Wednesday, February 17, 2016

Wait... The NSA is not nigh omnipotent? I was promised nigh omnipotence - What I am reading 2/17/2016

NY Times - N.S.A. Gets Less Web Data Than Believed, Report Suggests -
The report indicates that when the N.S.A. conducts Internet surveillance under the FISA Amendments Act, companies that operate the Internet are probably turning over just emails to, from or about the N.S.A.’s foreign targets — not all the data crossing their switches, as the critics had presumed.
I haven't read this report and I assume that it will attempt to portray the NSA's operation in the best possible light, just as all of Snowden's releases tend to portray the US Government in the worst possible light.  The truth is probably somewhere in the middle, but this does point out a problem that I have complained about before.  There is no real clear providence for Snowden's documents and as far as I know those documents are still only released in incomplete out of context snippets.  The stash as a whole is still controlled by Greenwald and Poitras who both have axes to grind with the US Government.  Maybe I am wrong - if so point me to the archives, but until then I accept nothing from Snowden / Greenwald / Poitras / Schneier at face value.

Ars Technica - Extremely severe bug leaves dizzying number of software and devices vulnerable -

"It's a big deal," Washington, DC-based security researcher Kenn White told Ars, referring to the vulnerability. "This is a core bedrock function across Linux. Things that do domain name lookups have a real vulnerability if the attacker can answer."
The widely used secure shell, sudo, and curl utilities are all known to be vulnerable, and researchers warn that the list of other affected apps or code is almost too diverse and numerous to fully enumerate. Using a proof-of-concept exploit released Tuesday, White was able to determine that the version of the Wget utility he uses to test and query Web servers was vulnerable. He said he suspects that the vulnerability extends to an almost incomprehensibly large body of software, including virtually all distributions of Linux; the Python, PHP, and Ruby on Rails programming languages; and many other things that uses Linux code to look up the numerical IP address of an Internet domain. Most Bitcoin software is reportedly vulnerable, too.
It should go without saying, but update your servers you bums.

The Verge - US Department of Defense is aggressively upgrading to Windows 10 -
The US DoD is planning to move 4 million machines to Windows 10 within a year. That's an aggressive timeline, and one that reflects confidence in Microsoft's latest operating system and a need to move to more secure software. The DoD's move to Windows 10 began in November after an internal memo directed all Combatant Commands, Services Agencies and Field Activities to rapidly deploy Windows 10.
That's kind of scary.  I am a Windows 10 user and I have far more problems with it than I did with Windows 7 or Windows 8.1.

re/code - ‘Five-Dimensional’ Glass Discs Can Store Data for Up to 13.8 Billion Years -
Scientists from the University of Southampton in the U.K. have created a new data format that encodes information in tiny nanostructures in glass. A standard-sized disc can store around 360 terabytes of data, with an estimated lifespan of up to 13.8 billion years, even at temperatures of 190°C. That’s as old as the universe, and more than three times the age of the Earth.
Thank God, most of the worlds porn supply may now be safe.  The disks are only 360 TB each so 7 or 8,000,000 will probably be needed to fully encode all the porn out there but that is a cost humanity should be willing to bear.









Post a Comment

OSCP and Defcon26

First - I was thinking my OSCP course started on the 27th, nope it starts on the 19th.  I would have missed it except i decided to double ch...