June 22, 2017
June 22, 2017
You may notice a change in the format of today's UNM4SK3D Cyber Security News. Cybrary wants to hear from you! Do you prefer a shorter newsletter focused on 1 topic or the extended version featuring 3 main topics? Comment below with your feedback.
#githubIn light of the Vault 7 documents released by Wikileaks, the NSA, which is known for its' secrets, recently launched an official GitHub page. Hackers and coders rejoice! You most likely know GitHub, but for those who don't, it is an online service designed for sharing code amongst programmers and open source community. Since the Edward Snowden leaks, the NSA has moved away from complete anonymity to a slightly more public-facing agency, first by joining Twitter, and now GitHub. Typically, the NSA employs the most brilliant coders and mathematicians, who have developed tools like EternalBlue which if used with malicious intentions can cause serious damage, but aside from manipulating vulnerabilities, the agency develops some useful security tools. Currently, the NSA has posted 32 projects as part of the NSA Technology Transfer Program (TTP), while others are 'coming soon.'In this list from The Hacker News, some of the NSA's open source projects are listed:
- Certificate Authority Situational Awareness (CASA): A simple tool that identifies unexpected and prohibited certificate authority certificates on Windows systems.
- Control Flow Integrity: A hardware-based technique to prevent memory corruption exploitations.
- GRASSMARLIN: It provides IP network situational awareness of ICS and SCADA networks to support network security.
- Open Attestation: A project to remotely retrieve and verify system integrity using Trusted Platform Module (TPM).
- RedhawkSDR: It is a software-defined radio (SDR) framework that provides tools to develop, deploy, and manage software radio applications in real-time.
- OZONE Widget Framework (OWF): It is basically a web application, which runs in your browser, allows users to create lightweight widgets and easily access all their online tools from one location.
The NSA Technology Transfer Program (TTP) works with agency innovators who wish to use this collaborative model for transferring their technology to the commercial marketplace. OSS invites the cooperative development of technology, encouraging broad use and adoption. The public benefits by adopting, enhancing, adapting, or commercializing the software. The government benefits from the open source community's enhancements to the technology. -NSA statementNeed to catch up on what's been happening with Wikileaks and the NSA? Read here for the previous UNM4SK3D newsletters which discuss the details.