Skip navigation
Help

AT&T

warning: Creating default object from empty value in /var/www/vhosts/sayforward.com/subdomains/recorder/httpdocs/modules/taxonomy/taxonomy.pages.inc on line 33.

Given that we now know that the National Security Agency (NSA) has the ability to compromise some, if not all of VPN, SSL, and TLS forms of data transmission hardening, it’s worth considering the various vectors of technical and legal data-gathering that high-level adversaries in America and Britain (and likely other countries, at least in the “Five Eyes” group of anglophone allies) are likely using in parallel to go after a given target. So far, the possibilities include:

  • A company volunteers to help (and gets paid for it)
  • Spies copy the traffic directly off the fiber
  • A company complies under legal duress
  • Spies infiltrate a company
  • Spies coerce upstream companies to weaken crypto in their products/install backdoors
  • Spies brute force the crypto
  • Spies compromise a digital certificate
  • Spies hack a target computer directly, stealing keys and/or data, sabotage.

Let’s take these one at a time.

0
Your rating: None
Original author: 
Sean Gallagher


NSA Headquarters in Fort Meade, MD.

mjb

One organization's data centers hold the contents of much of the visible Internet—and much of it that isn't visible just by clicking your way around. It has satellite imagery of much of the world and ground-level photography of homes and businesses and government installations tied into a geospatial database that is cross-indexed to petabytes of information about individuals and organizations. And its analytics systems process the Web search requests, e-mail messages, and other electronic activities of hundreds of millions of people.

No one at this organization actually "knows" everything about what individuals are doing on the Web, though there is certainly the potential for abuse. By policy, all of the "knowing" happens in software, while the organization's analysts generally handle exceptions (like violations of the law) picked from the flotsam of the seas of data that their systems process.

I'm talking, of course, about Google. Most of us are okay with what Google does with its vast supply of "big data," because we largely benefit from it—though Google does manage to make a good deal of money off of us in the process. But if I were to backspace over Google's name and replace it with "National Security Agency," that would leave a bit of a different taste in many people's mouths.

Read 31 remaining paragraphs | Comments

0
Your rating: None
Original author: 
Casey Johnston


Why are there so many password restrictions to navigate? Characters want to be free.

Daremoshiranai

The password creation process on different websites can be a bit like visiting foreign countries with unfamiliar social customs. This one requires eight characters; that one lets you have up to 64. This one allows letters and numbers only; that one allows hyphens. This one allows underscores; that one allows @#$&%, but not ^*()[]!—and heaven forbid you try to put a period in there. Sometimes passwords must have a number and at least one capital letter, but no, don’t start the password with the number—what do you think this is, Lord of the Flies?

You can’t get very far on any site today without making a password-protected account for it. Using the same password for everything is bad practice, so new emphasis has emerged on passwords that are easy to remember. Sentences or phrases of even very simple words have surfaced as a practical approach to this problem. As Thomas Baekdal wrote back in 2007, a password that’s just a series of words can be “both highly secure and user-friendly.” But this scheme, as well as other password design tropes like using symbols for complexity, does not pass muster at many sites that specify an upper limit for password length.

Most sites seem to have their own particular password bugaboos, but it’s rarely, if ever, clear why we can’t create passwords as long or short or as varied or simple as we want. (Well, the argument against short and simple is concrete, but the others are not immediately clear). Regardless of the password generation scheme, there can be a problem with it: a multi-word passphrase is too long and has no symbols; a gibberish password is too short, and what’s the % doing in there?

Read 12 remaining paragraphs | Comments

0
Your rating: None
Original author: 
Sean Gallagher

Think mobile devices are low-power? A study by the Center for Energy-Efficient Telecommunications—a joint effort between AT&T's Bell Labs and the University of Melbourne in Australia—finds that wireless networking infrastructure worldwide accounts for 10 times more power consumption than data centers worldwide. In total, it is responsible for 90 percent of the power usage by cloud infrastructure. And that consumption is growing fast.

The study was in part a rebuttal to a Greenpeace report that focused on the power consumption of data centers. "The energy consumption of wireless access dominates data center consumption by a significant margin," the authors of the CEET study wrote. One of the findings of the CEET researchers was that wired networks and data-center based applications could actually reduce overall computing energy consumption by allowing for less powerful client devices.

According to the CEET study, by 2015, wireless "cloud" infrastructure will consume as much as 43 terawatt-hours of electricity worldwide while generating 30 megatons of carbon dioxide. That's the equivalent of 4.9 million automobiles worth of carbon emissions. This projected power consumption is a 460 percent increase from the 9.2 TWh consumed by wireless infrastructure in 2012.

Read 1 remaining paragraphs | Comments

0
Your rating: None
Original author: 
Russell Brandom

At_t_large

Check your cell phone contract, and you might come across the following turn of phrase: "We do not sell your personal information." Some version of that phrase is in nearly every carrier Terms of Service, and divides the world’s data into two camps: the kind that personally identifies you and the kind that doesn’t. Your phone, your address, and your social security number all fall into the first camp: if Verizon’s caught trading them, they’ve got a lawsuit on their hands. Your zip code and your birthday, on the other hand, are fair game.

Continue reading…

0
Your rating: None


Samsung has built itself a Android dynasty with its Galaxy phones.

Casey Johnston

Over the last three years, Samsung has risen to become the unequivocal success story for the Android platform. Not only is it the only profitable manufacturer, but it has also spent the last couple of years striking more and more fear into the heart of its mobile arch nemesis, Apple.

As its competitors sprayed Android handsets over the retail scene like buckshot with micro-variations and diverse UI skins, Samsung quickly focused and put most of its effort into creating and promoting a flagship line of handsets. The company set aside support for increasingly niche features like hardware keyboards or confusing, subtle model tweaks in favor of focusing on one quality handset.

Now, the Samsung Galaxy line is unquestionably the most successful one in the history of Android. The most recent version, the Galaxy S III, even briefly displaced the iPhone as the top-selling smartphone for the third quarter of 2012, according to one source. Even Google is reportedly afraid of how successful Samsung has become with its mobile business.

Read 19 remaining paragraphs | Comments

0
Your rating: None