Almost the first requirement and already they excluded potentially 90% of us.
"You must have a U.S. taxpayer identification number and a social security number or an employee identification number and the ability to complete required verification forms."
Coming from the UK we had this same issue more than a century ago between the 4' 8.5" (Stevenson 'what was in the colliery, seemed like a good idea') Standard Gage and the GWR 7 foot (Brunel 'Scientifically researched with the help of Charles Babbage') gage.
In the end, even though accident statistics (no GWR train ever rolled over), fuel efficiency per passenger per mile and other criteria decreed the 7 foot gage superior, the government ruled that since there was more Stevenson gage track in existence that the Brunel gage would be phased out and replaced with the new Standard gage.
I have to say that if they had gone the other way the world would be a far better place, because the wider gage would have allowed much higher speeds at an earlier epoch while affording much grater loads without the need of technology to avoid the risks of rollover. Saying that, the Bart system was an ambitious but eventually fruitless move.
If Representative Darrell Issa actually said that then it is even more proof that you cannot have a rational discussion of this subject without understanding the technology. Without that understanding almost anything you say makes you look like a buffoon.
Sure you could image the hardware and try to brute force the encryption key, it would take you Trillions of years but you could do it. Reason being that the encryption key used on the storage is derived by mixing the users unlock code AND a strong secret, held within the devices CPU, the UID (even on the 5c). Without getting a copy of that from the device as well a the encrypted storage you cannot reduce the brute force guessing to the level of the passcode, being as the UID has much of the entropy of the two.
Apple quite logically has created the hardware of the CPU so that the UID is not available to any interface only as the output from an atomic operation when it is cryptographically mixed with the passcode guess. Also NO pretty sure you cannot physically extract it by taking the CPU apart, Apple would have made decapping the CPU extremely likely to damage it a way that prevents access. Which by the way would also render the evidence suspect and open to challenge under cross examination.
Time to start developing that 'Write to be Unforgotten' search extension then.
Been planning this idea for a while and now seems the right time to do it. i.e.
Code a browser extension that using VPN tunnels to compare local and other nationality search results, adds back in redacted results with 'Locally Censored' tags, plus tag results seen locally but not elsewhere with 'Censored in: CN, EU etc'.
Also add CDN support to anonymously cache and test historical searches for global censorship.
Since many of these sites rely on their search engine rankings I bet they don't block search spiders that refuse scripting or even serve them ads as that would make their pages way too dynamic to be usefully indexed.
Thus the fourth option after Whitelist, Pay, Go-Away is change your browser's User Agent string to match that of a known search engines indexing spider.
Potentially, no more ads to block, no paywalls and also no malware because that stuff tries hard not to be noticed by the search engines and thus get the site blacklisted.
*Double daylight savings time stats for the two periods in history when it was tested in UK. *Cubic spline curves on highway exits to reduce normal road entry speeds. *Progressive noise strips on roundabout entries. *Removal of curbs on shopping streets etc.
All these 'experiments' that 'proved' their worth statistically, partly relied upon the introduction of something unfamiliar to the road user, which in turn promoted unease and inherently better observation. Unfortunately, after introduction and a suitable period of use they became familiar and their benefit was either nullified or in some cases resulted in greater road carnage.
Someone once said that over time the motorcar has become safer with seat belts, airbags, disk breaks, wide tires etc. Which resulted in such a feeling of well being that drivers drove progressively faster and more dangerously. The suggestion then was to remove the seat belts and airbags and replace them with a 6 inch metal spike sticking out of the steering wheel. This would theoretically cause drivers to be much more cautious of speed lest they be impaled. Anyone want to do a double-blind statistical study?
But did the BBFC really watch all 10 hours, or just use run it a high speed looking for a scene change. If it were me making this film I would definitely have put in some siliceous scenes of single or double frames (1/24s. 1/12s) with perhaps the occasional obscene word displayed subliminally (5% contrast) to see if they are on their toes.
If not, then HEY we just got smut past the censors, WIN!
Every time some politician makes a promise like this I always think, Sure but because of globalisation it will always be the smaller part of the company that resides in the first world. Therefore the logical outcome to any single government's moves against a corporation would be the decamping of said corporation to another jurisdiction. i.e. Apple would move out of the US entirely and place their headquarters in a more friendly nation.
As was pointed out by a commenter earlier when Bruce Schneier posted this.
This whole hypothetical is moot and has already been attempted for DMCA and Child Porn cases. This is because Deduplication is a feature of any large file sharing entity gmail included as drive space is not free.
Because of deduplication there will only ever be one copy of the relevant file clusters in existence and a table of assignments for which messages and or accounts to apply it too. Thus given an example of the file or the list of cluster hashes and a simple court order a company can expunge the one copy and/or return the list of holders with their association / upload / download dates.
Now one key issue would be that even a single bit changed in the file (mentioned in the article) would change the file hash and probably 50% of the bits in the specific cluster would flip. But for larger files >10MB it may be sufficient to match a percentage of cluster hashes and then inspect the misses further.
That said a savvy antagonist would recognise the above and suggest ways to defeat deduplication, even without using anything fancy. For a text file, simply running it through a compression algorithm would change it sufficiently and if you use one that does encryption correctly then each encipherment, even with the same key, would result in a different file. Plus since you are not actually interested in securing the file you could include the password as the filename.
I wonder if them asking you to turn off your adblocker and then serving you malware (an acknowledged reason people use adblockers to avoid) makes them at least partly culpable for any resulting infection?
If not then next time I see one of these notices I will drop them an email with my Terms Of Servicing for them to agree too before I disable my malware protector (adblocker).
Similar to the recent 48 hour whatapp injunction in Brazil (which was overruled after 12 hours), trying to punish a company offering a free service for not complying to evidential requests will only end up punishing the populus i.e. VOTERS.
I can see that issuing an interception warrant across borders is difficult, but mandating a deviation to accepted law of the targeted nation will only end up getting your warrants overruled.
Since I don't assume for a femto-second that you are unversed in technology or have at your back a multitude of technical advisors, as does your brethren across all parties. I am only left to assert that you are being disingenuous at best or a bold faced liar at worst for suggesting that government needs a "work around" for encryption to address current international criminal conspiracies. You know as well as I that such a thing is IMPOSSIBLE. It is especially IMPOSSIBLE in reference to the high value targets that you and your like have already declared, because they will never use cryptographic products that any government has a "work around" for. I speak specifically of all the Open Source, independently internationally vetted products that are available to any person with access to an internet connection.
I am only left to assume that should you get your wish of a "work around" that it could only be applied to the low-hanging-fruit of those citizens or otherwise, unversed in Operational Security who would trust encryption suspected to have a "work around" included. i.e. Wannabe criminal idiots, Minor Agitators and the general Citizenry.
We are Pseudonymous, we are Elsewhere, we sometimes Forget but we never Forgive (especially at polling time).
--- BTW: I give this post free of copyright to all, just replace the quoted portion with your detected dumb-assery quote of choice ---
Perhaps the bug is really a hidden feature, only revealed by accident. ( This is a shoe in for a Bruce Schneier's Movie Plot Scenario )
Deeply buried in the ADS-B firmware is an emergency setting which, should the Department of Homeland Security get a credible security theatre warning that criminals with smartphones and GPS guided drones are planning to bring down airliners. All airliners with updated ADS-B firmware will report their position as exactly 70nm away from their real position on a pseudo-randomly generated bearing keyed on the date. Thus all participating aircraft are equally displaced in the same direction by the same amount.
As to them darn foreigners, well we shoot them down first to clear the skies lest our majestic fleet become damaged.
Remember though with all these historical figures they always represent a gross oversimplification of history & in many cases it was the first to publish not necessarily the first to invent that is celebrated e.g.
Newton actually used the phrase "On the shoulders of giants" as partly self deprecation, partly insult of the real sage of his work in optics while his work on infinitesimals was predated by Leibniz.
Marconi only implemented the discoveries of Hertz, Orstead and others while ensuring he got the money up front and patented everything.
Edison basically stole and bullied his way to the top more by the perspiration of those he employed than his own inspiration
Graham-Bell was actually the 3rd person to invent the method of carrying voice over wires. Even the US congress acknowledges that Antonio Meucci was the first inventor 26 years before Bell.
The Wright Brothers were only able to claim first powered flight because several years earlier British inventor Percy Pilcher was killed demonstrating his glider to investors in an effort to get funds for his final tests of his powered aircraft.
How is this different from Andrew Carnegie? He gave from his personal assets and set up an off the books company to manage his donation whims. Some of those donations were to for-profit companies, some to existing trusts and some were to individuals on the basis that they would set up a trust. Unfortunately Carnegie did not have the benefit of the current LLC process, so a percentage of all those that were deemed investments ended up in the coffers of the federal government, where most of it would go on pork projects. How much more could he have done if he'd had the benefits of Zuk'.
I take Mr Beard's comments at face value, that his company can offer lawful intercept without back doors. Unfortunately this has nothing whatsoever in common with the statements made by Apple and others.
You see Blackberry has a unique position in the market, it being not just the manufacturer but also the network operator. Thus for most normal Blackberry users (non-corporate), their secure end to end communications begin and end at Blackberry's servers. Also their device encryption software has at least one known weakness to offline brute force cracking so perhaps there are more.
All this means that what Blackberry is really saying is that, since they control the communication keys and made a less than perfect encryption product they can offer lawful interception where other vendors had to rely of real hardware device encryption and end-too-end communications.
BTW, Apple does not get off scot free here as its Imessage product can offer lawful intercept, just not decryption after the fact because they too control which keys are used to encrypt which iMessage.
OK lets accept for not that CMU did not receive payment for their data and that they only gave up their data upon subpoena, it really was just icing to the real issue. That of the un-ethical disclosure of peoples private data resulting in an indirect FBI evidential fishing exercise, which is allowed in discovery unless the evidential collection is prompted (hence the $1) which would render it 'fruit of the poisoned three' and why there is perhaps so much emphasis being placed upon payment.
Remember this, any entity involved in security research or even just a business can be subpoenaed for their data and required by law to not disclose the fact of the request. Further, resisting such requests can lead to extended legal difficulties; just ask Ladar Levison ( https://en.wikipedia.org/wiki/... ).
So what CMU did wrong here (if current evidence is correct) was to collect and keep significant personal information as a result of their 'Research', which is incompatible with what security research is about. If there had been an Ethical Review Board of the ongoing CMU research this should have been noticed and changes made.
Thus, what could CMU have done.
* They could have set up an internal Review Board to review the ethical, legal and other issues of such research {they admit they did not} *They could have designed the data collection part of their exploit to anonymize data such that connection inferences can be made without disclosing actual IP addresses ( simply make a salted hash of each IP address ) {they did not}. * They could have limited collection to just what was needed to prove the exploit and then shut it down {they did not}, instead they ran it for over 3 months. * Upon proving the method they could have immediately followed responsible disclosure and briefed TOR group {they did not} * If the research was launched initially by an FBI request or similar, they should have taken legal advice and realised that they could not do this ethically or follow the above and thus NOT agreed to do it {Clearly if so, they failed}
So in closing take note, in the current legal and criminal climate DON'T collect and store unnecessary information unless you can prove that you can protect it from disclosure in untargeted extralegal ways, lest you and your establishment end up be in hot water ( see Sony, Ashley Madison, CMU, NSA etc etc)
OK, I get your point. But to be pedantic that is not true.
The strongest form of encryption is the One Time Pad. When used correctly it would be impossible without the key material to decrypt successfully. This is because from the ciphertext all plaintext strings are equally likely to be the decrypted message. Thus if you worked for an infinite time you would produce all possible plane texts of the length of the encrypted message, but you would not know which was the one sent.
Now OTP is really difficult to do properly because of the need to have a true random key the length of your message that is only known to the sender and recipient. But many modern forms of encryption are designed to share this fundamental property of indeterminacy of plaintexts, thus with this simple example many forms of encryption are effectively unbreakable without knowing some other information that would weaken the security model anyway.
The cat is out of the bag, that train has left the station and other sayings.
You cannot mandate against an idea, encryption is out there, we all rely on it increasingly to manage our very existence. If you mandate that industry weakens the end-to-end secure model then bad things will happen, first the public will make losses, then industry will loose customers and finally the industry donations to the pocket books of politicians and come election time, they will loose.
Which means any politician who suggests this is either a) deluded, b) working for the criminals, c) using it as a false flag to cover something else, in all cases they are automatically unelectable.
Make this clear to your MP that any suggestions like this are an affront to a free and democratic society and will not be tolerated.
I'm in canada, where prime video is not available on any device unless I lie about my location and/or use a VPN. As such removing from sale devices that do not support a format that I cannot use from their store only succeeds in ensuring they will not get my business for these devices.
If this post is a true reflection of the source material then its a Load of Fetted Dingoes Kidneys.
"Netcraft confirms many U.S. Department of Defense websites, including a remote access service used by the Missile Defense Agency, are more vulnerable to man-in-the-middle attacks than most consumer websites." - True but not by enough to matter unless you can utilize the worlds GRP in processors.
"even though NIST banned new use of this signature algorithm two years ago." - Not banned, deprecated & there is an application in the works to continue issuance until the end of 2016.
"vulnerable to attack by enemy governments and criminals who can stump up enough cash ($75,000) to crack the certificates." - That is a gross underestimate by many many orders of magnitude. The figure I guess comes from the recent paper where the researches spent about this much to generate a collision for the most inner part of the algorithm, that was NOT against the entire signature function which would be orders of magnitude more costly in processing time.
The security issues are not even needed to get over-billed in Canada. With stock Android 5.1 or above (including the latest Marshmallow), use on either of the two main budget carriers can result in roaming data charges even when roaming data is disabled.
In seams, because of a programming decision as to how Android tells if it is roaming inside of a shared NVNO region and the odd decision of these two carriers to mimic in network names when using partner carriers the phone will ignore the users selection to not use roaming data and thus incur charges in the range of $1/MB.
I would say it made buildings over 10 stories practicable, but note that there were elevators before Otis, the Paternoster continuous elevator for example and Otis were initially freight only. The key question though it what technology did Otis disrupt? What form of business model did having taller buildings with easy access make less tenable?
The refrigerator is a great disruptive technology for the early 20th Century, here is a list of others by the century they gained wider use and what they disrupted:-
Mid 19th Century: The Flush Toilet: replaced in a stroke the use of pit drop toilets when coupled to a sewer and disrupted completely the work of Gong Scourers, who's job it was to be paid to regularly clean out cesspits, cart away the waste and sell it to market gardeners outside of the growing cities. Hence the phrase "Where there's much there's brass"
Mid to late 19th Century: Municipal long distance sewers an sewage treatment: In London UK disrupted the spread of waterborne disease and the livelyhood of any physician or peddler selling posies and possets to cover the smell on the mistaken belief that these diseases were airborne or Miasmic Diseases.
Mid 15th Century: Movable Type Printing Press: Initially disrupted the hand written indulgence business the church had going by drastically reducing the costs of buying your way out of purgatory, then disrupted practically everything to do with knowledge transfer.
That is a good start I'm sure others can continue the thread. You know there may be a book in this!
Slashdot Mirror
Almost the first requirement and already they excluded potentially 90% of us.
"You must have a U.S. taxpayer identification number and a social security number or an employee identification number and the ability to complete required verification forms."
Coming from the UK we had this same issue more than a century ago between the 4' 8.5" (Stevenson 'what was in the colliery, seemed like a good idea') Standard Gage and the GWR 7 foot (Brunel 'Scientifically researched with the help of Charles Babbage') gage.
In the end, even though accident statistics (no GWR train ever rolled over), fuel efficiency per passenger per mile and other criteria decreed the 7 foot gage superior, the government ruled that since there was more Stevenson gage track in existence that the Brunel gage would be phased out and replaced with the new Standard gage.
I have to say that if they had gone the other way the world would be a far better place, because the wider gage would have allowed much higher speeds at an earlier epoch while affording much grater loads without the need of technology to avoid the risks of rollover. Saying that, the Bart system was an ambitious but eventually fruitless move.
If Representative Darrell Issa actually said that then it is even more proof that you cannot have a rational discussion of this subject without understanding the technology. Without that understanding almost anything you say makes you look like a buffoon.
Sure you could image the hardware and try to brute force the encryption key, it would take you Trillions of years but you could do it. Reason being that the encryption key used on the storage is derived by mixing the users unlock code AND a strong secret, held within the devices CPU, the UID (even on the 5c). Without getting a copy of that from the device as well a the encrypted storage you cannot reduce the brute force guessing to the level of the passcode, being as the UID has much of the entropy of the two.
Apple quite logically has created the hardware of the CPU so that the UID is not available to any interface only as the output from an atomic operation when it is cryptographically mixed with the passcode guess. Also NO pretty sure you cannot physically extract it by taking the CPU apart, Apple would have made decapping the CPU extremely likely to damage it a way that prevents access. Which by the way would also render the evidence suspect and open to challenge under cross examination.
Time to start developing that 'Write to be Unforgotten' search extension then.
Been planning this idea for a while and now seems the right time to do it. i.e.
Code a browser extension that using VPN tunnels to compare local and other nationality search results, adds back in redacted results with 'Locally Censored' tags, plus tag results seen locally but not elsewhere with 'Censored in: CN, EU etc'.
Also add CDN support to anonymously cache and test historical searches for global censorship.
Anyone interested in assisting or Beta-Testing?
Since many of these sites rely on their search engine rankings I bet they don't block search spiders that refuse scripting or even serve them ads as that would make their pages way too dynamic to be usefully indexed.
Thus the fourth option after Whitelist, Pay, Go-Away is change your browser's User Agent string to match that of a known search engines indexing spider.
Potentially, no more ads to block, no paywalls and also no malware because that stuff tries hard not to be noticed by the search engines and thus get the site blacklisted.
Same thing here I suspect as with:
*Double daylight savings time stats for the two periods in history when it was tested in UK.
*Cubic spline curves on highway exits to reduce normal road entry speeds.
*Progressive noise strips on roundabout entries.
*Removal of curbs on shopping streets
etc.
All these 'experiments' that 'proved' their worth statistically, partly relied upon the introduction of something unfamiliar to the road user, which in turn promoted unease and inherently better observation. Unfortunately, after introduction and a suitable period of use they became familiar and their benefit was either nullified or in some cases resulted in greater road carnage.
Someone once said that over time the motorcar has become safer with seat belts, airbags, disk breaks, wide tires etc. Which resulted in such a feeling of well being that drivers drove progressively faster and more dangerously. The suggestion then was to remove the seat belts and airbags and replace them with a 6 inch metal spike sticking out of the steering wheel. This would theoretically cause drivers to be much more cautious of speed lest they be impaled. Anyone want to do a double-blind statistical study?
But did the BBFC really watch all 10 hours, or just use run it a high speed looking for a scene change. If it were me making this film I would definitely have put in some siliceous scenes of single or double frames (1/24s. 1/12s) with perhaps the occasional obscene word displayed subliminally (5% contrast) to see if they are on their toes.
If not, then HEY we just got smut past the censors, WIN!
Every time some politician makes a promise like this I always think, Sure but because of globalisation it will always be the smaller part of the company that resides in the first world. Therefore the logical outcome to any single government's moves against a corporation would be the decamping of said corporation to another jurisdiction. i.e. Apple would move out of the US entirely and place their headquarters in a more friendly nation.
As was pointed out by a commenter earlier when Bruce Schneier posted this.
This whole hypothetical is moot and has already been attempted for DMCA and Child Porn cases. This is because Deduplication is a feature of any large file sharing entity gmail included as drive space is not free.
Because of deduplication there will only ever be one copy of the relevant file clusters in existence and a table of assignments for which messages and or accounts to apply it too. Thus given an example of the file or the list of cluster hashes and a simple court order a company can expunge the one copy and/or return the list of holders with their association / upload / download dates.
Now one key issue would be that even a single bit changed in the file (mentioned in the article) would change the file hash and probably 50% of the bits in the specific cluster would flip. But for larger files >10MB it may be sufficient to match a percentage of cluster hashes and then inspect the misses further.
That said a savvy antagonist would recognise the above and suggest ways to defeat deduplication, even without using anything fancy. For a text file, simply running it through a compression algorithm would change it sufficiently and if you use one that does encryption correctly then each encipherment, even with the same key, would result in a different file. Plus since you are not actually interested in securing the file you could include the password as the filename.
I wonder if them asking you to turn off your adblocker and then serving you malware (an acknowledged reason people use adblockers to avoid) makes them at least partly culpable for any resulting infection?
If not then next time I see one of these notices I will drop them an email with my Terms Of Servicing for them to agree too before I disable my malware protector (adblocker).
Similar to the recent 48 hour whatapp injunction in Brazil (which was overruled after 12 hours), trying to punish a company offering a free service for not complying to evidential requests will only end up punishing the populus i.e. VOTERS.
I can see that issuing an interception warrant across borders is difficult, but mandating a deviation to accepted law of the targeted nation will only end up getting your warrants overruled.
Ms Fiorina,
Since I don't assume for a femto-second that you are unversed in technology or have at your back a multitude of technical advisors, as does your brethren across all parties. I am only left to assert that you are being disingenuous at best or a bold faced liar at worst for suggesting that government needs a "work around" for encryption to address current international criminal conspiracies. You know as well as I that such a thing is IMPOSSIBLE. It is especially IMPOSSIBLE in reference to the high value targets that you and your like have already declared, because they will never use cryptographic products that any government has a "work around" for. I speak specifically of all the Open Source, independently internationally vetted products that are available to any person with access to an internet connection.
I am only left to assume that should you get your wish of a "work around" that it could only be applied to the low-hanging-fruit of those citizens or otherwise, unversed in Operational Security who would trust encryption suspected to have a "work around" included. i.e. Wannabe criminal idiots, Minor Agitators and the general Citizenry.
We are Pseudonymous, we are Elsewhere, we sometimes Forget but we never Forgive (especially at polling time).
--- BTW: I give this post free of copyright to all, just replace the quoted portion with your detected dumb-assery quote of choice ---
Perhaps the bug is really a hidden feature, only revealed by accident. ( This is a shoe in for a Bruce Schneier's Movie Plot Scenario )
Deeply buried in the ADS-B firmware is an emergency setting which, should the Department of Homeland Security get a credible security theatre warning that criminals with smartphones and GPS guided drones are planning to bring down airliners. All airliners with updated ADS-B firmware will report their position as exactly 70nm away from their real position on a pseudo-randomly generated bearing keyed on the date. Thus all participating aircraft are equally displaced in the same direction by the same amount.
As to them darn foreigners, well we shoot them down first to clear the skies lest our majestic fleet become damaged.
Remember though with all these historical figures they always represent a gross oversimplification of history & in many cases it was the first to publish not necessarily the first to invent that is celebrated e.g.
Newton actually used the phrase "On the shoulders of giants" as partly self deprecation, partly insult of the real sage of his work in optics while his work on infinitesimals was predated by Leibniz.
Marconi only implemented the discoveries of Hertz, Orstead and others while ensuring he got the money up front and patented everything.
Edison basically stole and bullied his way to the top more by the perspiration of those he employed than his own inspiration
Graham-Bell was actually the 3rd person to invent the method of carrying voice over wires. Even the US congress acknowledges that Antonio Meucci was the first inventor 26 years before Bell.
The Wright Brothers were only able to claim first powered flight because several years earlier British inventor Percy Pilcher was killed demonstrating his glider to investors in an effort to get funds for his final tests of his powered aircraft.
Tesla, well OK you got me on that one.
How is this different from Andrew Carnegie? He gave from his personal assets and set up an off the books company to manage his donation whims. Some of those donations were to for-profit companies, some to existing trusts and some were to individuals on the basis that they would set up a trust. Unfortunately Carnegie did not have the benefit of the current LLC process, so a percentage of all those that were deemed investments ended up in the coffers of the federal government, where most of it would go on pork projects. How much more could he have done if he'd had the benefits of Zuk'.
I take Mr Beard's comments at face value, that his company can offer lawful intercept without back doors. Unfortunately this has nothing whatsoever in common with the statements made by Apple and others.
You see Blackberry has a unique position in the market, it being not just the manufacturer but also the network operator. Thus for most normal Blackberry users (non-corporate), their secure end to end communications begin and end at Blackberry's servers. Also their device encryption software has at least one known weakness to offline brute force cracking so perhaps there are more.
All this means that what Blackberry is really saying is that, since they control the communication keys and made a less than perfect encryption product they can offer lawful interception where other vendors had to rely of real hardware device encryption and end-too-end communications.
BTW, Apple does not get off scot free here as its Imessage product can offer lawful intercept, just not decryption after the fact because they too control which keys are used to encrypt which iMessage.
OK lets accept for not that CMU did not receive payment for their data and that they only gave up their data upon subpoena, it really was just icing to the real issue. That of the un-ethical disclosure of peoples private data resulting in an indirect FBI evidential fishing exercise, which is allowed in discovery unless the evidential collection is prompted (hence the $1) which would render it 'fruit of the poisoned three' and why there is perhaps so much emphasis being placed upon payment.
Remember this, any entity involved in security research or even just a business can be subpoenaed for their data and required by law to not disclose the fact of the request. Further, resisting such requests can lead to extended legal difficulties; just ask Ladar Levison ( https://en.wikipedia.org/wiki/... ).
So what CMU did wrong here (if current evidence is correct) was to collect and keep significant personal information as a result of their 'Research', which is incompatible with what security research is about. If there had been an Ethical Review Board of the ongoing CMU research this should have been noticed and changes made.
Thus, what could CMU have done.
* They could have set up an internal Review Board to review the ethical, legal and other issues of such research {they admit they did not}
*They could have designed the data collection part of their exploit to anonymize data such that connection inferences can be made without disclosing actual IP addresses ( simply make a salted hash of each IP address ) {they did not}.
* They could have limited collection to just what was needed to prove the exploit and then shut it down {they did not}, instead they ran it for over 3 months.
* Upon proving the method they could have immediately followed responsible disclosure and briefed TOR group {they did not}
* If the research was launched initially by an FBI request or similar, they should have taken legal advice and realised that they could not do this ethically or follow the above and thus NOT agreed to do it {Clearly if so, they failed}
So in closing take note, in the current legal and criminal climate DON'T collect and store unnecessary information unless you can prove that you can protect it from disclosure in untargeted extralegal ways, lest you and your establishment end up be in hot water ( see Sony, Ashley Madison, CMU, NSA etc etc)
Interesting that,especially when you realise it was SpaceX's lobbying that got the existing ban enforced in the first place.
OK, I get your point. But to be pedantic that is not true.
The strongest form of encryption is the One Time Pad. When used correctly it would be impossible without the key material to decrypt successfully. This is because from the ciphertext all plaintext strings are equally likely to be the decrypted message. Thus if you worked for an infinite time you would produce all possible plane texts of the length of the encrypted message, but you would not know which was the one sent.
Now OTP is really difficult to do properly because of the need to have a true random key the length of your message that is only known to the sender and recipient. But many modern forms of encryption are designed to share this fundamental property of indeterminacy of plaintexts, thus with this simple example many forms of encryption are effectively unbreakable without knowing some other information that would weaken the security model anyway.
So basically this article: http://dspace.mit.edu/bitstrea...
The cat is out of the bag, that train has left the station and other sayings.
You cannot mandate against an idea, encryption is out there, we all rely on it increasingly to manage our very existence. If you mandate that industry weakens the end-to-end secure model then bad things will happen, first the public will make losses, then industry will loose customers and finally the industry donations to the pocket books of politicians and come election time, they will loose.
Which means any politician who suggests this is either a) deluded, b) working for the criminals, c) using it as a false flag to cover something else, in all cases they are automatically unelectable.
Make this clear to your MP that any suggestions like this are an affront to a free and democratic society and will not be tolerated.
I'm in canada, where prime video is not available on any device unless I lie about my location and/or use a VPN. As such removing from sale devices that do not support a format that I cannot use from their store only succeeds in ensuring they will not get my business for these devices.
DICK move Amazon!
If this post is a true reflection of the source material then its a Load of Fetted Dingoes Kidneys.
"Netcraft confirms many U.S. Department of Defense websites, including a remote access service used by the Missile Defense Agency, are more vulnerable to man-in-the-middle attacks than most consumer websites." - True but not by enough to matter unless you can utilize the worlds GRP in processors.
"even though NIST banned new use of this signature algorithm two years ago." - Not banned, deprecated & there is an application in the works to continue issuance until the end of 2016.
"vulnerable to attack by enemy governments and criminals who can stump up enough cash ($75,000) to crack the certificates." - That is a gross underestimate by many many orders of magnitude. The figure I guess comes from the recent paper where the researches spent about this much to generate a collision for the most inner part of the algorithm, that was NOT against the entire signature function which would be orders of magnitude more costly in processing time.
The security issues are not even needed to get over-billed in Canada. With stock Android 5.1 or above (including the latest Marshmallow), use on either of the two main budget carriers can result in roaming data charges even when roaming data is disabled.
In seams, because of a programming decision as to how Android tells if it is roaming inside of a shared NVNO region and the odd decision of these two carriers to mimic in network names when using partner carriers the phone will ignore the users selection to not use roaming data and thus incur charges in the range of $1/MB.
I would say it made buildings over 10 stories practicable, but note that there were elevators before Otis, the Paternoster continuous elevator for example and Otis were initially freight only. The key question though it what technology did Otis disrupt? What form of business model did having taller buildings with easy access make less tenable?
The refrigerator is a great disruptive technology for the early 20th Century, here is a list of others by the century they gained wider use and what they disrupted:-
Mid 19th Century: The Flush Toilet: replaced in a stroke the use of pit drop toilets when coupled to a sewer and disrupted completely the work of Gong Scourers, who's job it was to be paid to regularly clean out cesspits, cart away the waste and sell it to market gardeners outside of the growing cities. Hence the phrase "Where there's much there's brass"
Mid to late 19th Century: Municipal long distance sewers an sewage treatment: In London UK disrupted the spread of waterborne disease and the livelyhood of any physician or peddler selling posies and possets to cover the smell on the mistaken belief that these diseases were airborne or Miasmic Diseases.
Mid 15th Century: Movable Type Printing Press: Initially disrupted the hand written indulgence business the church had going by drastically reducing the costs of buying your way out of purgatory, then disrupted practically everything to do with knowledge transfer.
That is a good start I'm sure others can continue the thread. You know there may be a book in this!