« First...102030...2,4672,4682,4692,4702,471...2,4802,4902,500...Last »

Snowden stole password from NSA co-worker

Posted on by

WASHINGTON Edward Snowden got an unwitting assist from an NSA employee who foolishly lent the infamous leaker his password, according to an agency memo.

A civilian NSA employee quit in January after the feds stripped him of his security clearance, according to the Feb. 10 agency memo drafted for a congressional committee and obtained by NBC News.

The unnamed NSA worker entered his password on Snowdens computer at Snowdens request.

Unbeknownst to the civilian, Mr. Snowden was able to capture the password, allowing him even greater access to classified information, according to the memo.

The memo states that an NSA civilian worker, an active-duty member of the military and a contractor all were implicated in this matter.

Snowden, a former NSA contractor, has claimed apparently falsely he didnt use subterfuge to get information.

I never stole any passwords, nor did I trick an army of co-workers, he said in a Google chat last month.

The service member and the contractor were removed from access to NSA information and spaces last August, according to the memo.

Continue reading here:
Snowden stole password from NSA co-worker

Edward Snowden: NSA Memo Confirms He Stole Co-Worker’s Password

Posted on by

According to a memo issued by the National Security Agency to members of Congress, former contractor Edward Snowden may have resorted to stealing his coworkers login credentials in order to gain entry to the agencys highly classified database. Snowden has denied the accusation and claimed the report to be incorrect.

The memo also relates how Snowden obtained the Public Key Infrastructure password of an NSA civilian employee by getting him to type it on his work computer. The unnamed employee was not aware that Snowden was able to secure the password, thereby providing him with complete access to confidential NSA information. After a temporary suspension of his security clearance, the agency made it permanent toward the end of last year. The NSA civilian handed his official resignation last month after informing the FBI of the oversight.

The NSA has also revoked the security clearance of two other individuals connected with the agency due to their involvement in the controversial leakage. The memo also states that one of them is a military member in active duty and the other is an unnamed contractor. They have also been banned from using their official workstations, although their employers maintain discretion over the extent of their accountability.

Edward Snowden is responsible for what is considered the most important information leak in the history of the United States, according to author Daniel Ellsberg. A computer systems administrator by profession, Snowden used to work for the Central Intelligence Agency and the NSA. He started exposing highly confidential agency data on June 2013 to such well-known publications as The Washington Post and The Guardian.

Snowden is currently residing in Russia on a yearlong temporary asylum. The US government regards him as a fugitive from justice and his charges include theft of government property and espionage. The NSA memo was first released through the NBC News website and has since been included by the agency in their report to the Judiciary Committee.

Image via YouTube

Continue reading here:
Edward Snowden: NSA Memo Confirms He Stole Co-Worker’s Password

Snowden Got Help in Snooping from NSA Colleague

Posted on by

An NSA employee had his title and designation stripped after it was discovered that he had allowed Edward Snowden to use his password. Snowden got access to some very vital information through this fellow worker who is currently being disciplined.

Besides him there are two others, a military man and a contractor, who are held to be responsible for abetting Edward Snowden in his wrongdoings. The NSA began a cleanup operation of its rank and file to weed out suspicious elements.

According to the grapevine, Edward Snowden approached 20 to 25 people in the NSA while he was on duty as a contractor. A few are suspected to have aided him in his nefarious plans.

The security flaw that led to Snowden fleeing with confidential information was the largest of its kind in the annals of US history. It made the United States government and its agencies appear shamefaced before the rest of the world due to their spying behavior.

Snowden was a trickster who surreptitiously gained access to a coworkers password. From there onwards it was plain sailing for Snowden. He made off with thousands of documents that were top secret material.

However, in a rejoinder to this accusation, Edward Snowden has flatly denied having ever swiped any password. Only time will reveal who is lying and who is speaking the truth.

Source: NBC News

Visit link:
Snowden Got Help in Snooping from NSA Colleague

RHCSA PREP:answer to question 20 (Central Authentication Using LDAP with TLS/SSL Encryption) – Video

Posted on by


RHCSA PREP:answer to question 20 (Central Authentication Using LDAP with TLS/SSL Encryption)
This is the backbone of system administration: Central User Authentication. Configure LDAP with CA certificates using TLS/SSL encryption. This is important f...

By: joe show

Follow this link:
RHCSA PREP:answer to question 20 (Central Authentication Using LDAP with TLS/SSL Encryption) - Video

Fact or Fiction: Encryption Prevents Digital Eavesdropping

Posted on by

There are effective ways to encrypt data, whether it is in transit or in storage, but if that data is left in the clear at any point along its path, it is vulnerable to theft or tampering

Courtesy of Travis Goodspeed, via Flickr

Since the dawn of the Web and ubiquitous free e-mail services over the past two decades, the need to secure personal information online has been evident but often ignored. Last months exposure of the U.S. National Security Agencys PRISM program for collecting data on individuals suspected of plotting terrorist attacks, spying or other forms of malfeasance (pdf) has helped bring privacy issues back into the spotlight. In fact, the news about PRISM even encouraged some prominent Internet pioneers to condemn the practice and call for renewed efforts among Internet users and their service providers to encrypt more data, to protect it from prying eyes.

Vint Cerf, Googles chief Internet evangelist and co-developer of the TCP/IP communications protocol that makes the Internet tick, recently told The Times of London that computer scientists should devise an anti-snooping solution for the Web using encrypted communication. Cerf encouraged developers to reexamine how some of the Internets core security featuresin particular Internet Protocol Security (IPsec)were designed to enable end-to-end cryptography.

Unfortunately, cryptographys ability to thwart online surveillance or theft comes with a number of caveats and qualifications. Cerfs comments highlight a key difficulty in using encryption to protect data as it traverses the Internet and comes to rest on a computer or storage drive. Given the diversity of the digital terrain, data is rarely encrypted from start to finish. Even when data is encrypted in transit from one computer to another in a network, it often must be decrypted at each point and reencrypted when handed off to the next computer. If any of these way stationswhether a PC, a Web server or a piece of networking equipmentis not well protected, unencrypted data is left vulnerable to prying eyes.

Data at rest There are several programs available for encrypting data once it is stored on an end point like a PC or laptopincluding Microsoft BitLocker, Apple FileVault, PGPdisk and TrueCrypt. These programs typically create an encrypted volume on the hard drive or encrypt the entire hard drive using a key derived from a password that you type in as part of the start-up process.

The catch is that users have to actively set up these programs. They dont run by default, and many people dont even know these programs exist.

In motion Data in transit within the network can be encrypted using a number of different approaches, says cryptographer Paul Kocher, president and chief scientist of Cryptography Research, a designer of data, computer and network security systems. A widely used example is a password-protected wi-fi network, where the password is essentially used as an encryption key or to derive encryption keys so that data going from your machine back to the router is only accessible to people who know that password. Pretty Good Privacy (PGP) and Secure/Multipurpose Internet Mail Extensions (S/MIME) are a couple of other common encryption technologies but are limited primarily to e-mail transactions.

Secure Sockets Layer (SSL) protocol offers a broader example of how data can be encrypted in transit. Kocher helped develop SSL, a cryptographic protocol used to encode communications over TCP/IP networks, for Netscape as a means to transmit private documents via the Internet in the mid-1990s. SSL uses a cryptographic system with two keysa public key to encrypt the data and a private key, known only to a messages recipient, to decipher it.

If used properly, SSL encrypts a users data from their Web browser to the Web server. The browser can use SSL, for example, to authenticate that your computer is communicating with an actual Web site as opposed to an imposter set up to steal data or spread malware. (Note that URLs requiring an SSL connection start with https instead of http.)

Read more from the original source:
Fact or Fiction: Encryption Prevents Digital Eavesdropping

‘PGP’ encryption has had stay-powering but does it meet today’s enterprise demands?

Posted on by

PGP encryption, as industry old-timers know, started out as "Pretty Good Privacy" invented by Phil Zimmermann in 1991, and since then, was sold on to various corporate owners until it ended in the hands of Symantec in 2010. While it is a widely used vintage brands, does PGP public-key encryption still meet today's enterprise demands, given the rise of cloud computing and mobile?

Enterprise managers are somewhat mixed on that, though PGP, over two decades old, is so well known that Symantec, which dropped the PGP moniker in favor of "Symantec Encryption," still reminds everyone it's "powered by PGP technology." In addition, there's "OpenPGP," the IETF standard that was championed by Phil Zimmermann, that can be implemented by companies without licensing.

Symantec declines to discuss how many customers it has exactly in the PGP realm, but it does point out that Symantec has invested resources in developing what it inherited with PGP. For example, Symantec offers client app software for both Apple iOS and Google Android devices as part of its Desktop Email Encryption. Symantec says its email encryption encrypts e-mail directly from an end user machine. The result, according to Symantec, is encrypted mail is delivered directly to a user's device and they use the Symantec Mail Encryptor App to reply.

+Also on Network World: The weirdest, wackiest and coolest sci/tech stories of 2013 | The worst security SNAFUs of 2013 +

But despite this kind of PGP-related development work, one sticking point is managing the digital certificates needed for end-to-end encryption and decryption, especially when it comes to sharing files securely between two separate companies as outside business partners.

"It's too problematic," says Yuval Illuz, associate vice president and head of global infrastructure and IT operations at network equipment company ECI Telecom about digital certificate management among business partners. "It's not something you need today. You change suppliers all too often."

Illuz said his company has migrated off the PGP-based Symantec Encryption e-mail and filing sharing software that the firm once used for secure communications with business partners. Instead, ECI adopted a different type of exchange, the RSAccess product from Safe-T, in which two nodes are set up on each side of a firewall to support requests for sensitive data from suppliers, business partners and customers. It can also create directories for the cloud-based Dropbox service. Everything is encrypted but it doesn't depend on certificates, but strong passwords, to get information, he says.

But ECI is sticking with Symantec Encryption for some things, particularly for in-house use. "The laptop encryption for PGP, we are still using it," he says, expressing confidence about the security and manageability involved in it.

Since acquiring PGP, Symantec has released secure file-sharing with Dropbox in what it calls its File Share Encryption integration with Dropbox. Symantec says it works by simply checking a box in the management server so anything sent to Dropbox is automatically encrypted with the appropriate keys.

Not everyone, however, feels the need to migrate away from managing certificates with business partners.

Read the rest here:
'PGP' encryption has had stay-powering but does it meet today's enterprise demands?


« First...102030...2,4672,4682,4692,4702,471...2,4802,4902,500...Last »