Edward Snowden claims US spied on human rights groups
The US has been spying on human rights activists, according to NSA superleaker Edward Snowden. He made the claims whilst giving evidence to the Council of Eu...
By: euronews (in English)
Excerpt from:
Edward Snowden claims US spied on human rights groups - Video
Attorney-General George Brandis. Photo: Andrew Meares
Those who doubted that Edward Snowden was a traitor were either of the self-loathing left or the anarcho-libertarian right, Attorney-General George Brandis said during a speech in Washington DC on Tuesday afternoon.
During his address at the Centre for Strategic and International Studies, a leading Washington foreign policy think tank, Senator Brandis spoke about the tension between protecting civil liberties and combating terrorism using surveillance.
He said that as the minister responsible for Australias homeland security, the more intelligence he read about the capacities of terrorists, the more he believed governments had the responsibility to use surveillance even at the expense of some personal privacy of their citizens.
Edward Snowden speaks via video with members of the Council of Europe last month. Photo: Reuters
He said intercepting and analysing global communications was at the heart of the global counter-terrorism response.
Advertisement
But he said that during what he called the post-Snowden environment, data interception and collection were more controversial than before.
Some, usually those with a better informed appreciation of the capabilities and danger of sophisticated modern terrorism, would wish for fewer limitations on intelligence gathering in the name of public safety, he said.
Others most commonly, those who do not bear responsibility for the protection of the public, and who have the luxury of approaching the question from a largely philosophical or legalistic perspective, argue that there should be much wider limitations.
See the article here:
Edward Snowden a traitor, Attorney-General George Brandis tells Washington think tank
The Federal Minister of the Interior of Germany Thomas de Maizire on the German Unity Day 2010 in Bremen (Photo: Wikimedia Creative Commons)German Interior Minister Thomas de Maizire slammed U.S. spying as "excessive" and "boundless" in an interview published Wednesday in German magazine Der Spiegel.
"If even two-thirds of what Edward Snowden has presented or what has been presented with his name cited as the source is true, then I would conclude that the USA is operating without any kind of boundaries," charged De Maizire.
De Maizire said he has "low expectations that meaningful changes will emerge from May talks between German Chancellor Angela Merkel and U.S. President Barack Obama.
However, De Maizire refused to discuss use of Germany's own counterintelligence authority to expose NSA spying, stating, "Counterespionage work cannot be the subject of an interview."
The statement follows a trove of evidence that Germany was heavily targeted by U.S. and UK surveillance. This includes the revelation that Chancellor Angela Merkel is on an NSA list of world leaders targeted by spying, as well as evidence that the NSA spied on Merkel's mobile phone for up to 10 years.
Yet, German civil liberties advocates have also accused the German government of being complicit in NSA spying, even though it is targeted by this surveillance.
_____________________
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 License.
View post:
German Interior Minister: NSA Spying 'Excessive' and 'Boundless'
Encryption xtremRat 7 KB clean 1 34 vb net
By: hallaj hack
View original post here:
Encryption xtremRat 7 KB clean 1 34 vb net - Video
A security flaw found in a popular Internet encryption tool has sent companies and government agencies scrambling to plug the leak.
The bug in OpenSSL, a widely used encryption method, was discovered earlier this week by researchers at Google (GOOG) and cyber-security firm Codenomicon. According to a website created by Codenomicon, Neel Mehta of Google Security first reported it to the OpenSSL team.
In a notice on Tuesday, Amazon.com (AMZN) informed its Amazon Web Services customers that it applied fixes to resolve the OpenSSL vulnerability. Some of Amazons AWS services were unaffected.
Researchers believe Heartbleed, a nickname given to the OpenSSL flaw, already allowed cyber thieves to grab Yahoo (YHOO) usernames and passwords. The search giant said it addressed the problem for most of its properties, including Yahoo Search, Yahoo Mail, Flickr and Tumblr, by Tuesday afternoon.
As soon as we became aware of the issue, we began working to fix it, a Yahoo spokesperson said. Our team has successfully made the appropriate corrections across the main Yahoo propertiesand we are working to implement the fix across the rest of our sites right now. Were focused on providing the most secure experience possible for our users worldwide and are continuously working to protect our users data.
Based on a web tool from security firm Qualys, other major websites like eBay (EBAY), Google and Microsofts (MSFT) Outlook email service are not vulnerable to the Heartbleed attack.
The Canada Revenue Agency temporarily shut down its online services on Wednesday due to security concerns, just three weeks before an April 30 deadline for citizens to file taxes.
The security flaw was found in some versions of OpenSSL, a type of open-source software many websites use to encrypt communication over the Internet. Heartbleed could compromise usernames, passwords and credit card numbers that are stored on a servers memory.
Using the loophole, cyber criminals are able to request chunks of data. While they cant specify what information they want, such as one persons username and password, hackers can gather enough data to piece it together.
Alex McGeorge, head of threat intelligence at security firm Immunity Inc., said e-commerce transactions and other online activities remain secure as they happen, although hackers could recover enough information to decrypt data as its sent to and from a server.
Originally posted here:
Major Security Bug Found in Web Encryption Tool
There has been a heightened interest in encryption over recent months, largely thanks to the Edward Snowden leaks showing US and British intelligence agencies were pouring their funds into cracking popular kinds of protection.
Much of the talk has focused on standards approved by the US National Institute of Standards and Technology (Nist), especially the much-derided Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG). Secure Sockets Layer (SSL) protections have also faced scrutiny, with an OpenSSL flaw causing something of a panic among security professionals.
Little attention has been given to encryption across routers and switches, however. Thats despite a rise in router malware, such as the Linux-focused Darlloz worm uncovered towards the end of 2013.
Yet enabling certain kinds of encryption across different points of the network, rather than focusing solely on applications, can provide significant protection from the most advanced of attackers. But many still arent doing this, says Peter Wood, chief executive officer of security consultancy First Base Technologies.
Theres no question that transmitting information in plain text remains a significant vulnerability in most organisations. As ethical hackers, we often start our client engagements by examining network data and discovering significant information from a simple packet-sniffing exercise, says Wood.
Peter Wood, First Base Technologies
Providing layer 2 encryption at the switch and router would make our activities a lot harder, and thus also the criminals life in a real-world attack. Everyone is used to the idea of SSL for web-based transactions, but little thought is given to encrypting internal traffic or indeed to other types of traffic on the internet.
Encryption of network traffic by a gateway device is seen by many, including Cisco, to be the best way to ensure protection of communications between local networks. Using a gateway means enterprise traffic will be encrypted regardless of protocol and should bring reduced complexity.
Network-based encryption and application-layer encryption are not mutually exclusive either. They can, and often are, used together to apply two layers of encryption to data traffic.
Talking specifically about the network, Wood recommends enabling two types of protection: IPsec and MACsec.
The rest is here:
Protect your business by encrypting the network
The "Heartbleed" software flaw that triggered alarm bells around the world could fundamentally undermine two decades' worth of efforts to persuade consumers they could trust the Web to securely handle such tasks as buying a pair of shoes and applying for a job.
The discovery of a gaping hole in a piece of software that was supposed to protect personal information from hackers left websites rushing to fix the bug while consumers struggled to understand what kind of risks they suddenly faced by venturing online.
That angst intensified, in part, because no one knows for sure just how much damage the Heartbleed bug had caused, or how widely hackers had managed to exploit it. Security researchers fear that it could take years to repair not just the bugs but also the trust of users.
"This is very bad, and the consequences are very scary now that it has been disclosed," said Phil Lieberman, president of Los Angeles security management firm Lieberman Software. "The fact that this code is on home and commercial Internet-connected devices on a global scale means that the Internet is a different place today."
Heartbleed is a flaw that was found in OpenSSL, a technology that provides encryption for about two-thirds of all servers on the public Internet. For most people, the technology shows up as a tiny green padlock icon next to the address field in a Web browser. It is supposed to signify that the password or credit card information typed on the website is secure.
But the bug essentially enables any hacker with the most basic of skills to use a simple piece of software to gain access to the IDs and passwords of a site's users in just a few minutes. Word of the flaw burst into widespread public view Tuesday when Tumblr, which is owned by Yahoo Inc., disclosed that it had been affected and urged users to change their passwords.
In fact, the flaw was discovered several weeks ago by Neel Mehta, a security researcher at Google Inc., and a team of security engineers at Codenomicon, a security website that has since created a website with information about Heartbleed.
According to a person familiar with the details, Google immediately patched its own site and began notifying partners and the open-source community about the problem. In the meantime, two Google developers, Adam Langley and Bodo Moeller, helped develop a fix that was released Monday.
It appears the bug was introduced into OpenSSL by a simple programming mistake that then got pushed out as websites around the world updated the version of OpenSSL they were running. The security hole may have existed for at least two years, security experts said.
In addition to updating OpenSSL, websites will need to revise many pieces of their security protocols known as keys and certificates that help them confirm the identity of users.
Here is the original post:
'Heartbleed' bug could undermine public trust in web
By Danny Yadron
The encryption bug that has the Internet on high alert also affects the equipment that connects the Web.
Cisco Systems Inc. /quotes/zigman/20039/delayed/quotes/nls/csco CSCO -2.03% and Juniper Networks Inc. /quotes/zigman/202982/delayed/quotes/nls/jnpr JNPR -1.82% , two of the largest manufacturers of network equipment, said Thursday that some of their products contain the Heartbleed bug, meaning hackers might be able to capture user names, passwords and other sensitive information as it moves across corporate networks, home networks and the Internet.
Many websites -- including those run by Yahoo Inc. /quotes/zigman/59898/delayed/quotes/nls/yhoo YHOO -4.22% , Amazon.com Inc. /quotes/zigman/63011/delayed/quotes/nls/amzn AMZN -4.43% and Netflix Inc. /quotes/zigman/87598/delayed/quotes/nls/nflx NFLX -5.18% -- quickly fixed the hole after it was disclosed Monday. But Cisco and Juniper said the security flaw affects routers, switches and firewalls used in businesses and at home.
These devices likely will be more difficult to fix. The process involves more steps and businesses are less likely to check the status of network equipment, security experts said.
Bruce Schneier, a cybersecurity researcher and cryptographer, said, The upgrade path is going to involve trash can, a credit card, and a trip to Best Buy.
To be sure, the products available at retail stores now likely were shipped before the bug was revealed on Monday, and may also contain the defective software, from an encryption code known as OpenSSL.
Companies often use firewalls and virtual private networks to protect their computer systems. But if the machines that run the firewalls and virtual private networks are affected by the Heartbleed bug, attackers could use them to infiltrate a network, said Matthew Green, an encryption expert at Johns Hopkins University.
Read the full article at WSJ.com.
More From MarketWatch:
Originally posted here:
The Wall Street Journal: Heartbleed bug found in Cisco routers, Juniper gear
By now you've likely heard about the Heartbleed bug, a critical vulnerability that exposes potentially millions of passwords to attack and undermines the very security of the Internet. Because the flaw exists in OpenSSLwhich is an open source implementation of SSL encryptionmany will question whether the nature of open source development is in some way at fault. I touched based with security experts to get their thoughts.
First, lets explain the distinction between closed source and open source. Source refers to the source code of a programthe actual text commands that make the application do whatever it does.
Closed source applications dont share the source code with the general public. It is unique, proprietary code created and maintained by internal developers. Commercial, off-the-shelf software like Microsoft Office and Adobe Photoshop are examples of closed source.
Open source does not necessarily mean open season for hackers.
Open source, on the other hand, refers to software where the source code is available to the public. Open source projects are generally collaborative efforts because any developer is free to review the code, edit or enhance it, or add features. Popular examples of open source software include Linux, the Apache Web server, and OpenSSL.
When anyone is free to view the source code, and any developer can submit changes to the open source project, there are potential security concerns. Without properly vetting the developers, there is no way to know whatif anysecure development practices are being used, and the possibility exists for a malicious developer to intentionally introduce a vulnerability like Heartbleed for the express purpose of exposing the software to attack.
Does that mean that open source tools are inherently insecure, or less secure, than their closed source cousins?
An argument could be made that the collaborative nature of open source software development compounds the challenge of ensuring security is considered throughout the software life cycle, David Shearer, CISSP, PMP, and Chief Operating Officer of (ISC)2, said in a statement sent to PCWorld.
The security implications of what should be a simple diagnostic capability in OpenSSL is a prime example. According to Shearer, One could go as far as to say that we may be heading toward a time where some of the key security architecture components that are available as open source software may need to be more closely managed and monitored.
But while it's true that there are some security concerns unique to the collaborative nature of open source and to having the source code open to the general public, there are also ways that open source strengthens security.
Read more here:
Is open source to blame for the Heartbleed bug?
(PRWEB) April 10, 2014
With learning analytics poised to become a mainstream technology, higher education leaders from around the world came together following the Learning Analytics and Knowledge (LAK) 2014 conference in Indianapolis, Indiana for an Open Learning Analytics (OLA) Summit. The Summit, supported by the Society for Learning Analytics Research (SoLAR), Marist College, and the University of Wisconsin-Madison, was organized to bring together representatives from the learning analytics and open source software development fields as a means to explore the intersection of learning analytics and open learning, open technologies, and open research.
The Summit, facilitated by George Siemens, Executive Director of the LINK Research Lab at The University of Texas at Arlington; Josh Baron, Senior Academic Technology Officer at Marist College; and Kimberly Arnold, Evaluation Consultant, University of Wisconsin-Madison, spanned two days and focused on open system architectures and how source communities can accelerate the full potential of learning analytics to provide powerful new tools for understanding learning and improving the learning experience and teaching practice.
Building on prior work in the area of OLA by both SoLAR and Apereo, the open-source foundation formed through the merger of Sakai and Jasig in 2012, participants from both communities, as well as others, worked to identify projects to further the field and move toward producing a range of open-source learning analytics services and products.
Having helped to draft, along with many other colleagues, an initial concept paper on open learning analytics in 2011, it was exciting to see leading researchers in the field come together with those who have more than a decade of experience working on open-source software higher education projects, said George Siemens, My sense is that we will see some rather concrete projects emerge from the summit which could have a significant impact on both the field of learning analytics and higher education as a whole.
One of the major outcomes of the Summit was the identification of a number of domains for the OLA community in which future work would be conducted. These OLA domains included: open research (e.g. open datasets, open predictive models, etc.), institutional strategy and policy issues, and learning sciences/learning design and open standards/open-source software. Leads for these domains will be working to document the findings from the Summit as well as developing implementation plans. For example, the open standards/open-source software group are now defining the scope and technical details of an open learning analytics architecture, which will be platform-agnostic, as well as identifying and reaching out to additional research and corporate partners. At the same time, representatives from both SoLAR and Apereo will collaborate on updating the prior Open Learning Analytics concept paper from 2011 to incorporate the Summit outcomes.
The launch of the Apereo Learning Analytics Initiative a few months ago demonstrates the level of strategic interest in learning analytics that exists within the Apereo ecosystem, said Josh Baron, who is currently serving on the Apereo Foundation Board of Directors, which will be significantly enhanced by our collaboration with world renowned researchers and practitioners from the SoLAR community.
Building on the success of this first OLA Summit, the organizers are also planning for future face-to-face gatherings which will include informal meetings at the 2014 Open Apereo conference in Miami, Florida (June 1 - 4) as well as other venues. In Europe, the Learning Analytics Community Exchange (LACE) project is organizing a series of community events in schools, universities, and the commercial sector that will emphasize the importance of the OLA objectives within the European LA community. The group is planning to hold another major OLA Summit at the 2015 Learning Analytics and Knowledge Conference, which will be hosted by Marist College in Poughkeepsie, New York (March 16 - 20).
We are extremely excited to be hosting the 2015 LAK conference on our campus, said Dr. Dennis J. Murray, President of Marist College, not only because of the strategic importance that Marist places on the emerging field of Learning Analytics but also because of the role we believe this field will play in transforming higher education over the coming decade. With this in mind, I would like to extend a personal invitation to institutional leaders from around the world to be part of this important event and join us in New Yorks Hudson River Valley in 2015.
For organizations and individuals that would like to get involved in the OLA initiative, please contact gsiemens (at) gmail (dot) com.
Read this article:
Leaders in Learning Analytics and Open Source Software Hold Open Learning Analytics Summit; Marist College to Host ...