IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [nsa]

The National Security Agency (NSA) is a United States intelligence organization

The NSA (National Security Agency) is the United States agency in charge of communications intelligence and counterintelligence.

Use this tag for questions that are specifically about the NSA (its capabilities, its policies, its public actions, etc.). Do not use this tag for high-security requirements or government-level adversaries in general.

73 questions
176
votes
4 answers

Is there anything preventing the NSA from becoming a root CA?

There are now tons of Certification Authorities (CAs) that are trusted by default in major OS's, many of which are unrecognizable without online lookup or reference. While there have been attempts by the NSA and others to "hack" or otherwise…
user2813274
  • 2,051
  • 2
  • 13
  • 18
84
votes
2 answers

Best practices for Tor use, in light of released NSA slides

It has been known in the security community that a tool as versatile as Tor is likely the target of intense interest from intelligence agencies. While the FBI has admitted responsibility for a Tor malware attack, the involvement of SIGINT…
nitrl
  • 3,003
  • 4
  • 20
  • 23
76
votes
3 answers

Did US and UK spy agencies defeat privacy and security on the internet?

This question is meant as a canonical question in regard to the US and UK spy agencies compromising end nodes and encryption between nodes to spy on people they suspect to be terrorists. However, this has the side effect of significantly elevating…
Lucas Kauffman
  • 54,169
  • 17
  • 112
  • 196
64
votes
2 answers

Why has the NSA had a hand in deciding on encryption standards?

The NSA has had a large hand in the design of at least two significant encryption standards: the Digital Encryption Standard, and its successor, the Advanced Encryption Standard. Because of their involvement, there is much speculation of backdoors.…
IQAndreas
  • 6,557
  • 8
  • 32
  • 51
48
votes
5 answers

HTTPS still NSA-safe?

There are exerpts, that say that using https can be broken by the NSA by now. So is https still a solution for secure web-browsing? source: http://www.digitaltrends.com/web/nsa-has-cracked-the-encryption-protecting-your-bank-account-gmail-and-more/…
rubo77
  • 2,350
  • 10
  • 26
  • 48
41
votes
2 answers

Why hasn't anyone taken over Tor yet?

Tor is known to encrypt the transferred content and the meta information by layering the encryption. I know there have been correlation attacks that deanonymized some users by federal agencies. Why do they not take over the system? There are ~7000…
N. Nowak
  • 585
  • 4
  • 13
38
votes
4 answers

How does IP address spoofing on the Internet work? Who can do it?

Someone recently told me that the NSA could impersonate pretty much anyone they want by using IP address spoofing on the Internet. But how would that work and to what extend is it true anyway? Could any ISP in the world just spoof any IP address…
Forivin
  • 979
  • 1
  • 11
  • 17
19
votes
2 answers

RdRand from /dev/random

"Linus Torvalds, in response to a petition on Change.org to remove RdRand from /dev/random, has lambasted the petitioner by called him ignorant for not understanding the code in Linux Kernel. Kyle Condon from UK raised a petition on…
I'll-Be-Back
  • 361
  • 1
  • 3
  • 10
17
votes
2 answers

Snowden: "The NSA can remotely turn on your iPhone."

Watching the Snowden interview last night, Brian Williams asks him what degree of control the NSA has over smartphones -- in particular, whether or not they can remotely turn them on in order to collect data. Snowden replies "Yes" and goes on to say…
Patrick Collins
  • 273
  • 2
  • 5
15
votes
1 answer

What does the NSA's Recently Leaked "The Equation Group" Files do?

First Hand Details: TEG (The Equation Group) is NSA's team of hackers who'd write code to exploit systems worldwide. Some of the private files were recently dropped by a group called Shadow Brokers & they've auctioned it in exchange for BTC bids ..…
Shritam Bhowmick
  • 1,602
  • 14
  • 28
11
votes
7 answers

What's the safest way to transmit a message to another client through a server hidden from high level malicious users?

Suppose you're constantly being menaced by high profile hackers and agencies that try to intercept messages sent between you and a friend. The question is: what's the safest way to send messages to him without any malicious user or agency being able…
Alper Turan
  • 299
  • 2
  • 10
11
votes
4 answers

Does HTTPS encryption on a site prevent the NSA from knowing you visited its domain / the URL?

The reason I ask whether HTTPS protects the metadata of your Internet activity from a wiretapping entity on the backbone like the NSA or not, is the following scenario: Say I am browsing the encrypted https://xsite.com/page.html and it calls to an…
user21377
10
votes
2 answers

How to circumvent compromised CPUs in major FOSS operating systems

As Matthew Green puts it, "the NSA has been ... Working with hardware ... vendors to weaken encryption and random number generators." At this stage, however, there is little public knowledge of which specific hardware products have been compromised…
sampablokuper
  • 1,961
  • 1
  • 19
  • 33
9
votes
2 answers

How the NSA can break trillions of encrypted Web and VPN connections

Based on Diffie-Hellman's negotiation of key exchange, why would it turn out that only a few primes are commonly used? What and who determines the prime? Would it not be safer to use a safe prime? (example: p = 2q + 1) *The question is based on…
rhymsy
  • 1,212
  • 1
  • 10
  • 15
8
votes
3 answers

Does Google's SSL encryption for searches thwart NSA spying?

Given everything that is suspected about NSA (and GCHQ, DGSE, etc.) access to user data: Avoiding speculation, can and do we know whether Google's recent action to make all searches use SSL encryption will actually prevent said spying? If not, what…
Baumr
  • 271
  • 1
  • 8
1
2 3 4 5