'The Washington elites fear liberty. They fear you'

Plus: 'I do not want my name to be on Apple's blacklist'

Next gen security for virtualised datacentres

QuotW This was the week when the NSA PRISM scandal rumbled on with politician attempts to curb the spook agency's remit in the US House of Representatives. The Defense Appropriations Bill had an amendment stuck on to the end of it asking Congress to stop the phone and internet data sniffers from accessing the data of those not actually under investigation.

President Obama wasn't too pleased with that and issued a statement urging the government to vote against the amendment:

This blunt approach is not the product of an informed, open, or deliberative process. We urge the House to reject the Amash Amendment, and instead move forward with an approach that appropriately takes into account the need for a reasoned review of what tools can best secure the nation.

But Justin Amash (MI-R), who proposed the amendment, retorted:

#NSA's unconstitutional spying on ALL Americans was "not the product of an informed, open, or deliberative process." It must be stopped now.

When's the last time a president put out an emergency statement against an amendment? The Washington elites fear liberty. They fear you.

However, his pleas fell on deaf ears as the House voted against the measure, though only just.

The NSA was also in trouble on another front this week when it admitted that it had accidentally leaked information through Microsoft's SharePoint software. The data oozed out from a sysadmin given SharePoint privileges and NSA chief General Keith Alexander said it was a "huge break in trust and confidence":

This leaker was a sysadmin who was trusted with moving the information to actually make sure that the right information was on the SharePoint servers that NSA Hawaii needed.

In other leaky ship news, the Linux distribution's online community Ubuntuforums.org was shut down after a security breach in which hackers made off with every user's local username, password and email address. Luckily, the passwords were salted and hashed rather than in plain text, but that didn't stop penguins from pouring bile down atop the head of alleged culprit, whom they fingered as Twitter user @Sputn1k_ (The Twitter handle has since been deleted.)

One tweeter said:

@Sputn1k_ You must feel proud defacing a site by volunteers. They dedicate time and effort to make a free distro. Worst kind of "hacker".

While another said:

@Sputn1k_ This jerk took down the Ubuntu Forums, one of the most important resources on the web. Let's hope he gets what's coming to him.

Meanwhile, London-based security researcher Ibrahim Balic claimed responsibility for shutting down Apple's Developer Centre website.

He said he found 13 vulnerabilities in the system and used them to pull up the details of 73 fruity workers, and also accessed over 100,000 developers' private data. But he insists he did this to demonstrate the flaws in the machine and said he had sent in a bug report:

I'm not feeling very happy with what I read and I'm a bit irritated, as I did not do this research [to cause] harm or damage.

I didn't attempt to publish or share this situation with anybody else. My aim was to report bugs and collect the data for the purpose of seeing how deep I can go within this scope. I have over 100,000 users' details and Apple is informed about this. I didn't attempt to get the data first and report then, instead I have reported first.

I do not want my name to be on a blacklist. I'm keeping all the evidence, emails and images. Also I have the records of the bugs that I made through Apple's bug-report [system].

Good luck avoiding that Apple blacklist there, Balic. El Reg has been on it for years and there's no signs we'll be leaving it any time soon...

Another security researcher, this time German Karsten Nohl, founder of Berlin's Security Research Labs, has said that a quarter of mobiles using DES encryption rather than the newer triple-DES for their SIM cards are vulnerable to an attack via SMS that results in a complete takeover of the phone. He said:

We can spy on you. We know your encryption keys for calls. We can read your SMSs. More than just spying, we can steal data from the SIM card, your mobile identity, and charge to your account.

He's holding back the details of the hack until this weekend's Black Hat Convention, but Reg Central's Bill Ray has some ideas here.

And finally, the act of giving birth was widely celebrated this week by the long-heralded arrival of the Royal Baby. Of course, spammers were likely to celebrate the rosy-cheeked future king George Alexander Louis with a deluge of spam, security bod Graham Cluley said before the actual birth:

Malware authors worldwide have been waiting ages for this... I don't want to scaremonger, but it's easy to imagine.

"Exclusive first pictures", "Secret video from inside delivery room" and "Sex revealed" were all prospective spam titles, he said, pointing out that the goings-on of Wills and Kate had been exploited by spammers for years. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Munich considers dumping Linux for ... GULP ... Windows!
Give a penguinista a hug, the Outlook's not good for open source's poster child
UK fuzz want PINCODES on ALL mobile phones
Met Police calls for mandatory passwords on all new mobes
Yes, but what are your plans if a DRAGON attacks?
Local UK gov outs most ridiculous FoI requests...
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Govt control? Hah! It's IMPOSSIBLE to have a successful command economy
Even Moore's Law can't help the architects of statism now
Detroit losing MILLIONS because it buys CHEAP BATTERIES – report
Man at hardware store was right: name brands DO last longer
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
EU justice chief blasts Google on 'right to be forgotten'
Don't pretend it's a freedom of speech issue – interim commish
This'll end well: US govt says car-to-car jibber-jabber will SAVE lives
Department of Transportation starts cogs turning for another wireless comms standard
prev story


Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.