{"id":59528,"date":"2013-09-17T15:16:00","date_gmt":"2013-09-17T19:16:00","guid":{"rendered":"http:\/\/rbachnet.wwwmi3-ss40.a2hosted.com\/index.php\/"},"modified":"2024-05-22T20:00:29","modified_gmt":"2024-05-23T00:00:29","slug":"did-nsa-subvert-ipv6-security","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/did-nsa-subvert-ipv6-security\/","title":{"rendered":"Did NSA Subvert IPv6 Security?"},"content":{"rendered":"

\"Did<\/a>Cryptographer and Electronic Frontier Foundation<\/a> (EFF) board member Bruce Schneier has given advice on how to be as secure as possible. “Trust the math,<\/em>” he says<\/a>. “Encryption is your friend. Use it well, and do your best to ensure that nothing can compromise it. That’s how you can remain secure even in the face of the NSA.<\/em>”<\/p>\n

\"subverting<\/a>

All UR emails R mine<\/p><\/div>\n

Mr. Schneier confirms<\/a> to Infosecurity<\/em><\/a> that the growing consensus is that Bullrun<\/a>‘s greatest success is in subverting the implementations of encryption and not in the ability to crack the encryption algorithms themselves. The general belief is that the NSA<\/strong> has persuaded, forced or possibly even tricked companies into building weaknesses or backdoors into their products<\/strong> that can be exploited later.<\/p>\n

I<\/em>nfosecurity<\/em> says the bottom line, however, is that the fabric of the internet can no longer be trusted<\/strong>. Meanwhile, John Gilmore<\/a>, co-founder of EFF and a proponent of free open source software, has raised a tricky question: has NSA involvement in IPv6 and IPSEC<\/strong> discussions effectively downgraded its security?<\/strong> IPSEC is the technology that would make IP communications secure.<\/p>\n

\"EFF.org\"<\/a>Mr. Gilmore told the author that he was involved in trying to make IPSEC “so usable that it would be used by default throughout the internet<\/em>.” But “NSA employees participated throughout, and occupied leadership roles in the committee and among the editors of the documents.<\/em>”<\/p>\n

The result was “so complex that every real cryptographer who tried to analyze it threw up their hands and said, ‘We can’t even begin to evaluate its security unless you simplify it radically<\/em>‘” \u2013 something that never happened EFF’s Gilmore observed.<\/p>\n

\"\"<\/a>Mr. Gilmore doesn’t explicitly say that the NSA sabotaged IPSEC<\/strong>, but the fact remains that in December 2011, IPSEC in IPv6 was downgraded from ‘must include’ to a ‘should include.’ He does, however, make very clear his belief in NSA involvement in other security standards.<\/strong><\/p>\n

Discussing cellphone encryption<\/strong>, the EFF co-founder says “NSA employees explicitly lied to standards committees<\/em>” leading to “encryption designed by a clueless Motorola employee.<\/em>”<\/p>\n

To this day, Mr. Gilmore notes that “no mobile telephone standards committee has considered or adopted any end-to-end (phone-to-phone) privacy protocols. \u00a0This is because the big companies involved, huge telcos, are all in bed with NSA to make damn sure that working end-to-end encryption never becomes the default on mobile phones.<\/em>”<\/p>\n

\u00a0rb-<\/em><\/strong><\/p>\n

Following the Snowden leaks revealing Bullrun \u2013 the NSA program to crack the world’s encryption \u2013 the article states that there is an emerging consensus that users can no longer automatically trust any security.<\/em><\/p>\n

Other articles<\/a> say that NSA has compromised SSL so the NSA has access to credit cards and your 4G phones. This is another unnecessary attack on US e-commerce business who is going to buy something online when your account numbers are in the hands of US government hackers.<\/em><\/p>\n

 <\/p>\n

Ralph Bach<\/a>\u00a0has been in IT long enough to know better and has blogged from his\u00a0Bach Seat<\/a> about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn<\/a>,\u00a0Facebook<\/a>,\u00a0and\u00a0Twitter<\/a>. Email the Bach Seat\u00a0here<\/a>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

One way or another the NSA has forced security companies to build IPv6 weaknesses or backdoors into their products to be exploited later<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[3044,1917,266,824,822,33,1751,4],"class_list":["post-59528","post","type-post","status-publish","format-standard","hentry","category-security","tag-3044","tag-bruce-schneier","tag-eff","tag-encryption","tag-ipsec","tag-ipv6","tag-nsa","tag-security"],"aioseo_notices":[],"aioseo_head":"\n\t\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t