LEAKED: German Government Warns Key Entities Not To Use Windows 8 – Links The NSA | InvestmentWatch: "The backdoor is called “Trusted Computing,” developed and promoted by the Trusted Computing Group, founded a decade ago by the all-American tech companies AMD, Cisco, Hewlett-Packard, IBM, Intel, Microsoft, and Wave Systems. Its core element is a chip, the Trusted Platform Module (TPM), and an operating system designed for it, such as Windows 8. Trusted Computing Group has developed the specifications of how the chip and operating systems work together."
Open Sourcers Pitch Secure Email in Dark Age of PRISM | Wired Enterprise | Wired.com: "...“E-mail is going to be with us for a long time,” says Bjarni Rúnar Einarsson, a software developer and member of the Icelandic Pirate Party. “We need to do what we can to make it more secure.” Einarsson is doing his part with Mailpile, an open source web-based e-mail client that you can run on your own computer or in the cloud. With this creation, he hopes to make it easier for every day users to encrypt their mail — without giving up the sort of search tools they get from a service like Google’s Gmail. The team has already raised over $100,000 dollars on the crowdfunding site Indie GoGo to fund its future development...."
BIND Vulnerablilty Enables DNS Cache Poisoning Attack | Threatpost: "A vulnerability in the BIND domain name system (DNS) software could give an attacker the ability to easily and reliably control queried name servers chosen by the most widely deployed DNS software on the Internet, according to new research presented at the Woot Conference in Washington D.C. today. The Internet Systems Consortium has acknowledged the vulnerability."
Silent Circle sees 'writing on the wall,' shuts down secure email service | The Verge: "Phil Zimmerman’s encrypted communications company Silent Circle is shuttering its Silent Mail email service after another secure email service used by NSA leaker Edward Snowden, called Lavabit, closed down earlier today. Silent Circle wrote that it saw "the writing on the wall" after Lavabit owner Ladar Levison explained he was being forced to "become complicit in crimes against the American people or walk away." Silent Circle’s other services, Silent Phone and Silent Text, are completely end-to-end encrypted; only the users hold the keys needed to decrypt the messages, so even if the company were compelled to produce evidence in court, it wouldn’t have access to its customers’ communications in a usable form. But the protocols used for email — SMTP, POP3, and IMAP — can’t be secured, facing the team with a dilemma: continue providing Silent Mail, which offers similar privacy protections as other secure email services, or ditch the service altogether."
Opinion: NSA secrets kill our trust - CNN.com: "Both government agencies and corporations have cloaked themselves in so much secrecy that it's impossible to verify anything they say; revelation after revelation demonstrates that they've been lying to us regularly and tell the truth only when there's no alternative."
Weak or non-existent Congressional oversight, secret "rubber stamp" courts, inept Presidential leadership, all lead to one conclusion -- an out-of-control electronic spy agency could make anyone a "target"--
WordPress is a very popular platform for blog-style websites, and as such it's a prime target for attack. If your site relies on WordPress, you absolutely must keep the platform up to date, as many of the updates patch serious security vulnerabilities. (source infra)
Syrian Electronic Army Hacked Tango Chat App; Is Your Site Next?: " . . . The biggest entry point for hackers, and the hardest to secure, is attack by social engineering. For example, one employee of The Onion was fooled by a phishing message into entering Google Apps credentials on a bogus site. Those credentials gave hackers access to all of The Onion's social media accounts. They also used the hacked account to broadcast a second phishing attack to more of the staff. You need a multi-layered defense against this kind of attack. Create and enforce a policy that all employees must use strong passwords. Educate them on how to spot fraudulent email messages, and what to do with links in emails (don't click them!). Limit your potential losses by giving each employee access to only those accounts and resources needed for the job. And be prepared for the eventuality that despite all your precautions, some schmo will fall for a phishing message and thereby compromise your site. . . ."
"I don’t want to live in a country with an organization like the NSA is right now."
Tikkun Daily Blog » Blog Archive » Google Engineer Wins NSA Award, Then Says NSA Should Be “Abolished”: "In an interview with Andy Cush at Animal, Bonneau went even farther in his critiques of the NSA: I’d rather have it abolished than persist in its current form. I think there’s a question about whether it’s possible to reform the NSA into something that’s more reasonable…But my feeling based on what I’ve read is that I don’t want to live in a country with an organization like the NSA is right now. When Bonneau learned that he has won the award from the NSA, he considered turning it down. However, he ultimately decided upon accepting as a way to potentially bridge academic gaps with the NSA, as a means of opening up at least one avenue into the organization that has been mostly closed."
The biggest security risks ALWAYS come from inside--
Marshals Lose Track of Encrypted Radios Worth Millions - WSJ.com: "The U.S. Marshals Service has lost track of at least 2,000 encrypted two-way radios and other communication devices valued at millions of dollars, according to internal agency documents, creating what some within the agency view as a security risk for federal judges, endangered witnesses and others. The problem, which stretches back years, was laid out in detail to agency officials at least as early as 2011, when the Marshals were deploying new versions of the radios they use to securely communicate in the field. Agency leaders continued to have difficulty tracking their equipment even after they were warned about the problems by an internal technology office, according to the documents, which were obtained through Freedom of Information Act requests. Some Marshals officials told The Wall Street Journal that besides the wasted money and resources, the inventory problems raise the possibility that criminals could get their hands on radios and listen to them to learn details of security or law-enforcement operations. Such radios are a key communications tool of U.S. Marshals. . . ." (read more at link above)