How the NSA snooped on encrypted Internet traffic for a decade

[Chiefcrowe]

http://arstechnica.com/security/2016/08/cisco-firewall-exploit-shows-how-nsa-decrypted-vpn-traffic

 

[John Connor]

So I'm wondering if VPN providers are at risk because of this revelation? Or even your own host for that matter.

I've heard a lot come out now that those NSA tools came into the public domain.

Personally, if I were POTUS, I would not allow the NSA to spy on the citizens in this the U.S. but instead change their mission to spy on foreign entities. That is how the CIA is supposed to operate.

 

[JoanWilliams]

NSA has ruined the concept of individual internet privacy

 

[John Connor]

Look at the source. It's not the NSA, but the idiots that cause problems warranting Intel on these scumbags. But like I said, the NSA should not be a domestic and foreign spying agency but rather just foreign. But who knows, perhaps we don't even need a damn NSA. I mean FFS we have 17 intelligence agencies. LOL

 

[Elixer]

NSA has ruined the concept of individual internet privacy

Why single them out, we got the Russians, the Chinese, the Germans, and the list goes on and on...
There are as many hardware exploits as there are software exploits, it is a huge task not to have bugs in the code.

 

[corkyg]

The notion of privacy applied to anything that is transmitted in the clear is simply fanciful. Even landlines use microwave transmission (which has side lobes) which are easily read. Remember the Soviet "trawlers" that would park in ports? They were mobile intercept stations. The least private of all communications are cell phones.

 

[Bardock]

^this. Arguing privacy on a forum that logs ip is like.... I can't even finish. NSA isn't going anywhere, the only question is how much will people take before fighting back. Look what they are doing to the reporter that Snowden talked to. The Bin Laden family got better treatment than her from us government. They can't catch any terrorists, yet they lock up drug dealers left and right. They'll be able to break anything with quantum computing becoming more accessible, only a matter of time. I think we need to only look east to the repressive dictatorships there which are making tor, proxies, etc illegal, while at the same time having thought crimes on the books. The west is next imo unless the people fight back. it's like a Huxley nightmare. But no one cares as long as facebook and twitter still work for them smh.

 

[John Connor]

The least private of all communications are cell phones.

...except if they use Silent Circle or Telegram.

Edit- HAHAHA Just did a serach for One Time Pad. https://play.google.com/store/search?q=one time pad&c=apps&hl=en

The One Time Pad IS uncrackable providing you take appropriate steps.

 

[John Connor]

^this. Arguing privacy on a forum that logs ip is like.... I can't even finish. NSA isn't going anywhere, the only question is how much will people take before fighting back. Look what they are doing to the reporter that Snowden talked to. The Bin Laden family got better treatment than her from us government. They can't catch any terrorists, yet they lock up drug dealers left and right. They'll be able to break anything with quantum computing becoming more accessible, only a matter of time. I think we need to only look east to the repressive dictatorships there which are making tor, proxies, etc illegal, while at the same time having thought crimes on the books. The west is next imo unless the people fight back. it's like a Huxley nightmare. But no one cares as long as facebook and twitter still work for them smh.

Here's my IP. Come find me with the ECC encryption and all the other traffic coming from the server.

I don't like that term, "proxy server." It's a VPN server.

 

[Bardock]

I'm not nsa lol. If you do ipconfig /all, does it show your vpn dns or your isp? Lot's of ways a vpn can make a mistake and nsa are skilled adversaries. I think if they want someone bad enough they got him.

 

[John Connor]

I go here for the DNS leak test. https://www.dnsleaktest.com

198.27.96.168 privatedns-ca.twistednetworks.net OVH Hosting Canada

198.50.160.98 privatedns-ca.twistednetworks.net OVH Hosting Canada

My VPN doesn't use portforwarding and I turn off WebRTC. I have other non-disclosed measures too.

 

[Bardock]

http://www.theregister.co.uk/2016/02/26/ssl_vpns_survey/

 

[John Connor]

Just asked my VPN provider about that. I use ECC, so not sure if that is an issue or not.

 

[John Connor]

My VPN got back to me and just said no. So I guess this article is BS.

 

[Bardock]

Lol wow so independent survey of multiple vpns is wrong because your vpn, who you pay and has a vested interest in you continuing to pay, says otherwise?

 

[John Connor]

Lol wow so independent survey of multiple vpns is wrong because your vpn, who you pay and has a vested interest in you continuing to pay, says otherwise?

Don't take my word for it. Shoot vpn.ac an E-mail and ask.

 

[Bardock]

hahahaha, I don't take their word for it either

 

[John Connor]

hahahaha, I don't take their word for it either

Look at their FAQ at least under the type of encryption that I can use and tell me if it's vulnerable. I use ECC.

They seem like a good company and have taken steps to prevent DNS leaks, etc. They also know full well port forwarding exposes your true IP so they have that off. They even say right out front they log bandwidth for 7 days and delete the log. Although you can't trust anyone, I think they are pretty straight forward with their customers.

 

[Bardock]

If nsa wants in they are coming in period, the idea that any vpn or firewall can make one safe from them is laughable. They have been intertwined in the american telecom industry since alexander graham bell. IMO best security is not to rely on vpn.

 

[John Connor]

I don't use a VPN to prevent the NSA from seeing my traffic. I don't think they can break the ECC encryption or AES 256 encryption, but the exit server is in the clear and yes, if there is just one, just one vulnerability in the server they can pry it open. That's why it's important to patch any and all vulnerabilities no matter how small.

If I do some ultra secret crap I use the VPN and Tor. Even then I might leach from another WIFI connection. Tee Hee.

 

[Red Squirrel]

Idealy try to use open source for everything including routing - of course this is something ISPs would need to be doing as an individual you can try to protect your own network but not much you can do about traffic going out. One gap though is the cpu and potentially other chips like chipset on nics. They are starting to put backdoors directly at the silicon level now. Well, Intel is, probably paid good bucks by the NSA.

 

[SergeyGor]

According to PwC’s Global State of Information Security, 2016, IT security incidents in the telecoms sector increased 45% in 2015 compared to the year before. Telecoms providers need to arm themselves against this growing risk.