Posts Tagged internet

NSA May Have Impersonated Google

Posted by Brian in Comms, Law, News on 13/Sep/2013 14:00

From Cnet.com:

Earlier this week, Techdirt picked up on a passing mention in a Brazilian news story and a Slate article to point out that the US National Security Agency had apparently impersonated Google on at least one occasion to gather data on people. (Mother Jones subsequently pointed out Techdirt’s point-out.)

A technique commonly used by hackers, a MITM attack involves using a fake security certificate to pose as a legitimate Web service, bypass browser security settings, and then intercept data that an unsuspecting person is sending to that service. Hackers could, for example, pose as a banking Web site and steal passwords.

, , , , , , , ,

No Comments

Silent Circle Comments on the NSA

Posted by Brian in Law, News on 12/Sep/2013 13:46

Here is an excerpt of Silent Circle’s  editorial from their company blog:

We at Silent Circle believe these revelations and disclosures are some of the best things that could happen to the technology sector. In fact, the battle for your digital soul has turned strongly towards Privacy’s corner because we now know what we are up against. We are beginning to define the capabilities and tactics of the world’s surveillance machine. Before all of this -we speculated, guessed and hypothesized that it was bad –we were all way off. It’s horrendous. It’s Orwell’s 1984 on steroids. It doesn’t matter –we will win the war.

, , , , , , , ,

No Comments

The NSA and the Obama Administration

Posted by Brian in Comms, Law, News, Threat Watch on 11/Sep/2013 13:01

Just after the revelations about the NSA’s encryption-breaking abilities, there is now a story that the Obama administration let the leash off the NSA in 2011. In the encryption story published by The Guardian, New York Times and Pro Publica there was an interesting nugget of information. The programs run by the NSA are named after Civil War battles. Does that mean that the NSA sees the American public as its enemy? I have no problem with the NSA doing what they do and focusing that effort outward but as soon as that capability is turned inward on our own citizens that is when we have a problem. There is that pesky Fourth Amendment to the Constitution that specifically prohibits looking at our “effects”:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Bruce Schneier, a security technologist, is now calling on engineers who work in the government or for companies that contract with the government to start blowing the whistle on these type of programs. This administration has a history of citing the dangers that certain citizens pose while ignoring the explicit threats from outside. Targeting Americans with these programs is unacceptable.

, , , , , , , , ,

No Comments

NRA and ACLU Join Forces to Fight NSA Spying Program

Posted by Brian in News, Threat Watch on 8/Sep/2013 08:59

From Reuters:

In a brief backing the American Civil Liberties Union’s lawsuit against senior U.S. government officials, the NRA said the collection of vast communications threatens privacy and could allow the government to create a registry of gun owners.

, , , , ,

No Comments

NSA Employing 35,000 to Break Encrypted Communications

Posted by Brian in Comms, News on 2/Sep/2013 12:42

From Wired.com:

The Post’s article doesn’t detail the “groundbreaking cryptanalytic capabilities” Clapper mentions, and there’s no elaboration in the portion of the document published by the paper. But the document shows that 21 percent of the intelligence budget — around $11 billion — is dedicated to the Consolidated Cryptologic Program that staffs 35,000 employees in the NSA and the armed forces.

, , , , , ,

No Comments

US Government Resorting to Mob Tactics

Posted by Brian in Law, News on 26/Aug/2013 08:17

According to Reason.com the owner of the Lavabit email service has been threatened with arrest for shutting down the service rather than cooperate with the government.

, , , , , ,

No Comments

Silent Circle Can’t Guarantee Customers’ Privacy From NSA

Posted by Brian in Comms, News, Threat Watch on 10/Aug/2013 13:42

From Tech Crunch:

“We knew USG would come after us”. That’s why Silent Circle CEO Michael Janke tells TechCrunch his company shut down its Silent Mail encrypted email service. It hadn’t been told to provide data to the government, but after Lavabit shut down today rather than be “complicit” with NSA spying, Silent Circle told customers it has killed off Silent Mail rather than risk their privacy.

Full press release from Silent Circle.

What Silent Circle does:

, , , , , , , , , ,

No Comments

NSA Targeted TOR Network With Malware

Posted by Brian in Comms, News, Threat Watch on 8/Aug/2013 13:06

From BoingBoing.net:

Initial investigations traced the address to defense contractor SAIC, which provides a wide range of information technology and C4ISR (Command, Control, Communications, Computers, Intelligence, Surveillance, and Reconnaissance) support to the Department of Defense. The geolocation of the IP address corresponds to an SAIC facility in Arlington, Virginia.

, , , , , , ,

No Comments

Andriod Backup Services May Not Be Secure

Posted by Brian in Comms, News on 7/Aug/2013 13:58

If you use an Android device you may want to review how you store your settings and passwords.

From the Electronic Frontier Foundation:

If you have a recent Android phone or tablet, chances are you take advantage of a convenient feature to backup your application settings and wireless network passwords. This feature is enabled by default in Android 2.2 and later, and it can make switching to a new device or replacing a lost phone a quicker process. If you haven’t examined all the settings for your phone, you might not know if this setting is enabled.

, , , , , , , , ,

No Comments

Concern Increasing Over Skype’s Security

Posted by Brian in Comms, News, Threat Watch on 22/Jul/2013 12:53

From Electronic Freedom Foundation:

This security limitation has concerned us for a long time. Last year, Chris Soghoian argued that, for this reason, “Skype is in a position to give the government sufficient data to perform a man in the middle attack against Skype users.” Soghoian argued that Skype should change its design to eliminate this ability, or else disclose the risk more prominently. One way of limiting man-in-the-middle attacks would be for Skype to introduce a way for users to do their own encryption key verification, without relying on the Skype service. As Soghoian notes, that’s what many other encrypted communications tools do—but such a verification option is missing from Skype.

, , , , , , ,

No Comments

Rep. Waxman (D-CA) Wants to Ban Individuals From Making Their Own Guns.

Posted by Brian in Law, News, Threat Watch on 18/Jul/2013 12:38

From LA’s NBC affiliate:

The mass shooting that left five people dead in Santa Monica is the reason a California congressman wants to make it illegal for people to buy parts on the Internet to build their own weapons.

, , , , ,

No Comments

Creating and Managing Passwords: How the Experts Do It

Posted by Brian in Comms, Opinion, Threat Watch on 15/Jul/2013 12:12

From Ars Technica:

I recently checked in with five security experts to learn about their approach to choosing and storing crack-resistant passwords. They include renowned cryptographer Bruce Schneier, who is a “security futurologist” at BT and recently joined the Electronic Frontier Foundation’s board of directors; Adriel T. Desautels, CEO of Netragard, a firm that gets paid to hack large companies and then tell them how it was done; Jeremiah Grossman, founder and CTO of WhiteHat Security; Jeffrey Goldberg, “defender against the dark arts” at AgileBits, a company that develops the popular 1Password password manager; and Jeremi Gosney, a password security expert at Stricture Consulting.

, , , ,

No Comments

Anonymity Impossible?

Posted by Brian in Law, News, Threat Watch on 16/May/2013 08:00

MIT asks the question in an article about how much information individuals create about themselves.

Much of this data is invisible to people and seems impersonal. But it’s not. What modern data science is finding is that nearly any type of data can be used, much like a fingerprint, to identify the person who created it: your choice of movies on Netflix, the location signals emitted by your cell phone, even your pattern of walking as recorded by a surveillance camera. In effect, the more data there is, the less any of it can be said to be private, since the richness of that data makes pinpointing people “algorithmically possible,” says Princeton University computer scientist Arvind Narayanan.

, , , , , , , , , , ,

No Comments

Dept. of State Takes Down DEFCAD Gun Files

Posted by Brian in Law, News, Threat Watch on 10/May/2013 15:21

The Blaze reports that the Department of State has claimed ownership of the information which Defense Distributed had on its website.

A letter to Defense Distributed from the Department of State, Bureau of Political Military Affairs, Office of Defense Trade Controls Compliance, Enforcement Division (DTCC/END) explains that while conducting a review of the data posted on DEFCAD it found that the licensed firearm manufacturer might have released ITAR (International Traffic in Arms Regulations)-controlled information without authorization and would thus be in violation.

, , , , , , , , , , , , , , , , ,

No Comments

Technology vs Security

Posted by Brian in Opinion, Threat Watch on 19/Mar/2013 08:22

From Wired:

Because the damage attackers can cause becomes greater as technology becomes more powerful. Guns become more harmful, explosions become bigger, malware becomes more pernicious … and so on. A single attacker, or small group of attackers, can cause more destruction than ever before.

As the destructive power of individual actors and fringe groups increases, so do the calls for — and society’s acceptance of — increased security.

, , , , , ,

No Comments