Jacob Appelbaum explains why the NSA’s spying concerns us all

Cory at BoingBoing puts it best:

Sunday’s Snowden leaks detailing the Tailored Access Operations group — the NSA’s exploit-farming, computer-attacking “plumbers” — and the ANT’s catalog of attacks on common computer equipment and software — were accompanied by a lecture by Jacob Appelbaum at the 30th Chaos Communications Congress. I have seen Jake speak many times, but this talk is extraordinary, even by his standards, and should by watched by anyone who’s said, “Well, they’re probably not spying on me, personally;” or “What’s the big deal about spies figuring out how to attack computers used by bad guys?” or “It’s OK if spies discover back-doors and keep them secret, because no one else will ever find them.”

Also, see Der Spiegel’s sidebar feature for a look at the source documents.

The NSA Uses Powerful Toolbox in Effort to Spy on Global Networks – SPIEGEL ONLINE

Germany’s Der Spiegel claims the NSA’s TAO unit routinely intercepts computer and electronic shipments of targets and surreptitiously plants listening devices and/or backdoors in them.

One of the two main buildings at the former plant has since housed a sophisticated NSA unit, one that has benefited the most from this expansion and has grown the fastest in recent years — the Office of Tailored Access Operations, or TAO. This is the NSA’s top operative unit — something like a squad of plumbers that can be called in when normal access to a target is blocked.

According to internal NSA documents viewed by SPIEGEL, these on-call digital plumbers are involved in many sensitive operations conducted by American intelligence agencies. TAO’s area of operations ranges from counterterrorism to cyber attacks to traditional espionage. The documents reveal just how diversified the tools at TAO’s disposal have become — and also how it exploits the technical weaknesses of the IT industry, from Microsoft to Cisco and Huawei, to carry out its discreet and efficient attacks.

via The NSA Uses Powerful Toolbox in Effort to Spy on Global Networks – SPIEGEL ONLINE.

Judge on NSA Case Cites 9/11 Report, But It Doesn’t Actually Support His Ruling – ProPublica

Whoopsie. Methinks His Honor didn’t want to let a little thing like basic research interrupt his holiday celebrations.

In a new decision in support of the NSA’s phone metadata surveillance program, U.S. district court Judge William Pauley cites an intelligence failure involving the agency in the lead-up to the 9/11 attacks. But the judge’s cited source, the 9/11 Commission Report, doesn’t actually include the account he gives in the ruling. What’s more, experts say the NSA could have avoided the pre-9/11 failure even without the metadata surveillance program.

via Judge on NSA Case Cites 9/11 Report, But It Doesn’t Actually Support His Ruling – ProPublica.

Stolen Target Credit Cards and the Black Market: How the Digital Underground Works | The State of Security

This is a fascinating account of what’s happening with those 40 million credit cards that were recently stolen from Target.

With the Target data breach, many are wondering how criminals can profit from the use of the stolen credit cards. The card holders themselves will not be responsible for any of the charges, so how is it that criminals are able to make money from stolen credit cards?I have been involved with several cases where organized crime rings have been unveiled, many of these have had connections to Russian and Eastern European groups. These groups generate a significant profit through stolen property acquired through burglaries, shoplifting, identity theft, credit card skimming and carding. Many underestimate the complexity of some of these networks and the revenue they generate.

via Stolen Target Credit Cards and the Black Market: How the Digital Underground Works | The State of Security.

Former UNC-Chapel Hill professor indicted in academic scandal

Orange County District Attorney Jim Woodall has charged former UNC professor Julius Nyang’oro with obtaining property by false pretense for accepting money for a class he didn’t teach.

Julius Nyang’oro, the former chairman of the Department of African and Afro-American Studies at the University of North Carolina at Chapel Hill, was indicted Monday by an Orange County grand jury on a charge related to an academic scandal at the school.

Nyang’oro could face up to 30 months in prison if he is convicted of obtaining property by false pretense, which is a felony. Investigators said he accepted $12,000 for teaching a class that never happened.

The university reclaimed the money through garnishment of his final paycheck.

While I am mad as anyone that UNC condoned cheating, I think the false-pretense charge is ridiculous. You would have a harder time convincing me that UNC didn’t know this was going on, that UNC wasn’t fully aware of what Nyang’oro was doing, than convincing me that Nyang’oro somehow hoodwinked the university. These things don’t happen in a vacuum. The professor has done this work many times before with no compensation. It was the university’s idea to pay him this particular time and by then it should have been “caveat emptor.”

Again, I can’t stand cheaters and I think the book should be thrown at UNC for their misdeeds. However, this charge won’t result in justice. It will result in quite an interesting trial, though, as Nyang’oro and his attorney summon some very uncomfortable witnesses to testify at his defense.

via Former UNC-Chapel Hill professor indicted in academic scandal :: WRAL.com.

Blog Crossed Buns: Deconstruction of a Hack

Last week, I noticed an attack against my webserver very similar to this one. It doesn’t appear to have been successful, which is good.

Like any fellow server maintainers out there, I know that I will occasionally be the target of an anonymous persons ire. This week it was my turn. I run an Apache server with PHP for my personal projects, nothing important. I also run a number of apps to help me manage my server, like BASE to monitor my snort logs overkill for a personal server, yes I know, and phpMyAdmin to manage the database portion.

I made the mistake of thinking that one of my apps was secure, and the further mistake of not updating it to the most recent version of an app. I blame my busy schedule with school and work for not keeping it more up to date. Today, phpMyAdmin was the culprit.

via Blog Crossed Buns: Deconstruction of a Hack.

Update: Here’s code similar to that which someone attempted to post to my site. And here’s another site which got hit in a similar way.

A liberal plant

I joined a Facebook group for Desert Storm Veterans a while back, fascinated by the old war photographs veterans were sharing. Lately, though, a few right wingers were posting trollop from Glenn Beck and Rush Limbaugh, as if this was of interest to everyone. I was about to loudly complain to the group moderator or even considering leaving the group when I saw the moderator’s pinned post at the top of the page:

This is not a sales group anyone trying will be banned….This is also a Free Speech Zone and it will not be sensored [sic.]

Well if the wingnuts are going to post right-wing bullshit in the group then I’m going to counter it with some left-wing nuggets of truth. For every dumbshit post from World Net Daily I’ve been posting some liberal counterpoint.
Continue reading →

NSA infiltrates links to Yahoo, Google data centers worldwide, Snowden documents say

Eric Schmidt spoke out about this NSA spying today.
GOOGLE-CLOUD-EXPLOITATION1383148810

The National Security Agency has secretly broken into the main communications links that connect Yahoo and Google data centers around the world, according to documents obtained from former NSA contractor Edward Snowden and interviews with knowledgeable officials.

By tapping those links, the agency has positioned itself to collect at will from hundreds of millions of user accounts, many of them belonging to Americans. The NSA does not keep everything it collects, but it keeps a lot.

via NSA infiltrates links to Yahoo, Google data centers worldwide, Snowden documents say – The Washington Post.

The NSA isn’t the only one who’s tracking your websurfing

I did some searches on TigerDirect’s website for some solid state drives. Lo and behold, Facebook presents me with an advertisement from TigerDirect for … wait for it … solid state drives!

This isn’t the first time I’ve seen an eerily similar ad from TigerDirect (and others) show up on my Facebook page. This kind of thing happens all the time on the web: private companies track your every move. Your online purchase and websurfing information gets stored and correlated in a marketing database. You almost can’t visit a website without being tracked in some way.

No wonder the NSA can’t resist vacuuming up information from American Internet companies.

Obama May Ban Spying on Heads of Allied States

How nice that President Obama is contemplating the end of spying on friendly foreign leaders. I’m glad that German Chancellor Angela Merkel will soon enjoy freedom from NSA spying. Now, what does it take for millions of law-abiding American citizens to get the same deal?

WASHINGTON — President Obama is poised to order the National Security Agency to stop eavesdropping on the leaders of American allies, administration and congressional officials said Monday, responding to a deepening diplomatic crisis over reports that the agency had for years targeted the cellphone of Chancellor Angela Merkel of Germany.

via Obama May Ban Spying on Heads of Allied States – NYTimes.com.

S	M	T	W	T	F	S
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31