Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
How Did Snowden Do It?
Newest First  |  Oldest First  |  Threaded View
math scandals
50%
50%
math scandals,
User Rank: Apprentice
12/11/2013 | 2:49:40 AM
re: How Did Snowden Do It?
Watching hearings between NSA and congress, saw Director of NSA either lie 3 times or was reciting a script. Reportedly, when first appointed told NSA "I
don't know math, u figure it out". Heard congress parrot stuff i.e. -have been doing
"metadata long time". If u asked "what do u mean by metadata? What is it like ?/
functions vs say 'metadata in a word doc?" Clueless.

If I asked congress or NSA director if agency using DPI, what is that, what info does
it reveal?, doubt either could answer in intelligible fashion. They need to pay competent security consultant for hearings. Consultant would ask right questions,
know if NSA hedging, lying etc. Security could explain program in english.

Those phd 'pure mathematicians' that code crack are so out there. Few know that
math. Totally not math used by engineers, cpas etc.Mad at how math taught in school, some try to write books to make it kool for us.Typically they lose one after symmetry of pine cones and fibinachi numbers. LOL

Those code crackers get blamed for much global mischief. Has led to some strange
"conspiracy notions" among supposed allies. Guess congress needs to know bout
them too.

Get EZ-some in NSA that don't like snooping. Went thru channels. 2 rumors early
1) they loaded drive for him, 2)cia tip or both. Al quada changed phone, email codes before al alaki got droned., not after snowdon as director said. Some reg folks changed behavior tho.
Kevin Bocek
50%
50%
Kevin Bocek,
User Rank: Apprentice
11/18/2013 | 8:43:54 AM
re: How Did Snowden Do It?
Self-signed certs are being used to exfiltrate data even when paper organization policy does not allow it. Security bulletin from Cisco provides example background http://tools.cisco.com/securit...
Kevin Bocek
50%
50%
Kevin Bocek,
User Rank: Apprentice
11/18/2013 | 8:40:08 AM
re: How Did Snowden Do It?
Snowden's root access would have been limited to the systems he had access to. The 10,000+ pages of docs and other reports indicate he gained access to many more systems than he had admin privileges. SSH provides both the means for elevated privileged and also encryption to evade detection. Attackers have been known to take SSH keys or insert their own as trusted and gain access thereafter. Self-signed certs here are about exfiltrating data not accessing. Mandiant, Cisco, and others have reported on increased used of self-signed certs. Admins (or attackers) can generate self-signed certs at will even if paper policy doesn't allow for it.
marioa315
50%
50%
marioa315,
User Rank: Apprentice
11/14/2013 | 8:51:02 PM
re: How Did Snowden Do It?
Have to agree with Charlie on this one. I was asking myself all the same questions. Why would the NSA of all people allow self signed certs? Why would he need others credentials if he had root? And just because you can sign on as someone else does not mean that you suddenly have in your possesion their cert for later use. If implemented properly, it should only be available for use while logged into that account. But then again, the NSA could have been set up poorly to begin with. I am just assuming that they had better sense than that.
CharlieW848
50%
50%
CharlieW848,
User Rank: Apprentice
11/14/2013 | 7:55:53 PM
re: How Did Snowden Do It?
Whoever fed you this information is full of crap. But I guess if I was to point the finger at someone, I would come up something very technical so everyone would believe it.

So, why would someone with root level access, need other credentials with user level access to get to data? And....since when does govt systems (even at the lowest level) trust self-signed certificates? Ah..they don't because if they did, there would be a major hole in the security of gov't networks.
rjones2818
50%
50%
rjones2818,
User Rank: Strategist
11/14/2013 | 7:55:48 PM
re: How Did Snowden Do It?
Hire the man! :)
Don Gray
50%
50%
Don Gray,
User Rank: Apprentice
11/13/2013 | 9:09:52 PM
re: How Did Snowden Do It?
And that boys and girls is why we advocate 24x7 log / alert monitoring using contextual enrichment!

The NSA obviously didn't:

- Perform monitoring on anything approaching a real-time basis
- Didn't have the ability to tie user context into the security policies and controls
- Didn't have Intranet "normal usage" thresholds in place

Detecting technically authorized yet out-of-defined-role access is nearly impossible without these capabilities available and the people and process to execute.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 4/10/2020
Zscaler to Buy Cloudneeti
Dark Reading Staff 4/9/2020
Researcher Hijacks iOS, macOS Camera with Three Safari Zero-Days
Kelly Sheridan, Staff Editor, Dark Reading,  4/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Yes, I do have virus protection on my system, now what?
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11669
PUBLISHED: 2020-04-10
An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. arch/powerpc/kernel/idle_book3s.S does not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR, aka CID-53a712bae5dd.
CVE-2020-1801
PUBLISHED: 2020-04-10
There is an improper authentication vulnerability in several smartphones. Certain function interface in the system does not sufficiently validate the caller's identity in certain share scenario, successful exploit could cause information disclosure. Affected product versions include:Mate 30 Pro vers...
CVE-2020-3952
PUBLISHED: 2020-04-10
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.
CVE-2020-4362
PUBLISHED: 2020-04-10
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. IBM X-Force ID: 178929.
CVE-2020-1802
PUBLISHED: 2020-04-10
There is an insufficient integrity validation vulnerability in several products. The device does not sufficiently validate the integrity of certain file in certain loading processes, successful exploit could allow the attacker to load a crafted file to the device through USB.Affected product version...