In the month since network security giant Juniper Networks was forced to admit that its products had NSA-linked backdoors, the company's tried a lot of different strategies: minimizing assurances, apologies, firmware updates -- everything, that is, except for removing th Dual_EC random number generator that is widely understood to have been compromised by the NSA.
Now, having exhausted all other potential strategies, Juniper has announced that it will retire Dual_EC -- which was shown to be insecure years before they inserted it into their codebase -- from its products, "in the first half of this year."
The 2014 back door was straightforward, said researcher Hovav Shacham of the University of California, San Diego, allowing anyone with the right password to see everything.
The 2012 code changed a mathematical constant in Juniper's Netscreen products that should have allowed its author to eavesdrop, according to Shacham and his fellow investigators.
Juniper's initial patch had gotten rid of that constant in Dual Elliptic Curve and replaced it with the version it had been using since 2008.
But the academics who studied the code said that while Juniper had not disavowed the 2008 code, it had not explained how that constant was picked or why it was using the widely faulted Dual Elliptic Curve at all.
Still another curve constant, quietly provided by the NSA and required for some federal certification, was exposed in documents leaked by former NSA contractor Edward Snowden as a key to the back door.
Juniper Networks will drop code tied to National Security Agency
(via Naked Capitalism)
Uganda is so poor that few can afford medical care, giving it one of the lowest life-expectancies on the planet — this toxic combination made the country ripe for infiltration by Tiens, a Chinese Multi-Level-Marketing “nutritional supplements” cult whose members set up fake medical clinics that diagnose fake ailments and proscribe fake medicines, then rope […]
Yahoo’s sale to Verizon means that Yahoo’s sub-companies — Flickr, Tumblr and a host of others — are now divisions of a phone company, and as you might expect, being on the payroll of a notorious neutracidal maniac with a long history of sleazy, invasive, privacy-destroying, monopolistic, deceptive, anti-competitive, scumbag shakedowns has changed the public […]
What was last week posed as an indefinite leave of absence is now for good: Travis Kalanick, CEO of scandal-wracked rideshare company Uber, announced that he is leaving the company. “I love Uber more than anything in the world and at this difficult moment in my personal life I have accepted the investors request to […]
Even though credit cards now feature an EMV chip for securing transactions, they still have to include the magnetic strip for compatibility with older point of sale systems. Because of this, there’s no way for the chip’s new security capabilities to protect against card skimmers in the wild.How do you protect yourself from legacy-technology-induced fraud? […]
As the old saying goes, “You should sit in meditation for 30 minutes every day. Unless you are too busy, in which case you should meditate for an hour.” Since most of us have an endless list of things to do and people to see, carving out quiet time can feel impossible, especially when most […]
The Bragi Dash Truly Wireless Smart Earphones are far more than your run of the mill Bluetooth earbuds. While the earpiece design makes these earbuds ideal for exercise and activity, and passive noise cancelling is conducive to a more serene listening experience, these buds go well beyond just playing music.First of all, they can actually […]