Fun Fact: Edward Snowden Has Already Created More Jobs Than the Keystone Pipeline Ever Would
Reported, by ProPublica and the New York Times: Memos outlining the secret expansion of the National Security Agency’s warrantless surveillance program in 2012. As the Gray Lady states, the N.S.A was authorized secretly by the Justice Department “to target Internet addresses, malware, and other ‘cybersignatures’ associated with foreign governments, and it has pushed to remove limits on that power.” (The question as to what “associated” can mean in this context is left rather blank.) In a related note, Vice News has released documents that only cloud the waters as to how many items Snowden actually obtained. The range has run from 200,000 to 1.7 million – the briefing points obtained by Vice under the Freedom of Information Act give the number as “over 900,000”. The part we particularly applaud (and that no one else seems to be playing up) is how this issue has helped fight unemployment, as the FOIA docs note that between 200 and 250 people from the Department of Defense work to “triage, analyze, and assess DoD impacts related to the Snowden compromise”.
Recommended Response to Hola: Adios
Discovered, by the forthrightly-named “Adios-Hola” team: Significant issues with the popular free Virtual Private Network provider Hola, which counts some 47 million users. Their “peer-to-peer VPN” setup is wildly insecure – it allows user activity to be tracked, lets other Hola users send traffic across any other user’s connection and allows a user to open and run any program on any other Hola user’s computer. This is all Really Bad Stuff, but the icing on the cake is that Hola’s sister business Luminati sells access to the Hola network, for any purpose whatsoever – if that makes Luminati sound like a botnet that’s because it functionally IS one (and was used as such in a recent DDOS attack on the popular imageboard 8chan).
U.S. Government To Provide Free Credit Monitoring to 4 Million Lucky Employees! (There’s a Catch)
Stolen from the U.S. Office of Personnel Management, by “Chinese hackers”: Personnel and security clearance information for some 4 million federal workers. The breach apparently began in December 2014 but was not detected until April of this year. Sad, sad bonus points: The intrusion detection system the hackers apparently evaded is named EINSTEIN.
John McAfee Sighted, Speaks, Makes Considerable Sense
Delivered, at the 2015 Infosec Conference, by security maven John McAfee: A keynote speech on privacy. McAfee – best known for his early association with antivirus software and his exploration of Central American legal systems – has spoken out about smartphone apps that spy on users previously at DefCon 2014. This time around he decried governmental attempts to weaken protection (“By putting backdoors in the software, we have given hackers the access we are trying to prevent.”) McAfee also again addressed the possible malign side effects of allowing software from obscure sources to run on one’s phone, mentioning Bible-reading apps specifically – “almost every one of them wants access to your emails or SMS messages, to access the camera and the microphone. What does it need that access for?”
We see we haven’t mentioned the latest firmware exploits that can root your Mac, or the recent list of 22 router models and the vulnerabilities they come with (no extra charge!), or the adoption of PGP by Facebook and support of OpenSSH by Microsoft, measures that pull each ever closer to late-2oth-century security standards…but never fear, we’ll be back with more next week, we promise.
As always, we appreciate your reading these words, and please let us know your take on these issues. Remember – SSL.com believes that a safer
internet is a better internet.