News Bits
Press Release: NSA Security Science award nominations due on March 31 for the best paper of 2013.
The 2013 winner, Joseph Bonneau, had mixed feelings about the honor, according to a statement he released last July.
NSA morale down after Edward Snowden revelations, former U.S. officials say
Major tech companies unite to call for new limits on surveillance
In addition to Microsoft and Google, the signers are Apple, Facebook,
LinkedIn, Yahoo, AOL and Twitter.
NSA head says metadata program key tool against terrorism
The NSA has argued that collecting metadata - some of which is likely to be stored at the NSA's Utah Data Center - is a powerful instrument in being able to determine if terrorists are communicating with people inside the United States.
Obama Panel Said to Urge N.S.A. Curbs
By cracking cellphone code, NSA has ability to decode private conversations
Judge: NSA phone surveillance program unconstitutional
Research shows how MacBook Webcams can spy on their users without warning
Snowden still holding 'keys to the kingdom'
Millions of accounts compromised in Snapchat hack
Malware attack hits thousands of Yahoo users
N.S.A. Devises Radio Pathway Into Computers
Amazon is a hornet's nest of malware
Some Obama spy changes hampered by complications
Items from security-related news (E118.Jan-2014)
See http://www.nsa.gov/public_info/press_room/2013/2013_best_cybersecurity_paper_competition.shtml
The Washington Post
By Ellen Nakashima
December 7, 2013
"The agency, from top to bottom, leadership to rank and file, feels that it is had no support from the White House even though it's been carrying out publicly approved intelligence missions," said Joel Brenner, NSA inspector general from 2002 to 2006.
By Craig Timberg
The Washington Post
December 8, 2013
Eight major US tech companies have sent a letter to U.S. leaders with
a complaint against data collection. "We understand that governments
have a duty to protect their citizens. But this summer's revelations
highlighted the urgent need to reform government surveillance
practices worldwide," the letter says.
By Thomas Burr
The Salt Lake Tribune
Dec 11 2013, Updated Dec 16 2013
NSA's Director, Gen. Keith Alexander, to the Senate Judiciary Committee that NSA metadata gathering is necessary to protect the US against terrorism.
By David E. Sanger
The New York Times
December 12, 2013
The recommendations of a presidential advisory committee include more review of collection activities, including what data is sought and who the targets are. Administration officials say that the White House now supervises the programs. Resistance from agencies seems likely.
by Craig Timberg and Ashkan Soltani
The Washington Post
Dec 13, 2013
Karsten Nohl, chief scientist at Security Research Labs in Berlin, says that worldwide, over 80 per cent of all cell phone calls use no encryption. Even those that do encrypt may be vulnerable to eavesdropping by the NSA, because the encryption has been "cracked" by the NSA scientists. Matthew Blaze, a University of Pennsylvania cryptology expert, said the weakness was in A5/1 encryption and is "a pretty sweeping, large vulnerability."
By Bill Mears and Evan Perez
CNN
December 16, 2013
A Federal judge, Richard Leon, favored five plaintiffs who object to
NSA phone surveillance, setting up a battle between privacy advocates
and US intelligence agencies. "I cannot imagine a more
'indiscriminate' and 'arbitrary invasion' than this systematic and
high-tech collection and retention of personal data on virtually every
citizen for purposes of querying and analyzing it without prior
judicial approval," said Leon.
By Ashkan Soltani and Timothy B. Lee
The Washington Post
December 18, 2013
Some Apple computer users put a piece of tape over the camera lens
of the their laptops and tablets. Are they paranoid?
Althugh the built-in cameras on Apple computers were designed to
prevent surreptious use, Stephen Checkoway, a computer science
professor at Johns Hopkins and his co-author Matthew Brocker were able
to get around the security feature of having a light on the computer
activated when the camera a being used.
By Walter Pincus
The Washington Post
December 18, 2013
Journalist Glenn Greenwald, who has a copy of the Snowden documents, has
commented on the extent of information as yet unpublished.
These documents, Greenwald said, "would allow somebody who read them to know exactly how the NSA does what it does, which would in turn allow them to evade that surveillance or replicate it."
RSA's secret contract with NSA
By Joseph Menn
Reuters
December 20, 20133
The security company RSA adopted a random number generation method called Dual Elliptic Curve after being paid several million dollars the NSA. Documents leaked by Snowden indicate that the secret contract enabled backdoor access by NSA to encrypted data generated by RSA customers.
US spy court: NSA to keep collecting phone records
By Stephen Braun and Kimberly Dozier
Associated Press
Jan 3, 2013
The Foreign Intelligence Surveillance Court acted to renew an NSA phone metadata collection program. At the same time, the US government filed to lift a
stay of the collection on 5 plaintiffs as ordered by a Federal Court.
By Doug Gross
CNN
January 2, 2014
A group of whitehat hackers, Gibson Security, published code that would let other hackers obtain names and partial phone numbers of Snapchat users. That code was apparently exploited shortly thereafter. Snapchat seemed to downplay the event, claiming that it would be virtually impossible to match partial numbers to users' real names.
By Faith Karimi and Joe Sutton
CNN
January 6, 2014
Windows users who accessed their Yahoo accounts from Dec. 31 to Jan. 3 may have been infected with malware introduced through hacked advertisements.
By David E. Sanger and Thom Shankerton
New York Times
January 14, 2014
Ever wonder why the NSA needs to have a chip fabrication line? It may be for the purpose of manufacturing USB sticks that can communicate over short range radio transmissions without detection by unwitting users. These devices have been planted in as many as 100K computers around the world.
By Brian Fung
The Washington Post
January 16, 2014
IT security firm Solutionary has gathered data indicating that Amazon's cloud services are the number one hosting site for malware affecting millions of LinkedIn subscribers.
Point-of-sale malware infecting Target found hiding in plain sight
by Dan Goodin
Ars Technica
Jan 15, 2014
On December 18, 2013, KrebsOnSecurity's Brian Krebs uncovered
"memory-scraping" malware on public site and reported on it
here. It is apparently the same software that was able to steal
data from point-of-sale terminals at Target during previous weeks. The
software cleverly scans memory for sensitive data and copies it before the
terminal's software encrypts it for transmission to servers.
By Stephen Braun
Associated Press
in The Salt Lake Tribune
Jan 20, 2014
Plans to add additional review of Foreign Intelligence Surveillance Courts might be opposed the Judiciary as being an illegal form of inteference between
branches of the US government.