government agencies
> is dedicated to technical audits on security controls. It looks like
> this hacker’s guide has really grown up.
>
> The OSSTMM is currently in its third revision and still in Beta,
> therefore only available to team members, select reviewers, and federal
> government agencies that require it for drafting policy. This third
> version is a complete re-write of the methodology and has at its
> foundation the ever-elusive security and trust metrics. It required 6
> years of research and development to produce the perfect operational
> security metric, an algorithm which computes the Attack Surface of
> anything. In essence, it is a numerical scale to show how unprotected
Hushmail Team has posted its response on 29th Dec to Cryptome:
"Hush Communications Corporation, the company that provides the Hushmail.com email service, is not owned, wholly or in part, by any government agency."
Response from Safe-mail.net Team is the following:
"1. We never had any contacts, direct or indirect, with the NSA or any other
government agency anywhere in the world.
2. All software we use is in-house development.
3. We have never shared our technology with any other party."
The U.S. Defense Information Systems Agency (DISA) publishes Security
Readiness Review scripts (SRRs) to ensure systems and software meet
security baselines required by the Department of Defense. The SRRs are
commonly run on military systems and DISA makes them available to other
government agencies and the general public (at their own risk) at
http://iase.disa.mil/stigs/SRR/index.html.
This vulnerability report applies to the current (October 15, 2009) Unix
SRR. It was tested on Solaris/x86 only but is expected to be applicable
to all Unix/Linux versions supported by the software. DISA publishes
CDF is the Common Data Format. It is a conceptual data abstraction for
storing, manipulating, and accessing multidimensional data sets.
The basic component of CDF is a software programming interface that is
a device-independent view of the CDF data model.
The CDF software package is used by hundreds of government agencies,
universities, and private and commercial organizations as well as
independent researchers on both national and international levels.
CDF has been adopted by the International Solar-Terrestrial Physics
(ISTP) project as well as the Central Data Handling Facilities (CDHF)
as their format of choice for storing and distributing key parameter
On Sat, 22 Dec 2007 14:02:18 +0200, Juha-Matti Laurio said:
> Guardster Team has posted its response on 21st Dec to Cryptome:
> "We can assure you that we do not cooperate with the NSA or any other
> government agency anywhere in the world. We invite whomever is making this
> statement to provide proof, rather than making a baseless accusation.
Note that if they had been served with an NSL (National Security Letter),
they may be legally *required* to lie about it while cooperating. Actually
truthfully saying "Yeah, an NSL showed up and we complied" could land them
On Dec 26, 2007 1:33 PM, <Valdis.Kletnieks@vt.edu> wrote:
> On Sat, 22 Dec 2007 14:02:18 +0200, Juha-Matti Laurio said:
> > Guardster Team has posted its response on 21st Dec to Cryptome:
>
> > "We can assure you that we do not cooperate with the NSA or any other
> > government agency anywhere in the world. We invite whomever is making this
> > statement to provide proof, rather than making a baseless accusation.
>
> Note that if they had been served with an NSL (National Security Letter),
> they may be legally *required* to lie about it while cooperating. Actually
> truthfully saying "Yeah, an NSL showed up and we complied" could land them
dedicated to technical audits on security controls. It looks like this
hacker’s guide has really grown up.
The OSSTMM is currently in its third revision and still in Beta,
therefore only available to team members, select reviewers, and
federal government agencies that require it for drafting policy. This
third version is a complete re-write of the methodology and has at its
foundation the ever-elusive security and trust metrics. It required 6
years of research and development to produce the perfect operational
security metric, an algorithm which computes the Attack Surface of
anything. In essence, it is a numerical scale to show how unprotected
- 2011-10-11: Updated all individuals and groups that are aware of the issue
- 2011-10-11: Follow-up conference call with HTC Global and Google
- 2011-09-19: Updated all individuals and groups that were aware of the issue
- 2011-09-19: Conference call with HTC Global and Google
- 2011-09-08: HTC and Google verified exploit
- 2011-09-07: Notified key government agencies and CERT under
non-public disclosure
- 2011-09-07: Initial email and phone call with HTC Global and Google
> On Sat, 22 Dec 2007 14:02:18 +0200, Juha-Matti Laurio said:
>> Guardster Team has posted its response on 21st Dec to Cryptome:
>
>> "We can assure you that we do not cooperate with the NSA or any other
>> government agency anywhere in the world. We invite whomever is
>> making this
>> statement to provide proof, rather than making a baseless accusation.
>
> Note that if they had been served with an NSL (National Security
> Letter),
> without telling
> you. Shame on Microsoft for not asking you if you wanted to
> "PARTICIPATE" in
> sending data. Shame on Microsoft for not explicitly stating: The data
> we are sneaking off
> your computer will be sent to government agencies of our choice. Its a
> horrible practice
> and a damaging breach of trust. Their action worries me as a security
> professional, will
> they ever scour for data for profit. Why not, no one would notice or
> care anyway.
I. Background
~~~~~~~~~~~~~
Quote: "McAfee proactively secures systems and networks from known
and as yet undiscovered threats worldwide. Home users, businesses,
service providers, government agencies, and our partners all trust
our unmatched security expertise and have confidence in our
comprehensive and proven solutions to effectively block attacks
and prevent disruptions."
II. Description
I. Background
~~~~~~~~~~~~~
Quote: "McAfee proactively secures systems and networks from known
and as yet undiscovered threats worldwide. Home users, businesses,
service providers, government agencies, and our partners all trust
our unmatched security expertise and have confidence in our
comprehensive and proven solutions to effectively block attacks
and prevent disruptions."
Guardster Team has posted its response on 21st Dec to Cryptome:
"We can assure you that we do not cooperate with the NSA or any other government agency anywhere in the world. We invite whomever is making this statement to provide proof, rather than making a baseless accusation.
…."
Link:
http://cryptome.org/nsa-ssl-email.htm
My SecuriTeam Blogs post has been updated to include this information too.
On Dec 26, 2007 1:33 PM, <Valdis.Kletnieks@vt.edu> wrote:
> On Sat, 22 Dec 2007 14:02:18 +0200, Juha-Matti Laurio said:
> > Guardster Team has posted its response on 21st Dec to Cryptome:
>
> > "We can assure you that we do not cooperate with the NSA or any other
> > government agency anywhere in the world. We invite whomever is making this
> > statement to provide proof, rather than making a baseless accusation.
>
> Note that if they had been served with an NSL (National Security Letter),
> they may be legally *required* to lie about it while cooperating. Actually
> truthfully saying "Yeah, an NSL showed up and we complied" could land them
|
