Anonops #10: Stop SOPA

quote:

EU stelt nieuwe privacyregels op internet voor

De Europese Unie heeft nieuwe regels voor bescherming van persoonsgegevens op internet voorgesteld. Bedrijven moeten voortaan gehoor geven aan het definitief verwijderen van gegevens als de gebruiker dat wil.

Het voorstel komt van de Europese Commissaris voor Justitie en Mensenrechten Viviane Reding. Volgens Reding laten we onze sporen achter op het internet en daarvoor moeten we beschermd worden in deze ‘brave new data world’:

twitter:

VivianeRedingEU twitterde op woensdag 25-01-2012 om 10:06:41 We leave digital traces with every move we make. We need a robust set of data protection rules in this brave new data world #EUdataP reageer retweet

quote:

Symantec: Anonymous stole source code, users should disable pcAnywhere

Symantec has confirmed that the hacker group Anonymous stole source code from the 2006 versions of several Norton security products and the pcAnywhere remote access tool.

Although Symantec says the theft actually occurred in 2006, the issue did not come to light until this month when hackers related to Anonymous said they had the source code and would release it publicly. Users of the Norton products in question are not at any increased risk of attack because of the age of the source code and security improvements made in the years since the breach, but the vendor acknowledged on Tuesday night that "Customers of Symantec's pcAnywhere have increased risk as a result of this incident."

Symantec released a patch fixing three vulnerabilities in pcAnywhere version 12.5 (the current version) on Monday, and said it will continue issuing patches "until a new version of pcAnywhere that addresses all currently known vulnerabilities is released."

Symantec pointed customers to a white paper that recommends disabling pcAnywhere, unless it is needed for business-critical use, because malicious users with access to the source code could identify vulnerabilities and launch new exploits. "At this time, Symantec recommends disabling the product until Symantec releases a final set of software updates that resolve currently known vulnerability risks," the company said. "For customers that require pcAnywhere for business critical purposes, it is recommended that customers understand the current risks, ensure pcAnywhere 12.5 is installed, apply all relevant patches as they are released, and follow the general security best practices discussed herein."

As for Norton, Symantec said the source code stolen was from the 2006 versions of Norton Antivirus Corporate Edition, Norton Internet Security, and Norton SystemWorks. Earlier this month, Symantec said no products were at risk, but changed its message regarding pcAnywhere after further investigation.

quote:

Op donderdag 26 januari 2012 01:05 schreef Nemephis het volgende:
Live, van The Onion News Network!! Net zoiets als De Speld, dus dan moet het wel waar zijn!

CIA's 'Facebook' Program Dramatically Cut Agency's Costs

"that's how they got my brother"

twitter:

amauryy19 twitterde op donderdag 26-01-2012 om 02:27:19 RT The video was real."@YourAnonNews cough cough, uh, looks like facebook.com is having a slight accessibility problem. #Anonymous" reageer retweet

twitter:

TxStormChasers twitterde op donderdag 26-01-2012 om 02:26:18 Oh look, #Facebook is back online. END OF WORLD CANCEL! #facebookownstheworld reageer retweet

twitter:

Anonymous_DO twitterde op donderdag 26-01-2012 om 02:30:46 RT @anonops: #Facebook.com is NOT under denial of service attack. STOP LYING. reageer retweet

quote:

Just in Time for "Anonymous" Attacks, U.S. NIST Drafts a New Readiness Plan

Two years ago, the U.S. Dept. of Homeland Security firmly decided (again) that a policy of responding to vulnerabilities in the nation's cybersecurity when they happen, is insufficient. The National Institute of Standards and Technology set about on a plan to model a 21st century perpetual vulnerability mitigation scheme - a continuous monitoring (CM) framework that attempts to model security procedures not in terms of crisis and response, but instead as a perpetual cycle of monitoring and engagement that stays basically the same whether or not there's a crisis.

In other words, if you "keep doing this all the time," then whatever happens won't destroy the network. Late last week, NIST produced its first series of drafts for how government information services could look, perhaps later this decade. It's so radically different from anything seen thus far, that NIST acknowledges that no one in the commercial sector has even come up with the language to describe it.



The January draft of NIST's interface specifications (PDF available here) shows five layers of what are periodically described as subsystems. Think of these functional components as comprised of devices, software, and people. Acknowledging that not every CM process can or should be automated, NIST's architects have created these five classes of subsystem to represent the divisions of workflow for both people and technology who work with any data domain. In other words, regardless of what data you're working with, as a government IT worker, you and your programs will fall someplace within this model.

So do software vendors start digesting this system now and try to build products based on it? Right now, NIST acknowledges that might not be possible.

"Each subsystem specification provides product development requirements applicable to specific product types. It is not expected, or desired, that any specific product adopt all of the subsystem specifications. Some of the subsystem specifications describe requirements that already exist within many Information Technology (IT) products. Thus, incorporation of these specifications should require only gentle instrumentation for those existing products. In other cases, the subsystems represent new functionality and product types (e.g., multi-product sensor orchestration and tasking and policy content repositories) that do not currently exist on the market. If vendors choose to adopt these specifications, they will likely need to develop new products. To catalyze vendor involvement we are looking into providing functioning prototypes of these capabilities."

In a situation that will remind some folks of The Hitchhiker's Guide to the Galaxy, NIST comes clean in saying that in order to understand how this solution may eventually work, everyone needs to learn along the way just how the problem works. One of the elements absent from the NIST drafts so far is remediation, for instance. Right now, it's worked out a structural framework for a query system that triggers workflow between the elements of the subsystems shown in the diagram. But the query language itself has not been invented yet.

So are we years away from a working implementation? Perhaps not very many. The CM concept has only been devised in the past few years, and one of the documents that led to the forging of these latest drafts was only produced last September. At that time, the CM concept was being referred to by its broader abbreviation, Information Systems Continuous Monitoring (ISCM).

"The output of a strategically designed and well-managed organization-wide ISCM program can be used to maintain a system's authorization to operate and keep required system information and data... up to date on an ongoing basis," the September document explains. "Security management and reporting tools may provide functionality to automate updates to key evidence needed for ongoing authorization decisions. ISCM also facilitates risk-based decision making regarding the ongoing authorization to operate information systems and security authorization for common controls by providing evolving threat activity or vulnerability information on demand. A security control assessment and risk determination process, otherwise static between authorizations, is thus transformed into a dynamic process that supports timely risk response actions and cost-effective, ongoing authorizations. Continuous monitoring of threats, vulnerabilities, and security control effectiveness provides situational awareness for risk-based support of ongoing authorization decisions. An appropriately designed ISCM strategy and program supports ongoing authorization of type authorizations, as well as single, joint, and leveraged authorizations."

The hope is that, once security vulnerabilities are identified by researchers, either in the public or private sectors, the standardization of their reporting will enable them to be entered into the system like marbles in a pachinko machine. The system will essentially digest them, feeding on them and integrating their lessons into everyday processes. It is a completely different way to think about work and workflow, but desperate times demand it.

quote:

Press freedom index: big falls for Arab trio in year of protest

Syria, Bahrain and Yemen fall backwards as uprisings fail to secure democracy

quote:

The United States, for example, has dropped markedly due to the targeting of journalists covering the Occupy Wall Street movement.

It slipped 27 places, down to 47th place out of a total of 179 countries in the survey. Britain fell from 19th to 28th (though the reason for that remains unclear).

"Crackdown was the word of the year in 2011," said Reporters Without Borders (RWB), the international press freedom watchdog, when releasing its 10th annual index.

. "Never has freedom of information been so closely associated with democracy. Never have journalists, through their reporting, vexed the enemies of freedom so much.

. Never have acts of censorship and physical attacks on journalists seemed so numerous. The equation is simple: the absence or suppression of civil liberties leads necessarily to the suppression of media freedom.

. Dictatorships fear and ban information, especially when it may undermine them."

quote:

The two countries at the top - Finland and Norway - repeated last year's performance. They were joined by Estonia and the Netherlands.

quote:

Op donderdag 26 januari 2012 13:08 schreef YazooW het volgende:

[..]

Alsof Anonymous Facebook down zou kunnen krijgen

quote:

Op donderdag 26 januari 2012 13:52 schreef YazooW het volgende:

[..]

Met z'n allen aan TOR, zullen de kinderpornoliefhebbers wel fijn vinden.

quote:

Op donderdag 26 januari 2012 13:54 schreef YazooW het volgende:

[..]

Beetje gemiddelde TOR gebruiker is dan ook bezig met illegale zaken,

quote:

niet normaal wat je er allemaal op kan vinden.

quote:

Op donderdag 26 januari 2012 14:04 schreef YazooW het volgende:

[..]

MET Tor ja. Je begrijpt wel wat ik bedoel.

quote:

Op donderdag 26 januari 2012 14:14 schreef YazooW het volgende:
Maar over die Chinezen trouwens, die volgens jou vanuit China op Tor kunnen komen, zitten die dan heel de dag OnionIB te checken?

quote:

Op donderdag 26 januari 2012 14:07 schreef Papierversnipperaar het volgende:

[..]

Ik begrijp het, en jij begrijpt het niet. idd.

quote:

Op donderdag 26 januari 2012 14:16 schreef YazooW het volgende:
Je begrijpt heel goed wat ik bedoel, alleen probeer je me steeds te pakken op de manier waarop ik het verwoord... beetje jammer.