NSA

Heartbleed on Tumblr

Heartbleed bug

The surreal world that is the United States Intelligence Community has recently released a statement over the Heartbleed vulnerability as a rebuttal to an article from Bloomberg. The government's statement is as follows:

Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 are wrong. The Federal government was not aware of the recently identified vulnerability in OpenSSL until it was made public in a private sector cybersecurity report.

There are a number of issues I'd like to point out from this (aka the bleedin' obvious)...

It's time to break up the NSA

Bruce Schneier says that the NSA is too big and powerful and that it's time to break up the agency:

Broadly speaking, three types of NSA surveillance programs were exposed by the documents released by Edward Snowden. And while the media tends to lump them together, understanding their differences is critical to understanding how to divide up the NSA's missions.

http://edition.cnn.com/2014/02/20/opinion/schneier-nsa-too-big/index.html

Tags: 

American Bar Association Wakes Up

In an earlier blog post, I covered the effect of the NSA on the attorney/client relationship. Now the American Bar Association has woken up and is taking the matter seriously. Apparently, it took the revelations that the NSA was spying on an American law firm in order for the ABA to put on their super hero cape and type up a letter.

Chaos Computer Club files criminal complaint against German Government

On Monday, the Chaos Computer Club (CCC) and the International League for Human Rights (ILMR), have filed a criminal complaint with the Federal Prosecutor General's office. The complaint is directed against the German federal government, the presidents of the German secret services, namely Bundesnachrichtendienst, Militärischer Abschirmdienst, Bundesamt für Verfassungschutz, and others.

Remember those Cookies???

I briefly mentioned in a previous blog post the tracking capabilities of cookies, and how cookies can be used to do things like scan networks behind firewalls. Well, the documentation has now surfaced of how the NSA uses one particular Google cookie to track users and determine who to target for closer surveillance (i.e. attacks with software exploits).

Of Proxies And Porn....

In a previous blog post, I mentioned that SSL proxy servers, deployed in 1999, were used for finding and monitoring the downloading of porn. In the context of that blog post, this was originally done to find employees who were wasting work time, and provide a solid reason for terminating a non-productive employee without the unions pitching a fit.

Fast forward to 2013, and that same tech is being used to "undermine a target's credibility, reputation and authority"...

Weaponizing the Internet...

Here's a gem:

According to revelations about the QUANTUM program, the NSA can “shoot” (their words) an exploit at any target it desires as his or her traffic passes across the backbone... Which means the rest of us — and especially any company or individual whose operations are economically or politically significant — are now targets. All cleartext traffic is not just information being sent from sender to receiver, but is a possible attack vector.

Here's one for the wi-fi worry warts ...

As if you didn't have enough things to worry about, check out Michael Horowitz's article at Computerworld:

Google knows nearly every Wi-Fi password in the world

If an Android device (phone or tablet) has ever logged on to a particular Wi-Fi network, then Google probably knows the Wi-Fi password. Considering how many Android devices there are, it is likely that Google can access most Wi-Fi passwords worldwide.

Oh, and change your wifi passwords now. You'll be completely safe until the next device logs in...

Why Lawyers Should Be Paying Attention to the NSA

From the law offices of Mikki Barry. Google's Gmail & Calendar may now have serious legal issues regarding potential breach of attorney/client privilege...

As attorneys, each one of us should be screaming bloody murder about this potential breach of attorney/client privilege at its very core. It’s not that it is “possible” to get our privileged information, our work product through Google Apps, both the “metadata” and the content of our correspondence, etc., it has already happened, and continues to this day. We KNOW our communications have been compromised. The question now is what to do about it.

The NSA Is Breaking Most Encryption on the Internet

The new Snowden revelations are explosive. Basically, the NSA is able to decrypt most of the Internet. They're doing it primarily by cheating, not by mathematics.

Follow the link to joint reporting between the Guardian, the New York Times, and ProPublica:

https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html

The NYT on the NSA - in March 1983...

National Security Agency

From the New York Times (published on March 27, 1983):
No laws define the limits of the N.S.A.'s power. No Congressional committee subjects the agency's budget to a systematic, informed and skeptical review. With unknown billions of Federal dollars, the agency purchases the most sophisticated communications and computer equipment in the world. But truly to comprehend the growing reach of this formidable organization, it is necessary to recall once again how the computers that power the N.S.A. are also gradually changing lives of Americans - the way they bank, obtain benefits from the Government and communicate with family and friends.

Why a blog? Why now?

I started this blog in 1996. Long before the term "blog" or "blogging" or "web log" had even been coined. I threw it away several times, and started over, most of the time due to either disk crashes, server moves, or incompatible CMS upgrades. Eventually I gave up. I didn't take it seriously. Then Facebook came along, and I put pithy, mostly idiotic, observations on there, hidden behind my wall of "friends".

Apparently, Facebook is now big enough to play in the big leagues and the consequences are becoming more and more apparent every day. There's been a lot of fallout since Edward Snowden came forward with new revelations about the NSA, which includes Facebook, Microsoft, Apple, and others, handing over data. Unfortunately, we've seen a number of web sites and services disappear as a result.