entities (typically referred to as Alice…

  • Windows Error Reporting used to discover new attacks

    No excuse for sending error reports in cleartext. All happy programs are the same. But each unhappy program crashes in its own way. In a report published yesterday, security firm Websense has shown how Windows Error Reporting can be used to detect hitherto unknown attacks. Windows Error Reporting was introduced by Microsoft with Windows XP…

  • Backdoored standards show we desperately need more cryptographers

    Too few currently possess the skills to verify standards. Recent revelations of the NSA’s crypto-breaking capabilities have led to calls for better cryptography. But we need more cryptographers too. In the 2010 edition of their classic book Cryptography Engineering , Bruce Schneier, Niels Ferguson and Tadayoshi Kohno wrote on the SHA family of hash functions:…

  • There is no ‘I know what I am doing’ trump card in security

    NSA activities could make millions avoid US-based services. We have all been there. To continue the product you’re working on, you need to get some extra permission: a port needs to be opened, or perhaps some files need to be uploaded onto a protected system. You ask the IT department for this permission and, much…