In the month since network security giant Juniper Networks was forced to admit that its products had NSA-linked backdoors, the company's tried a lot of different strategies: minimizing assurances, apologies, firmware updates -- everything, that is, except for removing th Dual_EC random number generator that is widely understood to have been compromised by the NSA.
Now, having exhausted all other potential strategies, Juniper has announced that it will retire Dual_EC -- which was shown to be insecure years before they inserted it into their codebase -- from its products, "in the first half of this year."
The 2014 back door was straightforward, said researcher Hovav Shacham of the University of California, San Diego, allowing anyone with the right password to see everything.
The 2012 code changed a mathematical constant in Juniper's Netscreen products that should have allowed its author to eavesdrop, according to Shacham and his fellow investigators.
Juniper's initial patch had gotten rid of that constant in Dual Elliptic Curve and replaced it with the version it had been using since 2008.
But the academics who studied the code said that while Juniper had not disavowed the 2008 code, it had not explained how that constant was picked or why it was using the widely faulted Dual Elliptic Curve at all.
Still another curve constant, quietly provided by the NSA and required for some federal certification, was exposed in documents leaked by former NSA contractor Edward Snowden as a key to the back door.
Juniper Networks will drop code tied to National Security Agency
(via Naked Capitalism)
When Purdue Pharma’s patent on the MS Contin was close to expiry, the Sackler family who owned the company spent millions trying to find a product that could replace the profits they’d lose from generic competition on MS Contin: the result was Oxycontin, a drug that went on to kill Americans at epidemic scale.
The questions posed by David Cay Johnston include some tough-to-avoid queries about Trump’s involvement with the mafia, the regulatory findings against his company for unfair and unsafe employment practices, and times when Trump had admitted to shading the truth or lying outright about his affairs.
Faception uses 15 secret classifiers of facial features to accuse subjects of terrorism and pedophilia, as well as predicting their poker abilities.
If you’ve got a killer app idea, but don’t have the technical expertise to pull it off, get a crash course in all things app development with the Comprehensive Android Development Bundle, now over 90% off in the Boing Boing Store. Across 83 hours of training, you’ll learn to develop for the world’s most popular mobile OS, mastering […]
Jared Sinclair developed the RSS reader app Unread, which made $10,000 in its first 24 hours on the iOS market. And we’ve all heard the story of Flappy Bird developer Dong Nguyen, whose creation was reportedly earning $50,000 a day at the height of its 2013 explosion. While those are rare examples, they’re also testament to the […]
If you or your company’s IT system are besieged by black hat cyber attacks, an ethical hacker might be all that stands between crippling damage and a company’s long-term prosperity. It’s no wonder that the market for IT security specialists is exploding. Certification is the key – so learn the tenets of ethical hacking and get […]