Agency claims it didn't know of flaw until public disclosure
As reports of the severity of the Heartbleed OpenSSL bug has spread, so have the rumors. A report from Bloomberg has claimed that the US National Security Agency exploited the flaw for years. In its own defense, the NSA issued an unusually specific statement saying that not only did it not use the exploit, but it didn't even know about it until news of it went public a few days ago.
Sysadmins, with the keys to networks, lynchpin of NSA plans
More Snowden document leaks have shed light on the US National Security Agency's initiative to compromise system administrators in its quest to gather intelligence on American citizens and potential enemies both foreign and domestic. The documents lay out the NSA's plan to build a network of system administrators, personnel associated with access to networks that the agency wants to implant spyware and other malware.
NSA shifting from personal hack to 'industrial scale' widespread attacks
Recently-examined Snowden-leaked documents have shown that the NSA is looking at significantly growing its ability to install malware on a large scale, using automated systems and falsified websites. The documents detail efforts to fake a Facebook server, with the targeted population infected upon visitation of the spoof site.
Whistleblower addresses US cyber defense weakness, need for privacy
Despite US officials' protestations, NSA whistleblower Edward Snowden addressed a packed venue at SXSW today, by way of a Google Hangout routed through no less than seven proxies. In his hour-long moderated conversation, Snowden said that end-to-end encryption with readily-accessible tools are the keys to privacy. Additionally, he cited NSA leadership and intrusive surveillance as a reason for the onslaught of digital intrusion by hostile powers, caused by weakening of US cyber defenses.
NSA,GCHQ allegedly claimed to collect information on individuals from mobile advertising
Intelligence agencies in the United States and the United Kingdom are allegedly taking advantage of smartphone apps to collect a wealth of information about individuals, in new spying allegations. The National Security Agency (NSA) and the UK's Government Communications Headquarters (GCHQ) are able to use the "leaky" nature of popular mobile phone apps to extract information about an individual, according to new leaked documents.
Google, Microsoft, Facebook, Yahoo, Twitter memo over spying concerns
A group of technology companies has asked members of the UK government that there needs to be a debate about Internet surveillance. Facebook, Microsoft, Google, Yahoo, and Twitter have jointly written a memo to Members of Parliament (MPs) calling for more transparency in requests for information by government-controlled organizations, such as GCHQ.
Customers able to download data blocked after company shutdown
Encrypted e-mail service Lavabit has temporarily reopened, to allow customers to retrieve their stored data after the service's shutdown. Customers will be able to change their account password on the service for a 72-hour period starting at 7pm Central Time today, with personal account data being made available to download from Friday for a limited time.
Request to monitor e-mail escalated to threats of fines, jail time
Encrypted e-mail service Lavabit was pressured by the FBI to provide private SSL keys for all of its traffic, according to unsealed court documents that provide more details about the service's shutdown. The Texas e-mail provider's refusal to provide details about one specific account, believed to be that of NSA whistleblower Edward Snowden, forced the courts to threaten daily fines and possible imprisonment if it continued to disobey the FBI's order.
NSA has obtained encryption keys both legally, and through extra-legal means
More information provided by intelligence agency document leaker Edward Snowden points to the insecurity of commonly used Internet encryption protocols. Reports circulating today suggest that the NSA can completely decrypt the HTTPS and SSL encryption protocols used in most email clients and other secured Internet services, such as online banking, and e-commerce.