Jump to content

Recommended Posts


Its not impossible for them to do this, and the ethics of doing so are another subject altogether, but if this is the case, then its unlikely you'd see this in the wild, because that would give them a serious disadvantage (element of surprise is important) and because it likely would be employed at a specific target only. Unless something would leak out, its unlikely you'll encounter something like this on your own computer. :)

Link to post
Share on other sites

Of course the NSA has technology that is unknown to us. If they are using publicly known exploits and exploit kits, then everyone would be actively working to mitigate those exploits and kits, that includes the targets of NSA spying. Which, for the most part are individuals and governments that are considered to be hostile to the USA. Unfortunately the NSA's dragnet is so huge, that is catches the data of innocent people. The good news is that the vast majority of that non-targeted traffic will never be scrutinized; unless it contains data that the search algorithms use to flag traffic for further evaluation.

It has also become public that the NSA has backdoored at least 2 major encryption algorithms, one of which is broken and there are no plans to fix that particular algorithm. It should also be assumed that the NSA has backdoored encryption hardware, as well. If you don't want someone finding something out, don't put it on the Internet.

Link to post
Share on other sites

SSTP is a proprietary standard owned by Microsoft, and I wouldn't count on that not being compromised by the NSA.

PPTP has been compromised by the NSA.

L2TP and L2TP/IPsec may be compromised by the NSA.

OpenVPN, which uses the OpenSSL library and SSLv3/TLSv1 protocols, along with a variety of other technologies, can be considered a reliable and secure VPN solution. OpenSSL includes an algorithm known to have been subverted by the NSA. However, as I mentioned in my previous post, the implementation of that particular algorithm is flawed, and as a result completely breaks the algorithm; and cannot be used by OpenSSL. The OpenSSL project has no intentions of fixing the implementation of that particular alogrithm.

At this time OpenVPN does not appear to have been compromised by the NSA, and is also (because of the way OpenVPN exchanges keys) appears to be immune to NSA attacks.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...