Hence the keylogger/trojans. They key is in memory, all you have to do is figure out where to look (not hard at all). For VOIP, you can get your the private key person being tapped, and depending on the VOIP client, run a Man In The Middle attack, or just grab the microphone data raw, and send it out.
This is the very nature of cryptography, and the reason for the "Sneak and Peak" provisions of the Patriot Act.
When you roll out the unbreakable crypto (easy - although 1024 _may_ be crackable, 2048 is _not_ - at least yet), they wait for you to leave, break into you location, and install keyloggers, take encryption keys, add backdoors, etc. until they don't need to break your crypto.
Re:Law Enforcement and Technology
on
Feds Want to Tap VoIP
·
· Score: 5, Interesting
Not true. I have nothing to hide - I still don't wnat Uncle Sam listening to everything I do. Some of us still believe in privacy.
On a side note, sometimes people have things to hide with good reason. A number of the founding fathers lived as long as they did because of Privacy. A number of blacks were better off because records could be kept from corrupt local governments. People have been persecuted by scientology for speaking out against it - sometimes privacy is the only safeguard. Can you honestly say you trust every single person who has access to your data (government or not) to act in your best interest, or at least the best interest of the country. Here's a hint: if the government can beat it, someone else can too.
I'll take my privacy, thank you very much. The only way to stop power from being abused is to not grant it in the first place. Our society is based on individual freedom - for example, the whole "guilty until proven innocent" thing. Our constitution is set up to let the guilty go free rather than imprison the innocent, should a conflict arise. Would placing the burden of proof on the defense (or eliminating the trial altogether) mean fewer criminals went free? Of course! Would more innocent mean be imprisoned? Of course.
Is it worth it? Hardly. From what I hear, though, if you like that sort of thing, Cuba is not hard to get into.
When I'm in need of directions, I find the trolls (slightly) more useful than the bridge.
Not that I come to slashdot for directions. Talk about the blind leading the blind.
I call your BS - hours of my time each week are spent fixing failed electronics. It happens, but yeah, it's usually (but not always) because some human did something dumb.
Regardless, when (not if) something does fail, I at least want a human being having a shot at fixing it, or compensating. Beeping, blinking, or even automatically handling _most_ of the flying is fine, just leave an override. Of course, that cuts out the whole "anti-terrorism" aspect, but that simply shaves 75% off the price.
It would be unsafe if my greyhound bus refused to speed, or follow any but approved roads. The bus has a human operator, who is trained to do his job, and do it well. Some times, the bus driver needs to take an alternate route. A greyhound bus is easy to take over; I am more than willing to take that risk when I travel. Personally, I'd rather risk a hostile takeover than a bus driver who can't detour in an emergency, or even to take an alternate (faster) route.
While the airplane is quite different, one thing does not change: a human operator is trained and certified in the operation of that aircraft. Electronics can fail, and do screw up. They also have a hard time when circumstances are not normal. I want a real pilot behind the controls of any plane I fly in.
I always just hit "Start" (CTRL-ESC), "Run", and type in "calc". Works regardless of the Start Menu arrangement, and version of Windows (3.1 and earlier excluded).
To answer your question, yes, but... 1) Quality. It sucks. It's not worth it. 2) Drivers. They suck. Don't plan on using it under Linux. 3) Bandwidth. USB doesn't have very good bandwidth, and as such, it sucks.
Because they go after people who are _sharing_. If nobody can find you, you aren't sharing.
They simply have their own fake kazaa client, and do a search. If you have the song they search for, and they decide they don't like you, they sue you.
Using port XX won't help you - they just do a search
Ok, so you can write code easier, but most of the computer users can't run it? Or perhaps you use java, requiring a slow, bloated VM? Or perhaps you write it in ANSI C, but are careful to avoid use of the APIs, limiting you to a serious subset of either OSes potential.
If this is for in-house uses, or for unix/linux machines, then it would make some sense. Otherwise, it just sounds dumb.
Kind of like learning.NET and writing.NET applications, when nearly 70% of the web servers out there use Apache. Sure, in some cases it makes sense. In most instances, it's just less compatible, while a lot more expensive.
Besides, what can you do in MacOS that you can't do in linux? Photoshop, perhaps, hut what else?
Do jack after it's reverse-engineered, and crammed into an emulator. All that is then necessary is the extraction of an approved key. Emulate any hardware which has "trusted" drivers.
To combat this kind of attack, software producers will almost certainly switch to some form of watermarking, to allow them to blacklist any compromised keys. Heck, DivX already watermarks all decoded output.
One of the nice things about an emulator is that you can do very fun things with it. Among other things, I've patched Bochs to allow me to make a script for a particular program, with instructions. When it reaches a certain point in memory, it ignores the instructions present in the program, and runs the one in the script. Any CRC check will pass, but if I re-write the watermarking code, effectivly removing it, the program will not be able to tell that it has ever been modified, making it impossible for the program to tell it has been modified. And yeah, the program is encrypted, but the emulator memory can be dumped, and the program extracted. Once it's decrypted, neutering it is easy.
I have a friend who is one of the engineers working on "Trusted Computing". TCPA will fail; we will help it happen.
The annoying thing was that every one else's grade was changed just a little. I had had a number of 0s (sickness) which were all changed to 100s. Of course, the reason they targeted me was most likely the fact that I had talked in class for a bit about hardware keyloggers.
http://www.tmda.net
It's here, it works great, and if you want a plug and play solution, I can hook ya up at a great price:)
No seriously, though, I use it, and check my pending mail about once a week. I haven't missed one important email, or gotten more than 2 spams a month.
"or they're snotty brats who distrust their overbearing and indifferent parents, who will lie to you at every opportunity, and who will bend with the winds of peer pressure"
Not necessarily. I may lie to my parents way too often, and my parents may be overbearing, oppressive and often indifferent, but I do _not_ bow to peer pressure, nor do I really care what my peers think.
"But fortunately, little kids won't know how to circumvent firewalls, and they don't need computers in their rooms."
Won't know how to circumvent firewalls? I compromised my first access control system in second grade. (No, we didn't have the internet at the time). For some parents, they would need the child's help just to install the firewall.
I've had this happen to me personally. I was in a class where 5 people's grades were changed, including mine. The instructor basically said "you're the only one smart enough, so you're it." And being the CS student who has been paid to do security audits doesn't help.
Slashdot Mirror
Hence the keylogger/trojans. They key is in memory, all you have to do is figure out where to look (not hard at all). For VOIP, you can get your the private key person being tapped, and depending on the VOIP client, run a Man In The Middle attack, or just grab the microphone data raw, and send it out.
This is the very nature of cryptography, and the reason for the "Sneak and Peak" provisions of the Patriot Act.
When you roll out the unbreakable crypto (easy - although 1024 _may_ be crackable, 2048 is _not_ - at least yet), they wait for you to leave, break into you location, and install keyloggers, take encryption keys, add backdoors, etc. until they don't need to break your crypto.
Not true. I have nothing to hide - I still don't wnat Uncle Sam listening to everything I do. Some of us still believe in privacy.
On a side note, sometimes people have things to hide with good reason. A number of the founding fathers lived as long as they did because of Privacy. A number of blacks were better off because records could be kept from corrupt local governments. People have been persecuted by scientology for speaking out against it - sometimes privacy is the only safeguard. Can you honestly say you trust every single person who has access to your data (government or not) to act in your best interest, or at least the best interest of the country. Here's a hint: if the government can beat it, someone else can too.
I'll take my privacy, thank you very much. The only way to stop power from being abused is to not grant it in the first place. Our society is based on individual freedom - for example, the whole "guilty until proven innocent" thing. Our constitution is set up to let the guilty go free rather than imprison the innocent, should a conflict arise. Would placing the burden of proof on the defense (or eliminating the trial altogether) mean fewer criminals went free? Of course! Would more innocent mean be imprisoned? Of course.
Is it worth it? Hardly. From what I hear, though, if you like that sort of thing, Cuba is not hard to get into.
PDF? sxc? Sure people need openoffice to open it, but isn't that a good thing?
When I'm in need of directions, I find the trolls (slightly) more useful than the bridge. Not that I come to slashdot for directions. Talk about the blind leading the blind.
All except the ones they've been doing for the past hundred-some odd years before the computer.
Bseides, last I checked, my fingers are analog.
Nah, no need to patch. My cronjob already emerged the latest kernel automatically.
I call your BS - hours of my time each week are spent fixing failed electronics. It happens, but yeah, it's usually (but not always) because some human did something dumb.
Regardless, when (not if) something does fail, I at least want a human being having a shot at fixing it, or compensating. Beeping, blinking, or even automatically handling _most_ of the flying is fine, just leave an override. Of course, that cuts out the whole "anti-terrorism" aspect, but that simply shaves 75% off the price.
Was this one of the usual "inform, wait, release" cases, or is this one of those "oh crap! time for a fix!" cases.
In other words, should I, Joe Schmoe SysAdmin be afraid of the script kiddies yet?
It would be unsafe if my greyhound bus refused to speed, or follow any but approved roads. The bus has a human operator, who is trained to do his job, and do it well. Some times, the bus driver needs to take an alternate route. A greyhound bus is easy to take over; I am more than willing to take that risk when I travel. Personally, I'd rather risk a hostile takeover than a bus driver who can't detour in an emergency, or even to take an alternate (faster) route.
While the airplane is quite different, one thing does not change: a human operator is trained and certified in the operation of that aircraft. Electronics can fail, and do screw up. They also have a hard time when circumstances are not normal. I want a real pilot behind the controls of any plane I fly in.
So go buy one of these on your own. There is no reason to have it forced on the rest of us.
I always just hit "Start" (CTRL-ESC), "Run", and type in "calc". Works regardless of the Start Menu arrangement, and version of Windows (3.1 and earlier excluded).
To answer your question, yes, but...
1) Quality. It sucks. It's not worth it.
2) Drivers. They suck. Don't plan on using it under Linux.
3) Bandwidth. USB doesn't have very good bandwidth, and as such, it sucks.
Well, they have a ton of bandwidth - what else are they going to do with it? Give it to their users? Ha.
3) Both.
Because they go after people who are _sharing_. If nobody can find you, you aren't sharing.
They simply have their own fake kazaa client, and do a search. If you have the song they search for, and they decide they don't like you, they sue you.
Using port XX won't help you - they just do a search
Ok, so you can write code easier, but most of the computer users can't run it? Or perhaps you use java, requiring a slow, bloated VM? Or perhaps you write it in ANSI C, but are careful to avoid use of the APIs, limiting you to a serious subset of either OSes potential.
.NET and writing .NET applications, when nearly 70% of the web servers out there use Apache. Sure, in some cases it makes sense. In most instances, it's just less compatible, while a lot more expensive.
If this is for in-house uses, or for unix/linux machines, then it would make some sense. Otherwise, it just sounds dumb.
Kind of like learning
Besides, what can you do in MacOS that you can't do in linux? Photoshop, perhaps, hut what else?
Yeah, I have karma to burn.
RAM is cheap. Get 2 gigs of it. It'll change your life.
Amen.
Having a 1TB Raid 0 array has the same effect.
Trusted Computing Will Not:
Do jack after it's reverse-engineered, and crammed into an emulator. All that is then necessary is the extraction of an approved key. Emulate any hardware which has "trusted" drivers.
To combat this kind of attack, software producers will almost certainly switch to some form of watermarking, to allow them to blacklist any compromised keys. Heck, DivX already watermarks all decoded output.
One of the nice things about an emulator is that you can do very fun things with it. Among other things, I've patched Bochs to allow me to make a script for a particular program, with instructions. When it reaches a certain point in memory, it ignores the instructions present in the program, and runs the one in the script. Any CRC check will pass, but if I re-write the watermarking code, effectivly removing it, the program will not be able to tell that it has ever been modified, making it impossible for the program to tell it has been modified. And yeah, the program is encrypted, but the emulator memory can be dumped, and the program extracted. Once it's decrypted, neutering it is easy.
I have a friend who is one of the engineers working on "Trusted Computing". TCPA will fail; we will help it happen.
TEP is "The Exchange Project", now known as osCommerce.
The annoying thing was that every one else's grade was changed just a little. I had had a number of 0s (sickness) which were all changed to 100s. Of course, the reason they targeted me was most likely the fact that I had talked in class for a bit about hardware keyloggers.
http://www.tmda.net It's here, it works great, and if you want a plug and play solution, I can hook ya up at a great price :)
No seriously, though, I use it, and check my pending mail about once a week. I haven't missed one important email, or gotten more than 2 spams a month.
By all means tax that! We've been looking for years to get a better replacement for SMTP. Finally, people would actually have a reason to switch.
"or they're snotty brats who distrust their overbearing and indifferent parents, who will lie to you at every opportunity, and who will bend with the winds of peer pressure"
Not necessarily. I may lie to my parents way too often, and my parents may be overbearing, oppressive and often indifferent, but I do _not_ bow to peer pressure, nor do I really care what my peers think.
"But fortunately, little kids won't know how to circumvent firewalls, and they don't need computers in their rooms."
Won't know how to circumvent firewalls? I compromised my first access control system in second grade. (No, we didn't have the internet at the time). For some parents, they would need the child's help just to install the firewall.
I've had this happen to me personally. I was in a class where 5 people's grades were changed, including mine. The instructor basically said "you're the only one smart enough, so you're it." And being the CS student who has been paid to do security audits doesn't help.