Monthly Archives: March 2014

Encryption Would Have Stopped Snowden From Using Secrets

Posted on by

Edward Snowden could have been thwarted from leaking classified U.S. documents if the National Security Agency encrypted the information to make it unreadable, two former senior cybersecurity officials said.

Snowden would have needed a digital key to decipher the secrets after gaining access to them if the data was scrambled, Ira Gus Hunt, former chief technology officer for the Central Intelligence Agency, and Howard Schmidt, a former U.S. cybersecurity coordinator, said in interviews yesterday at a conference in San Francisco.

Snowden, a systems administrator working for NSA contractor Booz Allen Hamilton Holding Corp. (BAH), probably would have been exposed if hed tried to get decryption keys, they said.

We have to get to the point where the data itself, independent from the systems, is appropriately protected everywhere all the time, said Hunt, who left the CIA in October and is on the advisory board at eSentire Inc., a Cambridge, Ontario-based security software company.

My goal would be that all data is encrypted everywhere all the time. The only way data can move in the system, at rest or in transit, is in an encrypted form.

The documents Snowden obtained and leaked to the Washington Post and the U.K.s Guardian newspaper exposed secret NSA programs, including the collection of billions of bulk phone records from Verizon Communications Inc. (VZ) and other carriers and the hacking of fiber-optic cables abroad to steal e-mail and Internet data from Google Inc. (GOOG) and Yahoo! Inc. (YHOO) U.S. prosecutors last year filed theft and espionage charges against Snowden, who has since been living in Russia under temporary asylum.

Google, Yahoo and Facebook Inc. (FB), among other companies, have since strengthened encryption on data flowing through their networks and made their digital keys more complex. Encryption uses a mathematical code to scramble data.

Vanee Vines, an NSA spokeswoman, declined to comment. Outgoing NSA Director Keith Alexander, in testimony yesterday to the U.S. Senates armed services committee, said the agency has made 40 changes in its systems, developed better insider-threat detection capability and conducted more random security checks.

A NSA civilian employee allowed Snowden to use his encrypted digital certificate to access classified information, according to a Feb. 10 letter the NSA sent to the House Judiciary Committee. The employee resigned, according to the letter.

Snowden encrypted the data after he stole it. The documents he exposed revealed the NSA has tried to weaken common encryption standards and is developing a computer capable of breaking encrypted data.

Read more:
Encryption Would Have Stopped Snowden From Using Secrets

The Commercial Case for Open Source Software

Posted on by

This post is written in association with Pentaho, a commercial open-source (COSS) provider of reporting, analysis, dashboard, data mining and data integration software.

The history of open source has already been written and rewritten a couple of times, so there's no need to go back to Genesis chapter one and revisit Linus Torvalds' "just a hobby, won't be big" comments too often.

But open source became more than the sum of its parts and the hobbyists grew successful in domains that traditionally belonged to their proprietary relatives.

Historical Note: If you do still want the history of open source, then the YouTube hosted Revolution OS is about 100 minutes of the best open development commentary you will find.

Open source grew up, we know that part. With a rich pedigree of success in the server room, open platforms eventually moved upwards through the commercial sector and across to government in many developed nations.

What open source in these (and other mission-critical implementations) demands is not only the strong active developer community that typifies any open code base - it also very often needs a level of expert support and maintenance that works at a more formalized level than that which is available for free through the community. This especially applies to teams that are trying to solve hairy' problems for which skills are in short supply, like blending and analyzing diverse, big' data sets.

Support and maintenance are important, but there's another factor here.

Locked Down, Demarcated Openness More specifically (and more technically), open code is built with inherently dynamic libraries that are subject to change and community contribution at any time. However, commercial versions of open source software are always locked down and demarcated at the point of sale and therefore not subject to these dynamic changes.

This means that when organizations like NASA and the Met Office (arguably mission critical') use commercial open source software, they are able to define the exact static form and function of applications at the point of installation.

See the article here:
The Commercial Case for Open Source Software