«
Expand/Collapse
58 items tagged "u.s."
Related tags:
security [+],
military [+],
government [+],
china [+],
chaos communication congress [+],
website [+],
vulnerability [+],
u.s. geological [+],
u s geological survey [+],
tiffany rad [+],
technical [+],
survey website [+],
survey [+],
study [+],
sql [+],
spy [+],
secret [+],
online [+],
megaupload [+],
kim jong il [+],
jurisdiction [+],
jong il [+],
internet [+],
geographic challenges [+],
economic creativity [+],
denial of service [+],
cyber army [+],
country [+],
charlie miller [+],
build [+],
authors [+],
attack [+],
world [+],
wiretap [+],
wants [+],
usa [+],
u.s. secret [+],
top [+],
space [+],
service [+],
nicholas merrill [+],
new york city [+],
mitigation steps [+],
john doe [+],
intelligence [+],
infrastructure [+],
house hearing [+],
house [+],
financial impact [+],
extradition [+],
electronic funds transfers [+],
cyber attack [+],
customer turnover [+],
cost [+],
computer [+],
benchmark study [+],
annual [+],
america [+],
abu dhabi [+],
working [+],
wong onn [+],
witness [+],
wiretap laws [+],
wikileaks [+],
ways [+],
warns [+],
warfare [+],
video kim [+],
video [+],
unmanned [+],
united states [+],
u.s. i [+],
tom brennan [+],
ticket brokers [+],
ticket [+],
threat [+],
testing [+],
testify [+],
sweden [+],
suspected [+],
super [+],
string [+],
strategy [+],
start [+],
spying [+],
spy agency [+],
space shuttle [+],
space plane [+],
south korea [+],
sony [+],
seeks [+],
security strategy [+],
secure [+],
secret service [+],
scorns [+],
scanners [+],
scada systems [+],
scada [+],
satellites [+],
ryan c. barnett [+],
russians [+],
russia [+],
risk [+],
ring [+],
report [+],
rebuffed [+],
realm [+],
ray [+],
psyche [+],
prepped [+],
plead [+],
part [+],
pain [+],
outlines [+],
org [+],
open source tool [+],
officials [+],
nasdaq [+],
mini [+],
mckinnon [+],
leaks [+],
laws [+],
key witness [+],
key [+],
jailed [+],
iran [+],
internet wiretap [+],
intelligence report [+],
intelligence analyst [+],
intel [+],
import [+],
humanitarian project [+],
human lie detectors [+],
hackers [+],
hacker attacks [+],
hacker attack [+],
hacker [+],
guilty [+],
governmental networks [+],
government officials [+],
gary mckinnon [+],
force [+],
fear [+],
export limits [+],
export [+],
expansion [+],
exert [+],
excused [+],
espionage [+],
eleanor saitta [+],
ease [+],
drone [+],
drill [+],
downed [+],
dos [+],
doomsday scenarios [+],
digital warfare [+],
digital [+],
denials [+],
defense pact [+],
defense [+],
declassifies [+],
ddos attacks [+],
ddos [+],
cyclist [+],
cybersecurity plan [+],
cyber thief [+],
cyber realm [+],
cyber criminals [+],
cyber commander [+],
cyber attacks [+],
cryptography [+],
crypto [+],
convicted [+],
confessed [+],
conclusive answer [+],
computer security [+],
computer hacking [+],
commander talks [+],
command [+],
cipher strength [+],
chinese military [+],
chinese [+],
china world [+],
change [+],
brown pleas [+],
bolster [+],
body scanners [+],
body [+],
blackwater [+],
australia [+],
audio [+],
assassins [+],
arrests [+],
analyst [+],
allegedly [+],
airports [+],
agency [+],
afghanistan [+],
accused [+],
General [+],
Discussion [+],
cyber [+]
-
-
![Permalink for '[Video] International Cyber Jurisdiction'](/themes/lilina/web//media/mark_off.gif)
21:28
»
SecDocs
Authors:
Tiffany Rad Tags:
law Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: Concepts of sovereignty, freedom, privacy and intellectual property become amorphous when discussing territories that only exists as far as the Internet connects. International cyber jurisdiction is supported by a complicated web of international law and treaties. Jurisdiction hopping, a technique that is becoming popular for controversial content, is one we have used for the U.S. 1st Amendment censorship-resistant and non-profit hosting company, Project DOD, by using PRQ's services in Sweden. This technique is used to place assets in a diverse, but accessible, web of countries in which that content may be legal in the hosting country, but may have legal complications in the country in which it is accessed. As ownership and protection of property becomes a concept that is difficult to maintain across boundaries that are not easily distinguishable, can the U.S. "kill-switch" parts of the Internet and under what authority can it be done? Similarly, the geographic challenges to international cyber criminal law – and the feasibility of new sovereign nations – will be analyzed. When a cybercrime is committed in a country in which the electronic communication did not originate, there is difficulty prosecuting the crime without being able to physically apprehend a subject that is virtually within – and physically without – a country's boarders. Similarly, a technique called jurisdiction hopping can be used to place assets in a diverse, but accessible, web of countries in which that content may be legal in the hosting country, but is not in the country in which it is accessed. Lastly, if the U.S. attempts to isolate damage by cutting off Internet connections, under what authority can it be done? This presentation will discuss the types of international laws and treaties that may be cited in the event of extradition of cyber criminals, legal and geographic challenges – such as new sovereign nations – to jurisdiction hopping and the authority with which the U.S. may "kill switch" the Internet. I will also discuss the practical example of where, as a result of our Project DOD case in U.S. Federal court, we have put non-copyright infringing materials on PRQ's servers in Sweden to reduce the incidences of Digital Millennium Copyright Act’s "Take Down" infringement notices that are illegitimate.
-
-
21:36
»
SecDocs
Authors:
Eleanor Saitta Tags:
security Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: The past century our infrastructure has seen both massive expansion and heavy centralization. When it fails, it fails big -- this is the reality of our modern interconnectedness. We live in a world of crumbling bridges and bankrupt states, and our infrastructure will kill us. The people we’re relying on to keep us safe are trying to accomplish long-term risk management with short-term thinking. So, what now? We can't opt out, but we can become more resilient, and we can start thinking about risk differently. In this talk, we'll look at threat modeling in the real world, six ways to die, failing states, that big party in the desert, the failure of the humanitarian project, algae and the U.S. military, large-scale natural disasters, the power grid, and many other things. The problems we face are big in every sense of the word -- they involve some of the biggest things we've ever built -- but the solutions may not be. Can non-governmental networks step up when governments fail to provide basic services? Can we avoid a further expansion of neoliberalism in a post-infrastructural state? Are the power structures embedded in our infrastructure cultural destiny? What happens when maker culture grows up?
-
-
21:39
»
SecDocs
Authors:
Nicholas Merrill Tags:
privacy Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: My name is Nicholas Merrill and I was the plaintiff in a legal case in the US court system where I challenged the FBI’s policy of using a feature of the so-called USA PATRIOT act - what are called “National Security Letters” - to bypass the American Constitution's system of checks and balances and in violation of the United Nations Universal Declaration of Human Rights - in order to obtain protected personal information and to unmask anonymous Internet users. I spent over 6 years not able to speak to anyone (other than my lawyers) about my case - forced to lie to those closest to me due to an FBI gag order that carried a possible 10 year prison sentence for violating it. However the lawsuit resulted in the establishment of two key legal precedents and made changes that affect every Internet worker and Telephone worker in America. I would like to speak to the 27C3 audience in order to tell about my experience and to challenge (and offer my support and assistance to) those individuals who are in a position to challenge government surveillance requests to follow their consciences and do so. People who work at Internet Service Providers and Telephone companies as well as IT workers at Universities and private businesses are increasingly likely to encounter government attempts at surveillance. I would like to speak to the CCC regarding my experiences in resisting a National Security Letter and also a “Grand Jury Subpoena” as well as my experience of being gagged by the FBI for nearly 7 years - unable to speak on the subject or identify myself as the plaintiff in the NSL lawsuit. Nicholas Merrill founded Calyx Internet Access Corporation in 1995. Calyx Internet Access was one of the first commercial Internet service providers operating in New York City. Calyx pursued relationships with and worked with many activist groups on a pro bono or low-cost basis, including the New York Civil Liberties Union, the Independent Media Center (Indymedia.org) and the Drug Policy Foundation. In 2004, after a receiving a “National Security Letter” from the Federal Bureau of Investigation, and a subsequent request from the U.S. Secret Service, Calyx became involved with the ACLU and in using the legal system and the media to resist illegal government requests for information on Internet users. For six and a half years, Merrill and the ACLU tirelessly challenged the orders contained in the letter, resulting in the establishment of two key legal precedents overturning aspects of the national security letter program. Along the way he encountered court proceedings where he could not even be present - where he could not be referred to by name, but instead was referred to in all court documents as "John Doe". He also encountered heavy handed government censorship of court documents under the guise of "National Security" and secret evidence presented to the judge by the FBI that his attorneys were not allowed to see. The merging of Merrill's long interest in advocacy and free speech combined with his experience with the U.S. government inspired him to form a non-govermental organization (NGO) to deal specifically with this issue without being distracted or compromised by the requirements of a for-profit business.
-
21:39
»
SecDocs
Authors:
Nicholas Merrill Tags:
privacy Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: My name is Nicholas Merrill and I was the plaintiff in a legal case in the US court system where I challenged the FBI’s policy of using a feature of the so-called USA PATRIOT act - what are called “National Security Letters” - to bypass the American Constitution's system of checks and balances and in violation of the United Nations Universal Declaration of Human Rights - in order to obtain protected personal information and to unmask anonymous Internet users. I spent over 6 years not able to speak to anyone (other than my lawyers) about my case - forced to lie to those closest to me due to an FBI gag order that carried a possible 10 year prison sentence for violating it. However the lawsuit resulted in the establishment of two key legal precedents and made changes that affect every Internet worker and Telephone worker in America. I would like to speak to the 27C3 audience in order to tell about my experience and to challenge (and offer my support and assistance to) those individuals who are in a position to challenge government surveillance requests to follow their consciences and do so. People who work at Internet Service Providers and Telephone companies as well as IT workers at Universities and private businesses are increasingly likely to encounter government attempts at surveillance. I would like to speak to the CCC regarding my experiences in resisting a National Security Letter and also a “Grand Jury Subpoena” as well as my experience of being gagged by the FBI for nearly 7 years - unable to speak on the subject or identify myself as the plaintiff in the NSL lawsuit. Nicholas Merrill founded Calyx Internet Access Corporation in 1995. Calyx Internet Access was one of the first commercial Internet service providers operating in New York City. Calyx pursued relationships with and worked with many activist groups on a pro bono or low-cost basis, including the New York Civil Liberties Union, the Independent Media Center (Indymedia.org) and the Drug Policy Foundation. In 2004, after a receiving a “National Security Letter” from the Federal Bureau of Investigation, and a subsequent request from the U.S. Secret Service, Calyx became involved with the ACLU and in using the legal system and the media to resist illegal government requests for information on Internet users. For six and a half years, Merrill and the ACLU tirelessly challenged the orders contained in the letter, resulting in the establishment of two key legal precedents overturning aspects of the national security letter program. Along the way he encountered court proceedings where he could not even be present - where he could not be referred to by name, but instead was referred to in all court documents as "John Doe". He also encountered heavy handed government censorship of court documents under the guise of "National Security" and secret evidence presented to the judge by the FBI that his attorneys were not allowed to see. The merging of Merrill's long interest in advocacy and free speech combined with his experience with the U.S. government inspired him to form a non-govermental organization (NGO) to deal specifically with this issue without being distracted or compromised by the requirements of a for-profit business.
-
-
8:40
»
Packet Storm Security Advisories
Technical Cyber Security Alert 2012-24A - US-CERT has received information from multiple sources about coordinated distributed denial-of-service (DDoS) attacks with targets that included U.S. government agency and entertainment industry websites. The loosely affiliated collective "Anonymous" allegedly promoted the attacks in response to the shutdown of the file hosting site MegaUpload and in protest of proposed U.S. legislation concerning online trafficking in copyrighted intellectual property and counterfeit goods (Stop Online Piracy Act, or SOPA, and Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act, or PIPA).
-
8:40
»
Packet Storm Security Recent Files
Technical Cyber Security Alert 2012-24A - US-CERT has received information from multiple sources about coordinated distributed denial-of-service (DDoS) attacks with targets that included U.S. government agency and entertainment industry websites. The loosely affiliated collective "Anonymous" allegedly promoted the attacks in response to the shutdown of the file hosting site MegaUpload and in protest of proposed U.S. legislation concerning online trafficking in copyrighted intellectual property and counterfeit goods (Stop Online Piracy Act, or SOPA, and Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act, or PIPA).
-
8:40
»
Packet Storm Security Misc. Files
Technical Cyber Security Alert 2012-24A - US-CERT has received information from multiple sources about coordinated distributed denial-of-service (DDoS) attacks with targets that included U.S. government agency and entertainment industry websites. The loosely affiliated collective "Anonymous" allegedly promoted the attacks in response to the shutdown of the file hosting site MegaUpload and in protest of proposed U.S. legislation concerning online trafficking in copyrighted intellectual property and counterfeit goods (Stop Online Piracy Act, or SOPA, and Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act, or PIPA).
-
-
0:19
»
SecDocs
Authors:
Tiffany Rad Tags:
law Event:
Black Hat Abu Dhabi 2010 Abstract: Cyberspace, Cyber Criminal Prosecution & Jurisdiction Hopping Concepts of sovereignty, freedom, privacy and intellectual property become amorphous when discussing territories that only exists as far as the Internet connects. When a cyber crime is committed in a country in which the electronic communication did not originate, there is difficulty prosecuting the crime without being able to physically apprehend a subject that is virtually within -- and physically without -- a country's boarders. Similarly, a technique called jurisdiction hopping can be used to place assets in a diverse, but accessible, web of countries in which that content may be legal in the hosting country, but is not in the country in which it is accessed. Lastly, if the U.S. attempts to isolate damage by "kill switching" parts of the Internet, how will this affect critical infrastructure such as water, electricity and electronic funds transfers? Under what authority can it be done? This presentation will discuss the types of international laws and treaties that may be cited in the event of extradition of cyber criminals, legal and geographic challenges – such as new sovereign nations -- to jurisdiction hopping and the authority with which the U.S. may "kill switch" the Internet. Our most popular phone technologies use decade-old proprietary cryptography. GSM's 64bit A5/1 cipher, for instance, is vulnerable to time memory trade-offs but commercial cracking hardware costs hundreds of thousands of dollars. We discuss how cryptographic improvements and the power of the community created an open GSM decrypt solution that runs on commodity hardware. Besides GSM we discuss weaknesses in DECT cordless phones. The talk concludes with an overview of mitigation steps for GSM and DECT in response to our research, some of which are already being implemented.
-
0:17
»
SecDocs
Authors:
Tiffany Rad Tags:
law Event:
Black Hat Abu Dhabi 2010 Abstract: Cyberspace, Cyber Criminal Prosecution & Jurisdiction Hopping Concepts of sovereignty, freedom, privacy and intellectual property become amorphous when discussing territories that only exists as far as the Internet connects. When a cyber crime is committed in a country in which the electronic communication did not originate, there is difficulty prosecuting the crime without being able to physically apprehend a subject that is virtually within -- and physically without -- a country's boarders. Similarly, a technique called jurisdiction hopping can be used to place assets in a diverse, but accessible, web of countries in which that content may be legal in the hosting country, but is not in the country in which it is accessed. Lastly, if the U.S. attempts to isolate damage by "kill switching" parts of the Internet, how will this affect critical infrastructure such as water, electricity and electronic funds transfers? Under what authority can it be done? This presentation will discuss the types of international laws and treaties that may be cited in the event of extradition of cyber criminals, legal and geographic challenges – such as new sovereign nations -- to jurisdiction hopping and the authority with which the U.S. may "kill switch" the Internet. Our most popular phone technologies use decade-old proprietary cryptography. GSM's 64bit A5/1 cipher, for instance, is vulnerable to time memory trade-offs but commercial cracking hardware costs hundreds of thousands of dollars. We discuss how cryptographic improvements and the power of the community created an open GSM decrypt solution that runs on commodity hardware. Besides GSM we discuss weaknesses in DECT cordless phones. The talk concludes with an overview of mitigation steps for GSM and DECT in response to our research, some of which are already being implemented.
-
-
15:16
»
SecDocs
Authors:
Ryan C. Barnett Tom Brennan Tags:
DDoS DoS Event:
Black Hat DC 2011 Abstract: Denial-Of-Service is an attempt to make a computer resource unavailable to its intended users and is not new. In recent history April 2009, government and financial sites in the U.S. and South Korea were attacked by DDOS and were brought offline for days. This incident followed the Georgian DDOS attacks in 2008 and Estonian DDOS attacks in 2007. Common attack methods include systems infected with malware that are controlled and all connect to the target host at the same time using Layer 4 (Transport) which are already addressed by anti-DDOS solutions when employed. In 2009 a lethal form of Layer 7 (Application) attack techniques were being examined by Wong Onn Chee of OWASP Foundation Singapore and in 2010 together with Tom Brennan of OWASP Foundation presented the findings publicly for the first time with code samples. Tom Brennan will walk through the history and details of how this lethal HTTP POST DOS technique works, interesting findings in the protocol and the challenges in defending critical infrastructure against targeted attacks and demonstrate and release his open-source tool that can be used to test your own production systems -- or render others useless with the touch of a button from a single laptop.
-
-
7:25
»
Packet Storm Security Recent Files
Whitepaper called 2010 Annual Study: U.S. Cost of a Data Breach. Compliance pressures, cyber attacks targeting sensitive data drive leading IT organizations to respond quickly and pay more. This is a benchmark study of 51 U.S. companies about the financial impact, customer turnover and preventive solutions related to breaches of sensitive information.
-
7:25
»
Packet Storm Security Misc. Files
Whitepaper called 2010 Annual Study: U.S. Cost of a Data Breach. Compliance pressures, cyber attacks targeting sensitive data drive leading IT organizations to respond quickly and pay more. This is a benchmark study of 51 U.S. companies about the financial impact, customer turnover and preventive solutions related to breaches of sensitive information.
-
-
1:12
»
remote-exploit & backtrack
Hello,
I am currently doing research into cryptography export limits and have searched Google extensively but have not found a conclusive answer to my question.
A while back the United States relaxed it's import and export laws regarding encryption which is why software such as Firefox and Internet Explorer could provide 128-bit ciphers outside of the U.S. I have however heard that the same does not hold true for software that is not freely available. What if I were to use RSA encryption? Would I have to limit the cipher strength if I would want to communicate with the U.S.?
Thanks!
