I seem to be in the minority on Hacker News, but as someone in the professional computer security field I know that any company or state/department/organization can be hacked by a motivated attacker. In the case of…
We can't really know. There is no way to be perfectly certain. That said one can apply an Occam's calculus using whatever information and reasoning you do trust. I personally trust that, whomever the #GOP was, they were…
Thank you again for your reply. I am aware of the confusion regarding PRISM and its 'vernacular' use to encompass the activities from other disclosed programs in addition to confusion about its particular details. In…
The norms in question are those of cyber attacks. This includes but is not limited to intelligence operations. The SONY attack, for example, was not an intelligence operation. The downing of the Syrian airforce was not…
Thank you for mentioning international cyber operation norms. This is the center of US international cyberpolicy efforts. Ontologies describing categories of cyber operations often place destructive attacks like the one…
The sophistication of the attack is pretty questionable IMO. The malware used can be purchased by anyone on the black market and had been used before by Iranian hackers in 2012. Furthermore, spearphishing emails were…
I similarly don't see the risk (and collateral damage) v. reward pan out. Plus there are so many legitimate cyber attacks against the United States, it would seem like a waste of resources. And it doesn't seem to me…
Interesting. I had thought it was common knowledge at this point that the US regularly hacks and is hacked by other nations. I think the biggest splash this article may have is added narrative supporting the truthiness…
I absolutely believe that attacks are used as conveniences to justify legislative wishlists, but question whether such things are planned in advance like you are suggesting or are opportunistic responses to actual…
Certainly false flag operations are a tactic that has seen reliable and regular use, especially in counterintelligence. But what purpose exactly would a false flag operation against SONY serve? Definitely not as a…
We know that the NSA tapped into computer systems and the backbone of essentially every country on Earth - I don't see how NK would have somehow been excluded. What's interesting is what information the New York Times…
Thanks. From what I can tell you agree with: > there is no encryption for there to be escrowed for large or critical parts of the infrastructure That is to say that TLAs get access to records before encryption is ever…
I agree with the author that in the short game not providing your own accounts is attractive. However in the long game it doesn't look so good. Unfortunately there are problems with using federated auth everywhere. *…
- The malware used by the group had fingerprints and components of known Iranian, Korean and Russian malware and is a package sold on black market forums. - The malware used was nearly identical to the that used by the…
> somebody should tell Obama Oh he knows. Lip service to the public about terrorism is just that. > Is anyone going to attempt to argue that encryption facilitates more fraud than it prevents? No idea. Keeping things on…
This is sort of off topic, but it is amusing. I would guess that it is a combination of: - A deemphasis of poetry and literary studies in the concept of being educated and cultured - The rise of writing staff and PR…
It is not about terrorism - it is that technology like this threatens the current level of the capability of the state to enforce its laws. Imagine instead the use of encryption among the financial elite to conspire to…
This kind of "privacy" (lack of the existence of institutionalized absolute compelled disclosure to law enforcement and along with broadly cast suspicion less search) was once called liberty and freedom by American…
Oh certainly. State sponsorship of terrorism is regular practice. https://en.wikipedia.org/wiki/United_States_and_state-sponso...
Most bad drivers I know are convinced they are 'good drivers'...
James Risen tried to publish it in 2004 but the Times fell to government pressure and refused to make the information public until over a year later (only because Risen threatened to tarnish their image over it); when…
> Certainly information from these businesses on how they believe different legislation will effect them is useful to voters, their representatives and their appointees in performing a legislative calculus. > But what…
It's a sort of an accepted insanity that the positions which these large businesses take are considered important. Certainly information from these businesses on how they believe different legislation will effect them…
What exactly makes privately run VCs more efficient than government run VCs exactly? They are both centrally managed and entirely top-down. There are plenty of examples of horribly run, crash-inevitable private VC. I…
First, note how the only numbers addressed are the '2,776 instances publicly known'. So from the start we're working with unreasonable numbers. But let's run with it. Hmm. If the average number of mistakes an analyst…
I seem to be in the minority on Hacker News, but as someone in the professional computer security field I know that any company or state/department/organization can be hacked by a motivated attacker. In the case of…
We can't really know. There is no way to be perfectly certain. That said one can apply an Occam's calculus using whatever information and reasoning you do trust. I personally trust that, whomever the #GOP was, they were…
Thank you again for your reply. I am aware of the confusion regarding PRISM and its 'vernacular' use to encompass the activities from other disclosed programs in addition to confusion about its particular details. In…
The norms in question are those of cyber attacks. This includes but is not limited to intelligence operations. The SONY attack, for example, was not an intelligence operation. The downing of the Syrian airforce was not…
Thank you for mentioning international cyber operation norms. This is the center of US international cyberpolicy efforts. Ontologies describing categories of cyber operations often place destructive attacks like the one…
The sophistication of the attack is pretty questionable IMO. The malware used can be purchased by anyone on the black market and had been used before by Iranian hackers in 2012. Furthermore, spearphishing emails were…
I similarly don't see the risk (and collateral damage) v. reward pan out. Plus there are so many legitimate cyber attacks against the United States, it would seem like a waste of resources. And it doesn't seem to me…
Interesting. I had thought it was common knowledge at this point that the US regularly hacks and is hacked by other nations. I think the biggest splash this article may have is added narrative supporting the truthiness…
I absolutely believe that attacks are used as conveniences to justify legislative wishlists, but question whether such things are planned in advance like you are suggesting or are opportunistic responses to actual…
Certainly false flag operations are a tactic that has seen reliable and regular use, especially in counterintelligence. But what purpose exactly would a false flag operation against SONY serve? Definitely not as a…
We know that the NSA tapped into computer systems and the backbone of essentially every country on Earth - I don't see how NK would have somehow been excluded. What's interesting is what information the New York Times…
Thanks. From what I can tell you agree with: > there is no encryption for there to be escrowed for large or critical parts of the infrastructure That is to say that TLAs get access to records before encryption is ever…
I agree with the author that in the short game not providing your own accounts is attractive. However in the long game it doesn't look so good. Unfortunately there are problems with using federated auth everywhere. *…
- The malware used by the group had fingerprints and components of known Iranian, Korean and Russian malware and is a package sold on black market forums. - The malware used was nearly identical to the that used by the…
> somebody should tell Obama Oh he knows. Lip service to the public about terrorism is just that. > Is anyone going to attempt to argue that encryption facilitates more fraud than it prevents? No idea. Keeping things on…
This is sort of off topic, but it is amusing. I would guess that it is a combination of: - A deemphasis of poetry and literary studies in the concept of being educated and cultured - The rise of writing staff and PR…
It is not about terrorism - it is that technology like this threatens the current level of the capability of the state to enforce its laws. Imagine instead the use of encryption among the financial elite to conspire to…
This kind of "privacy" (lack of the existence of institutionalized absolute compelled disclosure to law enforcement and along with broadly cast suspicion less search) was once called liberty and freedom by American…
Oh certainly. State sponsorship of terrorism is regular practice. https://en.wikipedia.org/wiki/United_States_and_state-sponso...
Most bad drivers I know are convinced they are 'good drivers'...
James Risen tried to publish it in 2004 but the Times fell to government pressure and refused to make the information public until over a year later (only because Risen threatened to tarnish their image over it); when…
> Certainly information from these businesses on how they believe different legislation will effect them is useful to voters, their representatives and their appointees in performing a legislative calculus. > But what…
It's a sort of an accepted insanity that the positions which these large businesses take are considered important. Certainly information from these businesses on how they believe different legislation will effect them…
What exactly makes privately run VCs more efficient than government run VCs exactly? They are both centrally managed and entirely top-down. There are plenty of examples of horribly run, crash-inevitable private VC. I…
First, note how the only numbers addressed are the '2,776 instances publicly known'. So from the start we're working with unreasonable numbers. But let's run with it. Hmm. If the average number of mistakes an analyst…