Application Security // Database Security
11/15/2013
12:00 AM
Connect Directly
Twitter
Twitter
RSS
E-Mail
50%
50%

Schneier: Time To Make NSA Eavesdropping Expensive

NSA surveillance piggybacks on corporate capabilities through cooperation, bribery, threats and compulsion, says security evangelist Bruce Schneier.

As custodians of the Internet mull over the lessons that revelations about National Security Agency (NSA) surveillance offer about the insecurity of the Internet's infrastructure, architects must find ways to make wholesale spying more expensive. So said noted cryptographer and security evangelist Bruce Schneier in a talk today about Internet hardening at the Internet Engineering Task Force (IETF) plenary session.

"There are a lot of technical things we can do. The goal is to make eavesdropping expensive," Schneier said. "That's the way to think about this, is to force the NSA to abandon wholesale collection in favor of targeted collection of information." As things stand now, the NSA's surveillance efforts are aided and abetted by the information economy as it stands today, he explained. With data being collected about consumers at every step of their movement online and very little of it being purged from corporate systems, it is only a matter of time that someone puts that data to use.

Read the rest of this article on Dark Reading.

 

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7441
Published: 2015-05-29
The modern style negotiation in Network Block Device (nbd-server) 2.9.22 through 3.3 allows remote attackers to cause a denial of service (root process termination) by (1) closing the connection during negotiation or (2) specifying a name for a non-existent export.

CVE-2014-9727
Published: 2015-05-29
AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm.

CVE-2015-0200
Published: 2015-05-29
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x before 7.0.0.8 IF2 allows local users to obtain sensitive database information via unspecified vectors.

CVE-2015-0751
Published: 2015-05-29
Cisco IP Phone 7861, when firmware from Cisco Unified Communications Manager 10.3(1) is used, allows remote attackers to cause a denial of service via crafted packets, aka Bug ID CSCus81800.

CVE-2015-0752
Published: 2015-05-29
Cross-site scripting (XSS) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut27635.

Dark Reading Radio
Archived Dark Reading Radio
After a serious cybersecurity incident, everyone will be looking to you for answers -- but you’ll never have complete information and you’ll never have enough time. So in those heated moments, when a business is on the brink of collapse, how will you and the rest of the board room executives respond?