Slashdot Mirror
NSA Hacker Chief Explains How To Keep Him Out of Your System (wired.com)
An anonymous reader writes: Rob Joyce, the nation's hacker-in-chief, took up the ironic task of telling a roomful of computer security professionals and academics how to keep people like him and his elite corps out of their systems. Joyce himself did little to shine a light on the TAO's classified operations. His talk was mostly a compendium of best security practices. But he did drop a few of the not-so-secret secrets of the NSA's success, with many people responding to his comments on Twitter.
Same link as previous article, copy and paste error.
It seems like the only linked article is relevant to the Slashdot story immediately preceding this one...
By my First Post.
Sorry, the link embedded within the article is http://arstechnica.com/information-technology/2016/01/nsa-gchq-used-open-source-software-to-spy-on-israeli-syrian-drones/, which is a link relevant to the previous story. I have no idea how that would happen, but editors should at least check the links. The correct link is actually http://www.wired.com/2016/01/nsa-hacker-chief-explains-how-to-keep-him-out-of-your-system/.
Step 1: Don't listen to anything the NSA (or the US government for that matter) has to say
I was worried that the new overlords would start checking submissions for errors. I'm relieved to see they are taking the 'steady as she goes' approach.
Trolling is a art,
Keep systemd off your machines, as it contains NSA access and backdoors built in - aside from the system stability issues introduced.
They've censored their own link from the article!
Sheep should not listen to best practice advice from wolves.
https://www.youtube.com/watch?v=bDJb8WOJYdA
Personally, he didn't say anything mind blowing.
Indeed, I'm skeptical of anything from the NSA, but his advice matches with my experience (I've been doing network security professionally for a long time).
He made one point that definitely rings true. People get excited about "advanced" stuff like zero-days and jumping air gaps with ultrasound, while their IIS hasn't been updated in three years, their users are opening funnycat.exe, and they've never tested their backups. It's not the NCIS stuff that'll get you, 95% of the time, it's the boring best-practice stuff that's missed; security updates, tested offsite backups, etc.
I was worried at first that this wasn't really news, but then I saw the summary said that people responded on Twitter, and now I know it's important.
FROM (& I'd suggest listening to Mr. Chaplin do it, he delivers like NO other could have (even Robert Downey Jr., as good as a "thespian" as he is couldn't in the film "Chaplin")) -> https://www.youtube.com/watch?...
"I'm sorry, but I don't want to be an emperor. That's not my business. I don't want to rule or conquer anyone. I should like to help everyone - if possible - Jew, Gentile - black man - white.
We all want to help one another. Human beings are like that.
We want to live by each other's happiness - not by each other's misery. We don't want to hate and despise one another. In this world there is room for everyone. And the good earth is rich and can provide for everyone.
The way of life can be free and beautiful, but we have lost the way.
Greed has poisoned men's souls, has barricaded the world with hate, has goose-stepped us into misery and bloodshed.
We have developed speed, but we have shut ourselves in. Machinery that gives abundance has left us in want.
Our knowledge has made us cynical. Our cleverness, hard and unkind. We think too much and feel too little. More than machinery we need humanity. More than cleverness we need kindness and gentleness.
Without these qualities, life will be violent and all will be lost...
The aeroplane and the radio have brought us closer together. The very nature of these inventions cries out for the goodness in men - cries out for universal brotherhood - for the unity of us all. Even now my voice is reaching millions throughout the world - millions of despairing men, women, and little children - victims of a system that makes men torture and imprison innocent people.
To those who can hear me, I say - do not despair. The misery that is now upon us is but the passing of greed - the bitterness of men who fear the way of human progress. The hate of men will pass, and dictators die, and the power they took from the people will return to the people.
And so long as men die, liberty will never perish.
Soldiers: Don't give yourselves to brutes - men who despise you - enslave you - who regiment your lives - tell you what to do - what to think and what to feel! Who drill you - diet you - treat you like cattle, use you as cannon fodder. Don't give yourselves to these unnatural men - machine men with machine minds and machine hearts!
You are not machines! You are not cattle! You are men! You have the love of humanity in your hearts!
You don't hate! Only the unloved hate - the unloved and the unnatural! Soldiers! Don't fight for slavery - Fight for liberty!
In the 17th Chapter of St Luke it is written: "the Kingdom of God is within man" - not one man nor a group of men, but in all men!
In you!
You, the people have the power - the power to create machines. The power to create happiness! You, the people, have the power to make this life free and beautiful, to make this life a wonderful adventure.
Then - in the name of democracy - let us use that power - let us all unite. Let us fight for a new world - a decent world that will give men a chance to work - that will give youth a future and old age a security.
By the promise of these things, brutes have risen to power. But they lie! They do not fulfill that promise. They never will!
Dictators free themselves but they enslave the people!
Now let us fight to fulfill that promise! Let us fight to free the world - to do away with national barriers - to do away with greed, with hate and intolerance.
Let us fight for a world of reason, a world where science and progress will lead to all men's happiness.
Soldiers: in the name of democracy, let us all unite!"
APK
P.S.=> Quoting a great man (Charlie Chaplin) from LONG AGO on that one - he said it better than I ever could - CHANGE STARTS WITH YOU, in "little revolutions"... apk
You have nothing to hide.
Actually, when Trump gets elected and has a full dossier on every political AND financial rival you really should have an escape plan.
. . . that he will have all the information to sell me junk that I don't need?
"Then I heard the voice of the Lord saying 'Who shall I send & who will go for Us?" & I said 'Here am I. Send me!'" - Isaiah Chapter 6, verse 8
* Since IF you want a job done right, do it yourself, & "pay it forward" showing others how to themselves - don't give them a fish: TEACH THEM HOW TO CATCH THEM THEMSELVES!
(For those "little revolutions" I noted that a really pretty nice SMART young lady I met from Argentina on the way to Prague on a train told me of while we spoke for hours, & I never forgot those words!)
APK
P.S.=> It's a righteous act meant to help better the world (a VERY f'd up place, & getting worse imo & I've been visiting like the rest of us are, for 1/2 a century++ as of TODAY (it's my B-day, along with Guido Van Rossum's no less too, inventor of a very decent programming tool in Python I respect)) & since today's God's day? I thought it'd fit here... apk
doesn't so much decrypt as descramble. not quite the same thing.
Here's a conundrum—a real stumper if you plan to swallow his advice whole—they know what's really in all those automatic patches, and you don't.
Tuesday a patch arrives. Wednesday a patch for the patch arrives. What exactly happens during that brief episode of 24?
Whilst expounding on best practices that every security professional knows, and perhaps everyone else should, he is diverting your attention, time and energies away from how they actually get it.
Whist you are busy shoring up your doors and windows, they are wriggling up through the sewer pipes.
Very cunning.
If you think he's actually telling you anything that would really keep him out, then you're exactly as gullible as he wants.
Oh, sure, he'll give you some bullshit, low-level tips, but do you really think that the "NSA Hacker Chief" is going to do anything that's going to make his job harder? I sure don't.
Just cruising through this digital world at 33 1/3 rpm...
Once upon a time, I thought those would have been sufficient.
Stop learning! Only you can prevent esoterrorism.
Management brought in the NSA security team to look at our network. Most of the issues they found were with our security systems and people.I showed then on day 2 the internal list of issues with servers and desktops and they said it was much deeper and broader than what they were going to provide us.When they gave us their report it had a few good points and fixes and lots of things that were not issues.
"The earth is like a tiny grain of sand, only much, much heavier." - LOL
Between the security guides I wrote based on the highly esteemed CIS Tool (which took fixes from me no less) http://www.bing.com/search?q=%...
Along with the speed, security, reliability, & anonymity gaining APK Hosts File Engine 9.0++ SR-4 32/64-bit http://www.start64.com/index.p...
Which the guide also uses (by "yours truly", The "LORD OF HOSTS" so-to-speak) that does far more for all of the above benefits for FAR less than browser addons, DNS servers installed locally (fixing its security issues by avoiding it resolving faster locally w/ hosts cached in RAM + protecting you vs. current threats of all kinds), even firewall programs (which need layered on drivers , hosts don't & they operate on IP addresses in Windows - modern threats use host-domain names 99% of the time) & even antivirus programs (that wait till your infected to be effective, hosts block that from happening at all in the 1st place)?
It ALL works to make my subject line above truth & fact!
* :)
(To the tune of users of my guides & hosts program NEVER being infected @ all, yet going FASTER (which other "so-called security 'solutions'" certainly cannot claim or nearly as well on all fronts I noted...))
APK
P.S.=> "It's not EASY being 'world-class'" like me I tell ya, lol, & to my naysayer/detractors who never prove me wrong here (or the dolts @ arstechnica especially whom I floored in 2003 @ Windows IT Pro Magazine outside their private playpen @ ars)? YOU WISH YOU WERE ME (& you know it)... apk
"Then I heard the voice of the Lord saying 'Who shall I send & who will go for Us?" & I said 'Here am I. Send me!'" - Isaiah Chapter 6, verse 8
* Since IF you want a job done right, do it yourself, & "pay it forward" showing others how to themselves - don't give them a fish: TEACH THEM HOW TO CATCH THEM THEMSELVES!
(For those "little revolutions" I noted that a really pretty nice SMART young lady I met from Argentina on the way to Prague on a train told me of while we spoke for hours, & I never forgot those words!)
APK
P.S.=> It's a righteous act meant to help better the world (a VERY f'd up place, & getting worse imo & I've been visiting like the rest of us are, for 1/2 a century++ as of TODAY (it's my B-day, along with Guido Van Rossum's no less too, inventor of a very decent programming tool in Python I respect & use @ times myself)) & since today's God's day? I thought it'd fit here... apk
is not to host your data on any server under an American owned company because then they will just force that company to grant access without having to inform any one.
At least make the bastards earn their pay checks and do some spying.
Remedies like whitelisting might be effective, but if you've ever worked in a corporation--typically large ones--that use it, you know that it's a nightmare to manage. When you need to get something done, waiting for your whitelist request to be approved can take so long that you might as well not try to use the tool.
It's interesting that the author said NOTHING about password complexity. This is one of the stupidest security measures, at least in the way it is typically implemented. For example, you must change your password every month, it must have three different punctuation characters, numbers, upper, and lower case, and can't be any one of your last 50 passwords. All this type of rule list does is make people write down their passwords (because they can't remember them) or find some pattern that defeats the system. Two-factor authentication is far better and more secure.