Snowdon is a dummy

Primarily to entertain myself, but if I manage to lighten your load in the process, that's even better.

http://rt.com/usa/clarke-summit-encryption-standards-711/

The former cyber advisor under President George W. Bush had some harsh words for the United States National Security Agency during an address in California on Monday: "get out of the business of ******* with encryption standards.”

That was the recommendation that famed cyberczar Richard Clarke made while speaking earlier this week at the at the Cloud Security Alliance summit in San Francisco.

Clarke, 63, served as a counterterrorism advisor for President Bill Clinton in the 1990s and later assisted his successor, Mr. Bush, as the special advisor on cybersecurity for that administration through 2003. Most recently, though, Clarke was assigned to a five-person panel assembled by Pres. Obama late last year that was tasked with assessing the NSA’s operations in the midst of ongoing and ever-damaging leaks disclosed by former intelligence contractor Edward Snowden. In December, that group suggested 46 changes for the Obama administration to consider in order rein in the secretive spy agency.

Speaking during Monday’s conference, however, Clarke opened up about some of the more personal suggestions he has for the NSA, and even some insight about what the future may have in store for the agency if they continue to collect intelligence from seemingly all corners of the Earth.

"In terms of collecting intelligence, they are very good. Far better than you could imagine," Clarke said. "But they have created, with the growth of technologies, the potential for a police state."

"If you're not specific, an agency that bugs phones is going to bug phones," he added, according to the Tech Target blog, Search Security. "The NSA is an organization that's like a hammer, and everything looks like a nail."

Even if the NSA scales back such hacking operations in the future as Pres. Obama suggested and limits who the US targets and how, Clarke said during Monday’s address that another type of interference favored by the agency — influencing and intentionally degrading encryption standards — need to be scraped.

Since June, those Snowden leaks have exposed an array of previously covert NSA operations, including programs that put the emails of foreign leaders and phone data pertaining to millions of Americans into the hands of the US government. According to Clarke, though, the NSA’s handling of encryption standards — as exposed by Snowden — has serious repercussions.

In September, leaked documents courtesy of Mr. Snowden showed the NSA has invested millions of dollars to be able to decrypt “large amounts” of supposedly secure data, an operation that spies at Britain’s GCHQ called “an aggressive, multipronged effort to break widely used Internet encryption technologies.” Then in December, further Snowden documents showed that RSA, a private company considered a staple of the computer security industry, had secretly entered into a $10 million contract with the NSA to create a government-friendly “backdoor” in its products.

Because of the NSA’s efforts, Clarke said during Monday’s event, “the trust in encryption has been greatly eroded.”

“The encryption standards need to be trusted,” he said, according to Infosecurity Magazine. “The US government has to get out of the business of ******* around with encryption standards.”

“We need to rebuild the trust in encryption; we need to have the US government forced some way into ensuring this happens,” he said.

When Clarke and four other Obama-appointed experts weighed in on the NSA’s programs for the report released in December, the group said they were “unaware of any vulnerability created by the US government in generally available commercial software that puts users at risk of criminal hackers or foreign governments decrypting their data. Moreover, it appears that in the vast majority of generally used, commercially available encryption software, there is no vulnerability, or ‘backdoor,’ that makes it possible for the US government or anyone else to achieve unauthorized access.”

As part of the group’s recommendations, they advised that the NSA “not engineer vulnerabilities into the encryption algorithms that guard global commerce” and “not demand changes in any product by any vendor for the purpose of undermining the security or integrity of the product, or to ease NSA’s clandestine collection of information by users of the product.”

http://rt.com/usa/apple-nsa-ios-exploit-693/

Was the National Security Agency exploiting two just-discovered security flaws to hack into the iPhones and Apple computers of certain targets? Some skeptics are saying there is cause to be concerned about recent coincidences regarding the NSA and Apple.

Within hours of one another over the weekend, Apple acknowledged that it had discovered critical vulnerabilities in both its iOS and OSX operating systems that, if exploited correctly, would put thought-to-be-secure communications into the hands of skilled hackers.

“An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS,” the company announced.

Apple has since taken steps to supposedly patch up the flaw that affected mobile devices running its iOS operating system, such as iPhones, but has yet to unveil any fix for the OSX used by desktop and laptop computers. As experts investigated the issue through the weekend, though, many couldn’t help but consider the likelihood — no matter how modicum — that the United States’ secretive spy agency exploited those security flaws to conduct surveillance on targets.

On Saturday, Apple enthusiast and blogger John Gruber noted on his personal website that information contained within internal NSA documents leaked by former intelligence contractor Edward Snowden last year coincide closely with the release of the affected mobile operating system, iOS 6.

According to a NSA slideshow leaked by Mr. Snowden last June, the US government has since 2007 relied on a program named PRISM that enables the agency to collect data “directly from the servers” of Microsoft, Yahoo, Google, Facebook and others. The most recent addition to that list, however, was Apple, which the NSA said it was only able to exploit using PRISM since October 2012.

The affected operating system — iOS 6.0 — was released days earlier on September 24, 2012.

These facts, Gruber blogged, “prove nothing” and are “purely circumstantial.” Nevertheless, he wrote, “the shoe fits.”

With the iOS vulnerability being blamed on a single line of erroneous code, Gruber considered a number of possibilities to explain how that happened.

“Conspiratorially, one could suppose the NSA planted the bug, through an employee mole, perhaps. Innocuously, the Occam’s Razor explanation would be that this was an inadvertent error on the part of an Apple engineer,” he wrote.

“Once the bug was in place, the NSA wouldn’t even have needed to find it by manually reading the source code. All they would need are automated tests using spoofed certificates that they run against each new release of every OS. Apple releases iOS, the NSA’s automated spoofed certificate testing finds the vulnerability, and boom, Apple gets ‘added’ to PRISM.”

Gruber said he sees five possible scenarios, or “levels of paranoia,” as he put it:

Nothing. The NSA was not aware of this vulnerability.
The NSA knew about it, but never exploited it.
The NSA knew about it, and exploited it.
NSA itself planted it surreptitiously.
Apple, complicit with the NSA, added it.

Of course, Guber added, there is always the possibility that “this is all a coincidence.” He certainly wasn’t the only one to consider it, though.

“Again, all of this is circumstantial and speculative, and Apple has come out numerous times vehemently denying its involvement in any NSA program,” iDownloadblog’s Cody Lee wrote on Monday. “But the timing is rather odd, and it makes you wonder how such a serious bug went undiscovered for over a year.”

Indeed, Apple has since the start of the Snowden leaks adamantly fended off allegations concerning a possible collusion with the NSA. On December 31, 2013, the company even issued a statement insisting “Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone.”

“We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who's behind them,” Apple said then — nearly two months after acknowledging the major security vulnerability discovered last week.

At the time, though, Apple was responding to another serious allegation that, if correct, gives much more credence to the latest accusations. The Dec. 31 statement was sent hours after security researcher Jacob Appelbaum presented previously unpublished NSA slides at a hacking conference in Germany, including some where the spy agency boasted about being able to infiltrate any iPhone owned by a targeted person.

The NSA, Appelbaum said, “literally claim that any time they target an iOS device, that it will succeed for implantation.”

“Either they have a huge collection of exploits that work against Apple products — meaning they are hoarding information about critical systems American companies product and sabotaging them — or Apple sabotages it themselves.”

Last year, RT reported that the NSA entered into a contract in 2012 with VUPEN, a French security company that sells so-called 0-day exploits to governments and agencies so that vulnerabilities and flaws can be abused before the affected product’s owner is even made aware. It’s likely just another major coincidence that fits the timeframe eerily well, but that contract was signed only days before iOS 6 was released — and, coincidentally, days before the NSA boasted about being able to access Apple communications through its PRISM program.

http://reviews.cnet.com/8301-13970_7-57619430-78/facebooks-zuckerberg-sounds-off-again-about-nsa-scandal/

Facebook CEO Mark Zuckerberg is on a crusade to connect another billion people to the Internet. But the US government's spy scandal last year won't likely make those efforts any easier for the company, Zuckerberg said Monday during an interview at the Mobile World Congress trade show in Barcelona, Spain.
"It's not awesome for us," Zuckerberg admitted when asked a question by interviewer David Kirkpatrick, a technology journalist and author of the 2010 book "The Facebook Effect." Kirkpatrick, who was interviewing Zuckerberg as part of the afternoon keynote at MWC, asked him how leaked documents from former government contractor Edward Snowden suggesting that Facebook and other Internet companies were giving the US National Security Agency unfettered access to their servers has affected Facebook's relationships with communications companies and governments overseas.
stories

"The government blew it," he went on to say as he explained that he understands the government's responsibility to protect people. But he said the government also has a responsibility to be transparent about how it's keeping citizens safe.
He added, as he has stated publicly previously that the NSA was "way over the line" in terms of not being transparent enough.
"The NSA issues I think are real issues for American Internet companies," he said. "Trust is so important."
CNET's full coverage of Mobile World Congress
He said that he's heartened by the US government's recent efforts to be more open about the data it collects. But he says it should never have happened in the first place.
"They're only now starting to get to the range of where they should have been," he said. "This thing could have all been avoidable."
Facebook, along with several other Internet technology companies, was implicated this past summer when documents were leaked from the NSA suggesting that the companies had participated in a clandestine mass electronic surveillance data-mining program called PRISM, which was launched in 2007 by the NSA. Under the program, the government collects and stores Internet communications from companies like Facebook, Google, Apple, and others. These companies are required under the FISA Amendments Act of 2008 to turn over any data that matches court-approved search terms.
Zuckerberg has long denied that Facebook gives the government direct access to its servers. And he and several other CEOs from large Internet companies pushed back hard against the perception that his company was handing over massive amounts of personal information to the government. In September, Facebook joined Yahoo in filing a lawsuit asking the FISA court for permission to publish more detailed information about the data that is shared with the NSA.
In January, the Obama administration brokered a deal with Google, Microsoft, Facebook, and other technology firms that will allow the companies to disclose more information about the NSA surveillance requests that they receive targeting their users.
While the settlement is considered a big victory for the technology companies, many say it doesn't go far enough. Under the arrangement, companies can disclose in broad ranges the "number of national security orders and requests issued to communications providers, the number of customer accounts targeted under those orders and requests and the underlying legal authorities," Attorney General Eric Holder and Director of National Intelligence James Clapper said in a joint statement.
But the companies are still not able to give any specific information about the requests. Still, Facebook and others have backed off their push to get more information disclosed.
Judging from Monday's comments, it looks like Zuckerberg has not toned down his rhetoric though, as he continued to slam the government for going too far.
Topics:News, Carriers Tags:mwc2014

Apple has come out numerous times vehemently denying its involvement in any NSA program,”

Why would Apple feel the need to do that when Apisa is supporting the programs?

Of course not Frank as it made a great deal of sense to punish those who reveal serous wrong doing by government agents and agencies.

Anyone who dare to record and released videos of cops for example breaking into homes without warrants should be facing at least a decade in prison for doing so.

Too bad that NJ Governor Christie did not have a secret stamp for the documents concerning the closing of the bridge three lanes for that matter.

Or he should just stay in Russia...which he apparently considers a much freer country.

Odd comment from you . . .

Quote:

Or he should just stay in Russia...which he apparently considers a much freer country.

Odd comment from you as it been your position on this thread that freedom and living in a free society is a price we should not be willing to paid any longer and that we need to end such silly notions as the constitutional right to privacy in order to deal with some middle east terrorists.

In other word the nation you seems to wish to live in is very similar to the now Russian Republic IE a free nation and people in name only where the people not only have little control over the government but does not for the most part even know what the government is doing.

at's not very good squirming imo.