In the month since network security giant Juniper Networks was forced to admit that its products had NSA-linked backdoors, the company's tried a lot of different strategies: minimizing assurances, apologies, firmware updates -- everything, that is, except for removing th Dual_EC random number generator that is widely understood to have been compromised by the NSA.
Now, having exhausted all other potential strategies, Juniper has announced that it will retire Dual_EC -- which was shown to be insecure years before they inserted it into their codebase -- from its products, "in the first half of this year."
The 2014 back door was straightforward, said researcher Hovav Shacham of the University of California, San Diego, allowing anyone with the right password to see everything.
The 2012 code changed a mathematical constant in Juniper's Netscreen products that should have allowed its author to eavesdrop, according to Shacham and his fellow investigators.
Juniper's initial patch had gotten rid of that constant in Dual Elliptic Curve and replaced it with the version it had been using since 2008.
But the academics who studied the code said that while Juniper had not disavowed the 2008 code, it had not explained how that constant was picked or why it was using the widely faulted Dual Elliptic Curve at all.
Still another curve constant, quietly provided by the NSA and required for some federal certification, was exposed in documents leaked by former NSA contractor Edward Snowden as a key to the back door.
Juniper Networks will drop code tied to National Security Agency
(via Naked Capitalism)
In 2013, the UK coalition government of David Cameron's Tories and the Libdems' Nick Clegg launched a "Help to Buy" scheme that gave incredibly cheap, taxpayer subsidised loans to first-time homebuyers, who got their money interest free for five years and thereafter had to repay it at 1.75% interest.
The Great State of Maine, having jettisoned its far-right lunatic "government" and replaced it with a responsive, progressive, evidence-based one, is now set to pass the nation's most stringent ISP privacy law, going further than both New York and California.
In 2012, Facebook settled an FTC privacy investigation by promising a host of privacy protections (that they never delivered on); now, the FTC is probing Facebook's noncompliance and they've demanded that the company let them look at Zuck's email, which prompted the company's legal team to have a look therein, and they really didn't like […]
With the quick-fix appeal of video games and their own cell phones, it can be tough to keep kids focused on supposedly “educational” toys. And while it may seem counter-intuitive to fight tech with more tech, we’re all in when it comes to the Toybox 3D Printer. We’re not sure if anyone had envisioned a […]
Whether you’re an artist, designer or just organizing a photo album, photo editing software is a must. And software designers know it: Platforms like Photoshop and Lightroom have a ton of helpful features, but you’ll pay for them in spades. Luckily, there’s some competition in the photo editing arena. Right now, Skylum’s Luminar software is […]
Who needs a holiday sale? Sometimes there’s no better time than the thick of summer to find deals. We should know – we’ve found ten deep discounts on some must-have items. Whether you’re searching for CBD edibles, exercise gear, chargers or other tech, take a look. But don’t look long – these prices aren’t likely […]