Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: The funding and the bureaucracy (Score 1) 49

by AHuxley (#49324011) Attached to: Nobody Is Sure What Should Count As a Cyber Incident
The "critical infrastructure results in operators overlooking weaknesses in their systems" is to be expected with the removal of local staff on site 24/7 replaced by automated or vast networked systems.
That reduced expensive union staff and allowed a smaller set of skilled workers to do the jobs of many. Great for profits as paying for less workers but the huge networks used might not always be dedicated and hardened or secure.
So vast amounts of maintenance, observation and operational use is expected to move along random networks.
In the past a real person doing shift work sat at a site and had control using a closed network. Now that network might reach a tri state area on many different networks with years of code and complexity.
The huge amounts of cash floating around after incidents is the new boondoggle. The networks need fixing, upgrading and a new cyber bureaucracy can point to cyber intrusions to get more political power, budget growth.
The real fix is in more maintenance, more staff and the correct use of real internal networks.
Working, well understood critical infrastructure is not difficult. Nations around the world can secure their own sites. Low quality networks over vast areas is not the best way to keep thinking about the issue.

Comment: Re:What are they looking for.... (Score 1) 103

by AHuxley (#49323897) Attached to: Finland To Fly "Open Skies" Surveillance Flight Over Russia
https://en.wikipedia.org/wiki/... is new but the idea goes back decades.
""mutual aerial observation" was initially proposed to Soviet Premier Nikolai Bulganin at the Geneva Conference of 1955 by President Dwight D. Eisenhower"
So the use flights can have "video, optical panoramic and framing cameras for daylight photography, infra-red line scanners for a day/night capability, and synthetic aperture radar for a day/night all weather capability" with 'Imagery resolution is limited to 30 centimetres".
So what can been seen helps "enhance mutual understanding and confidence by giving all participants".
"international efforts to date promoting openness and transparency of military forces and activities" is another way of saying counting what is out in the open.
Tanks in rows, aircraft parked, sites of interest. An old idea, many normal flights other the years by different nations. Nothing really new or interesting since the 1990's for Open Skies.
Lots of nations also use the international airspace for complex spy flights as they have done since the 1950's.

Comment: Re:As long as I am free.... (Score 2) 107

re " I am legally required to install a backdoor onto my network and computers in order to get any online connectivity at all."
The products that ship from the big international brands seems to be helping with the decades of tame crypto, telco networks and junk standards.
The UK has a long history of that going back to ww1, ww2, Ireland and for domestic issues.
All a person can do is be aware of the quality of crypto offered to the public, the OS and telco network collaboration.
The backdoors and trapdoors are installed by default by the brand offering the products or services.

Comment: Re:how about an NSA honeypot? (Score 1) 296

by AHuxley (#49296015) Attached to: To Avoid NSA Interception, Cisco Will Ship To Decoy Addresses
A lot of nations will bait the Western networks with Operation Mincemeat http://en.wikipedia.org/wiki/O...
or Operation Fortitude http://en.wikipedia.org/wiki/O...
With Western signals intelligence been so good, automated and in everything as shipped, why not just have crews feeding the networks from vast fake bureaucracies using trusted US branded computer imports.
The West needs, wants and has enjoyed total signals intelligence over the decades, why not just create a digital network just to feed the US and UK with 24/7?
Lots of internal digital chatter about a few billions $ in contracts could be created. Load it up with hints about what China, Russia and the EU can offer :)

+ - UK GCHQ spy agencies admits to using vulnerabilities to hack target systems

Submitted by Bismillah
Bismillah (993337) writes "Lawyers for the GCHQ have told the Investigatory Powers Tribunal in the UK that the agency carries out the same illegal Computer Network Exploitation (CNE) operations that criminals and hackers do. Except they do it legally. GCHQ is currently being taken to court by Privacy International and five ISPs from UK, Germany, the Netherlands, Zimbabwe and South Korea for CNE operations that the agency will not confirm nor deny as per praxis."

Comment: Re: Why So Important (Score 1) 214

by AHuxley (#49287841) Attached to: The GNU Manifesto Turns Thirty
It not hard to be keep reading on what the security services have done to crypto, compliers, shipped hardware, OS, telcos and networks.
The big brands are helping, not able to fix, do not want to fix or in collaboration with the security services to ship tame, back door, trap door products.
If the shipped, offered or rented compiler is adding extra code or making applications that are open to network intrusion then people can also select other more tested products.
Divest from the tame big brand junk. Start looking for and helping better products.

+ - Security Enthusiast Finds Certificate Loophole, Tries To Report It, Gets Trouble->

Submitted by itwbennett
itwbennett (1594911) writes "After a security enthusiast, a Finnish man who works as an IT manager for a company in the industrial sector, discovered a loophole that allowed him to register a valid SSL certificate for Microsoft’s live.fi domain, he tried to responsibly disclose the issue. But instead of thanks he got locked out of his email, phone, Xbox and online storage accounts. 'Through our own investigations, independent from the researcher, we identified and have fixed the misconfiguration that was allowing people to create accounts reserved for Microsoft’s use,' a Microsoft representative told the IDG New Service via email Wednesday."
Link to Original Source

Comment: Re:Paranoia intensifies (Score 1) 93

Re" That makes me sad because I work with these tools. I can assume my systems are all pwned at this point and act accordingly..."
Yes write any messages on paper, covert to a one time pad and then enter that into the compromised hardware, software, OS, crypto and network.
Consider future hardware and software buying re tame brands and their help with the world wide wiretap.

Comment: Re:So, what happens if it's in a foreign country? (Score 2) 79

by AHuxley (#49272833) Attached to: Judicial Committee Approves FBI Plan To Expand Hacking Powers
It depends on who can be found to enter a computer network?
Another group could be used as a cut out to act as an internet agent provocateur.
A charismatic leader in a chatroom could be anyone who has a suggestion. The data ends up with gov handlers who turned or created the "group" used.

Comment: Re:What puzzles me is... (Score 1) 140

by AHuxley (#49272813) Attached to: How Police Fight To Keep Use of Stingrays Secret
Consider the origins, contractors, new cash flows and other cell projects in the USA
CIA Worked With DOJ To Re-Purpose Foreign Surveillance Airborne Cell Tower Spoofers For Domestic Use (2015/03/10)
https://www.techdirt.com/artic...
"developed technology to locate specific cellphones in the U.S. through an airborne device that mimics a cellphone tower"
Products and services that was in use during the occupations and in other roles in South America are now back for domestic use and funding.
The only puzzle is how to keep the funding flowing at a city and state level.

Comment: Re:4 words (Score 1) 140

by AHuxley (#49272781) Attached to: How Police Fight To Keep Use of Stingrays Secret
If a journalist, citizen journalist, local lawyer gets to near some local towns paper, digital records about the costs or use of a device...
A Freedom of Information Act cant find records that got moved around the USA that night :)
Walk in requests by journalists, citizen journalists, local lawyers could find hardware funding or upgrade requests in that community.

A committee is a group that keeps the minutes and loses hours. -- Milton Berle

Working...