I always feel smarter when Harvard agrees with me.
For more than two
years the F.B.I.
and intelligence agencies have warned that encrypted communications
are creating a “going dark” crisis that will keep them from
tracking terrorists and kidnappers.
Now, a study in
which current and former intelligence officials participated
concludes that the warning
is wildly overblown, and that a raft of new technologies —
like television sets with microphones and web-connected cars — are
creating ample opportunities for the government to track suspects,
many of them worrying.
… The study, titled, “Don’t
Panic: Making Progress on the ‘Going Dark’ Debate,” is
among the sharpest counterpoints yet to the contentions of James B.
Comey, the F.B.I. director, and other Justice Department officials,
mostly by arguing that they have defined the issue too narrowly.
[One
example from the report:
Metadata
is not encrypted, and the vast majority is likely to remain so. This
is data that needs to stay unencrypted in order for the systems to
operate: location data from cell phones and other devices, telephone
calling records, header information in e-mail, and so on. This
information provides an enormous amount of surveillance data that was
unavailable before these systems became widespread.
It's so simple only simple minded folks would use
it. Imagine a default password that you can not change.
Hardcoded
Keys Put Westermo Industrial Switches at Risk
Westermo is a Sweden-based company that designs
and manufactures industrial-grade communications products for
mission-critical systems. The firm’s solutions are used across the
world in sectors such as transport, water, energy supplies, mining
and petrochemical.
According to ICS-CERT, researcher Neil Smith
discovered that the SSL keys used by Westermo industrial switches to
secure communications are hardcoded and shared across devices.
Since it cannot be changed, a malicious actors who
obtains the key can intercept and decrypt communications via a
man-in-the-middle (MitM) attack. An attacker could intercept login
credentials and leverage the information to gain access to a
vulnerable device.
Suggesting Security was a bit understaffed? Also,
some job hunting information for my Computer Security students.
Help
Wanted: 1,000 Cybersecurity Jobs At OPM, Post-Hack Hiring Approved By
DHS
… The Office of Personnel Management (OPM)
suffered the largest cyber attack over the past year, resulting in
the theft of contact records on more than twenty million people
including those who applied for government security clearances and
went through background checks, and nearly two million spouses and
domestic partners of those applicants. As the OPM hack news
unraveled, it got worse — revealing that hackers stole the digital
fingerprints of more than five million people employed by the U.S.
federal government… the same fingerprints that are sometimes used
for access to so-called locked down buildings and computers.
OPM recently announced it is hiring 1,000 new
cybersecurity professionals, which have been approved
by the U.S. Department of Homeland Security (DHS). Federal News Radio
recently listed the
duties the new cyber hires will carry out
… For a bird’s-eye view of cybersecurity
jobs throughout the U.S. federal government, you visit the National
Initiative for Cybersecurity Careers and Studies (NICCS) website.
Only California would spy on you to protect your
privacy?
UtotheRescue reports:
The San Francisco Chronicle has coverage of an issue that has been circulating on faculty email networks at UC Berkeley for a few days. The piece, “Cal professors fear UC bosses will snoop on them,” is behind a paywall. The first sentence reads, “UC Berkeley faculty members are buzzing over news that University of California President Janet Napolitano ordered the installation of computer hardware capable of monitoring all e-mails going in and out of the UC system.” UC’s Chief Operating Officer says “that UC policy “forbids the university from using such data for nonsecurity purposes.” UC Berkeley’s Senate chair replies, “What has upset a lot of the faculty was that the surveillance was put in place without consulting the faculty. In fact, the people installing the system were under strict instructions not to reveal it was taking place.” On the blog’s Facebook page, we’ve had some debate about how new this capability is, with some faculty from various universities saying they’ve always assumed their university email could be monitored at any time, and others saying this is a new level of intrusion.
Read more on UtotheRescue.
[From
the article:
The UCOP had this hardware installed last summer.
They did so over the objections of our campus IT and security
experts.
The intrusive hardware is not under the control of local IT
staff--it sends data on network activity to UCOP and to the vendor.
Of what these data consists we do not know.
Might be handy for some of those recurring tasks,
like backups.
Create
Awesome Life Automations with Multi-Step Zaps
… in the world of online app automation, a
typical workflow involves creating a single action from one service,
and using it to trigger something in another service. An example —
using an incoming email with a specific subject line, to trigger a
Google
Spreadsheet which loads the subject line and the sender into two
fields.
With this fresh update, Zapier has just raised the
bar by allowing you to use a single app trigger to kick off a whole
laundry-list of actions.
… As your list of actions grow, every new
action can draw upon either the original trigger, or the subsequent
actions you’ve created.
No comments:
Post a Comment