Customer Relationship Management News NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
Home CRM Systems Customer Service Contact Centers Business Intelligence More Topics...
Build Apps 5x Faster
For Half the Cost Enterprise Cloud Computing
On Force.com
You are here: Home / Digital Life / 2nd NSA Spy Tool in RSA BSafe
DDoS Protection Powered By Verisign
Researchers Find NSA Planted Two Spy Tools through RSA
Researchers Find NSA Planted Two Spy Tools through RSA
By Barry Levine / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
MARCH
31
2014



Last fall, an encryption tool widely distributed through leading security firm RSA was withdrawn because of concerns it was vulnerable to decoding by the U.S. National Security Agency (NSA), which created it. Now, a team of researchers has reported that the super-secret agency also created at least one other tool that allowed it to more easily decode transmissions.

Both tools were part of RSA's BSafe software security package, and both are assumed to have provided back-door access to communications and software encrypted with BSafe tools.

The Reuters news agency reported Monday that a team of academic researchers from several universities, including Johns Hopkins, the University of Wisconsin and the University of Illinois, has discovered the NSA was involved with the second tool. It's called an "Extended Random" extension, and it can be used to crack the RSA's Dual Elliptic Curve random number generator software -- the other NSA developed tool that had been withdrawn -- tens of thousands of times faster than other methods.

NIST and NSA

The Extended Random software is supposed to increase the randomness of Dual Elliptic Curve-generated numbers, thus making its encoding more secure. However, the researchers discovered that the extra data transmitted by Extended Random before a secure connection begins made decoding the the following transmission much easier.

The Extended Random software was removed from RSA's BSafe security kit within the last six months. Reportedly, Extended Random had not been widely adopted.

"We trusted [the NSA] because they are charged with security" for the U.S., a RSA executive told Reuters.

The National Institute of Standards and Technology (NIST) had accepted an NSA proposal in 2006 to create the Dual Elliptic Curve random number generator. There had subsequently been suspicions and reports -- including from Microsoft researchers -- that the resulting code from the NSA contained a back door.

Snowden Documents

But NIST reportedly accepted it because other governmental agencies were using it. In December, Reuters reported that the NSA had paid RSA $10 million to make the Dual Elliptic Curve the default for its BSafe security kit. RSA has declined to comment on the possibility that the NSA also paid the company a fee for including Extended Random in the kit.

After documents revealed by ex-NSA contractor Edward Snowden indicated the NSA was involved in community cryptography standards in order to create vulnerabilities it could exploit, NIST issued a warning in September than the Dual Elliptic Curve code "no longer be used."

After the NIST warning, RSA warned its customers, since the code was being widely used for security. A random number generator is common in cryptography, but a generator that is not random is more easily hacked. Some experts have contended, however, that only the NSA had the capability of breaking this particular generator.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY BE OF INTEREST
Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.
MORE IN DIGITAL LIFE
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Dairy Queen Latest Retailer To Report Hack
Known for its hot fries and soft-serve ice cream, Dairy Queen just made cyber history as the latest victim of a hack attack. The fast food chain said that customer data at some stores may be at risk.
 
Lessons from the JPMorgan Chase Cyberattack
JPMorgan Chase is investigating a likely cyberattack. The banking giant is cooperating with law enforcement, including the FBI, to understand what data hackers may have obtained.
 
Who Is the Hacker Group Lizard Squad?
Are they dangerous or just obnoxious? That’s what many are wondering about the hacker group Lizard Squad, which tweeted out a bomb threat that grounded a flight with a Sony exec aboard.
 

Enterprise Hardware Spotlight
Intel Intros Lightning-Fast PC Processors
Call it extreme. Intel just took the covers off its first-ever eight-core desktop processor, which is aimed at hardcore power users who expect more than the status quo from their computers.
 
HP Previews ProLiant Gen9 Data Center Servers
Because traditional data center and server architectures are “constraints” on businesses, HP is releasing new servers aimed at faster, simpler and more cost-effective delivery of computing services.
 
Apple Set To Release Largest iPad Ever
Tech giant Apple seems to have adopted the mantra “go big or go home.” The company is planning to introduce its largest iPad ever: a 12.9-inch behemoth that will dwarf its largest existing models.
 

Mobile Technology Spotlight
iWatch Watch: What Will Apple Ask Us To Wear?
There are still more questions than answers when it comes to details about the smart watch Apple seems poised to debut on Sept. 9. In fact, nobody seems completely sure that it will be a smart watch at all.
 
Samsung Maps Its Way with Nokia's 'Here' App for Galaxy Phones
Korean electronics giant Samsung has opted to license Here, Nokia’s mapping app -- formerly known as Nokia Maps -- for its Tizen-powered smart devices and Samsung Gear S wearable.
 
Google Successfully Tests Its Own Delivery Drone
While top technology companies are engaged in an "arms race" to develop drones that can quickly deliver goods to anyone anywhere, Google has revealed it successfully tested its own version.
 

Navigation
CRM Daily
Home/Top News | CRM Systems | Customer Service | Contact Centers | Business Intelligence | Sales & Marketing | Customer Data | CRM Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.