Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Snowden: I'd Do It Again
Newest First  |  Oldest First  |  Threaded View
asksqn
50%
50%
asksqn,
User Rank: Ninja
3/27/2014 | 4:04:24 PM
Encryption takes effort
Encryption works, but unfortunately, is problematic but only because it takes effort from each side to implement.  That being said, I don't see the average American using it on a widespread basis.
Security Michelle
50%
50%
Security Michelle,
User Rank: Apprentice
3/19/2014 | 12:31:06 PM
Re: Yay encryption!
I agree. Encryption is key and making it an approachable subject for all internet users is key to its success. Education is needed to help bring it to the mainstream in an easy to understand manner and software & web developers need to make the usability seamless so that more consumers can be protected conveniently. SXSW was the perfect place to bring this conversation to the people who can make a change.
micjustin33
50%
50%
micjustin33,
User Rank: Apprentice
3/18/2014 | 6:30:01 AM
Re: Hard to trace
SXSW conference discussion concerns were also centered on government insight into the privacy of their citizens, especially the internet users. Snowden also mentioned that tech companies were under no legal obligation to store user records or transactions. Snowden is blacklisted by NSA and after Snowden Leaks many of the internet people now concern about their online privacy..
moarsauce123
50%
50%
moarsauce123,
User Rank: Ninja
3/12/2014 | 7:39:38 AM
Re: Snowden Impact
I agree. This case also shows the ineptidue and knee-jerk reactions of the US government. Instead of pinning the stiffest penalties on Snowden and chasing him out of the country into the arms of the Russian government, the NSA and the government should have made a big deal about what a great patriot he is for disclosing incorrect behavior and pointing to security loopholes. Talk is cheap and the damage of letting a thief run free would have paled compared to Snowden sharing all the documents he got with who knows whom.
WKash
50%
50%
WKash,
User Rank: Apprentice
3/11/2014 | 10:22:01 AM
Snowden Impact
Snowden will be forever condemned for leaking classified NSA documents, but his actions have sparked a necessary dialogue on government surveillance. American Civil Liberties Union principal technologist Christopher Soghoian, in the Washingon Post today, said it well: "The goal here isn't to blind the NSA. It isn't to stop the government from going after legitimate targets. The goal here is to make it so they cannot spy on innocent people [just] because they can."
WKash
50%
50%
WKash,
User Rank: Apprentice
3/11/2014 | 10:10:04 AM
Hard to trace
Interesting to note the steps Snowden took to avoid being traced by speaking to SXSW. According to a Washington Post report today, he used a Google Hangout videoconferencing program that ran through seven proxy servers to mask his location.  

 
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
3/11/2014 | 8:15:56 AM
Re: Yay encryption!
Snowden's taking of the documents was one of the most fascinating aspects of this whole revelation. If the NSA is so keen on hoarding data, it needs far better safeguards if some random contractor can gain access to not only all this information, but take it with them too. Clearly his security credentials were far more reaching than the NSA gave them credit for. 

The simple fact that so many documents were taken out of the agency at all shows how lapse its security was/is. 
jschmoe101
50%
50%
jschmoe101,
User Rank: Apprentice
3/11/2014 | 5:33:47 AM
Yay encryption!
Encryption is important for everyone, although most people don't realize it yet. I hope to see encryption become as commonplace as firewalls and antivirus in upcoming years.

What I wanted to comment on was the quote that "the federal government still does not know which NSA documents he took from the agency 'because encryption works.'" This is true as far as it goes, but could create a misconception with the general public. Encryption cloaked Snowden's activities making it difficult to know exactly what documents he took, however encryption didn't give him superpowers to access documents outside of what his security credentials (or those he "borrowed") allowed.

I believe it is useful for articles like this to help demystify what encryption is so that it doesn't end up becoming stigmatized like the word "hacker" was for the past two decades.
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Ninja
3/10/2014 | 9:46:10 PM
Continued insight into the precariousness of individual rights
Encryption works, that's the good news. But it may have been compromised in the way it works and has been implemented in the recent past. So we need to get to the forms that work and pay the price of using them. Edward Snowden is neither a patriot and or a traitor. He is a tech eccentric, who defies ideological categorization but has performed an indelible service by revealing NSA's scope and ambitions. As his country of refuge, Russia, proceeds to annex part of its neighbor, he will be in a unique position to continue to supply us with insights into the precariousness of individual rights. In the meantime, encrypt, encrypt and encrypt some more.
danielcawrey
50%
50%
danielcawrey,
User Rank: Apprentice
3/10/2014 | 6:14:23 PM
Encryption
The fact that the government still does not know what Snowden took means encryption is more powerful than most in the technical community realize. Many believe that since the government had a hand in its creation that it somehow has a back door. But that might not be true, according to this. 


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-37759
PUBLISHED: 2021-07-31
A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID).
CVE-2021-37760
PUBLISHED: 2021-07-31
A Session ID leak in the audit log in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID).
CVE-2020-26564
PUBLISHED: 2021-07-31
ObjectPlanet Opinio before 7.15 allows XXE attacks via three steps: modify a .css file to have <!ENTITY content, create a .xml file for a generic survey template (containing a link to this .css file), and import this .xml file at the survey/admin/folderSurvey.do?action=viewImportSurvey['importFil...
CVE-2020-26565
PUBLISHED: 2021-07-31
ObjectPlanet Opinio before 7.14 allows Expression Language Injection via the admin/permissionList.do from parameter. This can be used to retrieve possibly sensitive serverInfo data.
CVE-2020-26806
PUBLISHED: 2021-07-31
admin/file.do in ObjectPlanet Opinio before 7.15 allows Unrestricted File Upload of executable JSP files, resulting in remote code execution, because filePath can have directory traversal and fileContent can be valid JSP code.