nsa – Page 5 – SSL and internet security news

The NSA Warns of TLS Inspection

November 22, 2019 infossl

certificates, cryptanalysis, encryption, maninthemiddleattacks, nsa, Security technology, tls, trafficanalysis

The NSA has released a security advisory warning of the dangers of TLS inspection: Transport Layer Security Inspection (TLSI), also known as TLS break and inspect, is a security process that allows enterprises to decrypt traffic, inspect the decrypted content for threats, and then re-encrypt the traffic before it enters or leaves the network. Introducing … Read More “The NSA Warns of TLS Inspection” »

Former FBI General Counsel Jim Baker Chooses Encryption Over Backdoors

October 28, 2019 infossl

backdoors, cryptography, cryptowars, cybersecurity, encryption, fbi, lawenforcement, nationalsecuritypolicy, nsa, Security technology

In an extraordinary essay, the former FBI general counsel Jim Baker makes the case for strong encryption over government-mandated backdoors: In the face of congressional inaction, and in light of the magnitude of the threat, it is time for governmental authorities — including law enforcement — to embrace encryption because it is one of the … Read More “Former FBI General Counsel Jim Baker Chooses Encryption Over Backdoors” »

NSA on the Future of National Cybersecurity

October 1, 2019 infossl

cybersecurity, nationalsecuritypolicy, nsa, risks, Security technology

Glenn Gerstell, the General Counsel of the NSA, wrote a long and interesting op-ed for the New York Times where he outlined a long list of cyber risks facing the US. There are four key implications of this revolution that policymakers in the national security sector will need to address: The first is that the … Read More “NSA on the Future of National Cybersecurity” »

The Myth of Consumer-Grade Security

August 28, 2019 infossl

consumerization, encryption, nationalsecuritypolicy, nsa, Security technology, securityengineering, vulnerabilities

The Department of Justice wants access to encrypted consumer devices but promises not to infiltrate business products or affect critical infrastructure. Yet that’s not possible, because there is no longer any difference between those categories of devices. Consumer devices are critical infrastructure. They affect national security. And it would be foolish to weaken them, even … Read More “The Myth of Consumer-Grade Security” »

Evaluating the NSA’s Telephony Metadata Program

August 12, 2019 infossl

academicpapers, fisa, metadata, nationalsecuritypolicy, nsa, phones, Security technology, terrorism

Interesting analysis: “Examining the Anomalies, Explaining the Value: Should the USA FREEDOM Act’s Metadata Program be Extended?” by Susan Landau and Asaf Lubin. Abstract: The telephony metadata program which was authorized under Section 215 of the PATRIOT Act, remains one of the most controversial programs launched by the U.S. Intelligence Community (IC) in the wake … Read More “Evaluating the NSA’s Telephony Metadata Program” »

Palantir’s Surveillance Service for Law Enforcement

July 15, 2019 infossl

datacollection, foia, lawenforcement, nsa, police, privacy, Security technology, surveillance

Motherboard got its hands on Palantir’s Gotham user’s manual, which is used by the police to get information on people: The Palantir user guide shows that police can start with almost no information about a person of interest and instantly know extremely intimate details about their lives. The capabilities are staggering, according to the guide: … Read More “Palantir’s Surveillance Service for Law Enforcement” »

NSA Hawaii

May 24, 2019 infossl

edwardsnowden, intelligence, nsa, Security technology

Recently I’ve heard Edward Snowden talk about his working at the NSA in Hawaii as being “under a pineapple field.” CBS News recently ran a segment on that NSA listening post on Oahu. Not a whole lot of actual information. “We’re in office building, in a pineapple field, on Oahu….” And part of it is … Read More “NSA Hawaii” »

Visiting the NSA

May 22, 2019 infossl

china, cybersecurity, fisa, infrastructure, machinelearning, nationalsecuritypolicy, nsa, privacy, russia, Security technology

Yesterday, I visited the NSA. It was Cyber Command’s birthday, but that’s not why I was there. I visited as part of the Berklett Cybersecurity Project, run out of the Berkman Klein Center and funded by the Hewlett Foundation. (BERKman hewLETT — get it? We have a web page, but it’s badly out of date.) … Read More “Visiting the NSA” »

Another NSA Leaker Identified and Charged

May 9, 2019 infossl

espionage, leaks, nsa, Security technology, whistleblowers

In 2015, the Intercept started publishing “The Drone Papers,” based on classified documents leaked by an unknown whistleblower. Today, someone who worked at the NSA, and then at the National Geospatial-Intelligence Agency, was charged with the crime. It is unclear how he was initially identified. It might have been this: “At the agency, prosecutors said, … Read More “Another NSA Leaker Identified and Charged” »

Leaked NSA Hacking Tools

May 8, 2019 infossl

china, disclosure, hacking, nsa, russia, Security technology, vulnerabilities, zeroday

In 2016, a hacker group calling itself the Shadow Brokers released a trove of 2013 NSA hacking tools and related documents. Most people believe it is a front for the Russian government. Since, then the vulnerabilities and tools have been used by both government and criminals, and put the NSA’s ability to secure its own … Read More “Leaked NSA Hacking Tools” »