Skip to main content

Home/ Future of the Web/ Group items tagged admins

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Paul Merrell

He Was a Hacker for the NSA and He Was Willing to Talk. I Was Willing to Listen. - 2 views

theintercept.com/...o-talk-i-was-willing-to-listen

surveillance state NSA-hacker-interview

shared by Paul Merrell on 03 Jul 16 - No Cached
  • he message arrived at night and consisted of three words: “Good evening sir!” The sender was a hacker who had written a series of provocative memos at the National Security Agency. His secret memos had explained — with an earthy use of slang and emojis that was unusual for an operative of the largest eavesdropping organization in the world — how the NSA breaks into the digital accounts of people who manage computer networks, and how it tries to unmask people who use Tor to browse the web anonymously. Outlining some of the NSA’s most sensitive activities, the memos were leaked by Edward Snowden, and I had written about a few of them for The Intercept. There is no Miss Manners for exchanging pleasantries with a man the government has trained to be the digital equivalent of a Navy SEAL. Though I had initiated the contact, I was wary of how he might respond. The hacker had publicly expressed a visceral dislike for Snowden and had accused The Intercept of jeopardizing lives by publishing classified information. One of his memos outlined the ways the NSA reroutes (or “shapes”) the internet traffic of entire countries, and another memo was titled “I Hunt Sysadmins.” I felt sure he could hack anyone’s computer, including mine. Good evening sir!
  • The sender was a hacker who had written a series of provocative memos at the National Security Agency. His secret memos had explained — with an earthy use of slang and emojis that was unusual for an operative of the largest eavesdropping organization in the world — how the NSA breaks into the digital accounts of people who manage computer networks, and how it tries to unmask people who use Tor to browse the web anonymously. Outlining some of the NSA’s most sensitive activities, the memos were leaked by Edward Snowden, and I had written about a few of them for The Intercept. There is no Miss Manners for exchanging pleasantries with a man the government has trained to be the digital equivalent of a Navy SEAL. Though I had initiated the contact, I was wary of how he might respond. The hacker had publicly expressed a visceral dislike for Snowden and had accused The Intercept of jeopardizing lives by publishing classified information. One of his memos outlined the ways the NSA reroutes (or “shapes”) the internet traffic of entire countries, and another memo was titled “I Hunt Sysadmins.” I felt sure he could hack anyone’s computer, including mine.
  • I got lucky with the hacker, because he recently left the agency for the cybersecurity industry; it would be his choice to talk, not the NSA’s. Fortunately, speaking out is his second nature.
  • ...7 more annotations...
  • He agreed to a video chat that turned into a three-hour discussion sprawling from the ethics of surveillance to the downsides of home improvements and the difficulty of securing your laptop.
  • In recent years, two developments have helped make hacking for the government a lot more attractive than hacking for yourself. First, the Department of Justice has cracked down on freelance hacking, whether it be altruistic or malignant. If the DOJ doesn’t like the way you hack, you are going to jail. Meanwhile, hackers have been warmly invited to deploy their transgressive impulses in service to the homeland, because the NSA and other federal agencies have turned themselves into licensed hives of breaking into other people’s computers. For many, it’s a techno sandbox of irresistible delights, according to Gabriella Coleman, a professor at McGill University who studies hackers. “The NSA is a very exciting place for hackers because you have unlimited resources, you have some of the best talent in the world, whether it’s cryptographers or mathematicians or hackers,” she said. “It is just too intellectually exciting not to go there.”
  • The Lamb’s memos on cool ways to hunt sysadmins triggered a strong reaction when I wrote about them in 2014 with my colleague Ryan Gallagher. The memos explained how the NSA tracks down the email and Facebook accounts of systems administrators who oversee computer networks. After plundering their accounts, the NSA can impersonate the admins to get into their computer networks and pilfer the data flowing through them. As the Lamb wrote, “sys admins generally are not my end target. My end target is the extremist/terrorist or government official that happens to be using the network … who better to target than the person that already has the ‘keys to the kingdom’?” Another of his NSA memos, “Network Shaping 101,” used Yemen as a theoretical case study for secretly redirecting the entirety of a country’s internet traffic to NSA servers.
  • “If I turn the tables on you,” I asked the Lamb, “and say, OK, you’re a target for all kinds of people for all kinds of reasons. How do you feel about being a target and that kind of justification being used to justify getting all of your credentials and the keys to your kingdom?” The Lamb smiled. “There is no real safe, sacred ground on the internet,” he replied. “Whatever you do on the internet is an attack surface of some sort and is just something that you live with. Any time that I do something on the internet, yeah, that is on the back of my mind. Anyone from a script kiddie to some random hacker to some other foreign intelligence service, each with their different capabilities — what could they be doing to me?”
  • “You know, the situation is what it is,” he said. “There are protocols that were designed years ago before anybody had any care about security, because when they were developed, nobody was foreseeing that they would be taken advantage of. … A lot of people on the internet seem to approach the problem [with the attitude of] ‘I’m just going to walk naked outside of my house and hope that nobody looks at me.’ From a security perspective, is that a good way to go about thinking? No, horrible … There are good ways to be more secure on the internet. But do most people use Tor? No. Do most people use Signal? No. Do most people use insecure things that most people can hack? Yes. Is that a bash against the intelligence community that people use stuff that’s easily exploitable? That’s a hard argument for me to make.”
  • I mentioned that lots of people, including Snowden, are now working on the problem of how to make the internet more secure, yet he seemed to do the opposite at the NSA by trying to find ways to track and identify people who use Tor and other anonymizers. Would he consider working on the other side of things? He wouldn’t rule it out, he said, but dismally suggested the game was over as far as having a liberating and safe internet, because our laptops and smartphones will betray us no matter what we do with them. “There’s the old adage that the only secure computer is one that is turned off, buried in a box ten feet underground, and never turned on,” he said. “From a user perspective, someone trying to find holes by day and then just live on the internet by night, there’s the expectation [that] if somebody wants to have access to your computer bad enough, they’re going to get it. Whether that’s an intelligence agency or a cybercrimes syndicate, whoever that is, it’s probably going to happen.”
  • There are precautions one can take, and I did that with the Lamb. When we had our video chat, I used a computer that had been wiped clean of everything except its operating system and essential applications. Afterward, it was wiped clean again. My concern was that the Lamb might use the session to obtain data from or about the computer I was using; there are a lot of things he might have tried, if he was in a scheming mood. At the end of our three hours together, I mentioned to him that I had taken these precautions—and he approved. “That’s fair,” he said. “I’m glad you have that appreciation. … From a perspective of a journalist who has access to classified information, it would be remiss to think you’re not a target of foreign intelligence services.” He was telling me the U.S. government should be the least of my worries. He was trying to help me. Documents published with this article: Tracking Targets Through Proxies & Anonymizers Network Shaping 101 Shaping Diagram I Hunt Sys Admins (first published in 2014)
Gonzalo San Gil, PhD.

Hey UK: Jailing File-Sharers for Years is Shameful | TorrentFreak - 1 views

torrentfreak.com/s-for-years-is-shameful-141116

jail for share lamentable cultural politics lobby lobbying kills law justice companies income statement

shared by Gonzalo San Gil, PhD. on 17 Nov 14 - No Cached
  • Gonzalo San Gil, PhD. on 17 Nov 14
     
    " Andy on November 16, 2014 C: 51 Breaking Admins and uploaders know the risks, but when otherwise good citizens go to jail for sharing files it's a horrible moment for all involved. This week two young men from the UK were locked up for years, one for his acts as a teenager several years ago. What a complete and utter waste of life." [# What's Next...? # ! #Life #imprisonment for #government critics? # ! #Death #Penalty for blogging on social issues...? # ! #Law must represent #Justice, not #companies' #income # ! #statements]
  • Gonzalo San Gil, PhD. on 17 Nov 14
     
    " Andy on November 16, 2014 C: 51 Breaking Admins and uploaders know the risks, but when otherwise good citizens go to jail for sharing files it's a horrible moment for all involved. This week two young men from the UK were locked up for years, one for his acts as a teenager several years ago. What a complete and utter waste of life."
Gonzalo San Gil, PhD.

How to block network traffic by country on Linux - Xmodulo - 0 views

xmodulo.com/-traffic-by-country-linux.html

how to block network traffic country linux GNU_Linux GNU open source free software geoblocking admin security access geography location

shared by Gonzalo San Gil, PhD. on 15 Dec 15 - No Cached
  • Gonzalo San Gil, PhD. on 15 Dec 15
     
    "Last updated on December 11, 2015 Authored by Dan Nanni 10 Comments As a system admin who maintains production Linux servers, there are circumstances where you need to selectively block or allow network traffic based on geographic locations. For example, you "
ravi_chauhan

What Does Wordpress 3.0 Mean For Blogger? - 3 views

digitmagzine.com/...wordpress-3-0-mean-for-blogger

wordpress what

shared by ravi_chauhan on 20 Jun 10 - Cached
  • ravi_chauhan on 20 Jun 10
     
    The popular blogging platform WordPress has been updated to version 3.0. WordPress 3.0 contains more than 1200 bug fixes and enhancements including a new default theme and a redesigned admin area with lighter colors.
Gary Edwards

Sun pitches new cloud as 'Open Platform' * - 0 views

www.theregister.co.uk/...sun_cloud_platform

Cloud-Computing Cloud-API sun tim-bray

shared by Gary Edwards on 03 Apr 09 - Cached
  • Gary Edwards on 03 Apr 09
     
    Sun takes on the problem of interoperability and portability of applications in a world where there will be many many clouds. At the roll out of the Sun Cloud, key executives explain Sun's implementation of Open Cloud API's and what they see as a pressing need for management tools that will allow some standardization across clouds.

    Sun's Open Cloud API plan is a clean reuse of existing Open Web API's.

    "..... The underpinning of the Open Cloud Platform that Sun will be pitching to developers is a set of cloud APIs, the creation of which is focused under Project Kenai and which has been released under a Community Commons open source license. Sun wants lots of feedback on the APIs and wants these APIs to become a standard too, hence the open license. These APIs describes how virtual elements in a cloud are created, started, stopped, and hibernated using HTTP commands such as GET, PUT, and POST...."

    "...... The upshot is that these APIs will allow programmatic access to virtual infrastructure from Java, PHP, Python, and Ruby and that means system admins can script how virtual resources are deployed. The APIs, as co-creator Tim Bray explains in his blog, are written in JavaScript Object Notation (JSON), not XML. The Q-Layer software is a graphical representation of what is going on down in the APIs, and you can moving virtual resources into the cloud with a click of a mouse using the dashboard or programmatically using the APIs from those four programming languages listed above. (PHP support is not yet available, but will be)....."
  • David Corking on 08 Apr 09
     
    I can see why Sun picked those four languages first. Can I assume that with a bit of work, this API will be usable from any language with a C "foreign function interface", such as Perl, Common Lisp, Bourne shell, Squeak Smalltalk, and others that your server application might be written in?
  • David Corking on 08 Apr 09
     
    I read this comment that largely answers my question at: http://www.tbray.org/ongoing/When/200x/2009/03/16/Sun-Cloud "So right now JSON out of a shell tool is not so good. More things like this will create pressure for development of tools to change that, but years of widespread XML/HTML deployment have only produced a few oddly maintained tools. Perhaps that's because you can scrape quite a bit of the web with a couple sed passes, and if I were to have to deal with the mentioned tools, that's probably the route I'd take." (seth w. klein) In other words, with a bit of work, _anything_ that can talk text over HTTP can do this with a bit of work, but an object-oriented is likely to be more at home with JSON (JavaScript Object Notation)
Gonzalo San Gil, PhD.

The Top 20 Free Network Monitoring and Analysis Tools for Sys Admins - 0 views

www.gfi.com/...-analysis-tools-for-sys-admins

free network monitoring analysis tools sysadmin

shared by Gonzalo San Gil, PhD. on 21 Dec 15 - No Cached
  • Gonzalo San Gil, PhD. on 21 Dec 15
     
    "We know how administrators love free tools that make their life easier. Here are 20 of the best free tools for monitoring devices, services, ports or protocols and analyzing traffic on your network. Even if you may have heard of some of these tools before, we're sure you'll find a gem or two amongst this list - and if you know of any others, leave us a comment below!"
Gonzalo San Gil, PhD.

GitHub - mimoo/FirefoxTimeTracker: a time tracker to avoid slacking (firefox plugin) - 0 views

github.com/...FirefoxTimeTracker

github firefox time tracker Linux sysadmin admin tools

shared by Gonzalo San Gil, PhD. on 26 Oct 16 - No Cached
  • Gonzalo San Gil, PhD. on 26 Oct 16
     
    "a time tracker to avoid slacking (firefox plugin)"
Gonzalo San Gil, PhD.

[# ! #Tech:] Discover to which package a file belongs to - Linux Audit - 0 views

linux-audit.com/rmine-file-and-related-package

package file belonging GNU-Linux dependencies admin

shared by Gonzalo San Gil, PhD. on 04 Oct 16 - No Cached
  • Gonzalo San Gil, PhD. on 04 Oct 16
     
    "Sometimes you want to know the related package of a file, before installation, or when it is already there. This is of great help during system hardening or general system cleanups. In this article we have a look at several ways to determine the relationships between files and the package they belong to."
  • Gonzalo San Gil, PhD. on 04 Oct 16
     
    "Sometimes you want to know the related package of a file, before installation, or when it is already there. This is of great help during system hardening or general system cleanups. In this article we have a look at several ways to determine the relationships between files and the package they belong to."
Gonzalo San Gil, PhD.

The Top Ten Hacker Tools of 2015 - 2 views

www.techworm.net/...-ten-hacker-tools-of-2015.html

hacker hack hacking security admin administration tools

shared by Gonzalo San Gil, PhD. on 02 Sep 15 - No Cached
  • Gonzalo San Gil, PhD. on 02 Sep 15
     
    "List of top ten hacker tools of 2015 Every task requires a good set of tools.This because having right tools in hand one can save much of its energy and time.In the world of Cyber Hacking ("Cyber Security" formally) there are millions of tools which are available on the Internet either as Freewares or as Sharewares."
Paul Merrell

Membership applications - 7 views

Folks, I apologize for the recent spate of spam bookmarks in the Future of the Web group. The only pattern I've been able to discern is that all of the spammers were people who had just registered ...

admin

started by Paul Merrell on 16 Jun 10 no follow-up yet
Paul Merrell

Gmail leaves Google Apps admins nervous | InfoWorld | News | 2008-08-15 | By Juan Carlo... - 0 views

www.infoworld.com/...eful_about_future-IDGNS_1.html

apps cloud-computing downtime google

shared by Paul Merrell on 18 Aug 08 - Cached
  • Because vendors host applications in their own datacenters, companies don't have to concern themselves with hardware provisioning and software maintenance. By living in the Internet "cloud," these hosted applications simplify sharing and collaboration among employees. However, the experience of users living through the recent Google Apps outages could serve as a deterrent to some IT and business managers who might not be ready to ditch conventional software packages that are installed on their servers.
  • Paul Merrell on 18 Aug 08
     
    Google apps goes down three times in less than a week.
Gonzalo San Gil, PhD.

DoS website with GoldenEye - Layer 7 DoS tool with KeepAlive NoCache - darkMORE Ops - 0 views

www.darkmoreops.com/...dos-website-with-goldeneye

dos attack website GooldenEye security warning admins

shared by Gonzalo San Gil, PhD. on 01 Dec 14 - No Cached
  • Gonzalo San Gil, PhD. on 01 Dec 14
     
    "I've talked about testing few DoS tools that can put heavy load on HTTP servers in order to bring them to their knees by exhausting resource pools. GoldenEye is the first of those tools and it is one of the newest I discovered in GitHub. You can DoS websites with GoldenEye and bring it down almost within 30 seconds depending on how big their memory pool is" # ! This is not... # ! ... a #Hacking #Call # ! but a #Security #WARNING # ! from the #OpenSource crew... (# ! So the sensationalists press has no reason to alarm everyb@dy # ! ... as 'They' like to do)
Gonzalo San Gil, PhD.

Getting started with SaltStack - 0 views

techarena51.com/...getting-started-with-saltstack

SaltStack getting stearted start GNU-Linux servers configuration config Salt open source free software network admin administrator administration

shared by Gonzalo San Gil, PhD. on 31 Jan 16 - No Cached
  • Gonzalo San Gil, PhD. on 31 Jan 16
     
    "I came across Salt while searching for an alternative to Puppet. I like puppet, but I am falling in love with Salt :). This maybe a personal opinion but I found Salt easier to configure and get started with as compared to Puppet. Another reason I like Salt is that it let's you manage your server configurations from the command line, for example:"
Paul Merrell

Announcing STARTTLS Everywhere: Securing Hop-to-Hop Email Delivery | Electronic Frontie... - 0 views

www.eff.org/...ecuring-hop-hop-email-delivery

email-security STARTTLS EFF

shared by Paul Merrell on 28 Jun 18 - No Cached
  • Today we’re announcing the launch of STARTTLS Everywhere, EFF’s initiative to improve the security of the email ecosystem. Thanks to previous EFF efforts like Let's Encrypt, and Certbot, as well as help from the major web browsers, we've seen significant wins in encrypting the web. Now we want to do for email what we’ve done for web browsing: make it simple and easy for everyone to help ensure their communications aren’t vulnerable to mass surveillance.
  • t’s important to note that STARTTLS Everywhere is designed to be run by mailserver admins, not regular users. No matter your role, you can join in the STARTTLS fun and find out how secure your current email provider is at: https://www.starttls-everywhere.org/ Enter your email domain (the part of your email address after the “@” symbol), and we’ll check if your email provider has configured their server to use STARTTLS, whether or not they use a valid certificate, and whether or not they’re on the STARTTLS Preload List—all different indications of how secure (or vulnerable) your email provider is to mass surveillance.
Gonzalo San Gil, PhD.

Why Privileged Users Are a Major Security Risk - 0 views

www.cioinsight.com/...are-a-major-security-risk.html

priviledge users adminstrators admin major security risk danger watch your trust

shared by Gonzalo San Gil, PhD. on 01 Oct 16 - No Cached
  • Gonzalo San Gil, PhD. on 01 Oct 16
     
    " Privileged users are a key concern for IT leaders because inadvertent leaks from unsanctioned app usage are more likely to originate from this user group."
Paul Merrell

Sorry for the SPAM today - 0 views

That's a subscriber that got by me. He's been banned so won't bother you again on this group.

admin

started by Paul Merrell on 25 Apr 17 no follow-up yet
1 - 16 of 16
Showing 20 items per page