recentpopularlog in


« earlier   
James Clapper's testimony one year later | PolitiFact
The challenge in discerning whether those with privileged information, particularly on matters of national security, are speaking truthfully in public is a difficult, if not impossible, task.
nsa  jamesclapper  edsnowden 
yesterday by pavellawrence
Barack Obama's team secretly disclosed years of illegal NSA searches spying on Americans
The National Security Agency under former President Barack Obama routinely violated American privacy protections while scouring through overseas intercepts and failed to disclose the extent of the…
obama  nsa 
2 days ago by kger
NSA deleted surveillance data it pledged to preserve - POLITICO
The agency tells a federal judge that it is investigating and 'sincerely regrets its failure.'
nsa  surveillance 
2 days ago by kger
NSA Deletes 'Honesty' and 'Openness' From Core Values - Slashdot
An anonymous shares a report: The National Security Agency maintains a page on its website that outlines its mission statement. But earlier this month, the agency made a discreet change: It removed "honesty" as its top priority. Since at least May 2016, the surveillance agency had featured honesty a...
nsa  surveillance 
2 days ago by kger
How Israel Caught Russian Hackers Scouring the World for U.S. Secrets - The New York Times
Israeli hacking team discovers Russia hackers’ use of Kaspersky antivirus software to steal USA agency secrets: antivirus software “the perfect tool”
hacker  team  israel  computer  security  antivirus  backdoor  usa  spy  agency  cia  nsa  fbi  russia  2017  q3  espionage  expose 
6 days ago by csrollyson
NSA Laughs at PCs, Prefers Hacking Routers and Switches | WIRED
The NSA's focus on routers highlights an often-overlooked attack vector with huge advantages for the intruder, says Marc Maiffret, chief technology officer at security firm Beyond Trust. Hacking routers is an ideal way for an intelligence or military agency to maintain a persistent hold on network traffic because the systems aren't updated with new software very often or patched in the way that Windows and Linux systems are.

But if Lynn knew about the vulnerability, there were likely others who did as well – including intelligence agencies and criminal hackers.

Source code for Cisco's IOS has been stolen at least twice, either by entities who were interested in studying the software to gain a competitive advantage or to uncover vulnerabilities that would allow someone to hack or control them.
cybersecurity  router  routers  nsa  backdoor  2013 
17 days ago by bwiese
It doesn't matter if the NSA planted the Juniper backdoor - The Verge
Different clues point to China, the UK, or America's NSA, which is closely linked with the random-number generator used in the backdoor — but so far, no one has found a firm link to any of the agencies.
backdoor  router  routers  juniper  cybersecurity  vpn  nsa  china 
17 days ago by bwiese
Juniper ScreenOS Backdoor Password | Threatpost | The first stop for security news
Fox-IT and Rapid7 found the secret code, which was disguised to look like debug code, said Rapid7 chief research officer HD Moore.

In December 2013, Reuters alleged in a report that RSA Security was paid $10 million in a secret contract with the NSA to use Dual_EC which the spy agency could easily crack.
router  vpn  backdoor  juniper  cybersecurity  nsa 
17 days ago by bwiese
New Discovery Around Juniper Backdoor Raises More Questions About the Company | WIRED
This malicious code was particularly concerning because one of the backdoors, which had gone undetected in the software since 2012, could be exploited for the purposes of decrypting protected data passing through the VPN, or virtual private network, in Juniper NetScreen firewalls.

But since that revelation, Juniper—whose customers include AT&T, Verizon, NATO and the US government—has refused to answer any questions about the backdoor, leaving everyone in the dark about a number of things. Most importantly, Juniper hasn't explained why it included an encryption algorithm in its NetScreen software that made the unauthorized party's backdoor possible. The algorithm in question is a pseudo-random number generator known as Dual_EC, which the security community had long warned was insecure and could be exploited for use as a backdoor. Whoever created the backdoor in Juniper's software did exactly this, hijacking the insecure Dual_EC algorithm to make their secret portal work.
backdoor  router  vpn  routers  juniper  nsa  crypto  cybersecurity 
17 days ago by bwiese
Juniper's VPN backdoor: buggy code with a dose of shady NSA crypto | PCWorld
According to further analysis by Ralf-Philipp Weinmann, founder and CEO of German security consultancy firm Comsecuris, that parameter turned out to be Q, one of two constants -- P and Q -- that are used by the Dual_EC random number generator (RNG).

Dual_EC was standardized by the U.S. National Institute of Standards and Technology (NIST) in 2007 after being championed by the U.S. National Security Agency, which played an important role in its development. Shortly after, Dan Shumow and Neils Ferguson, two researchers from Microsoft, disclosed a major weakness in the standard that could serve as a backdoor.

"Omitting the mathematics, the short version is that Dual EC relies on a special 32-byte constant called Q, which -- if generated by a malicious attacker -- can allow said attacker to predict future outputs of the RNG after seeing a mere 30 bytes of raw output from your generator," said Matthew Green, a cryptographer and assistant professor at Johns Hopkins University, in a blog post Tuesday.
vpn  juniper  routers  backdoor  cybersecurity  nsa  crypto 
17 days ago by bwiese
‘Bitcoin is #1 priority’: NSA targeted cryptocurrency users globally, Snowden leaks show — RT US News
Part of this effort involved tricking targets into using privacy software that was actually funneling information directly to the agency.
nsa  bitcoin  snowden 
19 days ago by foliovision
Surprise, surprise: my online metadata actually reveals where I’ve been | Ars Technica
the Sun article might be gone, but there are literally hundreds of pages on the internet discussing Thinthread and Trailblazer. Gorman's source was a top NSA executive named Thomas Drake, who was later arrested and threatened with 30 years in prison for giving information to her, and several of his friends were raided by the FBI, including a congressional staffer. They have all appeared in the media, written articles, etc.
privacy  nsa  snowden 
19 days ago by foliovision
Spy University: How Intelligence Agencies Recruit Their Next Generation - WhoWhatWhy
CIA, FBI, and Foreign Governments Recruit Tomorrow’s Spies at US Universities
During the Cold War, our elite universities were a breeding ground for future spies. Schools like Yale and Harvard provided some of the “best and the brightest” to America’s intelligence agencies.
Today, the CIA and FBI are using college campuses once again to gain new recruits in the global war for clandestine information and technology. These government agencies, in many instances, are working with the full support and blessing of professors and often top university administrators, who rely on both government contracts and the maximum revenue that comes from over one million international students in US universities.    
According to Pulitzer Prize-winning reporter Daniel Golden, the efforts range from small colleges to large state universities to Ivy League institutions. In fact, Golden tells Jeff Schechtman in this week’s WhoWhatWhy podcast that Harvard’s Kennedy School of Government is one of the places where spies are most actively recruited.
In addition, foreign governments see US universities as an almost unlimited reservoir for obtaining intelligence and for recruiting vulnerable students who are in need of money, filled with innocence, and/or ideologically confused.   
gov2.0  CIA  FBI  NSA  spying  university  podcast  transcript 
22 days ago by rgl7194

Copy this bookmark:

to read