Encryption and Backdoors

The upshot of ISACA's the sky is falling article identifies the following, from an SME that lives and breathes cybersecurity and forensics:

•          Humans are the weakest link i.e. phishing and social engineering
•          Security awareness training is essential…since data harvesting can occur over years
•          Continuous communication since some of the preventative items seemingly easy and just makes common sense

Now, instead of diving deep into forensics which is probably best left as a separate post, lets transition off to recent events. Trending lately is data encryption and backdoors by the way of Blackberry and RSA, respectively.

As if Blackberry didn’t have enough to worry about its place in the market.  A claim has surfaced that its PGP used for email can be decrypted with commercially available tools.  In fact source, Dutch investigators, was quick to point out that not all, but nearly 85% of encrypted emails including deleted messages were recovered. Blackberry’s response have been limited, to be expected, but what encryption isn’t full proof, right. 

There again, unless you purposefully or offer to leave backdoors…as reported by Reuters that NSA paid RSA for making the random number generator algorithm the default option in its cryptographic toolkit.  Of course Snowden’s information leaks spurred conversation which now may have some affects on the upcoming 2016 RSAConference.  Over half-dozen presenters have withdrawn including members of Google, Mozilla, Taia Global, F-Secure and now OWASP is voting on the boycott matter.  Unfortunately, the RSA named conference was intended to be an independent forum anyway; yet likely to suffer from the RSA brand for which the event is hosted under.  Wonder if naming it EMConference make a difference?  The vendor presentations, exhibits and sponsorships has opened doors for other companies and it does not seem to have a short of those requesting.