nsa – Page 8 – SSL and internet security news

Yet Another Russian Hack of the NSA — This Time with Kaspersky’s Help

October 6, 2017 infossl

cyberattack, cyberespionage, hacking, insiders, kaspersky, leaks, nsa, russia, Security technology

The Wall Street Journal has a bombshell of a story. Yet another NSA contractor took classified documents home with him. Yet another Russian intelligence operation stole copies of those documents. The twist this time is that the Russians identified the documents because the contractor had Kaspersky Labs anti-virus installed on his home computer. This is … Read More “Yet Another Russian Hack of the NSA — This Time with Kaspersky’s Help” »

ISO Rejects NSA Encryption Algorithms

September 21, 2017 infossl

backdoors, cryptography, edwardsnowden, encryption, nsa, Security technology, vulnerabilities

The ISO has decided not to approve two NSA-designed block encryption algorithms: Speck and Simon. It’s because the NSA is not trusted to put security ahead of surveillance: A number of them voiced their distrust in emails to one another, seen by Reuters, and in written comments that are part of the process. The suspicions … Read More “ISO Rejects NSA Encryption Algorithms” »

What the NSA Collects via 702

September 20, 2017 infossl

courts, datacollection, foia, nationalsecuritypolicy, nsa, privacy, Security technology, surveillance

New York Times reporter Charlie Savage writes about some bad statistics we’re all using: Among surveillance legal policy specialists, it is common to cite a set of statistics from an October 2011 opinion by Judge John Bates, then of the FISA Court, about the volume of internet communications the National Security Agency was collecting under … Read More “What the NSA Collects via 702” »

ShadowBrokers Releases NSA UNITEDRAKE Manual

September 8, 2017 infossl

exploits, hacking, implants, kaspersky, leaks, malware, nsa, Security technology, windows

The ShadowBrokers released the manual for UNITEDRAKE, a sophisticated NSA Trojan that targets Windows machines: Able to compromise Windows PCs running on XP, Windows Server 2003 and 2008, Vista, Windows 7 SP 1 and below, as well as Windows 8 and Windows Server 2012, the attack tool acts as a service to capture information. UNITEDRAKE, … Read More “ShadowBrokers Releases NSA UNITEDRAKE Manual” »

The NSA’s 2014 Media Engagement and Outreach Plan

August 30, 2017 infossl

intelligence, nsa, Security technology

Interesting post-Snowden reading, just declassified. (U) External Communication will address at least one of “fresh look” narratives: (U) NSA does not access everything. (U) NSA does not collect indiscriminately on U.S. Persons and foreign nationals. (U) NSA does not weaken encryption. (U) NSA has value to the nation. There’s lots more. Powered by WPeMatico

Splitting the NSA and US Cyber Command

August 3, 2017 infossl

nationalsecuritypolicy, nsa, Security technology

Rumor is that the Trump administration will separate the NSA and US Cyber Command. I have long thought this was a good idea. Here’s a good discussion of what it does and doesn’t mean. Powered by WPeMatico

NSA Collects MS Windows Error Information

August 1, 2017 infossl

espionage, hacking, incentives, microsoft, nsa, Security technology, vulnerabilities, windows, zeroday

Back in 2013, Der Spiegel reported that the NSA intercepts and collects Windows bug reports: One example of the sheer creativity with which the TAO spies approach their work can be seen in a hacking method they use that exploits the error-proneness of Microsoft’s Windows. Every user of the operating system is familiar with the … Read More “NSA Collects MS Windows Error Information” »

Zero-Day Vulnerabilities against Windows in the NSA Tools Released by the Shadow Brokers

July 28, 2017 infossl

exploits, microsoft, nsa, patching, russia, Security technology, vulnerabilities, windows, zeroday

In April, the Shadow Brokers — presumably Russia — released a batch of Windows exploits from what is presumably the NSA. Included in that release were eight different Windows vulnerabilities. Given a presumed theft date of the data as sometime between 2012 and 2013 — based on timestamps of the documents and the limited Windows … Read More “Zero-Day Vulnerabilities against Windows in the NSA Tools Released by the Shadow Brokers” »

More on the NSA’s Use of Traffic Shaping

July 12, 2017 infossl

academicpapers, authentication, eavesdropping, nsa, privacy, Security technology, surveillance, trafficanalysis

“Traffic shaping” — the practice of tricking data to flow through a particular route on the Internet so it can be more easily surveiled — is an NSA technique that has gotten much less attention than it deserves. It’s a powerful technique that allows an eavesdropper to get access to communications channels it would otherwise … Read More “More on the NSA’s Use of Traffic Shaping” »

Fighting Leakers at Apple

June 27, 2017 infossl

apple, intelligence, leaks, nsa, secrecy, Security technology

Apple is fighting its own battle against leakers, using people and tactics from the NSA. According to the hour-long presentation, Apple’s Global Security team employs an undisclosed number of investigators around the world to prevent information from reaching competitors, counterfeiters, and the press, as well as hunt down the source when leaks do occur. Some … Read More “Fighting Leakers at Apple” »