The New York Times has published further details of last week's leaked documents detailing the NSA's program of sabotage to crypto products and standards. The new report confirms that the standard that the NSA sabotaged was the widely-suspected NIST Dual EC DRBG standard. The Times reports that the NSA then pushed its backdoored standard through the International Organization for Standardization and the Canadian Communications Security Establishment.
NIST has re-opened the comments on its standard with the hope of rooting out the NSA sabotage to the random number generator and restoring trust in its work products.
The agency said that because of cryptographers’ concerns, it would reopen the public comment period for three publications — Special Publication 800-90A and drafts of Special Publications 800-90B and 800-90C — which all use the random number generator in question.
“If vulnerabilities are found in these or any other N.I.S.T. standard, we will work with the cryptographic community to address them as quickly as possible,” the agency’s statement said.
“I know from firsthand communications that a number of people at N.I.S.T. feel betrayed by their colleagues at the N.S.A.,” Mr. Green said in an interview Tuesday. “Reopening the standard is the first step in fixing that betrayal and restoring confidence in N.I.S.T.”
Government Announces Steps to Restore Confidence on Encryption Standards [Nicole Perlroth/NYT]
(via Interesting People)
The Intercept publishes a previously-unseen set of Snowden docs detailing more than $500,000,000 worth of secret payments by the Japanese government to the NSA, in exchange for access to the NSA’s specialized surveillance capabilities, in likely contravention of Japanese privacy law (the secrecy of the program means that the legality was never debated, so no […]
In Canada’s hyper-concentrated and vertically integrated telcoms sector, data caps are a normal part of life; and where there are data-caps, there is cable company fuckery in the form of “”zero rating” — when your telcom sells you to online service providers, taking bribes not to count their service against your cap.
A Freedom of Information Act request reveals that the DEA spent $575,000 buying access to weaponized zero-day exploits sold by Hacking Team, the hacked and disgraced Italian cyber-arms dealer who outfitted despots, dictators, the FBI, and America’s local police departments.
“Gets stuff done,” is a good way to be described by anybody. Especially by coworkers or bosses. Because whether you’re in finance or a children’s librarian, stuff needs to get done. But how do you make sure stuff gets done? You definitely can’t do all the stuff yourself, unless your company/organization/government office consists entirely of you. And […]
Even the most expensive pair of hi-fi headphones can’t match the feeling of bass rumbling through your body at a live show. That’s why music aficionados designed The Basslet, an accessory that reproduces that sensation from your wrist. Does it make your whole body shake with deep subs? Not really, because that would be terrifying, but […]
They probably just sleep a lot. But still, you can remotely keep an eye on them when you’re at work and missing them deeply with this HD monitor from Kodak.If you have a new puppy that destroys everything in sight, or you just want to be a little more security-conscious, this WiFi camera is a […]