Americans asked to leave Libya

The US has been watching the growing unrest in Libya and has been moving forces into there are for a the last few days including a crisis response team and just recently the USS Bataan. From Fox News:

The USS Bataan, with about 1,000 Marines aboard, has sailed into the Mediterranean Sea to assist in evacuating Americans if deadly fighting in Libya worsens, U.S. military officials said Tuesday.

Officials said the Navy amphibious assault ship sailed from the Arabian Sea and was already scheduled to go to the Mediterranean to participate in a multi-county military exercise in the region. However, they made clear the ship has received no formal orders to conduct new missions.

Also on Tuesday, the State Department called for all U.S. citizens to immediately leave Libya, saying the security situation in the country “remains unpredictable and unstable.”

via Navy ship with 1,000 Marines arrives off Libya to help Americans if unrest escalates | Fox News.

It looks like right now the Libyan PM has been attacked and another attempt at a Coup is taking place.


Potential security pitfalls of poorly managed software projects

“Our group removed half of the OpenSSL source tree in a week. It was discarded leftovers,” de Raadt told Ars in an e-mail. “The Open Source model depends [on] people being able to read the code. It depends on clarity. That is not a clear code base, because their community does not appear to care about clarity. Obviously, when such cruft builds up, there is a cultural gap. I did not make this decision… in our larger development group, it made itself.”

via OpenSSL code beyond repair, claims creator of “LibreSSL” fork | Ars Technica.

This quote sums up one of the major issues with Open Source projects in general but in specific Open Source software security depends on people making constant reviews and analysis of code. If the code becomes so complex or so unreadable that people just use the code without bothering to understand it becomes much more likely security issues will appear. Furthermore these sorts of projects lend them self to malicious injection of suspect code by people who really understand the project, its potential issues, and the culture behind it. For security folks its worth considering that just because a project is Open Source it does not mean that its truly transparent. Obfuscation and opaqueness can arise from lack of leadership, poor management, and a culture of laziness.    

Controlling the media through killing and kidnapping journalists

The widespread abductions of journalists is unprecedented, and has been largely unreported by news organizations in the hope that keeping the kidnappings out of public view may help to negotiate the captives’ release. Jihadi groups are believed to be behind most kidnappings in Syria since 2013.

At least two of the French journalists were taken after being interrogated by extremist fighters of the Islamic State in Iraq and the Levant in the eastern province of Raqqa, said a Syrian activist who said he accompanied the journalists as translator and guide.

via 4 French Journalists Held Hostage in Syria Freed |

This is interesting how few stories go into detail about the killing and kidnapping of journalists. Sure there are occasional stories and reports but very little in depth reporting. Perhaps this is because the Media is concerned for its journalists lives but this in itself puts its reporters at greater risk. If various actors such as terrorist organizations, state actors, and the like believe they can control or limit the media by kidnapping reporters they will continue. If the Media continues to distort is reporting to protect its assets it reinforces the bad actors motives. A very difficult conundrum and perhaps another reason why so many Media organizations are increasingly loathe to send their reporters and journalists into conflict regions. 


Verizon Balks at Obama Plan to Limit NSA Phone-Data Use – Bloomberg

“If Verizon receives a valid request for business records, we will respond in a timely way, but companies should not be required to create, analyze or retain records for reasons other than business purposes,” he said. Verizon said it supports ending the NSA’s bulk data-collection program.

via Verizon Balks at Obama Plan to Limit NSA Phone-Data Use – Bloomberg.


The Belarusian Connection | Washington Free Beacon

While there needs to be more analysis this seems disturbing:

U.S. intelligence agencies last week urged the Obama administration to check its new healthcare network for malicious software after learning that developers linked to the Belarus government helped produce the website, raising fresh concerns that private data posted by millions of Americans will be compromised.

via The Belarusian Connection | Washington Free Beacon.

It is somewhat hard to fathom how such a large Government IT project could be outsourced to foreign developers. Generally this is not allowed but perhaps this part of the article gives some clues:

The company involved in the software was identified as EPAM, a Belarusian firm with U.S. offices and international clients that conducts programming work in Belarus. Spokesmen for the company did not respond to email or telephone inquiries about the company’s role in developing the Obamacare software.


So perhaps EPAM was a subcontractor for the ACA contract and leveraged or used developers in their home country of Belarus which would certainly allow for the Belarusian state security services to influence EPAMs work. It is not unheard of for large government contracts to have subcontractors wittingly or unwittingly violate rules about all work being done by US citizens in the US. Often these violations do happen without the Prime contractor even knowing due to the often incredible complexity and shear number of subcontractors involved in large Government projects. Regardless these sorts of reports further damage the public already shaky faith in the security of