Monthly Archive: April 2014

Apr 16 2014

nsa operation orchestra

In February of this year, Poul-Henning Kamp (a.k.a “PHK”) gave what now looks to be a peculiarly prescient presentation as the closing keynote to 2014’s FOSDEM. In the presentation (PDF), PHK posits an NSA operation called ORCHESTRA which is designed to undermine internet security through a series of “disinformation” or “misinformation”, or “misdirection” sub operations. …

Continue reading »

Permanent link to this article: http://baldric.net/2014/04/16/nsa-operation-orchestra/

Apr 16 2014

more heartbleed

For any readers uncertain of exactly how the heartbleed vulberability in openssl might be exploitable, Sean Cassidy over at existential type has a good explanation. And if you find that difficult to follow, Randall Munroe over at xkcd covers it quite nicely. My thanks, and appreciation as always, to a great artist. Of course, Randall …

Continue reading »

Permanent link to this article: http://baldric.net/2014/04/16/more-heartbleed/

Apr 16 2014

pulitzer guardian

The Guardian and the Washington Post have been jointly awarded the Pulitzer prize for public service for their reporting of Edward Snowden’s whistleblowing on the NSA’s surveillance activities. The Guardian reports: The Pulitzer committee praised the Guardian for its “revelation of widespread secret surveillance by the National Security Agency, helping through aggressive reporting to spark …

Continue reading »

Permanent link to this article: http://baldric.net/2014/04/16/pulitzer-guardian/

Apr 15 2014

boot and nuke no more

I was contacted recently by a guy called Andy Beverley who wrote: Hope you don’t mind me contacting you about one of your old blog posts “what gives with dban”. Thought I’d let you know that I forked DBAN a while ago, and produced a standalone program (called nwipe) that will run on any Linux …

Continue reading »

Permanent link to this article: http://baldric.net/2014/04/15/boot-and-nuke-no-more/

Apr 08 2014

heartbleed

This is nasty. There is a remotely exploitable bug in openssl which leads to the leak of memory contents from the server to the client and from the client to the server. In practice this means that an attacker can read 64K chunks of memory on a vulnerable service, thus potentially exposing security critical information. …

Continue reading »

Permanent link to this article: http://baldric.net/2014/04/08/heartbleed/