For my Ethical Hackers. Tools & Techniques for the “How to”
manual.
Should this go into the
“How to” manual or a collection of “Worst Practices?”
NBC
Reports – “How Snowden did it”
Richard
Esposito and Matthew Cole, NBC News: “When Edward Snowden
stole the crown jewels of the National Security Agency, he didn’t
need to use any sophisticated devices or software or go around any
computer firewall. All he needed, said multiple
intelligence community sources, was a few thumb drives and the
willingness to exploit a gaping hole in an antiquated security system
to rummage at will through the NSA’s servers and take
20,000 documents without leaving a trace. [No
logs? No record of want happened. Bob] .. As a
Honolulu-based employee of Booz Allen Hamilton doing contract work
for the NSA, Snowden had access to the NSA servers via “thin
client” computer. The outdated set-up meant that he had direct
access to the NSA servers at headquarters in Ft. Meade, Md., 5,000
miles away. In a “thin client” system, each remote computer is
essentially a glorified monitor, with most of the computing power in
the central server. The individual computers tend to be assigned to
specific individuals, and access for most users can be limited to
specific types of files based on a user profile. But Snowden was not
most users. A typical NSA worker has a “top secret” security
clearance, which gives access to most, but not all, classified
information. Snowden also had the enhanced privileges of a “system
administrator.” The NSA, which has as many as 40,000 employees,
has 1,000 system administrators, most of them contractors. [Note:
Reuters
reported NSA is eliminating 90% of its system administrators.]
“It's for the
children!” Is this a viable Business model? Just like the NSA,
but with a smaller target population. At least they outsourced it
(recognizing that surveillance is not their forte) Perhaps parents
could hire this firm to monitor the teachers and the school board?
School
district hires company to follow kids' Facebook, Twitter
… A school district
in Southern California is also committed to the safety of its kids.
And, given that social media sites are where kids are at these days,
it's decided to keep tabs on every single public post its kids are
making.
Naturally, the Glendale
Unified School District doesn't have the time to do this itself. So
it's hired an outside company to do its tab-keeping for it.
As
CBS Los Angeles reports, the district chose Geo
Listening, a company that specializes in following kids'
Facebook, Twitter, Instagram, and YouTube feeds.
"The whole purpose
is student safety," the district's superintendent Richard
Sheehan told CBS.
… In legal terms,
any public posting is fair game. The Geo Listening Web site
helpfully
explains: "The students we can help are already asking for
you. All of the individual posts we monitor on social media networks
are already made public by the students themselves. Therefore, no
privacy is violated."
Every single public
posting made by every one of the district's 13,000 students is being
monitored, although the company insists it doesn't peek at
"privatized pages, SMS, MMS, email, phone calls, voicemails."
Do all privacy right
end when you become a mass murderer? No reason given in the article
for failuer to comply with the subpoena.
Christine Stuart
reports:
The
Newtown school superintendent blew off a subpoena demanding the
educational records of mass murderer Adam Lanza, Connecticut’s
Office of the Child Advocate claims in court.
Connecticut’s
Office of the Child Advocate sued Newtown Public Schools and its
interim superintendent John R. Reed, in Superior Court.
[...]
The
Child Advocate seeks Lanza’s psychological reports and evaluations,
report cards, attendance records, nursing reports and notes, social
work records, disciplinary records, education plans, and any
communications with his family.
Read more on Courthouse
News.
“Looking over the
governor's shoulder are three drones of unknown origin...”
Earlier
today, Governor Pat Quinn signed into law Senate
Bill 1587, a measure that places appropriate and reasonable
guidelines on the use of unmanned surveillance aircraft (drones) by
state or local law enforcement agencies in Illinois. Most
importantly, it requires police to obtain a warrant, subject to
narrow exemptions, such as emergencies. It also limits retention and
sharing of information collected by drones, and requires police
departments with drones to publicly disclose the number of their
drones.
Read more on the ACLU
of Illinois blog.
History for my Computer Security classes... (Already on hold at my
local library)
The Business Insider
has an excerpt from Nate Anderson’s new book, ”The
Internet Police: How Crime Went Online, and the Cops Followed by Nate
Anderson.” The excerpt deals with an important case in
online privacy law – the case of Steven Warshak.
Read the excerpt on
BusinessInsider.
Be careful what you wish for.
– is a chrome extension that allows you to monitor web pages for
changes. It can alert you whenever a page of your interest updates.
To use, simply install extension, go to a webpage you would like to
monitor, click on the Page Monitor icon and select “Monitor This
Page”. Now whenever this page changes, the monitor icon will
display a notification on its badge.
I try to keep up. (I'm sure everyone at Oxford talks like this.)
28
August 2013: Oxford Dictionaries Online quarterly update: new words
added to oxforddictionaries.com today
… If buzzworthy
vocabulary makes you squee,
set aside some me
time to explore the latest words which have made their
way into common usage.
No comments:
Post a Comment