-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The Hunt for the Kill Switch

,----[ Quote ]
| It's a pretty sure bet that the National Security Agency doesn't fabricate
| its encryption chips in China. But no entity, no matter how well funded, can
| afford to manufacture its own safe version of every chip in every piece of
| equipment.
`----

http://www.spectrum.ieee.org/may08/6171

There are some semi-proven examples.


Recent:

Chip Design Flaw Could Subvert Encryption

,----[ Quote ]
| Shamir said that if an intelligence organization discovered such a flaw,
| security software on a computer with a compromised chip could be "trivially
| broken with a single chosen message." The attacker would send a "poisoned"
| encrypted message to a protected computer, he wrote. It would then be
| possible to compute the value of the secret key used by the targeted system.
|
| Trouble with Design Secrets
|
| "Millions of PCs can be attacked simultaneously, without having to manipulate
| the operating environment of each one of them individually," Shamir wrote.
`----

http://www.crm-daily.com/story.xhtml...d=11200BH5USIO


Cryptome: NSA has access to Windows Mobile smartphones

,----[ Quote ]
| First time in history Cryptome.org has released information about the
| characteristics of NSA’s network surveillance.
`----

http://blogs.securiteam.com/index.php/archives/1028


Related:

Did NSA Put a Secret Backdoor in New Encryption Standard?

,----[ Quote ]
| Which is why you should worry about a new random-number standard that
| includes an algorithm that is slow, badly designed and just might contain a
| backdoor for the National Security Agency. *
`----

http://www.wired.com/politics/securi...tymatters_1115


NSA Backdoors in Crypto AG Ciphering Machines

,----[ Quote ]
| We don't know the truth here, but the article lays out the evidence pretty
| well.
|
| See this essay of mine on how the NSA might have been able to read Iranian
| encrypted traffic.
`----

http://www.schneier.com/blog/archive...ckdoors_i.html


Dual_EC_DRBG Added to Windows Vista

,----[ Quote ]
| Microsoft has added the random-number generator Dual_EC-DRBG to Windows
| Vista, as part of SP1. Yes, this is the same RNG that could have an NSA
| backdoor. *
|
| It's not enabled by default, and my advice is to never enable it. Ever.
`----

http://www.schneier.com/blog/archive...c_drbg_ad.html


Duh! Windows Encryption Hacked Via Random Number Generator

,----[ Quote ]
| GeneralMount Carmel, Haifa – A group of researchers headed by Dr. Benny
| Pinkas from the Department of Computer Science at the University of Haifa
| succeeded in finding a security vulnerability in Microsoft's "Windows 2000"
| operating system. The significance of the loophole: emails, passwords, credit
| card numbers, if they were typed into the computer, and actually all
| correspondence that emanated from a computer using "Windows 2000" is
| susceptible to tracking. "This is not a theoretical discovery. Anyone who
| exploits this security loophole can definitely access this information on
| other computers," remarked Dr. Pinkas. * * * *
|
| Editors Note: *I believe this "loophole" is part of the Patriot Act, it is
| designed for foreign governments. *Seriously, if you care about security,
| privacy, data, trojans, spyware, etc., one does not run Windows, you run
| Linux. *
`----

http://www.linuxelectrons.com/news/g...mber-generator


Microsoft confirms that XP contains random number generator bug

,----[ Quote ]
| As recently as last Friday, Microsoft hedged in answering questions about
| whether XP and Vista could be attacked in the same way, saying only that
| later versions of Windows "contain various changes and enhancements to the
| random number generator." *
`----

http://www.computerworld.com/action/...intsrc=hm_list


"Trusted" Computing

,----[ Quote ]
| Do you imagine that any US Linux distributor would say no to the
| US government if they were requested (politely, of course) to add
| a back-door to the binary Linux images shipped as part of their
| products ? Who amongst us actually uses the source code so helpfully
| given to us on the extra CDs to compile our own version ? With
| Windows of course there are already so many back-doors known and
| unknown that the US government might not have even bothered to
| ask Microsoft, they may have just found their own, ready to
| exploit at will. What about Intel or AMD and the microcode on
| the processor itself ?
`----

http://tuxdeluxe.org/node/164
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIH+UzU4xAY3RXLo4RAmm4AJ9TiUoP4qCG2Wqp9WKyol G4HJeWSQCfYK0l
tCnhAkqR2zJlmBYa6wIqsCA=
=K7QW
-----END PGP SIGNATURE-----