Scott writes:
Has anyone looked at our internal network infra closely?
Yes, but system security and security of the private keys are equally important.
On general principles, after the TLS 1.2 / HTTPS everywhere default is in place, they private keys should be updated, with as secure and limited a set of people having access to the servers with that as possible.
One could guess that going after TLS / HTTPS private key certs is another level to all of this, compromising servers and/or cert agencies to get them.
On Fri, Sep 6, 2013 at 1:08 PM, C. Scott Ananian cananian@wikimedia.orgwrote:
New revelations on NSA capabilities yesterday in the New York Times: see https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html for a jumping off point.
The bottom line seems to be:
- don't use RC4 (we're already working toward that goal, I believe)
- don't use the Dual_EC_DRBG PRNG (see
http://crypto.stackexchange.com/questions/10189/who-uses-dual-ec-drbg)
Can someone take a look at our SSL configuration and see if we have Dual_EC_DRBG enabled? (And if so, turn it off and use a better PRNG!) --scott
ps. apparently Dual_EC_DRBG is built-in to Windows (!). A good reason not to run your security-critical servers on Windows, I guess... pps. if we're throwing stones, the Debian PRNG flaw is a big glass window.... ppps.
http://blog.cryptographyengineering.com/2012/02/random-number-generation-ill... pppps. router/switch/firewall compromises have also been a big part of the NSA story. Has anyone looked at our internal network infra closely?
-- (http://cscott.net) _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l