Hash: SHA1

The Hunt for the Kill Switch

,----[ Quote ]
| It's a pretty sure bet that the National Security Agency doesn't fabricate
| its encryption chips in China. But no entity, no matter how well funded, can
| afford to manufacture its own safe version of every chip in every piece of
| equipment.


There are some semi-proven examples.


Chip Design Flaw Could Subvert Encryption

,----[ Quote ]
| Shamir said that if an intelligence organization discovered such a flaw,
| security software on a computer with a compromised chip could be "trivially
| broken with a single chosen message." The attacker would send a "poisoned"
| encrypted message to a protected computer, he wrote. It would then be
| possible to compute the value of the secret key used by the targeted system.
| Trouble with Design Secrets
| "Millions of PCs can be attacked simultaneously, without having to manipulate
| the operating environment of each one of them individually," Shamir wrote.


Cryptome: NSA has access to Windows Mobile smartphones

,----[ Quote ]
| First time in history Cryptome.org has released information about the
| characteristics of NSA’s network surveillance.



Did NSA Put a Secret Backdoor in New Encryption Standard?

,----[ Quote ]
| Which is why you should worry about a new random-number standard that
| includes an algorithm that is slow, badly designed and just might contain a
| backdoor for the National Security Agency. *


NSA Backdoors in Crypto AG Ciphering Machines

,----[ Quote ]
| We don't know the truth here, but the article lays out the evidence pretty
| well.
| See this essay of mine on how the NSA might have been able to read Iranian
| encrypted traffic.


Dual_EC_DRBG Added to Windows Vista

,----[ Quote ]
| Microsoft has added the random-number generator Dual_EC-DRBG to Windows
| Vista, as part of SP1. Yes, this is the same RNG that could have an NSA
| backdoor. *
| It's not enabled by default, and my advice is to never enable it. Ever.


Duh! Windows Encryption Hacked Via Random Number Generator

,----[ Quote ]
| GeneralMount Carmel, Haifa – A group of researchers headed by Dr. Benny
| Pinkas from the Department of Computer Science at the University of Haifa
| succeeded in finding a security vulnerability in Microsoft's "Windows 2000"
| operating system. The significance of the loophole: emails, passwords, credit
| card numbers, if they were typed into the computer, and actually all
| correspondence that emanated from a computer using "Windows 2000" is
| susceptible to tracking. "This is not a theoretical discovery. Anyone who
| exploits this security loophole can definitely access this information on
| other computers," remarked Dr. Pinkas. * * * *
| Editors Note: *I believe this "loophole" is part of the Patriot Act, it is
| designed for foreign governments. *Seriously, if you care about security,
| privacy, data, trojans, spyware, etc., one does not run Windows, you run
| Linux. *


Microsoft confirms that XP contains random number generator bug

,----[ Quote ]
| As recently as last Friday, Microsoft hedged in answering questions about
| whether XP and Vista could be attacked in the same way, saying only that
| later versions of Windows "contain various changes and enhancements to the
| random number generator." *


"Trusted" Computing

,----[ Quote ]
| Do you imagine that any US Linux distributor would say no to the
| US government if they were requested (politely, of course) to add
| a back-door to the binary Linux images shipped as part of their
| products ? Who amongst us actually uses the source code so helpfully
| given to us on the extra CDs to compile our own version ? With
| Windows of course there are already so many back-doors known and
| unknown that the US government might not have even bothered to
| ask Microsoft, they may have just found their own, ready to
| exploit at will. What about Intel or AMD and the microcode on
| the processor itself ?

Version: GnuPG v1.4.6 (GNU/Linux)