Is High Tech Talking Barbie An NSA Spy?
Is High Tech Talking Barbie An NSA Spy? Is the new Barbie that #39;talks #39; and #39;listens #39; to your conversations an NSA spy? Consider that this new High Tech Barbie is actually Internet aided...

By: Zennie62

Original post:

Is High Tech Talking Barbie An NSA Spy? - Video

Pastor Mike Online 03-12-15, NSA Spy Apps, Hillary Has Horns, And Ferguson Update
Visit http://PastorMikeOnline.com - In today #39;s show, Pastor Mike Hoggard discusses topics that include: NSA using IOS and Android apps to spy on Americans, H...

By: MikeHoggardVideos

More:

Pastor Mike Online 03-12-15, NSA Spy Apps, Hillary Has Horns, And Ferguson Update - Video

Everyone #39;s a Target, NSA #39;s Mass Surveillance and Cyber Warfare in the Middle East
Since the revelations of Edward Snowden, there has been a great deal of discussion about NSA and domestic eavesdropping. But except for Germany, there has been very little examination of NSA #39;s...

By: American University of Beirut

Go here to see the original:

Everyone's a Target, NSA's Mass Surveillance and Cyber Warfare in the Middle East - Video

CURRUPT NSA withholding(7)

By: Daniel Gartzman

Continued here:

CURRUPT NSA withholding(7) - Video

The top lawyer for the National Security Agency, Rajesh De, has stepped down from his post and will join the law firm Mayer Brown.

Des last day was Friday, and he plans to start at Mayer Brown in June as head of the firms privacy and security practice in Washington. He had been NSAs general counsel since April 2012 and oversaw the exposure of the governments controversial surveillance program by former NSA contractor Edward Snowden.

Its a natural time to move on, De said.

The NSAs deputy general counsel Teisha Anthony will be the acting general counsel until a permanent replacement is named. De defended the NSAs practices during his three-year tenure, arguing that the agency has acted within the legal and policy framework provided by the executive branch, Congress and the courts.

But he said that reasonable people can have an intelligent and thoughtful discussion about what they want that framework to look like. De said he hopes Congress, which has a June deadline to reauthorize Section 215 of the Patriot Act the provision that grants the NSA legal authority to collect Americans phone records will reach a resolution that allows the government to preserve the operational capabilities it needs to maintain national security, while also addressing the need to move the metadata out of the governments hands.

De declined to comment specifically on Snowden, other than to say that he believes no one should consider themselves above the law. No person, a king or an IT guy, should consider themselves above our democratic system, De said. Theres a legal process we all adhere to. None of us is above the system.

In his new role, De who was a partner in Mayer Browns litigation group before joining the government will advise companies in the financial services, health-care, retail and manufacturing sectors on data privacy and cybersecurity issues. He said he has not decided whether he will register as a lobbyist.

De held a number of senior roles in the Obama administration over the past six years, including staff secretary and deputy assistant to the president, principal deputy assistant attorney in the Justice Departments Office of Legal Policy, and counsel to the 9/11 Commission.

De is joining Mayer Brown at a time when law firms are clamoring to grow their data privacy and cybersecurity practices. A number of major firms, including DLA Piper and Pillsbury, have bulked up their cybersecurity capabilities in recent months.

Privacy and cybersecurity is probably the number one issue clients have been asking us about over the last year, Mayer Brown Chairman Paul Theiss said. Its certainly the fastest-growing.

See more here:

NSAs top lawyer joins private sector

Want to know something odd? Its 2015 and all the top anti-virus products for Mac OS X use insecure lines to transmit their software to Apple Apple machines. Download files, known as .dmg files,for products including Kaspersky, Symantec Symantec, Avast, Avira, Intego, BitDefender, Trend Micro, ESET and F-Secure are all sentover unencrypted HTTP lines, rather than the more secure HTTPS. There is method in their madness, as they trust Apples Gatekeepersecurity technology to recognise the digital signatures they sign their software with that should guarantee the authenticity of the download.

But a former NSA and NASA staffer Patrick Wardle, who now heads up research at security start-up Synack, believes he has found a new way to abuse such insecure downloads and bypass protections in Apple Macs without getting caught. Normally, anyone who intercepts a download to turn it nasty wont get away with it, as Mac Gatekeeperwill see that the vendors original signature has been altered or taken away entirely, and the software tampered with, meaning its no longer trusted.

Yetthe Gatekeeper software doesnt check all components of Mac OS X download files, according to Wardle. He believes he can sneak a malicious version of whats known as a dylib file into legitimate downloads done over HTTP to infect Macs and start stealing data.These dylibs (short for dynamic libraries) are designed to be re-used by different applications; they might be used for actions such as compressing a file or using native graphics capabilities of the operating system. Theyre supposed to make apps work more efficiently.

If an attacker can hijack the dylib processes used by Mac apps, however, they can carry out nasty attacks and send user data to their own servers, the researcher explained. Such an attack would not be trivial, Wardle admits. First, the attacker would have to get on the same network as a target, either by breaching it or simply logging on to the same public Wi-Fi. They would also have to injecta legitimate yet vulnerable application into the downloadand shuffle around the content of the .dmg so thatthe injected legitimate softwareis shown to the user. The latter is not so tricky:the attacker can set the name and icon of thisvulnerable app so nothing looks suspicious, said Wardle.

Finding vulnerable apps shouldnt be too hard either.Wardle created a scanner that looked for applications that would use his naughty dylibs. He found around 150 on his own machine, including hugely popular software likeMicrosoftWord and Excel,Apples own iCloud Photos and Dropbox. The list also includedApples developer tool XCODE and email encryption key management software GPG Keychain, both of which he abused in his proof of concept attacks. According to a recent article in The Intercept, Snowden files showed researchers were demonstrating how amodified version of XCODEcould be used to siphon off targets passwords and other data. Wardle said it was 100 per cent coincidence that his former employer had also targeted XCODE.

Wardled noted that apps from Apples Mac App Store are not vulnerable.

Apps vulnerable to dylib attacks slide from Patrick Wardle

Despite the barriers to successful exploitation, his techniques have provided him with a novel way to bypass Gatekeepers draconian detection mechanism (its also not too dissimilar from DLL attacks of yore on Windows).It is, he added, a cunning way to bypass Mac OS X Gatekeeper protections and allow hackers to go back to their old tricks.

When the injected legitimateapplication is launched the unsigned malicious dylib is loaded or executed(even if the user sets his machine to accept only all apps from the Mac App Store) before theapps main code. At this point the dylib can do anything. I see it a)kicking off the legitimate application that the user was downloading sonothing seems amiss, and b) installing the implant component which will then complete the rest of the attack, persistently infecting the userscomputer. He noted theattack should also work on downloaded .zip filesthat contain applications.

Mac OS X dylib hijacking attacks slide from Patrick Wardle

Read more:

Ex-NSA Researcher Finds Sneaky Way Past Apple Mac's Gatekeeper

Critics say a crisis of transparency surrounds modern spying methods in Canada after revelations that a close ally the U.S. National Security Agency has been looking at the communications traffic of at least two Canadian corporations.

There are people from the NSA working inside of CSE as we speak, said NDP defence critic Jack Harris, referring to U.S. intelligence analysts embedded inside the Communications Security Establishment, the NSAs Canadian counterpart.

Mr. Harris said he has many questions about the extent of Canadas close surveillance partnerships with the United States, but Parliamentarians are not authorized to get answers.

Were reaching a crisis point on this, he said in an interview, pointing out that the Conservative government faces several spying controversies.

The Globe and Mail reported on Tuesday that a leaked NSA document from 2012 includes Royal Bank of Canada and Rogers Communications Inc. on a list of global firms whose private communication networks the U.S. agency appeared to be interested in mapping.

The document which The Globe obtained from a confidential source suggests the agency was describing efforts to identify and analyze computer networks controlled by corporations.

Markings on the document, a presentation for intelligence officers, indicate it may have been shared with Ottawa nearly three years ago. Rogers and RBC told The Globe they had no idea the NSA had any interest in their networks, which they insist are secured against intruders.

The NSA has said it will not discuss allegations about its intelligence activities.

There is no indication the NSA went as far as getting at any data inside individual computers or reading communications related to the Canadian companies. However, the presentation suggests the agency went further in using its mapping techniques to look at the computer systems controlled by a Chinese telecom giant.

The name of Huawei Technologies Co. Ltd. appears in the presentation, and the NSA appears to have had a keen interest in isolating the corporations data channels. These links are likely to carry Huawei traffic, reads one slide.

Excerpt from:

Reports of NSA spying on Canadian companies fuel calls for more transparency