EFF in the News
"Coming on the heels of Google's controversial decision to tear down the privacy-protective walls between some of its other services, this is bad news of the company. It's time for Google to acknowledge that it can do a better job of respecting the privacy of Web users," the EFF said in a statement.
Online rights champion Electronic Frontier Foundation (EFF) supplied key data for the research, and said that Lenstra's team found tens of thousands of keys that essentially failed to guard data in supposedly encrypted online sessions.
"The consequences of these vulnerabilities are extremely serious," the EFF's Dan Auerbach and Peter Eckersley said in a blog post.
In another part of the capital, a raid by Syrian intelligence agents on the office of the Syrian Center for Media and Freedom of Expression on Thursday led to the arrest of 12 activists. Among those detained, according to the Electronic Frontier Foundation, were the center’s director, Mazen Darwish, and the Syrian blogger Razan Ghazzawi. The foundation reported that the raid was carried out by members of the Syrian Air Force’s intelligence division in civilian dress, who took the detainees to an undisclosed location.
This led the Electronic Frontier Foundation (EFF), for one, to pull down most recently 7.1 million certificates as part of its SSL Observatory.
The Electronic Frontier Foundation has begun to publish a series of informative corporate biographies of technology companies that make network spying equipment and sell it to torturing dictators like Hosni Mubarak and Muammar Qaddafi.
An audit of the public keys used to protect HTTPS connections, based on digital certificate data from the Electronic Frontier Foundation's SSL Observatory project, found that tens of thousands of cryptography keys offer "effectively no security" due to weak random-number generation algorithms.
Katitza Rodriguez es la Directora internacional de Derechos Humanos de la Electronic Frontier Foundation, una organización que se ocupa de la defensa de la libertad de expresión y la privacidad en el mundo digital. Es peruana, vive en San Francisco.
"This comes as an unwelcome warning that underscores the difficulty of key generation in the real world," researcher James P. Hughes told the New York Times, which along with the Electronic Frontier Foundation was the first to report the discovery.
The researchers did not speculate on the cause of the lack of randomness. At the moment, there is little the average person can do about the problem.
Using data from the Electronic Frontier Foundation's (EFF) SSL Observatory project, researchers led by Arjen Lenstra at the Ecole Polytechnique Federale de Lausanne (EPFL) found that while "the vast majority of public keys work as intended," about 2 out of every 1,000 RSA moduli - an algorithm for public-key cryptography - "offer no security."
The Electronic Frontier Foundation’s SSL Observatory has found that thousands of SSL certificates used to authenticate HTTPS sites are effectively useless, owing to weak algorithms used to generate the random numbers that are needed for encryption.