Laura Arjona Reina

Laura Arjona Reina at

via Stefano Zacchiroli : "The NSA is Breaking Most Encryption on the Internet "

I don't doubt of the importance of this revelations, but... "most encryption"?

Should we suppose that open source encryption is not used too much, in favor of closed source encryption systems?

Or should we suppose that open source encryption systems have backdoors too? See references below.

via Linux Magazine - Edición en Castellano

via Christopher M. Hobbs ( )

"I think today's revelations make it unavoidable: #SELinux and #OpenBSD ( and possibly #OpenSSL ) need full audits. At least the first two had some #NSA assistance in the past, so very likely to have backdoors."

I have no idea of the spread (or not) usage or open source encryption, but it makes common sense for me to use precisely open source software (or home made software) for that kind of tasks (encryption). If I am a government, public administration, company or individual that needs to share secrets, how can I trust a program that I cannot audit? Even more if the program comes from a different country/group of interest than yours).

Other thing that came to my mind reading the article is that it mentions "Google + Facebook + Hotmail + Yahoo". I don't discuss that the importance of all that services and the importance of this issue, but frankly, I doubt that the messages that they (NSA, GCHQ) say that they try to intercept are transmitted by those channels. Even me (a poorwoman IT assistant in a public University in Spain) advice teachers and researchers to not share confidential data or sensible research data by Dropbox, Gmail or Google sites, and better use our inhouse facilities or other (safer) means...

Linux Spain, Christopher Allan Webber, Evan Prodromou likes this.

n2t, n2t shared this.

No, everyone is supposed to be running around in a panic. That's the only way to win a prize for "journalism" these days. at 2013-09-06T15:07:20Z

Christopher M. Hobbs (inactive) likes this.

Security and privacy rely on a long chain with many weak points. This article (also from The Guardian) discusses this, see link below. It worths reading.

"...if the NSA wants in to your computer, it's in. Period."
"Closed-source software is easier for the NSA to backdoor than open-source software"
"Trust the math. Encryption is your friend."

NSA surveillance: A guide to staying secure

Free software alone is not enough, unfortunately. For example, remember that a buggy implementation for SSH key generation has been in use for some time until someone noticed it. The good thing is: someone noticed it precisely because source was open, to begin with.

But most people use windows, that's a fact. Everyone knows it is inherently insecure, everybody knows microsoft tells exploits to the NSA months in advance before publishing a patch, and people still close their eyes and keep on using it. However, I don't blame the common windows user: it came with their laptop, after all. It is a de facto monopoly. To use free software only, of course you have to work it hard, but then it gives a heaven of advantages in return.

Paco Vila at 2013-09-07T01:13:10Z

Christopher M. Hobbs (inactive) likes this.

Well, if they had backdoors in those they wouldn't need to ask the companies for the keys to decrypt all the encrypted communications they archived (they can get the session key used for a SSL-connection with the server's SSL-key and the archived traffic of key negotiation phase).
If everyone would implement ephemeral session keys / perfect forward secrecy they would try to a) get a way to get the cleartext from the company (or push for means to collect it inside the company) and b) probably also try harder to get backdoors in the software on both ends.

etalas at 2013-09-07T09:25:47Z

Speaking of, "packet processing in the Linux kernel could have been obstructed by one kernel developer", says J. Gilmore via slashdot

Paco Vila at 2013-09-07T22:25:05Z