| Author |
Message
|
| bruce2359 |
 Posted: Thu Jan 09, 2014 11:13 am Post subject: How secure is our encrypted data? |
 |
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
http://www.reuters.com/article/2013/12/20/us-usa-security-rsa-idUSBRE9BJ1C220131220
Edward Snowden’s disclosures about invasive NSA surveillance programs have already cast a shadow over this year’s event. Reuters reported in December that RSA, one of the most influential encryption companies among customers seeking to hide their internet activity, accepted $10 million from the NSA to make an agency-authored algorithm the primary technique used to generate random numbers in an RSA encryption product.
This algorithm, dubbed the Dual Elliptic Curve, effectively gave the NSA a “backdoor” it could use to monitor users who thought they were using RSA’s product to hide from prying eyes. When Reuters published this information, RSA claimed it had never asserted it had no relationship with the intelligence community and refuted accusations that RSA intentionally weakened its own security.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
 |
| mqjeff |
| Posted: Thu Jan 09, 2014 11:22 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
|
| Back to top |
|
|
| Vitor |
| Posted: Thu Jan 09, 2014 4:13 pm Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| mqjeff wrote: |
| too many sneakers. |
Are cow mutilations up again?
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| Michael Dag |
| Posted: Mon Jan 13, 2014 4:16 pm Post subject: |
|
|
Jedi Knight
Joined: 13 Jun 2002
Posts: 2607
Location: The Netherlands (Amsterdam)
|
|
| Back to top |
|
|
| bruce2359 |
| Posted: Mon Jan 13, 2014 4:33 pm Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
... and it was met with an equal amount of apathy.
Is no one (else) concerned that our so-called secure data may be exposed?
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Mon Jan 13, 2014 6:55 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
of course it is exposed. However as long as the government is not in the business of being my competition do I need to care?
What are the implications of my data being exposed to governmental oversight if I am not breaking the law??
There is paranoia and paranoia... 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| Michael Dag |
| Posted: Tue Jan 14, 2014 1:29 am Post subject: |
|
|
Jedi Knight
Joined: 13 Jun 2002
Posts: 2607
Location: The Netherlands (Amsterdam)
|
| fjb_saper wrote: |
of course it is exposed. However as long as the government is not in the business of being my competition do I need to care?
What are the implications of my data being exposed to governmental oversight if I am not breaking the law??
There is paranoia and paranoia... |
Wow!!! 
_________________
Michael
MQSystems Facebook page |
|
| Back to top |
|
|
| Michael Dag |
| Posted: Tue Jan 14, 2014 1:34 am Post subject: |
|
|
Jedi Knight
Joined: 13 Jun 2002
Posts: 2607
Location: The Netherlands (Amsterdam)
|
| bruce2359 wrote: |
... and it was met with an equal amount of apathy.
Is no one (else) concerned that our so-called secure data may be exposed? |
yep, didn't get that either ... if there is something that can easily break the encryption, someone else can do / find it too and then what?
I realise in today's world nothing is secure, but lately there is so much info coming about which to me implies that what we think is 'secure enough' are just a bunch of 'painted locks'... 
_________________
Michael
MQSystems Facebook page |
|
| Back to top |
|
|
| smdavies99 |
| Posted: Tue Jan 14, 2014 3:33 am Post subject: |
|
|
Jedi Council
Joined: 10 Feb 2003
Posts: 6076
Location: Somewhere over the Rainbow this side of Never-never land.
|
| fjb_saper wrote: |
of course it is exposed. However as long as the government is not in the business of being my competition do I need to care?
What are the implications of my data being exposed to governmental oversight if I am not breaking the law??
There is paranoia and paranoia... |
Oh dear... where do I start...
Take one example.
you work for Company A. Your fiercest rival, Company B bribes a gov official to snoop on your emails and messages sent to your overseas subsidiaries. This is passed to Company B who sees things like who your customers are, suppliers are, how much you are paying for 'stuff'. Industrial Espionage.
What if you are both bidding for a lucrative DOD deal? Wouldn't it hurt your company to for the opposition to know how your company does stuff internally so that they can work out your costs and thus win the bid buy undercutting your price by say $10 per item?
What if the DOD gets its hand on your internal pricing? They can go into negociations with you knowing just how far they can push you befreo you bleed red ink on the deal.
etc
etc
etc
you might think that this is the realms of James bond but I can tell from first hand experience that 'Careless Talks Costs Jobs'.
I overheard a conversation between two Gov Officials on a train as they were returning to their office after meeting a supplier who was trying to sell a something to the Gov. They were openly boasting about how they had inside information that would ensure that the company was going to lose money one each item.
I reported this to the boss of the company who went ballistic and he pulled his company out of the deal in a very public manner. If they had won the contract at the price the Gov demanded he would have had to close the company down soon after completing the order.
In the end the gov bought the item from them but at a manageable profit for the maker who is still in business and supports the 'things' they sold all those years ago.
_________________
WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995
Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions. |
|
| Back to top |
|
|
| Vitor |
| Posted: Tue Jan 14, 2014 5:51 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| smdavies99 wrote: |
| you work for Company A. Your fiercest rival, Company B bribes a gov official to snoop on your emails and messages sent to your overseas subsidiaries. This is passed to Company B who sees things like who your customers are, suppliers are, how much you are paying for 'stuff'. Industrial Espionage. |
This is no different to Company B bribing someone in Company A who a) has access to the information or b) has access to the security artifacts used to secure Company A. It's still Industrial Espionage and that's how it was done in my day, when you had to photocopy / photgraph the documents because they were produced with things called "typewriters" that didn't keep an online copy.
Secure data is an illusion. Security is a process which includes technical tools, staff monitoring processes (e.g. checking for robust passwords) and mitigation for leaks.
I've lost count of how many client systems (including queue managers) I've managed to hack into over the years thanks to nothing more than weak passwords. In my defence, in each case I was working for the client in question and had simply got sick of waiting for the form granting my offical access to be granted but the principle holds.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| exerk |
| Posted: Tue Jan 14, 2014 6:45 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
Perhaps the only answer is to make systems so secure as to be unusable...
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Tue Jan 14, 2014 8:19 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
| fjb_saper wrote: |
| ... as long as the government is not in the business of being my competition do I need to care? |
The NSA has emerged not as a competitor, but as an adversary.
With its political and oversight clout, it (the government) has corrupted our backbone carriers and ISPs to disclose our raw data. It has imbedded sub-standard random-number generator software in industry-standard encryption algorithms. It has done so, while forcing hardware/software manufacturers to remain silent about their involvement.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| Vitor |
| Posted: Tue Jan 14, 2014 8:35 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| bruce2359 wrote: |
| fjb_saper wrote: |
| ... as long as the government is not in the business of being my competition do I need to care? |
The NSA has emerged not as a competitor, but as an adversary.
|
So you don't subscribe to the view of government of the people by the people for the people in the current geo-political circumstance?
Governments have been spying on their citizens since there was such a thing as government. Like everything else today, it's just been automated.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| Vitor |
| Posted: Tue Jan 14, 2014 8:39 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| Sir Winston Churchill wrote: |
| It has been said that democracy is the worst form of government except all the others that have been tried. |
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Tue Jan 14, 2014 9:33 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
@smdavies...
I am so disappointed in you...
Why the h$*! would the competition need to bribe a government employee to get my keys when it is so much easier (in terms of guaranteeing the succes) to bribe the official overseeing the allocation of the contrat. (And maybe even cheaper?)...
And if you are naiive enough to send company secrets via electronic transmission.... well shame on you....
That's why they created couriers... Like when you're transporting diamonds from Amsterdam to NY...
_________________
MQ & Broker admin |
|
| Back to top |
|
|
|
|
