In the month since network security giant Juniper Networks was forced to admit that its products had NSA-linked backdoors, the company's tried a lot of different strategies: minimizing assurances, apologies, firmware updates -- everything, that is, except for removing th Dual_EC random number generator that is widely understood to have been compromised by the NSA.
Now, having exhausted all other potential strategies, Juniper has announced that it will retire Dual_EC -- which was shown to be insecure years before they inserted it into their codebase -- from its products, "in the first half of this year."
The 2014 back door was straightforward, said researcher Hovav Shacham of the University of California, San Diego, allowing anyone with the right password to see everything.
The 2012 code changed a mathematical constant in Juniper's Netscreen products that should have allowed its author to eavesdrop, according to Shacham and his fellow investigators.
Juniper's initial patch had gotten rid of that constant in Dual Elliptic Curve and replaced it with the version it had been using since 2008.
But the academics who studied the code said that while Juniper had not disavowed the 2008 code, it had not explained how that constant was picked or why it was using the widely faulted Dual Elliptic Curve at all.
Still another curve constant, quietly provided by the NSA and required for some federal certification, was exposed in documents leaked by former NSA contractor Edward Snowden as a key to the back door.
Juniper Networks will drop code tied to National Security Agency
(via Naked Capitalism)
Do Not Track was a standardized way for browsers to tell services that their owners did not consent to having their activities and usage logged; however, it was subverted by Big Tech and big media companies and turned into a useless tick-box that had virtually no impact on your privacy.
The latest fuck-you from Oath -- the Verizon division created to manage the zombie assets of AOL and Yahoo, bought at a ridiculous premium and then written down by more than 99% -- is the impending drawdown of Yahoo Groups, with mass deletions of all stored "Files, Polls, Links, Photos, Folders, Calendar, Database, Attachments, Conversations, […]
In 2017, California passed a state law mandating disclosure of wholesale drug prices, something the Big Pharma companies fought tooth and nail. Now, the first of those disclosures has taken place, and it reveals spectacular levels of price-gouging from the pharmaceutical industry's greediest monopolists: an overall rise of 25.8% in the median drug price since […]
As much as vaping has taken over the market during the last decade, there’s still a lot of questions about the technology, as well as health concerns that we’re just now finding out about. One thing you can say about smoking: You know exactly what you’re getting, especially when it comes to pipes that you […]
We can’t all go through life with just a pair of sneakers and flip-flops. Sometimes, you have to invest in a pair of high-quality dress shoes. However, you’ve probably discovered that high-end footwear almost always comes with eye-popping price tags. You’ve got to compromise on second-hand or just suck it up and take out a […]
We have a theory about those throw blankets that are barely big enough to cover your legs. The only people who seem to make them or use them are grandmothers, and the blankets are only that small because Nana got bored halfway through the sewing job. Look, we’re sure she means well. But if you […]