Follow by Email

Sunday, October 19, 2014

NSA CTO Patrick Dowd Moonlighting For Private Security Firm

Current NSA CTO Patrick Dowd has taken a part-time position with former-NSA director Keith Alexander's security firm IronNet Cybersecurity — while retaining his position as chief technology officer for the NSA. The Guardian states that 'Patrick Dowd continues to work as a senior NSA official while also working part time for Alexander's IronNet Cybersecurity, a firm reported to charge up to $1m a month for advising banks on protecting their data from hackers. It is exceedingly rare for a US official to be allowed to work for a private, for-profit company in a field intimately related to his or her public function.' Some may give Alexander a pass on the possible conflict of interests as he's now retired, but what about a current NSA official moonlighting for a private security firm?

What Your Resume Needs If You Want a Job At Google

Jim Edwards writes at Business Insider that Google is so large and has such a massive need for talent that if you have the right skills, Google is really enthusiastic to hear from you — especially if you know how to use MatLab, a fourth-generation programming language that allows matrix manipulations, plotting of functions and data, implementation of algorithms, creation of user interfaces, and interfacing with programs written in other languages, including C, C++, Java, Fortran and Python. The key is that data is produced visually or graphically, rather than in a spreadsheet. According to Jonathan Rosenberg , Google's former senior vice president for product management, being a master of statistics is probably your best way into Google right now and if you want to work at Google, make sure you can use MatLab. Big data — how to create it, manipulate it, and put it to good use — is one of those areas in which Google is really enthusiastic about. The sexy job in the next ten years will be statisticians. When every business has free and ubiquitous data, the ability to understand it and extract value from it becomes the complimentary scarce factor. It leads to intelligence, and the intelligent business is the successful business, regardless of its size. Rosenberg says that "my quote about statistics that I didn't use but often do is, 'Data is the sword of the 21st century.

Friday, October 17, 2014

NSA Exceptionally Controlled Information

ECI is a classification above Top Secret. It's for things that are so sensitive they're basically not written down, like the names of companies whose cryptography has been deliberately weakened by the NSA, or the names of agents who have infiltrated foreign IT companies.
As part of the Intercept story on the NSA's using agents to infiltrate foreign companies and networks, it published a list of ECI compartments. It's just a list of code names and three-letter abbreviations, along with the group inside the NSA that is responsible for them. The descriptions of what they all mean would never be in a computer file, so it's only of value to those of us who like code names.
This designation is why there have been no documents in the Snowden archive listing specific company names. They're all referred to by these ECI code names.

Wednesday, October 15, 2014

Domestic Enforcement Agency Created Fake FB Page in Woman's Name

This is a creepy story. A woman has her phone seized by the Drug Enforcement Agency and gives them permission to look at her phone. Without her knowledge or consent, they steal photos off of the phone (the article says they were "racy") and use it to set up a fake Facebook page in her name.
The woman sued the government over this. Extra creepy was the government's defense in court: "Defendants admit that Plaintiff did not give express permission for the use of photographs contained on her phone on an undercover Facebook page, but state the Plaintiff implicitly consented by granting access to the information stored in her cell phone and by consenting to the use of that information to aid in an ongoing criminal investigations [sic]."
The article was edited to say: "Update: Facebook has removed the page and the Justice Department said it is reviewing the incident." So maybe this is just an overzealous agent and not official DEA policy.
But as Marcy Wheeler said, this is a good reason to encrypt your cell phone.

 Flaw Allowed Hackers To Spy On NATO

Reuters reports that a cybersecurity firm has found evidence that a bug in Microsoft's Windows operating system has allowed hackers located in Russia to spy on computers used by NATO, Ukraine, the European Union, and others for the past five years. Before disclosing the flaw, the firm alerted Microsoft, who plans to roll out a fix on Tuesday. "While technical indicators do not indicate whether the hackers have ties to the Russian government, Hulquist said he believed they were supported by a nation state because they were engaging in espionage, not cyber crime. For example, in December 2013, NATO was targeted with a malicious document on European diplomacy. Several regional governments in the Ukraine and an academic working on Russian issues in the United States were sent tainted emails that claimed to contain a list of pro-Russian extremist activities, according to iSight.

Firefox 33 Arrives With OpenH264 Support

Mozilla today officially launched Firefox 33 for Windows, Mac, Linux, and Android. Additions include OpenH264 support as well as the ability to send video content from webpages to a second screen. Firefox 33 for the desktop is available for download now on Firefox.com, and all existing users should be able to upgrade to it automatically. As always, the Android version is trickling out slowly on Google Play. Full changelogs are available here: desktop and Android.

 Open Source Security Confidence Idealism

According to a few news articles, the general public has taken notice of all the recent security breaches in open source software. From the article: "Hackers have shaken the free-software movement that once symbolized the Web's idealism. Several high-profile attacks in recent months exploited security flaws found in the "open-source" software created by volunteers collaborating online, building off each other's work."

While it's true that open source means you can review the actual code to ensure there's no data-theft, loggers, or glaring security holes, that idealism doesn't really help out most people who simply don't have time, or the knowledge, to do it. As such, the trust is left to the open source community, and is that really so different than leaving it to a corporation with closed source?"