Latest CyberSec News & Related

ꕤ Article SOURCE as indicated Universal Music abusing the DMCA ie #Copyright Act rightsholders MUST consider FAIR USE prior take-down issues http://boingboing.net/2015/09/14/eff-scores-a-giant-victory-for.html #India IT security =  1.2 billion in 2016 http://www.consultancy.uk/news/2591/indian-IT-security-market-reaches-12-billion-next-year #Microsoft signs landmark agreement with #NATO re govt #cybersecurity / solidification relationship http://www.neowin.net/news/microsoft-signs-agreement-with-nato-to-bolster-government-cybersecurity Intel in #cybersecurity - auto-mobiles auto security board set up: Automotive Security Review Board (ASRB) Intel Security (formerly McAfee) published a whitepaper re automotive security best practices http://forexreportdaily.com/2015/09/14/6873-intel-in-cyber-security-driving-seat-sets-up-connected-auto-security-board/ NSA Recruiting / Scholarships USA Colleges vie to entice w. NSA cyber program scholarship stipulation = NSA job on degree http://fedscoop.com/colleges-vie-to-entice-students-with-nsa-cyber-program USA + China meet re #cybersecurity - White House Kerry, Rice + Homeland Sec. Jeh Johnson > comm. competition blocks USA whining that the following  stop US competing on level playing field in China: fines opaque regulatory system http://www.lidtime.com/u-s-chinese-officials-meet-on-cyber-security-issues-white-house-5652/ University of Texas at San Antonio grant puts city on centre #cybersecurity stage emerging cybersecurity + tech hub / expressnews (subscipt) #cybersecurity #hacker Millennial Gen / Gen Y born post 1980 social media over-sharing / lax security http://www.afr.com/technology/a-third-of-millennials-warned-by-employers-over-social-media-posts-norton-20150914-gjlw1h Cybersecurity Bill  |  CISA   |  USA Cybersecurity Information Sharing Act (CISA) Light on Security legal immunity for sharing cyber-intel with govt PRIVACY implications / poised to pass http://foreignpolicy.com/2015/09/14/a-cybersecurity-bill-light-on-security-heavy-on-corporate- Jeb Bush wants USA Internet gov. against transfer of  ICANN oversight to multistakeholders Following Presidential candidates also get a mention re cybersec: Rubio - Marco Rubio Fiorina - Carly Fiorina http://fedscoop.com/jeb-bush-unveils-cybersecurity-plan Clinton appears to be  the CYBERSEC & MILLENNIAL candidate #Clinton2016 'Best Choice' Cybercrime Wakefield Research poll - 42% over half millennials Dems better http://www.inc.com/will-yakowicz/poll-hillary-clinton-most-qualified-presidential-candidate-for-cyberattack.html Hackers hit the Kremlin  #Russia target: election commission website sounds like DDoS http://thehill.com/policy/cybersecurity/253609-hackers-hit-the-kremlin #cybersecurity #banking #cloud x4 US banks agreement w/ regulators re 'guaranteed data deletion' issues Symphony = service created thru consortium of 14 financial instutions Goldman Sachs Deutsche Bank Credit Suisse Bank of New York Mellon = guaranteed data deletion / hinder regulators + prosecutors to investigate misconduct? Does use of Symphony re communications = regulators avoidance? [ I'm not clear on that] http://www.stockhouse.com/news/newswire/2015/09/14/four-us-banks-reach-agreement-with-regulators-on-guaranteed-data-deletion-issues #Russia Yuri Ushakov fmr career diplomat fmr deputy Foreign Minister PhD:  history 2008 appointment Putin deputy chief staff foreign-policy + international economics [various sources - incl. Foreign Policy] #cybersecurity DECEPTION SOFTWARE  / HONEYPOT SOFTWARE Deception to Catch #hacker fake network component, server or database to study their behaviour DECEPTION cybersecurity aims: 1. ID intruders / share info 2. drains hacker resources until aware duped 3. study hackers Deception has long been part of the art of war WWII, USA & British armies set up fake camps to dupe Germans / Penny Crosman {cybersec} Honeypot software = fake system = sits on network = exposes fake or real services to the attacker new gen. honeypot software = called 'deception software' centrally managed, integrated w/ other security software deception software popular with:  financial services x4 layers  (ie "deception stack"): network endpoint application data each layer of x4 deception software = has deception capabilities deception layers: eg. fake credentials in browser caches of decoy workstations, phony files & data sets. deception layers: eg. endpoint set up to look like it runs eg Windows, when is a Linux machine. deception layers: eg. fake OS = deceive malware into attacking vulnerabilities OS does not have. deception strategy: once intruder detected / continue to 'entertain' *find out what intruder knows re system decoy documents eg fake 'new product designs' = embedded w/ tracking element = knowing when & where opened deception software hidden tech in documents = beacon calling 'home' = info re intruder DECEPTION software providers: Attivo Networks TrapX Security Allure Security Technology CyberTrap Cymmetria ForeScout GuardiCore Hexis Cyber Solutions LogRhythm Percipient Networks Rapid7 Shape Security Specter TopSpin Security DECEPTION software LIMITATIONS If the hacker: 1) obtained correct credentials re system 2) knows where to look ie ... if not rummaging, knows where to go & where to get it, deception software ineffective Deception software = not foolproof = but significantly raises odds of detection & lowers false positives http://www.americanbanker.com/news/bank-technology/deception-may-be-the-best-way-to-catch-cybercriminals-1076667-1.html #cybersecurity US Dept Commerce rethinking proposed rule controlling  EXPORT of hacking TOOLS / intrusion software b/c stifles research source (subscription) http://www.law360.com/articles/702478/commerce-to-revise-cyber-rule-said-to-hamper-research #cybersecurity #hacker Cisco routers vulnerable to new attack attacks replace OS used in network Cisco equip. Cisco router attacks = x14 instances of router implants found in: India Mexico Philippines Ukraine http://www.reuters.com/article/2015/09/15/us-cybersecurity-routers-cisco-systems-idUSKCN0RF0N420150915 Malvertising #cybersecurity #hacker Malvertising Campaign Rages Undetected For 3 Weeks / manipulate ad networks' chain of trust Malvertising = number of new tactics to make attackers harder to track down eg use domain names registered years ago w/ BBB #Hacker = look like legit bus. using real-time bidding = ads clean = ads redirected to point for download malicious code ads  thru encrypted HTTPS channel = lets third party directly serve up content + encrypt comm. / no inspect. Malvertising attackers used Google URL shortener in redirects Malwarebytes + Google working to solve Malvertising hits, incl: http://ebay.co.uk  http://drudgereport.com  http://answers.com Malvertising compromised various small ad networks + major ad networks, incl DoubleClick, AppNexus + ExoClick Malvertising hits, adult, incl: nuvid.com upornia.com eroprofile.com very low-cost intro packages = attacker opportunity for short campaigns w/ small investments http://www.darkreading.com/attacks-breaches/malvertising-campaign-rages-undetected-for-3-weeks/d/d-id/1322169 #cybersecurity National Cyber Security Hall of Fame 2015 INDUCTEES Thu 29th Sept x5 - listed http://news.sys-con.com/node/3456101 #cybersecurity - REPORT - Insurance PWC Insurance 2020 & beyond: Reaping the dividends of cyber resilience http://www.pwc.com/gx/en/industries/financial-services/insurance/publications/insurance-2020-cyber.html #cybersecurity #insurance market to reach $7.5 billion annual premiums by end 2020 & min.  $5 billion by 2018 insurance co's may MITIGATE risks by partnering w/ technology co's + data sharing b/w insurance co's Insurer mitigation also by: conditional regular risk assessments of client ops & required remedies re reviews http://www.pymnts.com/in-depth/2015/cyber-insurance-market-to-thrive-triple-by-2020/ #military DOD - Overhaul of Military Ground Systems in favour of single UNIFIED system for satellite networks Satellite networks multiple siloed ground systems aka “stove-piped” =  inhibits security, resiliency, agility & affordability stovepiped / single ununified systems =  op systems each functioning w/ unique proprietary software from contractors #military ground systems - USG wants to move away from reliance original contractor / own tech baseline / free up competition DOD overhaul aim: *control interfaces + standards *no limits interface / proprietary s/w *no contractor control architecture DOD overhaul of military ground systems goals  *agility  *automation  *security  *resilience  Cost savings = inherent result cybersecurity = too many interfaces + incongruous software: *multiple cyber attack surfaces *must be defended individually Enterprise Ground System (EGS) / DOD interested in using #cloud tech for EGS / type undecided / Airforce favours private (b/c physically reside w/in operation centres) http://www.satellitetoday.com/regional/2015/09/14/dod-prepares-for-overhaul-of-military-ground-systems/ NYSE STUDY by Veracode 2015 Survey #cybersecurity in the Boardroom - 8pg PDF https://www.veracode.com/sites/default/files/Resources/Whitepapers/cybersecurity-in-the-boardroom-whitepaper.pdf Associated article: Boardrooms and cyber security http://thetandd.com/news/boardrooms-and-cyber-security/article_5edccb5b-aed1-5e88-b2e4-0dd396d5540d.html Twitter hired a trio of firms / first outside lobbyists to work DC spent $160K / first-half http://www.odwyerpr.com/story/public/5332/2015-09-14/twitter-enters-dc-lobbying-fray.html quantum encryption quantum random number  generator | Entropy Engine / 200 million random Nos. http://www.santafenewmexican.com/news/health_and_science/science-on-the-hill-for-cybersecurity-in-quantum-encryption-we/article_2ce4c8bb-78fa-5dbc-826f-ffdd33501ae3.html WEBINAR - cybersecurity Former NSA Tech. Dir. Jim Penrose cyber ops expert subtle traces compromise detection http://www.bankinfosecurity.com/webinars/view-from-inside-intelligence-driven-approaches-to-cyber-detection-w-764 #Germany #cybersecurity new IT Security Law July 24, 2015 foresees admin fines 4-yr evaluation *overview & links http://www.natlawreview.com/article/what-you-need-to-know-about-germany-s-cybersecurity-law #cybersecurity #hacker 9 FBI Warnings / risks posed by Internet of Things ('IoT') x10 device examples http://www.defenseone.com/threats/2015/09/fbi-department-homeland-security-warnings-internet-connected-everyday-objects/120905/ IronNet fmr  NSA Director Keith Alexander raised $7.5 million in equity re IronNet #Cybersecurity pt  $25-m Trident Capital financing IronNet Cybersecurity funds to go to: *cybersecurity products *building the company’s workforce http://www.bizjournals.com/baltimore/blog/cyberbizblog/2015/09/keith-alexander-led-ironnet-cybersecurity-raises-7.html #cybersecurity digital tax fraud  skyrocketed over last year / data breaches PROPOSED bill re notices ID theft almost half USA states = reported spikes in electronic filing fraud = Minnesota stopped accepting some electronic returns http://thehill.com/policy/cybersecurity/253542-senate-committee-will-mark-up-digital-tax-fraud-bill #cybersecurity new chip developed by Xerox = self-destruct on command Gorilla Glass / shattering chip Potential use:   storage device for encryption keys https://www.siliconrepublic.com/enterprise/2015/09/14/self-destructing-chip-xerox Korean-based SK Telecom + Greenville USA co. to develop vehicle cybersecurity /  Quantum Cryptography ... securely distributes a secret key to legitimate parties. Here, a key is a table of random numbers shared by legitimate users in such a way that the information is known only to them, and secure means secure against any possible eavesdropping, which is the highest level of security. The system is expected to enhance security of critical network infrastructure. Currently, most systems, including the connected vehicle ecosystems, use software-based pseudo-random number generators for encryption, meaning that they can fall vulnerable to hackers who decrypt the sequence of digits. Once developed for commercial use, SK Telecom’s technology will eliminate such concerns for security as it generates true random numbers based on hardware. http://gsabusiness.com/news/55654-greenville-center-korean-firm-to-develop-vehicle-cybersecurity #cybersecurity E-ZPass vulnerable to hackers, ID thieves + govt spying / not using encryption E‑ZPass = electronic toll-collection system =  tolled roads, bridges, & tunnels USA http://www.whdh.com/story/30022568/report-e-zpass-vulnerable-to-hackers-identify-thieves #SouthAfrica #law proposed bill too broad consequences beyond remit / state cyberwarfare / warrantless seizure #SouthAfrica /  penalties - to 25 years in prison /  has until Nov 30 to submit comment on proposed bill. http://www.zdnet.com/article/south-africa-gets-first-look-at-cybercrime-bill-that-comes-with-25-year-jail-terms/ #Tor .onion domain = formal recognition granted security certificates available to site admins http://www.cbronline.com/news/cybersecurity/business/regulators-give-tors-onion-domain-name-special-use-status-4669709 USA Dept Energy DOE REPORT linked US #Energy Tech Exports = cybersecurity risks - b/c rely on digital tech http://www.theepochtimes.com/n3/1751096-global-energy-growth-could-disrupt-americas-grid-security-doe-report-says/ ---------------------- ꕤ ---------------------- COMMENT Bunch of random stuff I looked at. It all seemed very exciting ... at the time.  Now, I'm not so sure.  lol The onion domain news and the self-destructing chip is exciting, I guess. I'm no techie, so the 'internet of things' doesn't bother me.  I like everything manual, if I can help it.  lol Twitter hiring Washington lobbyists is kind of exciting.  Wonder why? The US military proposed overhaul of ground satellite communications (if I understand correctly), is pretty cool. Surprise that it has taken them until 2015 to come up with those ideas, when they're in the business and should know what they're doing when it comes to multiple contracts and software applications etc. It doesn't sound too efficient at the DOD. Digital tax fraud sounds boring.  I don't even know what the point of it is.  lol  People pretend to be someone else ... but then what? Oh, the best news it the Ninth Circuit Court ruling regarding copyright! Take that, Universal Music a#@!@#s! ꕤ

HORNET Onion Routing - Tor Rival?

http://searchsecurity.techtarget.com/news/4500250948/Tor-anonymity-called-into-question-as-alternative-browser-surfaces HORNET -- a Tor alternative? In other Tor news, researchers from the Swiss Federal Institute of Technology and University College London introduced an alternative onion network dubbed HORNET. Short for high-speed onion routing at the network layer, it offers the same promise of anonymous browsing but with better scaling, stronger privacy and higher speed -- researchers claimed it can process anonymous traffic at over 93 Gbps. Researchers also said each HORNET node can process anonymous traffic for "a practically unlimited number of sources." Like Tor, HORNET uses a group of relay nodes to mix and encrypt traffic -- and hide users' locations and IP addresses -- in layers to ensure anonymity. However, researchers say it is not plagued with the decreased speed that Tor and other anonymity networks regularly experience. The low-latency onion routing system "uses only symmetric cryptography for data forwarding yet requires no per-flow state on intermediate nodes," researchers wrote. "Unlike other onion routing implementations, HORNET routers do not keep overflow state or perform computationally expensive operations for data forwarding, allowing the system to scale as new clients are added. "It is designed to be highly efficient; instead of keeping state at each relay, connection state (such as onion layer decryption keys) is carried within packet headers, allowing intermediate nodes to quickly forward traffic for large numbers of clients." Because the system does not store per-session states, it also providers "stronger security guarantees" than other onion network options. The researchers also claimed it is less vulnerable to identity-revealing attacks such as session linkage and packet correlation. However, it is not completely immune to attack; confirmation attacks leveraging flow analysis, timing analysis and packet tagging can potentially be successfully executed to determine identity. "However," researchers wrote, "HORNET raises the bar of deploying such attacks for secretive mass surveillance: the adversary must be capable of controlling a significant percentage of ISPs often residing in multiple geopolitical boundaries, not to mention keeping such massive activity confidential." Users should not jump on the bandwagon yet, however; HORNET has not yet been peer-reviewed. http://searchsecurity.techtarget.com/news/4500250948/Tor-anonymity-called-into-question-as-alternative-browser-surfaces MORE Tor Browser Challenger: HORNET stands for High-speed Onion Routing at the NETwork layer http://cointelegraph.com/news/115001/hornet-high-speed-protocol-for-a-fully-encrypted-anonymous-internet Researchers claim they’ve developed a better, faster Tor HORNET, a high-speed onion routing network, could be deployed on routers as part of the Internet. http://arstechnica.com/information-technology/2015/07/researchers-claim-theyve-developed-a-better-faster-tor/ --------------------- COMMENT Potential vulnerability points mean nothing to me. I just think it's cool something new is out. Wonder who gets to review Hornet and if there's any built-in backdoors? LOL Tor anonymity network - here.

Tor Vulnerability - Traffic Analysis Identifies Guard Servers

Vulnerability could make Tor, the anonymous network, less anonymous     by  Barb Darrow     @gigabarb July 29, 2015, 5:27 PM EDT The bad news; MIT and QCRI researchers found a vulnerability in the Tor network. The good news: they also found a fix. The Tor network—used by activists, journalists, law enforcement, and yes, criminals—is famous for cloaking web surfers’ identities and locations. And, apparently, it contains a vulnerability that poses a risk to all that protective anonymity, according to researchers at MIT and the Qatar Computing Research Institute (QCRI). The good (or bad) news—depending on how you view Tor— is they say they’ve also come up with a fix to the problem that they will demonstrate at the Usenix Security Symposium next month, according to an MIT News story “Shoring up Tor.” An estimated 2.5 million people—including journalists, political activists, terrorists or just consumers who don’t want to share their browsing histories with Facebook or other commercial entities—use Tor daily. And that is why the network is of keen interest not only to “repressive” regimes like Russia and Iran but to governments a lot closer to home, including our own. Not to put too fine a point on this, but one person’s activist could be another person’s terrorist, but I digress. DigitalTrends has a good description of the Tor basics:     Tor works by anonymizing the transport of your data. Like an onion, Tor encrypts the data you send through the web in multiple layers. Your data is then “relayed” through other computers. Each relay sheds one layer then finally arrives at the source in full form. The software bounces users around a network of open connections run by volunteers all over the globe. This prevents people from spying on your Internet connection and discovering sites you visit. Tor scrambles information that could pinpoint your exact physical location. By using a Tor-configured browser, the user enters her request, and it is automatically swaddled in those encryption layers and is sent it to the next, randomly chosen machine that runs Tor. This machine, called “the guard,” peels off the first encryption layer and forwards the still-masked request on until it finally reaches a randomly chosen “exit” machine that strips off the final layer encryption to reveal the destination. Only the guard machine knows the sender and only the exit machine knows the requested site; no single computer knows both. The network also offers “hidden services” that enable an activist to aggregate sensitive news reports and make them available to select users, but not the world at large. That is, the archive is not searchable or available on the public Internet. The creation of those collection points, which involves the building of what Tor calls a “circuit” of machines, offered the researchers a way to snoop on Tor. By connecting a ton of their own machines to the network and then analyzing traffic, they were able to identify likely guard machines. From the MIT report:     The researchers showed that simply by looking for patterns in the number of packets passing in each direction through a guard, machine-learning algorithms could, with 99 percent accuracy, determine whether the circuit was an ordinary Web-browsing circuit, an introduction-point circuit, or a rendezvous-point circuit. Breaking Tor’s encryption wasn’t necessary.     Furthermore, by using a Tor-enabled computer to connect to a range of different hidden services, they showed that a similar analysis of traffic patterns could identify those services with 88 percent accuracy. That means that an adversary who lucked into the position of guard for a computer hosting a hidden service, could, with 88 percent certainty, identify it as the service’s host. The researchers, including Albert Kwon, an MIT graduate student in electrical engineering and computer science, and Mashael AlSabah, assistant professor of computer science at Qatar University, and a QCRI researcher, said the fix lies in obscuring data traffic patterns to and from the guard machines in a way that renders such “traffic fingerprinting” ineffective. If the network sends around enough dummy packets so that all the data sequences look the same to prying eyes, problem solved, and anonymity remains safe. SOURCE http://fusion.net/story/175068/sorry-the-way-you-type-is-exposing-your-identity-online-even-if-youre-browsing-anonymously/ --------------------- COMMENT Tor anonymity browser: search/request via Tor browser, wrapped in encryption layers first server = random 'guard' server (knows where request came from) next server = does not know location of request or request final server = random 'exit' server knows the request no single server knows both location & search/request runs data via network of open connections / servers run by volunteers all over globe  So: scrambles info that could pinpoint your physical location anonymises the transport of your data encrypts the data you send (& relays through the web in multiple layers) each relay sheds one layer relay finally arrives at source in full form Thought this was interesting.  Imagine the Tor people are adapting to the fake packet fix, whatever that is.   My reference to 'server' should probably read 'node' in the Tor network, I would think.  ------- ------- ------- Data transferred by computer is sent via 'packets'.  Due to size constraints, data sent out is broken up and reassembled at the destination. TCP / IP TCP/IP protocols guide how data is sent TCP = Transmission Control Protocol (reliability of data / checks data for errors & resends if required)  IP = Internet Protocol (more direct 'step closer' transmission of data) TCP/IP = two separate protocol - used together Most common TCP/IP protocols: HTTP  - b/w client (ie browser) & server / non-secure data transmissions HTTPS - b/w client & server / SECURE data transmissions - eg. credit card transaction data or other private data   FTP - b/w two or more computers:  one computer sends data to (or receives data from) another computer DIRECTLY. web client =  browser web server = receives client/browser requests & relays data back to web client/browser These are just notes for my benefit.  Hoping I have the info. straight.  LOL    --------------------- MORE MIT researchers figure out how to break Tor anonymity without cracking encryption http://www.extremetech.com/extreme/211169-mit-researchers-figure-out-how-to-break-tor-anonymity-without-cracking-encryption Researchers mount successful attacks against Tor network—and show how to prevent them http://phys.org/news/2015-07-mount-successful-tor-networkand.html

Don't Get Angry: Encrypt

AUSTRALIAN DIGITAL RAPE BY BRADIS & CO Why people ignore data retentions many perils >> http://www.smh.com.au/business/why-people-ignore-data-retentions-many-perils-20150330-1m9gtb.html REMEDY Gnu Privacy Guard  (GnuPG aka GPG)  Encryption   https://www.gnupg.org/  http://en.wikipedia.org/wiki/GNU_Privacy_Guard Werner Koch caught my eye the other day, so I thought GnuPG (aka GPG) might be potential go-to encryption software. German, Werner Koch has authored this software based on open source GNU operating system software (by an MIT guy, Richard Stallman).  Being open source software is supposed to be a positive because it allows outsiders to spot vulnerabilities in code (I think). Werner Koch previously received grants from the German government (but they expired some time ago).  Koch is still kicking on, single-handedly patching the GnuPG program, but short on funding. TOR Anonymising  https://www.torproject.org/ Tor - Explained  .......................................................................... Tor originated with the US Navy and has received US govt funding.   Gee, even as I'm keying this in, Russian software is looking more and more appealing because I'm wondering if there's German backdoors in the encryption software and anticipating some NSA trick when it comes to the Tor anonymising software (see Silk Road FBI busts). I don't know enough to assess the merits of GnuPG or Tor (and wouldn't have a clue where to find Russian software), so this is pretty much it for the options (I think) ... except that you can use PGP (Pretty Good Privacy) instead of the GnuPG. Nope.  It looks like Philip Zimmerman has sold up, so GnuPG it is ... unless you're prepared to trust a US company:  Symantec. ...........................................................................  Photo: Alex Ellinghausen COPYRIGHT DISCLAIMER Copyright Disclaimer under section 107 of the Copyright Act 1976, allowance is made for “fair use” for purposes such as criticism, comment, news reporting, teaching, scholarship, education and research. Regarding the SMH article, 'rape by Bradis & Co' is my take rather than SMH's ... just so there's no confusion.  ;) That's pretty much what it is when everybody has been placed under state surveillance. State surveillance without cause or consent is an abuse of power.  To be the subject of such an abuse of power is to live in a prison state. The snail-mail version of this would have been going on back in the 50s and 60s, when the Australian govt was in full surveillance and political suppression and sabotage mode, to blot out the 'evil' of communism. But it isn't Russians and communists looking evil now; it's the totalitarian West. Instead of getting angry but then just accepting the inevitable prison population living conditions: a) use technology to secure privacy; & b) vote for non-mainstream politicians, rather than the corporate and US lackeys who have spent years spying on their own citizens (and nations abroad). Did a bit of a summary on encryption basics the other day ... but I think I've forgotten it already, so I'm going to have to start all over.  Intend to keep at it until I get some kind of feel and overview for privacy tech basics, from a consumer perspective.  Only I'm rather lazy ... The above links are just a starter and I don't really know what I'm on about, so it's best to do your own research. Discovered that free Russian e-mail services bypass the intrusions of freebie Western e-mail services.  English log-in is available. VIDEO GPG for Journalists - Windows edition | Encryption for Journalists | Anonymous 2013 from anon108 on Vimeo.

Online Privacy

Privacy Shielding against Mass Surveillance   http://cryptome.org/2015/01/privacy-shielding-from-spies.pdf .............................................................................. The above article describes various means of avoiding online surveillance, for anyone that's interested.   Looks uncomplicated & worth checking out.

Hacker, Cybersecurity, Internet, Surveillance, Cryptography

CYBER-SECURITY #Hacker - TOR users become FBI's No.1 hacking target after legal power grab - http://goo.gl/uaE0ac  - Rule 41. Fed Rules Crim Procedure FBI snitch Hector Xavier “Sabu” Monsegur >> cyber-attacks against foreign governments while under FBI control http://goo.gl/uaE0ac  ---------------------------------------- Follow this Twitter if interested in cryptography https://twitter.com/matthew_d_green  >> computers & cryptography @ Johns Hopkins University - #hacker #USA #Surveillance #cybersecurity - proposed Fed Rule 41 Crim Procedures - info - http://goo.gl/tiXgQ7  >>> FBI overseas hacking >> Note: "Board of Editors include individuals with significant government experience ..." >> How independent is info? #Hacker #surveillance - QUANTUM networks spread http://goo.gl/U41C95  - QKD - photons in partic. quantum states 2 gen. secure crypto key #hacker / standard cryptography relies on hard mathematical probs > can theoretically be cracked given enough computing power. /newscientist Battelle n-f-p science r/sch / plans 2 use use existing fibre-optic network 2 test larger quantum network to link Ohio to WA / newscientist #China wide-area QKD network experiment done / QKD b/w Beijing & Shanghai is due completion by 2016 Perform/ decrease w/ dist. b/w nodes /req. trusted node b/w 2 parties 2 establish link w/ each of them /+ need quant/ repeater #IT #Cryptography - Research shows that it is possible to hack QKD systems (due to flaws in hardware)!! - 2 address prob. / newscientist #Cryptography - QKD can't hide that you are talking to someone - but can 2 send a SMALL amt data w/out notice IF disguise MSG inherent noise http://www.newscientist.com/article/mg22329873.000-quantum-internet-could-keep-us-safe-from-spying-eyes.html?page=2 ----------------------------------------   COMMENT The 'cryptography' isn't strictly cryptography; I think it is something to do with quantum engineering instead. Interesting stuff.   The New Scientist article (link above) is very well written because it's so easy to read.   Check this stuff out, it's really cool.

Julian Assange - Political Prisoner on Google / Assange Media Distortion

ASSANGE GOOGLE & NSA Spying and storing: Assange says 'Google works like NSA' >>http://on.rt.com/k0icvc  >>> #FreeAssangeNow >> 'a privatized version of the NSA' /Google defense industrial base since 2009 /engaged w/ Prism system /info collected by Google available to NSA!! #surveillance POLITICAL PRISONER #UK over £3 MILLION surveillance outside Ecuador embassy - POLITICAL PRISONER - #FreeAssangeNow [src BBC video] - #ukPolitics #auspol #UK tax payer money WASTED http://govwaste.co.uk/  - US POLITICAL PRISONER - £7,398,105.00+ !! - #DavidCameron #ukPolitics #FreeAssangeNow #UK passed modifications to ban extradition without charge / Yet #Assange held WITHOUT CHARGE! -- POLITICAL PRISONER -- #ukPolitics MEDIA DISTORTION -  BBC @BBCNews This article is NOT correct: http://www.bbc.com/news/uk-29258834 Assange did NOT seek Ecuador embassy refuge 'to avoid extradition to Sweden to face questioning over alleged sexual offences.' #Assange sought & was granted POLITICAL ASYLUM by Ecuador, on the basis of #USA pursuit of #Assange over #WikiLeaks publications. Assange has been held WITHOUT CHARGE for 4 years by #UK. Assange remains a political prisoner at a high cost to #UK. #FreeAssangeNow #UKpolitics #Auspol #NZpol #svpol Facts: >> https://justice4assange.com/ ---------------------------------------- COMMENT The above is self-explanatory:  Assange is a political prisoner.  Check out what they're spending to deny him the political asylum he's been granted.  That's confirmation for you. Took exception to the BBC article because it seems to convey that he's done some dodgy number to avoid being questioned.  That isn't the case at all and the public should be made aware that Assange has been granted POLITICAL ASYLUM by Ecuador. The Google stuff, I don't know what to make of.   Unless you use anonymity services like Tor and inhabit the 'deep web' (or whatever it is), is there an alternative to Google? Wikipedia on Tor - here.

Holes in NATO’s Cyber Defense Pledge

The Holes in NATO’s Cyber Defense Pledge by William A. Blunden / September 4th, 2014 NATO members are currently meeting in Wales to consider a joint defense agreement which stipulates that a cyberattack on one member would represent an attack on all of them.1 Though the concept of international teamwork may seem appealing at the outset there are at least a couple of issues that officials are [intentionally] neglecting. High-End Anti-Forensics For instance, how can countries mobilize to fend off a cyberattack when they can’t even tell who launched it? Deception is an age-old instrument of spy tradecraft and the Pentagon has been actively working on developing Internet stealth technology for decades. [ ...] Folks, it’s anarchy. Until we mobilize and get our political leaders to outlaw covert ops the government and corporate spies show no sign of letting up. In all probability, as things progress the whole clandestine scene is just going to get worse. This past April Obama openly bragged to China’s leadership that the U.S would be devoting $26 billion to the Pentagon’s cyber trough and expanding the U.S. force to 6,000 so-called “cyberwarriors”.15 Guess where all of that funding goes to? The moral of the story is this: when high-level Pentagon types and think tank pundits start yammering about cyberattacks from Russia or China keep in mind that our security services are neck deep in deception ops directed against their alleged allies. History shows that the American Deep State is constantly in search of new enemies, even if it has to fabricate them,16 and our corporate rulers have no scruples about launching attacks that kill untold thousands of innocent people so that they can boost quarterly profits. [... EXTRACT - FULL @ SOURCE ] http://dissidentvoice.org/2014/09/the-holes-in-natos-cyber-defense-pledge/

This article is a wealth of information.  Everyone gets a mention:

Tor, Ntrepid, WikiLeaks, TAO, GCHQ

Check it out.

USA - NATIONAL SECURITY AGENCY - Leaker #2

http://goo.gl/l9SCsG


Another NSA leaker.

Snowden was first. This is Leaker #2.

#2 Leaker is allegedly passing information to journalists.

Bloomberg View (link above) reports:

The blogger Cory Doctorow was the first to suggest there's a second NSA leaker. Last month, one of his sources told him that a story on the German site Tagesschau was not based on documents from Snowden's trove. The article dealt with the NSA's spying on the anonymous Tor network, the backbone of the "Dark Web" that intrigues the intelligence services of many countries.  

Hey, Tor gets a mention.

Was going to use Tor the other day when I couldn't access Twitter for some reason ... but I couldn't even get Tor up.  Kinda odd.  Is Tor blacklisted these days?


Anyway, this is a bit of interesting news on the NSA front.  I've not followed the links but anyone who wants more info can.