In past week, we saw many details of how encryption and privacy technology the NSA and their corresponding agencies in other countries have entered. Although it was known that the NSA has been cracking cryptography - that's their job, more or less - it came as a shock that they actively worked to insert weaknesses in encryption standards as they have been developed point and worse - subverted commercial, closed -source privacy solutions.
I mean, it was bad enough when we learned that Microsoft sends NSA discovers weaknesses before attaching them to their customers, essentially betraying the trust of their customers worldwide and the opening of their production systems to spying by the US government. To know that the NSA has worked with many commercial suppliers of cryptology to crash deliberately vulnerabilities was a bomb, a magnitude of treason
With these secrets partnerships, agencies have inserted secret vulnerabilities - . Known as backdoors or trapdoors -. in the commercial encryption software
However, cryptography itself remains secure. To quote Edward Snowden, who presumably is not on the topic.
"Strong encryption works cryptographic systems are correctly implemented one of the few things you can count . Unfortunately, endpoint security is so terribly low that the NSA can often find ways around it. "
Note that Snowden speaks Endpoint security , which implies it is much easier to get to secrets before they are encrypted or after they are decrypted at criterion . In this context, the criterion means that your computer, which is statistically running an operating system made by a US company - say, Microsoft, Apple, or Sun -. And has been visited by the NSA
(My computer does not support the operating system of a US company, for the mere possibility of what we have learned this week.)
We even learned that the TOR anonymous network was attacked by the NSA. TOR has been long known among activists of privacy as one of the safest solutions, it has been learned in a very hard way in the Middle East :. Activists who did not use TOR anonymizing just disappeared
In this flow of information firehose which technologies and products that are known to be compromised and that are absent from this list, VPN technology has not mentioned once as a compromise. This may be due in part to the fact that it is an open standard that has many implementations. It may also be because it is very common in the corporate world for remote workers use a VPN to access the corporate intranet, so that VPN traffic is everywhere on net.
Obviously, this does not mean that you can trust a VPN tunnel, any more than you trust the people who provide you this VPN tunnel. This does not mean that you can trust your own computer which opens this tunnel.
Privacy is and remains your own responsibility. Everyone must understand that the information that exists in clear can be tapped in the clear where it is. Conversely, the information is strongly encrypted - whether in a transport tunnel as a VPN or on a storage medium such as a hard drive - can not be read by all security services today at least not by breaking the encryption
VPN. Technology as such remains intact. The bad news is that your computer can not be. To work around this problem, I use Ubuntu - a popular GNU / Linux flavor - to run my computer, and I use a principle known as defense in depth
What this means basically is. that you should not trust a piece of technology to protect your privacy and information. That is the figure of speech to put all eggs in one basket. Defence in depth means you are using multiple solutions that all would protect themselves, so that if one is compromised, the others are still standing.
0 Komentar