SoylentNews is people
SoylentNews
from the government-approved-security-tools dept.
Spiegel Online has a story on just how much of our supposedly secure protocols are routinely cracked by the NSA. The page is worth bookmarking, if for no other reason than the tremendous amount of links to actual NSA documents it contains.
The main points are not new to those of use who have been following this issue for some time. Your VPN is NOT private, your SSL was easily cracked as far back as 2012, and even your SSH sessions are often vulnerable. Skype is a joke, you might as well mail the NSA a transcript.
Some things are still very difficult for them to crack, PGP with good (2048 or 4096) byte keys, OTR settings on chat sessions (XMPP, Jabber, even Google Talk with someone else's client), and TrueCrypt for your disk drives all present significant problems.
NSA cryptologists divided their targets into five levels corresponding to the degree of the difficulty of the attack and the outcome, ranging from "trivial" to "catastrophic."
Monitoring a document's path through the Internet is classified as "trivial." Recording Facebook chats is considered a "minor" task, while the level of difficulty involved in decrypting emails sent through Moscow-based Internet service provider "mail.ru" is considered "moderate." Still, all three of those classifications don't appear to pose any significant problems for the NSA.
Things first become troublesome at the fourth level. The NSA encounters "major" problems in its attempts to decrypt messages sent through heavily encrypted email.
TOR presents problems, but so many of the TOR Exit Nodes are NSA controlled that anonymity of at least one end can't be guaranteed, although a personal encryption layer on top of TOR may provide privacy of content.
Your SSL sessions should not be allowed to sit idle. Tear them down (close the browser) and start a new session. Most of the SSL connections decrypted are resumed sessions. According to one NSA document, the agency intended to crack 10 million intercepted https connections a day by late 2012.
Things become "catastrophic" for the NSA at level five - when, for example, a subject uses a combination of Tor, another anonymization service, the instant messaging system CSpace and a system for Internet telephony (voice over IP) called ZRTP. This type of combination results in a "near-total loss/lack of insight to target communications, presence," the NSA document states.
(Score: 1, Insightful) by Anonymous Coward on Wednesday December 31 2014, @02:06AM
Worth noting is that this information is from several years ago. They could have known about the vulnerabilities that have came to light since then and did not tell anyone. What this new information provides is merely a snapshot of their abilities in the past. They may have already lost all of those advantages.