Flutterby™! : Layered Security

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

Layered Security

2015-12-22 18:40:49.404673+01 by Dan Lyke 2 comments

RT André Koot RCX ‏@meneer:

Why we need layered security

And, seriously, if you haven't been keeping up with the revelations from the Juniper backdoors story, in this entry, and you're technically minded, take a look at A Few Thoughts on Cryptographic Engineering: On the Juniper backdoor.

To sum up, some hacker or group of hackers attacker noticed an existing backdoor in the Juniper software, which may have been intentional or unintentional -- you be the judge! They then piggybacked on top of it to build a backdoor of their own, something they were able to do because all of the hard work had already been done for them. The end result was a period in which someone -- maybe a foreign government -- was able to decrypt Juniper traffic in the U.S. and around the world.

Note that side-effect from prng_reseed().

[ related topics: Interactive Drama Photography Weblogs Software Engineering moron Law Work, productivity and environment Archival ]

comments in ascending chronological order (reverse):

#Comment Re: Layered Security made: 2015-12-25 11:50:26.032798+01 by: meuon

Dear CEO, CTO, CIO. If you don't implement our requested secret backdoor, we will confiscate everything here for long term deep forensic analysis to determine what un- (insert country name here)-an activities you are hiding. Sincerely, your government of the people.

#Comment Re: Layered Security made: 2015-12-29 18:16:10.432305+01 by: Dan Lyke

In the end, it comes down to needing to build encryption into the applications themselves. And being damned careful about how much those applications trust the next layer up.