Posts by Matthew Poole
Last ←Newer Page 1 2 3 4 5 Older→ First
-
It is telling that the NSA approves particular combinations of public security protocols for securing information up to and including material classified as Top Secret. Historically they have only approved black-box crypto systems for such material. If they are prepared to allow US national security material to use these protocols, the protocols are probably not insecure-by-design; the NSA is perfectly happy to read everyone else's traffic, but they're really unhappy about the converse being true.
-
OnPoint: BTW, the NZ Police can use…, in reply to Paul Campbell,
it’s hard to tell exactly what they’re saying there, but it seems to hint to me that SSL is toast.
Cryptographers have long suspected that the agency planted vulnerabilities in a standard adopted in 2006 by the National Institute of Standards and Technology, the United States’ encryption standards body, and later by the International Organization for Standardization, which has 163 countries as members.
Classified N.S.A. memos appear to confirm that the fatal weakness, discovered by two Microsoft cryptographers in 2007, was engineered by the agency. The N.S.A. wrote the standard and aggressively pushed it on the international group, privately calling the effort “a challenge in finesse.”
That section implies that it's not SSL which is toast, because SSL 3.0 was first released in draft in 1996. The implication is that it's TLS 1.1 which is compromised. And that's a big, big deal, because TLS 1.2 is only just starting to be fully supported by clients (and isn't supported by a lot of older server platforms. Like, nothing from MS prior to Server 2008R2, which was released in 2010).
-
OnPoint: BTW, the NZ Police can use…, in reply to Paul Campbell,
it seems to hint to me that SSL is toast.
SSL has been toast for a long time. TLS wasn’t created just for the sake of it, and TLS1.0 is already considered insecure.
-
Hard News: This time it's Syria, in reply to Rich Lock,
Cold War II, perhaps. Superpowers flex and glare at each other while grinding their proxies to bloody dust in the middle.
One hopes. The recent lack of certainty about MAD being so mutual means that it's more likely, rather than less, that nukes will fly.
-
OnPoint: BTW, the NZ Police can use…, in reply to Martin Lindberg,
And relatedly, kinda, Snowden's latest document leak is part of the US-FY13 "Black Budget" document that goes to the Congressional Budget Office. Highly-classified doesn't quite adequately describe something which is only meant to be seen by US citizens who hold Top Secret clearance with Sensitive Compartmented Information access to the entirety of US satellite-based and terrestrial intelligence-gathering programmes.
This release breaks down where the money goes within the spooky parts of the US government. It's a $56.2b budget!I don't think Snowden has released anything else which is meant to be this tightly controlled (other TS material, yes, but nothing else that's NOFRN SCI). He clearly wasn't kidding about a mere system administrator having the keys to the kingdom.
-
Hard News: This time it's Syria, in reply to BenWilson,
The design is thermobaric trauma, not poisoning.
It’s a pretty horrible way to die, particularly for anyone on the fringe of the blast, which is a substantially larger area than those who are humanely vaporized at the epicenter.
Sure, never said it wasn't, but it's still not the design to poison people.
-
Hard News: This time it's Syria, in reply to Simon Grigg,
which is a primary reason there is so much discomfort with the impeding F-35 as it’s nowhere near a match for the much cheaper Russian and Chinese built fighters.
It's nowhere near a match for pretty much anything. Long-ish article, but a fascinating insight into how a decades-old grudge held by the US Marine Corps and a complete inability to learn from procurement fuck-up history has left the US with a single all-purpose airframe which "can’t turn, can’t climb, can’t run" - and can't hide if it's meant to be carrying any significant weapons payload.
-
Hard News: This time it's Syria, in reply to BenWilson,
If the fuel deflagrates but does not detonate ... undetonated FAE should prove as lethal to personnel caught within the cloud as most chemical agents.
That's not exactly a design effect. The design is thermobaric trauma, not poisoning.
-
OnPoint: BTW, the NZ Police can use…, in reply to Martin Lindberg,
MI6 and MI5 ‘refuse to use Lenovo computers’ over claims Chinese company makes them vulnerable to hacking
The discovery has led to a written banning order being issued among the “Five Eyes” alliance of British, American, Australian, Canadian and New Zealand eavesdropping agencies, including the US National Security Agency, according to the respected Australian Financial Review.
It's all of Five Eyes, not just the UK, courtesy of the inter-agency links which exist, according to the AFR article. It's only applicable to environments which handle classified material, but it's still interesting. Given that the acceptable alternative manufacturers - the AFR says Dell and HP are allowed - make extensive use of Chinese-manufactured hardware, it seems somewhat cosmetic.
-
Hard News: This time it's Syria, in reply to Bart Janssen,
I really don’t think it’s as easy an option as you suggest.
Probably not, but if the US were to deploy penetrating and cluster munitions from cruise missiles against Syrian air force runways it would be disruptive. If they could coordinate it with operations to lure large numbers of Syrian aircraft into the air it might even play out somewhat as Ben suggests.
Like you, though, I wouldn't want to put money on it, and it certainly wouldn't work more than once.