Group items tagged

“They’ve spent hundreds and hundreds of man-hours trying to reconstruct everything he has gotten, and they still don’t know all of what he took,” a senior administration official said. “I know that seems crazy, but everything with this is crazy.”

In recent days, a senior N.S.A. official has told reporters that he believed Mr. Snowden still had access to documents not yet disclosed. The official, Rick Ledgett, who is heading the security agency’s task force examining Mr. Snowden’s leak, said he would consider recommending amnesty for Mr. Snowden in exchange for those documents.

“So, my personal view is, yes, it’s worth having a conversation about,” Mr. Ledgett told CBS News. “I would need assurances that the remainder of the data could be secured, and my bar for those assurances would be very high. It would be more than just an assertion on his part.”

The attack is described by one source, a former U.S. official familiar with the attacks, as being "significant and ongoing" and looking to cause "functional and significant damage." Also, one source suggested the attacks were in response to U.S. sanctions on Iranian banks.

There was no report of an attack on the New York Stock Exchange.

First, it assumes that Snowden’s master file includes data from every network he ever scanned. Second, it assumes that this file is already in or will end up in the hands of America’s adversaries. If these assumptions turn out to be true, then the alarm raised in the last week will be warranted. The key word here is “if.”

Wheeler's latest revision doesn't entirely ban Internet fast lanes and will leave room for some deals, including public-interest cases like a health care company sending electrocardiography results.But unlike his initial proposal last month, Wheeler is seeking to specifically ban certain types of fast lanes, including prioritization given by ISPs to their subsidiaries that make and stream content, according to an FCC official who wasn't authorized talk about the revisions publicly before the vote. The FCC would retain powers to review any prioritization deals that may pose public harm.

JOHN MILLER: He's already said, "If I got amnesty, I would come back." Given the potential damage to national security, what would your thought on making a deal be? RICK LEDGETT: So, my personal view is, yes, it's worth having a conversation about. I would need assurances that the remainder of the data could be secured, and my bar for those assurances would be very high. It would be more than just an assertion on his part.

The reason for granting amnesty is as a recognition that Snowden was, in fact, a whistleblower

Early Monday morning, Foxconn released a statement indicating that the riot started as a personal disagreement between factory workers in a dormitory and was eventually brought under control by police, but this clashes with reports trickling in from users of China's version of Twitter, Sina Weibo. Much like with the situations in Egypt and other Arab Spring countries earlier this year, microbloggers are painting a different picture than the one presented by official sources; numerous Weibo posts indicate that the riots were started not by a fight between workers in off-campus housing, but instead by security guards beating one or more workers nearly to death. Regardless of the cause, pictures leaking out from the scene show some destruction, including broken windows and a toppled guard post building.

You may remember a high-profile, landmark ruling last year in Massachusetts, where charges against Simon Glik -- arrested for violating a state law that said it's "wiretapping" to record a police officer in public without his permission -- weren't just dropped, but the arrest was found to be both a First and Fourth Amendment violation. In the end, Boston was forced to pay Glik $170,000 for violating his civil rights. You would think that story would spread across Massachusetts pretty quickly and law enforcement officials and local district attorneys would recognize that filing similar charges would be a certified bad idea. Not so, apparently, in the town of Shrewsbury. Irving J. Espinosa-Rodrigue was apparently arrested and charged under the very same statute after having a passenger in his car videotape a traffic stop for speeding, and then posting the video on YouTube. Once again, the "issue" is that Massachusetts is a "two-party consent" state, whereby an audio recording can't be done without first notifying the person being recorded, or its deemed a "wiretap." This interpretation, especially when dealing with cops in public, is flat-out ridiculous and unconstitutional, as the Glik ruling showed.

Documents leaked by former NSA contractor Edward Snowden show that the NSA created and promulgated a flawed formula for generating random numbers to create a "back door" in encryption products, the New York Times reported in September. Reuters later reported that RSA became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products.Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show.

RSA, meanwhile, was changing. Bidzos stepped down as CEO in 1999 to concentrate on VeriSign, a security certificate company that had been spun out of RSA. The elite lab Bidzos had founded in Silicon Valley moved east to Massachusetts, and many top engineers left the company, several former employees said.And the BSafe toolkit was becoming a much smaller part of the company. By 2005, BSafe and other tools for developers brought in just $27.5 million of RSA's revenue, less than 9% of the $310 million total."When I joined there were 10 people in the labs, and we were fighting the NSA," said Victor Chan, who rose to lead engineering and the Australian operation before he left in 2005. "It became a very different company later on."By the first half of 2006, RSA was among the many technology companies seeing the U.S. government as a partner against overseas hackers.New RSA Chief Executive Art Coviello and his team still wanted to be seen as part of the technological vanguard, former employees say, and the NSA had just the right pitch. Coviello declined an interview request.An algorithm called Dual Elliptic Curve, developed inside the agency, was on the road to approval by the National Institutes of Standards and Technology as one of four acceptable methods for generating random numbers. NIST's blessing is required for many products sold to the government and often sets a broader de facto standard.RSA adopted the algorithm even before NIST approved it. The NSA then cited the early use of Dual Elliptic Curve inside the government to argue successfully for NIST approval, according to an official familiar with the proceedings.RSA's contract made Dual Elliptic Curve the default option for producing random numbers in the RSA toolkit. No alarms were raised, former employees said, because the deal was handled by business leaders rather than pure technologists.

The FBI has an elite hacker team that creates customized malware to identify or monitor high-value suspects who are adept at covering their tracks online, according to a published report.

The NSA cannot know in advance which tiny fraction of 1 percent of the records it may need, so it collects and keeps as many as it can — 27 terabytes, by one account, or more than double the text content of the Library of Congress’s print collection.

NSA defends the program by saying that it uses the location data to find "unknown associates of known intelligence targets." Basically, it's tracking where everyone goes, just in case people end up spending time with people the NSA deems as being terrorists.

Elsewhere in the article, they quote NSA officials repeatedly saying that the program is "tuned to be looking outside the United States," but not saying it only collects info outside the US. Also, they make clear, once a person leaves the US, the NSA no longer believes the 4th Amendment applies to them, so their location is fair game in this giant database.. Asked for specific numbers, an NSA person said:

Jeffrey Kantor, who was fired by Appian Corporation, sued a host of government officials, including Attorney General Eric Holder, Director of National Intelligence James Clapper, CIA Director John Brennan, Defense Secretary Chuck Hagel and Secretary of State John Kerry in Federal Court, alleging civil rights violations, disclosure of private information and retaliation… He also sued Secretary of Energy Ernest Moniz, Acting Secretary of Homeland Security Rand Beers, Treasury Secretary Jacob Lew, EPA Administrator Regina McCarthy and U.S. Office of Personnel Management Director Katherine Archuleta.

After the disastrous technological launch of the healthcare.gov website, built by political cronies rather than companies who understand the internet, there has been plenty of discussion as to why the code wasn't open sourced. At that link, there's a good discussion from On the Media, with Paul Ford, discussing what a big mistake it was that the government decided not to open source the code and be much more transparent about the process. It discusses the usual attacks on open source and why they almost certainly don't apply to this situation.

Researchers on Thursday discovered a critical remotely exploitable vulnerability in the widely used command-line shell GNU Bourne Again Shell (Bash), dubbed "Shellshock" which affects most of the Linux distributions and servers worldwide, and may already have been exploited in the wild to take over Web servers as part of a botnet that is currently trying to infect other servers as well.

nvolving six high schools in the state’s second-largest school district follows a sick-out from teachers that shut down two high schools in the politically and economically diverse area that has become a key political battleground.

organized by word of mouth and social media.

the malware was more advanced than the malicious programs developed by the NSA-tied Equation Group that Kaspersky just exposed. More intriguing still, Kaspersky antivirus products showed the same malware has infected one or more venues that hosted recent diplomatic negotiations the US and five other countries have convened with Iran over its nuclear program.

Years later, there was a push to officially renounce the use of chemical weapons in war, which became the chemical weapons treaty... but it included exceptions for domestic use.

I frankly think that we don't know much about the long-term effects, especially in civilian exposure with kids or elderly or people in the street who might have some kind of lung disease already. There's very few follow-up studies. These are very active chemicals that can cause quite significant injury, so I'm concerned about the increased use of these agents. [....] I'm very concerned that, as use has increased, tear gas has been normalized. The attitude now is like, this is safe and we can use it as much as we want.

Unlike a normal virus scanner on consumer PCs that compares a catalog of known viruses to something that has infected the computer, A3 can detect new, unknown viruses or malware automatically by sensing that something is occurring in the computer's operation that is not correct. It then can stop the virus, approximate a repair for the damaged software code, and then learn to never let that bug enter the machine again.