N.S.A. Foils Much Internet Encryption - NYTimes.com

At Microsoft, as The Guardian has reported, the N.S.A. worked with company officials to get pre-encryption access to Microsoft’s most popular services, including Outlook e-mail, Skype Internet phone calls and chats, and SkyDrive, the company’s cloud storage service.

And to think that I'd just recommended hosted Exchange. 

U.K. Ordered Guardian to Destroy Snowden Files Because Its Servers Weren't Secure

To illustrate how the information was still at risk, he told editors that foreign agents could train a laser on “a plastic cup in the room where the work was being carried out … to pick up the vibrations of what was being said” there. Vibrations on windows could similarly be monitored remotely by laser.


Following this logic, I guess I should just burn my house down. I feel like at some point this spring I unknowingly purchased a one way ticket to crazy town.  

Code By Voice Faster Than Keyboard

About two years ago Tavis Rudd, developed a bad case of RSI caused by typing lots of code using Emacs. It was so severe that his hands went numb and he could no longer work. After trying all of the standard "conventional" solutions, such as different keyboard and generally paying attention to the ergonomics of his work station, nothing helped. As he puts it: "Desperate, I tried voice recognition".

One more reason to use VIM.  

A DEF CON postscript: Said the FBI agent to the taxi driver

Black Hat is hacking scrubbed of its sense of wonder. And sadly, it mirrors the times we’re in.

Violet Blue pens an incredibly insightful artcile about the contrast between DEFCON and Blackhat. As an outsider from what has become known as the "infosec industry" I feel this divide more and more each year.

While it was nice to put some names to faces at some companies I use throughout the year on Wednesday night, I never felt at home. DEFCON is a conference that feels like a family reunion. Blackhat feels like a trade show. It should come as no surprise that the best conversations were had at the Caesars bar instead of the corporate parties.

Next year I may find myself joining some neighbors over at the Alexis Park on Wednesday night.

Missing Michael Hastings

“I’d need a clause somewhere in the contract that says if BuzzFeed fires me for saying or writing something controversial or offensive on BuzzFeed or on Twitter or elsewhere, there will have to be some kind of severance payment. I have a demonstrated ability to really piss powerful people off, and I would need some kind of assurance that BuzzFeed has my back, 120 percent.”


NSA hacks China, NSA leaker Snowden claims - CNN.com

While not on the roster for Wednesday's hearing, another administration official in the spotlight is Director of Intelligence James Clapper, whom Democratic Sen. Ron Wyden has singled out for how he answered questions about the telephone surveillance program in March.
In March, Wyden asked Clapper if the NSA collects "any type of data at all on millions or hundreds of millions of Americans?"
"No sir," Clapper said.
On Saturday, Clapper told NBC News that he answered in the "most truthful or least most untruthful manner" possible.
He told NBC that he had interpreted "collection" to mean actually examining the materials gathered by the NSA.
He previously told the National Journal he had meant that "the NSA does not voyeuristically pore through U.S. citizens' e-mails," but he did not mention e-mails at the hearing.

Emphasis mine. Interesting definition. Somebody notify EDRM and the Sedona Conference to let them know that they need to update their definitions. 

'I do not expect to see home again'

Q: What about the Obama administration's protests about hacking by China?
A: "We hack everyone everywhere. We like to make a distinction between us and the others. But we are in almost every country in the world. We are not at war with these countries."
Q: Is it possible to put security in place to protect against state surveillance?
A: "You are not even aware of what is possible. The extent of their capabilities is horrifying. We can plant bugs in machines. Once you go on the network, I can identify your machine. You will never be safe whatever protections you put in place."

This is turning out to be the most interesting story of the year. I think there's an important distinction to be made between Mr. Snowden and Bradley Manning. Snowden did this entirely on his own, released the information through an organization with credibility and had a plan. 

OmniPresence Document Syncing

Thanks to an anonymous federal worker, we now know that DropBox should soon be a part of PRISM. Faced once again with the reality that you control your own privacy it's time for some better options.

Along with SpiderOak, I'll be looking into running this out of my house.