The European Union Times |
- FREAK encryption flaw leaves millions of Apple & Android users exposed
- Obama Threatens War on Israel if it Attacks Iran
- EMP Attack Could Bring Our Civilization to a Cold, Dark Halt – US Congressman
- New Zealand snooping on tiny South Pacific neighbors
- North Korea threatens US and South Korea with pre-emptive nuclear strike
|
Posted: 05 Mar 2015 06:05 AM PST
 Tech firms are rushing to fix a disastrous security flaw dubbed ‘FREAK’, stemming from the US government’s requirement of lower encryption standards, that for over a decade left millions of users visiting ‘secured’ websites exposed to potential attacks. Cyber security experts have discovered a massive flaw that allows attackers to decrypt HTTPS-protected traffic passing between millions of websites worldwide and users of vulnerable devices, including Android and Apple smartphones and tablets. Apple already announced that it plans to issue a patch for iOS and OS X next week while Google said they’ve already issued a patch to hardware partners. Windows and Linux end-user devices were not believed to have been affected. Researchers found that some 36 percent of websites that use SSL or TLS protocols, including government ones, are vulnerable and could be tricked into setting up a connection through weak encryption keys, also known as the export-grade key or 512-bit RSA keys – the design was approved by the US government for export overseas some three decades ago. “The export-grade RSA ciphers are the remains of a 1980s-vintage effort to weaken cryptography so that intelligence agencies would be able to monitor. This was done badly. So badly, that while the policies were ultimately scrapped, they’re still hurting us today,” cryptographer Matthew Green of Johns Hopkins University wrote in a blog explaining the threat of the attack. Dubbed the FREAK, which is short for ‘Factoring Attack on RSA-EXPORT Keys’, the method potentially allows the attacker to decode the website’s private key and browse encrypted traffic or use it for man-in-the-middle attacks. The entire weakness of the encryption design stems from Washington’s effort to regulate the export of products utilizing “strong” encryption. Now three decades later, as the export-grade encryption standard was never removed, such weak encryption could be pretty easily cracked, leaving clients’ devices potentially exposed. “This bug causes them to accept RSA export-grade keys even when the client didn’t ask for export-grade RSA,” Green wrote. “The impact of this bug can be quite nasty – it admits a ‘man in the middle’ attack whereby an active attacker can force down the quality of a connection, provided that the client is vulnerable and the server supports export RSA.” The FREAK is one of several SSL-related vulnerabilities disclosed Tuesday by a research team that included experts from INRIA Paris-Rocquencourt and Microsoft. Security experts also compiled a list of vulnerable websites that included those such as AmericanExpress.com, NSA.gov, and FBI.gov. Source           |
|
Posted: 05 Mar 2015 05:52 AM PST
 US President Barack Obama threatened to take military action against Israel not to let Israeli Prime Minister Benjamin Netanyahu strike Iran. Netanyahu was planning airstrikes at an emergency meeting with Israeli Defense Minister Moshe Ya’alon, Foreign Minister Avigdor Lieberman and Chief of Staff of the Israeli army Benny Gantz, the Kuwaiti newspaper Al-Jarîda said. The meeting was held after it became known that Barack Obama’s administration and the clergy of Iran had concluded a secret agreement. Israel even conducted test flights of its fighter jets in the airspace of Iran after it became possible to overcome the radar protection. However, US Secretary of State John Kerry disclosed Netanyahu’s plans. Afterwards, Obama threatened to shoot down Israeli planes on their way to Iran. As a result, the Israeli Prime Minister had to curtail the operation. The relationship between Israel and the United States have been worsening since then. Benjamin Netanyahu has recently expressed opposition to Obama’s intention to sign the agreement with Iran on its nuclear program. The Israeli politician promised to make every effort not to let the parties sign the document. The White House accused Israeli Prime Minister Netanyahu of having a destructive approach to the relations between the United States and Israel. Source      |
|
Posted: 05 Mar 2015 05:29 AM PST
 When it comes to an EMP attack, the question remains “when” not “if” the SHTF. Few other scenarios hold as much potential for disaster and disruption to the lives of everyone in society. At a moment’s notice, 300 million Americans could be made instantly desperate – and even likely to die in the aftermath. A single event could easily be enough to take down the power grid and render inoperable all the computers and electronic tools that individuals, businesses, banks and governments all rely upon. Arizona Congressman Trent Franks recently reintroduced a bill intended to provide better security for critical infrastructure, with particular emphasis on the threat posed to the power grid by an EMP – which Rep. Franks points out could occur either naturally from a solar flare or by way of a targeted man-made weapon. In reintroducing the bill this week, Franks said, “The Department of Homeland Security has the specific responsibility to secure the key resources and critical infrastructure in the United States, to include power production, generation and distribution systems. Yet thirteen years after this job description was enacted, our nation’s most critical infrastructure — and the systems that more than 300 Million Americans depend upon every day for basic activities — are still vulnerable to large scale blackouts. “Anyone who understands how critical our power grid has become in modern America to feeding our families or keeping our children warm will understand why this act is so crucially important. The Critical Infrastructure Protection Act will enhance DHS threat assessments for geomagnetic disturbances and electromagnetic pulse blackouts which will enable practical steps to protect the vital electric grid that serves America….” The electromagnetic pulse (EMP) resulting from an extreme solar flare or a targeted nuclear blast has the power to single-handedly wipe out the electric grid, and permanently disable nearly everything hooked up to it, from computers to electronic devices and much more. Back in September, Frank layed out the consequences of an EMP attack: Our entire American way of life relies upon electricity and electronic technology. Our household appliances, food distribution systems, telephone and computer networks, communication devices, cars, airplanes, factories, power plants, bank ATMs, even water and sewage plants could potentially grind to a halt without it. Moreover, while much of our critical military hardware is shielded against EMP, our military relies upon our largely unsecured civilian grid for more than 90 percent of its electricity needs in this country without which it cannot affect its military mission. According to experts, including Dr. William Graham, who was the White House science adviser during the Reagan administration, an EMP attack over the continental United States could render 70-90 percent of our population unsustainable. Rep. Franks is urging legislation on the basis that Homeland Security is charged with protecting America, yet unable to do so. Failing to guard against an EMP means a threat to civilization itself: “Passage of this legislation will help the United States prevent and prepare for such an event by including large-scale blackouts into existing national planning scenarios… Most importantly, it requires specific plans for protecting and recovering the electric grid and other critical infrastructure from a dangerous EMP event.” Continuing, Franks said, “There is a moment in the life of nearly every problem when it is big enough to be seen by reasonable people and still small enough to be successfully addressed. Those of us across America live in a time when there still may be opportunity for the free world to address and mitigate the vulnerability that naturally occurring or weaponized EMP represents to the mechanisms of our civilization. This is our moment.” However, it is unclear whether or not Frank’s legislation would be practically effective in protecting the grid, nor is it clear whether or not it will become law. A previous version of his SHIELD act passed the House but stalled in the Senate. Franks echoed the sentiment of former CIA director James Woolsey, who warned that an EMP “could bring our civilization to a cold, dark halt.” As Forbes notes: Congressional studies quoted by Woolsey estimate that two-thirds of the population would die of starvation, disease, exposure or violence related to social breakdown in the first twelve months alone. And to make matters worse, we would never even know what hit us, because we would have no means to investigate, to say nothing of respond. Just darkness. What can you do about the potential coming collapse of civilization? “Island yourself” from the central grid… that’s former FERC chief John Wellinghoff’s advice to individuals – preppers if you will – for surviving any grid downs that could occur from an EMP, a cyber attack or other event powerful enough to interrupt the highly vulnerable primary grid. People are beginning to understand that they need their own onsite capabilities to island themselves from the grid. That’s because the grid’s external vulnerabilities will continue to be a problem until we do have substantial amounts of distributed generation. I have a solar photovoltaic system that provides 100% of my power needs. I am looking into how I can island myself off the grid. But it is not just me, the military is moving toward micro-grids at all of their bases because they understand the vulnerability of those bases to outages. In the longer term, Wellinghoff hopes that distributed grids will become a major component of the solution – decentralizing power production at the local and regional level so that system-wide destruction of the main grid would not interrupt local power service. Likewise, targeted attacks on hundreds or thousands or distributed grids by an enemy could occur, but would be unlikely to derail all the power at once. These distributed grids could generate power through any practical means – conventional sources of natural gas or coal, they could use solar, wind or newer methods of renewable energy… the point is that they are independent and scaled to individual communities (or even individual homes): The key is that they are located within that particular sub-region and can run even if the there is some cascading failure throughout the main grid. Solar is a good example. If everyone had solar panels on their respective roofs then we could adequately disperse power generation in such a way that it makes nodes practically irrelevant. It is easy to hack into a node and cause it to malfunction but it is basically impossible to hack 10 million solar power systems. Preppers can take special note here: when major figures in government, science and national security are sounding the alarm over the threats of an EMP attack and the looming failure of the grid, it is high time to make a back up plan: That is, make preparations to survive with no power or electricity during a short or long termdisaster, make plans to protect major equipment or backups with a faraday cage, and, if possible, make or adapt plans to generate at least some electricity using off grid or ‘distributed grid’ networks. Without picking any favorites, solar may be the most practical option for individuals at this point in time, though solar panels can be quite costly. Anything else that works is also a good option. Nevertheless, be warned that this could literally happen at any moment. Extreme space weather may be capricious and occur without warning, while those who would benefit from sowing chaos and disaster over the civilized world – or those who seek to gain power in the aftermath of disruptions to ordinary life – could unleash an electromagnetic pulse that would effectively pull the plug without any given notice. Are you prepared? Source      |
|
Posted: 05 Mar 2015 04:36 AM PST
 The material shows that the New Zealand Government Communications Security Bureau (GCSB) intercepts phone calls, emails, Internet browsing sessions and online chats of government ministers and senior officials in Pacific island nations, included Fiji, Samoa, Tonga, the Solomons Islands, the Cook Islands, Kiribati, Vanuatu, Nauru and France’s overseas territories New Caledonia and French Polynesia. The GCSB then shares the collected information with partners in the Five Eyes network, Australia, Britain, Canada and the United States, through the XKeyscore computer program developed by the US National Security Agency (NSA). “In effect, the New Zealand spy agency gathers information on the country’s nearest neighbors to help secure its place in the US-led alliance,” the English-language daily New Zealand Herald commented. The documents further revealed that New Zealand and Australian intelligence services worked together to spy on Indonesia’s largest mobile phone network, Telkomsel. Additionally, GCSB used its Waihopai base in New Zealand’s South Island to gather considerable amounts of data from the South Pacific region. The base was upgraded to “full take” operations in 2009, and it currently collects both the content and metadata of all communications. A spokeswoman for New Zealand Prime Minister John Key said the government “will not be responding to claims made from documents stolen by Snowden.” “The Snowden documents were taken some time ago, and many are old, out of date, and we can’t discount that some of what is being put forward may even be fabricated,” she said. Source      |
|
Posted: 05 Mar 2015 04:17 AM PST
 The remarks by Foreign Minister Ri Su Yong were made during a speech at the UN Conference on Disarmament on Tuesday. He said the joint military exercises being staged by South Korea and the United States are “unprecedentedly provocative in nature and have an especially high possibility of sparking off a war.” “The DPRK (Democratic People’s Republic of Korea) cannot but bolster its nuclear deterrent capability to cope with the ever-increasing nuclear threat of the US,” he told the Geneva forum, according to Reuters. “Now the DPRK has the power of deterring the US and conducting a pre-emptive strike as well, if necessary.” His speech drew a rebuke from US Ambassador Robert Wood, who urged Pyongyang to stop making threats and rid itself of nuclear weapons. Wood said the exercises had been held for 40 years and were “transparent and defense-oriented.” “We call on the DPRK to immediately cease all threats, reduce tensions and take the necessary steps towards denuclearization needed to resume credible negotiations,” Wood said, referring to six-party talks that collapsed in 2008, according to Reuters. North Korea already fired two short-range missiles off its eastern coast on Monday, according to South Korean officials, as a response to the annual US-South Korean military exercises. North Korea regularly denounces the drills, claiming they are preparations for war. The missiles landed in the sea between Korean Peninsula and southern Japan. Takashi Uto, Japan’s parliamentary vice-minister for foreign affairs, told the forum the missile firing was a “clear violation” of UN Security Council resolutions. Source     |
