From The Blog
-
ConnectWise Slash and Grab Flaw Once Again Shows the Value of Input Validation We talk to Huntress About its Impact
Written by Sean KalinichAlthough the news of the infamous ConnectWise flaw which allowed for the creation of admin accounts is a bit cold, it still is one that…Written on Tuesday, 19 March 2024 12:44 in Security Talk Read 707 times Read more...
-
Social Manipulation as a Service – When the Bots on Twitter get their Check marks
Written by Sean KalinichWhen I started DecryptedTech it was to counter all the crap marketing I saw from component makers. I wanted to prove people with a clean…Written on Monday, 04 March 2024 16:17 in Editorials Read 1587 times Read more...
-
To Release or not to Release a PoC or OST That is the Question
Written by Sean KalinichThere is (and always has been) a debate about the ethics and impact of the release of Proof-of-Concept Exploit for an identified vulnerability and Open-Source…Written on Monday, 26 February 2024 13:05 in Security Talk Read 1119 times Read more...
-
There was an Important Lesson Learned in the LockBit Takedown and it was Not About Threat Groups
Written by Sean KalinichIn what could be called a fantastic move, global law enforcement agencies attacked and took down LockBit’s infrastructure. The day of the event was filled…Written on Thursday, 22 February 2024 12:20 in Security Talk Read 1091 times Read more...
-
NetSPI’s Offensive Security Offering Leverages Subject Matter Experts to Enhance Pen Testing
Written by Sean KalinichBlack Hat 2023 Las Vegas. The term offensive security has always been an interesting one for me. On the surface is brings to mind reaching…Written on Tuesday, 12 September 2023 17:05 in Security Talk Read 2138 times Read more...
-
Black Kite Looks to Offer a Better View of Risk in a Rapidly Changing Threat Landscape
Written by Sean KalinichBlack Hat 2023 – Las Vegas. Risk is an interesting subject and has many different meanings to many different people. For the most part Risk…Written on Tuesday, 12 September 2023 14:56 in Security Talk Read 1863 times Read more...
-
Microsoft Finally Reveals how they Believe a Consumer Signing Key was Stollen
Written by Sean KalinichIn May of 2023 a few sensitive accounts reported to Microsoft that their environments appeared to be compromised. Due to the nature of these accounts,…Written on Thursday, 07 September 2023 14:40 in Security Talk Read 2135 times Read more...
-
Mandiant Releases a Detailed Look at the Campaign Targeting Barracuda Email Security Gateways, I Take a Look at What this all Might Mean
Written by Sean KalinichThe recent attack that leveraged a 0-Day vulnerability to compromise a number of Barracuda Email Security Gateway appliances (physical and virtual, but not cloud) was…Written on Wednesday, 30 August 2023 16:09 in Security Talk Read 2104 times Read more...
-
Threat Groups Return to Targeting Developers in Recent Software Supply Chain Attacks
Written by Sean KalinichThere is a topic of conversation that really needs to be talked about in the open. It is the danger of developer systems (personal and…Written on Wednesday, 30 August 2023 13:29 in Security Talk Read 1897 times Read more...
Recent Comments
- Sean, this is a fantastic review of a beautiful game. I do agree with you… Written by Jacob 2023-05-19 14:17:50 Jedi Survivor – The Quick, Dirty, and Limited Spoilers Review
- Great post. Very interesting read but is the reality we are currently facing. Written by JP 2023-05-03 02:33:53 The Dangers of AI; I Think I Have Seen this Movie Before
- I was wondering if you have tested the microphone audio frequency for the Asus HS-1000W? Written by Maciej 2020-12-18 14:09:33 Asus HS-1000W wireless headset impresses us in the lab
- Thanks for review. I appreciate hearing from a real pro as opposed to the blogger… Written by Keith 2019-06-18 04:22:36 The Red Hydrogen One, Possibly One of the Most “misunderstood” Phones Out
- Have yet to see the real impact but in the consumer segment, ryzen series are… Written by sushant 2018-12-23 10:12:12 AMD’s 11-year journey to relevance gets an epic finish.
Most Read
- Microsoft Fail - Start Button Back in Windows 8.1 But No Start Menu Written on Thursday, 30 May 2013 15:33 in News Be the first to comment! Read 116532 times Read more...
- We take a look at the NETGEAR ProSafe WNDAP360 Dual-Band Wireless Access Point Written on Saturday, 07 April 2012 00:17 in Pro Storage and Networking Be the first to comment! Read 87506 times Read more...
- Synology DS1512+ Five-Bay NAS Performance Review Written on Tuesday, 12 June 2012 20:31 in Pro Storage and Networking Be the first to comment! Read 82046 times Read more...
- Gigabyte G1.Sniper M3 Design And Feature Review Written on Sunday, 19 August 2012 22:35 in Enthusiast Motherboards Be the first to comment! Read 80342 times Read more...
- The Asus P8Z77-M Pro Brings Exceptional Performance and Value to the Lab Written on Monday, 23 April 2012 13:02 in Consumer Motherboards Be the first to comment! Read 71001 times Read more...
Displaying items by tag: PRISM
Web Companies Scramble to Rebuild Consumer Trust by Pushing Back on Government Spying
Lately the news has had a few articles about how companies like Microsoft, Google, and Yahoo etc. are pushing the government for radical changes to their surveillance policies and demanding better protections for their customers. We have seen new ads focused on explaining how important our data is to them (and in some cases how the other guys are abusing it). The groups lining up and demanding change are many of the same companies that Edward Snowden’s bevy of leaked documents claimed were working hand in hand with the NSA to allow for mass spying on peoples’ data and that in cases where they were not directly cooperating lax security practices allowed for easy retrieval of user information.
CryptoSeal, Another Privacy Service Shuts Down Out of Fear of the NSA
When the leaks about how widespread the NSA’s surveillance is hit the news there was (and still is) talk about how much of an impact this would have on privacy. We all knew that having an agency that was able to dig into your online life like the NSA was not a good thing. What was less expected (although some talked about it) is the widespread effect on free speech, and also the economic impact in the form of people moving away from the internet and businesses closing down.
iMessage Not As Secure As Apple Claimed
Back in April of this year (2013) we published two articles that countered Apple’s claims that their iMessage application was not as secure as they claimed. The first was after an alleged DEA memo was leaked to CNet. This memo detailed the frustrations of the agency in their inability to acquire text messages sent using Apple iPhones. Sadly for the DEA the “leaked” memo ended up making them look rather foolish as they were trying to get the information from carriers instead of from Apple. Apple countered with their usual, there is no flaw and for many that was that.
The NSA has been trying to break into the TOR Netwotk since at least 2007
There is a pretty interesting story about how the NSA has been targeting the TOR Network for the last couple of days. The news is just another piece of the much larger tapestry of US government surveillance being performed by the National Security Agency. Some of this surveillance appears to be at the behest of the administration while others pieces seem to be generated from within the agency and possibly outside their charter and license. It seems that the NSA is determined to bring all forms of communication under their domain. This is why we were not surprised to hear that the NSA has been working on being able to identify people using the TOR Network since at least 2007 (possibly before that).
Quick send that email while the NSA isn’t looking, 70% of the NSA sent home
Shortly after Edward Snowden revealed the massive surveillance programs being run by the NSA we all were treated to speeches and claims that these programs were essential to national security. These claims further talked about the vital role the NSA plays in protecting the US from the bad guys around the world. Of course they never touched on the violations individual rights protected by the constitution, but that was such a small matter than they felt it was not important.
"National Secutity" Efforts Now Having a Measurable Impact on Public Discourse as Sites Like Gorklaw Close
The fight for internet freedom, privacy and net neutrality has been a rough one. Over the past couple of years we have watched as a parade of laws have trotted past us. SOPA, PIPA, CISPA, and more have all shown us one certain thing; the powers that be have little to no regard for individual freedoms, free speech or the impact of restrictive laws on innovation, technology and the economy as a whole. However there was an underlying trend to these laws that disturbed us and many other privacy and right groups out there. The trend was a general trammeling of the right to free speech when it comes to any online sources; some would even say any source that had an opposing view point. Even the right to have protected sources was slowly being removed if you were an independent blogger (citizen journalist) and this effort is now being expanded.
Google Says Gmail Users Have No Reasonable Right to Privacy
Google has made the statement that users of Gmail not only have consented to any electronic snooping and scanning of their communication, but have no reasonable expectation that their mail will remain private anyway. The revelation comes through a brief filed by Google to dismiss a data-mining suit against them. In it they describe the act of sending email through their services as if you are handing your letter to someone else. They seem to forget that letters are processed by the post office (or other carrier) and during transit cannot legally be opened. This makes the analogy very inaccurate indeed.
Are the NSA and FBI Asking For Encryption Keys and Passwords?
There is a rumor going around (from “sources wishing to remain anonymous”) that claims that US Law Enforcement and the NSA have been asking internet companies for user passwords. The article originally posted by cNet has made the rounds this morning across a few sites; all of them pointing back at the single cNet source. Now on top of everything else that is going on many people are ready to jump on board with this and further denounce the NSA, the FBI, DHS, IRS, and anyone else in the US government with initials. But outside of the claims from a single blogger at cNet are there any other indications that this is a common practice?
US House of Representatives Votes Down Bill To Cut Spending on Mass Spying
Yesterday there was a vote on one of the more important pieces of legislation to go through Congress this year. Despite its importance there was very little media coverage outside the internet and the few sites that are still determined to fight for people’s right to privacy. The bill was named HR 2397 and was introduced by Representative Justin Amash (R MI) and was intended to deny funding to the NSA for any program that allows for broad (warrantless) spying on US Citizens.
Technology And The Cloud Helped To Make PRISM Possible
Over the last couple of weeks the new has been flooded with articles about the US Government’s surveillance program called PRISM. It is possibly one of the largest invasions of privacy that has been leaked to the general public. What makes this program all the more concerning is that the NSA appears to have cooperation from each of the companies involved. This apparent breach of consumer trust has caused quite a stir and almost all of the companies that were shown in the leaked power point about PRISM have released statements claiming they only cooperate within the limits of the law. This raises an interesting question though; if a broad request is approved by the Foreign Intelligence Surveillance Court wouldn’t a company be within the law to grant access?