Tag Archive for: backdoors

NSA zero days and encryption backdoors need clear disclosure policies

/in

The government has another public balancing act on its hands with the disclosure this week of exploits against commercial security products that were purportedly cooked up by the NSA.

These attack tools revealed by a group called Shadow Brokers date from sometime before June 2013 and some of them were still effective this week, which means the NSA never told the vendors about them.

That helps flesh out what the Obama administration meant two years ago when it said that under most circumstances the NSA would tell vendors if it exploits vulnerabilities in their security products. The exception: the disclosure policy wouldn’t apply if there were a clear national security or law enforcement need.

To read this article in full or to leave a comment, please click here

Network World Tim Greene

Euro agencies on encryption backdoors: Create ‘decryption without weakening’

/in

The two major international security agencies in Europe agree that building backdoors into encryption platforms is not the best way to secure systems because of the collateral damage it would do to privacy and the security of communications.

“While this would give investigators lawful access in the event of serious crimes or terrorist threats, it would also increase the attack surface for malicious abuse, which, consequently, would have much wider implications for society,” says a joint statement by European Police Office (Europol) and European Network and Information Security Agency (ENISA), which focuses on cyber security.

To read this article in full or to leave a comment, please click here

Network World Tim Greene

Hey FBI, India can Hack iPhones but Doesn’t Want Backdoors

/in

Maybe the FBI should team up with India because that country’s government says it can hack into Apple’s iPhones. Both think access to encrypted data in investigations is important, although India’s government doesn’t seem to be going to the same extremes …
mac hacker – read more

RSA president slams crypto backdoors as useful only against petty criminals

/in

The idea of making end-to-end encryption breakable is “so misguided as to boggle the mind,” according to Amit Yoran, the president of RSA.

He says it will “catastrophically weaken” security for those using it for legitimate purposes without accomplishing the goals for which it is sought – catching terrorists and the worst criminals. “It is solely for the ease and convenience of law enforcement when pursuing petty criminals,” he says, while the toughest adversaries would be unaffected.

“No terrorist or nation-state would ever knowingly use such technology,” he says, except to take advantage of innocent users by exploiting the backdoors. Only small-time actors with no technical sophistication will be caught, he says. The net result would be bad for businesses in all industries trying to defend their digital environments.

To read this article in full or to leave a comment, please click here

Network World Tim Greene