[ale] The NSA has compromised httpd, ssh, TLS/SSL, and secure chat
LinuxGnome
lnxgnome at gmail.com
Sat Sep 7 13:15:20 EDT 2013
ASL = Adrya Stembridge Lingo?
On 09/06/2013 11:58 AM, Adrya Stembridge wrote:
> I've always operated under the assumption that everything I do on my computer (and by extension, online) is compromised. If you need something secure, do it on paper or better yet learn ASL, meet at night during a rainstorm (leave all electronic devices at home) and communicate silently under an umbrella.
>
>
> On Fri, Sep 6, 2013 at 11:30 AM, Tony Carter <tcarter at entrusion.com <mailto:tcarter at entrusion.com>> wrote:
>
> In other words, we're screwed..
>
> BTW, pfSense is based on FreeBSD. not Linux.
>
> -Tony
>
>
> On Fri, Sep 6, 2013 at 10:43 AM, JD <jdp at algoloma.com <mailto:jdp at algoloma.com>> wrote:
>
> On 09/06/2013 10:06 AM, Charles Shapiro wrote:
> > But not gpg, according to the NYT (
> > http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html?hp&_r=0
> > ). My read of the article is that most of the compromises involve getting
> > access to keys through vendors, rather than compromises of the actual
> > algorithms, although there are some hints that the NSA has tried to subvert
> > standards as well.
> >
> > Moral of the story: Use FOSS, don't trust any service providers.
> >
> >
>
> Article from Bruce Schnieir of "Applied Cryptography" fame.
> http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance
> He literally "wrote the book."
>
> Don't trust anything based on DNS.
> Don't trust anything based on commercial certificates.
> Don't trust any network using radio (cell, wifi, wi-max).
> Avoid proprietary software for security stuff.
>
> Don't trust TOR completely. It is extremely inconvenient to use it in a secure
> way. A tiny config or use error can remove the anonymous aspects.
>
> Assume your router has been hacked. I think the probably applies to almost all
> commercial routers and perhaps dd-wrt, openwrt, smoothwall, untangle, anything
> based on linux. For some reason I think pfSense is less likely to be hacked -
> but I don't have any proof at all - call it a feeling.
>
> Don't trust the VPN running on your router. The keys may have been stolen.
> Bruce says to use IPSec. I've always thought that OpenVPN w/TLS was safer, guess
> not. IPSec is built-into IPv6.
>
> If your router(s) have been hacked, that means we need to be using encryption on
> our LANs too. Key-based ssh for everything, though it appears that openssl may
> not be completely safe either.
>
> Assume any smartphone platform has been hacked. Put it on a guest wifi-network
> in businesses and home.
>
> Assume any Apple or Microsoft platform has been hacked. Whole Disk Encryption
> with non-secure settings has been cracked by non-government organizations.
> Google "Tom Kopchak".
>
> Linux platforms may have been hacked too, can't tell, but with all the Linux
> servers, it is definitely an important target. OpenBSD?
>
> If you offer services on any network, enable port-knocking. Don't just leave a
> service running.
>
> Protect your ssh/gpg/openSSL keys more than you protect your wallet.
>
> Cracking the math is hard, so governments try to avoid that. Social and
> side-hacks available from poor configs or bad implementations seem to be plentiful.
>
> Sadly, I fear my paranoia is not high enough as we learn more and more. None of
> this means any individual, company, network has been compromised, but if they
> can automate the data gathering, wouldn't they?
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org <mailto:Ale at ale.org>
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org <mailto:Ale at ale.org>
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
More information about the Ale
mailing list