What the Yahoo NSA might’ve looked for

The vague story about Yahoo searching emails for the NSA was cleared up today with various stories from other outlets [1]. It seems clear a FISA court order was used to compel Yahoo to search all their customer's email for a pattern (or patterns). But there's an important detail still missing: what specifically were they searching for? In this post, I give an example.

The NYTimes article explains the search thusly:
Investigators had learned that agents of the foreign terrorist organization were communicating using Yahoo’s email service and with a method that involved a “highly unique” identifier or signature, but the investigators did not know which specific email accounts those agents were using, the officials said.
What they are likely referring it is software like "Mujahideen Secrets", which terrorists have been using for about a decade to encrypt messages. It includes a unique fingerprint/signature that can easily be searched for, as shown below.

In the screenshot below, I use this software to type in a secret message:


I then hit the "encrypt" button, and get the following, a chunk of random looking text:


This software encrypts, but does not send/receive messages. You have to do that manually yourself. Continue reading

A Unikernel eBook from O’Reilly

eBook Cover

I am pleased to announce that my FREE unikernel eBook is now available from O’Reilly.

I have been giving talks about unikernels for the past 2 years at conferences throughout North America. This eBook is my attempt to present most of the information from these talks in a written form. It is not a technical HowTo book, but rather an introduction to the basic concept of unikernels and an explanation of their value.

I hope this eBook will be a useful tool for introducing people to the whys and wherefores of unikernels.

You can download your copy here: http://www.oreilly.com/webops-perf/free/unikernels.csp

Yahoo’s secret email scans helped the FBI probe terrorists

What Yahoo was looking for with its alleged email scanning program may have been signs of code used by a foreign terrorist group. The company was searching for a digital "signature" of a communication method used by a state-sponsored terrorist group, according to a new report from The New York Times that provided more details on Yahoo's email scanning.  The report on Wednesday report didn't identify the signature or say if it involved any cryptographic computer code. But the article said it was the U.S. Department of Justice, and not the National Security Agency, that had obtained a court order forcing Yahoo to comply. A Reuters report on Tuesday wasn't clear about what agencies were involved in the probe.To read this article in full or to leave a comment, please click here

Yahoo’s secret email scans helped the FBI probe terrorists

What Yahoo was looking for with its alleged email scanning program may have been signs of code used by a foreign terrorist group. The company was searching for a digital "signature" of a communication method used by a state-sponsored terrorist group, according to a new report from The New York Times that provided more details on Yahoo's email scanning.  The report on Wednesday report didn't identify the signature or say if it involved any cryptographic computer code. But the article said it was the U.S. Department of Justice, and not the National Security Agency, that had obtained a court order forcing Yahoo to comply. A Reuters report on Tuesday wasn't clear about what agencies were involved in the probe.To read this article in full or to leave a comment, please click here

Phishing still fools people, but at least more are cautious

While people still have a really hard time telling the difference between legit and phishing emails, at least there is enough awareness of the phishing threat that many people will err on the side of caution when it comes to clicking on links.This was one finding from Carnegie Mellon University's CyLab in a study titled "Quantifying Phishing Susceptibility for Detection and Behavior Decisions" that published recently in the journal Human Factors.MORE: New tech can help catch spearphishing attacksTo read this article in full or to leave a comment, please click here

Phishing still fools people, but at least more are cautious

While people still have a really hard time telling the difference between legit and phishing emails, at least there is enough awareness of the phishing threat that many people will err on the side of caution when it comes to clicking on links.This was one finding from Carnegie Mellon University's CyLab in a study titled "Quantifying Phishing Susceptibility for Detection and Behavior Decisions" that published recently in the journal Human Factors.MORE: New tech can help catch spearphishing attacksTo read this article in full or to leave a comment, please click here

Nokia buys small semiconductor company to land 5G tech

A small semiconductor company based in Cambridge, Mass., was acquired today by Nokia, in a move to make the Finnish giant’s base station technology more energy-efficient.Eta Devices’ technology and institutional expertise appear to be at the heart of the acquisition, for which terms and pricing were not disclosed. Eta has 20 employees, located in Cambridge and at an R&D office in Stockholm, Sweden.+ALSO ON NETWORK WORLD: Satya Nadella's comp package slips 3% to $17.7M + Happy 25th once again to Linux, 'the little OS that definitely could'To read this article in full or to leave a comment, please click here

Nokia buys small semiconductor company to land 5G tech

A small semiconductor company based in Cambridge, Mass., was acquired today by Nokia, in a move to make the Finnish giant’s base station technology more energy-efficient.Eta Devices’ technology and institutional expertise appear to be at the heart of the acquisition, for which terms and pricing were not disclosed. Eta has 20 employees, located in Cambridge and at an R&D office in Stockholm, Sweden.+ALSO ON NETWORK WORLD: Satya Nadella's comp package slips 3% to $17.7M + Happy 25th once again to Linux, 'the little OS that definitely could'To read this article in full or to leave a comment, please click here

Accelerating Slow Databases That Wear People Down

Todd Mostak, the creator of the MapD GPU-accelerated database and visualization system, made that database because he was a frustrated user of other database technologies, and as a user, he is adamant that accelerating databases and making visualization of queried data is about more than just being a speed freak.

“Analytics is ultimately a creative exercise,” Mostak tells The Next Platform during a conversation that was supposed to be about benchmark results but that, as often happens here, wandered far and wide. “Analysts start from some place, and where they go is a function of the resources that are

Accelerating Slow Databases That Wear People Down was written by Timothy Prickett Morgan at The Next Platform.

IDG Contributor Network: Daisy-chaining APIs makes serverless sense

Enterprise and startups are moving to cloud-based infrastructure to create an API-enabled value chain for new products and workflows. With this has emerged the idea of serverless infrastructure: running functions and applications completely in cloud-based servers where the hosting provider handles all of the sysadmin requirements.This is a new frontier in how business is leveraging cloud, and it is set to explode, especially amongst system integrators and consultants, as more data from sensors and machines are incorporated and as traditional businesses move even more of their IT infrastructure to the cloud.But to take advantage of this opportunity, businesses need to have their services and data accessible via application programming interfaces (API), which for most businesses is still just an emerging trend.To read this article in full or to leave a comment, please click here

AT&T jumps into SD-WAN market; partners with IBM

AT&T today jumped headfirst into the fast-growing software-defined Wide Area Network (SD-WAN) market with a new offering it hopes to bring to market next year based on technology from SD-WAN startup VeloCloud.SD-WAN is gaining steam thanks to its ability to bring software-defined networking (SDN) controls to the wide area network. SD-WANs allow customers to integrate multiple network connection types and let software intelligently route traffic based on application profiles and available network types. Gartner has estimated that SD-WAN can save customers significant costs compared to traditional WAN architectures too. IDC predicts SD-WAN will be a $6 billion market by 2020.To read this article in full or to leave a comment, please click here

AT&T jumps into SD-WAN market; partners with IBM

AT&T today jumped headfirst into the fast-growing software-defined Wide Area Network (SD-WAN) market with a new offering it hopes to bring to market next year based on technology from SD-WAN startup VeloCloud.SD-WAN is gaining steam thanks to its ability to bring software-defined networking (SDN) controls to the wide area network. SD-WANs allow customers to integrate multiple network connection types and let software intelligently route traffic based on application profiles and available network types. Gartner has estimated that SD-WAN can save customers significant costs compared to traditional WAN architectures too. IDC predicts SD-WAN will be a $6 billion market by 2020.To read this article in full or to leave a comment, please click here

Worth Reading: Government lawyers don’t understand the internet

Last year, the FBI nearly destroyed the life of an innocent physicist. In May 2015, agents arrested Xi Xiaoxing, the chairman of Temple University’s physics department, and charged that he was sneaking Chinese scientists details about a piece of restricted research equipment known as a “pocket heater.” An illustrious career seemed suddenly to implode. A few months later, though, the Justice Department dropped all the charges and made an embarrassing admission: It hadn’t actually understood Xi’s work. After defense experts examined his supposed “leaks,” they pointed out that what he’d shared with Chinese colleagues wasn’t a restricted engineering design but in fact a schematic for an altogether different type of device. —Washington Post

LinkedInTwitterGoogle+Facebook

The post Worth Reading: Government lawyers don’t understand the internet appeared first on 'net work.

Microsoft Dynamics 365 will be unveiled later this month

Microsoft will kick off its Dynamic Communities’ Summit 16 event on Oct. 11 in Tampa Bay, Florida—hurricane notwithstanding—with the introduction of Dynamics 365, the main suite in its line-of-business applications.Scott Guthrie, executive vice president of the cloud and enterprise group at Microsoft, will lead the keynote, which will include live demos of the software and panel discussions for deep dives on what's new. The Summit is entirely devoted to Microsoft's Dynamics line-of-business apps, which includes Dynamics AX, CRM, GP and NAV.To read this article in full or to leave a comment, please click here

FBI arrests an NSA contractor suspected of stealing hacking tools

The FBI has arrested a U.S. government contractor for allegedly stealing classified documents, possibly including hacking tools.Harold Thomas Martin III, 51, has been charged with stealing government materials, including top secret information, the U.S. Department of Justice said on Wednesday.Martin, who held a top-secret national security clearance, allegedly took six classified documents produced in 2014."These documents were produced through sensitive government sources, methods, and capabilities, which are critical to a wide variety of national security issues," the DOJ said. To read this article in full or to leave a comment, please click here

FBI arrests an NSA contractor suspected of stealing hacking tools

The FBI has arrested a U.S. government contractor for allegedly stealing classified documents, possibly including hacking tools.Harold Thomas Martin III, 51, has been charged with stealing government materials, including top secret information, the U.S. Department of Justice said on Wednesday.Martin, who held a top-secret national security clearance, allegedly took six classified documents produced in 2014."These documents were produced through sensitive government sources, methods, and capabilities, which are critical to a wide variety of national security issues," the DOJ said. To read this article in full or to leave a comment, please click here

IDG Contributor Network: Many people abandon security, risky behavior surges

People are sick and tired of being told to be more secure in their use of computers and when participating in online activities. So much so that they’re simply ignoring the blitz of annoying demands and are carrying on as imprudently as they’ve always done, according to National Institute of Standards and Technology (NIST) researchers.The U.S. Department of Commerce-operated lab recently published a report (subscription) on the subject in IEEE’s IT Professional Journal.The study’s participants “expressed a sense of resignation and loss of control” when the scientists asked them about their online activity, such as shopping and banking.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Many people abandon security, risky behavior surges

People are sick and tired of being told to be more secure in their use of computers and when participating in online activities. So much so that they’re simply ignoring the blitz of annoying demands and are carrying on as imprudently as they’ve always done, according to National Institute of Standards and Technology (NIST) researchers.The U.S. Department of Commerce-operated lab recently published a report (subscription) on the subject in IEEE’s IT Professional Journal.The study’s participants “expressed a sense of resignation and loss of control” when the scientists asked them about their online activity, such as shopping and banking.To read this article in full or to leave a comment, please click here

1 2,563 2,564 2,565 2,566 2,567 3,784