« First...102030...2,1792,1802,1812,1822,183...2,1902,2002,210...Last »

We Now Know A Lot More About Edward Snowden’s Epic Heist …

Posted on by

Edward Snowden's in-depth interview with James Bamford of Wired offers details about his last job as a contractor for the NSA in Honolulu, which raise disconcerting questions about the motives of the former systems administrator.

While working at two consecutive jobs in Hawaii from March 2012 to May 2013, the 31-year-old allegedly stole about 200,000 "tier 1 and 2" documents, which mostly detailed the NSA's global surveillance apparatus and were given to American journalists Glenn Greenwald and Laura Poitras in June 2013. The government believes Snowden also took up to 1.5 million "tier 3" documents potentially detailing U.S. capabilities and NSA offensive cyber operations, the whereabouts of which are unknown.

We now know more about the larger and more sensitive cache of classified documents. Furthermore, a close reading of relevant reporting and of statements made by Snowden suggests that much of what the rogue NSA employee intentionally took involved operational information unrelated to civil liberties.

While the tier 3 material appears to have not been shared with American journalists, some of it was shown to a Chinese newspaper. And 14 months later, given the uncertain fate of the documents, it is not unreasonable to ask whether they could have fallen into the hands of an adversarial foreign intelligence service.

Snowden had worked as an NSA contractor for Dell since 2009, and in March 2012 he began working as a systems administrator for the NSA's information-sharing office at the Kunia Regional Security Operations Center (known as "the Tunnel") on the main island of Oahu. Over time, he became increasingly alarmed by what he viewed as serious U.S. governmental violations of Americans' constitutional liberties, as well as general disregard for privacy rights of foreign citizens.

American officals told Reuters that Snowden began making illegal downloads about U.S. and U.K. eavesdropping programs in April 2012. (The NSA later told Vanity Fair that the downloading began in the summer of 2012.)

Wired

Snowden says that moment came on March 13, 2013, when he read about Director of National Intelligence James Clapper's appearance before a Senate committee, during which he testified that intelligence officials did not "wittingly" collect data on Americans.

Clapper's statement and the subsequent lack of concern among his NSA colleagues at the Tunnel "convinced him that the time had come to act," Bamford writes.

Snowden quit Dell on March 15, according to reporting by Edward Jay Epstein of The Wall Street Journal, and landed a job with Booz Allen as an infrastructure analyst at the National Threat Operations Center in Honolulu.

Read the original post:
We Now Know A Lot More About Edward Snowden's Epic Heist ...

For German, Swiss Privacy Start-Ups, a Post-Snowden Boom

Posted on by

US andChinese tech companies are not the only ones profiting from the Snowden effect.

Since news broke that former U.S. National Security Agency contractor Edward Snowden disclosed alleged U.S. government surveillance methods worldwide, secure messaging and so-called NSA-proof products and companies have sprouted across Germany and Switzerland, two countries who take their privacy laws very seriously.

While not in mainstream use yet, the trend is growing.

Some German and Swiss companies have also used the media attention as selling points.

When Edward Snowden unveiled the extent of surveillance by the U.S. government, many scientists in Cern were shocked, said Khoi Nguyen of Geneva-based Protonmail, a start-up marketing an easy-to-use, encrypted email service.

Lavaboom, a German email provider, was a direct reaction to the Snowden revelations. The companys name plays on the U.S. encrypted service provider Lavabit, which Mr. Snowden used. Lavabit was forced to close down in August 2013, after being forced to disclose classified documents. At the time, Lavabit founder Ladar Levison said he was prohibited by law from discussing the reasons for its closure.

Lavabit offers users a three-tiered service. A free subscription gets you secure storage, two-factor authentication, and complete encryption. Premium subscriptions offer whats called a zero-knowledge serviceany data generated by an application will never be readable on the server it is storedas well as three-factor authentication.

Our existence was a direct response to the closure of Snowdens email service Lavabit, Lavaboom co-founder Bill Franklin said.

Mr. Franklin, a U.K. citizen, along with German co-founder Felix Mueller-Irion, consciously chose Germany to base their mail service.

Data protection laws in Germany are supportive in offering customers a private sphere, Mr. Franklin said. German data protection laws are considered to rank among the strictest in the world and there are laws protecting journalists, doctors, lawyers and other professional groups from revealing their sources.

Read more from the original source:
For German, Swiss Privacy Start-Ups, a Post-Snowden Boom

Google Favors Encryption in Ranking, But Not for ‘Trusted Stores’

Posted on by

Google wants websites to use encryption, to protect themselves and users from hackers. Unless they are e-commerce sites, in which case Google doesnt want them to use encryption too widely.

The dissonance arises from the requirements of Googles Trusted Stores program, an effort by the search giant to show users where they can shop online with confidence.

Heres the rub: According to emails Google sent one merchant, the Trusted Stores program doesnt play nice with encryption.

Googles explanation could have come straight from Catch-22. The Trusted Stores badge is designed to be suppressed and not show up on secure pages, Google wrote to Christopher Heitman, co-owner of Pegasus Auto Racing Supplies in New Berlin, Wisc.

That means, Google continued, There will not be a badge that shows up on every page of the site. However, per the program guidelines, it is required that the badge must be displayed on all pages of your site.

Not surprisingly, the explanation left Heitman scratching his head. I would think that protecting their users privacy by using encryption would be a valuable part of providing the best user experience, he says.

Google gave Web encryption a big boost earlier this month when it said encrypted sites would gain points in its search rankings. Encryption can defend against certain types of cyberattacks.

The Trusted Stores program does require that checkout pages be encrypted, to protect personal information such as home addresses and credit-card numbers.

But Google told Heitman that for non-sensitive pages such as a sites home page or product listings, the Trusted Stores program is not compatible with the common encryption protocol that Google said it would favor in its search rankings.

A Google spokesman said as a priority, were working on a solution to display the badge for stores who are moving their entire sites to be encrypted.

See the original post here:
Google Favors Encryption in Ranking, But Not for ‘Trusted Stores’

Google Wants Sites to Use Encryption, Except When It Doesn’t

Posted on by

Google wants websites to use encryption, to protect themselves and users from hackers. Unless they are e-commerce sites, in which case Google doesnt want them to use encryption too widely.

The dissonance arises from the requirements of Googles Trusted Stores program, an effort by the search giant to show users where they can shop online with confidence.

Heres the rub: According to emails Google sent one merchant, the Trusted Stores program doesnt play nice with encryption.

Googles explanation could have come straight from Catch-22. The Trusted Stores badge is designed to be suppressed and not show up on secure pages, Google wrote to Christopher Heitman, co-owner of Pegasus Auto Racing Supplies in New Berlin, Wisc.

That means, Google continued, There will not be a badge that shows up on every page of the site. However, per the program guidelines, it is required that the badge must be displayed on all pages of your site.

Not surprisingly, the explanation left Heitman scratching his head. I would think that protecting their users privacy by using encryption would be a valuable part of providing the best user experience, he says.

Google gave Web encryption a big boost earlier this month when it said encrypted sites would gain points in its search rankings. Encryption can defend against certain types of cyberattacks.

The Trusted Stores program does require that checkout pages be encrypted, to protect personal information such as home addresses and credit-card numbers.

But Google told Heitman that for non-sensitive pages such as a sites home page or product listings, the Trusted Stores program is not compatible with the common encryption protocol that Google said it would favor in its search rankings.

A Google spokesman said as a priority, were working on a solution to display the badge for stores who are moving their entire sites to be encrypted.

Here is the original post:
Google Wants Sites to Use Encryption, Except When It Doesn’t

Facebook reports enormous uptick in use of snoop-proof email

Posted on by

This Facebook chart shows how the number of emails protected by encryption by both the sender and the receiver has flipped in only a few short months. Facebook

Keeping email safe from prying eyes is a joint effort, with both the sender and receiver needing to implement encryption technology. And Facebook -- which sends its user base billions of notification emails every day -- says things have gotten significantly more secure because of changes made by popular webmail providers such as Microsoft and Yahoo.

The percentage of outbound notification emails sent from Facebook that are received by email services which support encryption has jumped from less than 30 percent in May to 95 percent by mid-July, according to a Facebook blog post published Tuesday.

That rate of adoption is exceptionally rare, said Jim Fenton, formerly the chief security officer at password replacement firm OneID and now an independent Internet technologist.

"Facebook's measurement is probably as favorable as it can be," Fenton said, pointing out that Facebook's unique situation -- outgoing email only, measured by volume, to large webmail providers for personal use more than work email accounts -- allowed Facebook to achieve such a rapid turn-around.

The change comes amid a growing effort by webmail providers to better support encrypted email. That's a reaction to National Security Agency snooping revealed by whistle-blower Edward Snowden, and it's a necessity at Facebook, where notification emails about posts and comments made by users' friends often contain snippets of private or semi-private content from the site.

The kind of basic webmail encryption Facebook refers to in its blog post is provided by a technology called STARTTLS, which uses Transport Layer Security encryption to make it harder to spy on email. The challenge with keeping email secure is that it requires both the sender and the receiver to support the same encryption technology -- otherwise messages remain unprotected. Though Facebook has supported STARTTLS for several years, of the three biggest webmail providers, only Google's Gmail had adopted it.

Facebook said in its post that now that Microsoft and Yahoo are on board with STARTTLS, the majority of the social-media site's notification emails are encrypted with two common encryption techniques. One is Forward Secrecy, a technique that prevents the same numeric encryption keys from being used more than once, which would make messages easier to crack. The other is strict certificate validation, which is a high standard for ensuring that a digital authentication certificate -- which email systems check to verify who's sending a message -- has not been forged.

A Facebook spokesman told CNET that the company is working on getting the other 5 percent of webmail providers to use encryption. "All major providers we've talked to are either using STARTTLS or are actively working on deploying it," he said.

A Microsoft representative noted during a previous interview that webmail encryption efforts are tricky because of the two-way-street situation involving sender and recipient.

Visit link:
Facebook reports enormous uptick in use of snoop-proof email

WikiLeaks’ Assange sets sights on leaving embassy: Now …

Posted on by

Summary: Some commentators have questioned if anything has changed, diplomatically and legally, in WikiLeaks' founder Julian Assange's case. Here's what could happen next.

Locked inside a small apartment in central London, the only reason Julian Assange has avoided arrest is that his dimly lit ground-floor bedroom also happens to be de facto Ecuadorian soil.

Marking almost exactly two years after the WikiLeaks founder gave a similar soundbite-laden speech on the balcony of the Ecuadorian embassy in Britain's capital, he yesterday opted for a more modest affair, only to offer a similar string of pointless remarks, which were all but retracted after the fact.

In case you missed it, Assange said he would leave the embassy "soon," after being holed up in the small embassy for more than two years.

Following the appearance on Monday morning, however, his spokesman Kristinn Hrafnsson said although Assange was ready to leave the embassy, it would only be when he is offered passage free from the threat of arrest.

Assange's message was anything but clear leaving more questions than answers. One being whether the political and legal situation has shifted since he first entered the embassy.

It hasn't. Very little has changed in the diplomatic standoff between Ecuador and the UK.

Assange, who founded the whistleblowing site WikiLeaks, rose to prominence in 2010 after the leak of classified US military documentson the Afghan and Iraq wars.He remains concerned that should he step outside of the protection of Ecuador's London embassy, he will first be extradited to Sweden where he faces accusations of sexual assault dating back to 2010 but then will be forced to travel to the US. An onwards extradition, he claims, could see him tried in a US court for espionage crimes for his involvement in the classified cache release.

The Australian-born hacker turned media figure and document leaker was arrested in Britain, but received bail as he awaited court decisions in efforts to rollback the extradition process.

Once the Supreme Court, the highest court in the UK, ruled against him, he fled to the Ecuadorian embassy to seek political asylum.

Read more:
WikiLeaks' Assange sets sights on leaving embassy: Now ...

WikiLeaks’ Assange says he will leave embassy soon …

Posted on by

LONDON Julian Assange, the founder of WikiLeaks who was given asylum in the Ecuadorean Embassy here two years ago, said Monday he will be leaving the embassy soon but provided no specifics.

In a long and wandering news conference at which he was accompanied by the Ecuadorean foreign minister, Ricardo Patio, Assange summarized his case, arguing that he had helped bring about needed change in the British extradition system and saying that his health was suffering after two years at the embassy.

Continue reading below

Assange faces extradition to Sweden, which is investigating allegations of sexual misconduct, and the British police continue to post a 24-hour guard at the embassy at a cost of more than $10 million.

Assange argues that he has not been charged with any crime and that he fears if he leaves the embassy, he will be extradited to the United States. Investigations there continue into the disclosure of classified material to WikiLeaks, which posted material on its website and arranged for other newspapers, including The New York Times, to publish some of it.

The United States has not sought Assanges extradition and there has been no public indictment of him.

The British media, especially Sky News, had reported before the news conference that Assange would announce he was leaving the embassy to seek medical treatment.

Quoting a WikiLeaks source, media reports said that he was suffering from heart arrhythmia, very high blood pressure, and a chronic lung condition.

On Monday, Assange said he had decided to leave soon, but perhaps not for the reasons that the Murdoch press are saying at the moment. He did not elaborate.

Patio said Ecuador supported Assange and would continue to seek a negotiated legal end to the standoff.

The rest is here:
WikiLeaks’ Assange says he will leave embassy soon ...

This new cryptocurrency will literally make you sweat

Posted on by

While Bitcoin slowly but surely forces its way into the mainstream, that hasnt stopped numerous developers from coming up with new altcoins to try and steal its crown as top dog of the digital currencies.

The likes of Dogecoin, Litecoin, Namecoin, Peercoin and Terracoin have been slugging it out for the number 2 spot for some time already, but now a new digital coin has thrown down the gauntlet. But what differentiates MangoCoinz from the rest is the way its mined miners have to actually break a sweat.

MangoCoinz started life as a computer science project by three students at Belgrades School of Computing. The trio thought there should be a better way to mine cryptocurrency, without having to use powerful computing machines to solve pointless algorithms (and waste tons of energy in the process). Instead, they came up with the idea of performing actual, physical work to mine MangoCoinz.

You can download the MangoCoinz app on Google Play for free. Creating an account is easy, just think of an awesome username, a hard to guess password, enter your email address and submit. Youll need to verify your account to activate it of course, but after that all you have to do is get jiggy with it to generate some MangoCoinz.

Thats because, in order to mine MangoCoinz, your phone must be in constant motion. The app uses the motion sensors built into your phone, like the accelerometer, to mine coins. The more you move, the more coins will be generated.

This new cryptocurrency got me interested so I tried it out. Just by walking while holding my phone I generated some coins, about 0.02xxx, and thats just by taking five or so steps. So a brisk walk or a full body workout could quickly see you rack up those coinz.,

Out of curiosity, I began to shake my phone vigorously for about ten seconds. I was able to generate a full coin just by doing that. And that seems to be the downfall of MangoCoinz right there its easy to cheat, and most people are very lazy. It doesnt take a genius to realize they could generate a small fortune in coinz by strapping their phone to the overhead fan and letting it whizz round all day, for example.

Sadly, the developers proof-of-sweat idea is not flawless. You can do so many things to make your phone and MangoCoinz think that youre doing something productive when in fact youre doing anything but, but the unnamed creators of this cryptocurrency have at least placed a limit as to how much coins you can mine per day to thwart any abusers.

Here is the original post:
This new cryptocurrency will literally make you sweat

BGP hijacking for cryptocurrency profit

Posted on by

by Mirko Zorz - Editor in Chief - Tuesday, 19 August 2014. In cryptocurrency, "mining" is the act of validating transactions listed in the public ledger (also known as the block chain). When a transaction is initiated, it is placed in a queue where it is prioritized based on the date and time of submission, and the size of the affixed transaction "fee."

Working from the top of the queue, miners cryptographically attempt to "find a block," which entails crunching numbers to satisfy a particular formula while simultaneously agreeing as network that the calculated results are valid. Mining is a generic activity; the mining pool dictates which cryptocurrency is mined.

In this podcast recorded at Black Hat USA 2014, Joe Stewart, Director of Malware Research at Dell SecureWorks, talks about his team's discovery of suspicious activity occurring on mining systems connected to the wafflepool.com mining pool.

Several users in this forum and other cryptocurrency forums noticed similar activity mining systems mysteriously redirected to an unknown IP address that answered with the Stratum protocol. Once connected to this IP address, miners continued to receive work but no longer received block rewards for their mining efforts. Hijackers harnessed miners' hashing power by redirecting legitimate mining traffic destined for well-known pools to a malicious server masquerading as the legitimate pool:

Continued here:
BGP hijacking for cryptocurrency profit

Julian Assange to leave Ecuadorian Embassy in London ‘soon’

Posted on by

By Faith Karimi, CNN

updated 7:41 AM EDT, Mon August 18, 2014

STORY HIGHLIGHTS

(CNN) -- WikiLeaks founder Julian Assange said he'll leave the Ecuadorian Embassy in London "soon" after living there for two years to avoid extradition to Sweden.

"I can confirm I am leaving the embassy soon, but not for the reason you might think," Assange said at a news conference Monday.

He did not provide additional details but said he is suffering from health problems and would leave "when conditions are right."

However, WikiLeaks said, "his departure is not imminent."

Ecuador's foreign minister, who sat next to him, said his freedom is long overdue.

"The situation must come to an end ... two years is too long," Ricardo Patino said. "It is time to free Julian Assange. It is time for his human rights to be respected."

Swedish authorities want to question him over allegations that he raped one woman and sexually molested another.

Read more:
Julian Assange to leave Ecuadorian Embassy in London 'soon'


« First...102030...2,1792,1802,1812,1822,183...2,1902,2002,210...Last »