News Bits
Items from security-related news (E116.Sep-2013)

  • The Cyber Security Hall of Fame
    recently announced their 2013 "Hall of Fame Class of 2013". The honorees are David E. Bell, Jim Bidzos, Eugene Spafford, James Anderson, and Willis Ware.

     

  • The NSA Is Building the Country's Biggest Spy Center (Watch What You Say)
    Wired Magazine
    by James Bamford
    March 15, 2012

    As previously noted in Cipher, NSA is building a huge data center in Bluffdale, Utah. This article, published over a year ago, seems to foreshadow the revelations of Snowden's disclosures, as well as other developments at Oak Ridge. Bamford states: "According to another top official also involved with the program, the NSA made an enormous breakthrough several years ago in its ability to cryptanalyze, or break, unfathomably complex encryption systems employed by not only governments around the world but also many average computer users in the US."

     

  • Revealed: how US and UK spy agencies defeat internet privacy and security
    The Guardian Weekly
    by James Ball, Julian Borger and Glenn Greenwald
    5 September 2013

    The NSA's efforts to intercept and read Internet traffic on a massive scale are further detailed in this article. Cooperating technology providers insert weaknesses into products and security standards for protected communications. Ordinary customers are described in NSA documents as "adversaries".

    Deliberately flawed? RSA Security tells customers to drop NSA-related encryption algorithm
    RT.com
    September 20, 2013

    The company RSA, a long-time supplier of cryptographic software, issued an advisory to its customers to stop using the default pseuro-random number generator. The algorithm in question is based on elliptic curves over finite fields, and it is unclear why RSA used it as its default algorithm. There is speculation that the NSA promoted use of the method because they knew that its weaknesses would make it easier to decrypt data used by RSA customers.

     

  • Google races to encrypt data
    The Washington Post
    by Craig Timberg
    September 6, 2013

    Google accelerated the pace of its project to encrypt its infrastructure communication in the light of the US surveillance of Internet traffic and its use of Google data to investigate activities of US citizens. While acknowledging that the measures would not eliminate the surveillance, Google seeks to make mass dragnets more difficult.

     

  • U.S. spy agencies mounted 231 offensive cyber-operations in 2011, documents show
    The Washington Post
    by Barton Gellman and Ellen Nakashima
    August 30, 2013

    According to the recently revealed "Black Budget" of the US government spy agencies, of the 231 offensive operations conducted in 2011, the budget said, nearly three-quarters were against top-priority targets, (e.g., China and North Korea) and activities such as nuclear proliferation.

     

  • Yahoo says U.S. sought data on 40,332 user accounts in 2013
    The Washington Post
    Sep 6, 2013
    by Hayley Tsukayama

    The Internet company Yahoo released some information about the number of requests for data about its users and their data that it received from the US government thus far in 2013. Of the 12,444 request covering 40,322 users, only 2 per cent were rejected by the company.