In the latest fallout from Edward Snowden’s intelligence disclosures, a major US computer security company warned thousands of customers on Thursday to stop using software that relies on a weak mathematical formula developed by the US National Security Agency (NSA).
RSA, the security arm of storage company EMC Corp, told current customers in an e-mail that a toolkit for developers had a default random-number generator using the weak formula, and that customers should switch to one of several other formulas in the product.
Last week, the New York Times reported that Snowden’s cache of documents from his time working for an NSA contractor showed that the agency used its public participation in the process for setting voluntary cryptography standards, run by the government’s National Institute of Standards and Technology (NIST), to push for a formula that it knew it could break.
NIST, which accepted the NSA proposal in 2006 as one of four systems acceptable for government use, this week said it would reconsider that inclusion in the wake of questions about its security.
However, RSA’s warning underscores how the slow-moving standards process and industry practices could leave many users exposed to hacking by the NSA or others who could exploit the same flaw for years to come.
RSA had no immediate comment. It was unclear how the company could reach all the former customers of its development tools, let alone how those programmers could in turn reach all of their customers.
Developers who used RSA’s “BSAFE” kit wrote code for Web browsers, other software and hardware components to increase their security. Random numbers are a core part of much modern cryptography, and the ability to guess what they are renders those formulas vulnerable.
The NSA-promoted formula was odd enough that some experts speculated for years that it was flawed by design. A person familiar with the process said that NIST accepted it in part because many government agencies were already using it.
After the Times report, NIST said it was inviting public comments as it re-evaluated the formula.
“If vulnerabilities are found in these or any other NIST standards, we will work with the cryptographic community to address them as quickly as possible,” NIST said on Sept. 10.
Snowden, who is wanted on US espionage charges and is living in temporary asylum in Russia, disclosed secret NSA programs involving the collection of telephone and e-mail data.
Nauru has started selling passports to fund climate action, but is so far struggling to attract new citizens to the low-lying, largely barren island in the Pacific Ocean. Nauru, one of the world’s smallest nations, has a novel plan to fund its fight against climate change by selling so-called “Golden Passports.” Selling for US$105,000 each, Nauru plans to drum up more than US$5 million in the first year of the “climate resilience citizenship” program. Almost six months after the scheme opened in February, Nauru has so far approved just six applications — covering two families and four individuals. Despite the slow start —
YELLOW SHIRTS: Many protesters were associated with pro-royalist groups that had previously supported the ouster of Paetongtarn’s father, Thaksin, in 2006 Protesters rallied on Saturday in the Thai capital to demand the resignation of court-suspended Thai Prime Minister Paetongtarn Shinawatra and in support of the armed forces following a violent border dispute with Cambodia that killed more than three dozen people and displaced more than 260,000. Gathered at Bangkok’s Victory Monument despite soaring temperatures, many sang patriotic songs and listened to speeches denouncing Paetongtarn and her father, former Thai prime minister Thaksin Shinawatra, and voiced their backing of the country’s army, which has always retained substantial power in the Southeast Asian country. Police said there were about 2,000 protesters by mid-afternoon, although
MOGAMI-CLASS FRIGATES: The deal is a ‘big step toward elevating national security cooperation with Australia, which is our special strategic partner,’ a Japanese official said Australia is to upgrade its navy with 11 Mogami-class frigates built by Japan’s Mitsubishi Heavy Industries, Australian Minister for Defence Richard Marles said yesterday. Billed as Japan’s biggest defense export deal since World War II, Australia is to pay US$6 billion over the next 10 years to acquire the fleet of stealth frigates. Australia is in the midst of a major military restructure, bolstering its navy with long-range firepower in an effort to deter China. It is striving to expand its fleet of major warships from 11 to 26 over the next decade. “This is clearly the biggest defense-industry agreement that has ever
DEADLY TASTE TEST: Erin Patterson tried to kill her estranged husband three times, police said in one of the major claims not heard during her initial trial Australia’s recently convicted mushroom murderer also tried to poison her husband with bolognese pasta and chicken korma curry, according to testimony aired yesterday after a suppression order lapsed. Home cook Erin Patterson was found guilty last month of murdering her husband’s parents and elderly aunt in 2023, lacing their beef Wellington lunch with lethal death cap mushrooms. A series of potentially damning allegations about Patterson’s behavior in the lead-up to the meal were withheld from the jury to give the mother-of-two a fair trial. Supreme Court Justice Christopher Beale yesterday rejected an application to keep these allegations secret. Patterson tried to kill her
RSS