Old Encryption Breaking program left on Open Internet

[WMGroomAK]

When you connect a drive to the internet, you may want to make sure that any important information is not exposed and maybe encrypt it...  In a case of 'Oops, maybe we should have done a bit more security checking', a security researcher looking for open devices on the internet found an unencrypted file stored on a backup drive connected to a New York University (NYU) server for a joint code-breaking project between IBM, NYU and the Dept. of Defense.

 

https://www.engadget.com/2017/05/11/doj-code-breaking-project-found-unencrypted-on-the-internet/

Quote

The Intercept reports a joint project of IBM, NYU and the department of defense called "WindsorGreen" was found by a security researcher looking for open devices on the internet. The program details a system rife with the kind of complex math needed to take down encryption and brute-force passwords. The code-breaking project seems to have been in development between 2005 and 2012 with a suggestion within the documents that it would not be ready until 2014.

 

While the documents describes an incredibly powerful code-breaking project, according to what hacker and computer researcher Andrew "Bunnie" Huang told The Intercept, if you're using the latest encryption, you don't have anything to worry about. "Even if [WindsorGreen] gave a 100x advantage in cracking strength, it's a pittance compared to the additional strength conferred by going from say, 1024-bit RSA to 4096-bit RSA or going from SHA-1 to SHA-256."

 

At least when it comes to this venture. Who knows what's currently being developed?

 

The story is an interesting read and a cautionary tale about being extra diligent when setting up your network and remembering to encrypt everything. And be doubly sure to encrypt your potentially top secret files about cracking encryption.

So yeah, while this project would not really be able to cause a lot of harm given that it appears outdated, maybe if you are working on an encryption cracking project, encrypt your work and don't store it on a device facing the internet...

 

Intercept article: https://theintercept.com/2017/05/11/nyu-accidentally-exposed-military-code-breaking-computer-project-to-entire-internet/

Edited May 11, 2017 by WMGroomAK
Additional Article

[vanished]

So the research about how to break encryption was stored unencrypted and open to the internet. GG

 

Next we'll learn that the top scientist who knew the cure for cancer recently died of cancer

[WMGroomAK]

15 minutes ago, Ryan_Vickers said:

So the research about how to break encryption was stored unencrypted and open to the internet. GG

 

Next we'll learn that the top scientist who knew the cure for cancer recently died of cancer

Imagine being the researcher to discover this though...  

 

Calls up NYU: 'Umm, do you guys realize you have secret documents exposed to the world?'

 

Begins wondering when the NSA or FBI will knock on his door to arrest him for trying to steal secret documents.

[ARikozuM]

18 minutes ago, Ryan_Vickers said:

Next we'll learn that the top scientist who knew the cure for cancer recently died of cancer

More like the cancer researcher decided to leave the cancer cure alone and only focus on its effects on ED.

[LAwLz]

Remember that these are the people you entrust with your personal information whenever you say "I have nothing to hide" as an argument for not needing privacy.

[vanished]

3 hours ago, LAwLz said:

Remember that these are the people you entrust with your personal information whenever you say "I have nothing to hide" as an argument for not needing privacy.

That said though, not giving up any information because they can't be trusted to store it properly seems like addressing the symptom and not the problem.  The real answer is to have systems that aren't run by fools, which I believe is a good idea if there is or is not still other reasons for not just giving up everything.

[LAwLz]

3 hours ago, Ryan_Vickers said:

That said though, not giving up any information because they can't be trusted to store it properly seems like addressing the symptom and not the problem.  The real answer is to have systems that aren't run by fools, which I believe is a good idea if there is or is not still other reasons for not just giving up everything.

Not having buffoons running the thing would be a good start, but I think it is unavoidable. On top of that, I'd say there are several other reasons for not giving up your personal information.