Covert Empire: A hidden world, growing beyond control
The top-secret world the government created in response to the terrorist attacks of Sept. 11, 2001, has become so large, so unwieldy and so secretive that no one knows how much money it costs, how many people it employs, how many programs exist within it or exactly how many agencies do the same work.
These are some of the findings of a two-year investigation by The Washington Post that discovered what amounts to an alternative geography of the United States, a Top Secret America hidden from public view and lacking in thorough oversight. After nine years of unprecedented spending and growth, the result is that the system put in place to keep the United States safe is so massive that its effectiveness is impossible to determine.
The investigation’s other findings include:
- Some 1,271 government organizations and 1,931 private companies work on programs related to counterterrorism, homeland security and intelligence in about 10,000 locations across the United States.
- An estimated 854,000 people, nearly 1.5 times as many people as live in Washington, D.C., hold top-secret security clearances.
- In Washington and the surrounding area, 33 building complexes for top-secret intelligence work are under construction or have been built since September 2001. Together they occupy the equivalent of almost three Pentagons or 22 U.S. Capitol buildings - about 17 million square feet of space.
- Many security and intelligence agencies do the same work, creating redundancy and waste. For example, 51 federal organizations and military commands, operating in 15 U.S. cities, track the flow of money to and from terrorist networks.
- Analysts who make sense of documents and conversations obtained by foreign and domestic spying share their judgment by publishing 50,000 intelligence reports each year - a volume so large that many are routinely ignored.
[…]
7 page article: A hidden world, growing beyond control | washingtonpost.com
Why The #NSA Can’t Be Trusted to Run #US #Cybersecurity Programs
This week, the Senate will be voting on a slew of amendments to the newest version of the Senate’s cybersecurity bill. Senators John McCain and Kay Bailey Hutchison have proposed several amendments that would hand the reins of our nation’s cybersecurity systems to the National Security Agency (NSA). All of the cybersecurity bills that have been proposed would provide avenues for companies to collect sensitive information on users and pass that data to the government. Trying to strike the balance between individual privacy and facilitating communication about threats is a challenge, but one thing is certain: the NSA has proven it can’t be trusted with that responsibility. The NSA’s dark history of repeated privacy violations, flouting of domestic law, and resistance to transparency makes it clear that the nation’s cybersecurity should not be in its hands.
In case you need a refresher, here’s an overview of why handing cybersecurity to the NSA would be a terrible idea […]
Why The NSA Can’t Be Trusted to Run U.S. Cybersecurity Programs | Electronic Frontier Foundation, July 30, 2012 | By Mark M. Jaycox and Lee Tien and Trevor Timm
Please Spread: Cybersecurity for #Parents
Here are a few quick tips for teens:
Avoid gossip. Everyone’s bound to get a little excited by those oh-so-dramatic high school scandals, but that doesn’t mean you have to text the latest rumor to everyone you know.
Protect your space. Use privacy settings and don’t accept just anyone as a friend. Do some investigating - who are they? Why would you hang out with them?
Download this free guide to get the full list of…
- How to prevent and avoid cyberbullying
- Tips for you teen to prevent sharing too much personal information
- Tips for identifying and dealing with online predators
Want more safety information for you and your kids? Download this new guide today, hot off the press!
More Information on Social Networks
Want more safety information about a certain social network? Find the social network below and share this information with your kids today!
[…]
Cybersecurity Summary for Parents
Excellent site!
Big business ignores smart meter security risks for short term profit
Companies push dicey rushed roll outs
11 Apr 2012 13:31 | by Andrea Petrou
Smart meter vendors are ignoring the cyber security risks associated with this technology, pushing it on the masses mostly to drive profits.
A recent FBI report highlighted a number of cyber attacks against smart meter installations over the past several years. It said the attacks could have cost the US hundreds of millions of dollars per year.
According to the Krebsonsecurity blog, the report warned that insiders and individuals with only a moderate level of computer knowledge could hack meters with low-cost tools and software, which could be bought quite easily over the internet. This could then be used to change the details of the smart meter and ramp up electricity bills for households.
According to a security expert, speaking under anonymity, this isn’t a new threat.
“We’ve been saying for years that smart meters are targets for hackers but companies looking to make money from this technology have ploughed ahead regardless,” our source said. “Now it seems that governments and the legal authorities are finally waking up to what a big threat this is”.
More on techEye.net: Big business ignores smart meter security risks for short term profit
Apple shows it hasn't a clue about security: Tries to shut down whistleblower's server
11 Apr 2012 07:52 | by Nick Farrell in Rome
While Apple users suffer from a serious malware outbreak, Jobs’ Mob’s answer to the problem is to try to shut down the server of the security company that warned the world of the attack.
More than half a million Macs are infected with Flashback malware, caused by the fact that Jobs’ Mob could not be bothered updating some Java software and relied on peoples’ faith in Steve Jobs to protect them.
However, the problem reveals just how useless Apple is when it comes to working with the real world.
Apple’s first action was not to update the Java software, but to order the server of the Russian based security company which alerted the world to the problem, offline.
Boris Sharov, chief executive of the Moscow-based security Dr. Web says he learned Monday from the Russian Web registrar Reggi.ru that Apple had requested the registrar shut down one of its domains.
Apple somewhat stupidly thought that the website was being used as a “command and control” server. It did not look at who owned the website and did not realise that the domain was one of three that Dr. Web has been using as a spoofed command and control server which acts as a “sinkhole.”
If it had a little more experience in dealing with the real world outside its reality distortion field it would have twigged.
Sharov said that Apple just had no idea how to work as a team player in tackling security. It just thought that it could wade in and order servers switched off and that would resolve its problems. […]
#HTML5 Security Cheatsheet: #Vectors making use of HTML5 features
A vector displaying the HTML5 form and formaction capabilities for form hijacking outside the actual form.
<form id="test" /><button form="test" formaction="javascript:alert(1)">X
How To Fix: Don’t allow users to submit markup containing “form” and “formaction” attributes or transform them to bogus attributes. Avoid “id” attributes for forms as well as submit buttons.
According to Lifehacker, today is Change Your Password Day and today is as good a day as any to do some administrative cleanup. This is one of the funnier, yet amazingly useful, tips on rethinking the classic hard to remember, contortionist-like passwords.
