FIPS may not be a joke, but most government networks are, especially, but not limited to, those outside of the DOD and IC. They are (in large part), administered by people who follow proscribed procedures, not people who understand what they're doing or why. While some "rogue" administrators will implement best practices beyond those they're required to do, they are the exception, not the rule -- especially admins who actually understand what they're doing rather than overestimating their own competence, which is its own problem. One need only look at the recent public government network compromises to see the consequences of these security procedures, and then apply the iceberg principle -- for every compromise that's seen, there are almost certainly many more that go unseen.
And of course, all the best technical precautions in the world can't protect you from social engineering, insider threats, and/or 0-day exploits. If we've learned nothing else in the past year or two, it's that the deck is stacked very highly in favor of attackers, especially targeted attacks by determined state actors.
Given the above, and the high-profile targets that government networks represent, I would be surprised if most, if not all of them, have been compromised. We like to make a lot of noise about China attacking us, but we almost never mention the country known for the "best" malicious software, which is Russia. Google "Turla," or "Uroboros," for example, and they're hardly mentioned in popular media, let alone in official statements. I suspect that the Russians are either as good as us at avoiding detection, that we just don't want to rattle any sabres by mentioning them publicly, or a little of both.
I think Kaspersky was spot on when he said: "this war can't be won; it only has perpetrators and victims. Out there, all we can do is prevent everything from spinning out of control. Only two things could solve this [permanently], and both of them are undesirable: to ban computers -- or people."
Allowing a police officer to set foot in your house doesn't give them implicit permission to tear it apart. Why would this be any different? Especially after the Supreme Court ruled that warrants are required to search phones?
(Those are rhetorical questions. It would be no different.)
Also, forgot to mention the original reason I meant to reply to your post...
The theoretical work has already been done for the encryption techniques that we use, but the methods we use are completely arbitrary -- there is no "right answer" to encryption. And things like RSA have not really been proven to be unbreakable; they've just withstood known attempts to crack. Known attempts. It's important that research continues in strengthening encryption beyond simply lengthening keys and/or permutations.
I'm interested to know how running one of these apps all day affects battery life. And how (especially on an iPhone) one can verify that the app is still running.
That's a myth. It's almost always perpetuated by those making asinine claims. It's simple, you make an absurd claim and then when the reasonable people show up, you simply attack them for being "too extreme".
As with most things, I think the truth lies somewhere in the middle
Not really. It all falls under the category of "things you need to avoid because of a handicap." It's not an insult to people with epilepsy; it's just facing reality. There's no shame in admitting something is beyond our reasonable capabilities. In fact, it takes more strength to admit it, in many cases. What if she's carrying the toddler down stairs when a seizure occurs? Suddenly it's on par with being behind the wheel with the kid wearing no seatbelt.
Being responsible for one's own life is one's own responsibility, and if someone wants to do that, and can do that, then more power to them. But being responsible for someone else's life -- especially one's own child -- is something else altogether.
End to end encrypted communications are definitely troubling to purveyors of mass surveillance, but Tor is not that. We don't care (that much) about Tor, because we have the resources to compromise it, so this really says more about the limits of Russian electronic surveillance than anything else.
It's quite possibly the dumbest idea I've ever heard. While we're at it, let's create a list of houses that don't want to be robbed. Or countries that don't want to be invaded. Or people who only want to be spoken to gently.
No centralized information hosting company - not Google, Facebook, Twitter, Microsoft, or others - can solve this problem, because as you said a National Security Letter will compel them to provide the requested information or be shut down.
That's not end-to-end encryption. Only the recipient of an end-to-end encryption can decrypt the message, no matter who hosts it. There's actually a Chrome extension for it now.
Initial key exchange: How do you know whether that public key really belongs to the person you want to talk to? Physical exchange of a key? Key signature? Web of trust? Or just trust a service provider and hope for the best?
Repositories signed by CAs. See: TLS.
Key updates: Periodically, you'll need to upgrade to a longer key and a new cert. How do things work during that interim period?
Issue new key, revoke old one.
Expired certs: At some point, those keys are going to be crackable. How long do you trust the expired certs for messages that have already been received?
Never, unless the message was received before the cert expired.
Key revocation: How do handle it in a way that ensures that it can't be readily blocked without also blocking the main data channel?
By using a distributed certificate repository.
Key revocation: How do you handle the inevitable situation where someone's device dies and they don't have a copy of the original key at all?
Do nothing? The person who lost the key is SOL. Life goes on.
Key storage: What sort of protection is in place to minimize the risk of the key leaking?
Endpoint protection is not the goal of encrypted communications.
New devices: How do you migrate the key to new devices securely?
If you can't securely copy the original key for some reason, or are worried about it being intercepted, then either issue a new key, or a derived key so that the integrity of the original remains intact.
Ability to audit: How do you know that things really are being encrypted end-to-end? What about after the software gets updated?
Developers can use OSS libs, end users can sniff the traffic, and hackers gonna hack. Abuses would likely be short lived.
All of your points are important considerations, but they're no reason to prevent taking steps toward universal encryption. No system is perfect, and even in the worst case, communications would likely be significantly more secure than they are now.
Of course, this only protects against mass surveillance. Targeted surveillance, and indeed finding targets, is still possible with just metadata. Avoiding that requires anonymity to outside observers, but not to intended recipients, which is much more difficult to accomplish than end to end encryption.
He didn't forget, but it's possible he misremembered. I concede it's also possible he knowingly embellished the truth. The former is definitely not a big deal, but neither is the latter, really. At the end of the day, if he knowingly lied, it was a tall tale that didn't really affect the substance of anything. This is getting blown way out of proportion IMO.
Lie about WMDs in Iraq? Well, at least we got Saddam. Let's all laugh like a penguin. Lie about which vehicle took fire? OMG GTFO!
Of course it is editorializing. But that still is a subset of journalism.
Sorry, I meant reporting. Editorializing is not reporting, and I would argue that conflating the two, often deliberately, is one of the biggest problems with modern journalism.
Eh, I think people are too quick to judge. I don't know anyone who doesn't misremember things, especially under stress. It's when it's "I don't remember anything about that," that it becomes suspicious. Memories and fantasies (or thoughts about memories -- "what if it had happened this way?") easily become intertwined, to the point where eyewitness testimony is really the *least* reliable piece of evidence. And it's not because people are trying to lie; it's because they're not good at remembering the truth.
Watch the "Remember This!" episode of Brain Games if you can. Commentary here.
Why would you have a.onion domain AND a.com for the same site? It's a bigger risk for your users -- assuming that's why you offer it -- since if they visit your site through.com instead of.onion, their identity is (potentially) exposed.
That said, relays are nearly pointless (in that they're not the bottleneck of the network), and Tor itself is nearly pointless. Without edge security, it's little more than a feel-good effort that gives a false sense of security. https://en.wikipedia.org/wiki/...
There are ways to be anonymous, but not without a trusted intermediary and/or endpoint.
Indeed... private party sales of firearms is already a healthy, legal market. It would be stupid to sell them illegally. (Not that people don't do stupid things.)
Selling anything that requires an FFL, however, is likely to get a lot of attention very quickly, so not likely to be a sustainable business model at all.
Also Bitcoin sucks for anonymity -- you'd be better off using a prepaid debit card.
Slashdot Mirror
FIPS may not be a joke, but most government networks are, especially, but not limited to, those outside of the DOD and IC. They are (in large part), administered by people who follow proscribed procedures, not people who understand what they're doing or why. While some "rogue" administrators will implement best practices beyond those they're required to do, they are the exception, not the rule -- especially admins who actually understand what they're doing rather than overestimating their own competence, which is its own problem. One need only look at the recent public government network compromises to see the consequences of these security procedures, and then apply the iceberg principle -- for every compromise that's seen, there are almost certainly many more that go unseen.
And of course, all the best technical precautions in the world can't protect you from social engineering, insider threats, and/or 0-day exploits. If we've learned nothing else in the past year or two, it's that the deck is stacked very highly in favor of attackers, especially targeted attacks by determined state actors.
Given the above, and the high-profile targets that government networks represent, I would be surprised if most, if not all of them, have been compromised. We like to make a lot of noise about China attacking us, but we almost never mention the country known for the "best" malicious software, which is Russia. Google "Turla," or "Uroboros," for example, and they're hardly mentioned in popular media, let alone in official statements. I suspect that the Russians are either as good as us at avoiding detection, that we just don't want to rattle any sabres by mentioning them publicly, or a little of both.
I think Kaspersky was spot on when he said: "this war can't be won; it only has perpetrators and victims. Out there, all we can do is prevent everything from spinning out of control. Only two things could solve this [permanently], and both of them are undesirable: to ban computers -- or people."
http://www.spiegel.de/internat...
Allowing a police officer to set foot in your house doesn't give them implicit permission to tear it apart. Why would this be any different? Especially after the Supreme Court ruled that warrants are required to search phones?
(Those are rhetorical questions. It would be no different.)
SCOTUS already ruled on this. Welcome to 2014.
http://www.cnn.com/2014/06/25/...
Also, forgot to mention the original reason I meant to reply to your post...
The theoretical work has already been done for the encryption techniques that we use, but the methods we use are completely arbitrary -- there is no "right answer" to encryption. And things like RSA have not really been proven to be unbreakable; they've just withstood known attempts to crack. Known attempts. It's important that research continues in strengthening encryption beyond simply lengthening keys and/or permutations.
BTW, why doesn't slashdot support https yet??
They're on it, actually. Feel free to help.
http://googleonlinesecurity.bl...
I'm interested to know how running one of these apps all day affects battery life. And how (especially on an iPhone) one can verify that the app is still running.
As with most things, I think the truth lies somewhere in the middle
The word is "dumb."
https://en.wikipedia.org/wiki/...
http://www.tldp.org/HOWTO/Remo...
http://gizmodo.com/5887808/eve...
But what if I don't want to buy anything? Will I have to anyway?
Not really. It all falls under the category of "things you need to avoid because of a handicap." It's not an insult to people with epilepsy; it's just facing reality. There's no shame in admitting something is beyond our reasonable capabilities. In fact, it takes more strength to admit it, in many cases. What if she's carrying the toddler down stairs when a seizure occurs? Suddenly it's on par with being behind the wheel with the kid wearing no seatbelt.
Being responsible for one's own life is one's own responsibility, and if someone wants to do that, and can do that, then more power to them. But being responsible for someone else's life -- especially one's own child -- is something else altogether.
Problem solved.
End to end encrypted communications are definitely troubling to purveyors of mass surveillance, but Tor is not that. We don't care (that much) about Tor, because we have the resources to compromise it, so this really says more about the limits of Russian electronic surveillance than anything else.
You mean the way they've been attacking said dictators?
Oh wait.
http://thedailyshow.cc.com/vid...
It's quite possibly the dumbest idea I've ever heard. While we're at it, let's create a list of houses that don't want to be robbed. Or countries that don't want to be invaded. Or people who only want to be spoken to gently.
It's Airdogs all the way down!
People do care, actually. They don't know what they can do about it though.
https://www.eff.org/deeplinks/...
That's not end-to-end encryption. Only the recipient of an end-to-end encryption can decrypt the message, no matter who hosts it. There's actually a Chrome extension for it now.
https://github.com/google/end-...
Granted, public key distribution should be decentralized, but that's not an insurmountable problem.
Repositories signed by CAs. See: TLS.
Issue new key, revoke old one.
Never, unless the message was received before the cert expired.
By using a distributed certificate repository.
Do nothing? The person who lost the key is SOL. Life goes on.
Endpoint protection is not the goal of encrypted communications.
If you can't securely copy the original key for some reason, or are worried about it being intercepted, then either issue a new key, or a derived key so that the integrity of the original remains intact.
Ability to audit: How do you know that things really are being encrypted end-to-end? What about after the software gets updated?
Developers can use OSS libs, end users can sniff the traffic, and hackers gonna hack. Abuses would likely be short lived.
All of your points are important considerations, but they're no reason to prevent taking steps toward universal encryption. No system is perfect, and even in the worst case, communications would likely be significantly more secure than they are now.
Of course, this only protects against mass surveillance. Targeted surveillance, and indeed finding targets, is still possible with just metadata. Avoiding that requires anonymity to outside observers, but not to intended recipients, which is much more difficult to accomplish than end to end encryption.
He didn't forget, but it's possible he misremembered. I concede it's also possible he knowingly embellished the truth. The former is definitely not a big deal, but neither is the latter, really. At the end of the day, if he knowingly lied, it was a tall tale that didn't really affect the substance of anything. This is getting blown way out of proportion IMO.
Lie about WMDs in Iraq? Well, at least we got Saddam. Let's all laugh like a penguin.
Lie about which vehicle took fire? OMG GTFO!
Of course it is editorializing. But that still is a subset of journalism.
Sorry, I meant reporting. Editorializing is not reporting, and I would argue that conflating the two, often deliberately, is one of the biggest problems with modern journalism.
Here's Stewart's own explanation, though:
http://theweek.com/articles/44...
Yeah, Clorox naysayers!!!
It definitely improves my expectancy*. Until the next morning, anyway.
ex pect an cy
noun the state of thinking or hoping that something, especially something pleasant, will happen or be the case.
Eh, I think people are too quick to judge. I don't know anyone who doesn't misremember things, especially under stress. It's when it's "I don't remember anything about that," that it becomes suspicious. Memories and fantasies (or thoughts about memories -- "what if it had happened this way?") easily become intertwined, to the point where eyewitness testimony is really the *least* reliable piece of evidence. And it's not because people are trying to lie; it's because they're not good at remembering the truth.
Watch the "Remember This!" episode of Brain Games if you can. Commentary here.
Why would you have a .onion domain AND a .com for the same site? It's a bigger risk for your users -- assuming that's why you offer it -- since if they visit your site through .com instead of .onion, their identity is (potentially) exposed.
That said, relays are nearly pointless (in that they're not the bottleneck of the network), and Tor itself is nearly pointless. Without edge security, it's little more than a feel-good effort that gives a false sense of security. https://en.wikipedia.org/wiki/...
There are ways to be anonymous, but not without a trusted intermediary and/or endpoint.
Indeed... private party sales of firearms is already a healthy, legal market. It would be stupid to sell them illegally. (Not that people don't do stupid things.)
Selling anything that requires an FFL, however, is likely to get a lot of attention very quickly, so not likely to be a sustainable business model at all.
Also Bitcoin sucks for anonymity -- you'd be better off using a prepaid debit card.