Monthly Archives: March 2014

Survey: IT pros not concerned about NSA spying

Posted on by

You may have heard that the NSA has been spying on just about everyone, everywhere without regard for whether or not they are an actual threat to national security. The allegation that RSA accepted a payment of $10 million in exchange for cooperating with the NSA led some to boycott the recent RSA Conference, or participate in the TrustyCon counter-conference that was hosted around the corner. As it turns out, though, most IT professionals dont seem all that concerned with the activities of the NSA.

AppRiver conducted a survey of the attendees at the RSA Conference.AppRivers Fred Touchette describes ina blog posthow the boycott and the apparent success of TrustyCon piqued his interest about where government hacking ranks on the overall threat landscape for IT professionals.

IT professionals are much more concerned with hackers than government spying.

We decided to do a face to face survey with conference attendees one on one to ask them a few simple questions about these issues compile the data and see what is on people's minds," Touchette explains. "These are people that deal with security every day, whose jobs depend on keeping networks secure, and who use threats as a practical problem not [as] theoretical or philosophical issues.

The AppRiver survey only includes responses from about 110 peopleout of a total attendance of about 25,000so it doesnt qualify as a scientifically relevant sampling. Nevertheless, the results are interesting.

What AppRiver discovered is that only a meager5.3 percent of respondents ranked external threats from government hacking attempts as the top threat. Government spying, like that conducted by the NSA, ranked at the bottom of the survey results, tied with malicious insidersauthorized individuals like Edward Snowden who intentionally compromise or expose data.

A third of the respondents cited the insider threat without malicious intent as the top threat. In other words, random users compromising data or putting the network at risk by circumventing security controls, ignoring security policies, or just plain human error.

The biggest concern by far, though, remains external hackers. More than 56 percent of the survey respondents cited evil bad guys on the outside of their network trying to infiltrate and infect their PCs as their number one security concern.

Interestingly, regardless of what is considered to be the top threat, nearly three fourths of those surveyed believe that people are most frequently the weak link in the security chain that leads to network or endpoint compromise. More than 20 percent claim that faulty policies are to blame, while only 7.2 percent fault technology as the point of failure.

The debate over government intelligence gathering is far from over. But, according to AppRivers unscientific survey of IT security professionals, the ethics and legality of NSA activities is simply not part of the day-to-day concern when it comes to defending against malware and cyber attacks.

Read this article:
Survey: IT pros not concerned about NSA spying

IT Pros Not Concerned About NSA Spying

Posted on by

PC World You may have heard that the NSA has been spying on just about everyone, everywhere without regard for whether or not they are an actual threat to national security. The allegation that RSA accepted a payment of $10 million in exchange for cooperating with the NSA led some to boycott the recent RSA Conference, or participate in the TrustyCon counter-conference that was hosted around the corner. As it turns out, though, most IT professionals don't seem all that concerned with the activities of the NSA.

[ 15 Ways to Make Sense of Calls for NSA Reform ]

[ A Look at the Fallout From the 2013 Snowden Leaks ]

AppRiver conducted a survey of the attendees at the RSA Conference.A AppRiver's Fred Touchette describes inA a blog postA A how the boycott and the apparent success of TrustyCon piqued his interest about where government hacking ranks on the overall threat landscape for IT professionals.

"We decided to do a face to face survey with conference attendees one on one to ask them a few simple questions about these issues compile the data and see what is on people's minds," Touchette explains. "These are people that deal with security every day, whose jobs depend on keeping networks secure, and who use threats as a practical problem not [as] theoretical or philosophical issues."

The AppRiver survey only includes responses from about 110 people--out of a total attendance of about 25,000--so it doesn't qualify as a scientifically relevant sampling. Nevertheless, the results are interesting.

What AppRiver discovered is that only a meagerA 5.3 percent of respondents ranked external threats from government hacking attempts as the top threat. Government spying, like that conducted by the NSA, ranked at the bottom of the survey results, tied with malicious insiders--authorized individuals like Edward Snowden who intentionally compromise or expose data.

A third of the respondents cited the insider threat without malicious intent as the top threat. In other words, random users compromising data or putting the network at risk by circumventing security controls, ignoring security policies, or just plain human error.

The biggest concern by far, though, remains external hackers. More than 56 percent of the survey respondents cited evil bad guys on the outside of their network trying to infiltrate and infect their PCs as their number one security concern.

Interestingly, regardless of what is considered to be the top threat, nearly three fourths of those surveyed believe that people are most frequently the weak link in the security chain that leads to network or endpoint compromise. More than 20 percent claim that faulty policies are to blame, while only 7.2 percent fault technology as the point of failure.

More here:
IT Pros Not Concerned About NSA Spying

james_clapper_us_spying_reuters.jpg

Posted on by

March 07, 2014

Lead counsel Ken Cuccinelli (left) confers with US Senator Rand Paul (centre) during a news conference about their class action lawsuit against US President Barack Obama over NSA spying revelations, outside the US District Court in Washington February 12, 2014 which also named James Clapper as a defendant. The proposed 2015 budget will see a five percent drop in US intelligence agencies after a year marked by controversy over far-reaching electronic spying. Reuters pic, March 7, 2014. US intelligence agencies will see a five percent drop in funding under a proposed 2015 budget, officials said yesterday, after a year marked by controversy over far-reaching electronic spying.

Director of National Intelligence, James Clapper said the requested budget for most of the country's 17 spy services came to US$45.6 billion (RM148 billion) for fiscal year 2015, which begins October 1.

The proposed budget, which must be approved by Congress, is lower than the 2014 national intelligence program budget, at US$48.2 billion.

The Pentagon is also planning for a slight drop in funding for intelligence activities that support the military, requesting US$13.3 billion for next fiscal year, officials said.

The 2014 budget had allocated US$14 billion for the military intelligence program.

In keeping with past practice, Clapper's office, or ODNI, did not divulge any further details or provide a breakdown of the budget.

"Any and all subsidiary information concerning the National Intelligence Program budget, whether the information concerns particular intelligence agencies or particular intelligence programs, will not be publicly disclosed," ODNI said in a brief statement.

Given the secrecy surrounding America's spy agencies and their funding, it remains unclear if the fallout from ex-intelligence contractor, Edward Snowden's leaks has had any impact on the National Security Agency's 2015 budget.

The trove of classified files disclosed by Snowden since June included documents leaked to The Washington Post that shed some light on the so-called "black budget" that funds for different spy operations and programs.

More here:
james_clapper_us_spying_reuters.jpg

Security lessons from RSA

Posted on by

Stay safe online with these recommendations from IT and Crypto professionals at RSA, the premier security conference.

The RSA Conference, the flagship meetup for cryptography, information security, and IT experts from around the world, just wrapped on Feb. 28. I attended panels, talked to professionals about security, and learned a couple of new lessons about personal protection in the age of big data.

There were a lot of lessons from RSA, most of them concerning IT Professionals. Some were about enterprise-level security, and a few were on the relationship of government and big data. But what can the average consumer cull from these discussions? Read on, and take control of your online security and digital privacy.

Hackers are no more evil than the average netizens, nor are they loners. Hackers have their own social communities around their illicit activities. Whether they're trying to make money off stolen data (cyber-criminal), taking a stance (hacktivist), or just keeping tabs (surveillance), hackers have turned hacking into a business, and data is their sole interest. Most hackers work together to pull off sophisticated attacks, mostly on organizations, companies, government sites, or other hacking groups.

If your info is out there for the taking, then be ready to call your credit card company at a moment's notice. But present them with a little difficulty, and they might just go after another, softer target. It is a numbers game after all. So create tougher passwords (Longer is always better!), get a two-step authentication system, edit out personal info from your Facebook/Google+ pages, and don't tweet things that can be used to phish data.

Keep your passwords safe with these apps:

Unlike proprietary software, open-source software has the benefit of letting users customize their own security privileges and allows anyone to look into the source code and report any vulnerabilities or flaws.

Always try to get the latest updates for any programs you may have, even the ones you don't often use (even Flash). Patches are designed to cover security flaws and remove abuse potential. Introduce a little open-source software to your life, and find open alternatives to your favorite programs. A good way to start is by checking out these trusted open-source apps.

Additional open-source apps:

Remove apps that you no longer use but never bothered to delete. Uninstallers like Revo or IObit can make cleanup easier. Do you really need 20 Chrome Extensions or ten different MP3 converters?

Original post:
Security lessons from RSA

Massive Linux security flaw dwarfs Apple’s cryptography problems of just last week

Posted on by

A newly discovered bug in the popular GnuTLS library has the potential to dwarf Apples SSL encryption problems of just last week, thanks to a similar error with error checks and notifications. Thats quite a feat, considering that the Apple Goto Fail bug impacted millions of devices running both iOS and OS X, but the bug in GnuTLS looks like it will be far bigger. Over 200 applications have been identified that depend on GnuTLS and the actual list is likely much, much higher.

According to Ars Technica, the problem here is similar in type to the issue that tripped up Apple. In both cases, incorrect code short-circuited the functions that are supposed to verify whether or not a proper SSL certification has actually been presented. Red Hat found the error during a security audit and describes it thus: It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker.

The good news is, patches are already in place for this problem. The bad news is, its going to take a long time to tease out exactly which products are affected. Because GnuTLS is open source, its not as if the organization has a checklist it can pull to contact every vendor that uses its software. Furthermore, the flaw may go all the way back to the initial code the organizations website states that anyone who uses certificate authentication in any version of GnuTLS is affected by the vulnerability.

The list of impacted software is enormous. Cryptographic code signing is thought to protect against exploits in most Linux distros, but Ciscos VPN software apparently relies on GnuTLS, to name just one company. Web hosts or online services that rely on GnuTLS will have to update their own software to guard users against man-in-the-middle attacks. Inevitably, there are going to be applications that arent ever updated, which will leave consumers vulnerable.

The fact that similar code errors have been found in critical software that secures a great deal of back-end infrastructure as well as personal devices hopefully means that more companies are examining the guts of their security code more thoroughly. The NSA revelations of the past 12 months have been light on technical details, but the NSA clearly has sophisticated access to certain systems thanks to security flaws and hidden capabilities. Hopefully patching issues like this removes a few arrows from the governments quiver though if the NSA was, in fact, aware of either bug, it would mean the government deliberately left consumers and businesses exposed to potential malware to suit its own purposes. That wouldnt surprise many people in todays climate, but it would be a far cry from the 1970s when the NSA deliberately improved the DES standard to better guard against a then-unknown attack vector it felt might emerge in the future.

View original post here:
Massive Linux security flaw dwarfs Apple’s cryptography problems of just last week

Julian Assange – NNDB

Posted on by

Julian Assange

AKA Julian Paul Assange

Born: 3-Jul-1971 [1] Birthplace: Townsville, Australia

Gender: Male Religion: Atheist [2] Race or Ethnicity: White Sexual orientation: Straight Occupation: Hacker, Journalist

Nationality: Australia Executive summary: Founder of Wikileaks

Computer programmer and secretive hacker Julian Assange is the public spokesman for Wikileaks, an online publisher of classified documents, founded in December 2006. The site's funding is shadowy, its staff unpaid; it claims to be propagated on twenty separate servers worldwide, making it difficult to muzzle. According to Assange, the site's key collaborators know each other only by initials which might or might not represent their true names.

In its first few years, the site's major scoops included an operations manual from the US prison at Guantanamo, emails hacked from Sarah Palin's Yahoo account, interoffice communications from climate researchers at the University of East Anglia, secret Scientology texts. Their biggest media splash came in April 2010 with the release of Collateral Murder, a first-person video of American soldiers killing Reuters journalists from a gunship over Baghdad. It was followed over the next few months by several large leaks, coordinated with major newspapers, of American military reports from Iraq and Afghanistan, and a slow leak of 250,000 classified American embassy cables.

Wikileaks is believed to have received more than a quarter of a million classified embassy cables from a 22-year-old soldier, Bradley Manning, who was casually outed after confiding in ex-hacker Adrian Lamo in May 2010 and is now facing charges in a military prison. In 2010, Wikileaks published a secret American intelligence document assessing the perceived risk the site presents to US national security. Assange has said that the site's occasional technical difficulties are a consequence of on-line attacks launched by US operatives.

Beginning in 2010, Assange battled extradition to Sweden, where he faces charges of rape and sexual assault, charges he claims are "without basis". On 30 May 2012, he lost an appeal before the Supreme Court of the United Kingdom, leaving his extradition a near certainty. A few weeks later, on 19 June 2012, Assange sought asylum in the Ecuadorian embassy in London, where he has remained for more than a year.

[2] Per OkCupid profile.

See the original post here:
Julian Assange - NNDB

Behold Arscoin, our own custom cryptocurrency!

Posted on by

Aurich Lawson

Recently, I became the first person in the history of Ars Technica to have a goldrather than blackuser name.

How did I get this blinged-out honor? I bought it for the low, low price of 500 Arscoinsthe latest digital cryptocurrency to hit the Internet. Arscoin is one of around 100 or so "altcoins," or alternative bitcoins, derived from the same source code as the original cryptocurrency.

Everything you need to know to mine Arscoins with your CPU or GPU.

But other altcoin creators are true believers in anarcho-capitalism, or they simply find Bitcoin and its derivatives new and interesting. And not all altcoins are quite as ridiculous as they may seem; even Dogecoin, which was jokingly based on an image meme, has an on-paper market capitalization of more than $60 million.

As the new year began, I found myself writing about several new (and often ridiculous) altcoins:Coinye,Norris Coin, and yes,Koindashian. It got me thinking: if anyone can just up and create a new altcoin, how hard can it be? Arscoin is our attempt to find out. Here's how we created our own digital currency, how you can do it too, and what it all means.

The Arscoin project is for those who want to experiment with digital currenciesand buy some fun hats and colored usernames along the way. In other words, it is foreducational use only; we have centralized the system in order to prevent it from developing into a real-money economy.

Jesuscoin and Snoochyboochy

While the creator of Bitcoin remains a mystery, the currency's digital underpinnings are not; its famously open source. One of its first major competitors, Litecoin, used the Bitcoin source code in late 2011, changing a few key parameters before releasing its own source code. That, in turn, has spawned more recent clones like BBQCoin, Dogecoin, and Namecoin. According to Coinmarketcap.com, 75 mineable altcoins currently exist, with market capitalizations ranging from $38,000 (FedoraCoin) to $10.3 billion (Bitcoin). Even other journalists have started their own altcoins (see Joe Weisenthal's Stalwartbucks).

Go here to read the rest:
Behold Arscoin, our own custom cryptocurrency!