Did the Queensland Police hack any computers? They appear to have simply sent emails containing links. When the link was clicked, the IP address of the mail client as recorded.
From the TLA:
>> Details on how exactly this was achieved are limited, but according to a court document from another case,
>> “When a user clicked on that hyperlink, the user was advised that the user was attempting to open a video
>> file from an external website. If the user chose to open the file, a video file containing images of child pornography
>> began to play, and the FLA [foreign law enforcement agency] captured and recorded the IP address of the user accessing the file.”
So it doesn't appear that any code was inserted into the target computer. The offenders didn't follow good opsec - they clicked on a link while they were not connected to a TOR proxy.
As for jurisdiction - it appears that the server was moved to Brisbane. Again from the TLA:
>> At one point, The Love Zone server was also reportedly moved to Brisbane, giving Task Force Argos,
>> the Queensland Police Service unit that took over the site, access to every private message on the site.
If the server was located in Queensland, then Queensland court orders could legitimately apply to it. So no evidence of hacking or of extra-territoriality. Move along folks, no misconduct, just good police work.
It's weird that PHK framed it this way, but he's on the right track, regardless. Compromised entropy is one of the largest persistent attack surfaces in the state surveillance war. It's darn hard to notice when your client-side random key is leaking key space from prior exchanges, unless we're all running perfectly vetted software every day of the week and twice on Sunday and nothing bad ever happens to the golden master distribution chain. Developers never lose their private keys...
Compromising the entropy of 100 major web sites (Google, Yahoo, MS, etc) may be possible. Compromising the entropy of hundreds of millions of clients would be vastly more difficult. OK, the evil government may persuade MS to modify every copy of Windows - after they tried that years ago with US vs Export versions of crypto - but what about Linux and other open source OS's? Any attempt to play with the client side of crypto is going to get noticed very quickly.
As for compromised private keys, yes it can happen, but only on a small scale. All serious SSL crypto (banks, Gmail etc) is done using Hardware Security Modules. HSM's store the private keys securely, performing all key operations internally. The only time the private key will leave the HSM is when it's backed up onto a smart card (which is itself a form of HSM). So large scale compromising of Private Keys is not practical.
Alternatively, the Evil Government could theoretically persuade Google, Yahoo et al to use one of a number of pre-approved Private Keys. Even that would be noticed very quickly. There are a number of monitoring sites which collect X.509 certificates regularly for most major sites. We are looking for forged certificates being used for Man in the Middle Attacks. So if a key is ever used across multiple web sites it will be detected very quickly.
I still think the whole scenario is a Movie Plot Threat.
In SSL, the symmetric key is already chosen by the client.
This whole story is bullshit. It's an example of what Bruce Schneier calls a Movie Plot Threat, only this time instead of being a terrorist attack, it's based on an evil government threat. This particular scenario is rubbish.
Places like Africa, India, and Papua New Guinea have a lot of spoken languages, but there is _ONE_ big problem - that's all they have, spoken words, no written word, no way to jot down what they say on paper, et cetera
Total, utter poppycock.
How can you educate children using a second language? Educators found generations ago that teaching in a language other than the child's first language simply does not work for young children. So, to teach the child, books and other material written in their native language, which requires a written form - an orthography - has to have been developed.
Here in Australia, two generations of linguist graduate students (from the 1950's onwards) were employed creating written forms of the various Aboriginal languages. They recorded words (dictionaries) and grammar. They wrote down the local tribes children's stories. They translated the standard primary school texts into the local language. All of this is essential to run a primary-level education system. Similar programs have run in PNG, Canada, Central America and Africa over the last fifty years.
I agree. I work for a water utility and making any changes to our system requires us to physically report to the locked, alarmed office and access (through password login) a scada computer terminal, or to report to the facility in question and log in there. I often wish I could at least access current complete "read only" system data on my phone or computer so that when I'm paged by the system and it reports that a fault has occurred (example could be as simple as "pump #1 failed to start")
You are kidding yourself. Your work network is still vulnerable, even though it's isolated.
One of the great security lessons is that an isolated TCP/IP network is an impossibility. DoD found that out when they found malware on secret classified networks. The Iranians found it out when Stuxnet successfully attacked the internal process control network at the Bushehr nuclear facility. DoD classified networks have been penetrated by workers whose laptops are connected to the classified network at work during the day and the internet at home during the evening. The network at the Bushehr facility may have been penetrated by Stuxnet by an infected USB key.
It doesn't matter if the network has remote access or not - malware will still be able to penetrate.
On a related side note, Pirate Bay has been unreachable all evening.
TPB's main feed Serious Tube Networks (based in Stockholm) 194.68.0.0/24 AS50066 seems to be blocked. Could be hardware/config issue or it could be deliberate.
TCAM offered transient message queues in 1971. It was used by IMS for asynchronous messaging.
MQ was announced in 1992. It offers a wide range of messaging options - program to program, publish/subscribe both with synchronous and asynchronous options. Pretty much every large financial institution (banks, insurance, stock brokers) systems are built around MQ. Every stock exchange in the world uses MQ in it's trading platform.
DB2 isn't exactly a rising technology in databases
Ummm... since when??? If you need to process data in industrial quantities, DB2 on the mainframe is an excellent solution. The big advantage of the mainframe version of DB2 has been data sharing (think Oracle RAC on steroids). This technology has recently been extended to Wintel, Linux and Power environments. DB2 is being actively developed, with new features which redefine the cutting edge.
MySQL is a great database which can be used to solve some amazing large problems (look at Wikipedia). However, it has some major limitations. It is great for powering web sites which only need SELECT's and INSERT's. It has no warehouse or BI features at all. Most large commercial DB problems are difficult to solve with MySQL.
The two products are CA-Datacom/DB from Computer Associates and 2BDB2 from ISI.
CA-Datacom was originally developed ADR (Applied Data Research) in the 1980's. It's an inverted-index style database, a design approach which was popular before the SQL model came to dominate DBMS design. CA may claim that Datacom is not dying, but they will be unable to point to a new customer signed in the last 15 years. Pretty much every site which has Datacom installed also has DB2. Having critical data spread across multiple DBMS's is a significant problem, so they want to consolidate to a single DBMS (and it isn't going to be Datacom). CA has been milking Datacom for it's flow of license fees for years. They provide support and keep Datacom working with new releases of z/OS, but otherwise feature growth has been minimal. For instance, CA has failed to develop similar functionality to 2BDB2.
2BDB2 is a transparency layer which simulates Datacom/DB on top of DB2. This allows applications which have been developed for Datacom/DB to actually access DB2, with 2BDB2 translating program calls to Datacom/DB into SQL requests to DB2 and passing the results back. The Datacom/DB app does not have to changed or recompiled (a major advantage as retesting mainframe code is very expensive). 2BDB2 also provides a similar transparency layer for VSAM files.
The litigation between CA and ISI has be running for some years. It started after ISI sold 2BDB2 to some large sites, in particular US Customs (which was the largest Datacom/DB user, and I presume, paid the largest license fees). This dispute is all about screwing the customer so as to continue to receive the cash flow.
The so-called Australian Federation Against Copyright Theft (AFACT) is actually an not Australian at all. It is controlled by the Singapore office of the MPAA and funded from Los Angeles. AFACT has no formal or informal mechanism to allow interested Australian's to join.
"AFACT is an organisation set up for the purposes of benefiting its members. The exact nature of the relationship between the applicants and AFACT is not clear. Mr Gane, the Executive Director of AFACT, suggested that there was no formal membership process by which one can become a member of AFACT, whether by application or agreement. The Motion Picture Association (‘MPA’) and the Motion Picture Association of America (‘MPAA’) have a membership of the major American film studios. They are not associated with AFACT by any formal written agreement. However, AFACT does report to the regional branch office of the MPA which is based in Singapore. In respect of operations in the Asian region, the Singapore office of the MPA prepares a business plan or budget for AFACT which is approved by the Los Angeles head office of the MPA. [...] [I]t must be remembered that the applicants were not the entities making the allegations of copyright infringement in the lead up to these proceedings: rather, AFACT was doing so. [T]he exact relationship between AFACT and the actual copyright owners (the applicants) is, at best, unclear."
Homeland Security demanded (and subsequently received) a copy of the root DNSSEC master keys from ICANN. They presumably want them so that they can perform man-in-the-middle attacks against any.com/.net/.org domain.
The Australian governments' proposed ISP filter system has little to do with censorship or child porn - it is all driven by Australian domestic politics.
The government requires control of the Senate to get its legislative program through. The Senate consists of 76 members, with the Government (ALP) holding 32 seats, the Opposition 37 seats, the Greens 3 seats, Family First 1 seat and one Independent senator.
The goverement requires the support of all non-Opposition memebers to get legislation passed - with Senator Steve Fielding, the Familiy First senator a vital supporter.
The Family First party is a socially conservative political party. Senator Fielding recieved 56,000 primary votes out of a 3.3M votes cast. However, through preference distributions he gained a quota and was elected.
Senator Fielding has demanded that the government implement porn filters, with ISP filtering being his method of choice.
So, the Australian government is implementing ISP filters, no because they work for filtering porn, but because they work at meeting their political needs. Complaining about the effects of ISP filters on freedom of speech or internet performance will fall on deaf ears - the filters will be implemented because they are critical to the governments tenuous control of the Senate.
The origin of the 72-col limit is weird. In the 1950's the IBM model 904 computer used 36-bit words and loaded its' programs from punched cards. Instead of using the usual punched-card layout, where each column of 12 rows represented a character, the 904 stored its programs by row - each of the 12 rows contained two 36-bit words occupying 72 columns. The last 8 columns were ignored by the card reader, and by convention they contained a sequence number (which allowed a deck to be resequenced if someone dropped it).
If the software wanted to read data from punched cards, a separate 80-column card reader was required - that way IBM got to rent (IBM rarely sold their hardware, instead they rented by the month) two readers instead of one. Lots of sites were unhappy with this, so it was common to write some library code which would read cards through the 72-column 'program' reader and then rotate the image to convert to EBCDIC.
John Backus (of IBM) developed the first Fortran compiler at this time. For convenience, the compiler could read source code from either a standard 80 column card reader or the 72-column 'program' reader. This lead to the programmin convention at IBM, of source code in cols 1 through 72 and sequence numbers in cols 73 through 80.
This 'standard' is still in use on mainframes today.
The idea of using keystroke timings as a way of improving the strength of a password is discussed in detail in "Cryptography: An Introduction to Computer Security" By Jennifer Seberry and Josef Pieprzyk (Prentice Hall, 1989) ISBN 0131949861.
The idea of keystroke timings has been implemented many times before. I implemented one in 1990 as part of study to improve PIN security for ATM's. I'm sure many other people have also implemented it.
Slashdot Mirror
Did the Queensland Police hack any computers? They appear to have simply sent emails containing links. When the link was clicked, the IP address of the mail client as recorded.
From the TLA:
>> Details on how exactly this was achieved are limited, but according to a court document from another case,
>> “When a user clicked on that hyperlink, the user was advised that the user was attempting to open a video
>> file from an external website. If the user chose to open the file, a video file containing images of child pornography
>> began to play, and the FLA [foreign law enforcement agency] captured and recorded the IP address of the user accessing the file.”
So it doesn't appear that any code was inserted into the target computer. The offenders didn't follow good opsec - they clicked on a link while they were not connected to a TOR proxy.
As for jurisdiction - it appears that the server was moved to Brisbane. Again from the TLA:
>> At one point, The Love Zone server was also reportedly moved to Brisbane, giving Task Force Argos,
>> the Queensland Police Service unit that took over the site, access to every private message on the site.
If the server was located in Queensland, then Queensland court orders could legitimately apply to it. So no evidence of hacking or of extra-territoriality. Move along folks, no misconduct, just good police work.
Compromising the entropy of 100 major web sites (Google, Yahoo, MS, etc) may be possible. Compromising the entropy of hundreds of millions of clients would be vastly more difficult. OK, the evil government may persuade MS to modify every copy of Windows - after they tried that years ago with US vs Export versions of crypto - but what about Linux and other open source OS's? Any attempt to play with the client side of crypto is going to get noticed very quickly.
As for compromised private keys, yes it can happen, but only on a small scale. All serious SSL crypto (banks, Gmail etc) is done using Hardware Security Modules. HSM's store the private keys securely, performing all key operations internally. The only time the private key will leave the HSM is when it's backed up onto a smart card (which is itself a form of HSM). So large scale compromising of Private Keys is not practical.
Alternatively, the Evil Government could theoretically persuade Google, Yahoo et al to use one of a number of pre-approved Private Keys. Even that would be noticed very quickly. There are a number of monitoring sites which collect X.509 certificates regularly for most major sites. We are looking for forged certificates being used for Man in the Middle Attacks. So if a key is ever used across multiple web sites it will be detected very quickly.
I still think the whole scenario is a Movie Plot Threat.
In SSL, the symmetric key is already chosen by the client. This whole story is bullshit. It's an example of what Bruce Schneier calls a Movie Plot Threat, only this time instead of being a terrorist attack, it's based on an evil government threat. This particular scenario is rubbish.
Ask Mark Zuckerberg
Places like Africa, India, and Papua New Guinea have a lot of spoken languages, but there is _ONE_ big problem - that's all they have, spoken words, no written word, no way to jot down what they say on paper, et cetera
Total, utter poppycock.
How can you educate children using a second language? Educators found generations ago that teaching in a language other than the child's first language simply does not work for young children. So, to teach the child, books and other material written in their native language, which requires a written form - an orthography - has to have been developed.
Here in Australia, two generations of linguist graduate students (from the 1950's onwards) were employed creating written forms of the various Aboriginal languages. They recorded words (dictionaries) and grammar. They wrote down the local tribes children's stories. They translated the standard primary school texts into the local language. All of this is essential to run a primary-level education system. Similar programs have run in PNG, Canada, Central America and Africa over the last fifty years.
I agree. I work for a water utility and making any changes to our system requires us to physically report to the locked, alarmed office and access (through password login) a scada computer terminal, or to report to the facility in question and log in there. I often wish I could at least access current complete "read only" system data on my phone or computer so that when I'm paged by the system and it reports that a fault has occurred (example could be as simple as "pump #1 failed to start")
You are kidding yourself. Your work network is still vulnerable, even though it's isolated.
One of the great security lessons is that an isolated TCP/IP network is an impossibility. DoD found that out when they found malware on secret classified networks. The Iranians found it out when Stuxnet successfully attacked the internal process control network at the Bushehr nuclear facility. DoD classified networks have been penetrated by workers whose laptops are connected to the classified network at work during the day and the internet at home during the evening. The network at the Bushehr facility may have been penetrated by Stuxnet by an infected USB key.
It doesn't matter if the network has remote access or not - malware will still be able to penetrate.
On a related side note, Pirate Bay has been unreachable all evening.
TPB's main feed Serious Tube Networks (based in Stockholm) 194.68.0.0/24 AS50066 seems to be blocked. Could be hardware/config issue or it could be deliberate.
Let's see:
Ummm ... since when??? If you need to process data in industrial quantities, DB2 on the mainframe is an excellent solution. The big advantage of the mainframe version of DB2 has been data sharing (think Oracle RAC on steroids). This technology has recently been extended to Wintel, Linux and Power environments. DB2 is being actively developed, with new features which redefine the cutting edge.
MySQL is a great database which can be used to solve some amazing large problems (look at Wikipedia). However, it has some major limitations. It is great for powering web sites which only need SELECT's and INSERT's. It has no warehouse or BI features at all. Most large commercial DB problems are difficult to solve with MySQL.
The two products are CA-Datacom/DB from Computer Associates and 2BDB2 from ISI.
CA-Datacom was originally developed ADR (Applied Data Research) in the 1980's. It's an inverted-index style database, a design approach which was popular before the SQL model came to dominate DBMS design. CA may claim that Datacom is not dying, but they will be unable to point to a new customer signed in the last 15 years. Pretty much every site which has Datacom installed also has DB2. Having critical data spread across multiple DBMS's is a significant problem, so they want to consolidate to a single DBMS (and it isn't going to be Datacom). CA has been milking Datacom for it's flow of license fees for years. They provide support and keep Datacom working with new releases of z/OS, but otherwise feature growth has been minimal. For instance, CA has failed to develop similar functionality to 2BDB2.
2BDB2 is a transparency layer which simulates Datacom/DB on top of DB2. This allows applications which have been developed for Datacom/DB to actually access DB2, with 2BDB2 translating program calls to Datacom/DB into SQL requests to DB2 and passing the results back. The Datacom/DB app does not have to changed or recompiled (a major advantage as retesting mainframe code is very expensive). 2BDB2 also provides a similar transparency layer for VSAM files.
The litigation between CA and ISI has be running for some years. It started after ISI sold 2BDB2 to some large sites, in particular US Customs (which was the largest Datacom/DB user, and I presume, paid the largest license fees). This dispute is all about screwing the customer so as to continue to receive the cash flow.
The so-called Australian Federation Against Copyright Theft (AFACT) is actually an not Australian at all. It is controlled by the Singapore office of the MPAA and funded from Los Angeles. AFACT has no formal or informal mechanism to allow interested Australian's to join.
To quote Justice Cowdroy from Roadshow Films v iiNet:
Homeland Security demanded (and subsequently received) a copy of the root DNSSEC master keys from ICANN. They presumably want them so that they can perform man-in-the-middle attacks against any .com/.net/.org domain.
The Australian governments' proposed ISP filter system has little to do with censorship or child porn - it is all driven by Australian domestic politics.
The government requires control of the Senate to get its legislative program through. The Senate consists of 76 members, with the Government (ALP) holding 32 seats, the Opposition 37 seats, the Greens 3 seats, Family First 1 seat and one Independent senator.
The goverement requires the support of all non-Opposition memebers to get legislation passed - with Senator Steve Fielding, the Familiy First senator a vital supporter.
The Family First party is a socially conservative political party. Senator Fielding recieved 56,000 primary votes out of a 3.3M votes cast. However, through preference distributions he gained a quota and was elected.
Senator Fielding has demanded that the government implement porn filters, with ISP filtering being his method of choice.
So, the Australian government is implementing ISP filters, no because they work for filtering porn, but because they work at meeting their political needs. Complaining about the effects of ISP filters on freedom of speech or internet performance will fall on deaf ears - the filters will be implemented because they are critical to the governments tenuous control of the Senate.
The origin of the 72-col limit is weird. In the 1950's the IBM model 904 computer used 36-bit words and loaded its' programs from punched cards. Instead of using the usual punched-card layout, where each column of 12 rows represented a character, the 904 stored its programs by row - each of the 12 rows contained two 36-bit words occupying 72 columns. The last 8 columns were ignored by the card reader, and by convention they contained a sequence number (which allowed a deck to be resequenced if someone dropped it).
If the software wanted to read data from punched cards, a separate 80-column card reader was required - that way IBM got to rent (IBM rarely sold their hardware, instead they rented by the month) two readers instead of one. Lots of sites were unhappy with this, so it was common to write some library code which would read cards through the 72-column 'program' reader and then rotate the image to convert to EBCDIC.
John Backus (of IBM) developed the first Fortran compiler at this time. For convenience, the compiler could read source code from either a standard 80 column card reader or the 72-column 'program' reader. This lead to the programmin convention at IBM, of source code in cols 1 through 72 and sequence numbers in cols 73 through 80.
This 'standard' is still in use on mainframes today.
The idea of using keystroke timings as a way of improving the strength of a password is discussed in detail in "Cryptography: An Introduction to Computer Security" By Jennifer Seberry and Josef Pieprzyk (Prentice Hall, 1989) ISBN 0131949861.
The idea of keystroke timings has been implemented many times before. I implemented one in 1990 as part of study to improve PIN security for ATM's. I'm sure many other people have also implemented it.