Making and breaking encryption is one of the main roles of a signals intelligence agency. That NSA engages in such activities is not surprising. Aspects of this work aren't even secret: NSA involvement in the development of some cryptographic standards was legally mandated and openly acknowledged.

What we don't know, in general, are any specific details. Recent headlines, both here at Ars and elsewhere, paint a grim picture, suggesting that many or all of the cryptographic safeguards that people use to protect their privacy have been undermined. Simultaneous with this, cryptographic experts have said that the mathematics underpinning crypto is still basically sound. These attacks instead depend on implementation flaws, bad passwords, weak algorithms, corporate cooperation, and, perhaps, backdoors.

These mixed messages and ill-defined capabilities sound scary but perhaps scarier than they really are.

Read 14 remaining paragraphs | Comments


(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Linux Kernel 'kvm_set_memory_region()' Function Local Privilege Escalation Vulnerability

Bullrun: The NSA Backdoor Anti-Encryption Bug Program That Breaks Most ...
SiliconANGLE (blog)
The ability to crack high-level encryption is something that has been a pretty significant legend in the infosec community. To be honest for years now it has been an intellectual or intuitive assumption that this was a likelihood. What has been ...

and more »
Former Nokia CEO Stephen Elop has moved into a commanding position as the overwhelming favorite to win the CEO job at Microsoft, according to online bookmakers.

COBIT 5 for information security: The underlying principles
TechRepublic (blog)
Stakeholder analysis is the process of identifying stakeholders so that their input can ensure outcomes match requirements. This is an important step in both project planning and risk management. Failure to involve all stakeholders, including InfoSec ...

Internet Storm Center Infocon Status