Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
NSA Surveillance Fallout Costs IT Industry Billions
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
cbabcock
50%
50%
cbabcock,
User Rank: Apprentice
11/27/2013 | 4:53:05 PM
Embedded authority to spy
Other countries don't invest in surveillance to the degree that the NSA has, but they have the laws on the books enabling them to do so. They are often embedded in an existing law rather than screaming out their existence, as in the U.S. Patriot Act. The Netherlands' is under Article 2 2(b) of the Personal Data Protection Act; likewise, in the UK under Section 5 of the Regulation of Investigatory Powers Act; also, Germany under Section 28(8) of the German Federal Data Protection Act.
anon3508728476
50%
50%
anon3508728476,
User Rank: Apprentice
11/27/2013 | 4:41:27 PM
Re: Reality Checks
I am so tired of these "naiive" arguments.  Yes the U.S. is special historically, because we stand historically for good principles.  Why cannot be take the high ground here?  Just because others can do it does not mean we should.  Also, all the trash arguments about that this is inevitable becasue of technology are pure hogwash.  If anything the mathematics and hardware which could be devised to protect rather than compromise secure communications could be BETTER not worse than in the era of PAPER MAIL and TELEPHONES.  Its pure nonsense from and engineering and software perspective.  There exist P2P algorithsm which no computer except a quantum computer (which are a long way off) could ever crack in the lifetime of the universe.  It can be done.  These infringements directly contradict our constitutional principles and are blantantly deliberate, and there is plenty of benefits which corporations can get from miniing private data from individuals and corporate competitiors, so this is all definitely complicit.  If we don't stand up for the right thing, who will???
DanS776
50%
50%
DanS776,
User Rank: Apprentice
11/27/2013 | 4:27:37 PM
Blackberry Technology
Blackberry is not an American Corporation and has bullet proof security. Apple and Google phone systems are easy to trace, hack, and survey by any government agency.
CLAFOUNTAIN100
100%
0%
CLAFOUNTAIN100,
User Rank: Apprentice
11/27/2013 | 4:13:00 PM
Re: Splinternet
Good point; however, in any particular market, there are "bubbles" created by Government to put people to work.


During the bush administration, there were too many "bubbles" created in my mind.
Tom Murphy
50%
50%
Tom Murphy,
User Rank: Apprentice
11/27/2013 | 3:49:53 PM
Re: Splinternet
True, Tom. If I were Russian or Chinese, I'd probably be a tad uncomfortable with the idea of using a global network built by DARPA  -- although we seem to get along pretty well in the International Space Station.

Why can we all just get along?
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Ninja
11/27/2013 | 3:32:38 PM
Re: Splinternet
>Can we tame the NSA at the same time?  Yes, we can. Will we? I have my doubts if Congress has the stomach to do so.

 

I suspect you're right and that will only encourage further Internet balkanization. The Russians and the Chinese don't want to use US-controlled GPS. It follows that they'd prefer to avoid a US-dominated Internet. Other countries have long been agitating for greater control of Internet governance. I would not be surprised if we end up with national networks, tenuously linked to each other, in a decade or two. Governments don't like that which they can't control.
UberGoober
50%
50%
UberGoober,
User Rank: Apprentice
11/27/2013 | 3:28:13 PM
Re: Reality Checks
The French DSG may not be 'similar,' but the folks on the Rainbow Warrior might think they are even worse in spirit... 

 

IMHO, the issue should be the topic of a robust debate.  I don't want my info collected, and I certainly don't want the current administration able to paw through it and use it for political gain they way the used the IRS, but I don't want a RIF to pop a nuke in Times Square, either.   Frankly, I suspect the cost/benefit ratio for the NSA data collection may be a lot better than having the TSA pawing grannies and infants, but it would be nice to have some real dialog about the issues without having idealogues from both sides staking out reflexive extreme positions and then talking over each other.
Tom Murphy
50%
50%
Tom Murphy,
User Rank: Apprentice
11/27/2013 | 3:12:22 PM
Re: Splinternet
Daniel:  While I can't condone the NSA's over-the-top campaign to snoop into everyone's background, I think the leading reason the splinternet is coming stems from old-fashioned economic greed.  Clearly cable companies, phone companies and others want to charge everyone more for accessing the Internet, and that will lead to social divides that violate the very essence and spirit of sharing information globally. 

Can we tame the NSA at the same time?  Yes, we can. Will we? I have my doubts if Congress has the stomach to do so.
Tom Murphy
50%
50%
Tom Murphy,
User Rank: Apprentice
11/27/2013 | 3:07:46 PM
Reality Checks
Mr. Staten claims that "Nearly every developed nation on the planet has a similar intelligence arm" to the NSA. No they don't. Aside from possibly China or Russia, there is nothing remotely similar to the NSA, which is using extremely sophisticated method to intercept communications in ways that are far beyond the reach of almost any country.  And judging by the reaction of our major allies, they aren't listening into the phone calls of other allies, either. The NSA can proudly claim "We're no. 1!"

Rep. Wyden adds: "If a foreign enemy was doing this much damage to the economy, people would be in the streets with pitchforks,"  Hmmm. Maybe we better gather in the barnyard boys and girls, because numerous sources have reported China has broken into the systems of almost every major US corporation and government agency in the US (and probably elsewhere). The costs of that have gotta be adding up, though I haven't seen an estimate of the economic damage in total.

 
danielcawrey
50%
50%
danielcawrey,
User Rank: Apprentice
11/27/2013 | 3:03:46 PM
Splinternet
Unfortunately, I believe that the Splinternet is coming. Blame it on the NSA, blame it on the FBI's suveillance unit, blame it on the White House. 

At this point, the blame game doesn't really do us any good. What needs to be done is something to fix these problems, or at least a step towards fixing them. 
<<   <   Page 2 / 2


COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
'BootHole' Vulnerability Exposes Secure Boot Devices to Attack
Kelly Sheridan, Staff Editor, Dark Reading,  7/29/2020
Average Cost of a Data Breach: $3.86 Million
Jai Vijayan, Contributing Writer,  7/29/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-18112
PUBLISHED: 2020-08-05
Affected versions of Atlassian Fisheye allow remote attackers to view the HTTP password of a repository via an Information Disclosure vulnerability in the logging feature. The affected versions are before version 4.8.3.
CVE-2020-15109
PUBLISHED: 2020-08-04
In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the shipm...
CVE-2020-16847
PUBLISHED: 2020-08-04
Extreme Analytics in Extreme Management Center before 8.5.0.169 allows unauthenticated reflected XSS via a parameter in a GET request, aka CFD-4887.
CVE-2020-15135
PUBLISHED: 2020-08-04
save-server (npm package) before version 1.05 is affected by a CSRF vulnerability, as there is no CSRF mitigation (Tokens etc.). The fix introduced in version version 1.05 unintentionally breaks uploading so version v1.0.7 is the fixed version. This is patched by implementing Double submit. The CSRF...
CVE-2020-13522
PUBLISHED: 2020-08-04
An exploitable arbitrary file delete vulnerability exists in SoftPerfect RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can allow an unprivileged user to delete any file on the filesystem. An attacker can send a malicious IRP to trigger this vulnerability.