SECURITY and privacy require freedom and control (by the user) from bottom to top, starting from the bootloader (NSA backdoors in bootloaders are now rumoured [1]). A British blogger in ZDNet, one whom UEFI Forum tried to silence or appease less than a couple of years back (as they did with other UEFI critics), continues to criticise UEFI, the Microsoft (notoriously strong NSA ally) promoted and Intel (as in intelligence) managed back doors-friendly BIOS replacement (UEFI facilitates remote bricking of computers, over the Internet).
Recent revelations about NSA hardware and firmware backdoors gives all the evidence that those who believe BadBIOS Trojans exist need to see. The spying technology has arrived. The only question is if the BadBIOS incident truly happened.
Brendan Eich is the chief technology officer of the Mozilla Foundation, the non-profit behind the Firefox web browser. Among many other things, he oversees the Firefox security team — the software engineers who work to steel the browser against online attacks from hackers, phishers, and other miscreants — and that team is about to get bigger. Much, much bigger.
Andreas Gal, Mozilla's vice president of mobile and R&D, and Brendan Eich, CTO and SVP of Engineering, have updated Gal's blog with a long entry about how Firefox users can trust Mozilla when it comes to government backdoors and user privacy.
In the blog, they point out that due to laws in the U.S. and elsewhere, Web surfers must interact with Internet services knowing full well that even though cloud service companies want to protect user privacy, eventually one day those companies will be required to comply with laws. The government may acquire information that seems to violate privacy and could even force surveillance. Even more, the government can do so while enforcing gag orders on the service, leaving the consumer unaware.
Mozilla CTO Brendan Eich has cautioned netizens not to blindly trust software vendors, arguing that only open-source software can be assured to be free from government-mandated surveillance code.
"Every major browser today is distributed by an organization within reach of surveillance laws," Eich wrote in a joint blog post with Mozilla research and development VP Andreas Gal on Saturday.
Under those laws, Eich argued, governments could compel software companies to include surveillance code in their products. Worse, the vendors may not be able to admit to the public that such code exists when asked, because of gag orders.
The Mozilla man argued that open-source software can help alleviate this risk because customers have the opportunity to review its source code and spot any potential backdoors.
It seems that the very tools we use to secure our networks represent the greatest insider threat of all
Back in the days before the release of Windows 95, just as the public was discovering the Internet as an alternative to private networks such as Prodigy and CompuServe, Netscape was the bomb. In those days, Microsoft didn’t supply any method for surfing the Internet, so people visited their local Egghead store, or other software outlets, to buy a shrink wrapped version of Netscape on floppy disks, which opened up a whole new world to computer users.
ASM.js is the subset of JavaScript that is aimed for performance, easy to optimize, and is suitable for EmScripten to target in its converting of C/C++ code through LLVM and into this optimized JavaScript. EmScripten itself has been an incredibly interesting project.
Google Chrome 32 features new tab indicators for sound / webcam / casting, automatic blocking of known malware files, a number of new apps and extension APIs, and numerous "under the hood" changes that promise to provide better stability and performance.