|
ShadowHawk posted:And they are low-hanging fruit in part because the NSA doesn't care about its mission to help secure the internet. I don't think we can attribute this particular incident to North Korea exploiting the same holes the NSA ripped open due to sabotage of security standards, but it's only a matter of time before someone does. And I'm not even sure what a workable solution to this sort of thing would look like. If the problem is loving SQL injection and spear phishing then that's not exactly elaborate superspy hacking the Gibson poo poo. It's Sony crapping out on information security 101. And how do you put together a group inside a government agency that can fix that. Like I'd be willing to bet that somewhere in Sony some sysadmins/SREs/whatever the fucks knew about the problems and knew how to fix them and just lacked the corporate will and resources to actually do anything about it. Sony's a publicly-traded company. That means that they've, by legal requirement, had auditors go over all this poo poo with them. What can we imagine a government agency could have done that the auditors failed to?
|
# ? Dec 31, 2014 06:22 |
|
|
# ? May 30, 2024 20:53 |
|
ShadowHawk posted:And they are low-hanging fruit in part because the NSA doesn't care about its mission to help secure the internet. I don't think we can attribute this particular incident to North Korea exploiting the same holes the NSA ripped open due to sabotage of security standards, but it's only a matter of time before someone does. It's not the NSA's fault that some dimwit at Sony gathered so many credentials together, in plaintext, and stored them all in the same directory. That's on Sony and their people.
|
# ? Dec 31, 2014 17:51 |
|
Chadderbox posted:It's not the NSA's fault that some dimwit at Sony gathered so many credentials together, in plaintext, and stored them all in the same directory. That's on Sony and their people. Based on previous Sony breaches, it's common practice for Sony.
|
# ? Dec 31, 2014 22:12 |
|
SubG posted:I agree that the US should devote more government resources to securing both the large-scale infrastructure of the internet as well as reaching out to individual corporate entities to improve standards and practices at that level. I don't think it's within the NSA's mission to do that however. Maybe the FBI. Part of the problem is that we've got a whole shitload of agencies and assets tasked with getting into poo poo, but very little devoted to improving security.
|
# ? Jan 1, 2015 02:17 |
|
ShadowHawk posted:It's within the NSA's purview. Stuff like SE Linux originally came out of the NSA. But whatever. If you want to hold up SELinux you're talking about something that started as an internal initiative back in the early '90s (about as old as and originally independent of the linux kernel). If you want to see what a newer NSA project pursuant to their nominal information assurance goals you get something like the Perfect Citizen/Einstein programme. Which is essentially indistinguishable from all the other creepy surveillance state NSA poo poo that's been discussed in the thread. This shouldn't be surprising; nearly everything that used to be in the NSA devoted to traditional nuts-and-bolts information assurance got re-org'd into Homeland Security. Where a director of the new NSCS (National Cybersecurity Center, not the National Computer Security Center which used to be part of the NSA and developed the rainbow books and so on) resigned because he felt NSA interference made accomplishing the NSCS's goals impossible (and constituted a `threat to our democratic process', in his words). The NSA is a spy agency. Its solution to all problems is getting more of its eyes up in your poo poo. But I mean don't rely on my word for it. Take a look at the 2012-2016 strategy/mission statement document in the Snowden leaks. Except for a token bullet item about fostering an environment that rewards diversity, all of the mission goals involve target acquisition and data analysis. I don't think this is a point you're fundamentally trying to argue (I mean you were the one arguing that they're an `outlaw agency' earlier). So I don't know why you'd suddenly want to start relying on them for fixing poo poo like the Sony hack(s). I mean I think it would be great if someone did help improve general information security. I just really don't see why you suddenly like the loving NSA for the job.
|
# ? Jan 1, 2015 03:53 |
|
SubG posted:And the design of the DES s-boxes and Dual_EC_DRBG. Such exercises are a bit like comparing public health or safety issues to the war on terror, though.
|
# ? Jan 1, 2015 04:35 |
|
SubG posted:The NSA is a spy agency. Its solution to all problems is getting more of its eyes up in your poo poo. But I mean don't rely on my word for it. Take a look at the 2012-2016 strategy/mission statement document in the Snowden leaks. Except for a token bullet item about fostering an environment that rewards diversity, all of the mission goals involve target acquisition and data analysis. The NSA's page claims that "Information Assurance", basically network security, is one of their two primary missions.
|
# ? Jan 1, 2015 04:37 |
|
hepatizon posted:The NSA's page claims that "Information Assurance", basically network security, is one of their two primary missions. Not, incidentally, that anyone should rationally want the NSA to be responsible for remediation efforts because, if the historical record is any indication, their goals would not be to prevent any potential compromises, but rather to prevent compromises by anyone other than the NSA. So, yes. Information assurance is nominally one of the NSA's missions. But when they use that phrase it does not mean what you think it means. ShadowHawk posted:Oh organizationally I don't think they're capable of it at all given how far they've gone and the culture. The larger point I'm making is that it's just a huge misappropriation of resources and that, in principle, that same amount of resources directed towards actually promoting information security would place us in an entirely different security environment.
|
# ? Jan 2, 2015 22:17 |
|
http://www.theguardian.com/theobserver/2015/jan/04/nico-sell-wickr-secure-messaging-app-internet-security-nsa-edward-snowden Interview with founder of some messaging thing. This stood out to me: quote:You describe yourself as “properly paranoid”. Is that what we should all be? That last sentence...is that just insanity/trying to make the software they're selling seem important?
|
# ? Jan 4, 2015 18:03 |
|
I find it hard to believe that insurance companies have access to the full credit card records of everyone they insure and use that information to adjust premiums or whatever.
|
# ? Jan 9, 2015 10:59 |
|
I don't. I've had jobs pull my credit report before hiring me.
|
# ? Jan 9, 2015 14:12 |
|
Yeah a lot of jobs run credit reports even if it's really irrelevant to the position.
|
# ? Jan 9, 2015 14:16 |
|
They want to see if you're "responsible" and make sure you're not "a high risk for theft" (poor).
|
# ? Jan 9, 2015 15:58 |
|
My wife has been screwed out of several jobs and promotions at her current job because of a bankruptcy on her credit report. It's absurd what employers hold over your head. "You were the first person in your family to go to college, you say, and your parents aren't financially literate and didn't teach you how to manage your money and credit? Too bad, you're not eligible to advance from a junior position until all past indiscretions are removed from your report."
|
# ? Jan 9, 2015 17:56 |
|
LeftistMuslimObama posted:My wife has been screwed out of several jobs and promotions at her current job because of a bankruptcy on her credit report. It's absurd what employers hold over your head. "You were the first person in your family to go to college, you say, and your parents aren't financially literate and didn't teach you how to manage your money and credit? Too bad, you're not eligible to advance from a junior position until all past indiscretions are removed from your report." Yeah, it's a bit silly. Also, if you get a bankruptcy while you are employed with them and doing a good job, are they going to fire you? No.
|
# ? Jan 9, 2015 18:03 |
|
Pukestain Pal posted:a bit silly This is a little off-topic, and I don't want to come off sounding shrill, but I think we should avoid using little terms like this when discussing the power wielded over a person like that with little to no base or ground. That attitude is why server positions in this country are less than minimum wage jobs before tips. The boardrooms of hundreds of powerful, interested (not benevolently in us) parties teleconferenced their wants through a lobbying institution with a deceptively authentic name like "Chamber of Commerce", and everyone just shrugs like it's a god damned given. see also: myers-briggs testing, drug testing
|
# ? Jan 9, 2015 18:11 |
|
Edit: what the gently caress happened here
Kafka Esq. fucked around with this message at 04:58 on Feb 2, 2015 |
# ? Jan 9, 2015 18:50 |
|
Kafka Esq. posted:On the other hand, we don't exactly advertise SomethingAwful's Canadian Politics thread as a safe space, so while we shouldn't be dicks about things, do we have to get into long tangents about semiotics? I'd hardly call a paragraph about the data-mining approach businesses take to granting/denying jobs to everyday people in the Surveillance in the 21st Century thread a long tangent.
|
# ? Jan 9, 2015 21:57 |
|
Elysiume posted:I find it hard to believe that insurance companies have access to the full credit card records of everyone they insure and use that information to adjust premiums or whatever. While it's extremely unlikely an insurance company has access to any individuals credit card records, every insurance company is rather friendly with at least one big bank. I'm certain they have mountains of statistics they can analyze and sift through thanks to the data available through the bank. The (sad?) fact is that any specific individual really doesn't matter to something like a large insurance company. You, personally, are not important. It's the aggregate that matters, and how they base their premiums. So while he individually might be paranoid enough to hide his information, it's really the group that they're concerned with.
|
# ? Jan 10, 2015 04:29 |
|
http://www.telegraph.co.uk/technolo...id-Cameron.htmlDavid Cameron posted:The Security Services will be given the powers to read all messages sent over the internet, if the Conservatives win the general election.
|
# ? Jan 12, 2015 23:23 |
|
Aleksei Vasiliev posted:http://www.telegraph.co.uk/technolo...id-Cameron.html
|
# ? Jan 13, 2015 02:41 |
|
User0015 posted:You, personally, are not important. It's the aggregate that matters, and how they base their premiums. Then they made software that could make both the aggregate and the individual viewable, traceable...so again, I don't want to sound too crazy but...Well that article about the car insurance company mentioning that everyone with their little plug-in monitor installed regularly sped and they could-but-couldn't report everyone to the police seems to be down the same line.
|
# ? Jan 13, 2015 04:11 |
|
KillHour posted:I don't. I've had jobs pull my credit report before hiring me. A credit report is a significantly different thing than full credit card records.
|
# ? Jan 28, 2015 22:47 |
|
Well, I think it's time to close the thread. The NSA has been rehabilitated, as over half of Americans view the NSA favorably, and only seniors view it more unfavorably than favorably. Millennials are the most approving, with 3 in 5 approving of the job the agency is doing.
|
# ? Jan 31, 2015 21:44 |
|
Aleksei Vasiliev posted:http://www.telegraph.co.uk/technolo...id-Cameron.html This will have no negative effect on people's bank accounts.
|
# ? Jan 31, 2015 22:05 |
|
ComradeCosmobot posted:Well, I think it's time to close the thread. The NSA has been rehabilitated, as over half of Americans view the NSA favorably, and only seniors view it more unfavorably than favorably. Millennials are the most approving, with 3 in 5 approving of the job the agency is doing. Warcabbit posted:This will have no negative effect on people's bank accounts. Nektu fucked around with this message at 22:12 on Jan 31, 2015 |
# ? Jan 31, 2015 22:10 |
|
How can they even prove you're using encryption? What if you're just sending strings of garbage data around for fun?
|
# ? Jan 31, 2015 22:31 |
|
Snak posted:How can they even prove you're using encryption? What if you're just sending strings of garbage data around for fun? "Your Honor, although it may appear that I was using public key encryption to send messages about sweet bong hits, I was in fact merely shitposting."
|
# ? Jan 31, 2015 22:50 |
|
bartlebyshop posted:"Your Honor, although it may appear that I was using public key encryption to send messages about sweet bong hits, I was in fact merely shitposting." But for real, how could they prove it if they can't break your encryption? Like, a number's station is just the word's worst radio show, and definitely isn't transmitting encrypted information...
|
# ? Jan 31, 2015 22:54 |
|
Snak posted:But for real, how could they prove it if they can't break your encryption? Like, a number's station is just the word's worst radio show, and definitely isn't transmitting encrypted information... They don't care if "you" use encryption. They care if Google or Apple or Microsoft do.
|
# ? Jan 31, 2015 23:10 |
|
A super long read, but interesting: https://medium.com/@NafeezAhmed/how-the-cia-made-google-e836451a959e
|
# ? Feb 1, 2015 08:29 |
|
This is sort of a crosspost, but here is The Baffler's talk with Cade Crockford and Noam Chomsky about terrorism and the surveillance state. It covers a ton of ground on other topics, too. http://www.thebaffler.com/videos/crockford-chomsky-full/
|
# ? Feb 2, 2015 03:29 |
|
Aleksei Vasiliev posted:http://www.telegraph.co.uk/technolo...id-Cameron.html He's almost certainly referring to requiring that all communication services in Canada's jurisdiction provide encryption keys, a backdoor "god view" functionality, or some other way to allow government officials to view the contents of communications transmitted via those services. It's fun to joke about "haha dumb politician wants to ban talking in code, isn't he dumb and stupid" but honestly, who the hell uses their own offline encryption these days when chatting or emailing? Hardly anyone does; most people use a "secure" chat or messaging or email service to communicate, and those communications are all somehow subject to a central authority that the government can attack or pressure. It's not like the NSA is furiously analyzing Skype communications for encryption keys or something like that - they just went to Microsoft and asked for a backdoor, and Harper no doubt intends to follow much the same strategy. Targeting communication services would happily bag almost all "secure" communications...if all chat, messaging, and email services were under Canadian jurisdiction, anyway. The limits of the ability of the Canadian government to police foreign chat clients means that only those who decide to willingly compromise their service in response to a government request would comply, giving the Canadian government access to only most "secure" communications rather than all.
|
# ? Feb 2, 2015 08:04 |
|
Main Paineframe posted:He's almost certainly referring to requiring that all communication services in Canada's jurisdiction provide encryption keys, a backdoor "god view" functionality, or some other way to allow government officials to view the contents of communications transmitted via those services. It's fun to joke about "haha dumb politician wants to ban talking in code, isn't he dumb and stupid" but honestly, who the hell uses their own offline encryption these days when chatting or emailing? Hardly anyone does; most people use a "secure" chat or messaging or email service to communicate, and those communications are all somehow subject to a central authority that the government can attack or pressure. It's not like the NSA is furiously analyzing Skype communications for encryption keys or something like that - they just went to Microsoft and asked for a backdoor, and Harper no doubt intends to follow much the same strategy. Targeting communication services would happily bag almost all "secure" communications...if all chat, messaging, and email services were under Canadian jurisdiction, anyway. The limits of the ability of the Canadian government to police foreign chat clients means that only those who decide to willingly compromise their service in response to a government request would comply, giving the Canadian government access to only most "secure" communications rather than all. You do realize that article was about David Cameron in the UK and not Stephen Harper in Canada, right?
|
# ? Feb 2, 2015 14:32 |
|
Chadderbox posted:You do realize that article was about David Cameron in the UK and not Stephen Harper in Canada, right? I'm an American, he could be the King of France for all I care. The overall point still applies regardless of where he is.
|
# ? Feb 2, 2015 15:09 |
|
Main Paineframe posted:I'm an American, he could be the King of France for all I care. The overall point still applies regardless of where he is. Main Paineframe posted:He's almost certainly referring to When you said "he" without specifying that you were talking about a subject not listed in the comment you were replying to, it made it look like you were more interested in sharing your opinion than even appearing to have read the article linked by the person you were replying to. After I pointed this out you made a comment about how you don't care where "he" is located because your opinion is still your opinion. Does it matter to you that the article/post you responded to is NOT about the same person at all?
|
# ? Feb 2, 2015 15:43 |
|
Chadderbox posted:When you said "he" without specifying that you were talking about a subject not listed in the comment you were replying to, it made it look like you were more interested in sharing your opinion than even appearing to have read the article linked by the person you were replying to. After I pointed this out you made a comment about how you don't care where "he" is located because your opinion is still your opinion. Does it matter to you that the article/post you responded to is NOT about the same person at all? No, because I wasn't responding to the article, I was calling out the tendency in this thread to trivialize calls to backdoor and subvert communication services as "ha ha dumb politician thinks he can ban encryption, he is so dumb and stupid and funny and harmlessly naive".
|
# ? Feb 2, 2015 17:41 |
|
Main Paineframe posted:No, because I wasn't responding to the article, I was calling out the tendency in this thread to trivialize calls to backdoor and subvert communication services as "ha ha dumb politician thinks he can ban encryption, he is so dumb and stupid and funny and harmlessly naive". I'm just saying if you weren't replying to the comment or the article quoted in it... ugh never mind. Out of curiosity, who in this thread do you think has been trivializing those things? I've been reading it for a while and haven't seen that at all.
|
# ? Feb 2, 2015 18:54 |
|
UK-US surveillance regime was unlawful ‘for seven years’ quote:The regime that governs the sharing between Britain and the US of electronic communications intercepted in bulk was unlawful until last year, a secretive UK tribunal has ruled. http://www.theguardian.com/uk-news/2015/feb/06/gchq-mass-internet-surveillance-unlawful-court-nsa Looks like they're going to do jack poo poo in response.
|
# ? Feb 6, 2015 17:44 |
|
|
# ? May 30, 2024 20:53 |
|
Well, of course. The court's argument was "if you had told us it would have been legal, but you didn't so it wasn't, but you did now so we're not going to do anything." You would think that courts would, if nothing else, try to uphold their own power and relevance.
|
# ? Feb 6, 2015 21:14 |