Skip navigation
Help

The Guardian

warning: Creating default object from empty value in /var/www/vhosts/sayforward.com/subdomains/recorder/httpdocs/modules/taxonomy/taxonomy.pages.inc on line 33.

Given that we now know that the National Security Agency (NSA) has the ability to compromise some, if not all of VPN, SSL, and TLS forms of data transmission hardening, it’s worth considering the various vectors of technical and legal data-gathering that high-level adversaries in America and Britain (and likely other countries, at least in the “Five Eyes” group of anglophone allies) are likely using in parallel to go after a given target. So far, the possibilities include:

  • A company volunteers to help (and gets paid for it)
  • Spies copy the traffic directly off the fiber
  • A company complies under legal duress
  • Spies infiltrate a company
  • Spies coerce upstream companies to weaken crypto in their products/install backdoors
  • Spies brute force the crypto
  • Spies compromise a digital certificate
  • Spies hack a target computer directly, stealing keys and/or data, sabotage.

Let’s take these one at a time.

0
Your rating: None

The National Security Agency and its UK counterpart have made repeated and determined attempts to identify people using the Tor anonymity service, but the fundamental security remains intact, as top-secret documents published on Friday revealed.

The classified memos and training manuals—which were leaked by former NSA contractor Edward Snowden and reported by The Guardian, show that the NSA and the UK-based Government Communications Headquarters (GCHQ) are able to bypass Tor protections, but only against select targets and often with considerable effort. Indeed, one presentation slide grudgingly hailed Tor as "the king of high-secure, low-latency Internet anonymity." Another, titled "Tor Stinks," lamented: "We will never be able to de-anonymize all Tor users all the time."

An article published separately by The Washington Post also based on documents provided by Snowden concurred.

"There is no evidence that the NSA is capable of unmasking Tor traffic routinely on a global scale," the report said. "But for almost seven years, it has been trying."

0
Your rating: None
Original author: 
bolli

1714064427

Stéphane Breitwieser is a Frenchman notorious for his art thefts between 1995 and 2001. He admitted to stealing 239 artworks and other exhibits, worth an estimated US$1.4 billion (£960m), from 172 museums while travelling around Europe and working as a waiter, an average of one theft every 15 days. The Guardian called him “arguably the world’s most consistent art thief.”

http://en.wikipedia.org/wiki/St%C3%A9phane_Breitwieser

0
Your rating: None
Original author: 
Sean Gallagher


NSA Headquarters in Fort Meade, MD.

mjb

One organization's data centers hold the contents of much of the visible Internet—and much of it that isn't visible just by clicking your way around. It has satellite imagery of much of the world and ground-level photography of homes and businesses and government installations tied into a geospatial database that is cross-indexed to petabytes of information about individuals and organizations. And its analytics systems process the Web search requests, e-mail messages, and other electronic activities of hundreds of millions of people.

No one at this organization actually "knows" everything about what individuals are doing on the Web, though there is certainly the potential for abuse. By policy, all of the "knowing" happens in software, while the organization's analysts generally handle exceptions (like violations of the law) picked from the flotsam of the seas of data that their systems process.

I'm talking, of course, about Google. Most of us are okay with what Google does with its vast supply of "big data," because we largely benefit from it—though Google does manage to make a good deal of money off of us in the process. But if I were to backspace over Google's name and replace it with "National Security Agency," that would leave a bit of a different taste in many people's mouths.

Read 31 remaining paragraphs | Comments

0
Your rating: None
Original author: 
Megan Geuss

The Guardian

The Guardian released an interview today with the man who has been the paper's source for a few now-infamous leaked documents that revealed a vast dragnet maintained by the NSA for gathering information on communications in America. That source is Edward Snowden, 29, an employee of American defense contractor Booz Allen Hamilton and a former technical assistant for the CIA.

When The Guardian published a leaked document on Wednesday of last week that showed a FISA court granting the NSA power to collect the metadata pertaining to phone calls from all of Verizon's customers over a period of three months, it became one of the biggest exposures of privacy invading actions taken by the government without the public's knowledge.

That is, until the next day, when The Guardian and The Washington Post revealed slides pertaining to another NSA project called PRISM, which apparently gathered vast swaths of information on users of Google services, Facebook, Apple, and more. While the companies named in the PRISM slides have all denied participation in such a program, President Obama and a number of senators confirmed the collection of phone call metadata on Friday.

Read 9 remaining paragraphs | Comments

0
Your rating: None
Original author: 
Adi Robertson

Boundless-heatmap-large-001_large

Leaked information about a piece of NSA software called Boundless Informant could shed light on how organized the agency's surveillance program really is. Glenn Greenwald — who recently exposed both widespread phone metadata collection and an internet spying program called PRISM — has revealed details about the ominously named program, which aggregates and organizes the NSA's data. Greenwald says the tool is focused on metadata, not the contents of emails or phone calls. Among other things, it tracks how many pieces of information have been collected per country.

3 billion pieces of information were allegedly tracked in the US over a 30-day period ending in March. In that same period, 97 billion pieces were collected worldwide, with...

Continue reading…

0
Your rating: None
Original author: 
Stack Exchange

Stack Exchange

This Q&A is part of a weekly series of posts highlighting common questions encountered by technophiles and answered by users at Stack Exchange, a free, community-powered network of 100+ Q&A sites.

Java developer Stijn Geukens is working with 10 developers, and nearly every dev has his own style. That's about to change, as the company may soon impose a standard code format upon all developers. They'll be using Eclipse to help facilitate the change. But is forcing consistency upon the team more trouble than it's worth? See the original question here.

How professional

ZeroOne answers (39 votes):

Read 13 remaining paragraphs | Comments

0
Your rating: None
Original author: 
Dan Goodin

greyweed

Recently discovered malware targeting Android smartphones exploits previously unknown vulnerabilities in the Google operating system and borrows highly advanced functionality more typical of malicious Windows applications, making it the world's most sophisticated Android Trojan, a security researcher said.

The infection, named Backdoor.AndroidOS.Obad.a, isn't very widespread at the moment. The malware gives an idea of the types of smartphone malware that are possible, however, according to Kaspersky Lab expert Roman Unuchek in a blog post published Thursday. Sharply contrasting with mostly rudimentary Android malware circulating today, the highly stealthy Obad.a exploits previously unknown Android bugs, uses Bluetooth and Wi-Fi connections to spread to near-by handsets, and allows attackers to issue malicious commands using standard SMS text messages.

"To conclude this review, we would like to add that Backdoor.AndroidOS.Obad.a looks closer to Windows malware than to other Android trojans, in terms of its complexity and the number of unpublished vulnerabilities it exploits," Unuchek wrote. "This means that the complexity of Android malware programs is growing rapidly alongside their numbers."

Read 6 remaining paragraphs | Comments

0
Your rating: None