Here is a listing of reference material I have collected over the years
Here is a listing of reference material I have collected over the years
Sorry, the comment form is closed at this time.
AusCERT 2013 One of the reasons we can’t have nice things like a secure Internet is that vendors of consumer kit can’t be bothered.
That’s the conclusion The Register reaches after listening to a presentation by HD Moore, author of Metasploit and now chief research officer at Rapid7, at the AusCERT 2013 security conference today.
Moore told delegates that while systems administrators might be doing a decent job of protecting their systems (actually, too many aren’t – they leave things like default passwords open, for example), it becomes almost irrelevant in the face of the threats created by modems, routers, phones, because vendors of embedded systems in general just don’t care.
“You can probably own five percent of the total Internet without even blinking,” Moore said.
Without detailing Moore’s entire research methodology, he presented the results of a large-scale scan of the IPv4 address space, looking at TCP and UDP services, and turning up “endemic” vulnerabilities.
While people leaving unauthenticated Telnet open to the world is just stupid, he held his harshest criticisms for the way embedded systems manufacturers seemed happy to sling insecure systems into the world and, even with known vulnerabilities, decline to issue fixes.
UPnP remains, unsurprisingly, a big vector. “Two out of the top three UPnP stacks are exploitable,” Moore said – representing 63 percent of the devices in which UPnP is visible to the outside world. Then there’s Web servers, many of them embedded, and vulnerable SNMP systems.
Of SNMP, he noted that there are 75 million vulnerable systems worldwide (in Australia, oddly, the most common being a Campbell Scientific soil data logger), and he asserted that six percent of all Cisco devices visible on the Internet offered SNMP read access – making user ID and password exposures a cinch.
The length of the supply chain in the embedded/consumer system market is also problematic: the embedded software might ship from one vendor, be turned into a module by a second vendor, integrated into a finished system by a third, and branded by a fourth – none of which seem willing to protect end users who may not even own the vulnerable product (for example because it’s a cable modem).
“We’re going to have some really nasty incident … then there’ll be a knee-jerk reaction” before things are fixed, he said. ®
Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/22/unpatched_embedded_system_threats/
Swiss software firm Vasco has bought Cambridge-based banking security specialist Cronto in a deal valued at up to £14.5m.
Vasco will pay $19.3m (€15m, £12.7m), and a further $2.6m (€2m, £1.8m) depending on future earnings, to get its hands on the British upstart’s malware-defeating technology. Its software attempts to shield online transactions from any eavesdropping or interfering Trojans lurking on bank customers’ PCs. Germany’s Commerzbank AG and Switzerland’s Raiffeisen bank use the tech – also known as photoTAN – to combat fraud.
Cronto began life in 2005 as a University of Cambridge spin-out, and offers either a mobile application or a dedicated device to scan a “CrontoSign” image shown by a bank’s website during a transaction.
Details about the payment are encoded in the picture and, when extracted by the app or device, the information is shown on the phone or handheld for the customer to manually check. If all the details are correct, the image data is used by the app or device to generate an authorisation code, which is typed into the bank website for the financial institution to process and confirm the transaction – having generated the image, the bank will know which authorisation code to expect.
This is supposed to ensure that any miscreant’s attempt to alter a payment on the user’s PC (such as changing the destination account number) is detected: the correct authentication code required to confirm a money transfer is only known to the bank and the customer, not the PC which may be compromised.
Thus, the technology is said to thwart man-in-the-browser attacks, as used by the infamous ZeuS banking Trojan and other data-intercepting malware, as well as phishing and other methods of social engineering.
The CrontoSign system will eventually be merged into Vasco’s MyDigipass corporate security platform. The Swiss biz is best known for its two-factor authentication for secure email login and such stuff, which competes with gear from the likes of RSA Security. The Cronto deal will allow it to branch out to become a business-to-consumer authentication services provider.
In a canned statement, Dr Elena Punskaya, Cronto’s co-founder and CTO, added: “The combination of the experience and RD capacity will allow Cronto and Vasco to continue to identify new opportunities and implement the market vision, taking advantage of Cronto’s position in Cambridge, UK – an undisputed centre in the global innovation landscape.” ®
Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/22/vasco_crontosign_buy/
Web security outfit Blue Coat Systems is buying Big Data security, intelligence and analytics firm Solera Networks.
Solera’s DeepSee platform offers security analytics and forensic capabilities to help defend against advanced persistent threats (APTs) and targeted malware attacks. Solera has created a type of CCTV system for network traffic that records a detailed record of packets, flows and files across corporate systems.
This data can be mined by customers to identify and resolve APTs using the various analysis tools built into Solera’s platform. DeepSee will be added to Blue Coat’s existing web-based threat intelligence roster, so customers can proactively block threats and rapidly identify, respond to and recover from any data breach or similar security incident.
Blue Coat’s premise is that malware infection on corporate systems is more or less inevitable. The trick to beating them, according to Blue Coat, is to rapidly detect and block the spread of malware-based attacks using a combination of network traffic analysis and forensic tools. Other companies, such as SourceFire, share Blue Coat’s vision.
Applying Big Data techniques to try to make sense out of security threats is a route that has also been taken by RSA Security and IBM, as The Register‘s security desk previously reported.
To identify threats hidden in encrypted traffic, Solera integrated its DeepSea platform with SSL technology from Netronome, which Blue Coat acquired earlier this month. Blue Coat also launched an SSL Visibility appliance on Tuesday, marking the first fruits of its Netronome purchase. The tie-in allows enterprises to analyse and block threats hidden in encrypted traffic.
Solera’s customers are the US Departments of Energy, Homeland Security and Defense, Hitachi, Qualcomm, Overstock.com and Zions Bank. Blue Coat started out as a provider of web security, URL blocking and WAN optimisation products.
The deep packet inspection capabilities of its products have proved to be of interest not just to corporates, but to ISPs and government in countries with patchy records on human rights, including Bahrain, Burma (Myanmar), China, Saudi Arabia, and Venezuela.
Use of Blue Coat’s censorware technology by these countries prompted campaign group Reporters Without Borders to categorise Blue Coat as one of five “Corporate Enemies of the Internet” back in March.
Financial terms of Solera’s acquisition by Blue Coat, which was announced on Tuesday, were not disclosed. ®
Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/22/blue_coat_buys_solera/
Guantanamo Bay Naval Base, the enclave of Cuban territory leased by the US government, has switched off its WiFi service and cut access to social networks for fear of attack by Anonymous.
The hacktivist group recently set #OpGTMO in train, pledging to “shut down Guantanamo”.
That’s probably not a reference to the whole of the Naval base, which the US intends to keep operating. The detention facilities at the base, where many prisoners have been held for years without trial or charge, is Anonymous’ target. Several prisoners at the facility are currently on hunger strike, protesting their long detention, often without charge or prospect of trial.
US President Barack Obama pledged to shut down the detention facilities during his first presidential election campaign but is yet to do so. The legal contortions used to justify the prisons’ creation and the internees’ detentions have proved hard to undo or remake in a timely fashion. Critics also say it remains useful for the USA to keep the legal black hole that is Gitmo alive.
Associated Press now reports that Anonymous’ threat has seen the prison shut down its WiFi.
It’s unclear why: the naval base does include some housing for military personnel’s families, but civilian access to the base is controlled. It’s hard to know if that housing is within WiFi range of the prisons, but it seems highly unlikely Anonymous operatives could get anywhere near the base’s access points, making an an attack on that vector unlikely.
A ban on social media is easier to explain: who’d want Instagram pics of escaped prisoners roaming the streets if Anonymous does succeed in cracking open a Gitmo prison? ®
Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/22/gitmo_wifi_shutdown/
AusCERT 2013 One of the reasons we can’t have nice things like a secure Internet is that vendors of consumer kit can’t be bothered.
That’s the conclusion The Register reaches after listening to a presentation by HD Moore, author of Metasploit and now chief research officer at Rapid7, at the AusCERT 2013 security conference today.
Moore told delegates that while systems administrators might be doing a decent job of protecting their systems (actually, too many aren’t – they leave things like default passwords open, for example), it becomes almost irrelevant in the face of the threats created by modems, routers, phones, because vendors of embedded systems in general just don’t care.
“You can probably own five percent of the total Internet without even blinking,” Moore said.
Without detailing Moore’s entire research methodology, he presented the results of a large-scale scan of the IPv4 address space, looking at TCP and UDP services, and turning up “endemic” vulnerabilities.
While people leaving unauthenticated Telnet open to the world is just stupid, he held his harshest criticisms for the way embedded systems manufacturers seemed happy to sling insecure systems into the world and, even with known vulnerabilities, decline to issue fixes.
UPnP remains, unsurprisingly, a big vector. “Two out of the top three UPnP stacks are exploitable,” Moore said – representing 63 percent of the devices in which UPnP is visible to the outside world. Then there’s Web servers, many of them embedded, and vulnerable SNMP systems.
Of SNMP, he noted that there are 75 million vulnerable systems worldwide (in Australia, oddly, the most common being a Campbell Scientific soil data logger), and he asserted that six percent of all Cisco devices visible on the Internet offered SNMP read access – making user ID and password exposures a cinch.
The length of the supply chain in the embedded/consumer system market is also problematic: the embedded software might ship from one vendor, be turned into a module by a second vendor, integrated into a finished system by a third, and branded by a fourth – none of which seem willing to protect end users who may not even own the vulnerable product (for example because it’s a cable modem).
“We’re going to have some really nasty incident … then there’ll be a knee-jerk reaction” before things are fixed, he said. ®
Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/22/unpatched_embedded_system_threats/
The Chinese hackers involved in the Operation Aurora attacks revealed by Google in 2010 may have accessed top secret information on US surveillance targets in the country including suspected foreign spies and terrorists, it has emerged.
Speaking anonymously to the Washington Post, “US officials” familiar with the infamous data breach said that the hackers may have gained valuable intelligence by accessing a highly sensitive database detailing court orders authorising the surveillance.
Although they said it was unclear how much the attackers managed to find out, such info could theoretically help a foreign power identify which of their operatives were under investigation.
“Knowing that you were subjects of an investigation allows them to take steps to destroy information, get people out of the country,” one official told the DC-based paper.
The findings echo comments made by Dave Aucsmith, senior director of Microsoft’s Institute for Advanced Technology in Governments, at a Washington conference last month.
He revealed that an attempt was also made to breach Redmond’s systems to find out which email accounts “we had lawful wiretap orders on”, according to CIO.
When Google revealed the Aurora breach back in January 2010, the first time a major company had named and shamed Chinese hackers for an attack, chief legal officer David Drummond claimed: “we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists.”
The firm even used the attacks, which it was careful never to attribute to the Chinese government, as one of its reasons to largely shutter its China search business, moving its servers to neighbouring Hong Kong.
The Chocolate Factory is offering no comment on these new revelations but if accurate, they don’t reflect too well on the effectiveness of its information security defences at the time.
Former CIA officer and SANS guest editor Christopher Burgess argued that Google should at least have expected something like this to happen:
If the PRC learned that their officers or surrogates were being subjected to official US Government inquiry via review of the Google data stores, they could follow two paths: tone down and extract the individual, or light up and misdirect the US security services. A key point is that any service provider which is subject to lawful intercept inquiries by the US Government (in this case for counter-intelligence purposes) has had fair warning – you are the target of nation states’ CI programs.
®
Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/22/google_aurora_hack_spy_data_nabbed/
Twitter accounts run by the Daily Telegraph were hijacked by pro-Assad hacktivists from the Syrian Electronic Army briefly on Monday evening.
The UK broadsheet’s Facebook account was also purloined by group in the latest in a growing line of similar attacks against high-profile media outlets including the FT, The Guardian, Associated Press, CBS, the BBC, Al Jazeera and even satirical magazine The Onion.
The hijacked @TelegraphNews Twitter account was used to punt pro-Assad propaganda as well as to brag about the reported takeover of other accounts including @TelegraphArt, @TelegraphFilm, @Tele_Comedy, @TelegraphSport, and @TelegraphBooks.
The offending messages were quickly purged after control of the affected accounts was wrested away from the hackers. However, a record of the offending messages can be found on the personal blog of veteran infosec expert Graham Cluley here.
We don’t know how the @TelegraphNews Twitter feed was hacked, although a determined multi-stage phishing campaign akin to that successfully performed by the same group against The Onion is the most likely explanation.
The SEA’s attack on The Onion ultimately succeeded in extracting passwords for email accounts charged with running social media feeds, at which point hackers would obviously have gained complete control over these profiles, allowing them to post whatever they wanted.
Twitter has told media organisations to be wary of this type of attack but until it introduces two-factor authentication, experience suggests this sort of account-hijacking assault will continue to be a useful outlet for propaganda for hackers affiliated with the SEA, who appear to have cornered the market for this sort of thing. ®
Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/21/sea_hijacks_telegraph_twitter_feeds/
Security researchers have uncovered what appears to be a sophisticated targeted attack launched from India and designed to steal information from a range of government and private enterprise victims in Pakistan, China and elsewhere.
What began as an investigation into an attack on Norwegian operator Telenor soon uncovered evidence to show attackers probably hailing from India had been lifting info from business, government, poltical organisations for as long as three years.
Norwegian anti-malware firm Norman AS claimed in its Operation Hangover (PDF) report that although the attack infrastructure appeared “predominantly to be a platform for surveillance against targets of national security interest (such as Pakistan)”, as well as industrial espionage, there is no direct evidence to link it to state-sponsored players.
Attackers used spear phishing techniques, exploiting known Microsoft software vulnerabilities – no zero days – to drop info-stealing malware dubbed “HangOver” onto victims’ machines.
Finding readable folders on a number of CC servers, the researchers dug deeper to discover several malicious executable digitally signed with a certificate which had been revoked in 2011.
Domains registered by the attackers were almost all privacy protected, while “almost all websites belonging to this attacker has their robots.txt set to ‘disallow’ to stop them from being crawled”, the report continued.
However, the attack is far from advanced, according to security firm Eset, which has also been investigating.
“String obfuscation using simple rotation (a shift cipher), no cryptography used in network communication, persistence achieved through the startup menu and use of existing, publicly-available tools to gather information on infected systems shows that the attackers did not go to great lengths to cover their tracks,” the vendor said in a blog post.
The researchers at Norman explained how the initial Telenor attack allowed them to widen the investigation, as follows:
We have direct knowledge of only one attack – the one against Telenor. During this investigation we have obtained malware samples and decoy documents that have provided indications as to whom else would be in the target groups. We have observed the usage of peculiar domain names that are remarkably similar to existing legitimate domains. We have also obtained sinkhole data for a number of domains in question and found open folders with stolen user data in them; enough to identify targets down to IP and machine name/domain level.
These IP addresses hail from a large range of countries globally including China, Russia, France and the US but the vast majority correspond to Pakistan.
Aside from Telenor the report listed other attack targets as energy companies the Eurasian Natural Resources Corporation (ENRC) and Bumi; Porsche Informatik; and Chicago Mercantile Exchange.
“The continued targeting of Pakistani interests and origins suggested that the attacker was of Indian origin,” the report concludes.
Interestingly, an analysis of the project paths for malware creation revealed a highly organised operation in which “multiple developers are tasked with specific malware deliverances”:
There are many diverging project paths which points towards different persons working on separate sub-projects, but apparently not using a centralised source control system. The projects seem to be delegated into tasks, of which some seem to follow a monthly cycle.
The report also points out that the word “Appin” crops up in various contexts and cases, including malware file names, speculating some actor may be deliberately trying to implicate Indian security company Appin Security Group in the attacks.
The company has now issued a warning notice on its home page urging the public “not to be misled by any communication received through fictitious domains which are purportedly being made by, or on behalf of, our company”.
It also sent a strongly worded statement to The Hacker News claiming the reference to Appin in the report was a “marketing gimmick on the part of Norman AS” and that it has already initiated legal proceedings against the Norwegian firm. ®
Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/21/hangover_india_apt_discovered/
The Stuxnet worm may have actually pushed forward Iran’s controversial nuclear programme over the long term.
That’s according to a report published by the Royal United Services Institute, an influential defence think tank in the UK.
The infamous worm infected systems at Iran’s uranium enrichment facility at Natanz in 2009 and 2010, hobbling high-speed centrifuges after infecting computers connected to SCADA industrial control systems at the plant.
The sophisticated attack, seen as an alternative to a military strike against the facility, is credited with putting Iran’s nuclear programme back by between 18 months to two years. The malware worked by infiltrating the SCADA systems used to run the high-speed gas centrifuges. It then randomly, and surreptitiously, speeded them up and slowed them down to induce seemingly random, but frequent, failures.
However, a journal article published by the Royal United Services Institute (RUSI) claims that Iranian authorities redoubled their efforts after Stuxnet was discovered, so that production of fissile material went up – rather than down – a year after the SCADA-busting worm was discovered.
The malware acted as a wake-up call that prompted the Iranians to throw more resources at the nuclear project, bonded personnel together and prompted security audits that uncovered vulnerabilities that might otherwise have gone unnoticed, the Daily Telegraph also noted.
The Obama administration last year leaked its role in developing Stuxnet as part of a wider US-Israeli effort, codenamed Operation Olympic Games, that began under the presidency of George W. Bush. Public revelation of this suspected role thwarted the slim possibility of a diplomatic resolution to Iran’s nuclear ambitions, while acting to put the country closer towards a war footing with Israel.
The Washington-based Institute for Science and International Security claimed in February 2011 that Stuxnet likely destroyed about 1,000 IR-1 centrifuges, out of 9,000 deployed at Natanz.
Yet Ivanka Barzashka, an academic at King’s College, London, who penned the RUSI article, reckons the initial impact of the worm has been overestimated by those left somewhat awestruck by the effect of the world’s first cyber-weapon.
“While Stuxnet may have had the potential to seriously damage Iranian centrifuges, evidence of the worm’s impact is circumstantial and inconclusive,” she wrote in the RUSI journal. “Related data shows that the 2009 version of Stuxnet was neither very effective nor well-timed and, in hindsight, may have been of net benefit to Tehran.”
Barzashka’s analysis is primarily based on publicly available data from the International Atomic Energy Agency (a dedicated “IAEA and Iran” microsite is available here).
Iran decommissioned and replaced about 1,000 high-speed IR-1 centrifuges at its fuel enrichment plant (FEP) at Natanz over just a few months starting late in 2009. But since August 2010 the number of operational machines at Natanz has been “steadily growing”, as Barzashka claimed in her piece:
Iran began enrichment to 20 per cent in one IR-1 cascade at the Pilot Fuel Enrichment Plant at Natanz in February 2010, ostensibly to manufacture its own fuel for the Tehran Research Reactor, which is used to produce medical isotopes. This development shows that Iran was able to successfully install and operate new machines in early 2010, between the first and second Stuxnet attack waves. If Stuxnet was the cause of the drop in machine numbers at block A26, it had no effect on Iran’s ability to operate and install new IR-1 centrifuges several months later.
The Natanz FEP began operation in February 2007, but prior to Stuxnet could only produce enrichment levels of 3.5 per cent, which is suitable only as low-grade reactor fuel. Barzashka explained that IAEA physical inventory data on the number of centrifuges installed at the Iranian facility are potentially misleading because machines have constantly been installed and upgraded over time.
“Calculations show that performance at the FEP – measured as separative capacity – has increased every year since the beginning of operations in 2007,” she writes. “Data for the 2010 reporting period – from 22 November 2009 to November 2010 – are no exception. In fact, uranium-enrichment capacity grew during the time that Stuxnet was said to have been destroying Iranian centrifuges.”
Barzashka concluded:
Iran produced more enriched uranium, more efficiently: the entire plant’s separative capacity per day increased by about 40 per cent, despite the fluctuations in centrifuge numbers.
In January 2010, Iran was running 1,148 centrifuges fewer than it had operating seven months earlier, in May 2009. In August 2010, IAEA inspectors counted the same number of machines as in August 2008, giving rise to the probable source of the claim that Stuxnet set back Iran’s enrichment programme by two years.
Both of these raw figures are misleading, according to the defence analyst.
Barzashka reckons that while Stuxnet might have temporarily slowed Iran, at least in 2009, its operations emerged from the aftermath of the worm leaner and meaner. Its technicians improved centrifuge performance before achieving higher concentrations and greater volumes of enriching uranium than before.
Worse yet, the Iranians are far more wary about – and better prepared to defend against – future cyber-attacks against their nuclear facilities by possible successors to Stuxnet.
“Iran’s uranium-enrichment capacity increased and, consequently, so did its nuclear weapons potential,” Barzashka wrote. “The malware – if it did in fact infiltrate Natanz – has made the Iranians more cautious about protecting their nuclear facilities,
“The malware did not set back Iran’s enrichment programme, though perhaps it might have temporarily slowed down Iran’s rate of expansion. Most importantly, Stuxnet or no Stuxnet, Iran’s uranium enrichment capacity increased and, consequently, so did its nuclear weapons potential.” she concludes.
Former Foreign Secretary Sir Malcolm Rifkind criticised Barzashka’s report before stressing that bilateral diplomatic talks between the US and Iran remain the best way to address Iran’s nuclear ambitions.
“Part of the objective of many people in the international community has been to stop, or if you can’t stop, to slow down the Iranian nuclear programme,” Rifkind, chairman of Parliament’s Intelligence and Security Committee told the Telegraph. “In so far as Stuxnet may have done that, and I emphasise may have done that, it was a plus.”
“What is undoubted is that it [Stuxnet] significantly slowed down the enrichment process,” he added. ®
Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/21/stuxnet_helped_iran_says_boffin/
Heavyweights of the cryptographic world have lined up behind a campaign against proposed US wiretapping laws that could require IT vendors to place new backdoors in digital communications services.
Technical details are vague at present, but the planned law could mandate putting wiretap capabilities in endpoints to cover everything from instant messaging and chat to services such as Skype, Google Hangouts and even Xbox Live.
The plan to update the Communications Assistance for Law Enforcement Act (CALEA) comes as part of proposals to update US wiretapping laws drafted in the 1990s, which were designed to apply to telephone exchanges and switching equipment.
Critics of the proposed law – including cryptographer Bruce Schneier and Phil Zimmermann, the creator of email encryption package PGP – argue that any backdoor would be open to abuse by hackers, including foreign governments. Any such system would necessarily make software both more complex and harder to secure, as well as posing a privacy risk.
Advocates of updating CALEA say it should apply to encrypted VoIP channels, P2P and instant mobile messaging services to help fight organised crime and terrorism. The FBI argue the net is “going dark” to them, thanks to encryption technologies which render valid wiretapping warrants useless.
Computer scientists argue that the opposite is closer to the truth: information about people’s movements and communications is more freely available than ever before, thanks to social networking and smartphones. Through moves such as the proposed “CALEA II” law, US agencies are getting closer to achieving their goal of real-time tapping of online communications. We are, therefore, living in a golden age of state surveillance.
In addition, critics point out that CALEA-mandated systems have been abused. For example, eavesdroppers tapped the mobile phones of the then Prime Minister of Greece, Kostas Karamanlis, his cabinet ministers and security officials for about nine months between June 2004 and March 2005 around the time of the Athens Olympics.
The spies used CALEA backdoors on Vodafone Greece switches to illegally plant spyware so that conversations were relayed to 14 “shadow” pay-as-you-go mobile phones.
The Greek newspaper Kathimerini on Sunday revealed in 2011 that four of those phones were originally purchased by the US embassy, although the eavesdroppers were never traced. In a similar case, ATT’s CALEA controls went through a Solaris machine that was rooted by hackers, giving crooks the ability to tap into calls.
Critics of CALEA also point out that if endpoint wiretaps were mandated in the US there would be nothing to stop software developers creating non-compliant software elsewhere, and then releasing it as open source code. There would be no way of preventing this technology from being imported into the US and rendering the whole proposal largely pointless – at least, when applied against criminals and terrorists.
In this scenario, the general population and corporate users would be using technology that is easier for hostile parties to wiretap, the crypto boffins warn (PDF, 7 pages).
The FBI’s desire to expand CALEA mandates amounts to developing for our adversaries capabilities that they may not have the competence, access, or resources to develop on their own. In that sense, the endpoint wiretap mandate of CALEA II may lower the already low barriers to successful cybersecurity attacks.
We believe that on balance mandating that endpoint software vendors build intercept functionality into their products will be much more costly to personal, economic and governmental security overall than the risks associated with not be ing able to wiretap all communications.
Weakening device security makes users more vulnerable to criminals and spies without really inconveniencing terrorists or fraudsters, even for those who trust US government agencies not to abuse increased wiretap powers.
Ed Felten, one of the computer scientists opposed to wiretapping endpoints – be they on smartphones or PCs – summarises the reservations of crypto-boffins in a blog post here.
“The plan would endanger the security of US users and the competitiveness of US companies, without making it much harder for criminals to evade wiretaps,” Felten explains. ®
Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/21/crypto_boffins_oppose_fed_backdoors/
TrackBack URI