Risky Business #283 -- America, we need to talk

Surveillance scandals and thought crimes. USA! USA!
07 Jun 2013 » Risky Business

On this week's show we take a look at PRISM, the NSA's recently exposed massive surveillance program. Leaked PowerPoint slides from NSA describe a surveillance system that allows the agency to effortlessly capture a target's YouTube, Google, Facebook and Skype. This has been reported as these companies allowing the US government access to "back doors" on their systems.

In this week's episode we look at an alternative theory: The NSA is actually capturing information on "persons of interest" in real-time via fibre taps, decrypting it with private keys, then storing it. It's our theory and we're sticking with it. Listen to this week's episode to see if you agree!

Also this week we've got Tenable's chief of security, Marcus Ranum, stopping by in this week's sponsor interview to follow up on his keynote speech at AusCERT. The speech was called Never Fight a Land War in Cyber Space and it's really about the idea that conventional military thinking doesn't apply to the Internet.

I published a recording of his talk and it got a great reaction, but I was left with some questions after I saw it. So I rang him up and asked them! It's actually a really, really interesting interview so make sure you tune in for it.

****EDITOR'S NOTE: During the discussion on PRISM, I referenced 5Tb/s of traffic between "the US, Canada and US". That should have been "The US, Canada and Europe". Sorry about that!

Show notes

Report: NSA Was Granted Order to Snag Millions of Verizon Call Records for 3 Months | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/06/nsa-verizon-call-records/

Assange no concern of ours, says Carr
http://www.smh.com.au/opinion/political-news/assange-no-concern-of-ours-...

Google push for faster zero day fixes hits a wall: Other companies | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57587178-83/google-push-for-faster-zero...

NetTraveler Espionage Malware Campaign Ties to Gh0st RAT | Threatpost
http://threatpost.com/net-traveler-espionage-campaign-uncovered-links-to...

Oracle Java Security Enhancements Get Mixed Reviews | Threatpost
http://threatpost.com/mixed-reviews-on-oracles-java-security-update/

FDIC: 2011 FIS Breach Worse Than Reported - Krebs on Security
http://krebsonsecurity.com/2013/06/fdic-2011-fis-breach-worse-than-repor...

Peer-to-Peer Botnets Grow Fivefold | Threatpost
http://threatpost.com/number-of-peer-to-peer-botnets-grows-5x/

Systems are now secure: Govt CIO | Computerworld New Zealand
http://computerworld.co.nz/news.nsf/news/systems-are-now-secure-govt-cio

Windows 8.1 to let you secure folders with your fingerprint | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57587535-83/windows-8.1-to-let-you-secu...

Two-Factor Authentication Options for Web Services | Threatpost
http://threatpost.com/web-services-finding-religion-with-two-factor-auth...

Pills and Tattoos to Replace Passwords for Authentication | Threatpost
http://threatpost.com/former-darpa-head-proposes-pills-and-tattoos-to-re...

Microsoft, feds disrupt massive Citadel botnet | Security & Privacy - CNET News
http://news.cnet.com/8301-1009_3-57587935-83/microsoft-feds-disrupt-mass...

Schneider Patches 18-Month Old SCADA Bugs | Threatpost
http://threatpost.com/schneider-patches-18-month-old-scada-bugs/

Five Bulletins, One Critical in Microsoft's June Patch | Threatpost
http://threatpost.com/five-bulletins-one-critical-in-microsofts-june-patch/

Google Fixes Security Vulnerabilities with Chrome Update | Threatpost
http://threatpost.com/google-ships-12-security-patches-in-latest-chrome-...

Apple Patches Mass of Security Bugs in OS X and Safari | Threatpost
http://threatpost.com/apple-patches-mass-of-security-bugs-in-os-x-and-sa...

Internet Systems Consortium Resolves Critical BIND Flaw | Threatpost
http://threatpost.com/isc-patches-known-bind-9-dos-vulnerability/

STORIES DISCUSSED IN FEATURE SEGMENT:

U.S. intelligence mining data from nine U.S. Internet companies in broad secret program - The Washington Post
http://www.washingtonpost.com/investigations/us-intelligence-mining-data...

Verizon Breaks Silence on Top-Secret Surveillance of Its Customers | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/06/verizon-responds/

DHS Watchdog: 'Intuition and Hunch' Are Enough to Search Your Gadgets at Border | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/06/border-gadget-searches/

Teen Jailed for Rap Lyrics Posted After Boston Bombings | Threat Level | Wired.com
http://www.wired.com/threatlevel/2013/06/teen-jailed-for-terror-rap/

PRESENTATION: Marcus Ranum on militarisation trends | Risky Business
http://risky.biz/ranum_auscert

,

Oracle has really embraced the fact that they should be more careful with their security. They need to do that. - Kris Krohn Strongbrook