NSA Revelations Cast Doubt on the Entire Tech Industry

[InfoSec News <alerts () infosecnews org>]

http://www.wired.com/threatlevel/2013/09/tech-industry-tainted/

By David Kravets and Robert McMillan
Threat Level
Wired.com
09.07.13

Six years ago, two Microsoft cryptography researchers discovered some 
weirdness in an obscure cryptography standard authored by the National 
Security Agency. There was a bug in a government-standard random number 
generator that could be used to encrypt data.

The researchers, Dan Shumow and Niels Ferguson, found that the number 
generator appeared to have been built with a backdoor — it came with a 
secret numeric key that could allow a third party to decrypt code that it 
helped generate.

According to Thursday’s reports by the ProPublica, the Guardian, and The 
New York Times, classified documents leaked by NSA whistleblower Edward 
Snowden appear to confirm what everyone suspected: that the backdoor was 
engineered by the NSA. Worse still, a top-secret NSA document published 
with the reports says that the NSA has worked with industry partners to 
“covertly influence” technology products.

That sounds bad, but so far, there’s not much hard evidence about what 
exactly has been compromised. No company is named in the new allegations. 
The details of the reported modifications are murky. So while much of the 
internet’s security systems appear to be broken, it’s unclear where the 
problems lie.

[...]

--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/