Affichage des articles dont le libellé est security. Afficher tous les articles
Affichage des articles dont le libellé est security. Afficher tous les articles

2013/11/19

We are Polluted by the Pervasive IT Unsecurity - Washington NSA broke Internet’s security for everyone


 All Internet infrastructures, OS and devices are not only unsecured or targetable. Because security shortcomings have been voluntarily and wildly dispersed, the whole digital environment is now deeply polluted by efficient but still unpublished back-doors and weaknesses. 
The control of this global infrastructure, and of its private content, is potentially the winning price offered by a rogue state to any organisations able to find each hack. A new hidden race is ongoing. 

"In its haste to "weaponize" the Internet, the NSA has broken its mechanisms of security. And those breaks—including the backdoors that the NSA convinced or coerced software developers to put into the implementations of their encryption and other security products, are so severe that it is now just a matter of time before others with less-noble causes than fighting terrorism will be able to exploit the holes the NSA has created.
Schneier said that the vulnerabilities inserted into security products by the NSA through its BULLRUN program could easily be exploited by criminals and other nation-states as well once they are discovered. And the other attacks and surveillance methods used by the NSA " will be tomorrow's doctoral theses and next week's Science Fair projects."
But with Congress focused on the woes of the Affordable Care Act, it's not clear if anyone other than those already friendly to Schneier's message was listening." (1)

I am listening.
Any state able to catch this should officially ask the US government to force the NSA to collaborate back with IETF and vendors as soon as possible in order to patch, to publish and to document each and every backdoor or weakness added into implementations of algorithms (software and hardware based).
Any person able to catch this should ask himself why the US government is unable to force the NSA to do this.

This would be only the easiest part of the recovery trail. Think about Fukushima: in both cases we only know at this moment the beginning of the story. Environmental contaminations are very complex and they take considerable time to clean up.

Because Internet belongs to all of us the citizens, and does not belong to any organisation, it is very worrying that the US Government has allowed to seriously damage a common good (the first ever artificial common good, by the way): the infrastructure of our digital environment. This government first, but not only one, must then make every effort to repair it right now, as much as it can. If it fails in this task, it would be a failed state.

This is a major topic for Ars Industrialis... and for any people involved in the mastered value of Internet and digital environments for citizens.

Sources:
(1)