For me, the most under-reported, under-appreciated element of the Snowden leaks is the BULLRUN/EDGEHILL program, through which the NSA and GCHQ spend $250,000,000/year sabotaging information security. In a great Wired story, Andy Greenberg analyzes former NSA chief Keith Alexander's defense of the stockpiling of vulnerabilities to attack "bad guys." There is no delusion more deadly than the idea that spies will make us more secure by weakening our computers' security to make it easier to spy on us.
Last December, a group of advisers to the White House issued a report to President Obama calling on him to rein-in the intelligence community’s use of so-called zero-day vulnerabilities–newly discovered hackable software bugs for which there exist no patch. The group went on to propose that zero-days only be used sparingly for “high priority intelligence collection,” and that those uses must be approved by a “senior-level, interagency approval process.”
“In almost all instances, for widely used code, it is in the national interest to eliminate software vulnerabilities rather than to use them for US intelligence collection,” the report reads. “Eliminating the vulnerabilities–’patching’ them–strengthens the security of U.S. Government, critical infrastructure, and other computer systems.”
Obama’s response to his advisers’ review, however, added a major loophole, allowing any zero-day vulnerabilities to be exploited if they have a “clear national security or law enforcement” application.
Former NSA Chief Defends Stockpiling Software Flaws for Spying [Andy Greenberg/Wired]
Image: Commander Keith Alexander on the bridge, DonkeyHotey, CC-BY-SA)
I’ve been going to O’Reilly conferences since the first P2P conference in 2001; for 15 years, they’ve been blowing my mind.
I-Dressup is a social media site aimed at teen and tween girls, where users play and interact with fashion. Six days ago, Ars Technica’s Dan Goodin contacted I-Dressup to tell them that they were leaking more than 5.5 million cleartext passwords, and that a hacker had already downloaded 2.2 million of them.
I’ve written an open letter to HP CEO Dion Weisler on behalf of the Electronic Frontier Foundation, asking him to make amends for his company’s bizarre decision to hide a self-destruct sequence in a printer update that went off earlier this month, breaking them so that they would no longer use third-party ink cartridges.
The Avantree Powerhouse 4 Port Fast USB Charging Station brings high quality, high power, and still keeps your work space or home looking neat and organized. The best part about this charger is its capacity. It comes packing 4 USB charging sockets and a powerful 4.5A/22.5W output.. Its smartport technology means you don’t have to worry about frying your battery, either—it […]
With this comprehensive course in App & Game Development for iOS and Android, you’ll be able to take full advantage of this career opportunity without committing to going back to school full time. You’ll learn how to build immersive, interactive games and apps from start to finish using Python, C#, Unity, and HTML—some of the most in-demand programming […]
CloudPress is a responsive WordPress theme builder that allows you to create a whole site in less than 30 minutes. CloudPress comes with tools like pre-built headers, content blocks, and footers—all you have to do is pick what you like, and drag and drop. With your subscription, you get access to 13 professionally designed WordPress themes, over 80 […]