NSA

By Simon, 11 April, 2014

The surreal world that is the United States Intelligence Community has recently released a statement over the Heartbleed vulnerability as a rebuttal to an article from Bloomberg. The government's statement is as follows:

Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 are wrong. The Federal government was not aware of the recently identified vulnerability in OpenSSL until it was made public in a private sector cybersecurity report.

There are a number of issues I'd like to point out from this (aka the bleedin' obvious)...

By Simon, 22 February, 2014

Bruce Schneier says that the NSA is too big and powerful and that it's time to break up the agency:

Broadly speaking, three types of NSA surveillance programs were exposed by the documents released by Edward Snowden. And while the media tends to lump them together, understanding their differences is critical to understanding how to divide up the NSA's missions.

http://edition.cnn.com/2014/02/20/opinion/schneier-nsa-too-big/index.ht…

Tags

By Simon, 3 February, 2014

On Monday, the Chaos Computer Club (CCC) and the International League for Human Rights (ILMR), have filed a criminal complaint with the Federal Prosecutor General's office. The complaint is directed against the German federal government, the presidents of the German secret services, namely Bundesnachrichtendienst, Militärischer Abschirmdienst, Bundesamt für Verfassungschutz, and others.

By Simon, 11 December, 2013

I briefly mentioned in a previous blog post the tracking capabilities of cookies, and how cookies can be used to do things like scan networks behind firewalls. Well, the documentation has now surfaced of how the NSA uses one particular Google cookie to track users and determine who to target for closer surveillance (i.e. attacks with software exploits).

By Simon, 27 November, 2013

In a previous blog post, I mentioned that SSL proxy servers, deployed in 1999, were used for finding and monitoring the downloading of porn. In the context of that blog post, this was originally done to find employees who were wasting work time, and provide a solid reason for terminating a non-productive employee without the unions pitching a fit.

Fast forward to 2013, and that same tech is being used to "undermine a target's credibility, reputation and authority"...

By Simon, 20 November, 2013

Here's a gem:

According to revelations about the QUANTUM program, the NSA can “shoot” (their words) an exploit at any target it desires as his or her traffic passes across the backbone... Which means the rest of us — and especially any company or individual whose operations are economically or politically significant — are now targets. All cleartext traffic is not just information being sent from sender to receiver, but is a possible attack vector.

By Simon, 17 September, 2013

As if you didn't have enough things to worry about, check out Michael Horowitz's article at Computerworld:

Google knows nearly every Wi-Fi password in the world

If an Android device (phone or tablet) has ever logged on to a particular Wi-Fi network, then Google probably knows the Wi-Fi password. Considering how many Android devices there are, it is likely that Google can access most Wi-Fi passwords worldwide.

Oh, and change your wifi passwords now. You'll be completely safe until the next device logs in...

By Simon, 10 September, 2013

From the law offices of Mikki Barry. Google's Gmail & Calendar may now have serious legal issues regarding potential breach of attorney/client privilege...

As attorneys, each one of us should be screaming bloody murder about this potential breach of attorney/client privilege at its very core. It’s not that it is “possible” to get our privileged information, our work product through Google Apps, both the “metadata” and the content of our correspondence, etc., it has already happened, and continues to this day. We KNOW our communications have been compromised. The question now is what to do about it.