×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

  • The Dismal State of SATCOM Security

    An anonymous reader writes "Satellite Communications (SATCOM) play a vital role in the global telecommunications system, but the security of the devices used leaves much to be desired. The list of security weaknesses IOActive found while analyzing and reverse-engineering firmware used on the most widely deployed Inmarsat and Iridium SATCOM terminals does not include only design flaws but also features in the devices themselves that could be of use to attackers. The uncovered vulnerabilities include multiple backdoors, hardcoded credentials, undocumented and/or insecure protocols, and weak encryption algorithms. These vulnerabilities allow remote, unauthenticated attackers to compromise the affected products. In certain cases no user interaction is required to exploit the vulnerability; just sending a simple SMS or specially crafted message from one ship to another ship would be successful for some of the SATCOM systems."

    51 comments | yesterday

  • Snowden Used the Linux Distro Designed For Internet Anonymity

    Hugh Pickens DOT Com writes: "When Edward Snowden first emailed Glenn Greenwald, he insisted on using email encryption software called PGP for all communications. Now Klint Finley reports that Snowden also used The Amnesic Incognito Live System (Tails) to keep his communications out of the NSA's prying eyes. Tails is a kind of computer-in-a-box using a version of the Linux operating system optimized for anonymity that you install on a DVD or USB drive, boot your computer from and you're pretty close to anonymous on the internet. 'Snowden, Greenwald and their collaborator, documentary film maker Laura Poitras, used it because, by design, Tails doesn't store any data locally,' writes Finley. 'This makes it virtually immune to malicious software, and prevents someone from performing effective forensics on the computer after the fact. That protects both the journalists, and often more importantly, their sources.'

    The developers of Tails are, appropriately, anonymous. They're protecting their identities, in part, to help protect the code from government interference. 'The NSA has been pressuring free software projects and developers in various ways,' the group says. But since we don't know who wrote Tails, how do we know it isn't some government plot designed to snare activists or criminals? A couple of ways, actually. One of the Snowden leaks show the NSA complaining about Tails in a Power Point Slide; if it's bad for the NSA, it's safe to say it's good for privacy. And all of the Tails code is open source, so it can be inspected by anyone worried about foul play. 'With Tails,' say the distro developers, 'we provide a tongue and a pen protected by state-of-the-art cryptography to guarantee basic human rights and allow journalists worldwide to work and communicate freely and without fear of reprisal.'"

    167 comments | 2 days ago

  • Guardian and WaPo Receive Pulitzers For Snowden Coverage

    Late Yesterday, the Pulitzer Prize board announced (PDF) the 2014 Pulitzer Prize winners. The public service prize was awarded to the Guardian and the Washington Post. The Washington Post was given the award for its role in revealing widespread surveillance by the NSA, "...marked by authoritative and insightful reports that helped the public understand how the disclosures fit into the larger framework of national security," and the Guardian for sparking "...a debate about the relationship between the government and the public over issues of security and privacy." Snowden released a statement praising the Pulitzer board: "Today's decision is a vindication for everyone who believes that the public has a role in government. We owe it to the efforts of the brave reporters and their colleagues who kept working in the face of extraordinary intimidation, including the forced destruction of journalistic materials, the inappropriate use of terrorism laws, and so many other means of pressure to get them to stop what the world now recognizes was work of vital public importance. This decision reminds us that what no individual conscience can change, a free press can. "

    78 comments | 2 days ago

  • Obama Says He May Or May Not Let the NSA Exploit the Next Heartbleed

    An anonymous reader writes "The White House has joined the public debate about Heartbleed. The administration denied any prior knowledge of Heartbleed, and said the NSA should reveal such flaws once discovered. Unfortunately, this statement was hedged. The NSA should reveal these flaws unless 'a clear national security or law enforcement need' exists. Since that can be construed to apply to virtually any situation, we're left with the same dilemma as before: do we take them at their word or not? The use of such an exploit is certainly not without precedent: 'The NSA made use of four "zero day" vulnerabilities in its attack on Iran's nuclear enrichment sites. That operation, code-named "Olympic Games," managed to damage roughly 1,000 Iranian centrifuges, and by some accounts helped drive the country to the negotiating table.' A senior White House official is quoted saying, 'I can't imagine the president — any president — entirely giving up a technology that might enable him some day to take a covert action that could avoid a shooting war.'" Side note: CloudFlare has named several winners in its challenge to prove it was possible to steal private keys using the Heartbleed exploit.

    134 comments | 4 days ago

  • NSA Allegedly Exploited Heartbleed

    squiggleslash writes: "One question arose almost immediately upon the exposure of Heartbleed, the now-infamous OpenSSL exploit that can leak confidential information and even private keys to the Internet: Did the NSA know about it, and did they exploit if so? The answer, according to Bloomberg, is 'Yes.' 'The agency found the Heartbeat glitch shortly after its introduction, according to one of the people familiar with the matter, and it became a basic part of the agency's toolkit for stealing account passwords and other common tasks.'" The NSA has denied this report. Nobody will believe them, but it's still a good idea to take it with a grain of salt until actual evidence is provided. CloudFlare did some testing and found it extremely difficult to extract private SSL keys. In fact, they weren't able to do it, though they stop short of claiming it's impossible. Dan Kaminsky has a post explaining the circumstances that led to Heartbleed, and today's xkcd has the "for dummies" depiction of how it works. Reader Goonie argues that the whole situation was a failure of risk analysis by the OpenSSL developers.

    149 comments | about a week ago

  • Double Take: Condoleezza Rice As Dropbox's Newest Board Member

    Condoleezza Rice, Secretary of State under George W. Bush, and defender of Bush-era (and onward) policies about surveillance by wiretapping and other means, has landed at an interesting place: she's just become a part of the small board at Dropbox. TechDirt calls the appointment "tone deaf," and writes "At a time when people around the globe are increasingly worried about American tech firms having too close a connection to the intelligence community, a move like this seems like a huge public relations disaster. While Rice may be perfectly qualified to hold the role and to help Dropbox with the issues it needs help with, it's hard not to believe that there would be others with less baggage who could handle the job just as well." Some people are doing more than looking for an alternative for themselves, too, as a result.

    313 comments | about a week ago

  • In-Flight Wi-Fi Provider Going Above and Beyond To Help Feds Spy

    An anonymous reader sends in a report from Wired that GoGo, a company the provides in-flight Wi-Fi access to airline passengers, seems to be making every effort to assist law enforcement agencies with wiretaps. From the article: "Gogo and others that provide Wi-Fi aboard aircraft must follow the same wiretap provisions that require telecoms and terrestrial ISPs to assist U.S. law enforcement and the NSA in tracking users when so ordered. But they may be doing more than the law requires. According to a letter (PDF) Gogo submitted to the Federal Communications Commission, the company voluntarily exceeded the requirements of the Communications Assistance for Law Enforcement Act, or CALEA, by adding capabilities to its service at the request of law enforcement. The revelation alarms civil liberties groups, which say companies should not be cutting deals with the government that may enhance the ability to monitor or track users."

    78 comments | about a week ago

  • Snowden: NSA Spied On Human Rights Workers

    Hugh Pickens DOT Com writes: "The Guardian reports that according to Edward Snowden, the NSA has spied on the staff of prominent human rights organizations like Amnesty International and Human Rights Watch. 'The NSA has specifically targeted either leaders or staff members in a number of civil and non-governmental organizations including domestically within the borders of the United States.' Snowden, addressing the Council of Europe in Strasbourg, said he did not believe the NSA was engaged in 'nightmare scenarios,' such as the active compilation of a list of homosexuals 'to round them up and send them into camps.' But he did say that the infrastructure allowing this to happen had been built.

    Snowden made clear that he believed in legitimate intelligence operations but said the NSA should abandon its electronic surveillance of entire civilian populations. Instead, Snowden said, it should go back to the traditional model of eavesdropping against specific targets, such as 'North Korea, terrorists, cyber-actors, or anyone else.' Snowden also urged members of the Council of Europe to encrypt their personal communications and said that encryption, used properly, could still withstand 'brute force attacks' from powerful spy agencies and others. 'Properly implemented algorithms backed up by truly random keys of significant length all require more energy to decrypt than exists in the universe.'"

    230 comments | about two weeks ago

  • Edward Snowden and Laura Poitras Win Truth-Telling Award

    An anonymous reader writes with news that Snowden has received the Ridenhour Truth-Telling award. From the announcement: "We have selected Edward Snowden and Laura Poitras for their work in exposing the NSA's illegal and unconstitutional bulk collection of the communications of millions of people living in the United States. Their act of courage was undertaken at great personal risk and has sparked a critical and transformative debate about mass surveillance in a country where privacy is considered a constitutional right." The award will be presented at the National Press Club. It is hoped that Snowden and Poitras will be able to appear remotely (Poitras is in effective exile in Berlin). In related news, the ACLU has indexed all publicly released documented leaked by Snowden. You can even full-text search them.

    123 comments | about two weeks ago

  • U.S. Supreme Court Declines To Rule On Constitutionality of Bulk Surveillance

    An anonymous reader writes "On Monday, the U.S. Supreme Court declined to rule on the constitutionality of the National Security Agency's bulk acquisition and storage of phone record metadata. The petition (PDF) for a Supreme Court ruling was submitted as a result of U.S. District Judge Richard Leon staying his ruling (PDF), pending an appeal, in a suit in which he concluded that collection of phone metadata without probable cause violated the Fourth Amendment. The plaintiffs had bypassed the federal appeals court and applied directly to the high court, given Judge Leon's admission that the case had significant national security interests at stake. The Supreme Court's decision not to rule on the case means that an appeal will need to be submitted to the federal appeals court as per protocol, but there is speculation that the mass surveillance issue will likely be addressed in the legislative and executive branches of government before the judicial branch weighs in. The provision allowing the bulk collection, Section 215 of the Patriot Act, expires June 1, 2015.'"

    141 comments | about two weeks ago

  • Why No Executive Order To Stop NSA Metadata Collection?

    An anonymous reader links to this editorial at Ars Technica which argues that "As chief executive, Obama has the power to reform the NSA on his own with the stroke of a pen. By not putting this initiative into an executive order, he punted to Congress on an issue that affects the civil liberties of most anybody who picks up a phone. Every day Congress waits on the issue is another day Americans' calling records are being collected by the government without suspicion that any crime was committed. 'He does not need congressional approval for this,' said Mark Jaycoxx, an Electronic Frontier Foundation staff attorney."

    312 comments | about two weeks ago

  • More On the "Cuban Twitter" Scam

    We mentioned a few days ago the USAID-funded SMS social network that was connecting Cubans against the wishes of the Cuban government. Now Glen Greenwald's The Intercept has more on this kind of back-channel government intervention via what he characterizes as "the Internet propaganda bucket." Advocatus Diaboli (1627651) writes with an excerpt: "These ideas–discussions of how to exploit the internet, specifically social media, to surreptitiously disseminate viewpoints friendly to western interests and spread false or damaging information about targets–appear repeatedly throughout the archive of materials provided by NSA whistleblower Edward Snowden. Documents prepared by NSA and its British counterpart GCHQ–and previously published by The Intercept as well as some by NBC News–detailed several of those programs, including a unit devoted in part to "discrediting" the agency's enemies with false information spread online.

    The documents in the archive show that the British are particularly aggressive and eager in this regard, and formally shared their methods with their U.S. counterparts. One previously undisclosed top-secret document–prepared by GCHQ for the 2010 annual "SIGDEV" gathering of the "Five Eyes" surveillance alliance comprising the UK, Canada, New Zealand, Australia, and the U.S.–explicitly discusses ways to exploit Twitter, Facebook, YouTube, and other social media as secret platforms for propaganda."

    90 comments | about two weeks ago

  • CryptoPhone Sales Jump To 100,000+, Even at $3500

    An anonymous reader writes "Since Edward Snowden started making NSA files public last year, GSMK has seen a jump in sales. There are more than 100,000 CryptoPhones in use today. How secure they really are will be determined in the future. But I'm sure that some government agencies, not just in the U.S., are very interested in getting a list of users." For the price the company's charging for a modified Galaxy S3, it had better be as secure as they claim; otherwise, the free and open source RedPhone from Moxie Marlinspike's Whisper Systems seems like something to think about first.

    68 comments | about two weeks ago

  • TCP/IP Might Have Been Secure From the Start If Not For the NSA

    chicksdaddy writes: "The pervasiveness of the NSA's spying operation has turned it into a kind of bugaboo — the monster lurking behind every locked networking closet and the invisible hand behind every flawed crypto implementation. Those inclined to don the tinfoil cap won't be reassured by Vint Cerf's offhand observation in a Google Hangout on Wednesday that, back in the mid 1970s, the world's favorite intelligence agency may have also stood in the way of stronger network layer security being a part of the original specification for TCP/IP. (Video with time code.) Researchers at the time were working on just such a lightweight cryptosystem. On Stanford's campus, Cerf noted that Whit Diffie and Martin Hellman had researched and published a paper that described the functioning of a public key cryptography system. But they didn't yet have the algorithms to make it practical. (Ron Rivest, Adi Shamir and Leonard Adleman published the RSA algorithm in 1977). As it turns out, however, Cerf did have access to some really bleeding edge cryptographic technology back then that might have been used to implement strong, protocol-level security into the earliest specifications of TCP/IP. Why weren't they used? The crypto tools were part of a classified NSA project he was working on at Stanford in the mid 1970s to build a secure, classified Internet. 'At the time I couldn't share that with my friends,' Cerf said."

    149 comments | about two weeks ago

  • Book Review: How I Discovered World War II's Greatest Spy

    benrothke (2577567) writes "When it comes to documenting the history of cryptography, David Kahn is singularly one of the finest, if not the finest writers in that domain. For anyone with an interest in the topic, Kahn's works are read in detail and anticipated. His first book was written almost 50 years ago: The Codebreakers – The Story of Secret Writing; which was a comprehensive overview on the history of cryptography. Other titles of his include Seizing the Enigma: The Race to Break the German U-Boats Codes, 1939-1943. The Codebreakers was so good and so groundbreaking, that some in the US intelligence community wanted the book banned. They did not bear a grudge, as Kahn became an NSA scholar-in-residence in the mid 1990's. With such a pedigree, many were looking forward, including myself, to his latest book How I Discovered World War IIs Greatest Spy and Other Stories of Intelligence and Code. While the entire book is fascinating, it is somewhat disingenuous, in that there is no new material in it. Many of the articles are decades old, and some go back to the late 1970's. From the book description and cover, one would get the impression that this is an all new work. But it is not until ones reads the preface, that it is detailed that the book is simple an assemblage of collected articles." Keep reading for the rest of Ben's review.

    102 comments | about two weeks ago

  • NSA Confirms It Has Been Searching US Citizens' Data Without a Warrant

    Charliemopps writes: "According to Director of National Intelligence, James Clapper, 'There have been queries, using U.S. person identifiers, of communications lawfully acquired to obtain foreign intelligence targeting non-U.S. persons reasonably believed to be located outside the United States. These queries were performed pursuant to minimization procedures approved by the Fisa court and consistent with the statute and the fourth amendment.' Basically, if you communicated with someone that is 'reasonably believed' to be a terrorist, you've lost constitutional protection against searches without a warrant, according to the NSA."

    274 comments | about two weeks ago

  • NSA Infiltrated RSA Deeper Than Imagined

    Rambo Tribble (1273454) writes "Reuters is reporting that the U.S. National Security Agency managed to have security firm RSA adopt not just one, but two security tools, further facilitating NSA eavesdropping on Internet communications. The newly discovered software is dubbed 'Extended Random', and is intended to facilitate the use of the already known 'Dual Elliptic Curve' encryption software's back door. Researchers from several U.S. universities discovered Extended Random and assert it could help crack Dual Elliptic Curve encrypted communications 'tens of thousands of times faster'."

    168 comments | about two weeks ago

  • GCHQ and NSA Targeted World Leaders, Private German Companies

    Advocatus Diaboli sends this news from Der Spiegel: "Documents show that Britain's GCHQ intelligence service infiltrated German Internet firms and America's NSA obtained a court order to spy on Germany and collected information about the chancellor in a special database. Is it time for the country to open a formal espionage investigation? ... A secret NSA document dealing with high-ranking targets has provided further indications that Merkel was a target. The document is a presentation from the NSA's Center for Content Extraction, whose multiple tasks include the automated analysis of all types of text data. The lists appear to contain 122 country leaders. Twelve names are listed as an example, including Merkel's."

    145 comments | about three weeks ago

  • Jimmy Carter: Snowden Disclosures Are 'Good For Americans To Know'

    McGruber writes: "Former U.S. President Jimmy Carter defended the disclosures by fugitive NSA contractor Edward Snowden on Monday, saying revelations that U.S. intelligence agencies were collecting meta-data of Americans' phone calls and e-mails have been 'probably constructive in the long run.' 'I think it's wrong,' President Carter said of the NSA program. 'I think it's an intrusion on one of the basic human rights of Americans, is to have some degree of privacy if we don't want other people to read what we communicate.'" It's important to note that Carter doesn't believe Snowden should necessarily get a pass for his actions. Carter said, "I think it's inevitable that he should be prosecuted and I think he would be prosecuted, [if he comes back to the U.S.] But I don't think he ought to be executed as a traitor or any kind of extreme punishment like that." Nevertheless, Carter thinks NSA surveillance has gotten out of control. "We've gone a long way down the road of violating Americans' basic civil rights, as far as privacy is concerned." He added, "For the last two or three years, when I want to write a highly personal letter to a foreign leader, or even some American leaders, I hand-write it and mail it, because I feel that my telephone calls and my email are being monitored, and there are some things I just don’t want anybody to know except me and my wife."

    289 comments | about three weeks ago

  • White House To Propose Ending NSA Phone Records Collection

    The New York Times reported last night that the White House is planning to introduce a legislative package that would mostly end the NSA's bulk collection of phone records. Instead, phone companies would be required to hand over records up to "two hops" from a target number. Phone companies would be required to retain records for 18 months (already legally mandated) instead of the NSA storing records for five years. It does not appear that secret courts and secret orders from the court would be abolished, however. From the article: "The new type of surveillance court orders envisioned by the administration would require phone companies to swiftly provide records in a technologically compatible data format, including making available, on a continuing basis, data about any new calls placed or received after the order is received, the officials said ... The administration’s proposal would also include a provision clarifying whether Section 215 of the Patriot Act, due to expire next year unless Congress reauthorizes it, may in the future be legitimately interpreted as allowing bulk data collection of telephone data. ... The proposal would not, however, affect other forms of bulk collection under the same provision."

    208 comments | about three weeks ago

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...