Mediaboss Marketing

The NSA's exploit toolkit has been weaponized to target critical systems all over the world. So much for the debate over the theoretical downside of undisclosed vulnerabilities. (It also inadvertently provided the perfect argument against encryption backdoors.) The real world has provided all the case study that's needed.

It appears the NSA finally engaged in the Vulnerabilities Equity Process -- not when it discovered the vulnerability, but rather when it became apparent the agency wouldn't be able to prevent it from being released to the public. What's happened recently has been devastating and Microsoft -- whose software was targeted -- has expressed its displeasure at the agency's inaction.

Maybe the agency will be a bit more forthcoming in the future. Ellen Nakashima and Craig Timberg of the Washington Post report former NSA employees and officials had concerns about the undisclosed exploit long before the Shadow Brokers gave it to the world.

When the National Security Agency began using a new hacking tool called EternalBlue, those entrusted with deploying it marveled at both its uncommon power and the widespread havoc it could wreak if it ever got loose.

Some officials even discussed whether the flaw was so dangerous they should reveal it to Microsoft, the company whose software the government was exploiting, according to former NSA employees who spoke on the condition of anonymity given the sensitivity of the issue.

Officials called it "fishing with dynamite." The exploit gave the NSA access to so much on compromised computers, the agency obviously couldn't bear the thought of voluntarily giving up such a useful hacking tool. But when it was first deployed, some inside the agency felt the vulnerability might be too powerful to be left undisclosed.

But there were plenty of others who viewed disclosure as "disarmament." Somehow, despite three straight years of leaked documents, the NSA still felt it had everything under control. The Shadow Brokers NSA exploit auction made it clear the NSA was no better at securing its software stash than it was at keeping thousands of internal documents from wandering out the door.

The only upshot is the NSA has now witnessed what kind of damage its exploits can do in the wrong hands. Since the agency cannot possibly ensure this sort of thing won't happen again, the question now is how much of other people's security is the agency willing to sacrifice in the name of national security?

The NSA appears to believe it handled this as well as it could given the circumstances, but the outcome could have so much worse. The chain of events leading to the NSA's eventual disclosure helped minimize the collateral damage. It has very little to do with the steps the NSA took (or, more accurately, didn't take).

What if the Shadow Brokers had dumped the exploits in 2014, before the [US] government had begun to upgrade software on its computers? What if they had released them and Microsoft had no ready patch?

There's your intelligence community nightmare fuel. Had the vulnerability managed to take down US government hardware and software, the NSA would be facing even more criticism and scrutiny that it already is.

The NSA appears to only disclose vulnerabilities when forced to. It may possibly hand over those it finds to be of limited use. Former NSA head Keith Alexander says the agency turns over "90%" of the vulnerabilities it discovers, but that percentage seems inflated. The NSA spent years as "No Such Agency." It's only been the last four years that it's been forced to engage in more transparency and accountability, so it's tough to believe it's spent years proactively informing affected companies about the flaws in their products.

In any event, the NSA's second-guesswork will have do for now. Some legislators are hoping to shore up the vulnerabilities reporting process, but it's likely by the time it heads for the Oval Office desk, it will be riddled with with enough national security exceptions to make it useless. With the Shadow Brokers hinting they still have more dangerous exploits to release (including one affecting Windows 10), the decision to disclose these vulnerabilities will once again be informed by the NSA's inability to keep its hacking tools secure, rather than any internal examination of its hoarder mentality.

Follow this link:
NSA Was Concerned About Power Of Windows Exploit Long Before It Was Leaked - Techdirt

The National Security Agency has decided to halt a controversial surveillance program, but this was just the tip of an iceberg of government abuses of privacy and due process.

The NSA said recently that it will no longer engage in warrantless spying on Americans' digital communications that merely mention a foreign intelligence target, referred to in the intelligence community as "about" communications. The agency had claimed the authority to engage in such surveillance under Section 702 of the Foreign Intelligence Surveillance Act, which allows it to target non-U.S. citizens or residents believed to be outside the country, although Americans' communications are oftentimes swept up as well.

"NSA will no longer collect certain internet communications that merely mention a foreign intelligence target," the agency announced in a statement. "Instead, NSA will limit such collection to internet communications that are sent directly to or from a foreign target."

"Even though NSA does not have the ability at this time to stop collecting 'about' information without losing some other important data, the Agency will stop the practice to reduce the chance that it would acquire communications of U.S. persons or others who are not in direct contact with a foreign intelligence target," it continued.

The agency's decision is certainly welcome, though we must make the perhaps generous assumption that it will do -- or not do, in this case -- what it says it will, and that it will not simply change its mind in the future.

We are reminded of the public testimony of then-National Intelligence Director James Clapper at a March 2013 Senate Intelligence Committee hearing. At one point, Sen. Ron Wyden, D-Ore., asked Clapper plainly, "Does the NSA collect any type of data at all on millions, or hundreds of millions of Americans?" Clapper then lied to his face, and the faces of all Americans, saying, "No, sir," and then, "Not wittingly." Within a matter of months, news stories based on information from the Edward Snowden leaks would reveal the NSA's bulk collection of Americans' phone metadata and internet communications.

Then there is the matter of the "backdoor search loophole," by which the FBI or other agencies may search NSA databases for information about Americans collected under Section 702 without having to go through all that pesky business of obtaining a warrant.

The Fourth Amendment is quite clear: Government searches require a warrant issued by a judge based on probable cause and describing the specific "place to be searched, and the persons or things to be seized." New technology may make our communications quicker and more convenient -- as well as more easily recorded -- but it does not alter that fundamental principle.

-- By the L.A. Daily News editorial board, Digital First Media

See original here:
EDITORIAL: NSA halts one abuse, but many remain - Lowell Sun

New York Times

Malware Case Is Major Blow for the NSA New York Times In 2013, Edward J. Snowden gave journalists hundreds of thousands of N.S.A. documents he had taken as a contractor, igniting a global debate over the agency's targeting of allies as well as foes. Last August, shortly after the Shadow Brokers' debut, ... Watertown Daily Times | Ellen Nakashima & Craig Timberg: NSA ...WatertownDailyTimes.com NSA officials worried about the day its potent hacking tool would get loose. Then it did.Washington Post Hackers behind stolen NSA tool for WannaCry: More leaks comingCNET Reuters -McClatchy Washington Bureau -Steemit -The Official Microsoft Blog - Microsoft all 133 news articles »

Originally posted here:
Malware Case Is Major Blow for the NSA - New York Times

Businesses in Ghana have been advised to invest in quality software to protect them from potential cyber-attacks.

This comes in the wake of the WannaCry ransomware attack which affected over 10,000 organizations and 200,000 individuals in over 150 countries last weekend.

A cyber-security expert and an ethical-hacker, Dr. Peter Tobin charged corporate organizations using free and cheap software that you cant have patches to desist from such practice as it opens them up to possible cyber-attacks.

It will surprise you that most corporate organizations in Ghana are not using paid and properly licensed software. They just go online and download software. Free antiviruses give you a false sense of security. You need to buy an antivirus that has the right engine to prevent any harm and also get your system regularly and properly updated, he told the host of The Lounge, Kwaku Sakyi-Addo Friday.

An IT professional, Mrs. Audrey Mireku on her part explained that free software are usually paid for by people who then attach a worm to it so when you download it, the worm works in the background and you are not even aware of what is happening.

Dr. Tobbin said it is high time Ghana began enforcing its laws on internet security to protect sensitive data and prevent possible attacks.

At the moment, we have two main laws the Electronic Transaction Act and the Data Protection Act but like every other law we have in Ghana, its the enforcement that is the problem. The average Ghanaian doesnt really know what is in the Act and even those who are supposed to enforce it are doubting, they dont fully appreciate what they can do with the Act. If the right legislation is in place, it will serve as a threat to people. We can do better with our laws, he said.

Personal Internet Security

Dr. Tobbin again charged the general public to develop a sense of awareness and a proper security consciousness when using the internet.

He indicated that the world is moving from a physical realm towards a virtual realm and that move comes along with different thinking so we need to be a bit more careful with what we do when we are on the internet.

I find it very interesting when people use Snapchat every day; I can see Snapchats of a persons life and I can actually tell you what they do with their whole life and to me its risky. You are making data available; you are giving people too much information about yourself and that is dangerous.

You can actually map a persons whole family by going to Facebook and that is dangerous. We have to be cautious that the internet is not the same the physical eyes are no longer there. In the virtual world, we cannot see the way we see things physically and so we have to be very cautious when dealing in the virtual world, he said.

Benefits

A software entrepreneur and CEO of Soft Tribe, Herman Chinery-Hesse said despite the risks associated with the virtual transformation of the world, there are enormous benefits.

Going electronic will hold back corruption, create instant communication, we can move large volumes of data quickly. Its a great tool for research, great number crunching our system can run the whole government payroll under an hour. So the benefits, you cannot argue about. Its just an arena that comes with its own dangers and we just have to learn to deal with it, he advised.

Mrs. Mireku added that, we [Ghana] shouldnt slow down on transforming our systems into electronic. We shouldnt otherwise we will be left behind. The world is moving fast and the risks are also increasing, but its not by choice that we have to stop and not care. We have to move because the world is moving.

The Lounge with Kwaku Sakyi-Addo airs live on Starr FM every Friday from 7pm to 8am and on GHOne on Sundays from 8pm to 9pm.

Follow this link:
Cyber-attack: Stop downloading free software Experts - Starr 103.5 FM

}~S *5/Z3 wo2}d@p0&'N.UFq,'X#7yMW~F>M k!p&?5dEA+}5h4%mt^96;/lm?wM/_v&%j+A(?xG@;'SF0WvxVX7sAbS'0(YF[i ME'epVfFi:.q?{uf#|;Q'tTl!]nWpfv.Px0(f t1&^gWu_ 3Q@h{_WQ#]x; x -?N+d^&Mp#dxqygpmWwig.Dh 5m y D$Lp<{ryOC?'G JHJkg tN8@CT^;yQL/^yq0CM1-:$^7R[0:g0n!i!PE=_I0plOv8iI~.(Q%EPR 2 iuUq0U&J4NM g1$O6X'RdMir)?+voI^D7"@@TBXw~g1 sCH p^t*1Dh}vc:E9nu^[XXl G~=nC0}i_k5p+Q|~10/.pRI t$t3[J~R,V CZ%wez)|! CteL+*TD_W4#WRHU+):*O&RBj/3(% ' (!Rw gLh zz*XQGQPk=F~q zJpGD(yvm_A!GG yY5ZI yn~ E()L{geP=)pP, xGv)MFZw8qc`5Mg-*2h#/4J6p!c6$W}5v9_jaVv{];`kL`"l{fMmfoz;jwCAuB76:~}ia1qXIPGP`/+$~gvK wf%`TF{9ZR{^c^y=>k~+**y'4 OAtw__.X#7Cg`t0x<81zC.7(-0P.{Ne9Bj^ ;CLD, jn~;QwIp1$#T|Pib>qi^=";y{(:vbu!,GpGOw$&y(9^}o53o}rFYe=vI':#y{(8M'=Fr]sO>'vA o6 ,Q*B['jYvwvvv2l=)qnzZ AiMJl'eGC#t])+HOkF >jI7|:AOX[[7ec]6[ l%Vpo=4+ftX].H[ DIjsban=.Ww;;gA2/!zlm~?d/mheCu4[}9KQtgjd:Z62{{|AZQMGsOz G`8x ZXrJ4{v~m'3a+p tpR}C3,$:UvcSkLwqW0<_Qx0@LaeAh4 43P0-!Pz?G*On Ay V`~1-a|rXO]cPU^6[{MG{U')]^K&wu"0n1|SE5*tMs4adO)3p}UUt#}c>S88H@c CyKh sT0CnTQFb"n=0e~!"?8<%5x}HD'zX0Qw~ rRFUVm]-ns{= NKni-ec:hk!MC 3duRVw}W-j RaKvN[@h of^Z ;ZrssipQ;PAkl/$a|%i9CZ+ar'~p!z"%-1F{ZH+'*`$P#"GaAlt#:{>B*[ Kto;8k*/~Y2Yx 5O{S*-rig dNe}k|=@kzV(M,yZ@#eG[CsOW},o(6_y}{vRYh{(pwV!kQ&+^$J01y(D$ u)e8&4G/k%`_/__'-qb$V!znhH<%~ hlL Zz! TDn2wG~Qb/ 5~"4%p3a&{|f[tm6#qmP26pbS|V_xcp,m FY>!l6{/y^pC VoLRNST? Hq{+_V Y[}.q"<4LrA@|V7>6^m !a8}NdwC4x=%j0B$1fV dL"r]'rvraHN/geq:0HtQ 4h~$:2DkEz E! rj3Cqd7M0lMj_?>UL$9w>3Ju$ZeZa2q^fP;HjJW/d-?L{>Djcd!a7},uj_E Sxj)QB"#-fY)dE={k!SpHm)v>*Q,AIuUIa~% B7 (S.';,ee 3X}x`](6=hiw-UqD[OUk_4q SH+~5hBKm2-y8N;Avd:Qp ]`'J*!uYK!Th!DRx~|+/KZa|G$wRKfZef)75d(U1&i.ld]geFYM'X '8X9:lJHMSjk^f/H8_F}7/" H:X-}?'l!o=8Q$7v-!7Fgw+m#.k$#.oIeK0ifPLI6Cso2tO.3@eHy| ]H>qa3'qj~R4t&P+%E^ld'|o;g>-xJg#8Y .68OV Lf9h/DFy&&=C%8S0*n)H!Qll4 ^_M"Dwn6"m[8WWe-#$[5ts817n&WeH,zttd(g+PV!]Yu2Ny^>{X#FS1O(D{d;*Ul#2nug +v+z'RqY nze6hfJ bk#C^-wRo`@.w`!OL6}zN:5gw9 p#/_)dU>QQii)C$T1"D5#s|$.syw( +'?|_^ # ?@YL2I2rj0m-L`o]EmRpxs7V'#e KoU>6oPZWc.!1PVzV|;<~.Hd,? `ul=`|cNN#Bd{6~]" MdI]NdgP1G@Fy=3y]1l3O3$)bLXC2!eV~8/PtAM9Syq(} 1E+V+BnA0CNY?ED-7'Pjo*iM]F)'C>J^2!x#3" hHpcAi.&B qiFIoI,Cam/e$QL9"3<0 DK5:mLQOPx5=La=0<~L8*idbF?c)v+$'IdnFX?77k fHUAs%W)( s3r"RX+/=sT:i'xhej8W9cpp939x3&x ]TK(XHaUVABk7.8W`npYkoU7n?EQRY/jWKN(+VTCx6(j?; *"W[,Qq_esPt,7V%6Sdf[IZ!ChR B}+@Jv%8b3g<~{p3o1s1Na9&Ay=f]wnrdFt}}Q>Gd$ Yh5~9tWt-4ep`WLjC1)MRAyE|jQGys)b_2(vPg]`ZE~O_zHoqo{gla=q* +gK~]gn2M+@p=`Ya-*/&VU1 zj63Z,R8uH|Oyd%r*()ek<7~e|>54yjIz[{+'g*ad9m3tmn{aUdu ^6N/:2e6Er.L%g}-BI CS8&8Y QH$LXn`Qy!/1m^8 8k{=%tc? u"=p[29"2,B[k "7:*BpTzF }a1%g:zPKC$,3zsBf~21$M6e"+jN.1&D$G*q$vpBCo-=]{@aV#Km/x[6fbkuaY0~QCh/Jk+3 #uwM<=s!T:IkwkIQa"y(gs .v ]*.^x49Kl9KP9y.guUR3*G)-# `:ic "xFqP8ho[(+0.t58LZ GrrS4"' k}Fa?oUC;7P71nx$TY_X6Dt`o/#$`lH6^[lpn .+E38l)-78N qe'r`j,RXR1A <]~)@:._f%*?rS~_cl Ty s.r9@m6uCh2HK Ts A!P[onD55 GPBI3[pl8Z]4ALgx$=O{M8'o*x #

p{SGjX<`h6AyF{1C8gkbz2Et[{SrHT8x U&yjpR heF + 2$"cf1{>@U, ] y{V Ei`'?lC2k.Yx:&]<,?P.P{Q c>832[%'3=e`x )^[ASzElrs1M.=9 Dc4PX&Tci3I7 [|}6k=-p L-}l+l>zPA_Mb++-6{Et vvg1sK5PRb4Sp6>5Tb%F?~Sm,`dP@lx{/)Z! 6p9vrc{'Pss9]/]61l0)|rkNi%i0=`ptRn?vuUGF@@BjAs{|HR5@v9U^'vQ)5cb/-22A2S$s}[p=t+YLX+K0To@KhW>Ofqop=e9M ( C8f]x 25V,)y!>l,`Ao& &C$b~ wQsHh&*:Cl]LMB&x%(<>4py2vq:I*cP:~

Continued here:
Your Skype calls don't have to disappear! Here's how to record them for later - Digital Trends