Tag

nasa

Browsing

The Daily Beast digs deep into the the basics behind Logjam-type vulnerabilities and asks an intriguing question: is this The NSA’s Secret to cracking secure communications such SSL?:

Yet slides in the Snowden documents revealed the NSA’s astonishing success in exploiting IPSec. The researchers outlined an approach which, although requiring the construction of a dedicated supercomputer, lies within the NSA’s grasp. Diffie-Hellman uses a prime number in its computation, and although there are an astonishing number of usable primes, most systems use a standard prime number.

The basic idea is to do a nearly astronomical amount of work precomputing partial answers needed to break any connection associated with a given prime number and then, because most systems use a common prime number, perform only a little more work to crack any given connection. So with a huge amount of initial work and money, but only a modest amount of work per connection, the NSA could break two-thirds of the IPSec connections on the planet—opening up an untold number of corporate VPNs.

The researchers have no direct evidence that the NSA did this, but I believe their suspicions are well founded. The NSA is not made up of magicians, and all its successes must have a prosaic explanation. If the NSA did indeed discover this technique unnoticed, its failure to disclose is yet more evidence that the NSA does not care about the security of non-classified systems; it would rather spend hundreds of millions of dollars developing a cracking system than simply notifying the world how to secure U.S. businesses before some other foreign intelligence service discovers the same thing.

Iain Thomson of The Register on the latest from the Snowden treasure trove. This time the report is about surreptitious malware implants by the NSA in Android app stores:

According to a presentation released from the Snowden archive to The Intercept the so-called “5 Eyes” nation’s intelligence agencies – from the US, UK, Canada, Australia, and New Zealand – spent 2011 and 2012 working out ways to subvert connections to popular app stores, such as those run by Google and Samsung, in a project dubbed IRRITANT HORN.

That the intelligence services are working on software that can subvert iOS, Android and other smartphone operating systems isn’t new. But the presentation details how operatives could intercept communications between app servers and customers to install code that could harvest personal information and even display disinformation on handsets.

The spur for this effort was the Arab Spring uprisings in the Middle East and Africa. The intelligence agencies reasoned that in such a situation then it needed to be able to put out software that could influence actions on the ground.

Just another day at Ft. Meade, MD.

In the late 80’s, NASA joined forces with the Associated Contractors of America (ALCA) to research the most effective household plants for removing toxic agents from the air. The study found some plants were very effective at filtering out evil like benzene, ammonia and formaldehyde from the air, helping to neutralize the effects of sick building syndromeThis infographic is the Cliff Notes version of that study.