Sean Gallagher

Facebook, the security company

Joe Sullivan, Facebook’s chief security officer explained the company’s PrivateCore deal as an investment in Facebook’s future -- especially when viewed within the context of the company’s Internet.org effort to bring affordable Internet access (and Facebook) to the still-unwired parts of the planet.

The technology PrivateCore is developing, vCage, is a virtual “cage” in the telecom industry’s usage of the word. It is software that is intended to continuously assure that the servers it protects have not had their software tampered with or been exploited by malware. It also prevents physical access to the data running on the server, just as a locked cage in a colocation facility would.

Air Force research: How to use social media to control people like drones

The Department of Defense has invested millions of dollars over the past few years investigating social media, social networks, and how information spreads across them.

While Facebook and Cornell University researchers manipulated what individuals saw in their social media streams, military-funded research -- including projects funded by the Defense Advanced Research Projects Agency's (DARPA) Social Media in Strategic Communications (SMISC) program -- has looked primarily into how messages from influential members of social networks propagate.

One study, funded by the Air Force Research Laboratory (AFRL), has gone a step further. The research demonstrates that the mathematical principles used to control groups of autonomous robots can be applied to social networks in order to control human behavior.

Tapped in: How your phone gives you up to companies and criminals

[Commentary] A lot has been done to secure major Web services and Internet applications, particularly on the PC. But one of the lessons we have learned was that for every data leak that has been plugged by the major websites, another springs up on mobile.

And mobile devices are the ones that face the greatest risk of surveillance and attack -- not so much from the National Security Agency, but from companies and criminals looking to track and target individuals on a smaller scale.

Public Wi-Fi has become an integral part of how mobile devices’ apps work. Apple and Google have both configured their mobile services to leverage Wi-Fi networks to improve their location services, and mobile and broadband companies offer public (and unencrypted) Wi-Fi networks to either offload users from their cellular data networks or extend the reach of their wired network services. Comcast, for example, has been expanding its Xfinity broadband networks by turning access points at homes and businesses into public Wi-Fi hotspots for subscriber access.

That’s great for customers’ convenience, but it also opens up a potential vector of attack for anyone who wants to get in the middle of broadband users’ Internet conversations. We demonstrated one potential Wi-Fi threat during our testing -- using a rogue wireless access point broadcasting the network ID (SSID) “attwifi” prompted AT&T iPhones and Android devices with default settings to automatically connect to them.

How the NSA turns back the clock on phone taps without choking on data

National Security Agency documents released by The Washington Post gave a glimpse of an NSA program that allows the agency to capture the voice content of virtually every phone call in an unnamed country and perform searches against the stored calls’ metadata to find and listen to conversations for up to a month after they happened.

Just as the NSA and GCHQ have used Xkeyscore to make it possible to search through torrents of Internet traffic captured by its Turmoil monitoring systems scattered around the world, a system called Retrospective (or Retro) allows analysts to search through phone calls that are up to 30 days old based on call metadata.

Originally developed for the NSA’s Mystic international telephone monitoring effort as a “one-off” capability, Retro may now be used in a number of other countries, scooping up calls that undoubtedly include ones that have nothing to do with the NSA’s foreign intelligence goals.

Of course, whether that capture can be considered monitoring comes down to semantics. In the NSA’s reasoning, it’s not “surveillance” until a human listens in. And since most of the calls accessible by Retrospective are flushed from its “cache” after a month without being queried, the NSA could argue that the calls have never been surveilled.

New NSA chief explains agency policy on “zero-day” exploits to Senate

In response to a series of questions posed before his confirmation hearing in front of the Senate Armed Services Committee, National Security Agency director nominee Vice Admiral Michael Rogers said that the NSA is working with the White House to create a process to determine what to do with zero-day vulnerabilities that the agency uncovers.

In his response to the questions, posted on the Armed Services Committee’s website, Adm Rogers acknowledged that some of those bugs are kept secret by the NSA for “purposes of foreign intelligence.” But he added that the NSA always had a process for handling information on flaws it discovers in commercial software and hardware, and more often than not, the agency discloses the vulnerabilities discovered in products to their developers or manufacturers.