Category: nsa

Auto Added by WPeMatico

Chinese Hackers Stole an NSA Windows Exploit in 2014

Posted on By infossl
china, exploits, hacking, microsoft, nsa, Security technology, Uncategorized, windows

Check Point has evidence that (probably government affiliated) Chinese hackers stole and cloned an NSA Windows hacking tool years before (probably government affiliated) Russian hackers stole and then published the same tool. Here’s the timeline: The timeline basically seems to be, according to Check Point: 2013: NSA’s Equation Group developed a set of exploits including … Read More “Chinese Hackers Stole an NSA Windows Exploit in 2014” »

The NSA on the Risks of Exposing Location Data

Posted on By infossl
cybersecurity, geolocation, military, nsa, riskassessment, risks, Security technology, smartphones, tracking

The NSA has issued an advisory on the risks of location data. Mitigations reduce, but do not eliminate, location tracking risks in mobile devices. Most users rely on features disabled by such mitigations, making such safeguards impractical. Users should be aware of these risks and take action based on their specific situation and risk tolerance. … Read More “The NSA on the Risks of Exposing Location Data” »

NSA on Securing VPNs

Posted on By infossl
cryptography, cybersecurity, nsa, Security technology, securityanalysis, vpn

The NSA’s Central Security Service — that’s the part that’s supposed to work on defense — has released two documents (a full and an abridged version) on securing virtual private networks. Some of it is basic, but it contains good information. Maintaining a secure VPN tunnel can be complex and requires regular maintenance. To maintain … Read More “NSA on Securing VPNs” »

Bart Gellman on Snowden

Posted on By infossl
books, edwardsnowden, nsa, operationalsecurity, privacy, Security technology, surveillance

Bart Gellman’s long-awaited (at least by me) book on Edward Snowden, Dark Mirror: Edward Snowden and the American Surveillance State, will finally be published in a couple of weeks. There is an adapted excerpt in the Atlantic. It’s an interesting read, mostly about the government surveillance of him and other journalists. He speaks about an … Read More “Bart Gellman on Snowden” »

Securing Internet Videoconferencing Apps: Zoom and Others

Posted on By infossl
aes, encryption, internetandsociety, keys, nsa, Security technology, securityengineering, videoconferencing

The NSA just published a survey of video conferencing apps. So did Mozilla. Zoom is on the good list, with some caveats. The company has done a lot of work addressing previous security concerns. It still has a bit to go on end-to-end encryption. Matthew Green looked at this. Zoom does offer end-to-end encryption if … Read More “Securing Internet Videoconferencing Apps: Zoom and Others” »

Newly Declassified Study Demonstrates Uselessness of NSA’s Phone Metadata Program

Posted on By infossl
intelligence, metadata, nationalsecuritypolicy, nsa, phones, Security technology

The New York Times is reporting on the NSA’s phone metadata program, which the NSA shut down last year: A National Security Agency system that analyzed logs of Americans’ domestic phone calls and text messages cost $100 million from 2015 to 2019, but yielded only a single significant investigation, according to a newly declassified study. … Read More “Newly Declassified Study Demonstrates Uselessness of NSA’s Phone Metadata Program” »

A New Clue for the Kryptos Sculpture

Posted on By infossl
cia, cryptography, encryption, hacking, nsa, Security technology

Jim Sanborn, who designed the Kryptos sculpture in a CIA courtyard, has released another clue to the still-unsolved part 4. I think he’s getting tired of waiting. Did we mention Mr. Sanborn is 74? Holding on to one of the world’s most enticing secrets can be stressful. Some would-be codebreakers have appeared at his home. … Read More “A New Clue for the Kryptos Sculpture” »

NSA Security Awareness Posters

Posted on By infossl
foia, nsa, Security technology, securityawareness, securityeducation

From a FOIA request, over a hundred old NSA security awareness posters. Here are the BBC’s favorites. Here are Motherboard’s favorites. I have a related personal story. Back in 1993, during the first Crypto Wars, I and a handful of other academic cryptographers visited the NSA for some meeting or another. These sorts of security … Read More “NSA Security Awareness Posters” »

Google Receives Geofence Warrants

Posted on By infossl
geolocation, google, lawenforcement, nsa, privacy, Security technology, surveillance, tracking

Sometimes it’s hard to tell the corporate surveillance operations from the government ones: Google reportedly has a database called Sensorvault in which it stores location data for millions of devices going back almost a decade. The article is about geofence warrants, where the police go to companies like Google and ask for information about every … Read More “Google Receives Geofence Warrants” »

Critical Windows Vulnerability Discovered by NSA

Posted on By infossl
certificates, cryptography, encryption, exploits, maninthemiddleattacks, microsoft, nsa, Security technology, vulnerabilities, windows, zeroday

Yesterday’s Microsoft Windows patches included a fix for a critical vulnerability in the system’s crypto library. A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was … Read More “Critical Windows Vulnerability Discovered by NSA” »