Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Re:They were doing in the late 1980's (Score 1) 81

The US can go back to Project MINARET http://en.wikipedia.org/wiki/P...
Project SHAMROCK http://en.wikipedia.org/wiki/P...
The US like the UK has always had an interest in all communications internally and beyond the USA, UK.
The good news is this is now in the open and generations of crypto experts can finally understand the collaboration between mil/gov and the big telcos.

Comment: Re:How can foreigners be charged under US law? (Score 1) 144

by AHuxley (#49389191) Attached to: Obama Authorizes Penalties For Foreign Cyber Attackers
The US gov reaches out to the bank used. If that bank fails to act then any other bank interconnects to the bank a person of interest uses become interesting.
The accounts are isolated. The bank used is isolated. Any other banks connecting to the bank with the account are isolated.
With the use of ideas like Section 311 the USA Patriot Act account holders and their banks can be traced.
The international financial system then has to select between that isolated bank or U.S. regulators.
The other option is to entice a person of interest to a third country to face rendition.

Comment: Re:Yeah , well ... (Score 1) 247

by AHuxley (#49388809) Attached to: NSA Worried About Recruitment, Post-Snowden
Re "Those with above secret clearance, who live normal lives, and those without it, who are lied to and treated like "
Thats the new security boondoggle that gets funding and contracts flowing. The seduction of needing a new security clearance.
People in the gov, mil and contractors have seen a huge expansion of their bureaucratic access under a "collect it all" system.
What has changed? The US domestic legal system has now seen more interest by the public asking basic privacy questions since the Church Committee/report days. https://en.wikipedia.org/wiki/...
A person looking to work for the gov/mil or as a contractor now fully understands that they will be working on domestic generational trap doors, back doors, in collaboration with the big domestic computer brands and with foreign powers.
Collect it all, sort it all. The domestic jobs are waiting... who did you spy on today?

Comment: The funding and the bureaucracy (Score 1) 49

by AHuxley (#49324011) Attached to: Nobody Is Sure What Should Count As a Cyber Incident
The "critical infrastructure results in operators overlooking weaknesses in their systems" is to be expected with the removal of local staff on site 24/7 replaced by automated or vast networked systems.
That reduced expensive union staff and allowed a smaller set of skilled workers to do the jobs of many. Great for profits as paying for less workers but the huge networks used might not always be dedicated and hardened or secure.
So vast amounts of maintenance, observation and operational use is expected to move along random networks.
In the past a real person doing shift work sat at a site and had control using a closed network. Now that network might reach a tri state area on many different networks with years of code and complexity.
The huge amounts of cash floating around after incidents is the new boondoggle. The networks need fixing, upgrading and a new cyber bureaucracy can point to cyber intrusions to get more political power, budget growth.
The real fix is in more maintenance, more staff and the correct use of real internal networks.
Working, well understood critical infrastructure is not difficult. Nations around the world can secure their own sites. Low quality networks over vast areas is not the best way to keep thinking about the issue.

Comment: Re:What are they looking for.... (Score 1) 103

by AHuxley (#49323897) Attached to: Finland To Fly "Open Skies" Surveillance Flight Over Russia
https://en.wikipedia.org/wiki/... is new but the idea goes back decades.
""mutual aerial observation" was initially proposed to Soviet Premier Nikolai Bulganin at the Geneva Conference of 1955 by President Dwight D. Eisenhower"
So the use flights can have "video, optical panoramic and framing cameras for daylight photography, infra-red line scanners for a day/night capability, and synthetic aperture radar for a day/night all weather capability" with 'Imagery resolution is limited to 30 centimetres".
So what can been seen helps "enhance mutual understanding and confidence by giving all participants".
"international efforts to date promoting openness and transparency of military forces and activities" is another way of saying counting what is out in the open.
Tanks in rows, aircraft parked, sites of interest. An old idea, many normal flights other the years by different nations. Nothing really new or interesting since the 1990's for Open Skies.
Lots of nations also use the international airspace for complex spy flights as they have done since the 1950's.

Comment: Re:As long as I am free.... (Score 2) 107

re " I am legally required to install a backdoor onto my network and computers in order to get any online connectivity at all."
The products that ship from the big international brands seems to be helping with the decades of tame crypto, telco networks and junk standards.
The UK has a long history of that going back to ww1, ww2, Ireland and for domestic issues.
All a person can do is be aware of the quality of crypto offered to the public, the OS and telco network collaboration.
The backdoors and trapdoors are installed by default by the brand offering the products or services.

Comment: Re:how about an NSA honeypot? (Score 1) 296

by AHuxley (#49296015) Attached to: To Avoid NSA Interception, Cisco Will Ship To Decoy Addresses
A lot of nations will bait the Western networks with Operation Mincemeat http://en.wikipedia.org/wiki/O...
or Operation Fortitude http://en.wikipedia.org/wiki/O...
With Western signals intelligence been so good, automated and in everything as shipped, why not just have crews feeding the networks from vast fake bureaucracies using trusted US branded computer imports.
The West needs, wants and has enjoyed total signals intelligence over the decades, why not just create a digital network just to feed the US and UK with 24/7?
Lots of internal digital chatter about a few billions $ in contracts could be created. Load it up with hints about what China, Russia and the EU can offer :)

+ - UK GCHQ spy agencies admits to using vulnerabilities to hack target systems

Submitted by Bismillah
Bismillah (993337) writes "Lawyers for the GCHQ have told the Investigatory Powers Tribunal in the UK that the agency carries out the same illegal Computer Network Exploitation (CNE) operations that criminals and hackers do. Except they do it legally. GCHQ is currently being taken to court by Privacy International and five ISPs from UK, Germany, the Netherlands, Zimbabwe and South Korea for CNE operations that the agency will not confirm nor deny as per praxis."

Comment: Re: Why So Important (Score 1) 214

by AHuxley (#49287841) Attached to: The GNU Manifesto Turns Thirty
It not hard to be keep reading on what the security services have done to crypto, compliers, shipped hardware, OS, telcos and networks.
The big brands are helping, not able to fix, do not want to fix or in collaboration with the security services to ship tame, back door, trap door products.
If the shipped, offered or rented compiler is adding extra code or making applications that are open to network intrusion then people can also select other more tested products.
Divest from the tame big brand junk. Start looking for and helping better products.

+ - Security Enthusiast Finds Certificate Loophole, Tries To Report It, Gets Trouble->

Submitted by itwbennett
itwbennett (1594911) writes "After a security enthusiast, a Finnish man who works as an IT manager for a company in the industrial sector, discovered a loophole that allowed him to register a valid SSL certificate for Microsoft’s live.fi domain, he tried to responsibly disclose the issue. But instead of thanks he got locked out of his email, phone, Xbox and online storage accounts. 'Through our own investigations, independent from the researcher, we identified and have fixed the misconfiguration that was allowing people to create accounts reserved for Microsoft’s use,' a Microsoft representative told the IDG New Service via email Wednesday."
Link to Original Source

Comment: Re:Paranoia intensifies (Score 1) 93

Re" That makes me sad because I work with these tools. I can assume my systems are all pwned at this point and act accordingly..."
Yes write any messages on paper, covert to a one time pad and then enter that into the compromised hardware, software, OS, crypto and network.
Consider future hardware and software buying re tame brands and their help with the world wide wiretap.

Comment: Re:So, what happens if it's in a foreign country? (Score 2) 79

by AHuxley (#49272833) Attached to: Judicial Committee Approves FBI Plan To Expand Hacking Powers
It depends on who can be found to enter a computer network?
Another group could be used as a cut out to act as an internet agent provocateur.
A charismatic leader in a chatroom could be anyone who has a suggestion. The data ends up with gov handlers who turned or created the "group" used.

Never say you know a man until you have divided an inheritance with him.

Working...