As to that NSA data, a great deal of confusion about "surveillance" seems to be floating around. In the United Kingdom, questions are being asked about all the data-gathering by the British equivalent of the NSA, GCHQ. In response, Secretary of State Theresa May has responded that "there is no programme of mass surveillance and there is no surveillance state" and labels claims that GCHQ engages in unlawful hacking as "nonsense." Yet clearly, a lot of data is being gathered.
GCHQ, the NSA, and probably every other intelligence agency worth the name is actively gathering data from the Internet. Everything on the Internet is transient, with different decay periods, so gathering information is a constant process. They believe everything that can be gathered without illegal action is fair game, so they gather anything and everything they can, storing it just in case.
They are without doubt capturing and recording all and any email, instant messages, Web pages, social media traffic, and so on. Recent disclosures reveal that the NSA collects "nearly everything a user does on the Internet," then offers analysts tools to search that data. The NSA has a variety of explanations why it's all legally gathered.
Most people know to turn off GPS on their mobiles if they are bothered about being tracked however fewer people know not to leave on Wi-Fi & call service as these also can be used to track you.
A CryptoPhone maker, GSMK, has developed a firewall that tells you if rogue cell towers are trying to connect to your phone. This is the first phone to protects against these attacks but it’s only compatible with one device, a modded Galaxy S3.
HardenedBSD is the latest BSD distribution writing into Phoronix to share its work.
HardenedBSD isn't some radical new BSD operating system but rather it's working on being a security-enhanced version of FreeBSD. HardenedBSD is just about providing security enhancements on top of the FreeBSD code-base. This initiative just started this summer by Oliver Pinter and Shawn Webb.
Private messaging apps like SnapChat and WhatsApp aren’t as private as you might think.
SnapChat settled with the Federal Trade Commission earlier this month over a complaint that its privacy claims were misleading, as reported by USA Today, and last week, the Electronic Frontier Foundation published a report listing the company as the least privacy-friendly tech outfit it reviewed, including Comcast, Facebook, and Google. Last year, WhatsApp faced privacy complaints from the Canadian and Dutch governments, and like Snapchat, its security has been an issue as well.
In the first of this series on Docker security, I wrote "containers do not contain." In this second article, I'll cover why and what we're doing about it.
Docker, Red Hat, and the open source community are working together to make Docker more secure. When I look at security containers, I am looking to protect the host from the processes within the container, and I'm also looking to protect containers from each other. With Docker we are using the layered security approach, which is "the practice of combining multiple mitigating security controls to protect resources and data."
Basically, we want to put in as many security barriers as possible to prevent a break out. If a privileged process can break out of one containment mechanism, we want to block them with the next. With Docker, we want to take advantage of as many security mechanisms of Linux as possible.
Luckily, with Red Hat Enterprise Linux (RHEL) 7, we get a plethora of security features.
But open source tends to be something of an agglomeration of programmers -- some brilliant, some boneheaded -- around a core developer or two. I think it just might be possible to influence the small group of programmers at the core of each open source project to create a culture that develops secure code. In fact, in some ways it might even be easier to do with open source projects because they, for the most part, don't face the arbitrary deadlines of the commercial world.
Open source technologies are "more secure" than software that is developed in a proprietary way, Red Hat's JBoss middleware business unit general manager, Mike Piech, said in a meeting with journalists.
On the one hand, open source software code is freely available, which means that hackers will see how to hack it. But, on the other, there is also a vast community of people working to maintain open source software security.
Commonwealth and state/territory government funded public company, Healthdirect Australia, has used open source software to build an identity and access management (IAM) solution.
The IAM solution allows users to have one identity across all of its websites and applications. For example, users can sign in using their Facebook, LinkedIn or Gmail account.