The US National Security Agency headquarters
The US National Security Agency headquarters

Just over a year ago (June, 2013) a number of publications began posting disclosures from former NSA security contractor Edward Snowden about the American electronic spy agency’s reach into the Internet.

Ever since then more disclosures based on his knowledge and documents have regularly made headlines, mostly from reporter Glenn Greenwald. This month Greenwald stunned the IT community with an excerpt from his book that alleged the Chinese government isn’t the only one that uses networking equipment made by local manufacturers to facilitate spying around the world: So does the NSA.

“A June 2010 report from the head of the NSA’s Access and Target Development department is shockingly explicit,” says the book. “The NSA routinely receives – or intercepts – routers, servers and other computer network devices being exported from the US before they are delivered to the international customers.”

The same day the IT Web site Ars Technica posted a photo that allegedly depicted taking a piece of Cisco Systems equipment apart so a beacon could be installed before delivery to a customer.

A Cisco executive immediately blogged that his company  “does not work with any government, including the United States Government, to weaken our products.”

For its part the NSA said it uses its technical capabilities only to support “lawful and appropriate foreign intelligence operations, all of which must be carried out in strict accordance with its authorities.”

Speaking of Snowden, we carried a story of an NBC interview with him insisting he did the right thing.

Still on security, we carried a news report from a regulators conference in Halifax where attendees were told Canadian utilities need to devote more resources to securing their infrastructure.

Robert Gordon, a special adviser to Public Safety Canada on cyber threats, was quoted as saying many companies still don’t have adequate safeguards, and often don’t know their systems have been compromised.

The fallout from the Heartbleed vulnerability continued, with a Montreal firm estimating that a month after the bug was discovered tens of thousands of servers were likely still unpatched. Meanwhile poorly resourced crucial open source projects — such as the one behind OpenSSL — were about to get industry funding. The Linux Foundation announced a the Core Infrastructure Initiative to fund fellowships for developers to work full time on open source projects, security audits, computing and test infrastructure.

OpenSSL admitted it didn’t have enough people to carefully scrutinize the faulty Heartbleed code before it was released in 2012.

Also this month, a huge cyber attack compromised 145 million eBay accounts, including email addresses, encrypted passwords, birth dates, mailing addresses and other data; in case you didn’t know the average cost of a data breach is about US$3.5 million; Hewlett-Packard announced up to 16,000 more layoffs, IBM CEO Virginia Rometty gave a lengthy interview to the New York Times in which she insisted things at Big Blue were getting better; and Vancouver was chosen as the site of Microsoft Canada’s centre of excellence.

Looking ahead for speed? The CANARIE research network said it was part of a group that achieved almost 100 Gbps in a demonstration network to Switzerland.

Finally, it isn’t easy to put the words Vatican and technology in the same sentence, but Paolo del Nibletto, editor of our sister publication Computer Dealer News found how to do it at an EMC conference. His story on how the Vatican Library is trying to digitize its collection is, well, a revelation.