NSA's Guide For Choosing a Safe Text Chat and Video Conferencing Service (zdnet.com) 73
The US National Security Agency (NSA) published last week a security assessment of today's most popular video conferencing, text chatting, and collaboration tools. From a report: The guidance contains a list of security criteria that the NSA hopes companies take into consideration when selecting which telework tool/service they want to deploy in their environments. The NSA document is not only meant for US government and military entities but the private sector as well. The idea behind the NSA's initiative is to give military, public, and private organizations an overview of all of a tools' features, so IT staff don't make wrong decisions, expecting that a tool provides certain features that are not actually living up to the reality. Per the NSA's document, the assessed criteria answers to basic questions like:
Does the service implement end-to-end (E2E) encryption?
Does the E2E encryption use strong, well-known, testable encryption standards?
Is multi-factor authentication (MFA) available?
Can users see and control who connects to collaboration sessions?
Does the tool's vendor share data with third parties or affiliates?
Do users have the ability to securely delete data from the service and its repositories as needed (both on client and server-side)?
Is the tool's source code public (e.g. open source)?
Is the service FedRAMP approved for official US government use?
Does the service implement end-to-end (E2E) encryption?
Does the E2E encryption use strong, well-known, testable encryption standards?
Is multi-factor authentication (MFA) available?
Can users see and control who connects to collaboration sessions?
Does the tool's vendor share data with third parties or affiliates?
Do users have the ability to securely delete data from the service and its repositories as needed (both on client and server-side)?
Is the tool's source code public (e.g. open source)?
Is the service FedRAMP approved for official US government use?
This is a guide (Score:1)
Re:This is a guide (Score:5, Insightful)
Why? Just 'cause the NSA says something doesn't make it "evil" by definition. The recommendations looks sensible so far.
Re:This is a guide (Score:4, Interesting)
Why? Just 'cause the NSA says something doesn't make it "evil" by definition. The recommendations looks sensible so far.
Have you considered the possibility that the NSA's recommendations are based on what it is that they can easily crack? Maybe the recommend applications ABC and XYZ because they are aware of vulnerabilities in those applications that they can exploit.
Re:This is a guide (Score:5, Insightful)
The NSA has kind of a Jeckyl-and-Hyde personality thing going on because they're tasked with two completely incompatible roles - protecting the communications of the American public while at the same time being tasked with the interception and decryption of secure traffic for defense purposes.
Honestly, they should probably be split up into two separate agencies.
Re: This is a guide (Score:2)
Re: (Score:2)
Or just shut down the domestic spying bit because secure communication that the government can't access is fundamental to democracy.
Re: (Score:2)
Re: (Score:2)
Hey - you ever wonder why we're here?
Re: (Score:2)
The fact that there is SUITE-A (FIREFLY, JOSEKI) Encryption algorithms for Military use and SUITE-B (AES, SHA,ECDSA) for Commercial use speaks volumes about how secure the NSA sees SUITE-B
Re: (Score:2)
And you think that would sit well with US corporations if their trade secrets can easily be cracked by foreign secret services?
Remember, there is no such thing as a government-only backdoor. If you can crack it, so can the others.
Re: (Score:2)
Remember, there is no such thing as a government-only backdoor. If you can crack it, so can the others.
Actually you can construct algorithms that have a backdoor key if you know some secret about its construction. They think NSA put a backdoor in Dual_EC_DRBG, but nobody else knows the key to it. But of course, should anyone get hold of that key then the cat is out of the bag.
Re: (Score:2)
Tell you what, violate all those recommendations in your decisions on what to use. Get back to us real soon on how that works out for you. We cannot wait.
Compare multiple lists. (Score:2)
Assuming:
* The NSA's list is primarily based on what they believe China, the EU, and Russia can't crack (with a tie-breaker of things the NSA can), and
* China's list is primarily based on what they believe the US, the EU and Russia can't crack (with a tie-breaker of things China can), and
* Russia's list is primarily based on what they believe China, the EU, and the US can't crack (with a tie-breaker of things Russia can), and
* The EU's list is primarily based on what they believe the US, China and Russia ca
Re: (Score:2)
Re: (Score:1)
Re: This is a guide (Score:2)
Well, ok then, almost, but not quite, entirely unlike not by definition.
Seriously, if you trust anything by the NSA, you're as nuts as a North Korean or Chinese state lover.
Re: (Score:2)
"Local burglar reviews security systems"
Re: (Score:2)
Well, yeah. It's actually amazing how many people I get to meet again at security conferences that I know from a former life when games were expensive, I was poor and being able to make games playable by a wider range of audience was a skill that could get some free games to you...
Missing criteria... (Score:5, Insightful)
Is it backdoored so we here at the NSA can read everything?
Re: (Score:1)
Re: Missing criteria... (Score:2)
Well, there you go! :)
You already drew the right conclusion. You just did not accept it yet.
Missing? (Score:1)
Is it backdoored so we here at the NSA can read everything?
Dear sir,
What other order did you think the list was presented in?
Re: (Score:2)
From TFA: The primary audience for this guidance are U.S. Government employees and military service members engaging in telework, especially telework employing personally owned devices such as smartphones and home computers.
Most of the comments here don't make sense in this context. Also, as someone stated, it doesn't recommend *any*. It recommends what to look for in such services, and shows parameters for certain ones.
It's worth noting that being open source software is a criterion that it lists as a po
Re: Missing criteria... (Score:2)
Your hardware is factory p0wned.
criteria are ok, but ... (Score:2)
Re: (Score:2)
As much as I dislike facebook, what's app wasn't developed by them, and by all accounts quite securely built. I believe the NSA assessment of it here and now.
I still won't use it because its facebook. And I don't trust facebook to keep it secure, and they're actively looking to turn it into adware...
https://www.gizmochina.com/202... [gizmochina.com]
It was nice to see signal on the list. I'd have liked to see the NSA's report on discord & telegram too.
Re: criteria are ok, but ... (Score:3)
AFAIK WhatsApp's develeopment is only secret because it started out as a superficially modified rip-off of an existing open source XMPP client, and the EFF would have sued their asses off if they had found out.
Analogous to how their encryption at first was trivially decryptable and only served to make what was otherwise bog-standard XMPP incompatible to other clients, to force lock-in and prevent federation with other XMPP networks (similar to how e-mail works).
Re: (Score:2)
I wish WhatsApp supported secure backups. It has a backup feature but the stored data is not encrypted. It's mainly there so you can transfer your conversations to a new phone I think, but with a backup you really need it to run periodically in case something catastrophic happens.
Who's job is it? (Score:2)
The list shows why the NSA doesn't ... (Score:2)
... use Apple, Microsoft, certainly not anything Google, nothing Facebook, ...
Re: (Score:2)
No it doesn't. It doesn't give an opinion on which to use, only an assessment of each tool based on a set of criteria they describe. Microsoft, Google and WhatsApp all satisfy most of their criteria. Apple isn't even listed.
Re: I hate asynchronous programming (Score:2)
Most popular laguages grew out of paradigms that are really badly suited for anything involving threading and asynchronicity.
E.g. C-likes.
In languages like Erlang, Haskell, OCAML, etc, asyncronous distributed processes and threads are much more sensible and straightforward in their implementation.
I'm using Haskell, but AFAIK, Erlang seems to be designed for this and extremely high reliability. As in: Large telephone networks.
I'd just try such languages out. If it does nothing else, you'll come out a much be
Re: (Score:2)
The problem is that most of those want to freeze everything as soon as you create it. If Erlang allowed mutation of variables that were local to a function it would be far superior. (Well, actually it does, but you've got to put the variable in a hash table or data base in order for mutation to be allowed. Not ideal.)
Re: (Score:2)
In Erlang's case, it was because it was specifically built as a tool for reliable, fault-tolerant and resilient distributed systems, such as telecom networks. And it works exceptionally well for that, when programmers actually keep that in mind, instead of trying to get cute.
Re: (Score:2)
Yes. But that means that there are a lot of concurrent applications that it's not really suited for.
If you like this you also may enjoy... (Score:5, Funny)
Mr. Foxes "Excellent Guide to Securing your Chicken Coop".
Re: (Score:2)
You know what they say about crooks, takes one to catch one.
Re: If you like this you also may enjoy... (Score:2)
Yeah, that's called casing. Then he'll rob you blind afterwards. ;)
Re: (Score:3)
Mr. Foxes "Excellent Guide to Securing your Chicken Coop".
Already been made into a movie: Fantastic Mr. Fox [wikipedia.org]
Wickr (Score:3)
Re: (Score:2)
I really want to like Signal but the mobile app is total crap. It needs a huge number of permissions and wants to handle my SMS messages too. I just want a basic, simple and secure messaging app.
Re: (Score:3)
Signal doesn't require any special permissions.
If you don't give it permission, it simply doesn't give you that capability. So, microphone, no voice. No camera, no video. No contacts, use numbers only. No storage, no file transfers.
It works fine with not having access to SMS, you just can't auto-invite someone to start using Signal, or use Signal as default SMS app (which lets you consolidate all your messaging in one place, including secure backup of messages). Same with "Phone" access, you can use Si
Here's how it works (Score:5, Interesting)
A: Yes.
Q: Did you modify the OS or run any software to modify the OS?
A: No.
Q: Did you load any software that wasn't from the OS provider's app store?
A: No.
Q: Ok, go to that app store, download Signal and use it for all confidential communications. Keep it and your OS up to date.
Done.
Re: (Score:3)
For one-on-one calls, sure, but Signal doesn't currently do multi-way group calls, which is a significant limitation. It's interesting that Jitsi wasn't one of the options they considered, since it's the "serious" suggestion for group chats among most of the geek crowd I know.
Re: (Score:2)
I was also surprised to not see Jitsi in there... They certainly know about JItsi as it's been out for years, it's a solid alternative, why not include it ?
I looked at their on their FAQ (Jisti) about security and I was a bit shocked to learn that conferences of more than 2 people are decrypted while they pass through the videobridge (which acts as proxy for all attendants) ! I always assumed it was full end-to-end encryption all the time.
However as of late april, they've experimenting with a new feature in
Re: (Score:2)
Re: (Score:2)
I looked at their on their FAQ (Jisti) about security and I was a bit shocked to learn that conferences of more than 2 people are decrypted while they pass through the videobridge (which acts as proxy for all attendants) ! I always assumed it was full end-to-end encryption all the time.
They're actively working on that too, and it is explicitly the end goal they are trying to achieve. But one difference between Jitsi and a lot of the other videoconferencing services is that Jitsi are transparent about what they have so far and how it works. And of course if that level of security is important for your application, you don't have to use their public server and can run your own bridge.
Re: (Score:2)
Sorry, something funny happening with /. for me tonight. I meant to cancel that when I saw your post made them same points but posted instead. Then I meant to comment saying so like this, and that hasn't appeared. Must be past my bedtime to have this much finger trouble. :o)
Re: Here's how it works (Score:2)
Blindly trusting the chip/hardware/OS manufacturers/assemblers might not do it, if your job is to keep the secrets that are used to literally harm the entire world and all life in the known universe...
I'm certain that for any big spying organization, at least half a dozen states, enemies as well as allies, are tying to sneak in dopant-level hardware trojans at any given time. And half a dozen *times* that, actors are trying to put backdoors in their OSes and software.
Re: (Score:2)
Re: (Score:2)
I'm certain that for any big spying organization, at least half a dozen states, enemies as well as allies, are tying to sneak in dopant-level hardware trojans at any given time. And half a dozen *times* that, actors are trying to put backdoors in their OSes and software.
The problem is how to store and exfiltrate data without it being noticed. This is much, much harder than it appears, at least for attacks at scale. If a national intelligence agency is actively targeting you in particular, and they care enough to put some effort into it, you're just screwed, there's nothing you can do other than go live in a cave without electronics.
Re: (Score:2)
Q: Ok, go to that app store, download Signal and use it for all confidential communications. Keep it and your OS up to date
I got to this step but can't find any of my contacts on Signal. Is this a bug?
Re: (Score:2)
https://support.signal.org/hc/... [signal.org]
Re: (Score:2)
Signal needs your phone number. You can't use it without a valid phone number.
Also the permissions are ridiculous. This app has access to:
- Photos / Media / Files
modify or delete the contents of your USB storage
read the contents of your USB storage
-Device ID & call information
read phone status and identity
- Microphone
record audio
- Calendar
read calendar events p
Re: (Score:2)
Explain why Signal needs to use the GPS or change my wallpaper or access Bluetooth or control my WiFi or create new accounts or access all my files.
RTFM...it's all explained here:
Signal Permissions
https://support.signal.org/hc/... [signal.org]
Re: (Score:2)
I have and it's all bullshit. "Allows you toÂshare your current location in messages with your friends." Why does a secure messaging app even need to do that? Even crap like WhatsApp doesn't have that feature.
They don't explain things at all. For example "create accounts and set passwordsÂ-ÂAllows SignalÂto create an account on your device, viewable at System Settings > Accounts" Okay but why do you need to create an account at all?
Or how about "pair with Bluetooth devicesÂ- Allo
Re: Here's how it works (Score:3)
Re: (Score:2)
Re: (Score:2)
A lot of those are overlaps between different Android versions (so Contacts includes a bunch of capabilities grouped and named differently in other versions).
If you don't want to share your location, then don't enable it. If you don't want it to handle SMS messages, don't enable it. If you don't want to send files, do voice or video calls, use your contacts list, don't enable those permissions. It works fine with all of that turned off.
If you're paranoid, check out the source and compile it yourself. If
Re: (Score:2)
I'm wondering how hard it would be to compile a version with most of the crap stripped out, and maybe the option to use a random number as your phone number.
I've never done any Android development and I don't see any forks, so I'm guessing it's not trivial.
Re: (Score:2)
https://github.com/signalapp/S... [github.com]
Do with it what you will.
Here is some info from Wikipedia on the guy responsible for Signal:
Matthew Rosenfeld, known as Moxie Marlinspike, is an American entrepreneur, cryptographer, and computer security researcher. Marlinspike is the creator of Signal, co-founder of the Signal Foundation, and currently serves as the CEO of Signal Messenger. He is also a co-author of the Signal Protocol encryption used by Signal, WhatsApp, Facebook M
Re: (Score:2)
You would think someone who has worked in security would know the basics, e.g. reducing the attack surface by not including pointless features like the ability to change wallpaper.
Backdoors coming to bite ya? (Score:2)
Question: Don't you have the most secure VPN in the known universe? I mean with a hacking and cryptanalysis and information security department bigger than the entire government of some smaller states... ... are you hiring? You can find me on Xing, my name is ... ehrm ... Ed...Eduardo ... Snowdeno.
And if no
no record function? (Score:2)
NSA contradicts FBI? (Score:3)
FBI: Citizens should only choose communications subject to man-in-the-middle attacks or backdoor'd standards.
If you've ever wondered which three-letter-agency wins in a fight, I guess this is time to grab the metaphorical popcorn.
Re: (Score:2)
Translation...
We at the NSA can break end to end encryption.
The Fox's Guide to Henhouse Security (Score:1)
Keep your birds safe with the information contained in this free document. Download now.