Saturday, November 21, 2015

US gov incompetence blaming Snowden for Paris attacks


Seriously??? !!! ???

How can ANYONE take the heads of the CIA as anything less than 'pot' heads?

These two assclowns claim that Snowden was responsible for teaching the how to avoid 'standard means' of electronic detection, despite 'terrorists' using this technology PRE September 11th 2001.

And these sociopaths are in positions of 'power'.

It may be plausible to any 11 year old kid, but to anyone who has knowledge in I.T. their statements are BULLOCKS!!! !!! !!!

So the U.S 'citizen' is paying taxes for a government failure in 'surveillance'??? !!! ???


From the news.com.au article on 21 Nov 2015 of the headline:

 CIA blames National Security Agency whistleblower Edward Snowden for Paris attacks

Both security agencies and leaders seem more than happy to make NSA whistleblower Edward Snowden a scapegoat for the Paris attacks Marnie O’Neill
AMERICA’S most senior intelligence officers have blamed the Paris attacks on National Security Agency renegade Edward Snowden.
Both the current CIA director John Brennan and his predecessor James Woolsey claimed in separate interviews that leaks by the former contractor taught Islamist terrorists how to use encryption and avoid standard means of electronic communication to evade detection.

This is despite the fact that terrorists are known to have used anti-surveillance techniques since before 9/11 and an independent report last year, which found “no correlation” between updates to jihadist encryption software and Snowden’s leaks.

But according to Mr Brennan: “In the past several years, because of a number of unauthorised disclosures, and a lot of hand-wringing over the government’s role in the effort to try to uncover these terrorists, there have been some policy and legal and other actions that have been taken that make our ability collectively, internationally, to find these terrorists much more challenging.

“There has been an increase in the operational security of a number of operatives of these terrorist networks as they have gone to school on what it is that they need to do in order to keep their activities concealed from the authorities.”

NSA whistleblower Edward Snowden sightseeing on a boat in Moscow shortly after fleeing the US. Picture: Life News

NSA whistleblower Edward Snowden sightseeing on a boat in Moscow shortly after fleeing the US. Picture: Life NewsSource:Supplied

Abdelhamid Abaaoud, the Belgian jihadi suspected of masterminding deadly attacks in Paris
Abdelhamid Abaaoud, the Belgian jihadi suspected of masterminding deadly attacks in ParisSource:AP
Mr Brennan made the comments after giving a speech on national security at the Center for Strategic and International Studies.

Former CIA director R James Woolsey was a little more blunt, telling MSNBC: “I think Snowden has blood on his hands from these killings in France.”

Paris marks one week after attacks that killed 130

London Mayor Boris Johnson also chimed in, directly linking Snowdon’s actions to the Paris attacks in an article he wrote for the The Telegraph.

“To some people the whistleblower Edward Snowden is a hero; not to me,” Mr Johnson wrote.

“It is pretty clear that his bean-spilling has taught some of the nastiest people on the planet how to avoid being caught; and when the story of the Paris massacre is explained, I would like a better understanding of how so many operatives were able to conspire, and attack multiple locations, without some of their electronic chatter reaching the ears of the police.”

Snowden copped a tongue-lashing from CIA director John Brennan this weekMuch has been made of the fact that accused mastermind Abdelhamid Abaaoud managed
to slip easily between Europe and Syria, despite having been linked to failed terror plots and starring in a number of ISIS propaganda videos.

Snowden copped a tongue-lashing from CIA director John Brennan this week

James Woolsey, who ran the CIA during the Clinton years, says Snowden has ‘blood on his hands’Source:AP

Like Jihadi John before him, the 26-year-old had boasted of his ability to cross borders without getting caught. Abaaoud was able to travel from Syria to Belgium, obtain weapons and set up a safe house in the municipality of Verviers with two other potential jihadists. The plot was exposed when authorities raided the home on January 15. The two other men were killed during the operation but officers could find no trace of Abaaoud.

Despite a massive operation to track him down, including further raids in Greece where his cell phone was tracked, Abaaoud said he was able to give authorities the slip and return to Syria.

“Allah blinded their vision” he said of the failure of European intelligence agencies to stop him.

James Woolsey, who ran the CIA during the Clinton years, says Snowden has ‘blood on his hands’“My name and picture were all over the news yet I was able to stay in their homeland, plan operations against them, and leave safely when doing so became necessary.”

He managed to do this despite Europe being on high alert after the Charlie Hebdo attack in France and the raising of the terror level in Belgium following the Verviers raid.

Last year private security firm Flashpoint Global Partners examined the frequency of releases and updates of encryption software by jihadi groups. It found no correlation to Snowden’s leaks about the NSA’s surveillance techniques, which became public from June 5, 2013.

“Prior to Edward Snowden, online jihadists were already aware that law enforcement and intelligence agencies were attempting to monitor them,” the report said

“The underlying public encryption methods employed by online jihadists do not appear to have significantly changed since the emergence of Edward Snowden.”

Thursday, November 19, 2015

Taxpayer records exposed by serious ATO, myGov security flaw


Australians can access a range of government services through the myGov portal, including tax services. Australians can access a range of government services through the myGov portal, including tax services. Photo: Screenshot
Australians' private tax records were left unsecured thanks to a serious flaw in how the tax office's online services connect with myGov, in the latest of a series of security bungles related to the federal government's online services.

Experts have raised concerns over the handling of IT security issues by the Australian Taxation Office and the Department of Human Services, which runs the overarching service portal myGov, after a taxpayer who tried to report the issue claimed he was hung up on twice by the agencies' call centre staff.

myGov is a portal which provides single sign-on (SSO) to access multiple services from linked government agencies. myGov is a portal which provides single sign-on (SSO) to access multiple services from linked government agencies. Photo: YouTube
 
Sydney IT professional JP Liew recently discovered the flaw when logging into myGov to access his online tax records, only to discover he was looking at his wife's.

In a video obtained exclusively by Fairfax Media, Liew demonstrated how downloading a PDF letter from the tax office by clicking on a link within the myGov mailbox creates a "cookie" which logs the user into ato.gov.au. (In this case, cookies are used to authenticate the "single sign-on" process, or SSO, whereby the user only has to login once with myGov to access multiple linked services, such as tax, Medicare and Centrelink.)


Because clicking on the PDF link didn't actually open a browser page at ato.gov.au and therefore a page was never closed, the cookie did not expire, meaning the next user who logged in to myGov and clicked on a link to ato.gov.au saw the previous user's records.
Security researcher Nik Cubrilovic found gaping holes in the myGov website more than a year ago. Security researcher Nik Cubrilovic found gaping holes in the myGov website more than a year ago. Photo: Andrew Meares
 
"I've just spent about an hour on the phone to four myGov technical support people to explain to them that there is a serious bug on the myGov website that will expose another person's ATO information if they share the same computer and browser," Mr Liew said in his video.

"This is very common [to share computers] in workplaces and public libraries however none of them seems to be able to understand what I was trying to say."

Despite the ATO saying this week that it had fixed the problem, Mr Liew was ordered to remove the video from YouTube, with the Tax Office citing security concerns.

DHS has been asked to clarify whether the flaw was present across other government services such as Medicare or Centrelink. Security analyst Ty Miller said this was a "strong possibility". Another analyst, CQR Security founder Phil Kernick, also said it was possible.

An ATO spokesperson did not directly respond when asked how long the flaw had been active for.

However, they said the ATO was aware of "very limited circumstances" where the flaw could have occurred: if the first user didn't sign out of the ATO website (or the session didn't automatically time out) before they logged out of myGov, and if both such users were using the same device and browser.

"This issue does not occur on all types of devices," the spokesperson said.

"We continue to investigate to ensure no other errors are occurring."

A DHS spokesperson said there was "no flaw" in myGov and that the problem lay with the ATO.
Mr Kernick also said the responsibility to delete cookies lay with the services plugging into myGov, and not with myGov itself.

Broader problems

But security researcher Nik Cubrilovic said the cause of the vulnerability was rooted in the architecture of myGov and its SSO process, and the "very basics" of authenticating a user.

"This is an architectural flaw—there are better methods for having SSO where logging out once at myGov would also log you out of any other site," Mr Cubrilovic said.

"I'm ... not comfortable with the blame shifting [from DHS to ATO]. It suggests that the culture that led to this bug and previous bugs is still prevalent at the department and that more issues are a matter of when rather than if."

The ATO spokesperson said the department "worked with DHS to design its online services in the context of the myGov website".

Mr Cubrilovic last year revealed a separate security flaw with myGov, also relating to cookies, which allowed user accounts to be hijacked.

In a document sent to DHS and seen by Fairfax Media, he outlined no less than 12 security issues with the myGov portal and gave recommendations as to how they could be fixed.

One-and-a-half years later Mr Cubrilovic said some of the recommendations had still not been implemented.
"In my original report there were recommendations to shorten the time that cookies are valid, to change the cookie type so that it couldn't be stolen and to unset them properly, but none of these were taken up," he said.

The flaw uncovered this week could also be replicated remotely—i.e. not necessarily only affecting people using the same computer and browser—if someone gained access to the user's cookie, he said.

Mr Cubrilovic said he was "not 100 per cent confident" in the way the ATO had implemented a fix for the new bug, because there was "still so much that can go wrong".

"A proper fix for this issue would be to re-architect the SSO process," he said.

Difficulties reporting bugs

The most simple of Mr Cubrilovic's recommendations from last year was to have a clear point of contact for users to report website bugs.

Mr Liew said he posted a video on YouTube documenting the flaw because attempts to report the bug via myGov and ATO customer service channels had resulted in him being hung up on twice. One staff member even told him to reboot his computer, he said.

In his video Mr Liew described speaking to four separate myGov support staff over an hour, none of whom were able to log the issue and direct it to security. He then rang ATO support, only to be told to contact myGov.

An ATO spokesperson said the department had reviewed its call with Mr Liew and while its staff member had been "professional and courteous at all times", she had "incorrectly referred the user to the myGov hotline".

"We recognise that on this occasion the user received incorrect advice," the spokesperson said, adding that the issue was being addressed via coaching and feedback.

Mr Cubrilovic described the failure to implement a clear channel for reporting bugs as "gross neglect" and said he had experienced similar issues as Mr Liew when trying to alert myGov about security flaws in the past. Action was taken only after he contacted a senior IT staff member directly via Twitter, he said.
 
smh.com.au 19 November 2015
 
That's what happens when you pay peanuts, you get 'monkeys'.
 
The Australian government outsources cheap unskilled I.T. labour from third world countries, where the IT qualifications are not worth the photocopied paper they're on.

We are aware of many other security flaws in government departments, but approaching them, they treat you as if you are the criminal.

As long as the Australian government persecutes easy targets for 'tax' and lets the real corporate criminals walk free, EVERYTHING is OKAY!

At the end of the day it is the masses (in this case private information leaked) that suffer from an incompetent government.
 
The government also 'forces' users to use the MyGov website.

Monday, November 16, 2015

Police hack facebook account - How can you really trust the Police?

The criminal actions of Australia's police 'force' literally know no boundaries.

They are more corrupt than the society they serve!!! !!! !!!

Naturally you will see no criminal charges against the persons involved or even dismissal from the 'force'.

What's even worse is that the (corrupt) police will investigate itself.

As long as the people are criminals for speeding 2km/h over the 'speed limit' is all that maters.

From the source of 7 News at au.news.yahoo.com on 16 November 2015 of the headline:

Magistrate labels NSW Police surveillance tactic 'criminal offence' 

 

Magistrate labels NSW Police surveilance tactic criminal offence
A Sydney man was charged over 'indecent', superimposed photos that featured a serving officer and were uploaded to a private Facebook account. Picture: Fairfax Media
A magistrate has ordered New South Wales Police to pay almost $15,000 in court costs and dismissed charges against a man whose closed Facebook account was hacked by authorities.

Fairfax Media has reported Sydney man Rhys Liam Halvey was charged for six offences after authorities illegally accessed and surveyed his private Facebook account for four months.

Mr Halvey was arrested and charged for three counts of using a carriage service to offend police and three counts of publishing an indecent article.

It has been reported that the man had posted ‘indecent’, superimposed images of a serving police officer on his Facebook page.

Controversial observation tactics. Photo: Supplied
The surveillance tactics were supported in court by a high-ranking officer, however, magistrate Roger Brown believed the “unauthorised access” to be a “criminal offence” and dismissed the charges.

Mr Brown also ordered the police to pay $14,429 in court costs in September.

Mr Halvey’s barrister, Andre Turner, in a formal complaint to the Police Integrity Commission, questioned how widespread the “snooping” was.

The NSW Ombudsman has referred the complaint back to police for investigation.

Sunday, November 15, 2015

Government see it's people as 'rubbish'

So, you think you are a pretty 'learned' person when it comes to matters of importance?

'You' as a 'subject of the Queen' according to the 'Australian Constitution' apparently have a say?

When you raise a matter with your local MP, they are supposed to follow the 'will' of the people, right?

Well, actions speak louder than any 'conspiracy theories'.

In Australia, you're a nobody, a corporate slave, a 'serf' or a piece of 'rubbish'?

Well that depends on what you do.

If you're a footy/cricket/tennis fanatic, then you're okay, a 'fair dinkum' Aussie.

A nice little corporate slave?

BUT if you question the actions of the corporate criminals in position of power (e.g. government, multinational corporations), you're:

  • spoke down to or
  • a 'conspiracy theorist' or
  • wrong and put in your place or
  • or put on a 'watch list' ???

One example that made it into the corporate media was with regards to a concerned resident, Sharron who wrote a letter about her concerns with regards to a planned burn-off that went horribly wrong, where the response from the bureaucrat was that she was 'rubbish'.



This is the response from people in 'authority' that your hard earned taxes are entrusted to???

This is the sort of scum that is in office that 'governs' the Australian people.