NSA needs more EFF hoodies

A few months ago, many stories covered "intelexit.org", a group that bought billboards outside NSA buildings encouraging moderates to leave intelligence organizations. This is a stupidbad idea.

For one thing, it's already happening inside the intelligence community. Before Snowden, EFF hoodies were tolerated. From what I hear, they aren't anymore. Anybody who says anything nice about the EFF or Snowden quickly finds their promotion prospects reduced. And if you aren't being promoted, you are on track to be pushed out, to make room for new young blood.

The exit of moderates is radicalizing the intelligence community. More and more, those who stay want more surveillance.

In my own experience, the intelligence community is full of pro-EFF moderates. More than anybody, those inside the community can see the potential for abuse. For all that mass surveillance is unacceptable, the reality is that it's not really being abused. It really is just focused on catching evil terrorists, not on tracking political activists in America. All this power is in the hands of people who use the power as intended.

A mass exodus of moderates, though, will change this, creating a more secretive and more abusive organization. The NSA is nowhere near Continue reading

Windows 10 update didn’t remove spying utility, Microsoft just renamed it

One of the services at the heart of Windows 10's user information gathering (otherwise known as spying) that many thought was removed in the latest update to the operating system is, in fact, still there, doing what it always did.The Diagnostics Tracking Service, aka DiagTrack, was one of the main culprits in telemetry and other user activity gathering in Windows 10. It has been identified as a keylogger, although some people dispute that. Given the concerns around spying in Windows 10, just the accusation is damaging enough.See also: Windows 10 update deep dive: Big changes, minor tweaks, and common problems With the release of Build 10586, or Threshold 2, DiagTrack disappeared and there was much rejoicing. However, the white hat hackers at Tweakhound (and confirmed by BetaNews) have discovered that Microsoft merely renamed it to the Connected User Experiences and Telemetry service, which throws people off, along with all the utilities to turn off these services, like DoNotSpy10.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Why you should lawyer up before a cyberattack

Lawyers advise enterprises to establish preemptive legal protection before suffering a cyberattack. While one might expect lawyers to say that, there are some reasons to take this advice.Namely, a federal district court in Minnesota found in October that "certain documents created during Target's internal investigation of its 2013 payment card breach were protected by the attorney-client privilege and work product doctrine," according to the Cybersecurity Law Report.Investigation The court told Target that it didn't have to produce certain documents that the plaintiffs wanted to see. The reason: they were part of the investigation.To read this article in full or to leave a comment, please click here

AMD pushes Crimson driver fan speed hotfix after reports of overheating Radeon cards

AMD plans to roll out a hotfix on Monday, November 30 for its new Radeon Software Crimson after some users reported their graphics cards were too hot to handle—and not in a good way.A random assortment of AMD GPU users recently reported seeing the fans in their graphics cards locked to a maximum 20 percent speed limit regardless of the load they were under. Some users report their cards being physically damaged after heavy gameplay sessions as a result of the bug. Update: AMD has released a new driver to correct the issue, Crimson Beta 15.11.11. The release notes mention several other tweaks, including bug fixes in Just Cause 3, Call of Duty: Black Ops 3, and Star Wars Battlefront.To read this article in full or to leave a comment, please click here

UK intelligence service GCHQ is on trial for hacking

GCHQ, the British signals intelligence service, is in the dock accused of hacking computers without individual warrants in order to tap communications.The allegations, made by messaging providers and campaign groups GreenNet, RiseUp Networks, Chaos Computer Club and Privacy International, among others, concern the use by the U.K. Government Communications Headquarters of "thematic warrants" to hack computers. They began making their cases to the U.K.'s Investigatory Powers Tribunal in London on Tuesday, in hearings scheduled to run through Friday.GCHQ first admitted to hacking in February following Privacy International's initial legal challenge.To read this article in full or to leave a comment, please click here

Feds drive toward high-tech criminal tracking system standard

Electronic monitoring technologies are not the panacea for tracking criminals many believe they are.The main issue – and it’s a big one – is that such the packages also known as offender tracking systems (OTS) operate and perform with no underlying industry standards for communications or software causing a myriad of problems for law enforcement agencies.+More on Network World: Gartner: Get onboard the algorithm train!An OTS typically consists of hardware, such as an ankle bracelet, used for collecting Global Positioning System (GPS) signals to determine an individual's location, and software for analyzing data collected from the hardware device.To read this article in full or to leave a comment, please click here

Deep Lessons from Google and eBay on Building Ecosystems of Microservices

When you look at large scale systems from Google, Twitter, eBay, and Amazon, their architecture has evolved into something similar: a set of polyglot microservices.

What does it looks like when you are in the polyglot microservices end state? Randy Shoup, who worked in high level positions at both Google and eBay, has a very interesting talk exploring just that idea: Service Architectures at Scale: Lessons from Google and eBay.

What I really like about Randy's talk is how he is self-consciously trying to immerse you in the experience of something you probably have no experience of: creating, using, perpetuating, and protecting a large scale architecture.

In the Ecosystem of Services section of the talk Randy asks: What does it look like to have a large scale ecosystem of polyglot microservices? In the Operating Services at Scale section he asks: As a service provider what does it feel like to operate such a service? In the Building a Service section he asks: When you are a service owner what does it look like? And in the Service Anti-Patterns section he asks: What can go wrong?

A very powerful approach.

The highlight of the talk for me was the idea of Continue reading

Worth Reading: IPv6 Performance

Every so often I hear the claim that some service or other does not support IPv6 not because of some technical issue, or some cost or business issue, but simply because the service operator is of the view that IPv6 offers an inferior level service as compared to IPv4, and by offering the service over IPv6 they would be exposing their clients to an inferior level of performance of the service. via potaroo.net

The post Worth Reading: IPv6 Performance appeared first on 'net work.

Judge strips redactions from NSL, showing info FBI gets without a warrant

A federal judge lifted an 11-year gag order the FBI had imposed on Nicholas Merrill and removed redactions of a National Security Letter (NSL) so Americans can see the overly broad "types of electronic communications transaction records" that the FBI has sought and continues to seek through NSLs.The FBI served the NSL back in 2004 when Nicholas Merrill owned and operated Calyx Internet Access, a small ISP with about 200 customers. After the judge found in favor of Merrill and not the government, Merrill said, "For more than a decade, the FBI has fought tooth and nail in order to prevent me from speaking freely about the NSL I received. Judge Marrero’s decision vindicates the public’s right to know how the FBI uses warrantless surveillance to peer into our digital lives. I hope today’s victory will finally allow Americans to engage in an informed debate about proper the scope [sic] of the government’s warrantless surveillance powers."To read this article in full or to leave a comment, please click here

Security ‘net: Google, Watson, and other thoughts

Encryption, security, and privacy are at the top of our list, it seems. The question is — who really cares about your privacy? Is Google a champion of freedom, or a threat to national sovereignty?

Google is unique in its leadership, plans, and global marketpower to accelerate the majority of all global Web traffic “going dark,” i.e. encrypted by default. Google’s “going dark” leadership seriously threatens to neuter sovereign nations’ law-enforcement and intelligence capabilities to investigate and prevent terrorism and crime going forward.

Or has Google just figured out that encryption is the best way to funnel all the world’s information through their servers so it can be properly indexed and used to its maximum commercial value?

But the truth about where the giants of tech stand on user privacy is another matter entirely. No organizations on earth have exploited users more than Google (GOOGL) and Facebook (FB) have in their zealous quest to boost ad revenues by providing users’ personal data – demographics, searches, email and location, among others – to an ever-growing list of digital advertisers.

Russ’ take: The truth is probably out there someplace, but I doubt it’s as clean cut as either of these articles Continue reading

The Marriage of the Ecosystem

 

marriage

A recent discussion with Greg Ferro (@EtherealMind) of Packet Pushers and Nigel Poulton (@NigelPoulton) of In Tech We Trust got me thinking about product ecosystems. Nigel was talking about his new favorite topic of Docker and containers. He mentioned to us that it had him excited because it felt like the good old days of VMware when they were doing great things with the technology. That’s when I realized that ecosystems aren’t all they are cracked up to be.

Courting Technology

Technology is a huge driver for innovation. New ideas are formed into code that runs to accomplish a task. That code is then disseminated to teams and built upon to create toolsets to accomplish even more tasks. That’s how programs happen. Almost every successful shift in technology starts with the courtship of focused code designed to accomplish a simple task or solve a quick problem.

The courtship evolves over time to include other aspects of technology. Development work extends the codebase to accept things like plugins to provide additional functionality. Not core functions though. The separation comes when people want to add additional pieces without compromising the original program. Bolting additional non-core pieces on Continue reading

OSPF vs EIGRP for DMVPN

In this post I’m going to look at the characteristics of OSPF and EIGRP when used in a Dynamic Multipoint VPN (DMVPN). I will do my best not to play favorites and instead stick to the facts (yes, I do have a preference :-). To that end I will back everything up with data from my lab. The focus areas of the comparison will be:

  • Scalability of the hub router’s control plane
  • Overall control plane stability
  • Traffic engineering

This post won’t go into any background on how DMVPN works. If you’re not yet familiar with DMVPN, I recommend watching these introductory videos by Brian McGahan. This post also does not do a deep dive on OSPF or EIGRP. I’m making the assumption that you’re already familiar with the different LSA types in OSPF and general functions of EIGRP.

After reading this post you should be able to describe the pros and cons of OSPF and EIGRP in the three areas listed above and incorporate this knowlege into a DMVPN design.

Continue reading

No letup seen in Chinese cyber spying

A deal announced two months ago between China and the U.S. was pitched as bringing an end to economic espionage.But if any business leader thinks that means their organizations are no longer a target, they haven’t been paying attention.That is the unanimous conclusion of a number of experts who have been tracking cyber attacks from China in the two months since Chinese President Xi Jinping and U.S. President Barack Obama announced that, “neither country’s government will conduct or knowingly support cyber-enabled theft of intellectual property (IP), including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.”To read this article in full or to leave a comment, please click here

Forecast 2016: 5 fast-track trends to tackle now (and one to ignore)

Of all the burning questions that keep tech execs awake at night, perhaps none is more urgent than, "Are we keeping up?" The breakneck pace of change in IT and in business at large means that CIOs and other senior technologists can't afford to lose focus as they head into 2016.Where should you center your efforts as you build your to-do list for the year ahead? Computerworld's Forecast 2016 survey of IT professionals points to five key areas -- cloud computing, security, the Internet of Things, analytics, and the emergence of IT as a change agent -- as well as one area where you don't need to devote resources (or not yet, anyway).To read this article in full or to leave a comment, please click here(Insider Story)

IDG Contributor Network: How to prepare your organization for the risk of data loss

Data breaches are serious and very real threats in today's digital world, and no industry sectors are immune. In the medical sector alone, the cost of client data breach liability, expense, and settlements surpassed the same costs from medical malpractice. Securing data and minimizing the probability and impact of data breaches is at its core a risk-based endeavor.While many businesses have recognized the need for risk assessment and management, there is still a tendency to treat risk assessment and managements as "checkbox" exercises. For a risk management program to provide true benefit, several things are required: An enterprise-level risk management practice. This is NOT your IT risk management team – it is a standalone and empowered practice that operates at the CXO level. This team is focused on business alignment. An IT-level risk management practice. This team is focused on the application and testing of applicable risk management frameworks and the controls associated with those frameworks. Certified and qualified risk management professionals. There are several industry certifications available. CRISC (Certified in Risk & Information Systems Control) and CRMP (Certified Risk Management Professional) are examples. They both require hefty amounts of continuing education, which is critical, given the moving target Continue reading

1 3,182 3,183 3,184 3,185 3,186 3,793