Re: [liberationtech] Meet the 'cowboy' in charge of the NSA
Clearly not a battle I'm going to win in any sense with this audience but, really, the current Internet (for many many reasons) is pretty broken in places (and I don't just mean Facebook) when you turn off JS. We talk about this at work a lot and even amongst my peers with NoScript installed, most people find it more trouble than it is worth, and these are security professionals. I know many here probably would say these folks are stupid but given that these folks are also the security team for a major browser, I would say that if they find it too broken, most normal folks are not going to touch it. Anecdotal data is, of course, anecdotal. :-) I deal with JS issues largely by running the nightly build of my browser but then I am also aware of the unfixed vulns in it that are being worked on so my experience isn't normal either. -- Al Billings http://www.openbuddha.com http://makehacklearn.org On Tuesday, September 10, 2013 at 4:55 PM, Joseph Lorenzo Hall wrote: On 9/9/13 2:55 PM, Al Billings wrote: I suggest your use of the net is well outside the mainstream, even amongst security folks. Some of us actually use social networking, for example, or don't want ugly, half broken websites simply because we fear a JavaScript zero day. Hi Al, big fan. I use FF with NoScript and Request Policy both configured to block by default... and open links in session-only Chrome when I need something that requires that stuff. Not ideal, but it works for me and it's certainly not about JS zero-days. Anyway, I'm definitely the only one I know that surfs like that... but I suspect there are even wilder set-ups represented on this list in particular. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Meet the 'cowboy' in charge of the NSA
On 9/9/13 2:55 PM, Al Billings wrote: I suggest your use of the net is well outside the mainstream, even amongst security folks. Some of us actually use social networking, for example, or don't want ugly, half broken websites simply because we fear a JavaScript zero day. Hi Al, big fan. I use FF with NoScript and Request Policy both configured to block by default... and open links in session-only Chrome when I need something that requires that stuff. Not ideal, but it works for me and it's certainly not about JS zero-days. Anyway, I'm definitely the only one I know that surfs like that... but I suspect there are even wilder set-ups represented on this list in particular. best, Joe -- Joseph Lorenzo Hall Senior Staff Technologist Center for Democracy Technology 1634 I ST NW STE 1100 Washington DC 20006-4011 (p) 202-407-8825 (f) 202-637-0968 j...@cdt.org PGP: https://josephhall.org/gpg-key fingerprint: BE7E A889 7742 8773 301B 4FA1 C0E2 6D90 F257 77F8 -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Meet the 'cowboy' in charge of the NSA
Maybe I just don't have the broken Internets problem very often, or I don't notice it. I can use important sites such as my email provider's web interface (when I'm not near my regular email client) and my credit union's mobile site without enabling scripts, so there really isn't much I'm going to allow in the wild. JLH: I also open a different browser on those rare occasions when I have to enable .js. (And I remove the list of whitelisted sites that stock NoScript allows.) I don't think these are unreasonable habits! On Tue, Sep 10, 2013, at 08:01 AM, Al Billings wrote: Clearly not a battle I'm going to win in any sense with this audience but, really, the current Internet (for many many reasons) is pretty broken in places (and I don't just mean Facebook) when you turn off JS. We talk about this at work a lot and even amongst my peers with NoScript installed, most people find it more trouble than it is worth, and these are security professionals. I know many here probably would say these folks are stupid but given that these folks are also the security team for a major browser, I would say that if they find it too broken, most normal folks are not going to touch it. Anecdotal data is, of course, anecdotal. :-) I deal with JS issues largely by running the nightly build of my browser but then I am also aware of the unfixed vulns in it that are being worked on so my experience isn't normal either. -- Al Billings http://www.openbuddha.com http://makehacklearn.org On Tuesday, September 10, 2013 at 4:55 PM, Joseph Lorenzo Hall wrote: On 9/9/13 2:55 PM, Al Billings wrote: I suggest your use of the net is well outside the mainstream, even amongst security folks. Some of us actually use social networking, for example, or don't want ugly, half broken websites simply because we fear a JavaScript zero day. Hi Al, big fan. I use FF with NoScript and Request Policy both configured to block by default... and open links in session-only Chrome when I need something that requires that stuff. Not ideal, but it works for me and it's certainly not about JS zero-days. Anyway, I'm definitely the only one I know that surfs like that... but I suspect there are even wilder set-ups represented on this list in particular. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Meet the 'cowboy' in charge of the NSA
Hi, Am I the only one for whom the page is hidden behind an annoying sign up overlay? axel Le 2013-09-09 05:12, Shava Nerad a écrit : As far as I am concerned it is not. I might have posted the link if you had not brought it to our attention. Thank you. On Sun, Sep 8, 2013 at 9:36 PM, Noah Shachtman noah.shacht...@gmail.com [6] wrote: All: Sorry if this is considered spamming the list - if it is, it won't happen again. At Foreign Policy, we just published what I believe is the first major profile of NSA chief Keith Alexander. It is not a particularly flattering one. One scooplet among many in Shane Harris' nearly 6,000-word story: Even his fellow spies consider Keith Alexander to be a cowboy who's barely concerned with law. Anyway, take a look. Let me know what you think. http://www.foreignpolicy.com/ articles/2013/09/08/the_ cowboy_of_the_nsa_keith_ alexander [1] All the best, nms -- Noah Shachtman Executive Editor for News | Foreign Policy 917-690-0716 noah.shacht...@gmail.com [2] http://www.foreignpolicy.com/author/NoahShachtman [3] encrypted phone: 415-463-4956 -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech [4]. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu [5]. -- Shava Nerad shav...@gmail.com [7] Links: -- [1] http://www.foreignpolicy.com/articles/2013/09/08/the_cowboy_of_the_nsa_keith_alexander [2] mailto:noah.shacht...@gmail.com [3] http://www.foreignpolicy.com/author/NoahShachtman [4] https://mailman.stanford.edu/mailman/listinfo/liberationtech [5] mailto:compa...@stanford.edu [6] mailto:noah.shacht...@gmail.com [7] mailto:shav...@gmail.com -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Meet the 'cowboy' in charge of the NSA
On Mon, 09 Sep 2013 11:23:30 +0200 Axel Simon axelsi...@axelsimon.net wrote: Hi, Am I the only one for whom the page is hidden behind an annoying sign up overlay? axel Nope, I got that too. You can remove it with the developer tools/firebug. A bit disappointing that they go all HEY LINK YOUR TWITTER OR FACEBOOK ACCOUNT TO US!1!! Also that there's this weird limit of 8 articles per month that probably only works on technically illiterate people. :/ These measures seem a tad desperate/indecent; Is money that tight at FP? -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Meet the 'cowboy' in charge of the NSA
Which can be dismissed with a click normally... -- Al Billings http://makehacklearn.org On Monday, September 9, 2013 at 11:23 AM, Axel Simon wrote: Hi, Am I the only one for whom the page is hidden behind an annoying “sign up” overlay? axel Le 2013-09-09 05:12, Shava Nerad a écrit : As far as I am concerned it is not. I might have posted the link if you had not brought it to our attention. Thank you. On Sun, Sep 8, 2013 at 9:36 PM, Noah Shachtman noah.shacht...@gmail.com (mailto:noah.shacht...@gmail.com) wrote: All: Sorry if this is considered spamming the list - if it is, it won't happen again. At Foreign Policy, we just published what I believe is the first major profile of NSA chief Keith Alexander. It is not a particularly flattering one. One scooplet among many in Shane Harris' nearly 6,000-word story: Even his fellow spies consider Keith Alexander to be a cowboy who's barely concerned with law. Anyway, take a look. Let me know what you think. http://www.foreignpolicy.com/ articles/2013/09/08/the_ cowboy_of_the_nsa_keith_ alexander (http://www.foreignpolicy.com/articles/2013/09/08/the_cowboy_of_the_nsa_keith_alexander) All the best, nms -- Noah Shachtman Executive Editor for News | Foreign Policy 917-690-0716 noah.shacht...@gmail.com (mailto:noah.shacht...@gmail.com) http://www.foreignpolicy.com/author/NoahShachtman encrypted phone: 415-463-4956 -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu (mailto:compa...@stanford.edu). -- Shava Nerad shav...@gmail.com (mailto:shav...@gmail.com) -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Meet the 'cowboy' in charge of the NSA
On other sites, yes - that's what I'm used to. But on this site I didn't see anything that even remotely resembles anything approximating a close button; Clicking besides the popup won't do anything either. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Meet the 'cowboy' in charge of the NSA
On Mon, Sep 09, 2013 at 12:50:49PM +0200, phryk wrote: http://cryptome.org/2013/09/nsa-cowboy.htm 9 September 2013 The Cowboy of the NSA Keith Alexander http://www.foreignpolicy.com/articles/2013/09/08/the_cowboy_of_the_nsa_keith_alexander Foreign Policy Magazine The Cowboy of the NSA Inside Gen. Keith Alexander's all-out, barely-legal drive to build the ultimate spy machine. BY SHANE HARRIS | SEPTEMBER 9, 2013 Shane Harris is a senior writer for Foreign Policy and author of The Watchers: The Rise of America's Surveillance State. On Aug. 1, 2005, Lt. Gen. Keith Alexander reported for duty as the 16th director of the National Security Agency, the United States' largest intelligence organization. He seemed perfect for the job. Alexander was a decorated Army intelligence officer and a West Point graduate with master's degrees in systems technology and physics. He had run intelligence operations in combat and had held successive senior-level positions, most recently as the director of an Army intelligence organization and then as the service's overall chief of intelligence. He was both a soldier and a spy, and he had the heart of a tech geek. Many of his peers thought Alexander would make a perfect NSA director. But one prominent person thought otherwise: the prior occupant of that office. Air Force Gen. Michael Hayden had been running the NSA since 1999, through the 9/11 terrorist attacks and into a new era that found the global eavesdropping agency increasingly focused on Americans' communications inside the United States. At times, Hayden had found himself swimming in the murkiest depths of the law, overseeing programs that other senior officials in government thought violated the Constitution. Now Hayden of all people was worried that Alexander didn't understand the legal sensitivities of that new mission. Alexander tended to be a bit of a cowboy: 'Let's not worry about the law. Let's just figure out how to get the job done,' says a former intelligence official who has worked with both men. That caused General Hayden some heartburn. The heartburn first flared up not long after the 2001 terrorist attacks. Alexander was the general in charge of the Army's Intelligence and Security Command (INSCOM) at Fort Belvoir, Virginia. He began insisting that the NSA give him raw, unanalyzed data about suspected terrorists from the agency's massive digital cache, according to three former intelligence officials. Alexander had been building advanced data-mining software and analytic tools, and now he wanted to run them against the NSA's intelligence caches to try to find terrorists who were in the United States or planning attacks on the homeland. By law, the NSA had to scrub intercepted communications of most references to U.S. citizens before those communications can be shared with other agencies. But Alexander wanted the NSA to bend the pipe towards him, says one of the former officials, so that he could siphon off metadata, the digital records of phone calls and email traffic that can be used to map out a terrorist organization based on its members' communications patterns. Keith wanted his hands on the raw data. And he bridled at the fact that NSA didn't want to release the information until it was properly reviewed and in a report, says a former national security official. He felt that from a tactical point of view, that was often too late to be useful. Hayden thought Alexander was out of bounds. INSCOM was supposed to provide battlefield intelligence for troops and special operations forces overseas, not use raw intelligence to find terrorists within U.S. borders. But Alexander had a more expansive view of what military intelligence agencies could do under the law. He said at one point that a lot of things aren't clearly legal, but that doesn't make them illegal, says a former military intelligence officer who served under Alexander at INSCOM. In November 2001, the general in charge of all Army intelligence had informed his personnel, including Alexander, that the military had broad authority to collect and share information about Americans, so long as they were reasonably believed to be engaged in terrorist activities, the general wrote in a widely distributed memo. The general didn't say how exactly to make this determination, but it was all the justification Alexander needed. Hayden's attitude was 'Yes, we have the technological capability, but should we use it?' Keith's was 'We have the capability, so let's use it,' says the former intelligence official who worked with both men. Hayden denied Alexander's request for NSA data. And there was some irony in that decision. At the same time, Hayden was overseeing a highly classified program to monitor Americans' phone records and Internet communications without permission from a court. At least one component of that secret domestic spying
Re: [liberationtech] Meet the 'cowboy' in charge of the NSA
Wired -- my old employer -- did publish a NSA story recently, concentrating on Ft. Meade's new-ish offensive push. But I'm not sure it was really a profile in the classic sense. On Sun, Sep 8, 2013 at 11:20 PM, Joseph Mornin jos...@mornin.org wrote: Wired also did a profile: http://www.wired.com/threatlevel/2013/06/general-keith-alexander-cyberwar/all/ On 9/8/13 8:12 PM, Shava Nerad wrote: As far as I am concerned it is not. I might have posted the link if you had not brought it to our attention. Thank you. On Sun, Sep 8, 2013 at 9:36 PM, Noah Shachtman noah.shacht...@gmail.com mailto:noah.shacht...@gmail.com wrote: All: Sorry if this is considered spamming the list - if it is, it won't happen again. At Foreign Policy, we just published what I believe is the first major profile of NSA chief Keith Alexander. It is not a particularly flattering one. One scooplet among many in Shane Harris' nearly 6,000-word story: Even his fellow spies consider Keith Alexander to be a cowboy who's barely concerned with law. Anyway, take a look. Let me know what you think. http://www.foreignpolicy.com/__articles/2013/09/08/the___cowboy_of_the_nsa_keith___alexander http://www.foreignpolicy.com/articles/2013/09/08/the_cowboy_of_the_nsa_keith_alexander All the best, nms -- Noah Shachtman Executive Editor for News | Foreign Policy 917-690-0716 tel:917-690-0716 noah.shacht...@gmail.com mailto:noah.shacht...@gmail.com http://www.foreignpolicy.com/author/NoahShachtman encrypted phone: 415-463-4956 tel:415-463-4956 -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu mailto:compa...@stanford.edu. -- Shava Nerad shav...@gmail.com mailto:shav...@gmail.com -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- -- Noah Shachtman Executive Editor for News | Foreign Policy 917-690-0716 noah.shacht...@gmail.com http://www.foreignpolicy.com/author/NoahShachtman encrypted phone: 415-463-4956 -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Meet the 'cowboy' in charge of the NSA
Guys: I know the registration wall can be a bit of a pain. Asa reader, I'm not nuts about them, either. But these measures really are important to FP's long-term financial health. Anyway, in the future, let me see if I can get links I post to Libtech white-listed, so you guys don't have to go through that. Can't make any promises, but I'll try. Best, nms On Mon, Sep 9, 2013 at 5:28 AM, phryk in...@phryk.net wrote: On Mon, 09 Sep 2013 11:23:30 +0200 Axel Simon axelsi...@axelsimon.net wrote: Hi, Am I the only one for whom the page is hidden behind an annoying sign up overlay? axel Nope, I got that too. You can remove it with the developer tools/firebug. A bit disappointing that they go all HEY LINK YOUR TWITTER OR FACEBOOK ACCOUNT TO US!1!! Also that there's this weird limit of 8 articles per month that probably only works on technically illiterate people. :/ These measures seem a tad desperate/indecent; Is money that tight at FP? -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- -- Noah Shachtman Executive Editor for News | Foreign Policy 917-690-0716 noah.shacht...@gmail.com http://www.foreignpolicy.com/author/NoahShachtman encrypted phone: 415-463-4956 -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Meet the 'cowboy' in charge of the NSA
On Mon, 09 Sep 2013 11:23:30 +0200 Axel Simon axelsi...@axelsimon.net wrote: Am I the only one for whom the page is hidden behind an annoying sign up overlay? If you disable javascript for the site there is no overlay. If you selectively block javascript from anything not fp.com, the overlay doesn't load either. Trusting users with your revenue model seems an odd choice to me. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Meet the 'cowboy' in charge of the NSA
On Mon, Sep 09, 2013 at 10:15:02AM -0400, liberationt...@lewman.us wrote: On Mon, 09 Sep 2013 11:23:30 +0200 Axel Simon axelsi...@axelsimon.net wrote: Am I the only one for whom the page is hidden behind an annoying sign up overlay? If you disable javascript for the site there is no overlay. If you selectively block javascript from anything not fp.com, the overlay doesn't load either. Trusting users with your revenue model seems an odd choice to me. I'm kind of surprised FP's javascript is the main topic of discussion around this article. Doesn't anyone want to talk about the Army Intelligence and Security Command's Information Dominance Center being designed to mimic the bridge of the Starship Enterprise? Or that Keith Alexander wanted to do domestic surveillance when he was working there, too, and said at one point that a lot of things aren't clearly legal, but that doesn't make them illegal? Or that Rasmussen polls found 68 percent of respondents now believe it's likely the government is listening to their communications and 57 percent said they think it's likely that the government will use NSA intelligence to harass political opponents.? No? Ok, well as long as we're talking about that FP javascript overlay: if you saw it, that means you run JavaScript by default, which means you're vulnerable to a larger number of the arbitrary-code-execution bugs in your web browser (of which there are undoubtedly many more which are not yet fixed, given the frequency with which new ones are discovered [1,2]). In my opinion, if you're using Firefox, you should really be using NoScript. [3] ~leif ps: Thank you FP and Shane Harris for this very informative article! 1: https://www.mozilla.org/security/known-vulnerabilities/firefox.html 2: http://www.cvedetails.com/vulnerability-list/vendor_id-1224/product_id-15031/opec-1/Google-Chrome.html 3: http://noscript.net/ -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Meet the 'cowboy' in charge of the NSA
Have fun tilting that windmill, Mr. Quixote. Like it or not, to fully use websites at this point, you generally need things like Javascript and CSS. The reason that most folks, even security folks like the ones I work with, don't run with NoScript on all the time is that it breaks the net as experienced. -- Al Billings http://www.openbuddha.com http://makehacklearn.org On Monday, September 9, 2013 at 5:43 PM, Leif Ryge wrote: Ok, well as long as we're talking about that FP javascript overlay: if you saw it, that means you run JavaScript by default, which means you're vulnerable to a larger number of the arbitrary-code-execution bugs in your web browser (of which there are undoubtedly many more which are not yet fixed, given the frequency with which new ones are discovered [1,2]). In my opinion, if you're using Firefox, you should really be using NoScript. [3] -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Meet the 'cowboy' in charge of the NSA
It may be outside the mainstream, but so is our interest in-- and understanding of-- security and privacy issues. nbsp;Judging by the millions who download these tools, I am not alone in wanting to block scripts and tracking. I'll save my security researchers using social media (outside of pentesting) makes no sense rant for another time. On Sep 9, 2013 11:56 AM, Al Billings lt;alb...@openbuddha.comgt; wrote: I suggest your use of the net is well outside the mainstream, even amongst security folks. Some of us actually use social networking, for example, or don't want ugly, half broken websites simply because we fear a JavaScript zero day. Al -- Al Billings http://makehacklearn.org On Monday, September 9, 2013 at 8:37 PM, Shelley wrote: gt;gt;Like it or not, to fully use websites at this point, you generally need things like Javascript and CSS. I disagree. nbsp;Not only do I want the protection from .js vulnerabilites and tracking when I browse, I just want the text. nbsp;Not a bunch of useless social media buttons and blinking ads. nbsp;I block it all and very rarely make an exception, and I don't at all mind that I'm getting a bland page with not much more than text. nbsp;I prefer it. gt;gt;The reason that most folks, even security folks like the ones I work with, don't run with NoScript on all the time is that it breaks the net as experienced. Most of my fellow security-conscious friends and colleagues block scripts by default as well. nbsp;Breaking things to make them work the way we want them to is what we do; this is no different. -Shelley On Sep 9, 2013 9:50 AM, Al Billings lt;alb...@openbuddha.comgt; wrote: Have fun tilting that windmill, Mr. Quixote.nbsp; Like it or not, to fully use websites at this point, you generally need things like Javascript and CSS. The reason that most folks, even security folks like the ones I work with, don't run with NoScript on all the time is that it breaks the net as experienced. --nbsp;Al Billingshttp://www.openbuddha.comhttp://makehacklearn.org On Monday, September 9, 2013 at 5:43 PM, Leif Ryge wrote: Ok, well as long as we're talking about that FP javascript overlay: if you sawit, that means you run JavaScript by default, which means you're vulnerable toa larger number of the arbitrary-code-execution bugs in your web browser (ofwhich there are undoubtedly many more which are not yet fixed, given thefrequency with which new ones are discovered [1,2]). In my opinion, if you'reusing Firefox, you should really be using NoScript. [3] -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Meet the 'cowboy' in charge of the NSA
gt;gt;Like it or not, to fully use websites at this point, you generally need things like Javascript and CSS. I disagree. nbsp;Not only do I want the protection from .js vulnerabilites and tracking when I browse, I just want the text. nbsp;Not a bunch of useless social media buttons and blinking ads. nbsp;I block it all and very rarely make an exception, and I don't at all mind that I'm getting a bland page with not much more than text. nbsp;I prefer it. gt;gt;The reason that most folks, even security folks like the ones I work with, don't run with NoScript on all the time is that it breaks the net as experienced. Most of my fellow security-conscious friends and colleagues block scripts by default as well. nbsp;Breaking things to make them work the way we want them to is what we do; this is no different. -Shelley On Sep 9, 2013 9:50 AM, Al Billings lt;alb...@openbuddha.comgt; wrote: Have fun tilting that windmill, Mr. Quixote.nbsp; Like it or not, to fully use websites at this point, you generally need things like Javascript and CSS. The reason that most folks, even security folks like the ones I work with, don't run with NoScript on all the time is that it breaks the net as experienced. --nbsp;Al Billingshttp://www.openbuddha.comhttp://makehacklearn.org On Monday, September 9, 2013 at 5:43 PM, Leif Ryge wrote: Ok, well as long as we're talking about that FP javascript overlay: if you sawit, that means you run JavaScript by default, which means you're vulnerable toa larger number of the arbitrary-code-execution bugs in your web browser (ofwhich there are undoubtedly many more which are not yet fixed, given thefrequency with which new ones are discovered [1,2]). In my opinion, if you'reusing Firefox, you should really be using NoScript. [3] -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Meet the 'cowboy' in charge of the NSA
I suggest your use of the net is well outside the mainstream, even amongst security folks. Some of us actually use social networking, for example, or don't want ugly, half broken websites simply because we fear a JavaScript zero day. Al -- Al Billings http://makehacklearn.org On Monday, September 9, 2013 at 8:37 PM, Shelley wrote: Like it or not, to fully use websites at this point, you generally need things like Javascript and CSS. I disagree. Not only do I want the protection from .js vulnerabilites and tracking when I browse, I just want the text. Not a bunch of useless social media buttons and blinking ads. I block it all and very rarely make an exception, and I don't at all mind that I'm getting a bland page with not much more than text. I prefer it. The reason that most folks, even security folks like the ones I work with, don't run with NoScript on all the time is that it breaks the net as experienced. Most of my fellow security-conscious friends and colleagues block scripts by default as well. Breaking things to make them work the way we want them to is what we do; this is no different. -Shelley On Sep 9, 2013 9:50 AM, Al Billings alb...@openbuddha.com wrote: Have fun tilting that windmill, Mr. Quixote. Like it or not, to fully use websites at this point, you generally need things like Javascript and CSS. The reason that most folks, even security folks like the ones I work with, don't run with NoScript on all the time is that it breaks the net as experienced. -- Al Billings http://www.openbuddha.com http://makehacklearn.org On Monday, September 9, 2013 at 5:43 PM, Leif Ryge wrote: Ok, well as long as we're talking about that FP javascript overlay: if you saw it, that means you run JavaScript by default, which means you're vulnerable to a larger number of the arbitrary-code-execution bugs in your web browser (of which there are undoubtedly many more which are not yet fixed, given the frequency with which new ones are discovered [1,2]). In my opinion, if you're using Firefox, you should really be using NoScript. [3] -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Meet the 'cowboy' in charge of the NSA
On 09/09/2013 12:50 PM, Al Billings wrote: Have fun tilting that windmill, Mr. Quixote. Like it or not, to fully use websites at this point, you generally need things like Javascript and CSS. The reason that most folks, even security folks like the ones I work with, don't run with NoScript on all the time is that it breaks the net as experienced. That's why NoScript lets you whitelist certain sites. If you're comfortable giving some type of personally identifying credentials to log on to a secure site, then maybe you're ok with letting that site shoot a turing complete language at your browser. On the other hand, maybe you're not, but if the site requires javascript to be on for you to log in then it's a binary thing. Let's call this the stark reality of doing business over the web. But for general _reading_ of content, I see no reason why javascript and third party ads should be reaching the user's eyes by default. The benefits of blocking are: * user learns just how much third party junk websites typically try to shoot at them * user learns just how inconsequential 95% of those scripts are to the experience of displaying readable content * user learns which news sites are the most aggressive about forcing third-party content on the user (i.e., the ones that won't allow to read without javascript turned on) * pages that do load the content load the content faster * user learns how much cpu/electricity/etc. they are saving the moment they turn on javascript to leave a comment and their laptop fan starts whirring crazily because some crankhead cooked up the least efficient way in the world to display blocks of text And with Adblock: * user somehow feels less distracted when the blinking budweiser sign next to their head is turned off. Best, Jonathan -- Al Billings http://www.openbuddha.com http://makehacklearn.org On Monday, September 9, 2013 at 5:43 PM, Leif Ryge wrote: Ok, well as long as we're talking about that FP javascript overlay: if you saw it, that means you run JavaScript by default, which means you're vulnerable to a larger number of the arbitrary-code-execution bugs in your web browser (of which there are undoubtedly many more which are not yet fixed, given the frequency with which new ones are discovered [1,2]). In my opinion, if you're using Firefox, you should really be using NoScript. [3] -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Meet the 'cowboy' in charge of the NSA
I clicked, I got the article no problem, I read the article and enjoyed it with the sick fascination we tend to read these things. Odd to think of FP as sort of tabloid celebrity profile of the monsters of the field, eh? ;) I reposted it on G+ with the comment: === *Foreign Policy frames NSA's Alexander* *like a rhinocerous beetle pinned as a specimen* Not a pretty picture, but a curious and powerful one. === I don't block javascript and such, partly because I also work in marketing and social media and such (THE DARK SIDE, the hell with hacking! :) -- I need to watch things. I regularly sweep for malware when idle and pray a lot. :) will comment further when I'm not fighting health system bureaucracy, perhaps...:) Tilting at different windmills for a bit. Check my G+ for updates. yrs, On Mon, Sep 9, 2013 at 3:11 PM, Shelley shel...@misanthropia.info wrote: It may be outside the mainstream, but so is our interest in-- and understanding of-- security and privacy issues. Judging by the millions who download these tools, I am not alone in wanting to block scripts and tracking. I'll save my security researchers using social media (outside of pentesting) makes no sense rant for another time. -- On Sep 9, 2013 11:56 AM, Al Billings alb...@openbuddha.com wrote: I suggest your use of the net is well outside the mainstream, even amongst security folks. Some of us actually use social networking, for example, or don't want ugly, half broken websites simply because we fear a JavaScript zero day. Al -- Al Billings http://makehacklearn.org On Monday, September 9, 2013 at 8:37 PM, Shelley wrote: Like it or not, to fully use websites at this point, you generally need things like Javascript and CSS. I disagree. Not only do I want the protection from .js vulnerabilites and tracking when I browse, I just want the text. Not a bunch of useless social media buttons and blinking ads. I block it all and very rarely make an exception, and I don't at all mind that I'm getting a bland page with not much more than text. I prefer it. The reason that most folks, even security folks like the ones I work with, don't run with NoScript on all the time is that it breaks the net as experienced. Most of my fellow security-conscious friends and colleagues block scripts by default as well. Breaking things to make them work the way we want them to is what we do; this is no different. -Shelley On Sep 9, 2013 9:50 AM, Al Billings alb...@openbuddha.com wrote: Have fun tilting that windmill, Mr. Quixote. Like it or not, to fully use websites at this point, you generally need things like Javascript and CSS. The reason that most folks, even security folks like the ones I work with, don't run with NoScript on all the time is that it breaks the net as experienced. -- Al Billings http://www.openbuddha.com http://makehacklearn.org On Monday, September 9, 2013 at 5:43 PM, Leif Ryge wrote: Ok, well as long as we're talking about that FP javascript overlay: if you saw it, that means you run JavaScript by default, which means you're vulnerable to a larger number of the arbitrary-code-execution bugs in your web browser (of which there are undoubtedly many more which are not yet fixed, given the frequency with which new ones are discovered [1,2]). In my opinion, if you're using Firefox, you should really be using NoScript. [3] -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Shava Nerad shav...@gmail.com -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Meet the 'cowboy' in charge of the NSA
I'm kind of surprised FP's javascript is the main topic of discussion around this article. Thank you FP and Shane Harris for this very informative article! Second that. This is why we regularly tweet FP content because the FP is one of the best sources for liberationtech-like news out there. It's behind a paywall, which can be a pain at times, but at least they're trying to find a freemium balance rather than simply lock up their site. Yosem -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] Meet the 'cowboy' in charge of the NSA
All: Sorry if this is considered spamming the list - if it is, it won't happen again. At Foreign Policy, we just published what I believe is the first major profile of NSA chief Keith Alexander. It is not a particularly flattering one. One scooplet among many in Shane Harris' nearly 6,000-word story: Even his fellow spies consider Keith Alexander to be a cowboy who's barely concerned with law. Anyway, take a look. Let me know what you think. http://www.foreignpolicy.com/articles/2013/09/08/the_cowboy_of_the_nsa_keith_alexander All the best, nms -- Noah Shachtman Executive Editor for News | Foreign Policy 917-690-0716 noah.shacht...@gmail.com http://www.foreignpolicy.com/author/NoahShachtman encrypted phone: 415-463-4956 -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Meet the 'cowboy' in charge of the NSA
As far as I am concerned it is not. I might have posted the link if you had not brought it to our attention. Thank you. On Sun, Sep 8, 2013 at 9:36 PM, Noah Shachtman noah.shacht...@gmail.comwrote: All: Sorry if this is considered spamming the list - if it is, it won't happen again. At Foreign Policy, we just published what I believe is the first major profile of NSA chief Keith Alexander. It is not a particularly flattering one. One scooplet among many in Shane Harris' nearly 6,000-word story: Even his fellow spies consider Keith Alexander to be a cowboy who's barely concerned with law. Anyway, take a look. Let me know what you think. http://www.foreignpolicy.com/**articles/2013/09/08/the_** cowboy_of_the_nsa_keith_**alexanderhttp://www.foreignpolicy.com/articles/2013/09/08/the_cowboy_of_the_nsa_keith_alexander All the best, nms -- Noah Shachtman Executive Editor for News | Foreign Policy 917-690-0716 noah.shacht...@gmail.com http://www.foreignpolicy.com/author/NoahShachtman encrypted phone: 415-463-4956 -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Shava Nerad shav...@gmail.com -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Meet the 'cowboy' in charge of the NSA
Wired also did a profile: http://www.wired.com/threatlevel/2013/06/general-keith-alexander-cyberwar/all/ On 9/8/13 8:12 PM, Shava Nerad wrote: As far as I am concerned it is not. I might have posted the link if you had not brought it to our attention. Thank you. On Sun, Sep 8, 2013 at 9:36 PM, Noah Shachtman noah.shacht...@gmail.com mailto:noah.shacht...@gmail.com wrote: All: Sorry if this is considered spamming the list - if it is, it won't happen again. At Foreign Policy, we just published what I believe is the first major profile of NSA chief Keith Alexander. It is not a particularly flattering one. One scooplet among many in Shane Harris' nearly 6,000-word story: Even his fellow spies consider Keith Alexander to be a cowboy who's barely concerned with law. Anyway, take a look. Let me know what you think. http://www.foreignpolicy.com/__articles/2013/09/08/the___cowboy_of_the_nsa_keith___alexander http://www.foreignpolicy.com/articles/2013/09/08/the_cowboy_of_the_nsa_keith_alexander All the best, nms -- Noah Shachtman Executive Editor for News | Foreign Policy 917-690-0716 tel:917-690-0716 noah.shacht...@gmail.com mailto:noah.shacht...@gmail.com http://www.foreignpolicy.com/author/NoahShachtman encrypted phone: 415-463-4956 tel:415-463-4956 -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu mailto:compa...@stanford.edu. -- Shava Nerad shav...@gmail.com mailto:shav...@gmail.com -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
