What goes around comes around (NSA helps Iranian govt edition)

bdsesq sent in a story on Ars Technica highlighting how the US government’s drive for security back doors has enabled the Iranian government to spy on its citizens.

“For instance, TKTK was lambasted last year for selling telecom equipment to Iran that included the ability to wiretap mobile phones at will. Lost in that uproar was the fact that sophisticated wiretapping capabilities became standard issue for technology thanks to the US government’s CALEA rules that require all phone systems, and now broadband systems, to include these capabilities.”

Advertisements
What goes around comes around (NSA helps Iranian govt edition)

Ministry of Privacy

EFF deep links has a story about ways governments could forge SSL certificates to defeat SSL session privacy. Certainly this is now being done by NSA:

*
“Cryptography is typically bypassed, not
penetrated.”
| Adi Shamir

GOVERNMENT EXPLOITS SSL CERTIFICATES SECURITY
FLAW? Researchers released a draft paper about an inherent
browser security flaw with evidence that governments
may be able to surreptitiously spy on users’ “secure”
communications. Most modern browsers rely on certificate
authorities (CAs) to vouch for whether a secure site
is what it claims to be. But there’s evidence that
governments are being sold tools that they can use as
part of a scheme to have CAs issue certificates for
surveillance operations, enabling the undetectable
spoofing of ceratin websites or services.

For details about the security research:
http://www.eff.org/deeplinks/2010/03/researchers-reveal-likelihood-governments-fake-ssl

The paper itself:
http://files.cloudprivacy.net/ssl-mitm.pdf

Ministry of Privacy