I can see one of two things happening when the contractor's lawyers hear about this. They could fix the issue, or they could laugh in the face of the software devs.
If they try the second then they're just begging to be sued for several hundred million cases of infringement. With a statutory max of $150,000/infringement. You're talking the entire national debt right there. If you're talking minimum that's still at least $75 billion.
Hua wei, Cisco, HP, and other manufacturers are a good jumping off point for the NSA to hack other networks. Something the US specifically authorizes them to do. Plus, Huawei has so many bugs that their OS is a giant backdoor.
The thing everyone has a problem with is the over reach of the NSA. Targeted attacks, even to third parties, to obtain specific intel aren't really something that most people worry about here in the US. It's making sure that there's a proper legal channel to get a warrant through an adversarial proceeding that annoys me personally.
You have a good point, but there are problems with HSMs.
First, they're expensive. A good HSM easily can run into the hundred thousand dollar range. Second, you can only have one server terminating all SSL connections. Since the HSM wont let anyone get the key, then the server with the HSM must be able to handle everyone. Then there's the downtime that occurs if the server or HSM ever breaks. They'd need to get a whole new Cert issued.
The big reason why companies don't use Hardware Security Modules to store their SSL keys is the way that HSMs work. In order to make sure the keys never leave the HSM, the HSM itself decrypts all the data. Something that just isn't feasible when dealing with multiple SSL connections.
Look at some of the other techdirt articles. Brazil is depating legislation which will require internet companies to keep all their data in Brazil. If every country did this then every internet company will have to have hundreds of data centers. This also lets the government more easily censor the internet.
Campus police are state troopers, and thanks to federal and state law campus property is treated differently than private property. Campus administration normally takes this to mean they can do whatever they want, and if you disagree then you get fined or arrested. Don't pay the fine, don't get your transcript. So you can't transfer and you can't graduate.
While this is the first time I've heard of such blatant disregard of free speech issues, my Uni required us to fill out "party permits" or the cops would bust in and kick everyone out. What constitutes a "Party" is up to the officer. Too many people, well that's a party.
That's a violation of the First Amendment, but the reason no one does anything is because they would find something else to charge everyone with. That friend of a friend that you don't know, but is there. If he's under 21 and brought a flask, everyone's screwed. It doesn't matter if the flask was in a backpack and no one knew it was there.
Umm, no. That would be the National Reconnaissance Office. Furthermore, NASA is no more part of the military than any other government agency. Seriously, that was one of the founding principles of the organization.
The FBI needs to be careful when it comes to things like this. Even if it is legal, and I'm not saying it is, it certainly sets a double standard.
Any time you have something along the lines of "Normal people can't do this, but the government can," you run into tricky balance of power issues. Even worse, if the government does something too often or particularly bad people start asking "Why can't I do this. If the government is doing it then it might be illegal, but it's probably not immoral."
This doesn't even get into the abuse of power issues. Just compare the Lori Drew case to what the government has admitted to doing here. In the first they tried to twist a hacking law to apply to violating a websites Terms of Service. In the second, they deliberately hacked potentially innocent third party computers. This clear abuse of power is why many people don't trust the government, and are beginning to believe that laws have lost touch with their moral roots.
I doubt it was a hack. However, I'd put good money on it being a drunk or disgruntled employee.
I honestly feel sorry for the store, but think that they could have handled things better. Instead of shutting down their account they could have used it to issue an apology. The most likely possibility is the owner/manager knowing nothing about social media, so when things went wrong the instinctive reaction was to just cancel the account.
Evolution is amazing. Especially since all it's based on is the statistical likelihood of random mutations affecting birthrates. It is neither good nor bad, it's merely based on statistics. And lets face it, everyone wants their child to be above average.
If you want a good science fiction series dealing with the potential of genetically engineered humans look at Gundam Seed.
No one is saying that they are ready to start tinkering with human babies just yet, but let me ask you a question. If you could know that your child would have a chronic illness, would you have the test done. How about if it could be fixed? Sequencing a persons entire genetic code is still relatively slow and expensive, but it only has to be done once.
Here's another thing to think about. Umbilical stem cells. These things are turning out to be hugely important. I wouldn't be surprised if quite a few hospitals start offering to store those in case the newborn needs an organ grown in thirty or forty years.
Re: Maybe also motivated by clumsy DoD site-blocking policies
Hmm, that's an interesting possibility. Unfortunately, having necessary military information and services sharing the same domain as self hosted websites is just a bad idea.
I'm aware that different subdomains can be completely separated, but the cost of a domain name is so cheap that it's not worth the potential trouble. The largest reason to not go with a separate domain name is shared hosting. At that point domain names are the least of the universities security troubles.
The sad thing is the reason why cell phones make the effort.
It's not about good will. First, it was because carriers liked the lock in. Remember those old java phones where the only way to get new ringtones was to buy a 30 second clip for $5? The other reason was Steve Jobs and his control freak tendencies.
If you look at cell phone security, most of it is stupidly weak. The only thing it's good for is keeping non technical users from breaking anything too badly.
They're using man in the middle attacks. So, you're securely talking to a NSA computer which is then talking to the real server.
The hard part is for the NSA computer to pretend to be the real server. There are three ways for them to do so. First, they could have demanded/stolen the secret key and certificate from the server they're trying to intercept traffic to. Second, they could have a trusted Certificate Authority (CA) tell the user that they are the server. Third, they could use their massive supercomputers to fake a valid certificate.
We've heard a decent bit about the first one. The second one happens because browsers operate on a chain of trust that is completely invisible to a normal user. It would be easiest for them to go this route. The third method was actually demonstrated by a couple of researchers. They used a bunch of PS3s to sign a valid md5 based certificate. It's an old attack, but someone on that huge invisible chain of trust is probably still vulnerable.
Like Snowden said. The problem isn't the encryption, it's everything else. In this case, web browsers relying on public key cryptography with some major flaws.
Google wanted to loose. Now there are precedents for most major courts regarding frand patents. Microsoft's mobile division makes a huge amount of money of threatening to sue Android phone makers. Combine that with the Cisco ruling preventing Google from being directly involved in any lawsuit that does crop up, and losing these Motorola cases actually helps Google.
Don't be so sure of that. I've had paypal do very strange things to my account before. While I finally figured out what they were doing it wasn't a fun experience. I had to call my bank before I figured it all out.
The best part was when the guy on the phone told me he didn't use paypal, had dealt with too many paypal horror stories, and offered to close my account and make a new one that paypal didn't know about for me.