Compare these logos!

http://emailgenome.org/

http://en.wikipedia.org/wiki/File:PRISM_logo_(PNG).png

http://imageshack.us/a/img33/8724/ifjv.png

I found the Email Genome site after a browser addon identified a program that was running through my email provider. Yahoo is known to be working with the NSA if you've been following recent headlines. :(

I just wanted you guys to see the creepy freakin website and the official logo associated with the prism program.

Sigh! The nerve. And to copy Pink Floyd is LOL sad. Double Sigh.

(dark side of the moon: )

http://upload.wikimedia.org/wikipedia/en/3/3b/Dark_Side_of_the_Moon.png


http://en.wikipedia.org/wiki/PRISM_(surveillance_program)

PRISM is a clandestine mass electronic surveillance data mining program known to have been operated by the United States National Security Agency (NSA) since 2007.[1][2][3] PRISM is a government code name for a data-collection effort known officially by the SIGAD US-984XN.[4][5] The Prism program collects stored Internet communications based on demands made to Internet companies such as Google Inc. under Section 702 of the FISA Amendments Act of 2008. The NSA can use these Prism requests to target communications that were encrypted when they traveled across the Internet backbone, to focus on stored data that telecommunication filtering systems discarded earlier,[6][7] and to get data that is easier to handle, among other things.[8]

PRISM began in 2007 in the wake of the passage of the Protect America Act under the Bush Administration.[9][10] The program is operated under the supervision of the U.S. Foreign Intelligence Surveillance Court (FISA Court, or FISC) pursuant to the Foreign Intelligence Surveillance Act (FISA).[11] Its existence was leaked six years later by NSA contractor Edward Snowden, who warned that the extent of mass data collection was far greater than the public knew and included what he characterized as "dangerous" and "criminal" activities.[12] The disclosures were published by The Guardian and The Washington Post on June 6, 2013. Subsequent documents have demonstrated a financial arrangement between NSA's Special Source Operations division (SSO) and PRISM partners in the millions of dollars. [13]

Documents indicate that PRISM is "the number one source of raw intelligence used for NSA analytic reports", and it accounts for 91% of the NSA's Internet traffic acquired under FISA section 702 authority."[14][15] The leaked information came to light one day after the revelation that the FISA Court had been ordering a subsidiary of telecommunications company Verizon Communications to turn over to the NSA logs tracking all of its customers' telephone calls on an ongoing daily basis.[16][17]

U.S. government officials have disputed some aspects of the Guardian and Washington Post stories and have defended the program by asserting it cannot be used on domestic targets without a warrant, that it has helped to prevent acts of terrorism, and that it receives independent oversight from the federal government's executive, judicial and legislative branches.[18][19] On June 19, 2013, U.S. President Barack Obama, during a visit to Germany, stated that the NSA's data gathering practices constitute "a circumscribed, narrow system directed at us being able to protect our people."[20]

vAI2QOBMlTA

__________________________________________

I added some information in the bottom of this thread, Jan 13 2014, about Internet Protocol Version Six.

http://www.pcworld.com/article/261681/eff_lawsuit_seeks_details_of_nsa_email_phone_surveillance.html


EFF Lawsuit Seeks Details of NSA Email, Phone Surveillance
By Grant Gross, IDG News ServiceAug 30, 2012 1:10 PMprint
The Electronic Frontier Foundation has filed a lawsuit seeking details about U.S. National Security Agency surveillance of email and telephone calls, with the lawsuit raising concerns that the agency has illegally targeted U.S. citizens.

The EFF Freedom of Information Act lawsuit, filed Thursday in U.S. District Court for the District of Columbia, alleges that the NSA has circumvented the legal protections for U.S. citizens in the FISA Amendments Act, a 2008 law that allowed the NSA to expand its surveillance efforts targeting foreign terrorism suspects. The law prohibits the NSA from intentionally targeting U.S. citizens, but the EFF pointed to a July letter in which a U.S. intelligence official told a senator the NSA has sometimes overstepped its limits.

On "at least one occasion," the U.S. Foreign Intelligence Surveillance Court (FISC), which oversees the program, found the NSA's collection of information was "unreasonable" under the Fourth Amendment to the U.S. Constitution, Kathleen Turner, director of legislation affairs for the Office of the Director of National Intelligence, wrote in the letter. The Fourth Amendment protects U.S. citizens against unreasonable searches and seizures.

In addition, the government's implementation of the surveillance law "has sometimes circumvented the spirit of the law," Turner wrote, in response to an information request from Senator Ron Wyden, an Oregon Democrat.

In the lawsuit, the EFF asks for details of the spying operation. The digital rights group wants information on any written opinions or orders from FISC discussing illegal government surveillance, and any briefings to Congress about those violations.

The EFF believes the opinions of the FISC are law, "and the government can't classify and withhold the law from the American public," Mark Rumold, the EFF's open government legal fellow, said in an email.

The information is needed before Congress acts to re-authorize the surveillance law, Rumold said. Parts of the law are due to expire on Dec. 31, but current bills in Congress would extend the surveillance program.

"When the government acts unconstitutionally, the government shouldn't be able to shield disclosure of that information behind the veil of classification," Rumold said. "If the [law] is going to be re-authorized, there has to be an informed, public debate about the way the surveillance is being conducted under the statute and the privacy sacrifices Americans are being forced to make."

The U.S. public and many members of Congress "have very little information" about the surveillance program, he added. "Hopefully our suit will bring more information to light and help contribute to a meaningful debate on the re-authorization of the statute," Rumold said.

The U.S. Department of Justice, the defendant in the lawsuit, declined to comment.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is grant_gross@idg.com.

http://www.businessinsider.com/nsa-whistleblower-william-binney-explains-nsa-surveillance-2012-8


NSA Whistleblower Details How The NSA Has Spied On US Citizens Since 9/11
MICHAEL KELLEY AUG. 24, 2012, 1:19 PM 57,366 56


Read more: http://www.businessinsider.com/nsa-whistleblower-william-binney-explains-nsa-surveillance-2012-8#ixzz2g9PvF0p7

National Security Agency whistleblower William Binney explains how the secretive agency runs its pervasive domestic spying apparatus in a new piece by Laura Poitras in The New York Times.
Binney—one of the best mathematicians and code breakers in NSA history—worked for the Defense Department's foreign signals intelligence agency for 32 years before resigning in late 2001 because he "could not stay after the NSA began purposefully violating the Constitution."

In a short video called "The Program," Binney explains how the agency took part of one of the programs he built and started using it to spy on virtually every U.S. citizen without warrants under the code-name Stellar Wind.

Binney details how the top-secret surveillance program, the scope of which has never been made public, can track electronic activities—phone calls, emails, banking and travel records, social media—and map them to collect "all the attributes that any individual has" in every type of activity and build a profile based on that data.

"So that now I can pull your entire life together from all those domains and map it out and show your entire life over time," Binney says.

The 8-minute video, adapted from an ongoing project by Poitras that is to be released in 2013, has footage of the construction of the NSA's $2 billion data storage facility in Bluffdale, Utah, which Binney says "has the capacity to store 100 years worth of the world's electronic communications."

The purpose of the program, according to Binney, is "to be able to monitor what people are doing" and who they are doing it with.

"The danger here is that we fall into a totalitarian state," Binney says. "This is something the KGB, the Stasi or the Gestapo would have loved to have had."

Poitras, who has been detained and questioned more than 40 times at U.S. airports, has been working on a trilogy of films about post-9/11 America.

SEE ALSO: How Post-9/11 Surveillance Has Drastically Changed America [INFOGRAPHIC] >


Read more: http://www.businessinsider.com/nsa-whistleblower-william-binney-explains-nsa-surveillance-2012-8#ixzz2g9Q0rvc3

http://en.wikipedia.org/wiki/PRISM_(surveillance_program)


History[edit]
PRISM is a "Special Source Operation" in the tradition of NSA's intelligence alliances with as many as 100 trusted U.S. companies since the 1970s.[1] A prior program, the Terrorist Surveillance Program, was implemented in the wake of the September 11 attacks under the George W. Bush Administration but was widely criticized and challenged as illegal, because it did not include warrants obtained from the Foreign Intelligence Surveillance Court.[24][25][26][27] PRISM was authorized by the Foreign Intelligence Surveillance Court.[14] PRISM was enabled under President Bush by the Protect America Act of 2007 and by the FISA Amendments Act of 2008, which immunizes private companies from legal action when they cooperate with U.S. government agencies in intelligence collection. In 2012 the act was renewed by Congress under President Obama for an additional five years, through December 2017.[2][28][29] According to The Register, the FISA Amendments Act of 2008 "specifically authorizes intelligence agencies to monitor the phone, email, and other communications of U.S. citizens for up to a week without obtaining a warrant" when one of the parties is outside the U.S.[28]

Edward Snowden[edit]
PRISM was first publicly revealed when classified documents about the program were leaked to journalists of the The Washington Post and The Guardian by Edward Snowden[citation needed] – at the time an NSA contractor – during a visit to Hong Kong.[1][2] The leaked documents included 41 PowerPoint slides, four of which were published in news articles.[1][2] The documents identified several technology companies as participants in the PRISM program, including Microsoft in 2007, Yahoo! in 2008, Google in 2009, Facebook in 2009, Paltalk in 2009, YouTube in 2010, AOL in 2011, Skype in 2011 and Apple in 2012.[30] The speaker's notes in the briefing document reviewed by The Washington Post indicated that "98 percent of PRISM production is based on Yahoo, Google and Microsoft".[1] The slide presentation stated that much of the world's electronic communications pass through the U.S., because electronic communications data tend to follow the least expensive route rather than the most physically direct route, and the bulk of the world's Internet infrastructure is based in the United States.[14] The presentation noted that these facts provide United States intelligence analysts with opportunities for intercepting the communications of foreign targets as their electronic data pass into or through the United States.[2][14]

Snowden's subsequent disclosures included statements that governments such as the United Kingdom's GCHQ also undertook mass interception and tracking of Internet and communications data[31] – described by Germany as "nightmarish" if true[32] – allegations that the NSA engaged in "dangerous" and "criminal" activity by "hacking" civilian infrastructure networks in other countries such as "universities, hospitals, and private businesses",[12] and alleged that compliance offered only very limited restrictive effect on mass data collection practices (including of Americans) since restrictions "are policy-based, not technically based, and can change at any time", adding that "Additionally, audits are cursory, incomplete, and easily fooled by fake justifications",[12] with numerous self-granted exceptions, and that NSA policies encourage staff to assume the benefit of the doubt in cases of uncertainty.[33][34][35]

Extent of surveillance[edit]
Alleged NSA internal slides included in the disclosures purported to show that the NSA could unilaterally access data and perform "extensive, in-depth surveillance on live communications and stored information" with examples including email, video and voice chat, videos, photos, voice-over-IP chats (such as Skype), file transfers, and social networking details.[2] Snowden summarized that "in general, the reality is this: if an NSA, FBI, CIA, DIA, etc analyst has access to query raw SIGINT [signals intelligence] databases, they can enter and get results for anything they want."[12] According to The Washington Post, the intelligence analysts search PRISM data using terms intended to identify suspicious communications of targets whom the analysts suspect with at least 51 percent confidence to not be U.S. citizens, but in the process, communication data of some U.S. citizens are also collected unintentionally.[1] Training materials for analysts tell them that while they should periodically report such accidental collection of non-foreign U.S. data, "it's nothing to worry about."[1]

According to The Guardian, NSA had access to chats and emails on Hotmail.com, Skype, because Microsoft had “developed a surveillance capability to deal” with the interception of chats, and “[f]or Prism collection against Microsoft email services will be unaffected because Prism collects this data prior to encryption.”[36][37] Also according to The Guardian's Glenn Greenwald even low-level NSA analysts are allowed to search and listen to the communications of Americans and other people without court approval and supervision. Greenwald said low level Analysts can, via systems like PRISM, "listen to whatever emails they want, whatever telephone calls, browsing histories, Microsoft Word documents. And it’s all done with no need to go to a court, with no need to even get supervisor approval on the part of the analyst."[38] He added that the NSA databank, with its years of collected communications, allows analysts to search that database and listen "to the calls or read the emails of everything that the NSA has stored, or look at the browsing histories or Google search terms that you’ve entered, and it also alerts them to any further activity that people connected to that email address or that IP address do in the future."[38] Greenwald was referring in the context of the foregoing quotes to the NSA program X-Keyscore.[39]

During a House Judiciary hearing on domestic spying on July 17, 2013 John C Inglis, the deputy director of the surveillance agency, told a member of the House judiciary committee that NSA analysts can perform "a second or third hop query" through its collections of telephone data and internet records in order to find connections to terrorist organizations.[40] "Hops" refers to a technical term indicating connections between people. A three-hop query means that the NSA can look at data not only from a suspected terrorist, but from everyone that suspect communicated with, and then from everyone those people communicated with, and then from everyone all of those people communicated with.[40][41] NSA officials had said previously that data mining was limited to two hops, but Inglis suggested that the Foreign Intelligence Secret Court has allowed for data analysis extending “two or three hops”.[42]

http://upload.wikimedia.org/wikipedia/commons/thumb/4/46/UncleSamListensIn.jpg/449px-UncleSamListensIn.jpg

http://blog.mailchimp.com/mailchimps-email-genome-project/


Feb 9, 2011
MailChimp’s Email Genome Project
Every once in a while, we ask some random questions about email here at MailChimp. Questions like:

Remember that blog network that just got hacked, and how all their user data was posted to the public? Wonder if any bad guys are importing that email list into MailChimp anywhere. Would be nice to shut them down, and maybe even report them to the FBI.
Hey, what if we purchased some spam lists ourselves, and just used them to scan all users’ imported lists for high levels of correlation?
Across all the emails we’ve ever sent, what’s a realistic “average shelf life” for a subscriber’s engagement?
Is there a *real* “best time” and “worst time” to send email? Of course people will always say “it depends” but what if we actually crunched (all) the numbers anyway? Would we find interesting patterns?
And some questions can be real dilemmas, like:

If user X imports a list, and we find a bunch of hard bounces, why don’t we prevent those bad email addresses from being imported into our system by user Y? (after all, lots of bounces can lead to delivery problems at some of the big ISPs)
If we know a particular subscriber is a habitual (false) complainer, should we keep allowing them to subscribe to lists that we host? Even if there’s double opt-in proof?
MailChimp Engineers: “Shutup, already. Go look it up yourself.”

I guess all these questions finally annoyed our engineers enough to make them setup The Email Genome Project, which scans MailChimp’s 600,000 users, the hundreds of millions of subscribers they manage, and the 40 million (and growing) messages they send every day for nuggets of information that we can use to improve our deliverability and train our Omnivore abuse prevention algorithms.
The fun part of all this? The nerds get to play with cool toys…

First, they setup a server that’s used for some occasional pre-test “heavy lifting.” To be honest with you, I don’t think they really needed this one. I’m pretty sure they got it for fun. Whatever the case, here are the specs:

4 x Xeon X7550 CPUs, each 8 cores @2.0Ghz with HT
128 GB of DDR3 RAM
Hardware BBU-backed raid 10 of Intel X25-E SLC SSDs
And then they setup another server that is not quite as impressive (with “only” 2×6 core xeons for a total of 24 threads, 36 GB RAM). This one was configured more for storage, with a 12 disk raid 10 of 15k SAS drives with ~4TB of usable raid 10 space.

I pretty much have no idea what I just typed there. Sounds impressive, though. The monthly bill certainly made an impression on me.

But hey, all in the name of R&D. If they wanna use the toys to play Doom (people still play that game, right?) or test their password cracking skills, it’s all good.

Anyway, the high level goal of the Email Genome Project is to help improve the email ecosystem. Specifically, we want to provide answers — fast. The more we learn about email, the better we can help prevent the abuse of it.

We’ll talk more about our findings here on the MailChimp blog soon.

For now, to get a feel for what kind of data our Email Genome Project can produce, you should sign up to Dan Zarrella’s “Science of Email Marketing” webinar.

He asked us a few questions about email marketing. We scanned 10 billion emails, and gave him some answers:

http://www.hubspot.com/the-science-of-email-marketing/

¤=[Post Update]=¤

http://www.insightmrktg.com/tag/email-genome-project/

http://upload.wikimedia.org/wikipedia/commons/thumb/7/7e/Berlin_2013_PRISM_Demo.jpg/800px-Berlin_2013_PRISM_Demo.jpg


Tag: Email Genome Project

10 Insights to Improve Your Email Performance

September 12, 2012 by Rocky Cipriano in Email Marketing, Marketing 1 comment
9.5 billion emails were analyzed to look at how people read email and what’s working in email marketing today. The results provide some surprising insights, as well as some actionable takeaways.

- See more at: http://www.insightmrktg.com/tag/email-genome-project/#sthash.HQ5F5Myu.dpuf

http://upload.wikimedia.org/wikipedia/commons/thumb/7/71/DigiGes_PRISM01.jpg/800px-DigiGes_PRISM01.jpg

hey , the dark side of the moon , fitting for the NSA , hiding where you can't see what they are doing ...

If I didn't know better, I'd think people were afraid to give thumbs up to an NSA thread, LOL

Just kidding, i understand -- :)

*pokes NSA in the eye* stop staring

Another weird program with extremely questionable homepage: uservoice analysis

Was running in my email in the background.
Their "about us" page has curse words in the text. Doesn't sound like a "real" corporation to me.
Very weird.

https://www.uservoice.com/privacy/

^creepiest TOS i've read. challenges south park apple episode.

p.s. http://vimeo.com/50448891

MailChimp's Email Genome Project Strata Submission
from John Foreman 1 year ago NOT YET RATED

very strange screenshot on first frame of video above.

Yet another strange script that has certain users and programmers talking: yui.yahooapis.com, which leads to the site developer.yahoo.com.

:( these yahooapis scripts are hijacking my browser and allowing 3rd party access to anything that uses Javascript, if I understand correctly.

Yahoo was one of the Gag Order club approached by the NSA years ago -- so they are up there with AT&T in my opinion, which isn't a nice thing.

AT&T pretty much runs a mirror of the whole internet in its bid to monopolize tracking of the public. not sure how far down the hole Yahoo went.

I am fairly sad and disgusted with the manner in which MAIL (email is private, or should be) has been whored out to advertisers and investigators.

Using email is pretty much a downer. Sensitive stuff gets deleted, delayed, bounced back, undeliverable, etc... only stupid crap gets through.

:( lmao

Time magazine says that Google and Yahoo have been providing an NSA backdoor:

Government

The Major Tech Companies Missing From the Surveillance Reform Letter

By Courtney Subramanian @cmsubDec. 09, 20130

Eight major American tech giants have teamed up for a government surveillance reform campaign, decrying the National Security Agency’s sweeping power and demanding the end of bulk data collection in a letter to President Barack Obama and lawmakers.

The Sunday announcement, which also featured a new website dedicated to the cause, is nothing short of a public relations campaign to allay fears over compliance with government surveillance. But missing from the unusually-paired mega group – Google, Facebook, Apple, Microsoft, Twitter, Yahoo, LinkedIn and AOL — are a few Silicon Valley companies ignoring the possible damage done by leaks from NSA former contractor Edward Snowden.

(MORE: Tech Titans Band Together in Effort to Limit Government Surveillance)

Most notably, online retail giant Amazon and marketplace eBay were not among the tech signatories. Microsoft-owned Skype was not explicitly mentioned in the letter, and as TechCrunch points out, was also missing from a related announcement about encrypting data beginning in 2014.

But a Microsoft spokeswoman tells TIME Skype is indeed included in the campaign and encryption announcement. Interestingly, Microsoft chose not to mention Skype, which has been contested for its purported encryption and was highlighted in the first revelations of the NSA’s PRISM surveillance program. Both Amazon and eBay did return requests for comments.

The letter, addressed to Obama and Congress, demands an end to mass data collection and calls for tech companies to be able to both openly discuss surveillance orders and fight them in FISA court. More recently, new leaked documents allege the NSA was illegally tapping data through the back door of Yahoo and Google communication centers. Army Gen. Keith Alexander, the agency director, has since denied the allegation, but Electronic Frontier Foundation attorney Kurt Opsahl said that may have been the wakeup call internet companies needed.

Read more: The Major Tech Companies Missing From the Surveillance Reform Letter | TIME.com http://business.time.com/2013/12/09/the-major-tech-companies-missing-from-the-surveillance-reform-letter/#ixzz2n3keaBqf


<(@_@<) (.@_@.) (>@_x)>
........................*eye poke*

http://www.cnn.com/2014/01/05/tech/yahoo-malware-attack/index.html?hpt=hp_t2

Malware attack hits thousands of Yahoo users
By Faith Karimi and Joe Sutton, CNN
updated 7:46 PM EST, Sun January 5, 2014 |


(CNN) -- A malware attack hit Yahoo's advertising server over the last few days, affecting thousands of users in various countries, an Internet security firm said.
In a blog post, Fox-IT said Yahoo's servers were releasing an "exploit kit" that exploited vulnerabilities in Java and installed malware.

"Clients visiting yahoo.com received advertisements served by ads.yahoo.com," the internet security firm said. "Some of the advertisements are malicious."
Fox-IT, which is based in the Netherlands, focuses on cyber defense.

It estimates tens of thousands of users were affected per hour.

"Given a typical infection rate of 9%, this would result in around 27,000 infections every hour," the company said. "Based on the same sample, the countries most affected by the exploit kit are Romania, Great Britain and France. At this time it's unclear why those countries are most affected, it is likely due to the configuration of the malicious advertisements on Yahoo."

If a computer infected with malware is connected to a network, attackers can often access other connected systems and servers.
Yahoo said it is aware of the security issues.

In December: Mayer apologizes for e-mail outage

"At Yahoo, we take the safety and privacy of our users seriously," it said in a statement Saturday night. "We recently identified an ad designed to spread malware to some of our users. We immediately removed it and will continue to monitor and block any ads being used for this activity."

The security firm said it is unclear who's behind the attack, but it appears to be "financially motivated." It did not provide details.

Its investigation revealed that the earliest sign of infection was on December 30.

Top tech fails of 2013


_________________________________

yahooapis scripts are also very bad news.
it's running a "developer script" constantly through yahoo services that lets anyone hijack your Javascript


Yet another strange script that has certain users and programmers talking: yui.yahooapis.com, which leads to the site developer.yahoo.com.

p.s. the "financial motivation" bit was creepy considering what the germans said about the NSA being motivated by money. lol

http://security.blogs.cnn.com/2014/01/04/nsa-wont-say-whether-it-spies-on-congress/

January 4th, 2014
03:45 PM ET
NSA won't say if it is "spying" on Congress
Congress is just like everyone else. That's the message the National Security Agency has for Sen. Bernie Sanders.

The independent senator from Vermont sent a letter to the agency Friday, asking whether it has or is "spying" on members of Congress and other elected American officials.

The NSA provided a preliminary response Saturday that said Congress has "the same privacy protections as all U.S. persons."

"NSA's authorities to collect signals intelligence data include procedures that protect the privacy of U.S. persons. Such protections are built into and cut across the entire process. Members of Congress have the same privacy protections as all U.S. persons," said the agency in a statement obtained by CNN.

The response goes on to promise the agency will continue to work with Congress on the issues - without ever addressing the senator's real question.

Sanders defines "spying" in his letter as "gathering metadata on calls made from official or personal phones, content from websites visited or e-mails sent, or collecting any other data from a third party not made available to the general public in the regular course of business."

The NSA would say nothing more, except that it is further reviewing the letter.

"We will continue to work to ensure that all Members of Congress, including Sen. Sanders, have information about NSA's mission, authorities, and programs to fully inform the discharge of their duties," read the statement.

Attorney General Eric Holder similarly deflected answering the same question at a congressional hearing last summer, telling Sen. Mark Kirk, R-Illinois, that the NSA had no "intent" to spy on Congress, but the issue was better discussed in private.

The intelligence community has faced heated criticism from the right and left in 2013 after Edward Snowden's leaks, and the intensity has continued fiercely in 2014.

On Thursday, the New York Times and the Guardian published scathing editorials that slammed the "violations" Snowden's leaks revealed and advocated a presidential pardon for him.

Among those charges was the notion that James Clapper Jr., the director of National Intelligence, lied to Congress while testifying last March that the NSA was not collecting data on millions of Americans.

National Intelligence was quick to push back, with a letter to the editor from by general counsel Robert Litt, published in the New York Times on Saturday.

"As a witness to the relevant events and a participant in them, I know that allegation is not true," writes Litt, explaining that Clapper misunderstood the question, but couldn't publicly correct his mistake "because the program involved was classified."

"This incident shows the difficulty of discussing classified information in an unclassified setting and the danger of inferring a person's state of mind from extemporaneous answers given under pressure."

Litt said that Clapper was "surprised and distressed" when he was informed by staff that he gave a misleading answer after the testimony.

CNN's Evan Perez contributed to this report.

Post by: CNN's Conor Finnegan
Filed under: NSA

Some things you might want to know about the recent "upgrade" to IPv6 ("internet protocol version six")!


http://en.wikipedia.org/wiki/Neighbornode
http://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol
http://en.wikipedia.org/wiki/ISATAP
http://en.wikipedia.org/wiki/Captive_portal
http://en.wikipedia.org/wiki/Walled_garden_(media)
http://en.wikipedia.org/wiki/Secure_Neighbor_Discovery_Protocol


The Secure Neighbor Discovery (SEND) protocol is a security extension of the Neighbor Discovery Protocol (NDP) in IPv6 defined in RFC 3971 and updated by RFC 6494.

The Neighbor Discovery Protocol (NDP) is responsible in IPv6 for discovery of other network nodes on the local link, to determine the link layer addresses of other nodes, and to find available routers, and maintain reachability information about the paths to other active neighbor nodes (RFC 4861). This protocol is insecure and susceptible to malicious interference. It is the intent of SEND to provide an alternate mechanism for securing NDP with a cryptographic method that is independent of IPsec, the original and inherent method of securing IPv6 communications.

SEND uses Cryptographically Generated Addresses (CGA) and other new NDP options for the ICMPv6 packet types used in NDP.

SEND was updated to use the Resource Public Key Infrastructure (RPKI) by RFC 6494 and RFC 6495 which define use of a SEND Certificate Profile utilizing a modified RFC 6487 RPKI Certificate Profile which must include a single RFC 3779 IP Address Delegation extension.

There have been concerns with algorithm agility vis-à-vis attacks on hash functions used by SEND expressed in RFC 6273, as CGA currently uses the SHA-1 hash algorithm and PKIX certificates and does not provide support for alternative hash algorithms.


The captive portal technique forces an HTTP client on a network to see a special web page (usually for authentication purposes) before using the Internet normally. A captive portal turns a Web browser into an authentication device.[1] This is done by intercepting all packets, regardless of address or port, until the user opens a browser and tries to access the Internet. At that time the browser is redirected to a web page which may require authentication and/or payment, or simply display an acceptable use policy and require the user to agree. Captive portals are used at many Wi-Fi hotspots, and can be used to control wired access (e.g. apartment houses, hotel rooms, business centers, "open" Ethernet jacks) as well.

Since the login page itself must be presented to the client, either that login page is locally stored in the gateway, or the web server hosting that page must be "whitelisted" via a walled garden to bypass the authentication process. Depending on the feature set of the gateway, multiple web servers can be whitelisted (say for iframes or links within the login page). In addition to whitelisting the URLs of web hosts, some gateways can whitelist TCP ports. The MAC address of attached clients can also be set to bypass the login process.



A closed platform, walled garden or closed ecosystem[1][2] is a software system where the carrier or service provider has control over applications, content, and media and restricts convenient access to non-approved applications or content. This is in contrast to an open platform, where consumers have unrestricted access to applications and content.

For example in telecommunications, the services and applications accessible on any cell phone on any given wireless network were tightly controlled by the mobile operators. The mobile operators limited the applications and developers that were available on users' home portals and home pages. This can happen when users have no pre-paid money left on their account as a result service provider has restricted user access. This has long been a central issue constraining the telecommunications sector, as developers face huge hurdles in making their applications available to end-users.

In a more extreme example, with the pre-regulated 1970s American telephone system, "Ma Bell" virtually owned all the hardware (including all phones) and all the signals, and virtually even the words (information) on their wires. The words did not become yours until they left the Ma Bell earpiece (or other Ma Bell output device) and entered your ear. It was illegal for the user to even monitor or record the signals near "his own" phone with a non-Bell magnetic pic-up device. In that case, this was an openly government sanctioned and regulated monopoly.

More generally, a "walled garden" refers to a closed or exclusive set of information services provided for users. Similar to a real walled garden, a user in a walled garden is unable to escape this area unless it is through the designated entry/exit points or the walls are removed.[3]

http://www.infowars.com/whistleblower-google-chrome-can-listen-to-your-conversations/

Whistleblower: Google Chrome Can Listen To Your Conversations

Programmer goes public four months after company failed to fix exploit

Paul Joseph Watson
Infowars.com
January 23, 2014

A whistleblower who privately informed Google four months ago that their Chrome browser had the ability to record conversations without the user’s knowledge has gone public after the tech giant failed to fix the issue.

s5D578JmHdU

In the video above, the programmer explains how Google Chrome’s speech recognition function remains operational even after the user has left the website on which they gave permission for the browser to record their voice.

“When you click the button to start or stop the speech recognition on the site, what you won’t notice is that the site may have also opened another hidden pop under window. This window can wait until the main site is closed, and then start listening in without asking for permission. This can be done in a window that you never saw, never interacted with, and probably didn’t even know was there,” writes the whistleblower.

The video shows a pop-under browser window recording and typing the programmer’s words as she speaks. The window can be disguised as an advertising banner so the user has no indication that Chrome is listening to their voice, whether that be on the phone, talking to someone on Skype, or merely having a conversation with someone near the computer.

The exploit is a “serious security breach” that has compromised the privacy of millions of Google Chrome users, according to the programmer, who warns, “as long as Chrome is still running, nothing said next to your computer is private.”

The exploit turns Google Chrome into an “espionage tool,” adds the programmer, noting that the recording function can be activated by the use of sensitive keywords and be passed on “to your friends at the NSA.”

The programmer reported the exploit to Google on September 19 last year and was met with assurances that it would be quickly fixed. However, despite apparently fixing the bug within two weeks, the update was never released to Chrome users, with Google telling the programmer, “Nothing is decided yet.”

As far back as 2006, we warned that computers would use in-built microphones to spy on users. We also revealed how digital cable boxes had embedded microphones that had the capability of recording conversations since the late 1990′s.

As we have previously highlighted, terms of agreement for both Android and iPhone apps now require users to agree to allow their microphone to be activated at any time without confirmation before they can download the app.

Facebook’s term’s of agreement also allow the social network giant to record your phone calls, read your phone’s call log and “read data about contacts stored on your phone, including the frequency with which you’ve called, emailed or communicated in other ways with specific individuals.”

We are now fully ensconced in a world that even George Orwell would have laughed off as inconceivable. Embedded microphones in everything from Xbox Kinect consoles to high-tech street lights that can record private conversations in real time represent the final nail in the coffin of privacy.

Facebook @ https://www.facebook.com/paul.j.watson.71
FOLLOW Paul Joseph Watson @ https://twitter.com/PrisonPlanet

think of how many computers are in people's bedrooms... couples' bedrooms, etc lol

Compare these logos!
....


Ever compared these images ?

http://www.alatoerka.nl/wp-content/uploads/2011/02/gmail-freemasons.jpg

Compare these logos!
....


Ever compared these images ?

http://www.alatoerka.nl/wp-content/uploads/2011/02/gmail-freemasons.jpg

Wow. That's pretty close, isn't it?
Did they do that on purpose??

@@

Ty for sharing!
Holy cow.

You guys know that Checkpoint Charlie and the Berlin Wall inspired Pink Floyd quite a lot?

Same place shown in the picture with the red, white, blue balloons and the grey sign with "yes we scan".


Waters had stated on the first airing of the making of The Wall on In the Studio with Redbeard in July 1989 that the only way he was to resurrect a live performance of The Wall was "if the Berlin Wall came down". Four months later the wall came down.

http://www.infowars.com/whistleblower-google-chrome-can-listen-to-your-conversations/

Whistleblower: Google Chrome Can Listen To Your Conversations

Programmer goes public four months after company failed to fix exploit

Paul Joseph Watson
Infowars.com
January 23, 2014

A whistleblower who privately informed Google four months ago that their Chrome browser had the ability to record conversations without the user’s knowledge has gone public after the tech giant failed to fix the issue.

s5D578JmHdU

In the video above, the programmer explains how Google Chrome’s speech recognition function remains operational even after the user has left the website on which they gave permission for the browser to record their voice.

“When you click the button to start or stop the speech recognition on the site, what you won’t notice is that the site may have also opened another hidden pop under window. This window can wait until the main site is closed, and then start listening in without asking for permission. This can be done in a window that you never saw, never interacted with, and probably didn’t even know was there,” writes the whistleblower.

The video shows a pop-under browser window recording and typing the programmer’s words as she speaks. The window can be disguised as an advertising banner so the user has no indication that Chrome is listening to their voice, whether that be on the phone, talking to someone on Skype, or merely having a conversation with someone near the computer.

The exploit is a “serious security breach” that has compromised the privacy of millions of Google Chrome users, according to the programmer, who warns, “as long as Chrome is still running, nothing said next to your computer is private.”

The exploit turns Google Chrome into an “espionage tool,” adds the programmer, noting that the recording function can be activated by the use of sensitive keywords and be passed on “to your friends at the NSA.”

The programmer reported the exploit to Google on September 19 last year and was met with assurances that it would be quickly fixed. However, despite apparently fixing the bug within two weeks, the update was never released to Chrome users, with Google telling the programmer, “Nothing is decided yet.”

As far back as 2006, we warned that computers would use in-built microphones to spy on users. We also revealed how digital cable boxes had embedded microphones that had the capability of recording conversations since the late 1990′s.

As we have previously highlighted, terms of agreement for both Android and iPhone apps now require users to agree to allow their microphone to be activated at any time without confirmation before they can download the app.

Facebook’s term’s of agreement also allow the social network giant to record your phone calls, read your phone’s call log and “read data about contacts stored on your phone, including the frequency with which you’ve called, emailed or communicated in other ways with specific individuals.”

We are now fully ensconced in a world that even George Orwell would have laughed off as inconceivable. Embedded microphones in everything from Xbox Kinect consoles to high-tech street lights that can record private conversations in real time represent the final nail in the coffin of privacy.

Facebook @ https://www.facebook.com/paul.j.watson.71
FOLLOW Paul Joseph Watson @ https://twitter.com/PrisonPlanet

I've started an additional thread on this JAVA SCRIPT exploit, more on how it is done, as well as other exploits being used to spy.. The one I posted in the Current Events sub-forum of NEWS talks about what appears to be another audio bug as well as this "known" exploit..

Compare these logos!
....


Ever compared these images ?

http://www.alatoerka.nl/wp-content/uploads/2011/02/gmail-freemasons.jpg

...
Did they do that on purpose??
...


Yep, you bet! They even managed to get the square and compass in (sort of) ... look at the center of the envelope !

P.S. and more or less 4 pyramids ... :p

I can't believe the Java thing was true!!!!

Everyone here was worried, lol -- at least Bobd and me

I don't even program, only thing I've done was a TINY bit of html...!!!

I think a two year old could spot these "spies" in TED clothing.!!

Can you believe this is what they expect the average American (not to mention the people overseas who really got screwed) to swallow?

What are we gonna do, insider trade shoelaces or something?

Please read ASAP -- today's denial of service is worse than ever

the YUI.YAHOOAPIS script HACKER hole:

http://ubuntuforums.org/archive/index.php/t-1103243.html

March 22nd, 2009, 07:58 PM
Why is it that, whenever I navigate to a link on this site, my computer transfers data to/from yui.yahooapis.com (http://yui.yahooapis.com)? Is the owner of this site secretly sharing our user info with a mysterious third party. (Ooo-Eee-Ooo)

If you go to that address, you'll find it is 404 Not Found... according to Yahoo! The site yahooapis.com (http://yahooapis.com) leads to developer.yahoo.com (http://developer.yahoo.com), which is home page for the Yahoo Developer Network.

Why this data transfer with Yahoo developers? Inquiring minds want to know.

A. cardinals_fan
March 22nd, 2009, 08:07 PM
http://ubuntuforums.org/showthread.php?t=904808

In short, it lets the admins host javascript off the forum servers.



A. Mehall
March 22nd, 2009, 08:26 PM
Thanks, sisco311 and cardinals_fan.

But get this: try to navigate to yui.yahooapis.com (http://yui.yahooapis.com) and you get 404 Not Found error. That address is no longer extant. So why continue sending data there?

404 = no index.html home.html .php, .aspx, etc, etc.

Just because something has nothing to show to you, doesn't mean it's not doing anything.
Polygon




Polygon
March 23rd, 2009, 06:01 AM
yeah, yahooapis is similiar to googleapis.com, it just has some useful javascript api's that people can link to and use without having to write their own.

and a 404 means its just not responding to a http request, it doesn't mean it doesn't respond to other types of requests.

¤=[Post Update]=¤

http://www.overclock.net/t/1174721/yui-yahooapis-com-what-is-it

yui.yahooapis.com - what is it?

yui.yahooapis.com - what is it?

I'm just wondering, because when I'm staring at my screen and waiting 12-20 seconds for the page to finish loading, that's what it sometimes says it's waiting for.

Edit: As requested, I'm attaching page load times to most of my posts. Fasterfox reports this one took 6.8 seconds to load. Not bad!

Weird. After editing this post, the edit isn't showing up for me when I view the thread?
Edited by Kramy - 11/27/11 at 2:21am

¤=[Post Update]=¤

http://www.foxnews.com/tech/2014/02/03/facebook-google-yahoo-reveal-details-nsa-surveillance/

Facebook, Google, Yahoo reveal details of NSA surveillance
Published February 03, 2014FoxNews.com

The Internet’s biggest companies have released a sliver of new information on the government’s national security requests, a small bit of fresh data about the widespread surveillance that has shaken the public’s belief in online privacy.

A compromise brokered last week between the Justice Department and Google, Microsoft, Yahoo, Facebook, and LinkedIn allowed those companies to at last release some information about the number of requests for information the government served through Foreign Intelligence Surveillance Act (FISA) courts. Before the deal, the law stipulated that surveillance agencies could demand users’ personal information and bar a company from even discussing the request.

"Last summer’s revelations about government surveillance remind us of the challenges that secrecy can present to a democracy that relies on public debate,” wrote Google’s Richard Salgado, legal director, law enforcement and information security, in a blog post about the new data.

The new information doesn’t reveal a great deal.

Google said that it received somewhere between 0 and 999 requests every six months under the law; the number of users or accounts the court sought data on varied, and was never presented specifically Among requests in which user information was demanded, the most data was sought between July and Dec. of 2012 -- somewhere between 12,000 and 13,000 users.

Google admitted that the information was helpful, but not complete.

“We still believe more transparency is needed so everyone can better understand how surveillance laws work and decide whether or not they serve the public interest,” Salgado wrote.

Data from the other companies revealed similar snippets of information, again limited to data bands of 1,000. Requests peaked from Jan. to June of 2013, when Yahoo was served between 0 and 999 requests for information on as many as 30,999 user accounts.

In similar posts, LinkedIn, Facebook and Microsoft offered some information on FISA requests, and said they would push to be allowed to publish more. All companies noted that the new data was at least a step in the right direction.

“Yahoo will continue to protect the privacy of our users and to ensure our ability to defend it,” wrote Ron Bell, general counsel, and Aaron Altschuler, associate general counsel, law enforcement and security, in a blog post on the company’s Tumblr site. “This includes advocating strenuously for meaningful reform around government surveillance, demanding that government requests be made through lawful means and for lawful purposes, and fighting government requests that we deem unclear, improper, overbroad, or unlawful.”

___________________________

I KNO WUT U GOOGLED LAST SUMMR

If I didn't know better, I'd think people were afraid to give thumbs up to an NSA thread, LOL

Just kidding, i understand -- :)

*pokes NSA in the eye* stop staring

i guess that alot of people dont know it may be illegal for "our" ptb to gather info directly on us without reason and legal channels (usually, i mean as far as we know)) , but its not illegal for other counties to gather whatever info and how much data they want to gather on who ever right out of the sky from satellites, then trade it back to us for our gathered info on who ever we may have gathered data on, i dunno i just heard it used to work that way, prolly things are way different now a days .......right .

http://money.cnn.com/2014/03/21/technology/security/microsoft-email/index.html?hpt=hp_t2

Microsoft defends its right to read your email
By Jose Pagliery @Jose_Pagliery March 21, 2014: 12:47 PM ET

http://i2.cdn.turner.com/money/dam/assets/140321110105-microsoft-hotmail-620xa.jpg

NEW YORK (CNNMoney)
Microsoft is defending its right to break into customers' accounts and read their emails.

The company's ability -- and willingness -- to take such an approach became apparent this week. Microsoft (MSFT, Fortune 500) admitted in federal court documents that it forced its way into a blogger's Hotmail account to track down and stop a potentially catastrophic leak of sensitive software. The company says its decision is justified.

From the company's point of view, desperate times call for desperate measures.

"In this case, we took extraordinary actions based on the specific circumstances," said John Frank, one of the company's top lawyers, in a blog post Thursday night.

According to an FBI complaint, Microsoft in 2012 discovered that an ex-employee had leaked proprietary software to an anonymous blogger. Fearing that could empower hackers, Microsoft's lawyers approved emergency "content pulls" of the blogger's accounts to track it down. Company investigators entered the blogger's Hotmail account, then pored over emails and instant messages on Windows Live. The internal investigation led to the arrest on Wednesday of Alex Kibkalo, a former Microsoft employee based in Lebanon.

Although the move could be perceived as a breach of trust, Microsoft says it's allowed to make such unilateral decisions. It pointed to its terms of service: When you use Microsoft communication products -- Outlook, Hotmail, Windows Live -- you agree to "this type of review ... in the most exceptional circumstances," Frank wrote.

Microsoft's legal team thought there was enough evidence suggesting the blogger would try selling the illegally obtained intellectual property. In such instances, law enforcement agents would typically seek a warrant, but Microsoft said it didn't need one. The servers storing the information are on its own property.

Ginger McCall, a director at the Electronic Privacy Information Center, said those actions are deeply troubling, because they show "Microsoft clearly believes that the users' personal data belongs to Microsoft, not the users themselves."

"This is part of the broader problem with privacy policies," she said. "There are hidden terms that the users don't actually know are there. If the terms were out in the open, people would be horrified by them."

Microsoft recognizes that it's a sensitive topic, especially as the nation grapples with revelations about the extent of warrantless surveillance on Americans by their own government -- spying that Microsoft and other major tech companies have loudly criticized.

That's why Microsoft is instituting a new policy: In the future, it'll loop in an outside lawyer who's a former federal judge and seek his or her approval.

In a move that might be deemed ironic, Microsoft will now add its own internal searches to its biannual transparency reports on government surveillance.


First Published: March 21, 2014: 11:40 AM ET

UGHHHHHHHHHHHH Yahoo is so sucky.



Most reported problems:

Read mail (41%)
Log-in (35%)
Send mail from Yahoo (23%)



We're experiencing some technical difficulties...

We’re sorry, but Yahoo Mail can't load due to a temporary error. You can try back again shortly, or visit our help pages for ways to troubleshoot the issue.
Temporary error: 15
Visit Help for troubleshooting instructions



ARGH!!!!!!!!

Heads up: Yahoo! server failures and squirrelly failures/censorship at an all time high today (at least on my end)

last night some ISP issues that spontaneously resolved.

I feel that certain folks could very well be under attack this week (truthers) and TPTB are trying to wear us down on multiple fronts before another 'storm hits the world.

Don't let these animals get ya down, guys, and consider changing from yahoo to a better provider,
these people are just a mainline for Spooks IMO.

it's been getting progressively crappier ever since the CEO made her NSA claims.
not sure if the company is getting bad feedback or what is going on.

hate to sound paranoid but i think it is possible political.
was discussing some very sensitive things recently (last 24) and I am under cyberattack today (although minor)



these little things, to make you feel "gaslighted" as Flash put it once,
they sting and disorient and feel like personal failures but it's the System failing.

Yet another evening of Yahoo! MAIL being the only site that won't work tonight.

What on earth could be going on w/ their garbage lol :(

never in my life seen this type of constant error/server down etc with any email.
even the military crap was better than yahoo! has been this week.


tsk not even considering the programs they let in the door,
Yahoo just sucks period.