Forgot your password?

Comment: Re:...and this is our cue... (Score 1) 188

by AHuxley (#46812649) Attached to: Eyes Over Compton: How Police Spied On a Whole City
Re What did governments get from harassing MLK, OWS, anti-war protestors, or any of the other hundreds of millions of people that were abused by governments throughout history?
Thats the fun next step. With tech like this you get every licence plate, passengers face, drivers face 24/7, cell numbers called, cell phone details in any area depending on a few main roads in and out of a community, protest area or meeting.
Private/public CCTV network sharing fills in more gaps.
Then the State or Federal gov can wonder how long they can keep the data for.. months, years, tens of years? If there is a limit in place, get the private sector to share/collect/sort it.
In the past agencies would have to be photographing, walking local car parks-noting plates, sitting in on political meetings.
Now the data just collects itself with no real legal limits other than "parallel construction" efforts.

Comment: Re:Hardware backdoors in the actual CPUs ? (Score 1) 234

by AHuxley (#46812557) Attached to: Intentional Backdoor In Consumer Routers Found
Re "Is there any evidence that anyone has been stupid enough to implement such hardware back doors in general purpose CPUs ?"
Think of more all the helper ports/chips/"cards" around the cpu and thier way back to stored data/keystorkes on an average consumer motherboard.
Wireless, networking are all part of a deeper complex hardware/software mix that an average OS may not be watching in real time.
Also recall different next gen wake for remote network even if turned off (vs unplugged with no power).
A lot of consumer products could have ways in. If not the NSA (Tailored Access Operations) just holds your next hardware upgrade shipment for a few hours and its all set.
The good thing is after Snowden more people are thinking, looking and asking real questions for the first time in a generation.

Comment: Re:NSA is so annoyed right now (Score 1) 59

by AHuxley (#46797593) Attached to: Heartbleed Used To Bypass 2-Factor Authentication, Hijack User Sessions
Re Somebody would have caught the unusual requests.
If a gov wants to sit between you and your site, the logs of your site would reflect whatever the gov wants.
They have man in the middle, fake sites and efforts like TURBINE would show very little skilled, attentive admins.

Comment: Re:Why is this "News For Nerds" (Score 1) 234

by AHuxley (#46797575) Attached to: Russia Writes Off 90 Percent of North Korea Debt
Expect to see a lot more stories like this ie "Availability of Public Diplomacy Program Material Within the United States"
Most of this kind of news was run by the US gov around the world but not for US domestic consumption.
The limits on this kind of gov backed PR, spin within the US ie the Smith-Mundt Act are now lifted.
The sock puppets and public diplomacy types will be flooding US news sites with this kind of material as stories and then shaping comments.

Comment: Re:we already have that and do it every day (Score 2) 50

by AHuxley (#46793799) Attached to: Bookies Predict the Future of Tech
Re AC Citation needed. about the "This is less rigged and better regulated."
"The Vampire Squid Strikes Again: The Mega Banks' Most Devious Scam Yet" (Feb 12, 2014)
Everything Is Rigged: The Biggest Price-Fixing Scandal Ever (April 25, 2013)
an easy understand insight into the aspect of the average person having a equal go.

Comment: Re:Good luck with that (Score 1) 220

by AHuxley (#46793111) Attached to: California Utility May Replace IT Workers with H-1B Workers
Re Has anyone, anywhere, seen an instance where a move like this actually works out well?
Think of the banana republic model and the way the USA looked after South and Central America over many decades.
Experts arrived, products and services where imported, the raw materials where exported and local wages kept down.
Shareholders in the US got to enjoy generational wealth and their `"trust" funds grew.
The system works great, you just have to adjust to the role of seasonal shanty town worker or at best an on call technician - local middle class engineering is just too costly in todays networked world.

Comment: Re:Combination of both (Score 1) 220

by AHuxley (#46793065) Attached to: California Utility May Replace IT Workers with H-1B Workers
Its happens in a lot of US sectors from mil to computers to support.
You set up a 100% US based firm to lobby for and sign off on US work, all the US legal needs, US contracting, US academic. State/federal US requirements are met.
At the back end is massive complex reality of a 24/7 cost saving outsourcing/offshoring service.
A massive reduction in US costs, a massive flow of long term cash out of the US for decades services all via a 100% Made in the USA success story.

Comment: Re:It's time we own up to this one (Score 3, Informative) 149

by AHuxley (#46730655) Attached to: NSA Allegedly Exploited Heartbleed
Re even qualified to implement protocols like this. Thats a very interesting point. How many have their tools of the trade via a top university settings and a security clearance option and dependant funding.
Once you start down the math path the classes get smaller and fewer stay for needed years vs lure of private sector telco or unrelated software work.
Most nations really do produce very few with the skills and keep them very happy.
Trips, low level staff to help, good funding, guidance, friendships all just seem to fall into place.
Bringing work home and helping open source could be seen as been an issue later vs students or team members who did open source games or made apps.

Comment: Re:Allegedly? (Score 2) 149

by AHuxley (#46730541) Attached to: NSA Allegedly Exploited Heartbleed
Re how did nobody else find out about this until now?
The same reason NATO and other US allies did not understand the NSA Martin and Mitchell defection in 1960 with the press conference saying:
"As we know from our previous experience working at N.S.A., the United States successfully reads the secure communications of more than forty nations, including its own allies."
Embassies, govs and firms went on using the same junk standard crypto hardware over decades of revisions. Some even got to re read their own secure embassy communications 'leaked' to the Western press.
There seems to be something missing on the story of gov, staff and developers when it comes to crypto products.
Skilled EU gov experts handing their own political leaders broken crypto that 5++ other nations can break seems too good to be true over generations.
Junk in the hardware decades, junk in the software decades all for speed, interoperability and after a good sales pitch?
Or a lot of skilled people around the world know and just tell their respective govs to bait the junk communications networks until US political leaders speak out.

Comment: Re:Conflict of interest (Score 2) 149

by AHuxley (#46730409) Attached to: NSA Allegedly Exploited Heartbleed
Re How do you propose to separate them? Offense and defense are not really two separate things; if you can do one, you can do the other.
Think back to past presidents views on parts of the the US intelligence community.
JKF had is views on the CIA after the Bay of pigs.
Rockefeller Commission, Church Committee, Pike Committee, Murphy Commission, the Select Committee on Intelligence and the Directorate of Operations events in 1977. The domestic activities, human experimentation issues and need for a ban on assassinations all became public. The CIA changed to technical collection removing a lot of staff.
Then you had joys of the Iran-Contra Affair then onto Intelligence Authorization Act.
The NSA could face the same path due to the loud, public domestic activities around U.S. citizens and persons with U.S. permanent residence. A return to its classic quiet support role around the world vs its new emerging need to play a role or say in offensive direct action roles.
The GCHQ had it right - stay hidden, build a vast tech, political and staff foundation going back generations and never comment on very much.
Recall the end of the Clipper conversations the US gov had with the public over role of US code experts and US exports?
In the end it seemed you could have any crypto you wanted at any price or for free....
The "separate" has to come back to protecting U.S. citizens from a vast life long domestic spying program and global junk US crypto standards.

Google News Sci Tech: NSA denies report that it knew about Heartbleed from the start [Updated] - Ars T->

From feed by feedfeeder

Ars Technica

NSA denies report that it knew about Heartbleed from the start [Updated]
Ars Technica
Citing two anonymous sources “familiar with the matter,” Bloomberg News reports that the National Security Agency has known about Heartbleed, the security flaw in the OpenSSL encryption software used by a majority of websites and a multitude of other...
NSA Denies Report It Knew About And Exploited Heartbleed For YearsForbes
NSA Denies Exploiting Heartbleed for Surveillance PurposesPC Magazine
NSA denies report it exploited Heartbleed for yearsUSA TODAY
Reuters-San Jose Mercury News-Wired
all 2,941 news articles

Link to Original Source

Passwords are implemented as a result of insecurity.