http://www.wired.com/threatlevel/2013/09/tech-industry-tainted/
By David Kravets and Robert McMillan
Threat Level
Wired.com
09.07.13
Six years ago, two Microsoft cryptography researchers discovered some
weirdness in an obscure cryptography standard authored by the National
Security Agency. There was a bug in a government-standard random number
generator that could be used to encrypt data.
The researchers, Dan Shumow and Niels Ferguson, found that the number
generator appeared to have been built with a backdoor — it came with a
secret numeric key that could allow a third party to decrypt code that it
helped generate.
According to Thursday’s reports by the ProPublica, the Guardian, and The
New York Times, classified documents leaked by NSA whistleblower Edward
Snowden appear to confirm what everyone suspected: that the backdoor was
engineered by the NSA. Worse still, a top-secret NSA document published
with the reports says that the NSA has worked with industry partners to
“covertly influence” technology products.
That sounds bad, but so far, there’s not much hard evidence about what
exactly has been compromised. No company is named in the new allegations.
The details of the reported modifications are murky. So while much of the
internet’s security systems appear to be broken, it’s unclear where the
problems lie.
[...]
--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
