Tag Archive for NSA

| September 17, 2013
Comments Off on Did NSA Subvert IPv6 Security?

Did NSA Subvert IPv6 Security?

Did NSA Subvert IPv6 Security?Cryptographer and Electronic Frontier Foundation (EFF) board member Bruce Schneier has given advice on how to be as secure as possible. “Trust the math,he says. “Encryption is your friend. Use it well, and do your best to ensure that nothing can compromise it. That’s how you can remain secure even in the face of the NSA.

subverting the implementations of encryption

All UR emails R mine

Mr. Schneier confirms to Infosecurity that the growing consensus is that Bullrun‘s greatest success is in subverting the implementations of encryption and not in the ability to crack the encryption algorithms themselves. The general belief is that the NSA has persuaded, forced or possibly even tricked companies into building weaknesses or backdoors into their products that can be exploited later.

Infosecurity says the bottom line, however, is that the fabric of the internet can no longer be trusted. Meanwhile, John Gilmore, co-founder of EFF and a proponent of free open source software, has raised a tricky question: has NSA involvement in IPv6 and IPSEC discussions effectively downgraded its security? IPSEC is the technology that would make IP communications secure.

EFF.orgMr. Gilmore told the author that he was involved in trying to make IPSEC “so usable that it would be used by default throughout the internet.” But “NSA employees participated throughout, and occupied leadership roles in the committee and among the editors of the documents.

The result was “so complex that every real cryptographer who tried to analyze it threw up their hands and said, ‘We can’t even begin to evaluate its security unless you simplify it radically‘” – something that never happened EFF’s Gilmore observed.

Mr. Gilmore doesn’t explicitly say that the NSA sabotaged IPSEC, but the fact remains that in December 2011, IPSEC in IPv6 was downgraded from ‘must include’ to a ‘should include.’ He does, however, make very clear his belief in NSA involvement in other security standards.

Discussing cellphone encryption, the EFF co-founder says “NSA employees explicitly lied to standards committees” leading to “encryption designed by a clueless Motorola employee.

To this day, Mr. Gilmore notes that “no mobile telephone standards committee has considered or adopted any end-to-end (phone-to-phone) privacy protocols.  This is because the big companies involved, huge telcos, are all in bed with NSA to make damn sure that working end-to-end encryption never becomes the default on mobile phones.

 rb-

Following the Snowden leaks revealing Bullrun – the NSA program to crack the world’s encryption – the article states that there is an emerging consensus that users can no longer automatically trust any security.

Other articles say that NSA has compromised SSL so the NSA has access to credit cards and your 4G phones. This is another unnecessary attack on US e-commerce business who is going to buy something online when your account numbers are in the hands of US government hackers.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
| June 25, 2013
Comments Off on Box Beefs Up Backbone for Business

Box Beefs Up Backbone for Business

The evolution of Box from an idea to let its customers share and manage and access their content from anywhere to a cloud file-sharing and storage start-up to a business serving over 150,000 businesses, including 92 percent of the Fortune 500 continues. DataCenter Knowledge reports that half of Box’s activity comes from outside of the U.S. and 40% comes from mobile devices.

In order to support the growth, DCK says Box is touting Accelerator, its global data transfer network, as well as adding several key certifications in a bid to make its global enterprise customer base happy. Further infrastructure expansion lies ahead. “We really think we’re solving a problem for an end-user,” said Jeff Quesser, VP of Technical Operations for Box. “But we’re also solving an IT concern; they can get all the auditing, compliance they need. This can be run in a very safe way.”

With over 150 percent growth last year the company has had to tailor its service in the best ways possible to serve the enterprise crowd.  The blog says 50 percent of Box activity is happening outside of the US, either from international firms or U.S. enterprises with a global presence. Mr. Queisser told DCK. “Speed is absolutely critical. If you have sites all around the world, you need blazing fast download speeds.”

This enterprise customer need was the impetus behind Box Accelerator. The company has established upload endpoints in key global data center hubs featuring end-to-end encryption. The company has built patent-pending intelligent routing and optimization technology that delivers uploads 2.5 times faster on average. It has built a network that helps you get data into Box as fast as possible.

Box Global Data Transfer Network

Box Accelerator tweaks the TCP stack to get better performance. Mr. Queisser explained to DCK.

“(With) most consumer operating systems, networking stacks are not optimized … There’s the bandwidth delay problem. TCP is an amazing protocol, but wasn’t made for these types of distances and this kind of bandwidth. It’s a testament to how amazing the protocol is that it’s done what it’s done.”

The article says the biggest problem for Box is how to handle inbound traffic.

“What we’ve done is unique in that it’s optimizing inbound data … How do you ingest 100MB rather than send it out? The other piece is that we built these nodes, and a routing feedback loop technology.  It determines the fastest way to get to Box. Sometimes it’s an accelerator node, but there are times when direct is the fastest path.”

Accelerator started off small but has added nine new points of infrastructure. It’s a small footprint that provides a big performance boost. The goal is to have cloud-based endpoints in all regions. The article claims that Neustar conducted a performance analysis test and found that “Box had the lowest average upload time across all locations, about 66% faster than the closest competitor.

The company is also planning to apply this technology to file downloads. Accelerator has added speed to enterprise uploads, but the company told DCK it is looking to speed up downloads in a similar fashion. “We need to do that in a way where it’s encrypted and it isn’t cached,” said Mr. Quiesser.

ISO 27001It in terms of certifications, Box has recently added ISO 27001 and support for HIPAA. ISO 27001 is the international standard for information security management systems (ISMS) and demonstrates how the policies and controls put in place at Box protect user data.

rb-

Better performance and security are great things from a cloud vendor. But what impact does the NSA spying scandal is going to do on the cloud storage business model. There could be repercussions if vendors don’t cooperate.

What do you think? is the Box network ready for the enterprise?

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| June 26, 2012
Comments Off on Credit Agency Trawls Facebook

Credit Agency Trawls Facebook

GigaOm has an article that documents the efforts by Schufa, the largest credit rating firm in Germany to mine data from the Facebook (FB), LinkedIn (LNKD), and Twitter accounts of its customers. David Meyer cites documents leaked to German media, that the firm whose slogan is “We Build Confidence” would use the information “to identify and evaluate opportunities for and threats to the company.

“It cannot be that social networks are systematically scoured for sensitive data, resulting in credit ratings of customers,” said consumer protection minister Ilse Aigner.

rb-

Get over it.

Facebook logoI wrote about firms like RapLeaf mining social networks for employers and banks back in 2010. What is surprising to me and Mr. Meyer is that this latest social network mining operation comes out of Europe and especially Germany, a country where most people are very conscious of data protection concerns.

This goes back to the internet-age-old issue of privacy. Where is the line between public and private is it different for some groups than others? Do the NSA, CIA, MI5, and whoever else is listening get different access to data than Rapleaf, Apple (AAPL), Facebook, Twitter?

Just because the info is out there, public by default do they have the right to use it?

Get over itOn the other hand users of Facebook and Foursquare happily tie their credit cards to these accounts, post status updates, and check in to places for the world to see.  

Maybe we are just getting what we deserve.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , ,