Tuesday, March 07, 2017

Woe to the CIA - Wikileaks releases a ton of their tools / techniques for compromising everything - What I am reading 3/7/17


This plan expands on recent policy updates, such as the Presidential Policy Directive/PPD-41, to clarify the Federal Government’s roles and responsibilities for preparing for, responding to, and recovering from significant cyber incidents. It describes a national approach to cyber incidents, and explains the important role that the private sector, states, and multiple federal agencies play in incident response and how those activities fit together.

If this was announced earlier I didn't see it.  Or, maybe I did and it was just under a different title, but in any case I will track it down and post it later. 

Access Management and the Automation of Things

Access management seems to be an area that is especially ready for automation but it never seems to quite get there.  Considering how important it is in the overall scheme of security management that's a shame.  This article is just a basic discussion but still worth  look.

Trump's administration will be making it harder to get H-1B visas starting in April -

United States Immigration and Customs Services has announced that, starting in April, it will no longer offer its 15-day “premium processing” program for applicants of H-1B visas.
 This article is not quite accurate.  It is not changing the base process to get the visa's it is eliminating a process that let's some companies skip to the front of the line.  Also what is up with these last 3 paragraphs:

Google, Apple, Amazon, Facebook and many other tech companies condemned Trump’s immigration and refugee ban that was issued by executive order in January, which blocked people from seven primarily Muslim countries from entering the U.S.
Dozens of companies, mostly in technology, signed onto a brief that claimed the ban inflicted“substantial harm on U.S. companies.”
Although that executive order was suspended after review from a panel of federal judges, Trump says his administration is working on a new version of the immigration ban.
 What's being implied is that the Trump administration is using this as a toll to punish these companies for opposing his executive order despite the fact that changes to the H-1B process were being discussed even back during the campaign and that many people have been calling for changes even in the last administration.

WikiLeaks on Tuesday published thousands of documents purportedly taken from the Central Intelligence Agency's Center for Cyber Intelligence, a dramatic release that appears to expose intimate details of America's cyberespionage toolkit.
It was not immediately clear how WikiLeaks obtained the information, which included more than 8,700 documents and files. The CIA tools, if authentic, could undermine the confidence that consumers have in the safety and security of their computers, mobile devices and even smart TVs.
 More from the NY Times

Among other disclosures that, if confirmed, would rock the technology world, the WikiLeaks release said that the C.I.A. and allied intelligence services had managed to bypass encryption on popular phone and messaging services such as Signal, WhatsApp and Telegram. According to the statement from WikiLeaks, government hackers can penetrate Android phones and collect “audio and message traffic before encryption is applied.”
Said it before and I'll say it again.  There is no safe encryption.  If the governement wants to read your mail it will read your mail.


Post a Comment

OSCP and Defcon26

First - I was thinking my OSCP course started on the 27th, nope it starts on the 19th.  I would have missed it except i decided to double ch...