NSA

Don’t be too impressed with Snowden’s “ethical hacking training”

by Dave Farquhar
July 6, 2013November 27, 2018

I saw this new headline regarding Edward Snowden, discussing his NSA hacking training. Don’t be impressed.

For several years, I lived in that same world Snowden lived in. I’ve gone out of my way to avoid mentioning this, but from 2005-2012, I was a consultant. I worked for several different companies, due to contracts changing hands and companies merging, but my client was the United States Air Force. And from 2011-2012, I even had direct dealings with the NSA. I attended NSA meetings in the Washington, D.C. area. I received NSA training–in person–in a security discipline called threat modeling. My job was to represent NSA to the Air Force three weeks out of the month, and represent the Air Force to the NSA on the fourth week.

Just don’t ask me anything about UFOs. Unlike some people, I didn’t snoop around on classified networks. Whenever possible, didn’t look at the data at all. If I had to look at data, I preferred to look at dummy data. If I actually did look at real, honest-to-goodness classified data, it was because I needed to know that information to do my job. I was a pretty good contractor, I think.

I also know about this training that Snowden put on his resume.Read More »Don’t be too impressed with Snowden’s “ethical hacking training”

What to do about PRISM is unclear as of yet

by Dave Farquhar
June 24, 2013June 23, 2013

I haven’t written a lot yet about Mr. Edward Snowden and the NSA PRISM program. I will in time, but want to be careful not to be spreading misinformation, and not to merely be repeating what everyone else says.

There’s been no shortage of advice on encrypting your own data, but there is one pitfall to that.Read More »What to do about PRISM is unclear as of yet

Windows vs. Linux kernel performance

by Dave Farquhar
May 13, 2013December 3, 2018

An anonymous Microsoft developer spilled some juicy opinions about why Windows kernel performance isn’t all it could be and answered some longstanding questions about Windows vs. Linux kernel performance in the process. Although he has recanted much of what he said, some of his insights make a ton of sense.

The NSA’s guide to finding things on the Internet is available now

by Dave Farquhar
May 10, 2013May 9, 2013

A wonderful NSA document called Untangling the Web, thanks to a FOIA request, is now available and free for all to download and use. Although dated, the book will prove highly useful. If you company or client is exposing data that it shouldn’t to the public Internet, this book will help you find it, so you can correct it.

The copy isn’t perfect. It’s a bit dated, and it’s a straight scan to PDF, so it isn’t searchable, and it’s not the clearest, cleanest copy. I’m cleaning up a copy for my own use right now. I expect to use it, and often. It isn’t a document I’ve been privileged to see before, so I’m excited to have a chance now to study it and learn its techniques.Read More »The NSA’s guide to finding things on the Internet is available now

How to secure a computer like a spook

by Dave Farquhar
May 20, 2011April 15, 2017

A link to the National Security Agency’s (NSA) guidance on hardening operating systems has been floating around various blogs today. But the NSA’s guidance on configuring Windows 7 and other recent operating systems is, to put it mildly, a bit incomplete.

What one government agency doesn’t do, another probably does. That’s usually a safe assumption at least. Enter the Defense Information Systems Agency (DISA). If you want to harden recent Windows operating systems, visit http://iase.disa.mil/stigs/index.html for guidance.
Read More »How to secure a computer like a spook