Information Security News
Making and breaking encryption is one of the main roles of a signals intelligence agency. That NSA engages in such activities is not surprising. Aspects of this work aren't even secret: NSA involvement in the development of some cryptographic standards was legally mandated and openly acknowledged.
What we don't know, in general, are any specific details. Recent headlines, both here at Ars and elsewhere, paint a grim picture, suggesting that many or all of the cryptographic safeguards that people use to protect their privacy have been undermined. Simultaneous with this, cryptographic experts have said that the mathematics underpinning crypto is still basically sound. These attacks instead depend on implementation flaws, bad passwords, weak algorithms, corporate cooperation, and, perhaps, backdoors.
These mixed messages and ill-defined capabilities sound scary but perhaps scarier than they really are.
Bullrun: The NSA Backdoor Anti-Encryption Bug Program That Breaks Most ...
The ability to crack high-level encryption is something that has been a pretty significant legend in the infosec community. To be honest for years now it has been an intellectual or intuitive assumption that this was a likelihood. What has been ...
COBIT 5 for information security: The underlying principles
Stakeholder analysis is the process of identifying stakeholders so that their input can ensure outcomes match requirements. This is an important step in both project planning and risk management. Failure to involve all stakeholders, including InfoSec ...