Chomsky 2014 "Me Sorprendio el Alcance de la NSA" en Espaol – Alejandro Concha – Video

Posted on by


Chomsky 2014 "Me Sorprendio el Alcance de la NSA" en Espaol - Alejandro Concha
Copyrights belong to its authors edited video with the sole purpose of adding subtitles in order to its better diffusion.- Subtitled video for Educational Purposes only.- https://www.youtube.com/c...

By: Alejandro Concha

Read the rest here:

Chomsky 2014 "Me Sorprendio el Alcance de la NSA" en Espaol - Alejandro Concha - Video

Posted in NSA

Source code reveals link between NSA and Regin cyberespionage malware

Posted on by

Keylogging malware that may have been used by the NSA shares signficant portions of code with a component of Regin, a sophisticated platform that has been used to spy on businesses, government institutions and private individuals for years.

The keylogger program, likely part of an attack framework used by the U.S. National Security Agency and its intelligence partners, is dubbed QWERTY and was among the files that former NSA contractor Edward Snowden leaked to journalists. It was released by German news magazine Der Spiegel on Jan. 17 along with a larger collection of secret documents about the malware capabilities of the NSA and the other Five Eyes partnersthe intelligence agencies of the U.K., Canada, Australia and New Zealand.

Weve obtained a copy of the malicious files published by Der Spiegel and when we analyzed them, they immediately reminded us of Regin, malware researchers from antivirus firm Kaspersky Lab said Tuesday in a blog post. Looking at the code closely, we conclude that the QWERTY malware is identical in functionality to the Regin 50251 plugin.

Moreover, the Kaspersky researchers found that both QWERTY and the 50251 plug-in depend on a different module of the Regin platform identified as 50225 which handles kernel-mode hooking. This component allows the malware to run in the highest privileged area of the operating systemthe kernel.

This is strong proof that QWERTY can only operate as part of the Regin platform, the Kaspersky researchers said. Considering the extreme complexity of the Regin platform and little chance that it can be duplicated by somebody without having access to its source code, we conclude the QWERTY malware developers and the Regin developers are the same or working together.

Der Spiegel reported that QWERTY is likely a plug-in of a unified malware framework codenamed WARRIORPRIDE that is used by all Five Eye partners. This is based on references in the code to a dependency called WzowskiLib or CNELib.

In a separate leaked document authored by the Communications Security Establishment Canada, the Canadian counterpart of the NSA, WARRIORPRIDE is described as a flexible computer network exploitation (CNE) platform thats an implementation of the WZOWSKI Five Eyes API (application programming interface).

The document also notes that WARRIORPRIDE is known under the code name DAREDEVIL at the UK Government Communications Headquarters (GCHQ) and that the Five Eyes intelligence partners can create and share plug-ins for it.

The newly discovered link between QWERTY and Regin suggests that the cyberespionage malware platform security researchers call Regin is most likely WARRIORPRIDE.

Some experts already suspected this based on other clues. According to Kaspersky Lab, Regin was the malware program that infected the personal computer of Belgian cryptographer Jean-Jacques Quisquater in 2013. That attack was linked to another malware attack against Belgian telecommunications group Belgacom whose customers include the European Commission, the European Parliament and the European Council.

Read more here:

Source code reveals link between NSA and Regin cyberespionage malware

Posted in NSA

Link between NSA and Regin cyberespionage malware becomes clearer

Posted on by

Security researchers found a strong connection between Regin and a keylogger used by the Five Eyes intelligence alliance

Keylogging malware that may have been used by the NSA shares signficant portions of code with a component of Regin, a sophisticated platform that has been used to spy on businesses, government institutions and private individuals for years.

The keylogger program, likely part of an attack framework used by the U.S. National Security Agency and its intelligence partners, is dubbed QWERTY and was among the files that former NSA contractor Edward Snowden leaked to journalists. It was released by German news magazine Der Spiegel on Jan. 17 along with a larger collection of secret documents about the malware capabilities of the NSA and the other Five Eyes partners -- the intelligence agencies of the U.K., Canada, Australia and New Zealand.

"We've obtained a copy of the malicious files published by Der Spiegel and when we analyzed them, they immediately reminded us of Regin," malware researchers from antivirus firm Kaspersky Lab said Tuesday in a blog post. "Looking at the code closely, we conclude that the 'QWERTY' malware is identical in functionality to the Regin 50251 plugin."

Moreover, the Kaspersky researchers found that both QWERTY and the 50251 plug-in depend on a different module of the Regin platform identified as 50225 which handles kernel-mode hooking. This component allows the malware to run in the highest privileged area of the operating system -- the kernel.

This is strong proof that QWERTY can only operate as part of the Regin platform, the Kaspersky researchers said. "Considering the extreme complexity of the Regin platform and little chance that it can be duplicated by somebody without having access to its source code, we conclude the QWERTY malware developers and the Regin developers are the same or working together."

Der Spiegel reported that QWERTY is likely a plug-in of a unified malware framework codenamed WARRIORPRIDE that is used by all Five Eye partners. This is based on references in the code to a dependency called WzowskiLib or CNELib.

In a separate leaked document authored by the Communications Security Establishment Canada, the Canadian counterpart of the NSA, WARRIORPRIDE is described as a flexible computer network exploitation (CNE) platform that's an implementation of the "WZOWSKI" Five Eyes API (application programming interface).

The document also notes that WARRIORPRIDE is known under the code name DAREDEVIL at the UK Government Communications Headquarters (GCHQ) and that the Five Eyes intelligence partners can create and share plug-ins for it.

The newly discovered link between QWERTY and Regin suggests that the cyberespionage malware platform security researchers call Regin is most likely WARRIORPRIDE.

Read the rest here:

Link between NSA and Regin cyberespionage malware becomes clearer

Posted in NSA

The NSA's infosec tips won't stop you from being hacked

Posted on by

Earlier this month, the NSAs cyber security wing released its best practice guide to defending against destructive malware - presumably with one eye on the beleaguered Sony bosses who continue to deal with the fallout from the companys high profile hack.

The report (PDF) focuses on cost-effective countermeasures that can be easily established in your organisation to make life more difficult for the average attacker.

Starting with controls such as segregation of networks, protection and restriction of the use of administrative privileges, and whitelisting authorised application execution on your systems, the tips aim to circumvent the damage cyber bad guys can do.

But is the NSA's new fact sheet just wishful thinking from the US spy agency? Would any of this information have stopped something like the Sony attack from happening?

I have scoured the content of the document in search of anything new. I didn't find it.

None of this is groundbreaking advice (and none of it should be new to the security team at Sony).

The NSA best practice controls will already be familiar to anyone following our own Australian Signals Directorate (ASD) guidelines on attack mitigation strategies, including its highly regarded Top 4 Strategies to Mitigate Targeted Cyber Intrusions-a mandatory requirement for government departments adhering to the Protective Security Policy Framework (PSPF).

Whitelisting, reduction of administrative privileges and a comprehensive approach to patching feature heavily in the ASDs top four. Its top 35 adds even more defensive measures that can be implemented to protect your organisation.

Nearly all of the mitigations listed in the NSA document - such as the use of Microsofts Enhanced Mitigation Experience Toolkit (EMET) and subscribing to cloud-based reputation services - are also covered in the ASD documentation.

As a result I was rather disappointed with this latest effort from the NSA. Realistically, the only valuable advice in this document is a warning for organisations to prepare for the worst.

Excerpt from:

The NSA's infosec tips won't stop you from being hacked

Posted in NSA

Does the First Amendment need a New Deal?

Posted on by

Lindsay France

Adam Liptak, Supreme Court correspondent for The New York Times, delivers a 2015 Frank Irvine Endowed Lecture (FIELS), "A New Deal for the First Amendment?"

The terrorist attack on the office of Charlie Hebdo, a satirical magazine in Paris, sparked a heated debate on the freedom of speech around the world. In America, this new dialogue was a continuation of a much longer, equally passionate debate on the First Amendment rights, one that has been taking place in the Supreme Court.

Adam Liptak, the Supreme Court correspondent for The New York Times, discussed the First Amendment in A New Deal for the First Amendment? at Cornell Law School Jan. 22.

Liptak began his talk with a 2011 Supreme Court case, Sorrell v. IMS Health Inc., which determined the legality of selling a doctors prescription information. The case was decided using the First Amendment, causing Justice Stephen Breyer to accuse the court of Lochnerism, a reference to the contentious 1905 Lochner v. New York decision based on the amendment. The Lochner case, Liptak explained, is often placed in the anti-canon of Supreme Court cases, along with other notorious decisions such as Dred Scott and Plessy v. Ferguson.

What made the Sorrell and Lochner cases so controversial, Liptak continued, is how the law was interpreted and applied. In Sorrell, prescription information was a form of speech, which could be protected, but it was also an economic activity, which could be regulated. A similar duality existed in Lochner. Reconciling this duality led to the controversy: The state legislatures tried to impose economic regulations and the contradicting court decision was dismissed as judicial activism.

Liptak mentioned another possible consideration in applying the law: If judging is, as he phrased it, weighing competing interests and putting a thumb on the scale in favor of marginalized speech, then should a deciding factor in applying the First Amendment be the relative power of the speaker? Though Liptak did not have an answer to this question, an audience member raised the possibility that a power-based consideration could lead to influential organizations, like major newspapers, being censored.

This brought Liptak to the dangers of applying the First Amendment liberally. I practiced First Amendment law for 14 years, and I drank the Kool-Aid, he said, describing his previous faith in the amendment. Over the years, many important decisions have been made using it, including allowing protestors near funerals and decriminalizing flag burning. However, he added, There is something troubling we should think about: economic regulations being struck down on the basis of free speech.

The Lochner era, which was characterized by such decisions, ended in the 1930s with the New Deal. To end our modern era of First Amendment law, Liptak suggested, a new New Deal is needed.

The lecture was presented by the Law Schools Frank Irvine Endowed Lecture Series.

Visit link:

Does the First Amendment need a New Deal?

Transmission 23 – Bitcoin Mining, Cloud Mining w/ Knights of the Satoshi – Video

Posted on by


Transmission 23 - Bitcoin Mining, Cloud Mining w/ Knights of the Satoshi
Make sure to thumbs up and subscribe http://worldcryptonetwork.com http://knightsofthesatoshi.com http://libertehosting.com http://transmission.rocks http://soundwallet.net Twitter: https://twitte...

By: World Crypto Network

Read more:

Transmission 23 - Bitcoin Mining, Cloud Mining w/ Knights of the Satoshi - Video

D2P3 – TNABC 2015 – VITALIK BUTERIN FOUNDER ETHEREUM – Bitcoin 2.0 – Ideas and Applications – Video

Posted on by


D2P3 - TNABC 2015 - VITALIK BUTERIN FOUNDER ETHEREUM - Bitcoin 2.0 - Ideas and Applications
TNABC 2015 - VITALIK BUTERIN FOUNDER ETHEREUM - Bitcoin 2.0 - Ideas and Applications Bitcoinist.net Presents in Association with TNABC This Video is for archival purposes. http://btcmiami.com ...

By: Bitcoinist.net

Visit link:

D2P3 - TNABC 2015 - VITALIK BUTERIN FOUNDER ETHEREUM - Bitcoin 2.0 - Ideas and Applications - Video

Bitcoin Prices Spike After News of First Regulated U.S. Bitcoin Exchange – Video

Posted on by


Bitcoin Prices Spike After News of First Regulated U.S. Bitcoin Exchange
Bitcoin may be getting a boost. Coinbase, a startup that develops a mobile wallet to buy and store the digital currency, announced Monday that it is launching the first licensed Bitcoin exchange...

By: WochitGeneralNews

The rest is here:

Bitcoin Prices Spike After News of First Regulated U.S. Bitcoin Exchange - Video