What the NSA revelations mean for you?

I have linked to many news related to NSA spying information by Edward Snowden at Security trends for 2013 comments. He succeeded beyond anything the journalists or Snowden himself ever imagined (exploded round the world). But what do all this information really mean for you?

The Guardian has a very good overview of the current NSA spying situation at NSA FILES: DECODED – What the revelations mean for you article. You should really check out this article that has lots of videos and other linked material.

13 Comments

  1. Tomi Engdahl says:

    Our Government Has Weaponized the Internet. Here’s How They Did It
    http://www.wired.com/opinion/2013/11/this-is-how-the-internet-backbone-has-been-turned-into-a-weapon/

    The only self defense from all of the above is universal encryption. Universal encryption is difficult and expensive, but unfortunately necessary.

    Encryption doesn’t just keep our traffic safe from eavesdroppers, it protects us from attack. DNSSEC validation protects DNS from tampering, while SSL armors both email and web traffic.

    There are many engineering and logistic difficulties involved in encrypting all traffic on the internet, but its one we must overcome if we are to defend ourselves from the entities that have weaponized the backbone.

    Reply
  2. Tomi Engdahl says:

    Which Companies Are Encrypting Your Data Properly?
    https://www.eff.org/deeplinks/2013/11/encrypt-web-report-whos-doing-what
    http://gizmodo.com/which-companies-are-encrypting-your-data-properly-1468088449

    We’ve asked the companies in our Who Has Your Back Program what they are doing to bolster encryption in light of the NSA’s unlawful surveillance of your communications. We’re pleased to see that four companies—Dropbox, Google, SpiderOak and Sonic.net—are implementing five out of five of our best practices for encryption.

    By adopting these practices, described below, these service providers have taken a critical step towards protecting their users from warrantless seizure of their information off of fiber-optic cables.

    By enabling encryption across their networks, service providers can make backdoor surveillance more challenging, requiring the government to go to courts and use legal process.

    Why Crypto Is So Important

    The National Security Agency’s MUSCULAR program, which tapped into the fiber-optic lines connecting the data centers of Internet giants like Google and Yahoo, exposed the tremendous vulnerabilities companies can face when up against as powerful an agency as the NSA. Bypassing the companies’ legal departments, the program grabbed extralegal access to your communications, without even the courtesy of an order from the secret rubber-stamp FISA court. The program is not right, and it’s not just.

    With that in mind, EFF has asked service providers to implement strong encryption. We would like to see encryption on every step of the way for a communication on its way to, or within, a service provider’s systems.

    For starters, we have asked companies to encrypt their websites with Hypertext Transfer Protocol Secure (HTTPS) by default.

    We have also asked them to flag all authentication cookies as secure. This means cookie communications are limited to encrypted transmission

    asked companies to enable HTTP Strict Transport Security (HSTS). HSTS essentially insists on using secure communications, preventing certain attacks

    All of these technologies are now industry-standard best practices. While they encrypt the communications from the end user to the server and back, the MUSCULAR revelations have shown this is not enough. Accordingly, we have asked service providers to encrypt communications between company cloud servers and data centers. Anytime a users’ data transits a network, it should be strongly encrypted, in case an attacker has access to the physical data links or has compromised the network equipment.

    In addition, we have asked for email service providers to implement STARTTLS for email transfer. STARTTLS is an opportunistic encryption system, which encrypts communications between email servers that use the Simple Mail Transfer Protocol (SMTP) standard.
    If both email servers understand STARTTLS, then the communications will be encrypted in transit.

    Reply
  3. Tomi Engdahl says:

    UN passes anti-spying resolution
    http://news.yahoo.com/un-passes-anti-spying-resolution-193128274.html

    UNITED NATIONS (United States) (AFP) – A UN rights committee on Tuesday passed a “right to privacy” resolution pressed by Germany and Brazil, which have led international outrage over reports of US spying on their leaders.

    The resolution says that surveillance and data interception by governments and companies “may violate or abuse human rights.”

    Fifty-five countries, including France, Russia and North Korea, co-sponsored the text which did not name any target but made lightly veiled references to spying which has put the US National Security Agency at the center of global controversy.

    The United States and key allies Britain, Australia, Canada and New Zealand — who together make up the so-called “Five-Eyes” intelligence group — joined a consensus vote passing the resolution after language suggesting that foreign spying would be a rights violation was weakened.

    Reply
  4. Tomi Engdahl says:

    Techies vs. NSA: Encryption arms race escalates
    http://bigstory.ap.org/article/techies-vs-nsa-encryption-arms-race-escalates

    Encrypted email, secure instant messaging and other privacy services are booming in the wake of the National Security Agency’s recently revealed surveillance programs. But the flood of new computer security services is of variable quality, and much of it, experts say, can bog down computers and isn’t likely to keep out spies.

    In the end, the new geek wars —between tech industry programmers on the one side and government spooks, fraudsters and hacktivists on the other— may leave people’s PCs and businesses’ computer systems encrypted to the teeth but no better protected from hordes of savvy code crackers.

    “Every time a situation like this erupts you’re going to have a frenzy of snake oil sellers who are going to throw their products into the street,” says Carson Sweet, CEO of San Francisco-based data storage security firm CloudPassage. “It’s quite a quandary for the consumer.”

    The revelations are sparking fury and calls for better encryption from citizens and leaders in France, Germany, Spain and Brazil who were reportedly among those tapped. Both Google and Yahoo, whose data center communications lines were also reportedly tapped, have committed to boosting encryption and online security. Although there’s no indication Facebook was tapped, the social network is also upping its encryption systems.

    For those who want to take matters into their own hands, encryption software has been proliferating across the Internet since the Snowden revelations broke.

    Heml.is — Swedish for “secret” — is marketed as a secure messaging app for your phone. MailPile aims to combine a Gmail-like user friendly interface with a sometimes clunky technique known as public key encryption. Younited hopes to keep spies out of your cloud storage, and Pirate Browser aims to keep spies from seeing your search history. A host of other security-centered programs with names like Silent Circle, RedPhone, Threema, TextSecure, and Wickr all promise privacy.

    Many of the people behind these programs are well known for pushing the boundaries of privacy and security online.

    The quality of these new programs and services is uneven, and a few have run into trouble.

    “What we found is the encryption services range in quality,” says George Kurtz, CEO of Irvine, Calif.-based CrowdStrike, a big data, security technology company. “I feel safe using some built by people who know what they are doing , but others are Johnny-come-latelies who use a lot of buzzwords but may not be all that useful.”

    Even so, private services report thousands of new users, and nonprofit, free encryption services say they have also see sharp upticks in downloads.

    And for many users, encryption really isn’t enough to avoid the U.S. government’s prying eyes.

    In any case, most attacks don’t happen because some cybercriminal used complicated methods to gain entry into a network, he adds.

    “Most attacks occur because someone made a mistake. With phishing emails, it just takes one person to unwittingly open an attachment or click on a malicious link, and from there, cybercriminals are able to get a foothold,” Peterson says.

    Reply
  5. Tomi Engdahl says:

    Microsoft’s General Counsel: N.S.A. Hacks Were an ‘Earthquake’ for Tech
    http://bits.blogs.nytimes.com/2013/12/05/microsofts-general-counsel-n-s-a-hacks-were-an-earthquake-for-tech/?_r=0

    Microsoft is the latest company to try to protect its data from its own government.

    An article on Thursday indicates that Microsoft is in the process of expanding and strengthening the encryption for popular services including the email service Outlook.com, Office 365 apps, the Azure cloud-computing service and Skydrive online storage. It is also adding an encryption technology, called Perfect Forward Secrecy, that thwarts eavesdropping.

    The company is also scrambling the links between its data centers in an effort to assure users and foreign governments that their data is not free for the National Security Agency’s taking.

    The company says encryption and Perfect Forward Secrecy will become the default setting for users by the end of 2014.

    Microsoft will also open up so-called transparency centers, where governments can inspect its products code for back doors.

    “The idea that the government may be hacking into corporate data centers was a bit like an earthquake, sending shock waves across the tech sector,” Mr. Smith said in an interview. “We concluded that we better assume that there might be such an attempt at Microsoft, or has already been.”

    And therein lies the rub. Microsoft’s efforts — and for that matter Google’s, Twitter’s, Mozilla’s, Facebook’s and Yahoo’s — still do not prevent the government from gaining access to their data through a court order. And some security experts point out that even if companies like Microsoft allow outsiders to inspect their code, that only eliminates one mode of attack; snoops could still find holes in other parts of the system.

    Lavabit and Silent Circle, two secure message providers, have been lobbying major Internet companies to adopt a new Dark Mail e-mail protocol that would encrypt user data and metadata in such a way that it would leave the keys with the user, not the provider. Dark Mail would thereby force governments, or hackers, to go straight to the user to unscramble their data.

    “The real friction point is that Yahoo, Google and Microsoft make money mining off free email,” Mr. Janke said in an interview. “They say they’re concerned about user privacy. Now we’ll see if they really care.”

    Reply
  6. Tomi Engdahl says:

    CIOs do not have to panic at the NSA

    The revelations of the massive U.S. government tietourkinnasta have scared the ordinary citizens , undermined the credibility of our policies and outraged defend the privacy of guard dogs , but senior IT managers are not panicking , at least not yet.

    So far, they have been content to follow the situation , gather information about , and to make a variety of measures to minimize the risks. Despite the alarming news of IT management does not , however, have not withdrawn their decisions to outsource their respective companies and data applications in the cloud.

    This became apparent when a pair of ten U.S. and European CIO of the respondents were asked how the NSA’s doings have influenced their cloud services strategy.

    Many of the interviewed top-level IT executives told , however, to be more cautious cloud service plans , and the transition to the cloud . The spy scandal because they are also re- visited through the cloud service providers’ agreements, just double checked the best practices and tighten the security controls .

    No surprise

    The revelations do not come to the CIO for a complete surprise , but the fact that the Board of Directors oversees the telecom and internet traffic, has been common knowledge .

    “The government’s control has not changed our opinion on cloud computing . The cloud is an attractive model for us . On the other hand , I have never been so naïve that I would have never thought that this type of control should be going , ”

    For many respondents , the government ‘s information systems and traffic spy is not part of their security threat to the top of their lists .

    “Every CIO has every minute of every day among other things, concerned about security, privacy, business continuity and disaster recovery. We are likely to be paranoid friends across the globe, ”

    Also, the fact that all had been behind a firewall , its risks associated with their own . IT leaders concerned about the cost and complexity that arises when servers are rotated in their own data centers . Run the risk of loss of competitiveness if the competitors have to take the benefits from cloud services.

    Source:
    CIO ei joudu NSA-paniikkiin
    http://www.tietoviikko.fi/cio/cio+ei+joudu+nsapaniikkiin/a954723

    Reply
  7. Tomi says:

    ‘NSA ruined it!’ Brazil ditches Boeing jets, grants $4.5 bln contract to Saab
    http://rt.com/news/brazil-nsa-defense-contract-454/

    Brazil has rejected a contract for Boeing’s F/A-18 fighter jets in favor of the Swedish Saab’s JAS 39 Gripens. The unexpected move to reject the US bid comes amid the global scandal over the NSA’s involvement in economic espionage activities.

    The announcement for the purchase of 36 fighters was made Wednesday by Brazilian Defense Minister Celso Amorim and Air Force Commander Junti Saito. The jets will cost US$4.5 billion, well below the estimated market value of around US$7 billion.

    Reply
  8. Tomi Engdahl says:

    2013 in Review: The Year the NSA Finally Admitted Its “Collect It All” Strategy
    https://www.eff.org/deeplinks/2013/12/2013-year-nsas-collect-it-all-strategy-was-revealed

    As the year draws to a close, EFF is looking back at the major trends influencing digital rights in 2013 and discussing where we are in the fight for free expression, innovation, fair use, and privacy.

    Reply
  9. Tomi Engdahl says:

    2013 in Review: Revelations, Tragedy, and Fighting Back
    https://www.eff.org/deeplinks/2013/12/2013-review

    When it comes to the fight for free expression and privacy in technology, 2013 changed everything.

    This was the year we received confirmation and disturbing details about the NSA programs that are sweeping up information on hundreds of millions of people in the United States and around the world.

    In December, a federal judge even found the surveillance likely unconstitutional, calling it “almost-Orwellian.”

    Reply
  10. Tomi Engdahl says:

    The Year in NSA
    http://threatpost.com/the-year-in-nsa/103329

    rather than trying to rank the NSA revelations on any sort of scale, we’ve put together an admittedly simplified list of some of the more interesting NSA-related stories to emerge in 2013.

    Least Surprising NSA Capability: Breaking/Subverting Crypto

    Most Surprising NSA Capability: Defeating the Collective Security Prowess of Silicon Valley

    Most Interesting People to Emerge From the NSA Story: Jacob Appelbaum and Matthew Green

    Reply
  11. Candida Burris says:

    Timely writing . I learned a lot from the analysis , Does anyone know if my business might find a blank a form example to work with ?

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*