In the month since network security giant Juniper Networks was forced to admit that its products had NSA-linked backdoors, the company's tried a lot of different strategies: minimizing assurances, apologies, firmware updates -- everything, that is, except for removing th Dual_EC random number generator that is widely understood to have been compromised by the NSA.
Now, having exhausted all other potential strategies, Juniper has announced that it will retire Dual_EC -- which was shown to be insecure years before they inserted it into their codebase -- from its products, "in the first half of this year."
The 2014 back door was straightforward, said researcher Hovav Shacham of the University of California, San Diego, allowing anyone with the right password to see everything.
The 2012 code changed a mathematical constant in Juniper's Netscreen products that should have allowed its author to eavesdrop, according to Shacham and his fellow investigators.
Juniper's initial patch had gotten rid of that constant in Dual Elliptic Curve and replaced it with the version it had been using since 2008.
But the academics who studied the code said that while Juniper had not disavowed the 2008 code, it had not explained how that constant was picked or why it was using the widely faulted Dual Elliptic Curve at all.
Still another curve constant, quietly provided by the NSA and required for some federal certification, was exposed in documents leaked by former NSA contractor Edward Snowden as a key to the back door.
Juniper Networks will drop code tied to National Security Agency
(via Naked Capitalism)
Warner Bros has sued talent agency Innovative Artists for running an internal-use Google Drive folder that let its clients and staff review movies in the course of their duties. They say the company ripped “screeners” (DVDs sent for review purposes) and put them on the server, whence they leaked onto torrent sites.
AT&T’s secret “Hemisphere” product is a database of calls and call-records on all its customers, tracking their location, movements, and interactions — this data was then sold in secret to American police forces for investigating crimes big and small (even Medicare fraud), on the condition that they never reveal the program’s existence.
I still love Twitter and hope it finds a way forward. But it looks like all the potential suitors have passed on buying it, and job cuts are in the offing. Twitter Inc., having failed to sell itself, is planning to fire about 8 percent of its workforce as the struggling social-media company prepares to […]
TV antennas are making a comeback, and the Ghost Indoor HDTV antenna is a great example of why. Unlike the old bunny ear-style antennas, this compact antenna is barely noticeable and picks up channels easily. Plus with the addition of streaming services like Netflix, we find ourselves with plenty to watch without a pricey monthly cable bill. The Ghost […]
I’ve never really felt the need to purchase a smartwatch because a lot of them aren’t very functional, but at just shy of $30, the Martian Notifier Smartwatch was worth checking out. For that low of a price, it actually does feature an impressive amount of functionality, and comes in handy when you don’t want to be carrying around your […]
Geek Fuel is a subscription delivery service that caters to those of us that love comics, gaming, and general geek culture. Every month, Geek Fuel will assemble a box of goodies with a value of $50 or over. The specific items are a mystery, but you’ll always get an exclusive t-shirt not found anywhere else, a full […]