The NSA and Snowden stories have brought internet security issues to the forefront lately. In fact, Threatpost recently reported on How the NSA could be breaking SSL. Commenting on the story, Michael Sutton, vice president of security research for Zscaler, said:
"The silver lining of the recent Snowden revelations comes in the form of public awareness that is driving IT vendors to double down on efforts to improve and extend encryption efforts to enhance data privacy. Whether implementing stronger encryption algorithms or adding it where it wasn't previously used, vendors are raising the bar for attackers (good and bad) attempting to orchestrate data breaches. Despite these efforts, it is likely that the NSA and other intelligence organisations will continue to succeed in their eavesdropping efforts, not because they are breaking SSL, but because they are bypassing it. This occurs either because encryption is often not employed end-to-end or due to legal efforts to obtain encryption keys. The revelations that the NSA was tapping directly into fibre optic cables outside of Google and Yahoo! data centres for example, was being done as an effort to tap into a weak link in the security chain where data was not encrypted when being transferred between data centres. Likewise, court documents have revealed NSA efforts to force companies to turn over private encryption keys. The strongest encryption algorithms in the world are of little use when not turned on or if the keys are handed over."