For me, the most under-reported, under-appreciated element of the Snowden leaks is the BULLRUN/EDGEHILL program, through which the NSA and GCHQ spend $250,000,000/year sabotaging information security. In a great Wired story, Andy Greenberg analyzes former NSA chief Keith Alexander's defense of the stockpiling of vulnerabilities to attack "bad guys." There is no delusion more deadly than the idea that spies will make us more secure by weakening our computers' security to make it easier to spy on us.
Last December, a group of advisers to the White House issued a report to President Obama calling on him to rein-in the intelligence community’s use of so-called zero-day vulnerabilities–newly discovered hackable software bugs for which there exist no patch. The group went on to propose that zero-days only be used sparingly for “high priority intelligence collection,” and that those uses must be approved by a “senior-level, interagency approval process.”
“In almost all instances, for widely used code, it is in the national interest to eliminate software vulnerabilities rather than to use them for US intelligence collection,” the report reads. “Eliminating the vulnerabilities–’patching’ them–strengthens the security of U.S. Government, critical infrastructure, and other computer systems.”
Obama’s response to his advisers’ review, however, added a major loophole, allowing any zero-day vulnerabilities to be exploited if they have a “clear national security or law enforcement” application.
Former NSA Chief Defends Stockpiling Software Flaws for Spying [Andy Greenberg/Wired]
Image: Commander Keith Alexander on the bridge, DonkeyHotey, CC-BY-SA)
Last week at Defcon, a security researcher named Smea presented their findings on vulnerabilities in the Lovesense Hush, an internet-of-things buttplug that has already been shown to have critical privacy vulnerabilities.
Few states have voting machines that are simultaneously more obviously defective and more ardently defended by the state government than Georgia, where 16-year-old touchscreen systems are prone to reporting ballots cast by 243% of the eligible voters and where gross irregularities in election administration sends voters to the wrong polling places or sends co-habitating husbands […]
Apple's Faceid -- a facial recognition tool that unlocks mobile devices -- has a countermeasure that is designed to prevent attackers from scanning an sleeping/unconscious (or dead) person's face to unlock their phone, by scanning the face for signs of consciousness.
If your office works at all, it uses Microsoft Office. Those icons for Word, PowerPoint, and Outlook are as familiar around some workplaces as the coffee machine. So familiar, in fact, that they get taken for granted – and rarely used to their full potential. Whether you need a crash course in the essential tools […]
It’s a great time to be a maker. 3D printers are on store shelves for anyone to buy, and coder kits like Arduino and Raspberry Pi are letting kids as young as 9 or 10 dive into the Internet of Things. Here are a few examples of our favorite tech toys, all priced low enough […]
Want to make a hit? The right software is out there for anyone, but any music producer will tell you that finding the right sound can still take time and talent. Still, the right tools are a great shortcut, which makes this Synth & Sound Pack Bundle absolutely priceless. And now that it’s on sale […]