Unix, Free and Open Source Software, and Linux Security: Computer Security Lectures 2014/15 S1
This video is part of the computer/information/cyber security and ethical hacking lecture series; by Z. Cliffe Schreuders at Leeds Beckett University. Labora...
By: Z. Cliffe Schreuders
Wikileaks releases CIA documents on sidestepping airport security
Wikileaks has released what it says is the secret CIA handbook on how to get around security systems at international airports. CBS News senior national secu...
By: CBS Evening News
Visit link:
Wikileaks releases CIA documents on sidestepping airport security - Video
Eyes open: Sarah Harbi protests against the NSA outside the Department of Justice in Washington, DC. Photo: Reuters
Cyber security experts are questioning whether US President Barack Obama can make good on his assurance that intelligence agencies aren't spying on "ordinary folks."
That promise is especially dubious, experts say, in instances where Americans are communicating with US citizens living abroad and other people overseas.
"It's very clear there are enormous loopholes," said Jonathan Mayer, a cyber security fellow at Stanford University's Centre for International Security and Co-operation, who is reverse engineering the NSA surveillance program to learn how much collection if taken to extremes is legally possible. "Their rules, combined with their capabilities, cut against the classical protections built into our legal system."
Advertisement
The US National Security Agency (NSA) and the CIA are tasked with gathering foreign not domestic intelligence. Agency rules say they must have a "reasonable, articulated suspicion" about the people they target, and are required to sift through all the data they collect and eliminate any that might have been intercepted from an innocent American, on US soil or abroad.
This week the Obama Administration proposed that Congress overhaul the electronic surveillance program by having phone companies hold onto the call records as they do now.
But there remain a number of significant ambiguities that allow Americans' data to be swept up, saved and analysed, according to a series of disclosures from former intelligence contractor Edward Snowden, WikiLeaks source Private Chelsea (previously known as Bradley) Manning and the US government itself:
- Analysts need to be just "51 per cent confident" that someone is not in the US, based on phone numbers, Internet Protocol addresses and email addresses, before they can target the person.
-The NSA is allowed to store encrypted communications, domestic or foreign, at least until analysts can decrypt it to find out whether it contains information relating to national security. With widely used services like Gmail and Facebook adding encryption, this could encompass a vast amount of domestic communications.
See the original post:
NSA rules leave privacy vulnerable: experts
Washington: The US National Security Agency has created a surveillance system that is recording all the phone calls in an undisclosed foreign country, allowing it to play back any conversation up to 30 days later, the Washington Post reported on Tuesday.
The newspaper cited unnamed sources with direct knowledge of the system as well as documents supplied by former NSA contractor Edward Snowden, who since last year has leaked extensive data revealing sweeping US spying activities.
The newspaper said that at the request of US officials, it was withholding details that could be used to identify the nation where the system is being used or others where it might be used in the future. The Post cited documents that envisioned similar US spying operations in other nations.
Mr Snowden again spoke from his Russian exile on Tuesday, addressing a conference audience in Vancouver through a screen and a remote-controlled robot.
Advertisement
"There are absolutely more revelations to come," he said. "Some of the most important reporting to be done is yet to come."
The voice interception program is known as MYSTIC and started in 2009, with its "retrospective retrieval" capability, called RETRO, reaching full strength in 2011 against the first target nation.
A classified summary of the system said the collection effort was recording "every single" conversation nationwide in the first target country, storing billions of conversations in a 30-day rolling buffer that clears out the oldest calls as new ones are made.
A senior manager for the program likened it to a time machine that can replay voices from any phone call without the need to identify a person for spying in advance.
Current and former US officials quoted anonymously said large numbers of conversations involving Americans would be gathered using the system.
Excerpt from:
NSA records all calls in targeted foreign nation :report
Inadequate data encryption is making insurers across the industry vulnerable to security breaches.
The insurance industry has a reputation for stability, expertise, and thoroughness.These strengths are the product of time. Longevity has its purpose in insurance, which has a history punctuated by economic calamity, war, and social and political upheaval. The great insurers of yesteryear remain the great insurers of today.
The institutional integrity of many of our most recognizable insurers is solid.Individual agents provide steady reassurance, thorough marketing, advertising and professionalism that are assets to the industry and provide a favorable impression to policyholders.
However, despite this sense of security, policies cannot just be protected by thick stainless steel doors and stacked certificates of indemnification, alphabetized and aligned in symmetrical rows. Beyond the physically dense climate-controlled bunkers and vaults, where room temperature prevents the yellowing of these documents and insurers protect against fires and floods, the cleverest thieves -- armed with the most valuable intelligence -- can destroy an insurance company in a few minutes or hours. This is where all the standard operating procedures of the insurance industry collapse.
I refer, specifically, to the inadequate encryption that makes every insurervulnerable to massive data breaches. Please note that I issue this statement based on experience, not exaggeration or an appetite for sensationalism. In my role as founder of Impervio E-IRM System (Enhanced Information Rights Management), I seek to empower insurers against these threats. Impervio is a testament to this commitment because it is, by the strictest definition of the word, impenetrable.
[3 Ways Mobility Will Shape Auto Insurance in 2015]
While insurers do a commendable job of trying to educate the public about security, they do not have the encryption necessary to win the battle against hackers and cyber criminals. Put a different way, the existing form of encryption -- the system that governs so many industries -- relies on the false assertion that it would take someone 3,000 years to break this code.
This presumption is seriously inaccurate because, in reality, the trained eye can spot gaping holes and points of weakness within this theory. Sophisticated thieves already know when and how to exploit these security vulnerabilities, which act as gateways to confidential client data, electronic medical records, intra-office communications, personal checking account codes and credit card numbers.
To better appreciate the gravity of this situation, think of current forms of encryption as four massive walls that surround a vital piece of intellectual property. From a distance, like its physical corollary between East and West Berlin, or its even lengthier cousin known as the Maginot Line, this wall looks impressive -- and imposing -- until you see all the cracks and barren sections previously covered by concrete now exposed with a thin pane of asbestos and chicken wire.
The cyber equivalent to these frayed walls and abandoned outposts is the model of encryption insurers continue to use. Indeed, the best example of the need for a superior method of encryption involves what we see and hear every day, particularly advertisements from security experts who claim they have the latest patch (for a patch, on top of another patch) to fix a breach.
Here is the original post:
The Future of Data Encryption in Insurance
Q: One of the things I keep hearing about because of the Sony hack is encryption, but how exactly do I get it setup for my business?
A: There isnt enough space in this column to cover all the lessons that can be learned from what continues to come out of the Sony Pictures massive hacking event.
The use of encryption is a big one because it can provide an excellent level of security even if cyber thieves make off with thousands of sensitive files via a compromised computer.
Anytime everyone has access to everything on a business network without any real security, hackers need only compromise one user to wreak havoc for everyone (the likely scenario in the Sony hack).
Encryption acts as another security barrier that will generally cause the hackers to move on because of the time that it will take to break the encryption.
Encryption technology is built into most operating systems; Windows has BitLocker for workstations and servers while Mac OS X has FileVault or you can use encryption programs from many third party companies.
But before you make any decisions to start encrypting your data, you really should review all of the options, pros, cons, security and backup measures to make sure you dont inadvertently lock yourself out of your own data.
Encryption strategy needs to be thought through, so make sure you consult your IT support group before you get started.
Another simple step that Sony could have taken to protect data was to create individual passwords for sensitive data files.
Just about every type of business program you use has an option to password protect the individual files.
The rest is here:
Data Doctors: Lessons for all from the Sony hack
Dyalog14: Cryptography 101
Bjrn Christensen Cryptography is not only about restricting information from general availability but also includes knowing that the data we receive has not...
By: Dyalog Conference
See the original post:
Dyalog14: Cryptography 101 - Video
It was refreshing that a movie about Alan Turing, a brilliant mathematician, didnt bog us down with cryptography equations we wouldnt get. It was a low-key thriller that was rather engrossing, despite not having enough guts to go into places that a complete biopic on Turing might have.
Benedict Cumberbatch will get a well-deserved Oscar nomination for playing a character that obviously has some disorder (Aspergers, OCD, etc.), that makes him come across as arrogant and unlikable.
Just watching the opening scene, in which Commander Denniston (Charles Dance) is interviewing Turing for a job that will have him break the code the Germans were using, is a blast. Turing doesnt understand the sarcasm, but his intelligence is enough to land him the gig.
Turing quickly realizes that the code is unbreakable with a handful of humans working on it. The Germans change the codes constantly, so if a code is decrypted, the next day, theres a new system. Turing wants 100,000 pounds to build a machine, convinced only another machine will be able to compute the calculations fast enough. Yes, its safe to say hes the guy who invented the computer (sorry Al Gore).
Im sure you know what ends up happening, but its a shame that more people dont know exactly what Alan Turing went through. He was a visionary, and a true war hero. Instead of diners in Hillcrest being named after Harvey Milk, they should be named after this guy (although he does have his name attached to something called the Turing test which tests a machines ability to exhibit intelligent behavior thats indistinguishable from that of a real person).
Director Morten Tyldum gives us a nicely layered story. We watch as Turing has difficulty working well with others. Flashbacks show that he didnt get along well with others as a school boy. The various time periods the movie jumps around all work nicely.
We see a crush Turing has on a boy in his elementary school. Its just a heartbreaking segment. We see him having a flirtatious relationship with Joan (Keira Knightley). We watch as some of the people start to understand his genius, yet it doesnt necessarily mean they like him any more because of it.
There could be a spy working with them, too. Oh, and theres that annoying boss Commander Denniston. He doesnt like the money being wasted, and the fact that they dont seem any closer to breaking the code after all the time spent on it.
There are some great edits. One that comes to mind is Turings machine turning on, becoming the spinning mechanisms becoming wheels of a tank.
It was so long ago that I saw this (its one of the many good films I was able to catch at the San Diego Film Festival earlier this year), its hard to remember everything about it.
See the rest here:
The Imitation Game
The Logan Symposium - Dec 6th - Julian Assange
By: cijournalism
Read more:
The Logan Symposium - Dec 6th - Julian Assange - Video
Julian Assange will model for Vivienne Westwood's son Ben during London Fashion Week.
According to the Daily Mail, the show will take place in September at the Ecuadorian Embassy, where the WikiLeaks founder has been seeking refuge for the past two years.
Anthony Devlin/PA Wire
"Julian's been in the embassy for two years and it's important that he doesn't slip into obscurity."
Ben explained that he has taken inspiration from Assange's sense of dress and his 'combat/beret look'.
"I've designed something for him along those lines and will be getting him to wear it," Ben said.
"I've got another garment with a Julian Assange print."
Assange is avoiding extradition to Sweden, where he is wanted for questioning over claims of sex offences.
London Fashion Week Spring/Summer 2015 runs from September 12-16.
Read the original here:
Julian Assange to model for London Fashion Week