lunes, 29 de diciembre de 2014
De seguridad II
Esto no es nuevo y me lo comentaron muchas veces.
" For the NSA, encrypted communication -- or what all other Internet users would call secure communication -- is "a threat". "
En el artículo de The Spiegel:
Algunas partes muy buenas para leer.
The Snowden documents reveal the encryption programs the NSA has succeeded in cracking, but, importantly, also the ones that are still likely to be secure.
It's a suggestion unlikely to please some intelligence agencies. After all, the Five Eyes alliance -- the secret services of Britain, Canada, Australia, New Zealand and the United States -- pursue a clear goal: removing the encryption of others on the Internet wherever possible.
As one document from the Snowden archive shows, the NSA had been unsuccessful in attempts to decrypt several communications protocols, at least as of 2012.
In Germany, concern about the need for strong encryption goes right up to the highest levels of the government. Chancellor Angela Merkel and her cabinet now communicate using phones incorporating strong encryption.
Experts agree it is far more difficult for intelligence agencies to manipulate open source software programs than many of the closed systems developed by companies like Apple and Microsoft.
Internet security comes at various levels -- and the NSA and its allies obviously are able to "exploit" -- i.e. crack -- several of the most widely used ones on a scale that was previously unimaginable.
For its part, Britain's GCHQ collects information about encryption using the TLS and SSL protocols -- the protocols https connections are encrypted with -- in a database called "FLYING PIG." The British spies produce weekly "trends reports" to catalog which services use the most SSL connections and save details about those connections. Sites like Facebook, Twitter, Hotmail, Yahoo and Apple's iCloud service top the charts, and the number of catalogued SSL connections for one week is in the many billions -- for the top 40 sites alone.
"the fact that NSA/CSS makes cryptographic modifications to commercial or indigenous cryptographic information security devices or systems in order to make them exploitable" as Top Secret.
Phil Zimmermann wrote PGP in 1991. The American nuclear weapons freeze activist wanted to create an encryption program that would enable him to securely exchange information with other like-minded individuals. His system quickly became very popular among dissidents around the world. Given its use outside the United States, the US government launched an investigation into Zimmermann during the 1990s for allegedly violating the Arms Export Control Act. Prosecutors argued that making encryption software of such complexity available abroad was illegal. Zimmermann responded by publishing the source code as a book, an act that was constitutionally protected as free speech.
Chat mas Seguro
Podría ser uno de los sistemas de correo donde se encriptan los mensajes de punta a punta.