Group items tagged

the report recognized that email privacy is critical

one issue was left conspicuously unaddressed in the report. The Securities and Exchange Commission, the civil agency in charge of protecting investors and ensuring orderly markets, has been advocating for a special exception to the warrant requirement. No agency can or should have a get-out-of-jail-free card for bypassing the Fourth Amendment.

the algorithm is only as fair as the data fed into it.

Britain's surveillance agency GCHQ, with aid from the US National Security Agency, intercepted and stored the webcam images of millions of internet users not suspected of wrongdoing, secret documents reveal.

between 2008 and 2010

Documents leaked by former NSA contractor Edward Snowden show that the NSA created and promulgated a flawed formula for generating random numbers to create a "back door" in encryption products, the New York Times reported in September. Reuters later reported that RSA became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products.Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show.

RSA, meanwhile, was changing. Bidzos stepped down as CEO in 1999 to concentrate on VeriSign, a security certificate company that had been spun out of RSA. The elite lab Bidzos had founded in Silicon Valley moved east to Massachusetts, and many top engineers left the company, several former employees said.And the BSafe toolkit was becoming a much smaller part of the company. By 2005, BSafe and other tools for developers brought in just $27.5 million of RSA's revenue, less than 9% of the $310 million total."When I joined there were 10 people in the labs, and we were fighting the NSA," said Victor Chan, who rose to lead engineering and the Australian operation before he left in 2005. "It became a very different company later on."By the first half of 2006, RSA was among the many technology companies seeing the U.S. government as a partner against overseas hackers.New RSA Chief Executive Art Coviello and his team still wanted to be seen as part of the technological vanguard, former employees say, and the NSA had just the right pitch. Coviello declined an interview request.An algorithm called Dual Elliptic Curve, developed inside the agency, was on the road to approval by the National Institutes of Standards and Technology as one of four acceptable methods for generating random numbers. NIST's blessing is required for many products sold to the government and often sets a broader de facto standard.RSA adopted the algorithm even before NIST approved it. The NSA then cited the early use of Dual Elliptic Curve inside the government to argue successfully for NIST approval, according to an official familiar with the proceedings.RSA's contract made Dual Elliptic Curve the default option for producing random numbers in the RSA toolkit. No alarms were raised, former employees said, because the deal was handled by business leaders rather than pure technologists.

The NSA cannot know in advance which tiny fraction of 1 percent of the records it may need, so it collects and keeps as many as it can — 27 terabytes, by one account, or more than double the text content of the Library of Congress’s print collection.

NSA defends the program by saying that it uses the location data to find "unknown associates of known intelligence targets." Basically, it's tracking where everyone goes, just in case people end up spending time with people the NSA deems as being terrorists.

Elsewhere in the article, they quote NSA officials repeatedly saying that the program is "tuned to be looking outside the United States," but not saying it only collects info outside the US. Also, they make clear, once a person leaves the US, the NSA no longer believes the 4th Amendment applies to them, so their location is fair game in this giant database.. Asked for specific numbers, an NSA person said:

Could a state actor be at play? U.S. Senator Joe Lieberman, without offering any proof, said he believed the assaults were carried out by Iran in retaliation for tightened economic sanctions imposed by the United States and its allies.

only a handful of groups out there that have the technical ability or incentive

Wednesday's report exposes serious risks in what banks, mortgage companies, and other financial services call "knowledge-based authentication." Representatives from these services frequently rely on a list of about 100 questions such as "What was your previous address?" or "Which company services your mortgage?" when trying to determine if the person on the phone or filling out an application is the individual he claims to be. Ready access to the data stored by the data aggregators can make the difference between a fraudulent application being approved or rejected. Krebs goes on to recount a story told by Gartner fraud analyst Avivah Litan about a fellow analyst who witnessed an identity thief in action.

The Washington Post added another noteworthy finding to the growing pile of information leaked by former NSA contractor Edward Snowden: the NSA is collecting nearly five billion cellphone location records per day from across the world.

This gigantic data collection feeds a database that stores information on "hundreds of millions of devices," according to the documents obtained by

27 terabytes

“The government does not cite a single case in which analysis of the NSA’s bulk metadata collection actually stopped an imminent terrorist attack,” the judge wrote.

“Given the limited record before me at this point in the litigation – most notably, the utter lack of evidence that a terrorist attack has ever been prevented because searching the NSA database was faster than other investigative tactics – I have serious doubts about the efficacy of the metadata collection program as a means of conducting time-sensitive investigations in cases involving imminent threats of terrorism.”

The defendants, aged between 18 and 28, are believed to have stolen more than $100 million in intellectual property and other proprietary data from the likes of Microsoft Corporation, Epic Games, Valve, and even the US Army. This includes pre-release versions of Gears of War 3 and Call of Duty: Modern Warfare 3, Apache helicopter simulation software developed for the US army, and information about the Xbox One console. Two of the suspects have pleaded guilty, one of which is 22-year old David Pokora. His plea represents what may be the first conviction of a foreign-based individual for hacking into US businesses to steal trade secret information.

18-count superseding indictment

Documents provided by NSA whistleblower Edward Snowden show that the government worked in secret to exploit a new internet surveillance law enacted in the wake of revelations of illegal domestic spying to initiate a new metadata collection program that appeared designed to collect information about the communications of New Zealanders.

Snowden explained that “at the NSA, I routinely came across the communications of New Zealanders in my work with a mass surveillance tool we share with GCSB, called ‘X KEYSCORE.”" He further detailed that “the GCSB provides mass surveillance data into XKEYSCORE. They also provide access to the communications of millions of New Zealanders to the NSA at facilities such as the GCSB facility in Waihopai, and the Prime Minister is personally aware of this fact.”

The $30 20 minute fix. Go to home depot and get a run of 12 gauge green wire, a pair of wire strippers and a pipe ground. Attach the pipe ground to the cold water pipe in your basement that comes from the street. Attach the wire to the pipe ground and run it into your studio. Turn off the circuit breaker and open the outlet(s) and remove the ground that is there and replace it with the wire from the basement. Turn on the circuit breaker. Done and done.

your best bet it to drive an actual ground rod (theyre pretty cheap) in your basement 10' deep or so ... then use the grounding techniques as above.... consider using braided wire as well, the larger surface area is better at 'grabbing' and grounding RFI

But, the bigger issue is that without presenting any actual evidence on these situations, it's impossible to know whether or not the NSA really needed this massive data collection to stop those "potential" plots. As we've already seen, in the one case where the NSA has said the programs were useful, it quickly became clear that they were not necessary, and traditional policework actually did the bulk of the effort in identifying the plot.

More unusually, the attacks also employed a rapidly changing array of methods to maximize the effects of this torrent of data. The uncommon ability of the attackers to simultaneously saturate routers, bank servers, and the applications they run—and to then recalibrate their attack traffic depending on the results achieved—had the effect of temporarily overwhelming the targets."This very well could be a kid sitting in his mom's basement in Ohio launching these attacks." "It used to be DDoS attackers would try one method and they were kind of one-trick ponies," Matthew Prince, CEO and founder of CloudFlare, told Ars. "What these attacks appear to have shown is there are some attackers that have a full suite of DDoS methods, and they're trying all kinds of different things and continually shifting until they find something that works. It's still cavemen using clubs, but they have a whole toolbox full of different clubs they can use depending on what the situation calls for."

All telecommunications operators, sales outlets and distributors are obliged to register their business at local authorities. Meanwhile, all locations serving telephone services and Internet shall be equipped with closed circuit television camera and shall store footage data of users for at least 03 months. Telephone service corporation owners along public roads shall record National Identity Cards of any subscriber.

The software, known as PC Rental Agent, was developed by Pennsylvania-based DesignerWare. It was licensed by more than 1,617 rent-to-own stores in the US, Canada, and Australia to report the physical location of rented PCs. A feature known as Detective Mode also allowed licensees to surreptitiously monitor the activities of computer users. Managers of rent-to-own stores could use the feature to turn on webcams so anyone in front of the machine would secretly be recorded. Managers could also use the software to log keystrokes and take screen captures.

In some cases, webcam activations captured images of children, individuals not fully clothed, and people engaged in sexual activities, the complaint alleged. Rental agreements never disclosed the information that was collected, FTC lawyers said.

PC Rental Agent also had the capability to display fake registration pages for Microsoft Windows, Internet Explorer, Microsoft Office, and Yahoo Messenger. When customers entered their names, addresses, and other personal information in the forms, the data was sent to DesignerWare servers and then e-mailed to the rent-to-own licensees.

In order to prevent copyright monopoly violations from happening in such channels, the only means possible is to wiretap all private digital communications to discover when copyrighted works are being communicated. As a side effect, you would eliminate private communications as a concept. There is no way to sort communications into legal and illegal without breaching the postal secret – the activity of sorting requires observation.

Any digital, private communications channel can be used for private protected correspondence, or to transfer works that are under copyright monopoly. In order to prevent copyright monopoly violations from happening in such channels, the only means possible is to wiretap all private digital communications to discover when copyrighted works are being communicated. As a side effect, you would eliminate private communications as a concept. There is no way to sort communications into legal and illegal without breaching the postal secret – the activity of sorting requires observation.