Has the NSA Cracked SSL Encryption?
When the New York Times published an article in early September 2013 that hinted at the NSA’s newfound ability to crack Secure Sockets Layer (SSL) encryption codes, the first reaction by many industry watchers was that the agency had achieved open access to online activities ranging from sending and receiving emails to making purchases on Amazon. In the weeks following the article’s release, however, the analysis of “circumstantial” evidence and other NSA activities has led industry experts to question whether the agency has actually decoded the algorithms used for SSL encryption or is using other methodologies for access.
These possible methodologies include:
* Using networks of computers to target specific users and running calculations until a specific code is broken. The successes of these types of attacks are currently assumed to be limited to weaker codes.
* Hacking to get specific algorithmic keys that are used for encryption
* Using legal means, coercion, or intimidation to gain access to encryption keys used by companies that provide internet services
Of the methodologies for gaining access, the use of the threat of legal action is one area that can’t be fortified due to the fact that many smaller companies simply don’t have the resources for lengthy and/or complex court battles. At the same time, leaked documents have revealed that larger internet companies have been cooperating with the NSA regarding access since 2007. Whether that access included the provision of encryption keys is still up for debate.
Prior to the headline grabbing NSA revelations, the Certification Authority Browser Forum, which sets guidelines that govern SSL protocols, had already mandated that customers with 1024 SSL certificates migrate to the new standard of 2048-bit RSA/DSA by the end of 2013 due to concerns that the existing shorter codes had become vulnerable to quantum computing attacks. This change will raise the algorithmic complexity of encryption codes, which will make brute force computing attacks less effective. The question remains, however, whether the NSA will be able to exploit the human aspect of the equation to reach their objectives.
California proposes mandatory kill-switch on phones and tablets
Politicians and law enforcement officials in California will introduce a bill on Friday that requires all smartphones and tablet PCs sold in the state be equipped with a digital “kill-switch” that would make the devices useless if stolen.
Datacenter Relocation & Migration
There are many reasons a business or datacenter might need to relocate and data center relocation can be costly and difficult. Mergers, acquisitions or exploding market success are just a few of the many reasons you might be considering data center migration. You depend on your IT infrastructures to drive your critical business operations. Engaging in Datacenter relocation will likely be the most critical and difficult tasks your company can take on.
Partner with established experts who will create a comprehensive plan. At DCI, our team of certified project managers and engineers offer end-to-end relocation services that save time, reduce expense and minimize risk exposure.
IT Consulting Company | Microsoft & Cisco Consulting | Network Security | Microsoft Exchange Consultant
IT Managers Business Executives Has your technology become unreliable? Look to us for answers. Looking for IT help? We have so…
Visit our new and improved website!
Motorola stunned us a few months ago when it announced plans to develop a modular smartphone through a collaboration called Project Ara, but we’ve yet to see even a prototype of the device. Here at CES, ZTE is showing off its own modular phone concept, named the Eco-Mobius. The model on display is locked behind glass, and try as we did representatives would not remove it from its tomb for a close look. But the concept shows how users could replace the camera, battery, display, and “core” modules. The core includes separate modules for the processor, RAM, storage, and graphics processor.