Slashdot Mirror

Or ask The Bruce: https://www.schneier.com/blog/...

... but that's not the same thing as Big Brother watching every conversation.

No problem. They just store all traffic in a huge database and crack it at their leisure later-- if they even need to.

They may not have to if they have master fingerprints.

What a stupid strawman argument. As if looking to others' experiences somehow implies that anyone is suggesting copying because they're former colonial powers.

There are, and rightly so, huge concerns with any election that doesn't have verifiable paper ballots or receipts. That's reality the world over and has zilch to do with colonialism. It affects Italy as it does India and the American countries as it does those in Africa.

Bruce Schneier isn't a colonialism (at least not that I'm aware of), rather he's one of the most highly regarded experts on computer security. The points he raised in 2004 are every bit as valid today. Or, as he said elsewhere, "a secure Internet voting system is theoretically possible, but it would be the first secure networked application ever created in the history of computers."

What a stupid strawman argument. As if looking to others' experiences somehow implies that anyone is suggesting copying because they're former colonial powers.

There are, and rightly so, huge concerns with any election that doesn't have verifiable paper ballots or receipts. That's reality the world over and has zilch to do with colonialism. It affects Italy as it does India and the American countries as it does those in Africa.

Bruce Schneier isn't a colonialism (at least not that I'm aware of), rather he's one of the most highly regarded experts on computer security. The points he raised in 2004 are every bit as valid today. Or, as he said elsewhere, "a secure Internet voting system is theoretically possible, but it would be the first secure networked application ever created in the history of computers."

There is not, and has never been, any evidence, large or small, connecting Donald Trump to Russia, or linking Russia to the DNC hacking. At all. Ever. In any capacity.

Never, ever get on the wrong side of the argument with Bruce Schneier. At all. Ever. In any capacity.

Is there a proof-of-concept or anything for this vuln? I can't find anything.....I did find this, which clearly shows that HTTPS is vulnerable to hostile governments, but that's not the exploit you're talking about.

No sock puppets needed, most everyone hates you.
Your constant incessant spamming makes you sound like this retard going after Bruce Schneier.
The word soup that streams out of you is mostly incomprehensible, seriously learn how to fucking write and develop a cogent thought.
I guess that is what happens when all you have is full retard mode

Whatsapp is proven insecure and it is also not identical to whisper but in fact a derivative... Do not use it for secure messaging, only signal remains confidently secure end to end https://www.schneier.com/blog/...

Whatsapp is proven insecure and it is also not identical to whisper but in fact a derivative... Do not use it for secure messaging, only signal remains confidently secure end to end https://www.schneier.com/blog/...

they attack us in hopes that we will make more restrictive laws

Well, not exactly. Getting crypto banned isn't the end-game of Islamic terrorism, but yes, it is more about the response than the body-count.

Schneier wrote an excellent piece on this topic: "What the Terrorists Want".

If anyone ever comes up with an easy way to break this, then everyone's going to be in for a round of password changes and free credit monitoring.

You mean like the Ashley Madison hack, where the hackers found a weakness in the implementation of bcrypt, and were able to compute user passwords in "Hollywood time"?

The bottom line there is that, like encryption, non-experts shouldn't develop their own implementations of a password hash. (Similar to "non-experts shouldn't implement encryption").

With a good implementation of a state-of-the-art password hash (such as Argon2), breaking a password hash isn't feasible.

Passwords, however, are so last century.

Anything that takes security seriously has a 2nd factor, of which there are a couple of excellent open standards, including OATH and FIDO U2F -- the latter of which involves cryptographic hardware and an encryption key which can't be recovered from the device (unless, maybe, you're the NSA).

With FIDO U2F, even if the password is in plain text, an attacker downloading the password database will be unable to authenticate without the U2F device (and its encryption key).

From Bruce Schneier today:
https://www.schneier.com/crypt...

There are two basic ways hackers can get at your e-mail and private documents. One way is to guess your password. That's how hackers got their hands on personal photos of celebrities from iCloud in 2014.

How to protect yourself from this attack is pretty obvious. First, don't choose a guessable password. This is more than not using "password1" or "qwerty"; most easily memorizable passwords are guessable. My advice is to generate passwords you have to remember by using either the [Diceware password] scheme or the Schneier scheme, and to use large random passwords stored in a password manager for everything else.

Second, turn on two-factor authentication where you can, like Google's 2-Step Verification. This adds another step besides just entering a password, such as having to type in a one-time code that's sent to your mobile phone. And third, don't reuse the same password on any sites you actually care about.

You're not done, though. Hackers have accessed accounts by exploiting the "secret question" feature and resetting the password. That was how Sarah Palin's e-mail account was hacked in 2008. The problem with secret questions is that they're not very secret and not very random. My advice is to refuse to use those features. Type randomness into your keyboard, or choose a really random answer and store it in your password manager.

Just to update the discussion, on March 15, Bruce Schneier's newsletter contained a mention of the same advice described above:

"First, don't choose a guessable password. This is more than not using 'password1' or 'qwerty'; most easily memorizable passwords are guessable. My advice is to generate passwords you have to remember by using either the XKCD scheme[*] or the Schneier scheme, and to use large random passwords stored in a password manager for everything else."
https://www.schneier.com/crypt...

* Note: The "XKCD scheme" is more of a vague concept than a true system and could be done in a way that results in a not-very-secure password. A more rigorous system based on the "XKCD scheme" is described by Diceware passwords: http://world.std.com/~reinhold...

Really, security is playing the odds anyway. You want to stack the deck in your favor where you can

While this is true stacking the deck in your favor actually means requiring access to the mass energy of a star (find the phrase orgy of computation here for an explanation) to have a 0.000001% chance of cracking it on average.

That's because that very old advice is obsolete. The XKCD password scheme considered dangerous by security experts..

Thank you for the Schneier post. That was a very interesting read. I included the XKCD comic to explain the critique of pseudo-random password templates, and I noted that Schneier linked to an article that explained very eloquently the point I was trying to make about using the weakness of using elaborate "templates" to generate random seeming passwords:

"This means that there are two ways to make a secure password: use a template the password crackers don’t know about (or don’t bother to try, because so few people use it for their passwords), or use any old template and feed it with enough random bits. The former strategy relies on outwitting smart people who spend much of their time coming up with better ways to crack passwords; the latter just takes more coin flips. It’s security by obscurity vs. real security."

Then, Schneier recommended the use of his own tool PasswordSafe to generate random passwords, as did I. So far, we are on the same page. =)

Finally though there is the question of how to generate a good, secure master password for your password manager. Note that I did not include XKCD in order to recommend their passphrase generation method! (This is the method that Schneier criticized.) Instead, I included a link to an article about Diceware passwords. Diceware uses the philosophy just described in the snippet about whereby even if the attacker knows you used it, there is still too much guaranteed entropy for them to successfully attack it.

For metrics on the *lower bound entropy* (thanks, Schneier) of Diceware, here is a link:
http://world.std.com/~reinhold...

"A five-word Diceware passphrase has an entropy of at least 64.6 bits; six words have 77.5 bits, seven words 90.4 bits, eight words 103 bits. (Four words only provide 51.6 bits, about the same as an 8 character password made up of random ASCII characters. Both are breakable in less than a day with two dozen graphics processors.) Inserting one extra letter at random adds about 10 bits of entropy. Here is a rough idea of how much protection various lengths provide, based on updated estimates by A.K. Lenstra (See www.kelength.com). Needless to say, projections for the far future have the most uncertainty.

        Five words are breakable with a thousand or so PCs equipped with high-end graphics processors. (Criminal gangs with botnets of infected PCs can marshal such resources.)

        Six words may be breakable by an organization with a very large budget, such as a large country's security agency.

        Seven words and longer are unbreakable with any known technology, but may be within the range of large organizations by around 2030.

        Eight words should be completely secure through 2050."

That's because that very old advice is obsolete. The XKCD password scheme considered dangerous by security experts..

Obligatory Schneier on Ephemeral Apps.

Other countries already do this and have for years.
https://www.schneier.com/blog/...

Well, sorta - visit Israel. They want you to login to your FB, twitter, gmail accounts on their computer. Refuse? Get held for a day and shipped home.

I don't know my accounts or logins for those systems. Don't use them much. If I wasn't a US citizen, I'd just make a few fake accounts - which would quickly be seen as fake accounts for travel purposes and I'd be shipped home.

I feel like you have a reasonable assessment of the security problems the country faces, but I think you underestimate the resources required to exploit them. It's probably takes more than five malware assisted spies to take down the infrastructure (say, the power grid). It takes a lot of training, expertise, and if you want to target SCADA systems, a lot of expensive equipment, and if you want to attack hardware that is properly air-gapped, then even more effort and a bit of luck, too. It's not a cheap operation to take down a big system (which is why no hacker has done it yet for the lulz although maybe they are trying?)

Schneier mentions this vulnerability as a real threat on his blog. https://www.schneier.com/blog/... Did he actually endorse anything that says it isn't? (The link on the main page of slashdot.org claims he did.)

How serious this is depends on your threat model. If you are worried about the US government -- or any other government that can pressure Facebook -- snooping on your messages, then this is a small vulnerability. If not, then it's nothing to worry about.

You trust strangers every time you hand someone your credit card or read the # over the phone. You trust your bank with the history of all your credit purchases. You trust other strangers when you hand over your car keys to the garage or a valet. You trust them when you give them your house keys so they can inspect something while you're at work. You trust, not just one doctor or one nurse, but an entire health care organization with your medical history and details when you go into a hospital to get a checkup or sick care.

We also trust that they are not conducting searches in violation of the 4th amendment as an agent of the government or worse.

Stop introspecting the device within the browser framework

That's my preference, too.

It's interesting to look at the history of this API, particularly early documents for the "System Information API" drafts that the Devices and Sensors WG produced, such as this one, and the discussions on the mailing list leading up to it.

The justification seems to have been, gee, why can't web apps do everything native apps can? Who cares whether there's a use case?

Of course this was in keeping with the historical moment. This stuff originated in 2009 (yes, seven years is a typical invent-implement-despair-deprecate cycle for web standards), when lots of people were cheering on "rich Internet applications" (gah) and there wasn't much research into browser side channel exposure. The earliest reference I found to side-channel attacks on browsers (specifically) was a 2010 Schneier post about a paper by Chen et al.. (Schneier mentions in passing extant research on side-channel attacks on SSL, but it's not clear what he's referring to - whether it's channels exposed by the browser as such or SSL implementation errors like the 2003 Boneh & Brumley timing attacks.) So it might be claimed that browser side channel vulnerabilities weren't widely recognized in the industry before 2010 or so, and so might reasonably not have been on the WG's radar.

However, we still have the basic objection you voiced: many users don't want web apps to have native-app access to the machine. Period.

Microsoft fucked up Solitare. Let's watch them do it to Paint. let's see:

1. Now shows Ads. http://www.pcworld.com/article...
2. Now only basic features unless you pay Microsoft for premium version http://www.newsweek.com/solita....
3. DLC!
4. "Telemetry" (sounds so much nicer than "spyware") sends whatever fils you open and whatever you paint to Microsoft "so we can improve our product."
5. Includes Windows 10 TOS: "We will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary." https://www.schneier.com/blog/... https://www.eff.org/deeplinks/...

Yeah, and EMV actually has inadequate protection against cloning, because it has inadequate standards for the use of the chip [arxiv.org], and “some EMV implementers have merely used counters, timestamps or home-grown algorithms to supply” the nonce for the transaction. That does require a compromised reader, but you don’t have to compromise the reader itself, only its communications channel. This can often be done from outside a building.

And if you don’t trust your logistics chain - PS, you shouldn’t - you might crack open a terminal and find a burner cellphone inside that’s MitMing every single credit card transaction.

It’s not a new thing, Schneier wrote this in 2010.

With an electronic sticker, you can intercept the command from the EMV card saying the PIN is wrong, and re-write the acceptance command. Alas, the PIN confirmation isn’t encrypted.

Another good walkthrough of what’s become known as a “wedge attack”.

It depends on the domestic, gov and legal media spin needed.
Blame one or two distant nations seems to play well to the domestic press.
Nations that can get in, stay in, move data but are so easy to detect just after an event...
The insider threat just seems to be in the too hard basket for most to even think to ask about.
Recall some of the past news events surrounding security and later findings.
New Research Blames Insiders, Not North Korea, for Sony Hack (Dec. 30, 2014)
http://time.com/3649394/sony-h...
More Data on Attributing the Sony Attack
https://www.schneier.com/blog/...
For an outsider to get in, stay in, have free movement inside a network, get out with some amount of usable data? Not been detected?
Or a walk out?

If they are allowed to frame the issue as privacy versus security, then we have a hard, uphill battle to fight, unfortunately. The stronger argument to be made, from the perspective of convincing the government to not do something /utterly insane/ goes, is that this is a case of security versus security.

https://www.eff.org/deeplinks/...
https://www.schneier.com/blog/...

Do you trust Bruce Schneier with regard to information security concerns?

• Password Safe
• More Info on Password Safe
• Debian backports Password Safe beta package

Some folks have put together ports for OS X as well. It's all open source; feel free to read the code for yourself and discuss it with others. Optimally, contribute to public discussion of this and other cryptographic tools so they can be more widely popularized and scrutinized. Hope this helps. -PCP

I love Randall Munroe as much as the next guy, but that comic is no longer correct. Please don't take it seriously

A more mature/adult discussion of this issue can be found at Schneier on Security.

My understanding is that due to problems with key schedules 256bit AES is less secure than 128bit. Ref.

65535 @ December 21, 2013 4:38 AM

https://www.schneier.com/blog/...

@ Jackson

Your concern about the Cryptome report does raise serious questions. When carefully read the Cryptome report touches on the subject of finger printing TOR users via a BT backdoor.

The Crytome report also speculates that major CA's instantly transmits copies of clients SSL/TLS Certificates to the NSA and possibly GCHQ when purchased. This is quite troubling.

I will note that CSO acknowledges that:

'On the issue of the USDOD IP address referenced by the paper's authors, that block of addresses has been used by many firms over the years. It's a valuable piece of IPv4 real-estate that is often enabled internally by an ISP after they've gotten permission from the Defense Information Systems Agency (the part of the USDOD that manages networks and infrastructure).

Just last year, Sprint was using IPs internally from that block for their mobile network. So the fact that BT would be using it too isn't a shock to network engineers who have seen the paper.

'In short, one security expert told CSO, the usage of 30.x.x.x /8 doesn't really imply NSA monitoring at all. In fact, he added, "If you want a non-routable IP that won't break when using it, [the] DOD is your best choice."'

http://www.csoonline.com/artic...

But the Cryptome report goes much farther. It indicates that a simple ping test can detect the backdoor. Next you can telnet into the modem and see the actual configuration and un-hack the device (assuming altering the firmware doesn't violate BT TOS agreement - causing your service to terminated).

http://cryptome.org/2013/12/Fu...

[Cryptome pdf page 39]

"Easy Confirmation

"Step 1.

"Remove Power from the modem and disconnect the telephone line.

"Step 2.

"On your PC (assumed Linux) add an IP address 192.168.1.100 i.e:

#
ifconfig eth0:1 192.168.1.100 up

"Step 3.

"Start to ping 192.168.1.1 from your PC i.e:
#
"ping 192.168.1.1

"Step 4.

"Connect a network cable to LAN1

"Step 5.

"Plug-in the power cable to the modem and wait for about 30 seconds

"for the device to boot, you will then notice:

"64 bytes from 192.168.1.1: icmp_seq=115 ttl=64 time=0.923 ms
"64 bytes from 192.168.1.1: icmp_seq=116 ttl=64 time=0.492 ms
"64 bytes from 192.168.1.1: icmp_seq=117 ttl=64 time=0.514 ms

"You may notice up to ten responses, then it will stop.

"What is happening is the internal Linux kernel boots [inside of the modem], the start up scripts then configure the internal and virtual interfaces and then turn on the hidden firewall at which point the pings stop responding.

"In other words, there is a short window (3-10 seconds) between when the kernel boots and the hidden firewall kicks in.

"You will not be able to detect any other signs of the hidden network without actually logging into the modem, which is explained in the next section."

The second step is telneting into the BT modem/router is show on page 40 to 44. The "un-hack" is on page 45 forward.

Other notable Cryptome pages include:

"All SSL Certificates Compromised in Real-Time" page 22

"Theft of private keys" page 24

"Tor User/Content Discovery" page 26

@ ron41, see TOR discovery from the Cryptome link. There is a fingerprinting method to determine TOR users.

"Covert International Traffic Routing" page 27

"Secure your end-points" page 30

"I'm an American, does this apply to me" page 35

@ *others who care, the paper indicates that NSA is using the very same technique and can discover TOR users (if this is true it is troubling).

65535 @ December 21, 2013 4:38 AM

https://www.schneier.com/blog/...

@ Jackson

Your concern about the Cryptome report does raise serious questions. When carefully read the Cryptome report touches on the subject of finger printing TOR users via a BT backdoor.

The Crytome report also speculates that major CA's instantly transmits copies of clients SSL/TLS Certificates to the NSA and possibly GCHQ when purchased. This is quite troubling.

I will note that CSO acknowledges that:

'On the issue of the USDOD IP address referenced by the paper's authors, that block of addresses has been used by many firms over the years. It's a valuable piece of IPv4 real-estate that is often enabled internally by an ISP after they've gotten permission from the Defense Information Systems Agency (the part of the USDOD that manages networks and infrastructure).

Just last year, Sprint was using IPs internally from that block for their mobile network. So the fact that BT would be using it too isn't a shock to network engineers who have seen the paper.

'In short, one security expert told CSO, the usage of 30.x.x.x /8 doesn't really imply NSA monitoring at all. In fact, he added, "If you want a non-routable IP that won't break when using it, [the] DOD is your best choice."'

http://www.csoonline.com/artic...

But the Cryptome report goes much farther. It indicates that a simple ping test can detect the backdoor. Next you can telnet into the modem and see the actual configuration and un-hack the device (assuming altering the firmware doesn't violate BT TOS agreement - causing your service to terminated).

http://cryptome.org/2013/12/Fu...

[Cryptome pdf page 39]

"Easy Confirmation

"Step 1.

"Remove Power from the modem and disconnect the telephone line.

"Step 2.

"On your PC (assumed Linux) add an IP address 192.168.1.100 i.e:

#
ifconfig eth0:1 192.168.1.100 up

"Step 3.

"Start to ping 192.168.1.1 from your PC i.e:
#
"ping 192.168.1.1

"Step 4.

"Connect a network cable to LAN1

"Step 5.

"Plug-in the power cable to the modem and wait for about 30 seconds

"for the device to boot, you will then notice:

"64 bytes from 192.168.1.1: icmp_seq=115 ttl=64 time=0.923 ms
"64 bytes from 192.168.1.1: icmp_seq=116 ttl=64 time=0.492 ms
"64 bytes from 192.168.1.1: icmp_seq=117 ttl=64 time=0.514 ms

"You may notice up to ten responses, then it will stop.

"What is happening is the internal Linux kernel boots [inside of the modem], the start up scripts then configure the internal and virtual interfaces and then turn on the hidden firewall at which point the pings stop responding.

"In other words, there is a short window (3-10 seconds) between when the kernel boots and the hidden firewall kicks in.

"You will not be able to detect any other signs of the hidden network without actually logging into the modem, which is explained in the next section."

The second step is telneting into the BT modem/router is show on page 40 to 44. The "un-hack" is on page 45 forward.

Other notable Cryptome pages include:

"All SSL Certificates Compromised in Real-Time" page 22

"Theft of private keys" page 24

"Tor User/Content Discovery" page 26

@ ron41, see TOR discovery from the Cryptome link. There is a fingerprinting method to determine TOR users.

"Covert International Traffic Routing" page 27

"Secure your end-points" page 30

"I'm an American, does this apply to me" page 35

@ *others who care, the paper indicates that NSA is using the very same technique and can discover TOR users (if this is true it is troubling).

65535 â December 21, 2013 4:38 AM

https://www.schneier.com/blog/...

@ Jackson

Your concern about the Cryptome report does raise serious questions. When carefully read the Cryptome report touches on the subject of finger printing TOR users via a BT backdoor.

The Crytome report also speculates that major CA's instantly transmits copies of clients SSL/TLS Certificates to the NSA and possibly GCHQ when purchased. This is quite troubling.

I will note that CSO acknowledges that:

'On the issue of the USDOD IP address referenced by the paper's authors, that block of addresses has been used by many firms over the years. It's a valuable piece of IPv4 real-estate that is often enabled internally by an ISP after they've gotten permission from the Defense Information Systems Agency (the part of the USDOD that manages networks and infrastructure).

Just last year, Sprint was using IPs internally from that block for their mobile network. So the fact that BT would be using it too isn't a shock to network engineers who have seen the paper.

'In short, one security expert told CSO, the usage of 30.x.x.x /8 doesn't really imply NSA monitoring at all. In fact, he added, "If you want a non-routable IP that won't break when using it, [the] DOD is your best choice."'

http://www.csoonline.com/artic...

But the Cryptome report goes much farther. It indicates that a simple ping test can detect the backdoor. Next you can telnet into the modem and see the actual configuration and un-hack the device (assuming altering the firmware doesn't violate BT TOS agreement - causing your service to terminated).

http://cryptome.org/2013/12/Fu...

[Cryptome pdf page 39]

"Easy Confirmation

"Step 1.

"Remove Power from the modem and disconnect the telephone line.

"Step 2.

"On your PC (assumed Linux) add an IP address 192.168.1.100 i.e:

#
ifconfig eth0:1 192.168.1.100 up

"Step 3.

"Start to ping 192.168.1.1 from your PC i.e:
#
"ping 192.168.1.1

"Step 4.

"Connect a network cable to LAN1

"Step 5.

"Plug-in the power cable to the modem and wait for about 30 seconds

"for the device to boot, you will then notice:

"64 bytes from 192.168.1.1: icmp_seq=115 ttl=64 time=0.923 ms
"64 bytes from 192.168.1.1: icmp_seq=116 ttl=64 time=0.492 ms
"64 bytes from 192.168.1.1: icmp_seq=117 ttl=64 time=0.514 ms

"You may notice up to ten responses, then it will stop.

"What is happening is the internal Linux kernel boots [inside of the modem], the start up scripts then configure the internal and virtual interfaces and then turn on the hidden firewall at which point the pings stop responding.

"In other words, there is a short window (3-10 seconds) between when the kernel boots and the hidden firewall kicks in.

"You will not be able to detect any other signs of the hidden network without actually logging into the modem, which is explained in the next section."

The second step is telneting into the BT modem/router is show on page 40 to 44. The "un-hack" is on page 45 forward.

Other notable Cryptome pages include:

"All SSL Certificates Compromised in Real-Time" page 22

"Theft of private keys" page 24

"Tor User/Content Discovery" page 26

@ ron41, see TOR discovery from the Cryptome link. There is a fingerprinting method to determine TOR users.

"Covert International Traffic Routing" page 27

"Secure your end-points" page 30

"I'm an American, does this apply to me" page 35

@ *others who care, the paper indicates that NSA is using the very same technique and can discover TOR users (if this is true it is troubling).

65535 â December 21, 2013 4:38 AM

https://www.schneier.com/blog/...

@ Jackson

Your concern about the Cryptome report does raise serious questions. When carefully read the Cryptome report touches on the subject of finger printing TOR users via a BT backdoor.

The Crytome report also speculates that major CA's instantly transmits copies of clients SSL/TLS Certificates to the NSA and possibly GCHQ when purchased. This is quite troubling.

I will note that CSO acknowledges that:

'On the issue of the USDOD IP address referenced by the paper's authors, that block of addresses has been used by many firms over the years. It's a valuable piece of IPv4 real-estate that is often enabled internally by an ISP after they've gotten permission from the Defense Information Systems Agency (the part of the USDOD that manages networks and infrastructure).
Just last year, Sprint was using IPs internally from that block for their mobile network. So the fact that BT would be using it too isn't a shock to network engineers who have seen the paper.

'In short, one security expert told CSO, the usage of 30.x.x.x /8 doesn't really imply NSA monitoring at all. In fact, he added, "If you want a non-routable IP that won't break when using it, [the] DOD is your best choice."'

http://www.csoonline.com/artic...

But the Cryptome report goes much farther. It indicates that a simple ping test can detect the backdoor. Next you can telnet into the modem and see the actual configuration and un-hack the device (assuming altering the firmware doesn't violate BT TOS agreement - causing your service to terminated).

http://cryptome.org/2013/12/Fu...

[Cryptome pdf page 39]

"Easy Confirmation

"Step 1.

"Remove Power from the modem and disconnect the telephone line.

"Step 2.

"On your PC (assumed Linux) add an IP address 192.168.1.100 i.e:

#
ifconfig eth0:1 192.168.1.100 up

"Step 3.

"Start to ping 192.168.1.1 from your PC i.e:
#
"ping 192.168.1.1

"Step 4.

"Connect a network cable to LAN1

"Step 5.

"Plug-in the power cable to the modem and wait for about 30 seconds

"for the device to boot, you will then notice:

"64 bytes from 192.168.1.1: icmp_seq=115 ttl=64 time=0.923 ms
"64 bytes from 192.168.1.1: icmp_seq=116 ttl=64 time=0.492 ms
"64 bytes from 192.168.1.1: icmp_seq=117 ttl=64 time=0.514 ms

"You may notice up to ten responses, then it will stop.

"What is happening is the internal Linux kernel boots [inside of the modem], the start up scripts then configure the internal and virtual interfaces and then turn on the hidden firewall at which point the pings stop responding.

"In other words, there is a short window (3-10 seconds) between when the kernel boots and the hidden firewall kicks in.

"You will not be able to detect any other signs of the hidden network without actually logging into the modem, which is explained in the next section."

The second step is telneting into the BT modem/router is show on page 40 to 44. The "un-hack" is on page 45 forward.

Other notable Cryptome pages include:

"All SSL Certificates Compromised in Real-Time" page 22

"Theft of private keys" page 24

"Tor User/Content Discovery" page 26

@ ron41, see TOR discovery from the Cryptome link. There is a fingerprinting method to determine TOR users.

"Covert International Traffic Routing" page 27

"Secure your end-points" page 30

"I'm an American, does this apply to me" page 35

@ *others who care, the paper indicates that NSA is using the very same technique and can discover TOR users (if this is true it is troubling).

I believe he joined the board to help guide Tor towards becoming a more secure project. If you read his blog you'll find he's documented serious deficiencies in Tor that allow three letter agencies to exploit it.

I believe he joined the board to help guide Tor towards becoming a more secure project. If you read his blog you'll find he's documented serious deficiencies in Tor that allow three letter agencies to exploit it.

Actually, closed source software is better. If there's a vulnerability in open source software, anyone can look a the source code, find the security holes, and then exploit them. Closed source software is definitely far more secure.

... in other words, security by obscurity. That's not a discredited practice or anything.

Antivirus software that detects apps known to be harmful is a form of blacklisting. But as a general rule, blacklisting is considered less secure than whitelisting. An antivirus using whitelisting, such as PC Matic, allows only known good apps to run.

The obvious problem with this approach is who defines the set of known good programs. In a corporate environment, an IT department has the resources to review the programs on which employees rely. But a home PC owner who isn't quite a PC expert may not feel qualified to do this, instead delegating review to a trusted party. This has led to cases of rent-seeking, where a gatekeeper demands payment from each developer to review each app.

Bruce Schneier explains further

as someone who works in the entertainment industry, i have to say this is more about keeping the populace paranoid than preventing terrorism.

most of the audio they are liable to pick up will be garbage. directional mikes can only pick up so much legible speech before being overrun by ambient noise.

https://www.schneier.com/blog/...

Here, have some security reading:
https://www.schneier.com/blog/...
I couldn't find the more detailed essay I was looking for, but you can use that one as a starting point.

PS: 'Invoking' probably would have been a better word choice than 'incurring'.

Or just leave. They can't try to stop you because it would be considered assault.

Some lawmakers are trying to change that. https://www.schneier.com/blog/...

I don't understand why anyone would install an FB mobile app in the first place, their web site works fine on a phone.

For now. It's not hard to imagine FB refusing to serve the page and pushing users to download the app.

FB Messenger? That's just teenage stupidity; every phone that will run FB Messenger already has texting.

Not everyone wants to give out their mobile number to people they want to communicate with. That said, they're arguably losing more privacy by communicating through Facebook, but Facebook is a known quantity (or at least users believe it is), where Mike from "that party last week" may be somewhat of an unknown.

Honestly, we shouldn't be in this situation at all. We've had 20+ years to standardize instant messaging, and failed miserably. XMPP has been discarded by all but the most fringe players -- probably because nobody thought to bake-in security, despite the fact that we've known that security cannot be an afterthought since well before XMPP came on the scene. All of the viable consolidated chat platforms have been locked, sued, or bought out of existence, if they haven't failed on their own, and that's probably for the best as well since they stored usernames and passwords for third-party accounts.

To take some liberties with Kennedy's words: I believe that this nation should commit itself to achieving the goal, before this decade is out, of the development and ubiquitous implementation of a public IM protocol, interoperable among all platforms, with configurable end-to-end encryption, and for email as well. No single project in this period will be less impressive to mankind, or more important for the long-range security of communications; and none will be so difficult to accomplish.

That's not "social engineerineg" that's Security by letterhead.

Or T-Shirt, in this case,

Or ad blockers. Or the ridiculous piece of crap that Samsung makes that already enables MiTM attacks. https://www.schneier.com/blog/...

Samsung have heard all about the horrors of Microsoft Windows 10.

I'm not saying he's an idiot, but there's a difference between having the media's attention and being competent. For evidence, I'll provide most political campaigns.

The fact that they have the power over you is a huge injustice in and of itself, as argued by Schneier and many others: https://www.schneier.com/blog/... I reject that they're not out to get you even now, though. They're out to get you as much as they can, there's proof of it even in the history of current surveillance systems. That governments are out to get you is repeated over history again and again - the incentives are always there. The only question is, can you set up a system where it's very difficult to get you? That's the advantage of modern democracies with constitutions, when compared to other forms of rule.

Make the 81M come of the VP's bonus.

That $10 switch seems alot of like some cost reduction yahoo is calling the shots and does not want to pay for the needed costs to due it right.

I dunno... reading through the hacking team break-in (by which I mean, reading the hacker's first-person description, it's unclear to me how *anyone* could be considered responsible for these sorts of things.

The hacked system should encrypt passwords, use a salt, have offsite backups that are regularly tested... all that "of course" stuff applies.

But I'm not at all sure how having a modem or router hacked could be the responsibility of the system.

How can you tell? Is there an exploit for your high-end Juniper firewall?

The hacking-team narrative suggests that the person who did it replaced the [router?] firmware with a custom one with his own backdoor. A single 0day exploit on an internet-facing appliance.

Did someone intentionally weaken the PRNG in your Intel CPU at the mask level? Did someone replace the firmware on your hard drive? Is your BIOS compromised?

I read where someone put malware into the firmware of an intelligent *battery*.

Welcome to the future: everything has firmware, and all firmware can be reflashed by the factory.

(The update service installed when you install our product will automatically upgrade the system as needed. Just download and execute! This fixes the rendering issue in the Tagalog language pack, it's a *must have* upgrade!)

I'm not sure how anyone can guarantee their systems are secure any more.

If the State department can't secure their computers, what hope is there for regular mortals?