Sign in / up

* Posts by Tombone

2 publicly visible posts • joined 9 Jul 2013

PRISM scandal: Brit spooks operated within the law, say politicos

Tombone

No, they got around the law

The PRISM document has no filter shown for UK data, only US and then only 51% USA. So use of PRISM data is necessarily spying on Brits communications. Those comms were also handed to the US, which has no protections available.

Thus you cannot just look at the result of the GCHQ filter and say "is ok", all of the US queries run on UK data captured by GCHQ are also relevant. If USA provided access to AUS, NZ, Canada, then all of those queries are relevant too, as are all future queries by all future users, since this data is kept by the US.

Conversely, NSA has analysts in UK, reading the GCHQ feed. The GCHQ feed has no filter for USA, not even 51%, 0% filtered. So those NSA analysts are getting around the token protection the NSA put in for USA citizens in the US by accessing the UK feed.

"Further, in each case where GCHQ sought information from the US, a warrant for interception, signed by a Minister, was already in place,"

No, the warrant is there to check the search is warranted, if its already in place then the Minister could not have checked the lawfulness of the request. He is not a time-lord. He cannot travel forward in time to check it.

1 2

HP storage: more possible backdoors

Tombone
Reply Icon

It gives them full access to everything remotely

Well one of us needs to read:

"That suggests the devices include an HP-accessible support account has been incorporated into the LeftHand 9.0 and higher code"

So they have an account on the system. The account can be used to set passwords for other accounts, so it has access to those accounts too. (at minimum)

“Call support. They can reset the password remotely.”

So it's a *remote* backdoor too. NSA can even listen in on the calls.

So the article says the exact opposite. HP is in NSA land, which mean if you're running HP kit and its connected to the net, you need to as a matter of urgency take it offline and replace it with more trusted kit. Personally I switched to Thomson (a router) kit, but I'd also have accepted Korea and German kit.

I'm betting it also lets them remote upgrade the firmware, which likely makes it a total root remote exploit. It's the sort of dumb choice made by people who put in backdoors.

Business 101, you have a legal obligation to protect your business data from foreign snooping, your employees from foreign snooping, the company financial data from foreign snooping, bank transactions the lot. It sucks, but that's the world as it is now.

1 2