'The Washington elites fear liberty. They fear you'

Plus: 'I do not want my name to be on Apple's blacklist'

Build a business case: developing custom apps

QuotW This was the week when the NSA PRISM scandal rumbled on with politician attempts to curb the spook agency's remit in the US House of Representatives. The Defense Appropriations Bill had an amendment stuck on to the end of it asking Congress to stop the phone and internet data sniffers from accessing the data of those not actually under investigation.

President Obama wasn't too pleased with that and issued a statement urging the government to vote against the amendment:

This blunt approach is not the product of an informed, open, or deliberative process. We urge the House to reject the Amash Amendment, and instead move forward with an approach that appropriately takes into account the need for a reasoned review of what tools can best secure the nation.

But Justin Amash (MI-R), who proposed the amendment, retorted:

#NSA's unconstitutional spying on ALL Americans was "not the product of an informed, open, or deliberative process." It must be stopped now.

When's the last time a president put out an emergency statement against an amendment? The Washington elites fear liberty. They fear you.

However, his pleas fell on deaf ears as the House voted against the measure, though only just.

The NSA was also in trouble on another front this week when it admitted that it had accidentally leaked information through Microsoft's SharePoint software. The data oozed out from a sysadmin given SharePoint privileges and NSA chief General Keith Alexander said it was a "huge break in trust and confidence":

This leaker was a sysadmin who was trusted with moving the information to actually make sure that the right information was on the SharePoint servers that NSA Hawaii needed.

In other leaky ship news, the Linux distribution's online community Ubuntuforums.org was shut down after a security breach in which hackers made off with every user's local username, password and email address. Luckily, the passwords were salted and hashed rather than in plain text, but that didn't stop penguins from pouring bile down atop the head of alleged culprit, whom they fingered as Twitter user @Sputn1k_ (The Twitter handle has since been deleted.)

One tweeter said:

@Sputn1k_ You must feel proud defacing a site by volunteers. They dedicate time and effort to make a free distro. Worst kind of "hacker".

While another said:

@Sputn1k_ This jerk took down the Ubuntu Forums, one of the most important resources on the web. Let's hope he gets what's coming to him.

Meanwhile, London-based security researcher Ibrahim Balic claimed responsibility for shutting down Apple's Developer Centre website.

He said he found 13 vulnerabilities in the system and used them to pull up the details of 73 fruity workers, and also accessed over 100,000 developers' private data. But he insists he did this to demonstrate the flaws in the machine and said he had sent in a bug report:

I'm not feeling very happy with what I read and I'm a bit irritated, as I did not do this research [to cause] harm or damage.

I didn't attempt to publish or share this situation with anybody else. My aim was to report bugs and collect the data for the purpose of seeing how deep I can go within this scope. I have over 100,000 users' details and Apple is informed about this. I didn't attempt to get the data first and report then, instead I have reported first.

I do not want my name to be on a blacklist. I'm keeping all the evidence, emails and images. Also I have the records of the bugs that I made through Apple's bug-report [system].

Good luck avoiding that Apple blacklist there, Balic. El Reg has been on it for years and there's no signs we'll be leaving it any time soon...

Another security researcher, this time German Karsten Nohl, founder of Berlin's Security Research Labs, has said that a quarter of mobiles using DES encryption rather than the newer triple-DES for their SIM cards are vulnerable to an attack via SMS that results in a complete takeover of the phone. He said:

We can spy on you. We know your encryption keys for calls. We can read your SMSs. More than just spying, we can steal data from the SIM card, your mobile identity, and charge to your account.

He's holding back the details of the hack until this weekend's Black Hat Convention, but Reg Central's Bill Ray has some ideas here.

And finally, the act of giving birth was widely celebrated this week by the long-heralded arrival of the Royal Baby. Of course, spammers were likely to celebrate the rosy-cheeked future king George Alexander Louis with a deluge of spam, security bod Graham Cluley said before the actual birth:

Malware authors worldwide have been waiting ages for this... I don't want to scaremonger, but it's easy to imagine.

"Exclusive first pictures", "Secret video from inside delivery room" and "Sex revealed" were all prospective spam titles, he said, pointing out that the goings-on of Wills and Kate had been exploited by spammers for years. ®

The Essential Guide to IT Transformation

More from The Register

next story
Just TWO climate committee MPs contradict IPCC: The two with SCIENCE degrees
'Greenhouse effect is real, but as for the rest of it ...'
Adam Afriyie MP: Smart meters are NOT so smart
Mega-costly gas 'n' 'leccy totting-up tech not worth it - Tory MP
'Blow it up': Plods pop round for chat with Commonwealth Games tweeter
You'd better not be talking about the council's housing plans
Arrr: Freetard-bothering Digital Economy Act tied up, thrown in the hold
Ministry of Fun confirms: Yes, we're busy doing nothing
ONE EMAIL costs mining company $300 MEEELION
Environmental activist walks free after hoax sent share price over a cliff
Help yourself to anyone's photos FOR FREE, suggests UK.gov
Copyright law reforms will keep m'learned friends busy
Apple smacked with privacy sueball over Location Services
Class action launched on behalf of 100 million iPhone owners
UK government officially adopts Open Document Format
Microsoft insurgency fails, earns snarky remark from UK digital services head
prev story


Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.