Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Snowden: I'd Do It Again
Newest First  |  Oldest First  |  Threaded View
asksqn
asksqn,
User Rank: Ninja
3/27/2014 | 4:04:24 PM
Encryption takes effort
Encryption works, but unfortunately, is problematic but only because it takes effort from each side to implement.  That being said, I don't see the average American using it on a widespread basis.
Security Michelle
Security Michelle,
User Rank: Apprentice
3/19/2014 | 12:31:06 PM
Re: Yay encryption!
I agree. Encryption is key and making it an approachable subject for all internet users is key to its success. Education is needed to help bring it to the mainstream in an easy to understand manner and software & web developers need to make the usability seamless so that more consumers can be protected conveniently. SXSW was the perfect place to bring this conversation to the people who can make a change.
micjustin33
micjustin33,
User Rank: Apprentice
3/18/2014 | 6:30:01 AM
Re: Hard to trace
SXSW conference discussion concerns were also centered on government insight into the privacy of their citizens, especially the internet users. Snowden also mentioned that tech companies were under no legal obligation to store user records or transactions. Snowden is blacklisted by NSA and after Snowden Leaks many of the internet people now concern about their online privacy..
moarsauce123
moarsauce123,
User Rank: Ninja
3/12/2014 | 7:39:38 AM
Re: Snowden Impact
I agree. This case also shows the ineptidue and knee-jerk reactions of the US government. Instead of pinning the stiffest penalties on Snowden and chasing him out of the country into the arms of the Russian government, the NSA and the government should have made a big deal about what a great patriot he is for disclosing incorrect behavior and pointing to security loopholes. Talk is cheap and the damage of letting a thief run free would have paled compared to Snowden sharing all the documents he got with who knows whom.
WKash
WKash,
User Rank: Apprentice
3/11/2014 | 10:22:01 AM
Snowden Impact
Snowden will be forever condemned for leaking classified NSA documents, but his actions have sparked a necessary dialogue on government surveillance. American Civil Liberties Union principal technologist Christopher Soghoian, in the Washingon Post today, said it well: "The goal here isn't to blind the NSA. It isn't to stop the government from going after legitimate targets. The goal here is to make it so they cannot spy on innocent people [just] because they can."
WKash
WKash,
User Rank: Apprentice
3/11/2014 | 10:10:04 AM
Hard to trace
Interesting to note the steps Snowden took to avoid being traced by speaking to SXSW. According to a Washington Post report today, he used a Google Hangout videoconferencing program that ran through seven proxy servers to mask his location.  

 
Whoopty
Whoopty,
User Rank: Ninja
3/11/2014 | 8:15:56 AM
Re: Yay encryption!
Snowden's taking of the documents was one of the most fascinating aspects of this whole revelation. If the NSA is so keen on hoarding data, it needs far better safeguards if some random contractor can gain access to not only all this information, but take it with them too. Clearly his security credentials were far more reaching than the NSA gave them credit for. 

The simple fact that so many documents were taken out of the agency at all shows how lapse its security was/is. 
jschmoe101
jschmoe101,
User Rank: Apprentice
3/11/2014 | 5:33:47 AM
Yay encryption!
Encryption is important for everyone, although most people don't realize it yet. I hope to see encryption become as commonplace as firewalls and antivirus in upcoming years.

What I wanted to comment on was the quote that "the federal government still does not know which NSA documents he took from the agency 'because encryption works.'" This is true as far as it goes, but could create a misconception with the general public. Encryption cloaked Snowden's activities making it difficult to know exactly what documents he took, however encryption didn't give him superpowers to access documents outside of what his security credentials (or those he "borrowed") allowed.

I believe it is useful for articles like this to help demystify what encryption is so that it doesn't end up becoming stigmatized like the word "hacker" was for the past two decades.
Charlie Babcock
Charlie Babcock,
User Rank: Ninja
3/10/2014 | 9:46:10 PM
Continued insight into the precariousness of individual rights
Encryption works, that's the good news. But it may have been compromised in the way it works and has been implemented in the recent past. So we need to get to the forms that work and pay the price of using them. Edward Snowden is neither a patriot and or a traitor. He is a tech eccentric, who defies ideological categorization but has performed an indelible service by revealing NSA's scope and ambitions. As his country of refuge, Russia, proceeds to annex part of its neighbor, he will be in a unique position to continue to supply us with insights into the precariousness of individual rights. In the meantime, encrypt, encrypt and encrypt some more.
danielcawrey
danielcawrey,
User Rank: Apprentice
3/10/2014 | 6:14:23 PM
Encryption
The fact that the government still does not know what Snowden took means encryption is more powerful than most in the technical community realize. Many believe that since the government had a hand in its creation that it somehow has a back door. But that might not be true, according to this. 


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Black Hat USA 2022 Attendee Report
Black Hat attendees are not sleeping well. Between concerns about attacks against cloud services, ransomware, and the growing risks to the global supply chain, these security pros have a lot to be worried about. Read our 2022 report to hear what they're concerned about now.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-35942
PUBLISHED: 2022-08-12
Improper input validation on the `contains` LoopBack filter may allow for arbitrary SQL injection. When the extended filter property `contains` is permitted to be interpreted by the Postgres connector, it is possible to inject arbitrary SQL which may affect the confidentiality and integrity of data ...
CVE-2022-35949
PUBLISHED: 2022-08-12
undici is an HTTP/1.1 client, written from scratch for Node.js.`undici` is vulnerable to SSRF (Server-side Request Forgery) when an application takes in **user input** into the `path/pathname` option of `undici.request`. If a user specifies a URL such as `http://127.0.0.1` or `//127.0.0.1` ```js con...
CVE-2022-35953
PUBLISHED: 2022-08-12
BookWyrm is a social network for tracking your reading, talking about books, writing reviews, and discovering what to read next. Some links in BookWyrm may be vulnerable to tabnabbing, a form of phishing that gives attackers an opportunity to redirect a user to a malicious site. The issue was patche...
CVE-2022-35956
PUBLISHED: 2022-08-12
This Rails gem adds two methods to the ActiveRecord::Base class that allow you to update many records on a single database hit, using a case sql statement for it. Before version 0.1.3 `update_by_case` gem used custom sql strings, and it was not sanitized, making it vulnerable to sql injection. Upgra...
CVE-2022-35943
PUBLISHED: 2022-08-12
Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow [SameSite Attackers](https://canitakeyoursubdomain.name/) to bypass the [CodeIgniter4 CSRF protection](https://codeigniter4.github.io/userguide/libraries/security.html) mechanism with CodeIgniter ...