NSA has direct access to tech giants' systems for user data, secret files reveal

Your link is pasted two times so it gives an error.

 

NSA Documents: Attacks on VPN, SSL, TLS, SSH, Tor

http://www.spiegel.de/international...attacks-on-vpn-ssl-tls-ssh-tor-a-1010525.html

 

New Documents on NSA's Cryptanalysis Capabilities

Lots of info!

 

http://cryptome.org/2014/12/nsa-spiegel-14-1228.rar

 

Thanks . I assume that this contains all of today's documents from Spiegel?

 

Yes, John Young posted the link on the cypherpunks and other lists.

 

The right link is http://thehill.com/policy/technology/228107-nsa-reports-detail-privacy-violations.

 

New documents reveal which encryption tools the NSA couldn't crack

 

Someone who actually understands this stuff ought to be writing these articles

 

media-35515.pdf If you guys don't develop an eye twitch when you get to the dancing stick figure...

Snowden mentioned having to put up with these gross violations daily, these guys with complete lack of any humility. I can't even imagine.

 

The NSA traditionally got most of its low-level staff from the military. Now they also recruit kids with hacker potential. That's a dangerous combination

 

From https://twitter.com/jonathanmayer/status/549333357033967616:

 

http://www.spiegel.de/international/germany/inside-the-nsa-s-war-on-internet-security-a-1010361.html

 

Security Kiss VPN reportedly broken by NSA.

The NSA also targeted SecurityKiss, a VPN service in Ireland. The following fingerprint for Xkeyscore, the agency's powerful spying tool, was reported to be tested and working against the service:

fingerprint('encryption/securitykiss/x509') = $pkcs and ( ($tcp and from_port(443)) or ($udp and (from_port(123) or from_por (5000) or from_port(5353)) ) ) and (not (ip_subnet('10.0.0.0/8' or '172.16.0.0/12' or '192.168.0.0/16' )) ) and 'RSA Generated Server Certificate'c and 'Dublin1'c and 'GL CA'c;

Source: http://www.spiegel.de/international/germany/inside-the-nsa-s-war-on-internet-security-a-1010361.html

 

http://www.securitykiss.com/resources/articles/pptp_discontinued/

"We knew for a long time that the PPTP connection method was very broken and since Snowden it was known that PPTP had been compromised by the NSA."

 

Right. The slides about VPNs are all old. So far, I haven't seen anything about OpenVPN. And although I don't know much about IPSec, I suspect that it's been patched since, and is no longer quite so vulnerable.

 

On the new Snowden documents
http://blog.cryptographyengineering.com/2014/12/on-new-snowden-documents.html

 

The NSA's Ongoing Efforts to Hide Its Lawbreaking.

-- Tom

 

Some precisions concerning IPSEC:

https://nohats.ca/wordpress/blog/2014/12/29/dont-stop-using-ipsec-just-yet/

 

Interesting.

It seems that up-to-date IPSec, with adequately secured servers, isn't vulnerable. PFS is another key feature.

Given what I recall re security comparisons of IPSec and OpenVPN, this reassures me that OpenVPN should also be "doing quite well if you configure it properly and run it on a secure host". Even better, maybe they're really not focusing on it

 

NSA has VPNs in Vulcan death grip—no, really, that’s what they call it

-- Tom

 

This slide deck is from 2010. IPSec was seriously messed up in those days. OpenVPN, which is most relevant to most of us, is hardly even mentioned. And it has also gotten much stronger since then. Articles that discuss "VPNs" in the abstract are less than useless

 

NSA Attacks on VPN, SSL, TLS, SSH, Tor (666pp) (187.9 MB)

The above link is a download for a RAR file from Cryptome.org.

-- Tom

 

Hi

Here, you can read our answer:
http://www.securitykiss.com/resources/articles/nsa_target/

A newspaper picked this also up:
http://businessetc.thejournal.ie/nsa-target-irish-vpn-1858702-Dec2014/

 

Excellent. Thanks for sharing your points.