Sep 6, 2013

What To Take Away From NSA Leaks In Regards To Security and Privacy

English: Anonymous Español: Anonymous
(Photo credit: Wikipedia)
We all know of Edward Snowden's Prism leak by now. I mean, I've been writing about it quite a bit, but there are other revellations from Snowden's original leak that keep seaping out, mainly to boost the readership of The Guardian. If the latter wasn't the case, they would dump all the information at once wouldn't they?

With Prism we learned that the NSA made deals with big technology companies like Google, Microsoft and Yahoo to get direct server access to your data. In a recent revelation on Wired we learned that the NSA prefers to gain control over routers, and networking devices rather than workstation so they can gather data from multiple sources rather than just one. In the latest NSA revelation, we learn of a program called Project Bullrun which once again shows collusion with technology companies, this time to help them put a backdoor into commercial encryption solutions, primarily (From what I can tell) SSL.

Let us also not forget what Snowden said himself in an Ask Me Anything session on Reddit:
Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.
So with all of these revelations I've come to the following three conclusions about the NSA's capabilities, and what we can still do to protect our privacy:
  • You can't trust commercial security, you MUST use Open Source (Unless it's issued by the NSA).
  • SSL/TLS is not good enough. You must use alternative non-commercial encryption methods where you control the key generation, and web of trust (Such as using GPG).
  • Endpoint security is paramount! End-to-end encryption is not enough, you must harden your systems.
Do you agree with my assessments? Do you have anything to add? Sound off in the comments!
Enhanced by Zemanta

Twitter Delicious Facebook Digg Stumbleupon Favorites More

Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam