"alex stamos"

Next time a government hacks your Facebook account, Facebook will let you know

Facebook says that starting today, they will notify users “if we believe your account has been targeted or compromised by an attacker suspected of working on behalf of a nation-state.” Read the rest

Yahoo's security boss faces down NSA director over crypto ban

During Monday's Cybersecurity for a New America conference in DC, Yahoo's Chief Information Security Officer Alex Stamos stood up and had an intense verbal showdown with NSA director Mike Rogers about the NSA's plan to ban working crypto, in which the nation's top spook fumfuhed and fumbled to explain how this idea isn't totally insane. Read the rest

Google's end-to-end email encryption moves to Github

Google's made some major announcements about End-to-End, their implementation of the best-of-breed email encryption tool PGP, which they're refactoring as a way of encrypting webmail so that neither they nor the spy-services can read it in transit or at rest. Read the rest

Expert witness describes Aaron Swartz's "crimes"

Alex Stamos, a computer security and forensics expert, was one of the expert witnesses in US v Swartz, the vindictive case brought against Aaron Swartz for walking into an unlocked computer closet, and downloading a large number of academic articles from JSTOR, using MIT's network. Stamos has very good perspective on the "crimes" for which Aaron was being hounded by the state:

* At the time of Aaron’s actions, the JSTOR website allowed an unlimited number of downloads by anybody on MIT’s 18.x Class-A network. The JSTOR application lacked even the most basic controls to prevent what they might consider abusive behavior, such as CAPTCHAs triggered on multiple downloads, requiring accounts for bulk downloads, or even the ability to pop a box and warn a repeat downloader.

* Aaron did not “hack” the JSTOR website for all reasonable definitions of “hack”. Aaron wrote a handful of basic python scripts that first discovered the URLs of journal articles and then used curl to request them. Aaron did not use parameter tampering, break a CAPTCHA, or do anything more complicated than call a basic command line tool that downloads a file in the same manner as right-clicking and choosing “Save As” from your favorite browser.

* Aaron did nothing to cover his tracks or hide his activity, as evidenced by his very verbose .bash_history, his uncleared browser history and lack of any encryption of the laptop he used to download these files. Changing one’s MAC address (which the government inaccurately identified as equivalent to a car’s VIN number) or putting a mailinator email address into a captured portal are not crimes.

Read the rest

Previous Page

:)