Linked by Thom Holwerda on Thu 20th Mar 2014 23:10 UTC
Microsoft

One of the revelations in this week's case of a Microsoft worker who leaked pre-release Windows 8 software was that Microsoft accessed the Hotmail account of the blogger to whom the data was leaked. And it did so without a court order.

Well, it turns out Microsoft was apparently within its rights to do so, having explicitly carved out the right to access communications to protect its own intellectual property.

Yahoo and Google have similar clauses.

Thread beginning with comment 585027
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[7]: The small print is better.
by jgagnon on Fri 21st Mar 2014 19:50 UTC in reply to "RE[6]: The small print is better."
jgagnon
Member since:
2008-06-24

If your random number generator is broken your encryption is broken, no matter which algorithm you are using.

Reply Parent Score: 2

Alfman Member since:
2011-01-28

jgagnon,

If your random number generator is broken your encryption is broken, no matter which algorithm you are using.


No doubt, however it doesn't make sense to generalize that all network encryption is broken because RSA's number generator was allegedly compromised by the NSA. That's not a logical conclusion since "MIGHT BE" is different than "IS". Consider:


"That man's 6ft, we know the murder was 6ft, therefor he IS guilty"

"That man's 6ft, we know the murder was 6ft, therefor he MIGHT BE guilty"

With this in mind, can we agree that your original statement was overgeneralized?
As others have said or hinted at: your data is vulnerable even while using encryption end to end.


Edited 2014-03-21 20:16 UTC

Reply Parent Score: 3

jgagnon Member since:
2008-06-24

I don't think I ever said it was all broken, only that there is no way to trust that it isn't broken. Even with all of the Snowden-related revelations we still know very little about how deeply the NSA is entrenched into our every day lives. What are their limits? We don't know. If anything, you should read what I'm saying as "make no assumptions" about anything in the realm of security.

Reply Parent Score: 2