NSA has direct access to tech giants' systems for user data, secret files reveal

http://www.theguardian.com/world/in...en-nsa-files-surveillance-revelations-decoded

http://www.theguardian.com/uk-news/2013/nov/01/gchq-europe-spy-agencies-mass-surveillance-snowden

 

Angry Over U.S. Surveillance, Tech Giants Bolster Defenses

http://www.nytimes.com/2013/11/01/t...ce-tech-giants-bolster-defenses.html?hpw&_r=0

 

Re: Angry Over U.S. Surveillance, Tech Giants Bolster Defenses

To restore credibility, NIST will audit its standards development process.

-- Tom

 

GCHQ and European spy agencies worked together on mass surveillance
http://www.theguardian.com/uk-news/2013/nov/01/gchq-europe-spy-agencies-mass-surveillance-snowden

 

Looks like Italian servers are best now.

PD

 

Does the NSA follow Its rules?.

-- Tom

 

Hacking is NSA's 'growth area,' Times says in agency profile.

-- Tom

 

NSA: Germany Was ‘a Little Grumpy’ About Being Left Out of Spying Club.

-- Tom

 

iPads banned from (UK) Cabinet meetings over surveillance fears
http://www.telegraph.co.uk/news/pol...Cabinet-meetings-over-surveillance-fears.html

 

Kaspersky: “We detect and remediate any malware attack,” even by NSA

http://arstechnica.com/tech-policy/...and-remediate-any-malware-attack-even-by-nsa/

http://www.f-secure.com/weblog/archives/00002636.html

 

Kaspersky is no friend to privacy. He is the last person I would trust to detect government intrusion. He sees money in capitalizing on things now - but this guy has a history.

Eugene Kaspersky is fundamentally opposed to privacy on the Internet. Period. Surely many of you will remember his calling for the end to anonymity on the Internet? Permits? Passports? Licenses?

Read this interview. Would you trust your Internet privacy to this man?
http://www.zdnet.com/microsoft-onecare-was-good-enough-2062058697/

Edit to add key question to Kaspersky from the long interview linked above....

If you had the power to change up to three things in the world today that are related to IT security, what would they be?
Internet design--that's enough.

That's it? What's wrong with the design of the Internet?
There's anonymity. Everyone should and must have an identification, or Internet passport. The Internet was designed not for public use, but for American scientists and the U.S. military. That was just a limited group of people--hundreds, or maybe thousands. Then it was introduced to the public and it was wrong…to introduce it in the same way.

I'd like to change the design of the Internet by introducing regulation--Internet passports, Internet police and international agreement--about following Internet standards. And if some countries don't agree with or don't pay attention to the agreement, just cut them off.

Isn't it enough to have everyone register with ISPs (Internet service providers) and have IP addresses made known?
You're not sure who exactly has the connection. I can have a Wi-Fi connection and connect using a password, or give away the password for someone else to use that connection. Or the connection could be hacked. Even if the IP address is traced to an Internet café, they will not know who the customer or person is behind the attacks. Think about cars--you have plates on the cars, but you also have driver licenses.

`

 

Mr. Kaspersky has a Twitter account, perhaps your comments would be better served via this medium ? https://twitter.com/e_kaspersky

I hold no position on your statements.

 

Thanks for your suggestion.....but....are you suggesting the only discussion regarding Eugene Kaspersky be done with him personally at Twitter? Discussion on these matters is what this entire forum is for. You posted what Kaspersky said in 2013 and I posted what he said in 2009. They are diametrically opposed to one another.

No problem that you have no opinion on my statements (or his in 2009), but please don't suggest I go to another "medium" to react to your post. One of the biggest internet security companies in the world can surely be discussed on one of the largest internet security forums in the world. This is the perfect place for the discussion.

 

Google employees lash out at NSA over reports of cable tapping

(Reuters) - A pair of Google Inc employees involved with the internet company's security systems have publicly lashed out at the National Security Agency, with one of the employees accusing the organization of subverting the law by intercepting communications on cables linking Google's various data centers.

Nobody at the U.S. National Security Agency or the British intelligence agency "will ever stand before a judge and answer for this industrial-scale subversion of the judicial process," wrote Mike Hearn, an engineer at Google, on his personal Google+ page on Tuesday.

 

By the way, Mike Hearn posts occasionally on tor-talk.

 

AV complicity explained.

Note: This article is about the question of "Could the AV industry be complicit with government spying (by the NSA)?"

-- Tom

 

This reminds me of 'Magic Lantern' of the early 2K's. Symantec head honcho (at the time) Eric Chen, stated on the record, that they wouldn't detect gov malware. ESET publicly said they will detect it all. Now, with Romania hosting US 'Black Sites' IIRC, who knows what kind of local pressure could be put on foreign AV companies? I think the key here (other than the fact that MS (definitely) and maybe Apple provide 0day exploits), is HIPS and Sandboxing. They don't rely on signatures. But it may not be any better, because most products 'Whitelist' companies (though you can remove them at an increased user experience downturn)...or, if you know exactly what the malware will do, you can program it to ignore that specific set of actions...Yay...

 

Tim Berners-Lee: encryption cracking by spy agencies 'appalling and foolish'.

-- Tom

 

Again navigating between drama and humor about this toppic...
AV and law enforcement softs...quite old story

http://news.cnet.com/Will-security-firms-detect-police-spyware/2100-7348_3-6197020.html
http://pastebin.com/8ZLAzerh

None AV CEO can be 100% trusted, like Eugene Kaspersky, who is not the man who will save the world
http://www.wired.com/dangerroom/2012/07/ff_kaspersky/all/

This scandal is too much as pointed out by Al Gore
http://www.theguardian.com/world/2013/nov/06/al-gore-snowden-revealed-evidence-crimes-nsa
But nothing will stop the dynamic surveillance market...
In a few days, the Milipol congress will begin http://en.milipol.com/

I was exactly on this area (Parc des expostions de Villepinte, near Paris) yesterday, with a modern, well armored and offensive laptop...but strange, very strange, no trace of the NSA, no SSID, no IP catched...Damned...maybe should i invest in a Tempest Laptop
http://www.adsadvance.co.uk/l-3-trl-showcasing-iew-solution-at-milipol-2013.html
And finnaly i have catched it, yes gentlemen, i know how this famous security agency operates in France...by selling natural pills...yes Sir...exactly
http://www.nsafrance.fr/
Then please, gentlement, leave, leave the NSA alone...

Well...more seriously, it is time to do something, firstly by engineers
http://www.technologyreview.com/vie...ync&utm_medium=social-post&utm_source=twitter

But any citizen can help. For my concern it will be an anti-spy wiki or guide for RSF, and any volunteer is welcome.
Staying complaining on this thread makes no sense.

Rgds

 

Mikko Hypponen: How the NSA betrayed the world's trust -- time to act
http://www.ted.com/talks/mikko_hypponen_how_the_nsa_betrayed_the_world_s_trust_time_to_act.html

 

A good reminder

 

Time for Internet Engineers to Fight Back Against the “Surveillance Internet”.

-- Tom

 

Snowden persuaded other NSA workers to give up passwords - sources

http://www.reuters.com/article/2013/11/08/net-us-usa-security-snowden-idUSBRE9A703020131108

 

Wow, that's a classic BOFH trick

 

I was suggesting you take your old gripes to Kaspersky via that medium if you wished to do so. I did not post any position from any year. There are other ways of contacting an AV Vendor other than a slam on a security forum. You must ask yourself - are the statements made in 2009 relevant now and do they have any bearing on this thread ? I'm finding it difficult to see your seeming issue with old statements as a complaint and not something we necessarily want to read among these lines.