Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Edward Snowden calls for better policing of U.S. spy programs

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

March 10, 2014

Click here to order the best dedicated server and at a great price.

For the first time in almost a year, fugitive NSA leaker Edward Snowden urged a technological conference audience today to help fix the U.S. government's overly zealous surveillance of all its citizens.

Snowden spoke via teleconference from Russia to an audience of thousands of people to the Southwest Interactive Festival in Austin, Texas.

The event marked the first time the former National Security Agency contractor has directly addressed people in the United States since he fled the country with thousands of secret documents in June 2013.

In response to a question, Snowden said he had no regrets about his decision to leak the NSA documents. "Would I do it again? Absolutely. Regardless of what happens to me, this is something we had a right to," he said.

"Look, I took an oath to support and defend the U.S. Constitution. And I saw the Constitution was being violated on a massive scale," he added, to applause from the 3,000 people in the auditorium at the Austin Convention Center.

"South by Southwest and the tech community, the people in the room in Austin, they're the folks who can fix this," Snowden said earlier at the conference. "There's a political response that needs to occur, but there's also a technological response that needs to occur as well."

He appeared on video screens with a copy of the U.S. Constitution as a backdrop. The live stream was slow, repeatedly freezing Snowden's image onscreen.

He also said that Internet users need better awareness and tools to help them secure their online information from prying eyes.

Snowden took questions from the audience and from Twitter. The first, fittingly, came from Tim Berners-Lee, who co-created the World Wide Web exactly twenty-five years ago this week.

Berners-Lee asked Snowden what he would change about the nation's surveillance system. "We need public oversight-- some way for trusted public figures to advocate for us. We need a watchdog that watches Congress, because if we're not informed, we obviously can't consent to these government policies."

Asked about the difference between government surveillance and snooping by private Internet companies, Snowden said he considers government surveillance more insidious because "the government has the ability to deprive you of your rights, and that's where I have a big issue with that. They can simply jail you and you won't be able to do much about it."

Snowden was also scheduled to chat with Christopher Soghoian, principal technologist with the American Civil Liberties Union's Speech, Privacy and Technology Project.

"The conversation will be focused on the impact of the NSA's spying efforts on the technology community and several ways in which technology can help to protect us from mass surveillance," an SXSW news release says.

The Texas Tribune, a nonprofit media organization, live streamed the session. Hugh Forrest, director of SXSW Interactive, said Snowden wanted "to talk to a tech-focused audience about the importance of building the next generation of online tools that protect user privacy."

Also scheduled to speak at the tech-themed conference Monday afternoon -- although in person -- is journalist and civil liberties lawyer Glenn Greenwald, who broke the story about Snowden's leaks of classified NSA documents in June 2013.

Snowden, a former CIA employee and NSA contractor who fled the United States after leaking details of the American government's spy programs, was granted temporary asylum in Russia by President Putin last year.

He faces felony charges of espionage and theft of government property in the United States, and he has said he won't return until the U.S. changes its whistleblower protection laws.

WikiLeaks founder Julian Assange addressed an SXSW gathering Saturday, also by teleconference, from London, where he is holed up at the Ecuadorian Embassy.

Assange was also granted diplomatic asylum at the embassy after Sweden sought to question him in connection with a sexual assault investigation.

In other internet security news

European police agency Europol warns internet users again that using free Wi-Fi hotspots poses a data risk and that sensitive information can be lost or stolen by potential hackers that are located in the same hotspot.

Troels Oerting, head of Europol's cybercrime centre, told BBC News that a growing number of attacks are being carried out via public Wi-Fi service and that people should send personal data only across trusted networks.

"We have seen a growing increase in the misuse of Wi-Fi hotspots and the issue is getting worse, in order to steal information, identity or passwords and money from the users who use public or insecure Wi-Fi connections," he added.

The problems posed by using insecure Wi-Fi have been known for many years, and underscore the important need to use a VPN connection when accessing the internet from insecure public places such as cafes, transport hubs and conference venues.

But consumers often ignore these best practices, putting them at increased risk of getting hacked as a result. Sean Sullivan, security advisor at anti-virus firm F-Secure, commented-- "This has been a concern for many years, and that's why sensible companies force employees to use VPN connections. A Firefox plugin called 'Firesheep' definitively demonstrated just how utterly insecure Wi-Fi hotspots can be back in 2010."

Sullivan added that he used open hotspots all the time but always took care to take basic security precautions when he did. "If you want to use an open Wi-Fi hotspot to search for the latest sports scores, then go for it. But if you want to check your bank balance, read your email, have a private chat with your friends, then get yourself a VPN service,” he concluded.

According to a recent Kaspersky Lab survey, 34 percent of people using a PC admitted to taking no special measures to protect their online activity when using a Wi-Fi hotspot.

Only about 12.6 percent of internet users take the time to actively check the encryption standards of any access point before they use it, and that number is extremely low, considering all the risks that are involved.

The Kaspersky Lab survey does offer some comfort to those concerned about consumer attitudes to internet security. Only one in seven of those quizzed were comfortable banking or shopping online while connected to an untrusted Wi-Fi hotspot.

And in a related development, privacy groups such as the EFF (Electronic Frontier Foundation) have teamed up with technology firms such as Twitter and privacy-focused search service DuckDuckGo to create a new campaign to improve data security for consumers in a post-Snowden world of dragnet surveillance.

The 'Encrypt all Things' campaign has drawn up a seven point Data Security Action Plan for 2014 specifically designed to promote better data protection practices by websites and the technology industry, as well as promoting greater security awareness about privacy-enhancing technologies among consumers.

In other internet security news

Internet security consultants are suggesting that Canadian businesses and the federal government should adopt a just-released U.S. government framework for tightening IT security of critical infrastructure, and by adding additional layers of security to improve the confidentiality of all saved data.

“I honestly don’t think that we should re-invent the wheel,” said Kevvie Fowler, a partner in the forensic advisory services at KMPG Canada.“

Fowler said that the guidelines were released February 12 by the federal National Information Technology Laboratory (NIST). “If you look at what has been done, it already leverages several concepts from internationally-adopted standards like ISO 27001/2 and a few others,” he added.

In 2010, the Harper government announced a national strategy to better protect critical infrastructure calling for the public and private sectors to work on addressing risks. But two years later, the Auditor General released a report complaining the strategy still didn’t have an action plan. That plan has since been completed.

Public Safety Canada has released a guideline of best practices for incident response. But Fowler said the NIST document goes further. Meanwhile, as part of its effort to work on an infrastructure security plan, the Canadian government is holding an invitation-only conference in New York next week.

Called a ``Framework for Improving Critical Infrastructure`` it’s aimed at organizations, regulators and consumers to create or improve cybersecurity programs.

The document provides a common language to address and manage cyber risk in a cost-effective way based on business needs, without placing additional regulatory requirements on businesses, NIST says.

“The framework provides a consensus description of what’s needed for a comprehensive cybersecurity program,” said under secretary of commerce for Standards and Technology and NIST director Patrick Gallagher.

“Additionally, it reflects the efforts of a broad range of industries that see the value and need for improving cybersecurity and lowering overall risk. It will help companies prove to themselves and their stakeholders that good cybersecurity is good business.”

In short, it’s a series of best practices. The Harper government has been criticized for not providing leadership on cyberthreats to Canadian enterprises and citizens by an academic who specializes in international security.

A group of Canadian IT security professionals hopes to officially set up a national computer emergency response team (CERT) network next month that will run round the clock.

NIST says that several organizations can use the framework to determine their current level of IT security, set goals and establish a plan for improving or maintaining their cybersecurity.

It also offers a methodology to protect privacy and civil liberties (according to current U.S. law) to help organizations incorporate those protections into a comprehensive cybersecurity program.

Within the framework, which will be updated periodically, there are three main elements-- the core, tiers and profiles. The core presents five functions-— identify, protect, detect, respond and recover, that taken together, allow any organization to understand and shape its cybersecurity program.

The tiers describe the degree to which an organization’s cybersecurity risk management meets goals set out in the framework. The profiles help organizations move from a current level of cybersecurity sophistication to a target improved state that meets business needs.

In other internet security news

According to an industry warning from systems integrator Accuvant, more and more today, sophisticated hackers and well organized cybercriminals are increasingly carrying out DDoS (distributed denial of service) attacks as a complex method in cover up their criminal activities, while trying to hide their ugly tracks. And the situation is starting to be really alarming says Accuvant, an internet security firm that researches advanced threats, methods and IT architectures.

Increasingly available automated DDoS attack toolkits provide cybercriminals an easy way to tie up system resources and often disrupt busy IT teams who are dispatched to remedy the issue and then get critical applications back online.

Attackers are increasingly using DDoS as a cover up, warned Craig Treubig, managing principal consultant at Accuvant. "These events cost organizations large sums of money in the form of service-level agreements, service interruptions, and credit protection for clients affected by an attack against the enterprise," Treubig wrote in his recent analysis of the threats.

And those attacks can be very costly to unprepared businesses, Treubig added. Expenses for an initial attack begins at $100,000 and the costs add up per hour during mitigation until the attack is fully resolved, he said.

Experts have documented the largest distributed denial of service attack ever seen earlier this week, with the volume coming in at 400 Gbps at its peak. Matthew Prince of website hosting provider CloudFlare said the attack was reported Monday and involved more than 4,500 servers in what is called a Network Time Protocol (NTP) server amplification attack.

It is one in a series of high-profile DDoS attacks conducted against U.S. banks and a large 300-Gbps attack last year against Spamhaus, a nonprofit antispam blacklist provider. The alleged attacker in the Spamhaus DDoS campaign has since been apprehended by authorities.

Prince said he is optimistic that network operators will address the infected NTP servers used in the latest attack. Worse, he clearly warned that the latest attack technique could theoretically be amplified to greater peak volume.

Accuvant's Treubig said that government agencies, businesses in the oil and gas industry, manufacturers, health-care organizations and higher education may be at increased risk for more-complex blended denial of service attacks. The industries are often pursued for their intellectual property or research information, Treubig said.

Solution providers say that they have been working with clients on ways to ensure they are prepared for denial of service attacks. Appliances such as firewalls often are not properly configured to handle a DDoS attack, despite having capabilities to filter out malicious traffic, the said.

Additionally, most clients are concerned about system availability, not an underlying cyberattack associated with the denial of service activity. But in 2013, Dell Secureworks published a report documenting ACH fraud at some banks and credit unions tied to DDoS attacks. In one attack, cybercriminals fraudulently transferred $2.1 million from a bank account. The transfers often go to banks located in Russia, Cyprus and China.

In a recent interview, researchers at Burlington, Mass.-based DDoS protection vendor Arbor Networks said they were tracking the rising number of sophisticated application-layer DDoS attacks. Some businesses rely on their upstream ISPs for protection, but that can often result in some disruption, they said.

The company issued recommendations to network operators this week to help reduce the threat posed by amplification attacks. "Network operators, including the various categories of ISPs as well as enterprise network operators, should routinely scan their IP address space for insecurely configured services that can be abused by attackers, and then work to notify the operators of such services and remediate them," the company said about the latest high-profile attack.

"In general, anti-spoofing technologies deployed at customer aggregation edges and/or access edges of wireline and wireless broadband access networks, hosting/co-location Internet data center networks, and enterprise networks would prevent attackers from launching spoofed attacks of any kind," he added.

In other internet security news

According to some reports, unnamed officials told The New York Times that Edward Snowden used a common web crawler program to scrape NSA's systems and steal secret and classified documents.

It's a revelation that raises even more questions about the efficiency of the agency's internal security measures. The software in question was not named by the officials, but it's apparently similar to Googlebot, the program the search giant created several years ago to index new Web pages.

Snowden also used a program called "wget" which Chelsea Manning used to download the batches of secret files that were published by WikiLeaks several years back.

The crawler can be programmed with various search phrases. It then travels automatically from web page to web page, following links, and going ever deeper in search of relevant and secret documents.

"One of the many questions I have is, while people can access individual messages related to their specific job, shouldn't this system have caught someone downloading 500,000 messages and asked him, 'What are you doing?'" said Senator-Elect Mark Kirk (R-Ill.).

Similar questions are currently being asked of the NSA's overall systems as well. And it's a weighty issue given that, as the Times notes, the NSA is also charged with maintaining U.S. cybersecurity against foreign adversaries that are supposedly using far more sophisticated methods than Snowden apparently did.

A presidential directive made in response to the 2010 Manning/WikiLeaks incident required U.S. government facilities to install updated anti-leak software.

But the facility in Hawaii where Snowden worked as an NSA contractor reportedly hadn't updated the "insider threat" program simply because the outpost's network didn't yet have enough power to run it properly.

Today's Times story says it's not known if Snowden got lucky in landing at the Hawaii facility, or if he sought it out. NSA officials told the Times that Snowden would've been caught if he'd been working at the agency's headquarters in Fort Meade, Md.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

Source: The Southwest Interactive Festival.

Click here to order the best dedicated server and at a great price.

Save Internet's URL to the list of your favorite web sites in your Web browser by clicking here.

You can link to the Internet Security web site as much as you like.

Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet    Terms of use    Privacy agreement    Legal disclaimer

Click here to order our special clearance dedicated servers.

Get your Linux or Windows dedicated server today.

Click here to order our special clearance dedicated servers.