For me, the most under-reported, under-appreciated element of the Snowden leaks is the BULLRUN/EDGEHILL program, through which the NSA and GCHQ spend $250,000,000/year sabotaging information security. In a great Wired story, Andy Greenberg analyzes former NSA chief Keith Alexander's defense of the stockpiling of vulnerabilities to attack "bad guys." There is no delusion more deadly than the idea that spies will make us more secure by weakening our computers' security to make it easier to spy on us.
Last December, a group of advisers to the White House issued a report to President Obama calling on him to rein-in the intelligence community’s use of so-called zero-day vulnerabilities–newly discovered hackable software bugs for which there exist no patch. The group went on to propose that zero-days only be used sparingly for “high priority intelligence collection,” and that those uses must be approved by a “senior-level, interagency approval process.”
“In almost all instances, for widely used code, it is in the national interest to eliminate software vulnerabilities rather than to use them for US intelligence collection,” the report reads. “Eliminating the vulnerabilities–’patching’ them–strengthens the security of U.S. Government, critical infrastructure, and other computer systems.”
Obama’s response to his advisers’ review, however, added a major loophole, allowing any zero-day vulnerabilities to be exploited if they have a “clear national security or law enforcement” application.
Former NSA Chief Defends Stockpiling Software Flaws for Spying [Andy Greenberg/Wired]
Image: Commander Keith Alexander on the bridge, DonkeyHotey, CC-BY-SA)
Many large-scale data-breaches involve attackers gaining access to administrators' database logins; from there, they can clone the whole database and plunder it at will; but leading nosql database vendor Mongodb proposes to add another layer of security it's calling "Field Level Encryption" which encrypts the data in database fields with its own key -- possibly […]
Stalkerware -- spyware sold to people as a means of keeping tabs on their romantic partners, kids, employees, etc -- is a dumpster fire of terrible security (compounded by absentee management), sleazy business practices, and gross marketing targeted at abusive men who want to spy on women.
I recently wrote about how much I enjoyed testing the OnePlus 7 Pro. One of the nicer things about it was the fact that its in-display fingerprint reader, unlike the one in the last-gen OnePlus handset, works in a timely manner. Too bad that, no matter how quickly it can read a fingerprint, it still […]
Even if you feel like AirPods are worth the price tag, you’ve got to admit there’s a certain anxiety that comes with using them. What if I lose them? What if they get wet in the rain? Or drenched in sweat? Or fall into the drink you dropped them into? Shiny tech is great, but […]
With the quick-fix appeal of video games and their own cell phones, it can be tough to keep kids focused on supposedly “educational” toys. And while it may seem counter-intuitive to fight tech with more tech, we’re all in when it comes to the Toybox 3D Printer. We’re not sure if anyone had envisioned a […]
Whether you’re an artist, designer or just organizing a photo album, photo editing software is a must. And software designers know it: Platforms like Photoshop and Lightroom have a ton of helpful features, but you’ll pay for them in spades. Luckily, there’s some competition in the photo editing arena. Right now, Skylum’s Luminar software is […]