SANS Internet Storm Center, InfoCON: green: Tech tip follow-up: Using the data Invoked with R’s system command, (Fri, Jul 31st)

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

In follow up to yesterdays discussion re invoking OS commands with Rs system function, I wanted to show you just a bit of how straightforward it is to then use the resulting data.

After grabbing the Windowssecurity event log with a call to Log Parser and writing it out to CSV, you have numerous options driven by whats interesting to you.Perhaps youre interested in counts per Event ID to say what your Top 10 events are. The issue is, that Log Parser just grabbed all of the”>secevt – read.columns(security.csv,c(EventID,TimeWritten,EventTypeName,Message), sep=,)”>EventID, TimeWritten, EventTypeName, Message”>columns into a new data frame, the contents of which are stored in”>the other 11 columns are no longer cluttering to the in-memory data set. Want to count Event IDs?”>ct “> x freq
1 1108 734
2 4611 4
3 4616 1
4 4624 159
5 4634 49
6 4648 272
7 4656 2653
8 4658 1900
9 “>srt “>top10 “> x freq
22 4703 81437
9 4662 27602
7 4656 2653
8 4658 1900
16 4690 931
1 1108 734
14 4688 618
15 4689 617
35 4957 400
11 4664 “>Bam, fast and flexible. My security event log has 81,437 Event ID 4703 (A user right was adjusted)entries, these parsed quickly from 118,154 total entries (147MB local file).How about visualizations of that same data? Yep, it all starts with something as simple as”>Hopefully youre intrigued regarding options and available capabilities here. Feel free to comment or email me if youd like furtherinformation or resources with which”>|”>”>

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Lauren Weinstein's Blog: Windows 10’s New Feature Steals Your Internet Bandwidth

This post was syndicated from: Lauren Weinstein's Blog and was written by: Lauren. Original post: at Lauren Weinstein's Blog

A couple of days ago I discussed a number of privacy and other concerns with Microsoft’s new Windows 10, made available as a free upgrade for many existing MS users: Windows 10: A Potential Privacy Mess, and Worse: http://lauren.vortex.com/archive/001115.html The situation has only been getting worse since then. For example, it’s been noted that the Win10 setup sequence is rigged…

LWN.net: OpenSSL: License Agreements and Changes Are Coming

This post was syndicated from: LWN.net and was written by: n8willis. Original post: at LWN.net

At the OpenSSL blog, Rich Salz has announced
the project’s decision to migrate away from the “rather unique
and idiosyncratic
” OpenSSL license to the Apache 2.0 license.
In order to make the change in an upcoming release, though, the
project “will soon require almost every contributor to have a
signed a Contributor License Agreement (CLA) on file.

Individual and corporate versions of the CLA are posted; trivial
patches will evidently not trigger the need for the submitter to sign
and file an agreement. Salz closes by noting that more details are
still to come, since “there is a lot of grunt work needed to clean up the backlog and untangle all the years of work from the time when nobody paid much attention to this sort of detail.

LWN.net: Mozilla criticizes browser-selection change in Windows

This post was syndicated from: LWN.net and was written by: n8willis. Original post: at LWN.net

Mozilla has launched a multi-pronged campaign to challenge a recent
change in Windows that has the effect of overriding users’ choice of
Firefox as the default web browser. Mozilla CEO Chris Beard posted a
blog entry
outlining the problem as well as an open
letter
to Microsoft CEO Satya Nadella. The change apparently
landed with the recent Windows 10 release and, as Beard explains it,
while it is technically possible for people to preserve their
previous settings and defaults, the design of the new Windows 10
upgrade experience and user interface does not make this obvious nor
easy.
” Mozilla has also posted tutorials
and videos
to help users restore Firefox as their default browser.

Backblaze Blog | The Life of a Cloud Backup Company: Upgrading Your OS: Windows 10 Edition

This post was syndicated from: Backblaze Blog | The Life of a Cloud Backup Company and was written by: Yev. Original post: at Backblaze Blog | The Life of a Cloud Backup Company

blog-windows10

Thinking about upgrading to Windows 10? Anytime you upgrade your OS there are potential pitfalls. So before you start installing Windows 10 do the following to ensure a smooth upgrade!

Windows 10 was just released by Microsoft this week and we already have numerous Backblaze subscribers that have updated to the latest operating system from Microsoft. Just like with OS X updates, Backblaze has been ready for Windows 10 for a while. The latest Backblaze version for Windows (4.0.2.881) is Windows 10 ready and waiting for you to upgrade to the latest Windows OS. But before you do, make sure you’re putting yourself in the position to have a smooth transition.

OS Upgrade Best Practices

Before you update or do anything to an operating system we recommend doing the following two things:

  1. Make a full system backup or clone of your computer – While Backblaze has a copy of your data, the system files are not backed up. We strongly recommend that before doing any work on your OS you create a full system image or clone. That way, if something goes very wrong you’ll have a method of bringing your system back to normal. If you’re unsure of how to make a full system copy, you can take a look at our Complete Backup Guide, which has detailed instructions.
  2. Always back up your data – It’s important to have an off-site backup just in case something occurs during the new OS installation. If you’re using Backblaze, we’ve already got you covered. But as a general rule you should check to make sure you’re data is completely backed up before making any OS changes.

Updating Backblaze

Our latest Backblaze version is ready for Windows 10. Chances are you’re already using the latest and greatest version, but if you haven’t updated Backblaze in a while you can do so by:

  1. Right-clicking on the Backblaze icon and pressing “check for updates”.
  2. Going to https://secure.backblaze.com/update.htm and downloading the latest version!

So once your complete system backup is safe and secure with your clone and your data is offsite with Backblaze, you’re off to the races! It’s time to upgrade to the latest OS! You can upgrade your Windows OS by checking out Microsoft’s Windows 10 Upgrade site!

The post Upgrading Your OS: Windows 10 Edition appeared first on Backblaze Blog | The Life of a Cloud Backup Company.

Schneier on Security: Friday Squid Blogging: Russian Sailors Video Colossal Squid

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

It tried to steal their catch.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

TorrentFreak: BitTorrent Inventor Granted P2P Live Streaming Patent

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

bram-streamHoping to revolutionize live broadcasting on the Internet, Bram Cohen started working on a new protocol for live streaming video more than half a decade ago.

At the time BitTorrent was believed to be responsible for a third of all Internet traffic. However, streaming services were quickly gaining momentum.

The problem with streaming, live streaming in particular, are high latencies. It can sometimes take up to a minute before a “live” stream reaches the audience.

Cohen solved this problem with a new BitTorrent Live protocol that has a much lower latency while sharing the bandwidth costs among users. This allows anyone to stream to an audience of millions at minimal cost.

This week Bram Cohen’s patent for the live streaming patent was awarded (pdf). According to BitTorrent’s inventor, who still works at the company, his technology can shape the future of live broadcasts.

Two years ago BitTorrent Inc. first demoed the technology in a web-based player, but this project was later discontinued. The company is now working on a new release that will come in the form of a mobile application.

“We’re working on using the technology for a new application, focusing on mobile,” Cohen tells TF.

Mobile live streaming has taken off this year with the release of Periscope and Meerkat. Both apps allow users to start live streams instantly and Cohen says they could make good partners for BitTorrent Live.

“Periscope and Meerkat are applications which use live, where what we have is underlying technology. We may work with them in the future,” he notes.

That said, the true strength of BitTorrent Live becomes apparent when there is a huge audience, not just a few viewers. This means that it will excel at streaming major events such as sports games and breaking news.

“The amount of utility of BitTorrent Live is based on how many people are watching something simultaneously. Big events where everybody is watching the same thing at the same time, like sports, are the best applications,” Cohen tells us.

Since BitTorrent Live shares the distribution costs among viewers, the bandwidth investment for these streams will be minimal compared to current solutions. In addition, latency will also be much lower making these broadcasts ‘more live.’

“Ironically in addition to being much better on bandwidth costs BitTorrent Live also has much lower latency, five seconds instead of 30-60 seconds, which is bordering on tape delayed instead of live,” Cohen says.

Previously BitTorrent Inc. suggested that it could help Netflix to increase its performance. Not with BitTorrent Live, but with the standard BitTorrent streaming technology which will allow Netflix to offer higher quality streams for a fraction of the current costs.

It appears that Netflix realizes the power of BitTorrent-like streaming, as the company is currently working on its own P2P streaming technology.

Eventually Cohen believes that all streaming will go over the Internet, both live and pre-recorded. It is much cheaper than the cable approach, especially with BitTorrent under the hood.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and the best VPN services.

Schneier on Security: Schneier Speaking Schedule

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

I’m speaking at an Infoedge event at Bali Hai Golf Club in Las Vegas, at 5 PM on August 5, 2015.

I’m speaking at DefCon 23 on Friday, August 7, 2015.

I’m speaking — remotely via Skype — at LinuxCon in Seattle on August 18, 2015.

I’m speaking at CloudSec in Singapore on August 25, 2015.

I’m speaking at MindTheSec in São Paulo, Brazil on August 27, 2015.

I’m speaking on the future of privacy at a public seminar sponsored by the Institute for Future Studies, in Stockholm, Sweden on September 21, 2015.

I’m speaking at Next Generation Threats 2015 in Stockholm, Sweden on September 22, 2015.

I’m speaking at Next Generation Threats 2015 in Gothenburg, Sweden on September 23, 2015.

I’m speaking at Free and Safe in Cyberspace in Brussels on September 24, 2015.

I’ll be on a panel at Privacy. Security. Risk. 2015 in Las Vegas on September 30, 2015.

I’m speaking at the Privacy + Security Forum, October 21-23, 2015 at The Marvin Center in Washington, DC.

I’m speaking at the Boston Book Festival on October 24, 2015.

I’m speaking at the 4th Annual Cloud Security Congress EMEA in Berlin on November 17, 2015.

yovko.net: Смешен плач

This post was syndicated from: yovko.net and was written by: Йовко Ламбрев. Original post: at yovko.net

Заглавието е напълно достатъчно за коментарите, които последваха фалита на „Преса“ и „Тема“. И не искам да бъда груб, нито да злорадствам, но… Сериозно ли!? Някой е отишъл да работи в „Преса“, вярвайки че ще прави независим вестник и журналистика? При Тошо Тошев и Валерия Велева!?…

В интерес на истината, следва да призная, че и аз съм работил за гадове (и шефове, и клиенти), но… винаги съм го правил осъзнато – било заради колеги, екип или поети ангажименти и отговорност, и никога не съм се заблуждавал за рисковете, нито за това кой стои срещу мен.

Но споделям тъгата по журналистиката – такава, каквато трябва да бъде. Тя е мъртва, отдавна. Не от днес. И я убиха не само тези, които я упражняват по удобния за тях начин. Убиха я също и тези, които междувременно се правеха, че тях това не ги засяга. Същото е, като да пребиват някой в автобуса, а ти да се правиш, че гледаш през прозореца. Убиха я и тези, които ходят в студиата, редакциите и блоковете на журналисти, издания и предавания със съмнителна хигиена и авторитет. Убиха я и тези, които си купуват евтините и жълти парцали. Също и тези с интернет-сайтовете с гръмките заглавия, но и тези, които ги reshare-ват дори и само за забавление.

И не – възкресението на истинската и независима публицистика и журналистика няма да дойде от поредните нови медийни проекти, нови медийни „звезди“ или нови медийни могули, които евентуално еволюционно да очакваме някога да са една идея по-свестни. Нова и независима журналистика може да се роди само и единствено в Интернет, но не под нечия шапка и закрила, а подобно на дистрибутираните мрежи за съдържание, евентуално усилени от социални мрежи, където да няма единична точка за въздействие, чрез която да бъде притиснат автори, редактор, собственик или издател. Където пишещите трупат авторитет на база репутацията си като автори и експерти, а не като разказвачи или преразказвачи. Такива медии трябва да бъдат финансирани от тези, на които служат, а именно от читателите си, за което е нужна друга еволюция на нагласите, много различна от вредната култура на „безплатния Google“. В противен случай, ако това не стане, бъдещите „журналисти“ очевидно ще се прехранват с нещо друго. Което може и да не е толкова лошо – да бъдат експерти – инженери, икономисти, лекари, юристи, преподаватели… а „журналистиката“ да остане само призвание, втора проекция или аватар на тези, които истински и безкористно го умеят.

Предстои да видим… А междувременно нали не си правим илюзиите, че призраците на фалиралите и други техни реинкарнации няма да се прераждат неколкократно и в Интернет, правейки същото, което и досега. И дори още по-лошо. Пазете се от тях! Не им помагайте! И не се правете на изненадани… Някак е тъпо да те вкарват в един и същ капан няколко пъти.

Оригинален линк: “Смешен плач” – Някои права запазени

SANS Internet Storm Center, InfoCON: green: froxlor Server Management Portal severe security issue, (Fri, Jul 31st)

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

The froxlor Server Management Panel islightweight server management software. Your Handler on Duty was unaware of foxlor, if diary readers are users, feel free to comment or email regarding your user experience and past security issues.

Per froxlor:”>|”>@holisticinfosec

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

SANS Internet Storm Center, InfoCON: green: Cisco Security Advisory: Cisco ASR 1000 (Aggregation Services Routers) Fragmented Packet DOS Vuln: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150730-asr1k, (Fri, Jul 31st)

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Schneier on Security: HAMMERTOSS: New Russian Malware

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

Fireeye has a detailed report of a sophisticated piece of Russian malware: HAMMERTOSS. It uses some clever techniques to hide:

The Hammertoss backdoor malware looks for a different Twitter handle each day — automatically prompted by a list generated by the tool — to get its instructions. If the handle it’s looking for is not registered that day, it merely returns the next day and checks for the Twitter handle designated for that day. If the account is active, Hammertoss searches for a tweet with a URL and hashtag, and then visits the URL.

That’s where a legit-looking image is grabbed and then opened by Hammertoss: the image contains encrypted instructions, which Hammertoss decrypts. The commands, which include instructions for obtaining files from the victim’s network, typically then lead the malware to send that stolen information to a cloud-based storage service.

Another article. Reddit thread.

LWN.net: A leadership change at FFmpeg

This post was syndicated from: LWN.net and was written by: corbet. Original post: at LWN.net

FFmpeg leader Michael Niedermayer has announced his departure from the project. “I hope my resignation will make it easier for the teams to find back
together and avoid a more complete split which would otherwise be
the result sooner or later as the trees diverge and merging all
improvements becomes too difficult for me to do.

LWN.net: Friday’s security updates

This post was syndicated from: LWN.net and was written by: n8willis. Original post: at LWN.net

CentOS has updated java-1.6.0-openjdk (C5; C7: multiple vulnerabilities).

Debian has updated openafs
(multiple vulnerabilities) and xmltooling (denial of service).

Fedora has updated libuser
(F22: multiple vulnerabilities), openssh (F22: authentication limits bypass; F22: improper output filtering), and xrdp (F22: denial of service).

Mageia has updated groovy
(M4, M5: code execution).

openSUSE has updated bind (11.4:
multiple vulnerabilities) and openldap2 (13.1, 13.2: multiple vulnerabilities).

Oracle has updated java-1.6.0-openjdk (O6; O7: ).

Red Hat has updated java-1.6.0-openjdk (multiple vulnerabilities).

Scientific Linux has updated openafs (multiple vulnerabilities).

SUSE has updated bind
(SLES 10: denial of service), java-1_7_0-openjdk (SLE 11;
SLE 12: multiple vulnerabilities), java-1_7_1-ibm (SLE 11; SLE 12: multiple vulnerabilities),
and kernel (SLE 12: multiple vulnerabilities).

Ubuntu has updated hplip
(12.04, 14.04, 15.04: man-in-the-middle attack), kernel (14.04: multiple vulnerabilities), linux-lts-trusty (12.04: multiple vulnerabilities), and sqlite3 (12.04, 14.04, 15.04: multiple vulnerabilities).

TorrentFreak: Rapid Pirate Site Blocking Mechanism Introduced By Portugal

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

stopstopThere can be little doubt that one of the most-favored anti-piracy mechanisms of the past several years is that of site-blocking. Rather than tackling sites head on with expensive legal action, rightsholders have domains blocked at the ISP level with the aim of diminishing ease of access and reducing direct traffic.

The strategy is mainly employed around Europe, with the UK standing out as the clear front-runner. Hundreds of domains are now blocked there by local ISPs after several High Court injunctions. Now Portugal has joined the club with a new system that not only aims to speed up the blocking process, but one that could put the UK quickly in the shade.

This week the Ministry of Culture announced the signing of a memorandum between its own General Inspection of Cultural Activities (IGAC), the Portuguese Association of Telecommunication Operators (APRITEL), various rightsholder groups, the body responsible for administering Portugal’s .PT domain and representatives from the advertising industry.

The memorandum lays out a new mechanism for blocking so-called ‘pirate’ sites. In common with similar frameworks elsewhere, the process is initiated by a complaint from a rightsholder association. Local anti-piracy group MAPINET then collates evidence that a site is engaged in the unlawful distribution of copyright works and has failed to cease its activities.

MAPINET subsequently forwards its complaints to the Ministry of Culture where the General Inspection of Cultural Activities (IGAC) conducts an assessment and notifies local Internet service providers of the sites being targeted.

According to reports in local media, the system will target sites with more than 500 allegedly infringing links and those whose indexes contain more than 66% infringing content.

Only two complaints can be filed against pirate sites each month. However, each complaint can contain 50 websites, meaning that 100 sites could become blocked every month. Visitors to those sites will receive a notice in their browser advising them that the site has been blocked.

The memorandum is expected to come into force during the next two weeks so sites could be blocked as early as September.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and the best VPN services.

[Медийно право] [Нели Огнянова] : Има ли нужда БНР от посредници до аудиторията си

This post was syndicated from: [Медийно право] [Нели Огнянова] and was written by: nellyo. Original post: at [Медийно право] [Нели Огнянова]

Вече стана дума за петте програми, които се появиха на сайта на БНР с марката Digital radio. Въпросът е какъв е интересът на българското обществено радио  да плати за програми с търговска марка Digital radio, за да ги включи в програмите на сайта си. Защо едно обществено радио с 1450 души, музикални състави от най-висок клас и златен фонд  плаща на външно търговско дружество за тези пет музикални програми Smooth, Rock, DJ, Pop и Hip-Hop.

Вече стана дума за това, че общественото радио има уникални функции и уникална мисия и не всичко, което някой   предлага да се качи на сайта на БНР, е допустимо и законно да се финансира с публичен ресурс. Според журналисти на заседанието на СЕМ в четвъртък генералният директор на БНР попитал къде пише – ако наистина е възникнал  такъв въпрос – ето тук : Съобщение на ЕК, основано на договорите и практиката на Съда на ЕС.

Вече стана дума за това, че БНР носи редакционна отговорност и трябва да има пълен контрол върху съдържанието, достъпно чрез сайта му.

Вече стана дума, че не се обсъжда технически въпрос – един плейър, едни стриймове – а програмна политика (5 от обявените 22 програми на общественото радио, според съобщението на сайта на БНР). От което следва, че не може решения от подобен тип да се вземат неизвестно на какви нива или еднолично.

Но сега за друго. Радиото получава публичен ресурс,  за да информира, но също и да се  развива като основен български културен институт. За какво плаща БНР на частно дружество: за стрийминг и за търговска марка, казва Мартин Захариев (Клубът на журналистите, БНР, водещ Ирен Филева).

Какво се оказва:   БНР, основен български културен институт,  става  един от клиентите на частно дружество и марката на това дружество се появява върху музикалните програми на сайта на  общественото радио.  Какъв е общественият интерес  да се сключва договор, по силата  на който на изхода на БНР (ако предположим, че правата за стрийминг на произведенията са на БНР – което е отделен въпрос, подлежащ на проверка)  се появява посредник към аудиторията?

Наистина ли няма кой в БНР да се занимае със стриймването, та да се налага да се възлага на колеги – директори/бивши директори/собственици на радиа от частния сектор? Наистина ли? След опита от Бинар? И не, не е убедителна тезата за цената, когато говорим за цифровото бъдеще на радиото.

Наистина ли тези програми вече се предлагат на телекоми и на всеки, който ги желае, срещу заплащане,  под марката на частно дружество? Наистина ли?  Офертите са на пазара  –  в каталозите на телекомите. Това казват и  прессъобщенията на частното дружество – партньор на БНР:

Каталог на Виваком, 2015:

digital radio  vivacom 2015

digital radio mtel 2015

Мтел предлага “иновативното радио” срещу  1.20 лв месечно.

*

Въпросът е принципен.  Да се коментират имена, лица, кой за избирането на кого като какъв е гласувал като депутат,  кой идва от частния сектор и  кой какво общо има с какво – има смисъл, но е друга тема.

Съветът за електронни медии на две заседания се занимава с петте програми.

Очаква се Съветът да излезе с позиция по случая.

Schneier on Security: Back Doors Won’t Solve Comey’s Going Dark Problem

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

At the Aspen Security Forum two weeks ago, James Comey (and others) explicitly talked about the “going dark” problem, describing the specific scenario they are concerned about. Maybe others have heard the scenario before, but it was a first for me. It’s centers around ISIL operatives abroad and ISIL-inspired terrorists here in the US. The FBI knows who the Americans are, can get a court order to carry out surveillance on their communications, but cannot eavesdrop on the conversations because they are encrypted. They can get the metadata, so they know who is talking to who, but they can’t find out what’s being said.

“ISIL’s M.O. is to broadcast on Twitter, get people to follow them, then move them to Twitter Direct Messaging” to evaluate if they are a legitimate recruit, he said. “Then they’ll move them to an encrypted mobile-messaging app so they go dark to us.”

[…]

The FBI can get court-approved access to Twitter exchanges, but not to encrypted communication, Comey said. Even when the FBI demonstrates probable cause and gets a judicial order to intercept that communication, it cannot break the encryption for technological reasons, according to Comey.

If this is what Comey and the FBI is actually concerned about, they’re getting bad advice — because their proposed solution won’t solve the problem. Comey wants communications companies to give them the capability to eavesdrop on conversations without the conversants’ knowledge or consent; that’s the “back door” we’re all talking about. But the problem isn’t that most encrypted communications platforms are security encrypted, or even that some are — the problem is that there exists at least one securely encrypted communications platform on the planet that ISIL can use.

Imagine that Comey got what he wanted. Imagine that iMessage and Facebook and Skype and everything else US-made had his back door. The ISIL operative would tell his potential recruit to use something else, something secure and non-US-made. Maybe an encryption program from Finland, or Switzerland, or Brazil. Maybe Mujahedeen Secrets. Maybe anything. (Sure, some of these will have flaws, and they’ll be identifiable by their metadata, but the FBI already has the metadata, and the better software will rise to the top.) As long as there is something that the ISIL operative can move them to, some software that the American can download and install on their phone or computer, or hardware that they can buy from abroad, the FBI still won’t be able to eavesdrop.

And by pushing these ISIL operatives to non-US platforms, they lose access to the metadata they otherwise have.

Convincing US companies to install back doors isn’t enough; in order to solve this going dark problem the FBI has to ensure that an American can only use back-doored software. And the only way to do that is to prohibit the use of non-back-doored software, which is the sort of thing that the UK’s David Cameron said he wanted for his country in January:

But the question is are we going to allow a means of communications which it simply isn’t possible to read. My answer to that question is: no, we must not.

And that, of course, is impossible. Jonathan Zittrain explained why. And Cory Doctorow outlined what trying would entail:

For David Cameron’s proposal to work, he will need to stop Britons from installing software that comes from software creators who are out of his jurisdiction. The very best in secure communications are already free/open source projects, maintained by thousands of independent programmers around the world. They are widely available, and thanks to things like cryptographic signing, it is possible to download these packages from any server in the world (not just big ones like Github) and verify, with a very high degree of confidence, that the software you’ve downloaded hasn’t been tampered with.

[…]

This, then, is what David Cameron is proposing:

* All Britons’ communications must be easy for criminals, voyeurs and foreign spies to intercept.

* Any firms within reach of the UK government must be banned from producing secure software.

* All major code repositories, such as Github and Sourceforge, must be blocked.

* Search engines must not answer queries about web-pages that carry secure software.

* Virtually all academic security work in the UK must cease — security research must only take place in proprietary research environments where there is no onus to publish one’s findings, such as industry R&D and the security services.

* All packets in and out of the country, and within the country, must be subject to Chinese-style deep-packet inspection and any packets that appear to originate from secure software must be dropped.

* Existing walled gardens (like IOs and games consoles) must be ordered to ban their users from installing secure software.

* Anyone visiting the country from abroad must have their smartphones held at the border until they leave.

* Proprietary operating system vendors (Microsoft and Apple) must be ordered to redesign their operating systems as walled gardens that only allow users to run software from an app store, which will not sell or give secure software to Britons.

* Free/open source operating systems — that power the energy, banking, ecommerce, and infrastructure sectors — must be banned outright.

As extreme as it reads, without all of that the ISIL operative will be able to communicate securely with his potential American recruit. And all of this is not going to happen.

Last week, former NSA director Mike McConnell, former DHS secretary Michael Chertoff, and former deputy defense secretary William Lynn published a Washington Post op ed opposing back doors in encryption software. They wrote:

Today, with almost everyone carrying a networked device on his or her person, ubiquitous encryption provides essential security. If law enforcement and intelligence organizations face a future without assured access to encrypted communications, they will develop technologies and techniques to meet their legitimate mission goals.

I believe this is true. Already one is being talked about in the academic literature: lawful hacking.

Perhaps the FBI’s reluctance to accept this is based on their belief that all encryption software comes from the US, and therefor is under their influence. Back in the 1990s, during the First Crypto Wars, the US government had a similar belief. To convince them otherwise, George Washington University surveyed the cryptography market in 1999 and found that there were over 500 companies in 70 countries manufacturing or distributing non-US cryptography products. Maybe we need a similar study today.

This essay previously appeared on Lawfare.

TorrentFreak: Kim Dotcom & Mega Trade Barbs Over Hostile Takeover Claims

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

mega_logoFor the past several years, Kim Dotcom has been the most vocal supporter of Mega.co.nz, the cloud storage site he helped launch in 2013. Two and a half years later, something has gone very sour.

In a Q&A session with Slashdot this week, Dotcom told surprised readers that Mega was to be avoided.

“I’m not involved in Mega anymore. Neither in a managing nor in a shareholder capacity. The company has suffered from a hostile takeover by a Chinese investor who is wanted in China for fraud. He used a number of straw-men and businesses to accumulate more and more Mega shares,” Dotcom explained.

“Recently his shares have been seized by the [New Zealand] government. Which means the NZ government is in control.”

Intrigued, Dotcom spoke with Kim Dotcom to find out more about his allegations.

“Mega has experienced a hostile takeover and is no longer in the control of people who care about Internet Freedom. The New Zealand Government and Hollywood have seized a significant share of the company,” Dotcom told TorrentFreak.

“The combined shares seized by the NZ government and Hollywood were significant enough to stop our listing on the New Zealand stock exchange. On the one side Hollywood seized Mega shares of a family trust that was created for the benefit of my children and on the other side Hollywood was lobbying US Senators and credit card companies to stop payment processing for Mega.”

Dotcom says that the efforts of the NZ government and Hollywood meant that Mega couldn’t raise the capital required from the stock market to carry out its business plan. Furthermore, attacks on its abilities to process payments have now “dried up” the company’s cash flow.

“As a result Mega has been forced into bankruptcy territory and recently had to raise new capital at an insanely low valuation of NZD 10 million,” Dotcom says.

“This company was worth over 200 million before the NZ government and Hollywood launched their combined effort to destroy Mega. I have always said that this is a political case and the systematic sabotage of Mega is further proof of that.”

All of this leads Dotcom to the conclusion that Mega is no longer a safe site to use.

“As a result of this and a number of other confidential issues I don’t trust Mega anymore. I don’t think your data is safe on Mega anymore. But my non-compete clause is running out at the end of the year and I will create a Mega competitor that is completely open source and non-profit, similar to the Wikipedia model,” Dotcom says.

“I want to give everyone free, unlimited and encrypted cloud storage with the help of donations from the community to keep things going.”

Mega bites back

With shots fired, TorrentFreak spoke with Mega CEO Graham Gaylard and CCO Stephen Hall. Needless to say, they see things quite differently.

“Mega is a New Zealand company privately owned by 17 local and international investors, whose identities are publicly disclosed on the New Zealand Government’s Companies Office website,” Mega told TF.

“Like all start-up companies, Mega has had several rounds of equity investment. More than 75% of shareholders have supported recent equity issues, so there has not been any ‘hostile takeover’, contrary to Mr Dotcom’s assertion. Those shareholders who have decided not to subscribe to recent issues have been diluted accordingly. That has been their choice.”

Turning to the 6% shareholding held by the Dotcom family trust (which is controlled by Mr Dotcom’s estranged wife and is currently subject to a High Court freezing order following a 2014 application by five Hollywood film studios), Mega says there is no cause for alarm.

“That is a matter for the Dotcom family trust and does not concern Mega. The authorities responsible for maintaining the order have not opposed or interfered in any of Mega’s operations,” the company explains.

“Two other shareholdings totaling 7% are subject to a separate restraint ordered by the New Zealand High Court in August 2014. That is also a matter for that investor and does not concern Mega. Mega is not a party to either of the above court proceedings.”

Turning to Kim Dotcom’s claims that Mega is no longer in the hands of people who care about privacy, Mega told TF that isn’t the case.

“Mega continues to be managed by its executive team, supported by a Board of Directors and shareholders, who all care deeply about Internet freedom and privacy and are passionate about supporting Mega’s user-controlled encryption for cloud storage and communication services,” the company says.

Turning to Dotcom himself, the cloud storage site gave its clearest statement yet on its relationship with the German. Mega says that while Dotcom was a co-founder of their operation he was not involved in the design and implementation of Mega technology, resigned as a director in 2013 and has had no managerial role since. Additionally, Mega says that Dotcom has not received any payments or renumeration from the company.

“Mega disagrees with a number of Mr Dotcom’s public comments,” Mega adds.

Turning to the security of Mega itself, the company says that the full source for its client-side software SDK is available on Github and the source for its MEGAsync and mobile applications will be published in due course.

“Mega’s encryption code has been examined by various international experts including the Spanish National Cybersecurity Institute without any flaws being found,” the company says.

In closing, Mega issued a statement which indicates a collapse in relations with their co-founder.

“Mega views Mr Dotcom’s defamatory comments as self-serving and designed simply to [promote] his supposed new business venture,” Mega says.

“They are inconsistent with his previous desire to ensure that the shareholding in Mega remains a valuable asset for his children and reflect just how completely Mr Dotcom and Mega have now moved apart if he can make such an unwarranted and irresponsible, defamatory attack,” the company concludes.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and the best VPN services.

SANS Internet Storm Center, InfoCON: green: ISC StormCast for Friday, July 31st 2015 http://isc.sans.edu/podcastdetail.html?id=4593, (Fri, Jul 31st)

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

SANS Internet Storm Center, InfoCON: green: Tech tip: Invoke a system command in R, (Fri, Jul 31st)

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

I spend a lot of time using R, theprogramming language and software environment for statistical computing and graphics. Its incredibly useful for visualization and analysis, consider Data-Driven Security as a great starting point and reference, along with this article,if youre further interested.

One of my recent discoveries (I”>system toinvoke”>system, in two lines I can call Log Parser, pull the Windows security event log, write it to CSV, and create a data frame out of it that I can then do any number of other cool things with. Note: to pull the Windows security event log you need to be running with elevated privilege and need to run R as admin for this example scenario.

In short:

Set a working directory:”>setwd(D:/coding/R/EventVizWork)
Call Log Parser with system:”>system(logparser Select * into security.csv from Security -i:evt -o:csv)

Statistics:
———–
Elements processed: 112155
Elements output: 112155
Execution time: 26.80 seconds

Read the results into a data frame:”>secevtlog – read.csv(security.csv)

Tomorrow I”>|”>@holisticinfosec

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

xkcd.com: Vet

This post was syndicated from: xkcd.com and was written by: xkcd.com. Original post: at xkcd.com

It's probably for the best. Since Roombas are native to North America, it's illegal for Americans to keep them in their houses under the Migratory Bird Treaty Act.

LWN.net: DebConf15 schedule and featured speakers announced

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

Debconf15, which will be held in Heidelberg, Germany August 15-23, has announced its schedule as well as four featured speakers: Allison Randal, President, Open Source Initiative and Distinguished
Technologist, HP; Peter Eckersly, Chief Computer Scientist, Electronic Frontier Foundation; John Sullivan, Executive Director, Free Software Foundation; and Jon ‘maddog’ Hall, Executive Director, Linux International. “The DebConf content team is pleased to announce the schedule of
DebConf15, the forthcoming Debian Developers Conference. From a total of
nearly 100 talk submissions, the team selected 75 talks. Due to the high
number of submissions, several talks had to be shortened to 20 minute
slots, of which a total of 30 talks have made it to the schedule.

In addition, around 50 meetings and discussions (BoFs) have been
organized so far, as well as several other events like lightning talk
sessions, live demos, a movie screening, a poetry night or stand-up
comedy.”

Grigor Gatchev - A Weblog: Лекари и пациенти

This post was syndicated from: Grigor Gatchev - A Weblog and was written by: Григор. Original post: at Grigor Gatchev - A Weblog

Преди към две седмици в медиите излезе съобщение за смъртта на д-р Илко Иларионов. Ръководител на кожното отделение в Пета градска, след закриването му той получава депресивен пристъп и влиза в болницата в Курило. Там бива пребит жестоко и умира в болница, без да дойде в съзнание. Съгласно съобщенията – от агресивен пациент.

Само че това нека го разправят на някой друг.

Илко ми беше състудент и добър приятел. Висок почти точно 2 метра, плещест, невероятно пъргав и силен физически. Страшно малко хора биха могли да го пребият до смърт. Ако някой от тези хора е агресивен луд, с абсолютна сигурност ще бъде държан при особено строги условия – иначе животът на персонала в болницата няма да струва пукната пара. Нещо повече – депресивно болните обикновено са много тихи и кротки и не дразнят дори най-буйните и агресивните. Дори само дотук съобщеното вече звучи подозрително.

А то е само началото. Илко е бил упоен с лекарства, вързан за стол и бит с желязна тръба до строшаване на черепа и гръбнака… В коя психиатрична болница агресивни луди, способни да пребият до смърт двуметров юначага и охотно нападащи лекари, имат достъп до железни тръби и въжета? И до упояващи лекарства?! Да виждате в окото ми атомна подводница? Пардон, флотилия от един милион атомни подводници?

Струва ми се далеч по-вероятна новината, която излезе най-отначало, и после заизчезва оттук-оттам. Че шефката на болницата в Курило е казала, че той е бил пребит от трима души от персонала. Така вече нещата се връзват – численото превъзходство, разполагането с упояващи лекарства и средства за връзване и пребиване…

Не се връзва единствено представата ни за болничен персонал. Нещо в нас отказва да приеме, че в болниците, където един ден ще лекуват нас, може да има подобни изверги… Но истината е, че ги има. Извергите, които обичат да пребиват хора за удоволствие, много често търсят работа на точно такива места. Там, където жертвите им са беззащитни и безправни, и престъпленията им остават незабелязани, неразследвани и ненаказани. В арести, в затвори, в изтрезвители, в психиатрични заведения.

Затова и дотук случилото се не ме изненадва. Смайва ме обаче нещо друго – как всички се хвърлиха да прикриват престъпниците. То вече означава, че безнаказаното биячество се поощрява и протектира от най-горе. С някаква зловеща цел или просто от безхаберие – няма значение, ефектът е все същият.

Сигурно мислите, че нормалните лекари в болницата не биха търпели подобни колеги? Според мен грешите. Онзи ден се случи случка, която го демонстрира чудесно.

По новините показаха репортаж как пред „Пирогов“ припаднал гражданин. Как хората наоколо се опитали да извикат групичката лекари, застанали пред входа на болницата, които при тази гледка моментално се прибрали вътре. Как един от присъстващите влязъл в болницата и в продължение на половин час търсил вътре лекар, който да излезе и да окаже помощ. И когато най-сетне намерил, вече било късно – припадналият издържал двайсетина минути и даже идвал в съзнание веднъж-два пъти за по минута-две, но не могъл да дочака.

Когато видях новината, първата ми мисъл беше, че тъпи репортери демонизират лекарите. Новината обаче продължи в интервю с шефа на спешното отделение д-р Стоян Сопотенски. Който заяви с доста емоция, че това не отговаряло на истината. Лекари били изпратени веднага да се погрижат за пациента, а пък хората там ги били посрещнали с „Малко ви бият!“…

Това ме сепна. Кога хората посрещат лекар с „Малко ви бият“, рискувайки да го ядосат и да не помогне на болния? Когато идва навреме? Когато се държи професионално? Когато не е закъснял окончателно?… Защо ли имам чувството, че уважаемият шеф на спешно отделение си призна, без да иска, че хората от репортажа са казали истината?… Винаги съм беснеел от незачитането и неуважението, което някои пациенти имат към лекарите. Но след тези случай се чудя как все още се случва да не ги бият. Дали няма скоро да почнат да чуват „Малко ви стрелят“. А после и не само да го чуват.

Защо все още не сме стигнали дотам знаем – все още наоколо има и лекари, които отчаяно се опитват да помогнат на болните. Под подигравките на тези свои колеги, за които грижата за болния е наивност и глупост, а медицината – начин да изнудваш беззащитните пациенти за пари. И когато ти ги дадат, пак да не направиш нищо за тях. (Установено на гърба на друг мой добър приятел, който в момента умира пък от рак.)

Вероятно скоро свестните лекари ще бъдат стреляни наравно с боклуците – отчаянието и гневът не подбират. И ще се оплакват, че не са го заслужили. Без да разбират, че са – с търпението си към онези „колеги“, които са им докарали това отношение на главата. Ще проклинат, ще обясняват колко неблагодарни са пациентите, и всякак ще търсят кой им е срал в гащите. И това ще връща живота на пребитите и застреляните сред тях колкото се връща животът на погубените от убийците в престилки. Ето така на сметката на тези изроди накрая ще се впишат не само пациентите им, но и колегите им. А после ще са виновни циганите, агентите на империализма или неизвестно кой – така сме свикнали…

Не е прав дядо Петко Славейков. Не сме мърша. Толкова има да се облагородяваме и оправяме, додето влезем в категорията „мърша“, че не мога да си представя и внуците ми да го доживеят. С ужас разбирам, че битката ми за една по-добра България е изгубена, че съм победен. Че напразно останах тук след промените, вместо да забягна нанякъде…

Да, сред този народ все още има може би около петдесетина хиляди, които заслужават да бъдат признати за хора и уважавани. Които се опитват да вършат и сеят добро, с надеждата, че това ще промени другите… То добре, ама колко доброволческо чистене на реки и плажове е нужно, за да просветли и разкае убийците на Илко? Или да опомни и размърда убийците от „Пирогов“, които се скриха, да не би да се наложи да помогнат на някого и така да си развалят рахатя?

(Преди мъничко чух още една скорошна новина. Как пациент в спешно състояние постъпва в не разбрах коя болница, откъдето го изгонват, понеже не е здравно осигурен, и той умира. Още не съм проверил подробностите и верността на това, затова не смея да го дам като пример. Но мисля, че не е трудно да се провери. Дано да излезе невярно. Най-малкото защото не е просто нарушение на закона, който постановява, че спешни случаи се лекуват дори ако не са осигурени. Защото е вид предумишлено убийство, и ако бъде оставено безнаказано, е сигнал към всеки нормален човек в България да се маха оттук колкото може по-далеч и да не се връща никога повече…)

Защо в България се случва това? Отговора вече го знаем всички – защото търпим. Докога ще се случва? И този отговор го знаем всички – докогато търпим. Така че нека никой не се лъже, че са ни виновни КГБ, ЦРУ, МОСАД, марсианците, рептилите и билдербергите. Виновни сме си ние – единствено, само, точно ние.

И това да ни морят по болници и пред болници е просто това, което сме си заслужили.

LWN.net: Oracle Linux 6.7 released

This post was syndicated from: LWN.net and was written by: ris. Original post: at LWN.net

Oracle has announced
the release
of Oracle Linux 6.7. As usual this release features both a
Red Hat compatible kernel and Oracle’s enterprise kernel. Some notable
features include Open Security Content Automation Protocol (OpenSCAP),
including the oscap utility for enhanced security auditing and
compliance, Load Balancing and High Availability with Keepalived and
HAProxy, supported under Oracle Linux Premier Support subscriptions,
Enhanced SSSD support for Active Directory, and more.
See the release
notes
for details.

Schneier on Security: Comparing the Security Practices of Experts and Non-Experts

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

New paper: “‘…no one can hack my mind': Comparing Expert and Non-Expert Security Practices,” by Iulia Ion, Rob Reeder, and Sunny Consolvo.

Abstract: The state of advice given to people today on how to stay safe online has plenty of room for improvement. Too many things are asked of them, which may be unrealistic, time consuming, or not really worth the effort. To improve the security advice, our community must find out what practices people use and what recommendations, if messaged well, are likely to bring the highest benefit while being realistic to ask of people. In this paper, we present the results of a study which aims to identify which practices people do that they consider most important at protecting their security on-line. We compare self-reported security practices of non-experts to those of security experts (i.e., participants who reported having five or more years of experience working in computer security). We report on the results of two online surveys — ­one with 231 security experts and one with 294 MTurk participants­ — on what the practices and attitudes of each group are. Our findings show a discrepancy between the security practices that experts and non-experts report taking. For instance, while experts most frequently report installing software updates, using two-factor authentication and using a password manager to stay safe online, non-experts report using antivirus software, visiting only known websites, and changing passwords frequently.