Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Comments
Snowden: I'd Do It Again
Newest First  |  Oldest First  |  Threaded View
asksqn
asksqn,
 User Rank: Ninja
3/27/2014 | 4:04:24 PM
Encryption takes effort
Encryption works, but unfortunately, is problematic but only because it takes effort from each side to implement.  That being said, I don't see the average American using it on a widespread basis.
Security Michelle
Security Michelle,
 User Rank: Apprentice
3/19/2014 | 12:31:06 PM
Re: Yay encryption!
I agree. Encryption is key and making it an approachable subject for all internet users is key to its success. Education is needed to help bring it to the mainstream in an easy to understand manner and software & web developers need to make the usability seamless so that more consumers can be protected conveniently. SXSW was the perfect place to bring this conversation to the people who can make a change.
micjustin33
micjustin33,
 User Rank: Apprentice
3/18/2014 | 6:30:01 AM
Re: Hard to trace
SXSW conference discussion concerns were also centered on government insight into the privacy of their citizens, especially the internet users. Snowden also mentioned that tech companies were under no legal obligation to store user records or transactions. Snowden is blacklisted by NSA and after Snowden Leaks many of the internet people now concern about their online privacy..
moarsauce123
moarsauce123,
 User Rank: Ninja
3/12/2014 | 7:39:38 AM
Re: Snowden Impact
I agree. This case also shows the ineptidue and knee-jerk reactions of the US government. Instead of pinning the stiffest penalties on Snowden and chasing him out of the country into the arms of the Russian government, the NSA and the government should have made a big deal about what a great patriot he is for disclosing incorrect behavior and pointing to security loopholes. Talk is cheap and the damage of letting a thief run free would have paled compared to Snowden sharing all the documents he got with who knows whom.
WKash
WKash,
 User Rank: Apprentice
3/11/2014 | 10:22:01 AM
Snowden Impact
Snowden will be forever condemned for leaking classified NSA documents, but his actions have sparked a necessary dialogue on government surveillance. American Civil Liberties Union principal technologist Christopher Soghoian, in the Washingon Post today, said it well: "The goal here isn't to blind the NSA. It isn't to stop the government from going after legitimate targets. The goal here is to make it so they cannot spy on innocent people [just] because they can."
WKash
WKash,
 User Rank: Apprentice
3/11/2014 | 10:10:04 AM
Hard to trace
Interesting to note the steps Snowden took to avoid being traced by speaking to SXSW. According to a Washington Post report today, he used a Google Hangout videoconferencing program that ran through seven proxy servers to mask his location.  

 
Whoopty
Whoopty,
 User Rank: Ninja
3/11/2014 | 8:15:56 AM
Re: Yay encryption!
Snowden's taking of the documents was one of the most fascinating aspects of this whole revelation. If the NSA is so keen on hoarding data, it needs far better safeguards if some random contractor can gain access to not only all this information, but take it with them too. Clearly his security credentials were far more reaching than the NSA gave them credit for. 

The simple fact that so many documents were taken out of the agency at all shows how lapse its security was/is. 
jschmoe101
jschmoe101,
 User Rank: Apprentice
3/11/2014 | 5:33:47 AM
Yay encryption!
Encryption is important for everyone, although most people don't realize it yet. I hope to see encryption become as commonplace as firewalls and antivirus in upcoming years.

What I wanted to comment on was the quote that "the federal government still does not know which NSA documents he took from the agency 'because encryption works.'" This is true as far as it goes, but could create a misconception with the general public. Encryption cloaked Snowden's activities making it difficult to know exactly what documents he took, however encryption didn't give him superpowers to access documents outside of what his security credentials (or those he "borrowed") allowed.

I believe it is useful for articles like this to help demystify what encryption is so that it doesn't end up becoming stigmatized like the word "hacker" was for the past two decades.
Charlie Babcock
Charlie Babcock,
 User Rank: Ninja
3/10/2014 | 9:46:10 PM
Continued insight into the precariousness of individual rights
Encryption works, that's the good news. But it may have been compromised in the way it works and has been implemented in the recent past. So we need to get to the forms that work and pay the price of using them. Edward Snowden is neither a patriot and or a traitor. He is a tech eccentric, who defies ideological categorization but has performed an indelible service by revealing NSA's scope and ambitions. As his country of refuge, Russia, proceeds to annex part of its neighbor, he will be in a unique position to continue to supply us with insights into the precariousness of individual rights. In the meantime, encrypt, encrypt and encrypt some more.
danielcawrey
danielcawrey,
 User Rank: Apprentice
3/10/2014 | 6:14:23 PM
Encryption
The fact that the government still does not know what Snowden took means encryption is more powerful than most in the technical community realize. Many believe that since the government had a hand in its creation that it somehow has a back door. But that might not be true, according to this. 


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-33196
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
CVE-2023-33185
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
CVE-2023-33187
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
CVE-2023-33194
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
CVE-2023-2879
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file