in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Encryption: NSA And GCHQ Can Foil Crypto

The US National Security Agency (NSA) and the UK Government Communications Headquarters (GCHQ) are able to foil most, if not all, of the encryption that is used on the internet, according to The New York Times and The Guardian.  The revelation comes from the information that was leaked by Edward Snowden earlier this summer (links to article at the bottom of the page).

I think npr.org summed up the situation quite nicely:
While the main premise of the story isn't surprising — one of the main goals of the NSA is code-breaking, after all — the breadth of the program and some of the "trickery" described in the pieces are.
The trickeries involve:
  • Inserting back doors and other weaknesses into encryption and other security tools
  • Coercing companies into cooperating
  • Surreptitiously installing software on computers to trap information before it's encrypted

There's much, much more, including actions that are the equivalent of hitting above the belt in the intelligence community, like designing gigantic clusters to break passwords, legitimately finding out weaknesses (that they themselves didn't plant) in security software, and the like.

On the whole, though, it seems to me that even these "tricks" aren't unexpected.  I mean, it's not as if we're referring to alien technology.  Coercion and the like – it's the kind of stuff that governments have done since governments existed.

To me, more impressive is this fact: what security professionals and experts have said over the years have been proven true.

  • Encryption works.  Sure, the stories make it sound like it's a moot point, but notice how many of the workarounds around encryption are designed to work around it.  It's because strong encryption poses a real problem.
  • Backdoors will be found.  The NSA championed a flawed encryption standard that was adopted in 2006.  It was flawed because there was a backdoor on it, planted by the NSA.  Cryptographers found the backdoor in 2007.  Generally, weaknesses in encryption are found sooner or later, and usually sooner.  Which is why I feel pretty comfortable with AES.  Despite prodding and poking by security researchers all over the world, it still stands.
  • Encryption is not a panacea for data threats.  It's been noted that encryption is not a magic bullet, no matter how strong it might be.  Other ways to get around it will be found (obligatory xkcd comic).

So, secure your data with crypto.  Use full disk encryption on your laptops with sensitive data.  Check for that padlock on your browser.  The government may be able to get past all of that, but frankly, there are more important reasons why you want encryption in place.

Related Articles and Sites:
http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html?pagewanted=4&_r=1&hp&&pagewanted=all
http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security
http://www.npr.org/blogs/thetwo-way/2013/09/05/219367716/reports-nsa-has-keys-to-most-internet-encryption
<Previous Next>

Data Encryption: The US Government Has 35,000 People Working On Crypto

BYOD Encryption: BYOD Runs Rampant In Global Companies

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.