STE WILLIAMS

Win a top of the range HP Spectre laptop

A Palestinian IT graduate has had his account disabled and been told he won’t be paid a bug bounty after demonstrating a Facebook security vulnerability by posting an image into Mark Zuckerburg’s timeline.

As explained in this blog post, Khalil Shreateh discovered a vulnerability that allows an attacker to post images into someone else’s timeline, even though they’re not in the target’s friend list.

Shreateh claims he tried to report the problem to Facebook’s security account twice. The problem, however, was that since Facebook’s team wasn’t friends with the target account he used to demonstrate the bug, they could not see the links he provided.

To try and escalate the issue, Shreateh then took what might be regarded as the “nuclear option” and posted an image into Mark Zuckerburg’s timeline, providing the link to Facebook as proof of the bug. He was then contacted by Facebook security engineer Ola Okelola requesting details of the vulnerability, which he provided.

This is where things went sour: because demonstrating the vulnerability constitutes a violation of Facebook’s terms of service, Shreateh had his account suspended. The same ToS violation was given as the reason that Shreateh won’t be paid under Facebook’s bug bounty.

Shreateh’s replay of the bug is in the video below. ®

Watch Video

Win a top of the range HP Spectre laptop

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/18/bugfinder_chucked_for_posting_to_zuck/

Win a top of the range HP Spectre laptop

The Brazilian partner of Guardian journalist Glenn Greenwald – Edward Snowden’s go-to reporter for the dissemination of sensitive papers about the NSA’s dragnet surveillance programmes – has been released from custody. The 28-year-old was held for almost nine hours for questioning by Metropolitan Police officers when he passed through London’s Heathrow Airport en route to Brazil on Sunday night.

David Michael Miranda was stopped and questioned under the Terrorism Act 2000. He was held for nine hours, the maximum allowed before police are obliged to arrest someone under that legislation.

Miranda was released without charge but investigators seized his mobile phone, laptop, memory sticks, DVDs and a game console.

The 28-year-old had spent the previous week in Berlin, where he stayed with Laura Poitras, the US filmmaker who has worked with Greenwald on the Snowden files. Miranda was detained on his way back home to Rio de Janeiro. The Guardian has admitted that it paid for his flights, so it would be reasonable to speculate that Miranda’s trip was concerned with Greenwald and Poitras’ work with the paper on Snowden’s revelations.

The legal grounds for his detention are currently being disputed by Labour MP Keith Vaz, among others, who told Radio 4 he was concerned about the apparent use of “terrorism legislation for something that does not appear to relate to terrorism”.

The chances are, however, that terrorism legislation was used simply because the police officers concerned came from what is now known as the Counter Terrorism Command (SO15) of the Metropolitan Police. This organisation absorbed the former Special Branch (SO12) on being formed in 2006.

One of the functions of Special Branch was (and still is under the CTC) to employ police powers in support of the British intelligence and security services. As the spooks have no power of arrest, detention or seizure themselves, when they need such things done the CTC (or, occasionally, Special Branch officers from regional forces) handle the matter. Miranda might have been stopped and his kit seized using a variety of different legislation, but CTC coppers these days are probably most familiar with the Terrorism Act.

Vaz added that he was not aware that personal property could be confiscated under the laws. Schedule 7 of the Terrorism Act 2000 does provide for the search of goods and for their seizure (11.1) but only if the individual being searched fulfils the identified criteria for a “terrorist” under section 40 of the Terrorism Act 2000.

Under the law, Miranda should get his kit back within seven days unless it is used as evidence in criminal proceedings, but Tor project developer Jacob Appelbaum was not so lucky. When US Immigration and Customs Enforcement officials seized his electronic kit back in 2010 – purportedly due to his involvement with WikiLeaks – it was never returned. Many other people have had kit containing data likely to be of interest to intelligence agencies seized at airports (or elsewhere) by Special Branch cops or their overseas equivalents over the years. This is a routine hazard for people of interest to spooks or serious police investigations, and it could be seen as a little odd that Greenwald, Miranda and Poitras didn’t anticipate it.

Greenwald described the detention of his partner as a “failed attempt at intimidation”.

“To detain my partner for a full nine hours while denying him a lawyer, and then seize large amounts of his possessions, is clearly intended to send a message of intimidation to those of us who have been reporting on the NSA and GCHQ,” Greenwald told The Guardian.

In fact, however, it seems more likely that the spooks were primarily interested in any information they may be able to harvest from Miranda’s gadgetry, which might give them a better picture of what yet-to-be-published information Snowden has passed to Greenwald and/or Poitras. It’s known that Snowden has held back a lot of what he has – but not exactly what. The British spooks and their colleagues in the USA will be very interested in just what further revelations are (and are not) to be expected, far more than in the limited amount of deterrent effect one could achieve against the world’s journalists with the example of a 9-hour interrogation at Heathrow.

The Brazilian foreign ministry issued a statement criticising Miranda’s “unjustified” detention. “The Brazilian government expresses grave concern about the episode that happened today in London, where a Brazilian citizen was held without communication at Heathrow airport for 9 hours, in an action based in the British anti-terrorism legislation,” it said.

“This measure is without justification since it involves an individual against whom there are no charges that can legitimate the use of that legislation. The Brazilian government expects that incidents such as the one that happened to the Brazilian citizen today [are] not repeat[ed].” ®

Win a top of the range HP Spectre laptop

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/19/greenwald_partner_detention_outrage/

Win a top of the range HP Spectre laptop

David Miranda, the partner of a journalist at the heart of the Edward Snowden NSA surveillance firestorm, handed over to British intelligence the crypto passwords for digital files they seized from him when he stopped over in the UK en route from a meeting with a US film-maker who was also involved with the Snowden disclosures. It has also emerged that the US government was aware that the British intelligence services intended to target Miranda during his journey.

“There was a heads up that was provided by the British government,” said Josh Earnest, the principal deputy White House press secretary, at a press conference

“This is something we had an indication that was likely to occur,” he said, “but it’s not something that we requested, it was something that was done by British law enforcement officials. The United States was not involved in that decision or in that action.”

Earnest didn’t say if the US had received copies of the information taken from Miranda during his questioning, and when asked to rule out any receipt, Earnest replied, “I’m not in a position to do that right now.”

Miranda is the partner of Glenn Greenwald, the Guardian journalist who has been instrumental in revealing information on highly secret, massive internet surveillance by the United States’ NSA and Britain’s GCHQ electronic-intelligence agencies. Miranda was stopped and interrogated by British police during a stopover at Heathrow airport while flying from Germany back to his and Greenwald’s home in Brazil at the Guardian‘s expense. He had travelled to Germany to meet with Laura Poitras, an American film-maker also involved in the Snowden leaks.

The Brazilian government has torn a strip off the UK government over the interrogation, calling the detention of one of its citizens “without justification” in a statement, and saying it does not want a repeat of the incident.

The detention has caused a political storm in the UK, with British MP Tom Watson saying it was a clear attempt at intimidation and an attack on journalism. The Prime Minister’s office has declined to answer questions on the detention, saying it was an “operational matter” for the police.

David Anderson, the UK’s independent reviewer of terrorism legislation, said that the case was “unusual,” since of the 60,000 to 70,000 people stopped under Schedule 7 each year, only 40 have been held for more than six hours. Anderson also said that he had requested a ministerial briefing on the case. British police say that the detention of Miranda was “legally and procedurally sound.”

Glenn Greenwald and David Miranda (right) reunited in Rio

In his first interview since arriving safely in Brazil, Miranda said that he was forced to hand over the passwords for his laptop and mobile phone after British police officers threatened him with prison if he refused. Also taken were an external hard drive, two memory sticks, a games console, and two newly-bought watches and phones which were still in their packaging.

“They were threatening me all the time and saying I would be put in jail if I didn’t co-operate,” said Miranda. “They treated me like I was a criminal or someone about to attack the UK … It was exhausting and frustrating, but I knew I wasn’t doing anything wrong.”

Miranda said that as soon as his plane landed at Heathrow, passengers were asked to display their passports, and that the second he stepped off the aircraft he was detained by four officers. He was then held for nine hours, the maximum allowed under Schedule 7 of the 2000 Terrorism Act.

Despite this, Miranda said he wasn’t asked about terrorism by his British interrogators. Instead, he was extensively quizzed about his visit to Berlin-based filmmaker Laura Poitras, the activities of his partner Glenn Greenwald, and if there were plans to publish more papers from the NSA whistleblower Edward Snowden.

“They even asked me about the protests in Brazil, why people were unhappy, and who I knew in the government,” said Miranda.

After nine hours of questioning, Miranda was informed that he was free to leave for a connecting flight to his home in Brazil. Since he’d missed his connection, and another flight wasn’t scheduled for a while, the police released him onto British soil.

“It was ridiculous,” he said. “First they treat me like a terrorist suspect. Then they are ready to release me in the UK.” ®

Win a top of the range HP Spectre laptop

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/20/british_gave_us_heads_up_over_interrogation_of_snowden_hacks_partner/

Win a top of the range HP Spectre laptop

LastPass has patched a flaw that meant Windows versions of its password-management software were capable of leaking login credentials that had been auto-filled into fields by its password manager.

The bug – which affected Internet Explorer users on Windows only – meant that an attacker who managed to obtain a memory dump of Internet Explorer would be able to extract unencrypted password strings.

“This is the same sort of attack that we have written about frequently in the context of banking malware,” writes security researcher Paul Ducklin on the Sophos security blog.

Pulling off the attack would normally require either physical access to a targeted machine or an attack involving the planting of malware on a mark’s PC, a level of compromise that makes most security protections redundant.

LastPass resolved the issue with a security update that also comes with a variety of performance enhancements and other tweaks. The relevant portion of the advisory explains: “Resolved: Security issue with IE exclusively while logged in to LastPass only: Prevent IE from adding passwords to in memory decryption cache”.

The security fix is one of 18 items in LastPass v2.5.0/1/2, which also offers improved synchronisation and support for upcoming versions of Windows 8 and Internet Explorer 11.

The issue was first unearthed by a reader of PC Mag (story here). ®

Win a top of the range HP Spectre laptop

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/20/lastpass_security_update/

Win a top of the range HP Spectre laptop

Blogger Pamela Jones will shut down her award-winning legal news website Groklaw following revelations that the NSA is intercepting the world’s internet communications.

Jones, also known as PJ, said in a final farewell article that the shutdown of encrypted email provider Lavabit, used by whistleblower Edward Snowden, had prompted her decision to discontinue the site.

“The owner of Lavabit tells us that he’s stopped using email and if we knew what he knew, we’d stop too,” she said. “There is no way to do Groklaw without email. Therein lies the conundrum.”

Recounting the time her apartment in New York was burgled and how she felt her privacy had been violated as a result, Jones added: “I feel like that now, knowing that persons I don’t know can paw through all my thoughts and hopes and plans in my emails with you.”

Ladar Levison, Lavabit’s owner, closed down his firm after being served with a secret federal court order, which likely sought to induce him to hand over information on Snowden to investigators working on the case.

“I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit,” Levinson said in a statement on the firm’s homepage. “After significant soul searching, I have decided to suspend operations.”

Jones gave similar reasons for shutting down Groklaw, saying there was no way to shield website operators from “forced exposure”.

“The foundation of Groklaw is over. I can’t do Groklaw without your input. I was never exaggerating about that when we won awards. It really was a collaborative effort, and there is now no private way, evidently, to collaborate,” she wrote.

Groklaw started as a law blog just over ten years ago and covered technology-related legal issues surrounding software patents and illegal file sharing, court action against Linux and open-source software (notably the epic battles of SCO v IBM et al), and copyright issues. ®

Win a top of the range HP Spectre laptop

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/20/groklaw_to_shut_down/

Win a top of the range HP Spectre laptop

GCHQ spooks reportedly rocked up at The Guardian‘s London headquarters and oversaw the destruction of some computer hardware – because the machines may have stored copies of documents leaked by whistleblower Edward Snowden.

The move came after the newspaper’s editor-in-chief Alan Rusbridger refused to comply with demands to return material leaked to the newspaper by Snowden, who has blown the lid off the NSA’s controversial global internet dragnets. Top-secret information on America’s surveillance operations provided by Snowden was revealed to the world in a series of articles published by the paper.

Battle-hardened by its experience as a media ally of WikiLeaks three years ago – when the left-wing organ played a part in disseminating classified Afghanistan war logs and other sensitive American documents – The Guardian ran its reporting of the Snowden affair from its US offices, rather than the UK where press laws are tougher and pre-publication injunctions rampant.

But this failed to deter British spooks, Rusbridger explained:

The mood toughened just over a month ago, when I received a phone call from the centre of [the UK] government telling me: “You’ve had your fun. Now we want the stuff back.” There followed further meetings with shadowy Whitehall figures. The demand was the same: hand the Snowden material back or destroy it. I explained that we could not research and report on this subject if we complied with this request. The man from Whitehall looked mystified. “You’ve had your debate. There’s no need to write any more.”

Yet there was more to follow, as demands from Blighty’s g-men went even further, the spooks seemingly unaware that Guardian staff are capable of backing up files off-site. Rusbridger added:

I explained to the man from Whitehall about the nature of international collaborations and the way in which, these days, media organisations could take advantage of the most permissive legal environments. Bluntly, we did not have to do our reporting from London … The man was unmoved. And so one of the more bizarre moments in the Guardian’s long history occurred – with two GCHQ security experts overseeing the destruction of hard drives in the Guardian’s basement just to make sure there was nothing in the mangled bits of metal which could possibly be of any interest to passing Chinese agents. “We can call off the black helicopters,” joked one as we swept up the remains of a MacBook Pro.

The bespectacled editor said the destruction of his newspaper’s kit, which he describes as a “peculiarly pointless piece of symbolism”, satisfied Whitehall. He related the episode for the first time on Monday in a piece defiantly stating that the destruction of the computers will have a limited effect on the Guardian‘s reporting of NSA and GCHQ surveillance – in fact, just as much effect as the seizure of a laptop, phones, hard drives and camera from David Miranda, the partner of Guardian journalist Glenn Greenwald, over the weekend.

Miranda was held by anti-terror cops for nine hours and his digital equipment seized at London Heathrow airport, as the Brazilian was en route to Rio de Janeiro from a meeting in Berlin with Laura Poitras, the US filmmaker who has worked with Greenwald on the Snowden files. The Guardian paid for Miranda’s flight.

This sort of mission has become a regular occurrence according to Rusbridger, who said Guardian hacks and their associates are flying around the world to have face-to-face meetings about the Snowden leaks, essentially because they have lost faith in the security of any form of electronic communication.

“It would be highly unadvisable for Greenwald (or any other journalist) to regard any electronic means of communication as safe,” Rusbridger explained. “The Guardian’s work on the Snowden story has involved many individuals taking a huge number of flights in order to have face-to-face meetings. Not good for the environment, but increasingly the only way to operate. Soon we will be back to pen and paper.”

It’s unclear how many machines were involved in the smash-up operation, or how they were selected. In follow-up responses to readers, Rusbridger doesn’t get into specifics but does say that no drives were actually seized for forensic examination. He’s keen to portray the whole exercise as both petty and futile.

“They never touched the hard drives, so, no they got nothing from them,” Rusbridger said. “We explained to the UK government on a number of occasions that there were other copies not on UK soil.” ®

Win a top of the range HP Spectre laptop

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/20/snowden_drives_destruction_gchq_tempora/

Win a top of the range HP Spectre laptop

Microsoft made a second attempt to cleanly patch an “important” security flaw in its Active Directory Federation Services technology on Monday – days after yanking the original update for causing stability problems.

The original MS13-066 upgrade caused the active directory service to stop working entirely in some cases. The second iteration of the security patch is, we are assured, a much more stable fix.

Bear in mind it should applied to server software usually run within enterprise environments to provide corporate users with Single Sign-On access to internet applications and the like.

“As the vulnerability it was attempting to fix had only been privately reported, and was not believed to be being exploited in the wild, it’s possible that the fix had actually turned into a bigger problem than the one it was attempting to solve – on Windows Server 2008 systems at least,” notes security watcher Graham Cluley.

The withdrawal of security updates by Redmond is rare but not unprecedented: August’s Patch Tuesday suffered a similar cock-up, forcing Redmond to withdraw a dodgy update for Exchange Server 2013 after it emerged the critical security patch broke the mail indexing service. MS13-061 worked fine on Exchange 2007 and 2010 but not on the latest version of Microsoft’s email server software.

The update grapples three vulnerabilities in Microsoft Exchange that stem from bugs in the third-party library Outside In; this is licensed from Oracle and allows Web Access users to view PDF files and such stuff. Exchange Server 2013 users are advised to turn off the functionality as a workaround pending the availability of a working security update. ®

Win a top of the range HP Spectre laptop

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/20/ad_security_fix_reissued/

Win a top of the range HP Spectre laptop

A hacker calling himself the “Mauritania Attacker” claims he has compromised every Twitter user account on the planet – and leaked the OAuth tokens for thousands of Turkish tweeters.

Meanwhile, a security researcher claims to have obtained similar details by creating a fake app that masqueraded as Twitter’s own third-party client, Tweetdeck.

The Mauritania Attacker’s token dump reveals OAuth data rather than passwords. The miscreant boasted to Indian security site Techworm that he had access to the “entire database of users on Twitter” and that “no account is safe”.

The attacker has leaked more than 15,000 account details onto file-sharing service Zippyshare. He also claims to have the “oauth_token secret codes” which, he says, will allow him to log directly into victims’ accounts.

On cursory inspection, at least, the authentication tokens look genuine. The circumstances of the hack suggest that leak stems from a hacked third-party app rather than Twitter itself.

Matters would be a lot worse if actual passwords were leaked, in which case Twitter would be obliged to reset passwords to avoid account hijacking on a grand scale. As things stand, it might still be a good idea to reset access to connected third-party apps.

“The details, which appear to be genuine, do not include passwords,” writes David Meyer on tech analysis blog GigaOM. “They do include OAuth tokens, though, so Twitter users should probably revoke and re-establish access to connected third-party apps.”

‘Twitter’s implementation of OAuth2 is vulnerable many weeks ago’

OAuth tokens that are used to connect Twitter accounts to third-party services without obliging users to hand over passwords. Issues with the technology are not uncommon. For example, security researcher Kelker Ryan warned Twitter’s implementation of OAuth2 is vulnerable many weeks ago.

He was unable to get a response from Twitter and The Register passed his research to representatives of the micro-blogging firm with a request to bring it to the attention of techies two weeks ago.

We’ve yet to hear back from Twitter, but the latest claims of a hack ought to ought to be enough to prompt a deeper investigation into the issue in general. It’s unclear whether or not Mauritania Attacker exploited the vulnerability discovered by Ryan, though the security researcher suspects that this is at least possible.

“I don’t know anything about that in terms of the person who did it, but I imagine that my post gave a few people some ideas and they took advantage of the Twitter vuln by using APIs to request information from accounts without needing any user interaction,” Ryan told El Reg. “I would have to play around a bit to see if it’s possible, but I don’t see why it wouldn’t be.”

“The vuln that I wrote about on coderwall.com allows for anyone’s application to trick the Twitter service into thinking that the application request are authentically coming from the TweetDeck application,” he added.

A more detailed explanation of a compromised OAuth consumer secret uncovered by Ryan can be found on Stack Overflow.

However Mikko H. Hypponen, chief research officer at F-Secure, said that based on the leaked credentials the attack is probably the result of a phishing attack targeting Turkey. “My guess: it’s some phishing attack on a Turkish site,” Hypponen told El Reg. “Look how many of the accounts they list have a reference to Turkey. Even the ones which don’t have an obvious link to Turkey in name seem to be from Turkey.”

We passed on claims of a hack against OAuth tokens to Twitter but are yet to hear back. We’ll update this story as and when we hear more.

Mauritania Attacker founded a hacktivist collective called AnonGhost, which has so far specialised in hacking and defacing the websites of US and British firms and the oil industry, GigaOM adds. ®

Win a top of the range HP Spectre laptop

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/20/twitter_oauth_token_hack/

Win a top of the range HP Spectre laptop

A Palestinian IT student who spotted a serious security flaw in Facebook’s coding – but was denied payment for it and booted off the social network – could be getting as much as $10,000 after members of the security community rallied around and set up an online compensation fund.

Khalil Shreateh found a bug that allowed an attacker to post images on anyone’s Facebook page, and reported it to the company’s security team twice. Initially Facebook’s security team denied it was an issue, so he demonstrated the hack by posting up a picture on Mark Zuckerberg’s page and a blog post explaining how he did it.

This immediately got Facebook’s attention and the security team got in contact with him to get the full details on the bug. However, they also informed him (correctly) that by posting the picture he had broken Facebook’s Terms and Conditions and would be both ejected from Facebook and denied the $500 that the company usually pays as a bug bounty, as explained by Facebook’s Matt Jones in a posting on the forums of Hacker News.

“In order to qualify for a payout you must ‘make a good faith effort to avoid privacy violations’ and ‘use a test account instead of a real account when investigating bugs. When you are unable to reproduce a bug with a test account, it is acceptable to use a real account, except for automated testing. Do not interact with other accounts without the consent of their owners’,” Jones wrote.

“Unfortunately, the OP did neither of those things. We welcome and will pay out for future reports from him (and anyone else!) if they’re found and demonstrated within these guidelines.”

This has stuck in the craw of many in the security industry, and Marc Maiffret, CTO at security and compliance firm BeyondTrust, set up an online appeal to compensate the Palestinian student. The goal was a $10,000 donation, and the fund has already raised $9,140 in less than 24 hours and looks set to easily reach its target.

“Khalil Shreateh found a vulnerability in Facebook.com and, due to miscommunication, was not awarded a bounty for his work,” Maiffret said. “Let us all send a message to security researchers across the world and say that we appreciate the efforts they make for the good of everyone.”

In a blog post, Facebook’s chief security officer Joe Sullivan apologized to Shreateh and said that the company will change the way it handles bug reports in light of the affair. Sullivan said that the team would improve its submission guidelines for bugs and tightening up its email procedures.

“I’ve reviewed our communication with this researcher, and I understand his frustration. He tried to report the bug responsibly, and we failed in our communication with him,” Sullivan said. “We get hundreds of submissions a day, and only a tiny percent of those turn out to be legitimate bugs. As a result we were too hasty and dismissive in this case.”

But Sullivan stood by the decision not to hand the student any bounty for his bug, on the grounds that he had compromised the security or privacy of other people (i.e., CEO Mark Zuckerberg), but did add he’d be happy to pay for other, properly-submitted bug reports. ®

Win a top of the range HP Spectre laptop

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/20/palestinian_facebook_flawfinder_getting_10000_payday_in_online_appeal/

Win a top of the range HP Spectre laptop

Intel has created a Hadoop-based rig that analyses just about every network event in the company – four to six billion of them on business days – in close to real time so it can spot threats including industrial espionage.

Intel officials declined to name the tool, saying it would not be “productive” to disclose its name, but said it was created by an 80-strong team of big data specialists working from its Israel offices and makes extensive use of Apache Hadoop. Ron Kasabian, Chipzilla’s general manager of Big Data, said the tool was developed because conventional malware detection tools – even those from Intel’s security-focussed subsidiary McAfee – can’t find the especially novel or subtle attacks Intel fears.

Kasabian described the tool as analysing “every access request by every employee, every time they access a file, sharepoint, email or ERP”. Watching all those activities is important because Intel’s intellectual property like product designs and manufacturing processes must be very closely guarded.

Moty Fania, Chipzilla’s principal engineer for big data analytics and a member of the team that built the tool, told The Reg the software collects data from many devices around Intel’s global networks, aggregates them and then analyses the results in close to real time.

“We were able to find with quite significant precision malicious activity that no other tool could find, with very high true positives across very, very large volumes of data,” Fania said.

Intel didn’t reveal details of the hardware powering the snooper, but did say it may consider releasing the software’s code and design to McAfee for conversion into a commercial product. If that happens, Fania feels it will be a tough sell as his team enjoyed easy access to Intel’s innards. A third party, he opined, may not enjoy the same level of open access to would-be clients and may therefore struggle to tune the tool to optimal effectiveness.

All is not lost, however, as Intel feels the work it did to build the tool has wider applications. Speakers at Intel’s Big Data and Cloud Summit in Ho Chi Minh City^* made several references to an un-named “second tier Chinese city”^** that has installed eight video cameras in every set of traffic lights. Intel feels the resulting data, when scaled across the city, resembles the challenge posed by monitoring its own networks to a sufficient degree that its work on the un-named security tool may be applicable elsewhere.

Those with suspicious minds may wonder if that “elsewhere” includes somewhere like the NSA, which has famously been revealed to be practising wide-scale collection and rapid analysis of data.

The Reg is in no way suggesting Intel is conducting surveillance of its staff, any third parties or is assisting any other entity to do surveil anyone. But given Edward Snowden’s revelations about PRISM and other NSA programs, this un-named tool’s capabilities represent an interesting proof of concept for ubiquitous surveillance being comfortably achievable with the resources of a colossal and technology-savvy multinational. Governments may struggle to match Intel for the latter quality, but probably have rather more people and money to throw at the problem than the 80 folks and “millions of dollars” we were told Chipzilla put to work on this project. ®

^*The author attended the summit as a guest of Intel, which paid for flights and accommodation.

^** Four Chinese cities – Shanghai, Beijing, Guangzhou and Shenzhen – are considered first tier. The Middle Kingdom has more than 150 cities with populations over a million. Second tier cities include Chongqing (pop 10m) and Chengdu (pop 5.5m), the local governments of which would both represent top-tier customers for most enterprise vendors.

Win a top of the range HP Spectre laptop

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/21/intel_bakes_supersnooper_to_stop_industrial_espionage/