Wednesday, August 28, 2013

For my Ethical Hackers. Tools & Techniques for the “How to” manual.

Should this go into the “How to” manual or a collection of “Worst Practices?”
NBC Reports – “How Snowden did it”
Richard Esposito and Matthew Cole, NBC News: “When Edward Snowden stole the crown jewels of the National Security Agency, he didn’t need to use any sophisticated devices or software or go around any computer firewall. All he needed, said multiple intelligence community sources, was a few thumb drives and the willingness to exploit a gaping hole in an antiquated security system to rummage at will through the NSA’s servers and take 20,000 documents without leaving a trace. [No logs? No record of want happened. Bob] .. As a Honolulu-based employee of Booz Allen Hamilton doing contract work for the NSA, Snowden had access to the NSA servers via “thin client” computer. The outdated set-up meant that he had direct access to the NSA servers at headquarters in Ft. Meade, Md., 5,000 miles away. In a “thin client” system, each remote computer is essentially a glorified monitor, with most of the computing power in the central server. The individual computers tend to be assigned to specific individuals, and access for most users can be limited to specific types of files based on a user profile. But Snowden was not most users. A typical NSA worker has a “top secret” security clearance, which gives access to most, but not all, classified information. Snowden also had the enhanced privileges of a “system administrator.” The NSA, which has as many as 40,000 employees, has 1,000 system administrators, most of them contractors. [Note: Reuters reported NSA is eliminating 90% of its system administrators.]

“It's for the children!” Is this a viable Business model? Just like the NSA, but with a smaller target population. At least they outsourced it (recognizing that surveillance is not their forte) Perhaps parents could hire this firm to monitor the teachers and the school board?
School district hires company to follow kids' Facebook, Twitter
… A school district in Southern California is also committed to the safety of its kids. And, given that social media sites are where kids are at these days, it's decided to keep tabs on every single public post its kids are making.
Naturally, the Glendale Unified School District doesn't have the time to do this itself. So it's hired an outside company to do its tab-keeping for it.
As CBS Los Angeles reports, the district chose Geo Listening, a company that specializes in following kids' Facebook, Twitter, Instagram, and YouTube feeds.
"The whole purpose is student safety," the district's superintendent Richard Sheehan told CBS.
… In legal terms, any public posting is fair game. The Geo Listening Web site helpfully explains: "The students we can help are already asking for you. All of the individual posts we monitor on social media networks are already made public by the students themselves. Therefore, no privacy is violated."
Every single public posting made by every one of the district's 13,000 students is being monitored, although the company insists it doesn't peek at "privatized pages, SMS, MMS, email, phone calls, voicemails."

Do all privacy right end when you become a mass murderer? No reason given in the article for failuer to comply with the subpoena.
Christine Stuart reports:
The Newtown school superintendent blew off a subpoena demanding the educational records of mass murderer Adam Lanza, Connecticut’s Office of the Child Advocate claims in court.
Connecticut’s Office of the Child Advocate sued Newtown Public Schools and its interim superintendent John R. Reed, in Superior Court.
The Child Advocate seeks Lanza’s psychological reports and evaluations, report cards, attendance records, nursing reports and notes, social work records, disciplinary records, education plans, and any communications with his family.
Read more on Courthouse News.

“Looking over the governor's shoulder are three drones of unknown origin...”
Earlier today, Governor Pat Quinn signed into law Senate Bill 1587, a measure that places appropriate and reasonable guidelines on the use of unmanned surveillance aircraft (drones) by state or local law enforcement agencies in Illinois. Most importantly, it requires police to obtain a warrant, subject to narrow exemptions, such as emergencies. It also limits retention and sharing of information collected by drones, and requires police departments with drones to publicly disclose the number of their drones.
Read more on the ACLU of Illinois blog.

History for my Computer Security classes... (Already on hold at my local library)
The Business Insider has an excerpt from Nate Anderson’s new book, The Internet Police: How Crime Went Online, and the Cops Followed by Nate Anderson.” The excerpt deals with an important case in online privacy law – the case of Steven Warshak.
Read the excerpt on BusinessInsider.

Be careful what you wish for.
– is a chrome extension that allows you to monitor web pages for changes. It can alert you whenever a page of your interest updates. To use, simply install extension, go to a webpage you would like to monitor, click on the Page Monitor icon and select “Monitor This Page”. Now whenever this page changes, the monitor icon will display a notification on its badge.

I try to keep up. (I'm sure everyone at Oxford talks like this.)
28 August 2013: Oxford Dictionaries Online quarterly update: new words added to today
… If buzzworthy vocabulary makes you squee, set aside some me time to explore the latest words which have made their way into common usage.

No comments: