The New Yorker, of all ‘specialist’ tech magazines out there, has an article on “How the NSA Cracked the Web”!
What a surprise.
For starters, as the web isn’t encrypted in the first place, it cannot be ‘cracked’. Further down into the article — and after some extensive sorting out all the mis-understandings of its obviously computer-illiterate author — the reader is finally let in on that ‘cracking success’ of the NSA: it turns out to be pretty lame and, in fact, limited mostly to compromising Microsoft’s and some other commercial software vendors’ master keys.
This got nothing to do with real decryption or with ‘cracking’ or any ‘code breaking’ whatsoever.
What’s noteworthy, though, is that it is admitted between the lines that all the “real” encryption technologies are as safe as always assumed (with e g 2048-bit keys still unbreakable). Therefore, applying these coupled with a few simple steps of protecting and securely hosting any content one might have out on the public internet continues to be the way to go.
At the end of the day, the so-called ‘spectacular success’ of the NSA does nothing more than illustrate why:
- Microsoft IIS (Internet Information Server software) is insecure (a fact widely known since 10+ years),
- Windows in particular (and to a lesser extent Apple OS X) contains government backdoors and is less secure than peer-reviewed Open Source operating systems,
- wLAN setups can never be fully secured (a fact known throughout the IT Security industry since wLANs exist and now re-enforced),
- mobile communications as well as wLAN technologies are never secure (nor healthy for the user, both facts are known but usually disputed by the industry in order to sell their stuff)
- common sense is still superior to “intelligence” (as in military etc)
- all industrial-strength and professional encryption and IT security measures are effective
From the last bullet point it is obvious that encryption tachnologies, in fact, are so effective the NSA and U. S. federal government have stupid media outlets publish their rubbish in order to “win back territory” by means of psychological warfare instead of embarking on the — next to impossible — journey of cracking Phil Zimmerman’s PGP encryption or any of the derivative technologies like GPG (GnuPG) or openPGP. (Read our upcoming separate article on how to obtain these open source tools, for FREE, and what basic measures to take in order to make illegal government surveillance as well as data theft as hard as possible.)