Thank you to all who attended my Secure360 2010 presentation. Given that it was standing room only, I take it that this topic is dear to many of you. I encourage you to connect with me via this blog, twitter, or email, to continue this discussion.
Link to presentation slides (PDF)
Chris
Showing posts with label conferences. Show all posts
Showing posts with label conferences. Show all posts
MN-GTS - The State of (In)Security in 2009
RSA Keynote live blog - The Shadow Factory: The Ultra-Secret NSA by James Bamford
Last keynote of 4/22, The Shadow Factory: The Ultra-Secret NSA by James Bamford
[I'm attempting to follow in @kriggins' shoes... he's done a great job live blogging the keynotes]
NSA had 4 major revolutions:
Rev 1, 1970s NSA loses monopoly over encryption. NSA tries scaring them off by patent warnings.
Rev 2, 1980s switch from analog to digital... making it hard for NSA to eavesdrop on packets.
Rev 3, 1990s information overload, then clipper chip
Rev 4, 2000s revolution in telecom delivery (away from satellites towards fiber optics)
NSA found out about 9/11 from TV as opposed to via their own eavesdropping efforts.
BinLaden passing orders to two of his lieutenants; NSA had been eavesdropping where they lived. NSA missed the call about the WTC. Late Dec 99, got clue about 9/11, passed it on to CIA. CIA lost them in Bangkok.
NSA liked to sit on info instead of sharing with CIA. Terrorists lived in various states in the US, like CA and MD. Terrorists actually lived within 2 miles (in Laurel, Maryland) of NSA. For 6 weeks, NSA and terrorists were side by side and NSA didn't realize it; even ate same places.
After 9/11, NSA pushed to cast large eavesdropping net, including in US. Had three major listening posts in the US instead of putting listening posts in shaky countries. NSA Texas, NSA Georgia, NSA Hawaii.
After WWII, NSA had operation "Shamrock" to eavesdrop on telegraphs. US was off-limits as of 1952. FISA was created to prevent President to engage domestic eavesdropping. Created FISA court to look if legitimate reason existed to eavesdrop in US.
After 9/11, President Bush ordered NSA to eavesdrop domestically again, violating FISA act. Ashcroft had to sign a "it's ok to eavesdrop" form every 90 days. Eventually Ashcroft was convinced it was a bad idea to keep signing this. Tensions rise between white house and AG.
Eavesdropping into fiber optic cable is harder than copper wire or satellite transmissions. Decision was made to create terrestrial Echelon system, tapping into fiber. Agreements made with telecom companies to grab domestic traffic.
[Cute logo: AT&T - Your world. Delivered. To the NSA.]
NSA outsourced some of the eavesdropping to little known companies with foreign connections.
NSA really making use of Geo-location today as finding out the content of the communications is harder due to pervasive use of encryption.
NSA facing data overload. Names on terrorist watch list in 2001: 20. In 2009: 500,000. NSA reportedly working on building new data center.
- the end -
[I'm attempting to follow in @kriggins' shoes... he's done a great job live blogging the keynotes]
NSA had 4 major revolutions:
Rev 1, 1970s NSA loses monopoly over encryption. NSA tries scaring them off by patent warnings.
Rev 2, 1980s switch from analog to digital... making it hard for NSA to eavesdrop on packets.
Rev 3, 1990s information overload, then clipper chip
Rev 4, 2000s revolution in telecom delivery (away from satellites towards fiber optics)
NSA found out about 9/11 from TV as opposed to via their own eavesdropping efforts.
BinLaden passing orders to two of his lieutenants; NSA had been eavesdropping where they lived. NSA missed the call about the WTC. Late Dec 99, got clue about 9/11, passed it on to CIA. CIA lost them in Bangkok.
NSA liked to sit on info instead of sharing with CIA. Terrorists lived in various states in the US, like CA and MD. Terrorists actually lived within 2 miles (in Laurel, Maryland) of NSA. For 6 weeks, NSA and terrorists were side by side and NSA didn't realize it; even ate same places.
After 9/11, NSA pushed to cast large eavesdropping net, including in US. Had three major listening posts in the US instead of putting listening posts in shaky countries. NSA Texas, NSA Georgia, NSA Hawaii.
After WWII, NSA had operation "Shamrock" to eavesdrop on telegraphs. US was off-limits as of 1952. FISA was created to prevent President to engage domestic eavesdropping. Created FISA court to look if legitimate reason existed to eavesdrop in US.
After 9/11, President Bush ordered NSA to eavesdrop domestically again, violating FISA act. Ashcroft had to sign a "it's ok to eavesdrop" form every 90 days. Eventually Ashcroft was convinced it was a bad idea to keep signing this. Tensions rise between white house and AG.
Eavesdropping into fiber optic cable is harder than copper wire or satellite transmissions. Decision was made to create terrestrial Echelon system, tapping into fiber. Agreements made with telecom companies to grab domestic traffic.
[Cute logo: AT&T - Your world. Delivered. To the NSA.]
NSA outsourced some of the eavesdropping to little known companies with foreign connections.
NSA really making use of Geo-location today as finding out the content of the communications is harder due to pervasive use of encryption.
NSA facing data overload. Names on terrorist watch list in 2001: 20. In 2009: 500,000. NSA reportedly working on building new data center.
- the end -
10 Things About Hard Drives You Didn't Know (ShmooCon'09 - YouTube)
Scott Moulton, a rising star in the computer forensics world (just recently created a new SANS forensics course) did at talk at ShmooCon 2009 entitled "10 Things About Hard Drives You Didn't Know." Here are the various parts of his talk on YouTube (to be watched in sequence):
- http://www.youtube.com/watch?v=fst8IZup44c
- http://www.youtube.com/watch?v=wXmennd0xkM
- http://www.youtube.com/watch?v=_Iw2I2hxjSA
- http://www.youtube.com/watch?v=GZLLeMP6uII
- http://www.youtube.com/watch?v=ylEiGEcKqN0
Subscribe to:
Posts (Atom)
