Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Snowden: I'd Do It Again
Newest First  |  Oldest First  |  Threaded View
asksqn
50%
50%
asksqn,
User Rank: Ninja
3/27/2014 | 4:04:24 PM
Encryption takes effort
Encryption works, but unfortunately, is problematic but only because it takes effort from each side to implement.  That being said, I don't see the average American using it on a widespread basis.
Security Michelle
50%
50%
Security Michelle,
User Rank: Apprentice
3/19/2014 | 12:31:06 PM
Re: Yay encryption!
I agree. Encryption is key and making it an approachable subject for all internet users is key to its success. Education is needed to help bring it to the mainstream in an easy to understand manner and software & web developers need to make the usability seamless so that more consumers can be protected conveniently. SXSW was the perfect place to bring this conversation to the people who can make a change.
micjustin33
50%
50%
micjustin33,
User Rank: Apprentice
3/18/2014 | 6:30:01 AM
Re: Hard to trace
SXSW conference discussion concerns were also centered on government insight into the privacy of their citizens, especially the internet users. Snowden also mentioned that tech companies were under no legal obligation to store user records or transactions. Snowden is blacklisted by NSA and after Snowden Leaks many of the internet people now concern about their online privacy..
moarsauce123
50%
50%
moarsauce123,
User Rank: Ninja
3/12/2014 | 7:39:38 AM
Re: Snowden Impact
I agree. This case also shows the ineptidue and knee-jerk reactions of the US government. Instead of pinning the stiffest penalties on Snowden and chasing him out of the country into the arms of the Russian government, the NSA and the government should have made a big deal about what a great patriot he is for disclosing incorrect behavior and pointing to security loopholes. Talk is cheap and the damage of letting a thief run free would have paled compared to Snowden sharing all the documents he got with who knows whom.
WKash
50%
50%
WKash,
User Rank: Apprentice
3/11/2014 | 10:22:01 AM
Snowden Impact
Snowden will be forever condemned for leaking classified NSA documents, but his actions have sparked a necessary dialogue on government surveillance. American Civil Liberties Union principal technologist Christopher Soghoian, in the Washingon Post today, said it well: "The goal here isn't to blind the NSA. It isn't to stop the government from going after legitimate targets. The goal here is to make it so they cannot spy on innocent people [just] because they can."
WKash
50%
50%
WKash,
User Rank: Apprentice
3/11/2014 | 10:10:04 AM
Hard to trace
Interesting to note the steps Snowden took to avoid being traced by speaking to SXSW. According to a Washington Post report today, he used a Google Hangout videoconferencing program that ran through seven proxy servers to mask his location.  

 
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
3/11/2014 | 8:15:56 AM
Re: Yay encryption!
Snowden's taking of the documents was one of the most fascinating aspects of this whole revelation. If the NSA is so keen on hoarding data, it needs far better safeguards if some random contractor can gain access to not only all this information, but take it with them too. Clearly his security credentials were far more reaching than the NSA gave them credit for. 

The simple fact that so many documents were taken out of the agency at all shows how lapse its security was/is. 
jschmoe101
50%
50%
jschmoe101,
User Rank: Apprentice
3/11/2014 | 5:33:47 AM
Yay encryption!
Encryption is important for everyone, although most people don't realize it yet. I hope to see encryption become as commonplace as firewalls and antivirus in upcoming years.

What I wanted to comment on was the quote that "the federal government still does not know which NSA documents he took from the agency 'because encryption works.'" This is true as far as it goes, but could create a misconception with the general public. Encryption cloaked Snowden's activities making it difficult to know exactly what documents he took, however encryption didn't give him superpowers to access documents outside of what his security credentials (or those he "borrowed") allowed.

I believe it is useful for articles like this to help demystify what encryption is so that it doesn't end up becoming stigmatized like the word "hacker" was for the past two decades.
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Ninja
3/10/2014 | 9:46:10 PM
Continued insight into the precariousness of individual rights
Encryption works, that's the good news. But it may have been compromised in the way it works and has been implemented in the recent past. So we need to get to the forms that work and pay the price of using them. Edward Snowden is neither a patriot and or a traitor. He is a tech eccentric, who defies ideological categorization but has performed an indelible service by revealing NSA's scope and ambitions. As his country of refuge, Russia, proceeds to annex part of its neighbor, he will be in a unique position to continue to supply us with insights into the precariousness of individual rights. In the meantime, encrypt, encrypt and encrypt some more.
danielcawrey
50%
50%
danielcawrey,
User Rank: Apprentice
3/10/2014 | 6:14:23 PM
Encryption
The fact that the government still does not know what Snowden took means encryption is more powerful than most in the technical community realize. Many believe that since the government had a hand in its creation that it somehow has a back door. But that might not be true, according to this. 


COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25596
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it twice to the guest. T...
CVE-2020-25597
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations in Xen assumes that an event channel, once valid, will not become invalid over the life time of a guest. Howeve...
CVE-2020-25598
PUBLISHED: 2020-09-23
An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEM_acquire_resource error path. The RCU (Read, Copy, Update) mechanism is a synchronisation primitive. A buggy error path in the XENMEM_acquire_resource exits without releasing an RCU reference, which is conceptually similar...
CVE-2020-25599
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. There are evtchn_reset() race conditions. Uses of EVTCHNOP_reset (potentially by a guest on itself) or XEN_DOMCTL_soft_reset (by itself covered by XSA-77) can lead to the violation of various internal assumptions. This may lead to out of bounds memory a...
CVE-2020-25600
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit x86 domains. The so called 2-level event channel model imposes different limits on the number of usable event channels for 32-bit x86 domains vs 64-bit or Arm (either bitness) ones. 32-bit x86 domains...