by Steve Earle | Sep 9, 2013 | Marketing, Newsletters
Six years ago, two Microsoft cryptography researchers discovered some weirdness in an obscure cryptography standard authored by the National Security Agency. There was a bug in a government-standard random number generator that could be used to encrypt data.
The researchers, Dan Shumow and Niels Ferguson, found that the number generator appeared to have been built with a backdoor — it came with a secret numeric key that could allow a third party to decrypt code that it helped generate.
According to Thursday’s reports by the ProPublica, the Guardian, and The New York Times, classified documents leaked by NSA whistleblower Edward Snowden appear to confirm what everyone suspected: that the backdoor was engineered by the NSA. Worse still, a top-secret NSA document published with the reports says that the NSA has worked with industry partners to “covertly influence†technology products.
That sounds bad, but so far, there’s not much hard evidence about what exactly has been compromised. No company is named in the new allegations. The details of the reported modifications are murky. So while much of the internet’s security systems appear to be broken, it’s unclear where the problems lie.
The result is that the trustworthiness of the systems we used to communicate on the internet is in doubt. “I think all companies have a little bit of taint after this,†says Christopher Soghoian, a technologist with the American Civil Liberties Union.
The latest documents show that the NSA has vast crypto-cracking resources, a database of secretly held encryption keys used to decrypt private communications, and an ability to crack cryptography in certain VPN encryption chips. Its goal: to crack in a widespread way the internet’s security tools and protocols.
David Dampier, the director of the Center for Computer Security Research at Mississippi State University, says it’s “wrong†for companies to add backdoors. But he added that the latest revelations of the government’s alleged decryption capabilities aren’t surprising.
“I think that no encryption created by anyone is going to protect you from everyone. The stronger the encryption the harder they are going to work to decrypt it,†he said. “I don’t care what company is selling you encryption software. Whatever they are going to sell you, it can be decrypted. There’s nothing that is infallible.â€
The reports talk about the NSA’s attempts to exploit software bugs, break codes and accumulate encryption keys — this is all stuff that most security experts expected the surveillance agency to be doing. But here’s the most unsettling part: A leaked excerpt from the agency’s 2013 budget request talks about the NSA working with “US and foreign IT industries to covertly influence and/or overtly leverage their commercial products designs.†The document explicitly says: “These design changes make the systems in question exploitable.â€
Daniel Castro, a senior analyst with the Information Technology and Innovation Foundation, calls the latest leaks disturbing. “We went through this debate with the Clipper Chip, and it was clear where public opinion stood,†he says, referring to a backdoor technology the NSA wanted to install in all encryption two decades ago.
“If these claims are true, and the NSA introduced backdoors into global security standards, this seems like a clear perversion of democracy,†Castro added. “This just further erodes the competitiveness of U.S. tech companies. In particular, I think this enlarges the scope of companies that will suffer backlash since cryptographic standards are often embedded in hardware.â€
Castro wrote a report last month predicting that Snowden’s PRISM revelations could cost the U.S. cloud-computing industry as much as $35 billion over the next three years as companies shied away from U.S. internet service providers, which are said to be providing government access to their servers.
You’ll hear much the same from Dave Jevans, the founder of Marble Security, an enterprise mobile security provider and the former chief executive of IronKey, He says that it “would be extremely bad†for a tech company to give the government a backdoor.
“It may not be the death knell,†he added, referring to Crypto AG, a Swiss encryption companies alleged to have rigged their machines for the NSA in the 1990s. â€They’re still around, but barely.â€
But not everyone thinks that U.S. competitiveness will be hit. The documents talk about the NSA working with foreign companies too. “I don’t think there’s going to be any direct major impact because there aren’t any other countries that are cherubs in all this either,†says Paul Kocher, president of Cryptography Research.
The number generator found in 2007 — called Dual_EC_RNG — was hardly a technical triumph. It was clumsy and slow and never widely used, but it is supported in Microsoft’s Windows operating system.
Microsoft has said in the past that it does not provide the government with “direct and unfettered†access to customer data, and it says much the same today. “We have significant concerns about the allegations of government activity reported yesterday and will be pressing the government for an explanation,†the company said Friday.
But the doubt is still there. And that’s the problem.
By DAVID KRAVETS AND ROBERT MCMILLAN
by Steve Earle | Sep 9, 2013 | Marketing, Newsletters
Over the years, SherlockTech has given away thousands of Dollars in referral cash and with our Lucy Number Poker Chip cash draw.
We’ve been handing out $100 Lucky Number Poker Chips at user group meetings and networking events all over South Florida. Now we are offering all our newsletter readers the opportunity to Earn $100 Cash with SherlockTech Virtual Poker Chip.
We have developed Virtual Poker Chips! It works like this – every time you register for and event through the the SherlockTech Newsletter or the SherlockTech Event Calendar, you will be offed the opportunity to register for a Virtual Poker Chip. Once registered, your V-Chip will be emailed to you. Just keep an eye on upcoming SherlockTech Newsletters of the SherlockTech Facebook page for winning number announcements.
by Steve Earle | Sep 9, 2013 | Marketing, Newsletters
The IT Palooza band is ready to ROCK-n-ROLL again with you!
We need you!
We need guest IT professionals that play music and have some chops in ANY instrument!
Here’s what we need from you:
- You (an IT professional)
- Your instrument(s)
- Your song pick (in your key and arrangement)
- 1-2 night(s) rehearsal in Boca Raton, FL
If you got what it takes, then you are all set to play with The IT Palooza band this December 2013!
If (You_Got_What_It_Takes == true)
ItPaloozaBand = ITPaloozaBand + 1;
Come and join us, show off your chops and have some fun!
http://itpalooza.e2mktg.com/itpalooza-band/
Here are some video clips from IT Palooza 2012:
IT Palooza – Almost Cut My Hair
http://www.youtube.com/watch?v=O5t02tcPFDY
IT Palooza – Folsom Prison Blues
http://www.youtube.com/watch?v=k0jx3GDhu6g
IT Palooza – Mr Jones
http://www.youtube.com/watch?v=uQ_Jzqavpek
IT Palooza – Right Place Wrong Time
http://www.youtube.com/watch?v=DI_4LMoow9A
by Steve Earle | Sep 9, 2013 | Marketing, Newsletters
On Thursday August 29th, the iCoast CIO Council held its yearly cocktail reception and sponsor appreciation evening at the trendy YOLO restaurant in Las Olas, Fort Lauderdale. Sponsors, vendors and iCoast CIO members enjoyed a great evening of networking, food and hospitality.
by Steve Earle | Sep 9, 2013 | Marketing, Newsletters
Come hear about the latest on DotNetNuke from DotNetNuke’s co-founder Joe Brinkman. This should be a great opportunity for getting the details on the latest with DotNetNuke while gaining an insight on where DNN is heading into the future.
Joe Brinkman, co-founder DotNetNuke Corp
Joe Brinkman started his programming career over 25 years ago while still in high-school and has never looked back. Prior to co-founding DotNetNuke Corp, he served as CTO for DataSource Inc. where he led the effort for building an automation framework for working with Java J2EE. As one of the original DotNetNuke core team members, Joe has spent the last 10 years helping to build and promote the #1 CMS for the Windows platform. Joe has co-authored multiple best-selling books for DotNetNuke and jQuery and is a frequent speaker at conferences and user groups. When not working at the computer you can often find Joe in his woodshop working on his latest woodturning project.
by Steve Earle | Sep 9, 2013 | Marketing, Newsletters
Keynote Presentation by Malcolm Fry.
Join HDI and Malcolm Fry for our second Power Tour. If you had the opportunity to attend The Power of Metrics for Optimal ITSM Performance workshop in 2012, you already know that this is a can’t miss event.
Quality is a word that you hear so often but it frequently lacks real substance because of the varying definitions that most people seem to have. Quality is subjective, relying upon many factors from one’s life experiences to their very interpretation of the word. Quality has many definitions and degrees of excellence, spanning a wide range of examples. What does it mean then to drive and deliver quality in Service Management?
To truly deliver quality service, organizations need quality people with the right skills; quality processes based on best practices that align with business needs; quality technology to enable those processes; quality assurance program to inspect the processes and results; and quality metrics to measure success.
This one-day workshop, presented by the renowned Malcolm Fry, is a fun, informative, and productive learning experience about the Power of Quality. The workshop contains a series of breakout opportunities that allow for networking and collaborative learning. Course participants will receive a questionnaire used to track required items for a new service that is to be implemented and supported by the Service Desk.
Malcolm Fry, Owner and Information Technology Services Consultant – Fry Consultant Ltd
As a recognized IT industry luminary with over 40 years experience in Information Technology, Malcolm Fry serves as an Independent Executive Advisor, and brings an unparalleled breadth of knowledge and experience in IT business and technical issues. Malcolm is the author of many publications on IT service and support, has had numerous articles and papers published, and is regularly contacted as a source of information by technology journalists.
Among his latest publications are ‘A Step-by-Step Guide to Building a CMDB’ and the ITIL complementary book ‘How to Build a Service Management Department’ Malcolm’s newest publication is ‘ITIL Lite a Road Map to Partial or Full ITIL Implementation’.. Malcolm was also a member of the v3 Advisory Group and a mentor for the ‘Service Operations’ book. In April 2009 he was awarded the prestigious ‘Ron Muns Lifetime Achievement Award for IT Service and Support.
