1  |  2  |  3  |  4  |  5  |  6  |  7  |  8  |  9  |  10  |  11  |  12  |  13  |  14  |  15  |  16  |  17  |  18  |  19  |  20  |  21  |  22  |  23  |  24  |  25  |  26  |  27  |  28  |  29  |  30  |  31  |  32  |  33  |  34  |  35  |  36  |  37  |  38  |  39  |  40  |  41  |  42  |  43  |  44  |  45  |  46  |  47  |  48  |  49  |  50  |  51  |  52  |  53  |  54  |  55  |  56  |  57  |  58  |  59  |  60  |  61  |  62  |  63  |  64  |  65 

" I sexually harassed my NSA polygrapher"

My NSA secrets revealed: I sexually harassed my NSA polygrapher
Then my polygrapher changes tack. He says that if my answer is the truth there must have been something else. I must have been thinking about something that caused the polygraph machine to spike. He asks if my mind wandered even a little bit. He asks if there may have been anything that I may have been thinking about during the exam that could have caused the machine to pick up on nervousness, excitement or stress. Anything at all? I pause. Then I say it. "I find you very attractive and was thinking about how it would be nice to have sex with you." I sexually harass my NSA polygrapher, and I am not done. I stare at the floor as I let loose a rambling, soft core pornographic retelling of my inner monologue since first looking up at him in waiting room. I talk about the cut of his suit. I talk about his imagined career as an underwear model. It is not a seduction. It is a confession. It is humiliating. It definitely is honest. It is his turn to pause. Then he says that is very flattering but that was probably not the reason for what he saw on my polygraph read out. He concludes the exam and tells me I'll be notified of my results. He dismisses me. I am not surprised to learn that I had not passed my polygraph test. . . .

August 06, 2013

CHROME has a really dumb password storage system

Chrome’s insane password security strategy • Elliott Kember
This is a page in Chrome’s settings panel: See that “show” button? It does what you think it does. There’s no master password, no security, not even a prompt that “these passwords are visible”. Visit chrome://settings/passwords in Chrome if you don’t believe me. There are two sides to this. The developer’s side, and the user’s side. Both roles have vastly different opinions as to how the computer works. Any time I try to draw attention to this, I get the usual responses from technical people: Just use 1Pass The computer is already insecure as soon as you have physical access That’s just how password management works While all of these points are valid, this doesn’t address the real problem: Google isn’t clear about its password security. In a world where Google promotes its browser on YouTube, in cinema pre-rolls, and on billboards, the clear audience is not developers. It’s the mass market - the users. The overwhelming majority. They don’t know it works like this. They don’t expect it to be it’s this easy to see their passwords. Every day, millions of normal, every-day users are saving their passwords in Chrome. This is not okay.

July 31, 2013

XKeyscore: NSA tool collects 'nearly everything a user does on the internet'

XKeyscore: NSA tool collects 'nearly everything a user does on the internet' | World news | theguardian.com
"I, sitting at my desk," said Snowden, could "wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email". US officials vehemently denied this specific claim. Mike Rogers, the Republican chairman of the House intelligence committee, said of Snowden's assertion: "He's lying. It's impossible for him to do what he was saying he could do." But training materials for XKeyscore detail how analysts can use it and other systems to mine enormous agency databases by filling in a simple on-screen form giving only a broad justification for the search. The request is not reviewed by a court or any NSA personnel before it is processed. XKeyscore, the documents boast, is the NSA's "widest reaching" system developing intelligence from computer networks – what the agency calls Digital Network Intelligence (DNI). One presentation claims the program covers "nearly everything a typical user does on the internet", including the content of emails, websites visited and searches, as well as their metadata. Analysts can also use XKeyscore and other NSA systems to obtain ongoing "real-time" interception of an individual's internet activity. Under US law, the NSA is required to obtain an individualized Fisa warrant only if the target of their surveillance is a 'US person', though no such warrant is required for intercepting the communications of Americans with foreign targets. But XKeyscore provides the technological capability, if not the legal authority, to target even US persons for extensive electronic surveillance without a warrant provided that some identifying information, such as their email or IP address, is known to the analyst.