Slashdot Mirror


User: AHuxley

AHuxley's activity in the archive.

Stories
0
Comments
11,974
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 11,974

  1. Re:Endorse the ethics of software freedom on WikiLeaks CIA Files: The 6 Biggest Spying Secrets Revealed By the Release of 'Vault 7' (independent.co.uk) · · Score: 3, Insightful

    Decades of thinking have gone into such efforts.
    After the 1950's cryptography was weak and international standards got a lot of free support in the press.
    A company, gov, mil or bank would buy in an approved network or some other nations product that was tested and worked well.
    Governments and mil knew a one time pad was secure but they had so much data to move. So new hardware was imported.
    The crypto on offer would be weak and US/UK would get all messages in real time.
    Once the world moved to more secure crypto, the clandestine services went for the weak hardware/software that was trendy and global.
    The OS and hardware used to read or create a message was junk but the crypto could be examined by all.
    Everyone agreed the crypto was so safe and that it was always going to be tested, studied and kept safe.
    If the academics and brands ever get the hardware, OS side fixed, expect a flood of new junk crypto again.
    With open source at least the OS and hardware has been looked at. The network might not be secure but at least a private message can be created and trade secrets, product designs can be protected until they are ready for sale, publication.
    The only other option is to fly staff around the world, use one time pads.

  2. 1. Start reading the tech news and books about past NSA, GCHQ, CIA projects over the decades.
    e.g. CIA Chief: We’ll Spy On You Through Your Dishwasher (03.15.12)
    https://www.wired.com/2012/03/...
    Past project shape new projects in the US gov. Electronic collection is the only growth area so that is what gets funding and political support.
    Collect it all is policy that can be understood by most people.
    2. Work out if the NSA, CIA or any other part of the US gov think your company or work is interesting.
    Is your brand in trade publications with glowing reports of encryption, advancement, new patents, funding, international support, rapid advancement in fields of tech the USA has always considered their own?
    3. Are you a member of the press seeking whistleblowers or are understood to be a good person to be contracted by a gov/mil whistleblower?
    4. Encryption seems to be holding as so much of it is now international and has faced open discussion rather than the junk closed efforts of the 1970's.
    The US has moved from supporting junk encryption to generations of junk consumer devices, expensive professional services that give away plain text.
    The crypto tests as safe and device/OS just gives away all the plain text as decrypted or entered.
    5. If it is vital to your company use paper and meet without a room full of smartphones, trendy smart consumer devices, reconsider that networked TV with a mic and webcam in the conference room.
    Air gap all devices and archives. Work on projects as if every network is giving data to your competitions.
    6. Staff risks? The CIA knows most of the staff will use a smart phone and a company is networked to the outside world. The digital way in is national, international.
    Most workers know to report any direct offers of cash to their own company or nations security services. Why? It could be a test and not reporting such contact is a huge risk.
    But that same security aware staff member will walk in with a smart phone and connect all networks to the internet for productivity.
    Secure your networks, hide your advanced work, tell staff to report any new friends, unexpected offers of cash.

    Big brand staff, academics, security researches will say crypto is safe, that the device is fixed, the OS is trustworthy, just like they did for decades.
    Smart phones and other US brands will be reported as been secured again. Then crypto will then be weakened. Once the faulty crypto is discovered the devices hardware/OS will leak plain text again but the crypto will work.
    The only constant over the years is the device will give up all data to the clandestine services.
    Stop using a smart phone for work that should be kept secure and all such issues stop over the decades.
    7. If none of that is possible, flood your networks that face the internet with junk files and reports. Amazing alpha, beta, internal testing files, projects. Interesting project names, connections with governments, how other brands projects are generations behind.
    Have a few workers just churn out the most amazing projects that link to or hint at other files that are secure. Reports to management of amazing results on projects that are pure fiction.
    Create other front companies, use the cloud and ensure their networked computers are more interesting than any real work been done.
    8. Only hire local staff and ensure they report issues, contact attempts, cash offers.

  3. Re:Bios settings on Ask Slashdot: How Do You Best Protect Client Files From Wireless Hacking? · · Score: 1

    Re 'Barring some wikileaks sort of tomfoolery from the CIA"
    Thats really the question every small or larger brand should be asking.
    Is the US government interested in the work been done?
    Can a competitor afford to hire a person who worked for the US gov or with the US gov tools to access the files?
    Is the competitor another nation, government, with CIA like skill sets or that has a copy of the CIA like tools?
    A private detective with friends who worked for the US gov or some other government the US trusted with its tools?
    If your brand is understood to be working on products that will out pace, be more secure than or will see a drop in profit for existing US brands expect someone to be looking.
    Create a list of all direct competitors and see who has staff who worked for different nations clandestine services or their front companies.

  4. Use more ethernet on Ask Slashdot: How Do You Best Protect Client Files From Wireless Hacking? · · Score: 1

    Stop trusting wifi on any network or device. Its not just the CIA, NSA but also local governments, competitors, random people that are looking for files.
    Use ethernet for internal networks.
    Ethernet for any internet connected computer.
    Buy laptops or desktops with ethernet. If you need wifi for some new device, use it with caution and limit any files that get moved by wifi.
    If you need "I-like-to-phone-home-sometimes" turn on wifi for that, let a device do its connection. No need to connect all your files to wifi due to one brand of smart phone. Have a work and home wifi smart phone. Files on both can be kept limited when using wifi.
    The main risk with wifi is travel, new cities and other nations security services, competitors, criminal groups getting access to a wifi computer in another nation.
    Or the request to open and share the files on a smartphone when entering another nation or returning.
    Travel with a very average, trendy looking smart phone that can be replaced without any issue.
    Wifi at work can be just for that file, project network, no need to keep the entire history of all work ever done on the same wifi network.

  5. Never exit the freeway on Waze and Other Traffic Dodging Apps Prompt Cities To Game the Algorithms (usatoday.com) · · Score: 0

    Tired of trendy digital apps directing traffic into your part of a town or city?
    Consider a lot of speed bumps https://en.wikipedia.org/wiki/... with a maximum height that your city or state allows.
    A complex roundabout https://en.wikipedia.org/wiki/... as the entry point from the highway.
    Use local police to ensure no drugs or cash is been transported into your community.
    Searches, K9 alerts, cash confiscations will soon make any driver turn off their trendy digital app and stay on the freeway.
    Got a courthouse? Jail? Government building? Ask drivers why they are slowing down and photographing inmates or police. A 10 or 20 min chat down about rights will add to their travel time.

  6. This was done on Ask Slashdot: What Would Happen If All Software Ran On All Platforms? · · Score: 1

    Think back to the chips in later Apple hardware that let older Apple software run.
    Other efforts like:
    BASICCODE https://en.wikipedia.org/wiki/...
    "A BASICODE program stored on cassette could be loaded and run on any computer supporting the language."

  7. Re:So this explains the UK Trident missiles.. on The US Waged A Secret Cyber War Against North Korean Missiles (tampabay.com) · · Score: 1

    AC the "The US and Britain have agreements to share military technology". The tech was not shared it was sold. The UK will also have to pay for the replacement in full. New systems or upgrades are not free or a gift from US tax payers..
    The "special relationship" is just that the UK has the right to ask and the UK has the right to sell.

  8. Re:Was the USA cyber war sensible ? on The US Waged A Secret Cyber War Against North Korean Missiles (tampabay.com) · · Score: 1

    That ability to bluff has ben attempted. Some amazing new "laser" that every nation with atomic dreams wants get lots of press and publication?
    Why the press access to advanced atomic secrets? To bait any nation looking for parts or help.
    That makes any clandestine attempts to get such hardware very easy to track.
    Some EU firm has dual use hardware for sale, an engineer needing cash has "plans"? Could be a MI6/CIA trap to offer fake plans, a system of hardware that sets a project back a decade to any nation that sets up a meeting.
    Plans for sale? The US tried that with Operation Merlin https://en.wikipedia.org/wiki/...
    Exporting a set of industrial hardware and then altering code? Stuxnet https://en.wikipedia.org/wiki/...
    The problem for the West is the differing needs. NK is not in the need for plans or parts. NK is working on its own.
    NK is not running advanced stockpile simulations, they just need to do the design calculations to build a device. Thats 1950-70's US and UK design math, South Africa did the same. The steps from atomic to hydrogen did not take the West or Soviet Union that long.
    A super computer helps, but that working 1970's level super computer is perfect for that given good staffing levels.

  9. Re:So this explains the UK Trident missiles.. on The US Waged A Secret Cyber War Against North Korean Missiles (tampabay.com) · · Score: 1

    Trident is just old. The US offered the UK a weapons system that needs to be replaced.
    Rather than design its own systems the UK got sold on a turn key solution and now has to buy into a new system.
    A lack of self-sufficiency over decades has costs later.
    Polaris Sales Agreement https://en.wikipedia.org/wiki/... and then on to Trident nuclear programme https://en.wikipedia.org/wiki/...
    A self-reliant and strong nation would have worked harder on its own systems.

  10. What networks? on The US Waged A Secret Cyber War Against North Korean Missiles (tampabay.com) · · Score: 0

    Stop buying Western networking equipment and build deeper bases.
    How to keep the NSA out of your networks? Stop buying Western computer networks. The spies are following that modernisation of different networks deep into the nation.
    China knew it was been watched by the NSA and GCHQ. So it took great efforts to hide its tests and production from the 1960's on.
    All the West can do is sail around a nations waters, use flights and satellites. The ability to run spies in most nations is an art that has been lost.
    So all effort is been put into exporting faulty and altered computer and wireless equipment.
    That new super computer is not just a super computer, its a new network into the nation.
    Every advance product on the market has been networked or is a trap altered during shipment.

  11. Re:Am I Paranoid? on Local Police Departments Are Building Their Own DNA Databases (ap.org) · · Score: 1

    This was all ready in law since the 1980's. DNA, CCTV was just waiting for the fast databases and decades of storage.
    Been in jail? Prison? DNA time. That gets your kin too.
    Mil? Worked for the mil and had some medical work done? The DNA is online
    New DNA test in the private sector that some gov/private medial system pays for in full?
    Getting one part of the DNA can then be linked to crimes with parts of the DNA over decades, generations. Not just the person who had the DNA test but anyone who shares any part of the DNA.

  12. Re:Forget it? Unlikely on Local Police Departments Are Building Their Own DNA Databases (ap.org) · · Score: 1

    On method is just to hold all images, DNA unless a person who had contact with the police asks for it to be removed.
    Its too expensive to go into past databases and remove people who had contact with police but did not get convicted.
    "MPs 'alarmed' by millions of mugshots on Brit cops' databases" (10 Mar 2015)
    http://www.theregister.co.uk/2...
    Other methods are public private partnerships. A bank, private building security keeps CCTV for 6 months or more in partnership with local law enforcement.
    As its not a gov database, no privacy issues. If police ever need help, thats months of faces ready to be looked at due to the public/private partnership access.

  13. Export potential for Germany.
    For Germany this is about perfecting a product they can sell to the world and then sell spare parts and support.
    Nations might have built all the easy hydro with loans back in the 1950-70's.
    Or they need power near the coast and hydro is far away or all the hydro is been used, exported.
    Nations upgrade from coal to gas, hydro, wind farms, solar, why not sell them on German underwater tech as the next clean upgrade?
    Take out a nice loan and pay it back. Germany gets export jobs ad German engineers help the locals install and look after all the new systems.
    German engineers also get paid in full, no need to save up for Genex https://de.wikipedia.org/wiki/....

  14. Re:Sounds like China alright on Hidden Backdoor Discovered In Chinese IoT Devices (techradar.com) · · Score: 1

    The options are to have users look up revision and device codes to find some password, user name that works for that device for hours.
    Find some printed paper in the box with a code to enter? Find a read me file deep on the desktop?
    Or to have working plug and play as supported by most modern computer systems.
    So a device opens up the network and everything works with default passwords in seconds.
    Its not the device or OS issues, just that a home network is now open to default ports using expected passwords.
    The device is working, it just opened the home network.
    Vast networks then scan ISP users for any such open ports and try default passwords.

  15. Depends on what the browser is:
    A modern browser will respond to a to more than http and https. A well crafted request to different media or peering support in a browser might result in the correct IP been sent due to default settings.
    Also given what a modern OS had at the time to make the internet work.
    The next issue would be a browser in a VM using onion routing?
    Finally a full onion routing OS as a computer.
    The ability to send commands to a browser expecting it to be working in a normal OS might be all that was needed.
    Would an outgoing software firewall help if it was the browser? Software to detect changes to the OS? The browser is running as allowed and expected.

  16. What will be found? on Bill Would Legalize Active Defense Against Hacks (onthewire.io) · · Score: 1

    What will be found at the end of such private sector tracking?
    A home computer in another nation? Fully infected with malware that runs at 2am from some advanced wifi router?
    Some site that offers free wifi? Can the company can ask for the log and CCTV?
    The logs show the access but the CCTV shows nothing at the times. More investigation shows a wifi extender was used to stay away from all CCTV.
    The person knows high quality CCTV is now kept for months.
    A computer network in a small nation with lots of fast internet and no much CCTV.
    A network of consumer IoT networks?

  17. Understand how all your best local and state workers are been discovered and tracked digitally.
    Walking into and staying in a gov building kind of shows that on average a person might work for a gov but its not 9 to 5 but way more than a normal private sector person needing something from their gov as a one time visit.
    People who report back to a gov building for a few hours per week might be undercover. That sorts most of the private sector visits and normal gov workers.
    Some low tech ways to counter such easy tracking.
    Hire new staff and ensure they never enter a city, state gov building. A private sector front company to work from.
    Use a trendy phone and app like as average person would. The brand of device matches the average call rate and cost of the service.
    Using a service at 10am or 2pm more than average from a very cheap phone is not normal in a nation of workers at work.

    South African law enforcement faced such issues in the 1990's. Its older generation of expert undercover officers faced public comment.
    Its new officers lacked decades of undercover skills. So teams got created that never went near any gov/police buildings. Skill sets got protected, teams trained and tracking such people who never showed any connection to law enforcement was difficult.

    The way the CIA gets its staff into the US state department and ready for missions under US diplomatic cover in Russia.
    Russia is able to look back over the entire public and private digital life of all US embassy staff using US public and very expensive private sector methods.
    How does the CIA get its best into Russia? The CIA creates the perfect US government worker that finds an embassy job. Their past does not link back to some fancy US college, mil or in any way with anything that could be CIA. Such generational CIA teams can then move around Russia with Russia thinking they might really just be normal embassy staff. Just a normal worker walking around Russia. No CIA skill sets on show.

  18. Patents and profits on Ask Slashdot: Why Are There No Huge Leaps Forward In CPU/GPU Power? · · Score: 1

    Why should a company who did all the hard work face competition from new brands?
    Former cpu and gpu staff starting their own brands?
    The way to stop that is to control the entire sector. No advance game or codecs will be offered to support any new start ups.
    Anything tech that is useable and considered free will be open sourced by the original brand to control, brand and shape the free end of the market.
    Zilog https://en.wikipedia.org/wiki/... pricing spreading around the world was the reason why the the CPU and GPU market is very careful about advances.

  19. Re:What about government hacking? on Bill Would Legalize Active Defense Against Hacks (onthewire.io) · · Score: 2

    The NSA and GCHQ can do what they want as granted by a gov or what ever section of a gov they work for or got established by.
    Different US law enforcement agencies working in the US have to respond to Congress as that is who has oversight and can demand all paperwork over any policy, funding or staffing issue. Government lawyers redacting internal documents that go to Congress is not the best policy to hide issues.

    So the way around Congress for equipment interference is usually from third party staging servers and is made to look like any other normal company doing 'ads' or tracking or some expected packet flow.
    The US gov get their ip lists, users just see another third party script, ad, tracker on a site. The other method is to turn the entire admin team and replace them with gov workers to keep a site/service running for a while.
    No need for equipment interference as the server is 100% gov.
    What the NSA or US police would like to do domestically but don't want to show in open court as the origin of an investigation, some trusted nation like Australia, the UK, NZ or Canada will report to provide a tip to the USA about. So domestic collect it all spying stays hidden from any US legal team in open US court.

    The really bad news is NATO, the wider EU and what the NSA and other US contractors shared with such nations.
    The US gave its very best tools and hardware to a lot of different EU nations, not just their top police forces or foreign intelligence services. Random gov/mil staff all over NATO and the EU got to work on projects. Smaller EU nations are now operating within the USA with NSA like methods for their own governments domestic politics.
    So what might seem like the NSA in the USA using a very complex staging server could be some random NATO or EU nation now doing their own covert work to collect it all in the USA. The results of such NATO or smaller EU nations can then enter the press for very party political reasons.
    The US has lost its keys to global crypto thanks to trusting new EU nations beyond 5 eye nations who had kept US secrets for decades.
    The NSA cant get its older network tools back as too many nations mil/police and contractors got/made/found/shared copies.
    So anyone of 20 nations could be looking out for their own domestic self interest and try some very advanced equipment interference.
    The CIA also has its own vast global collect it all network thats very different from the NSA so never to have to ask the NSA for help.
    Different US federal agencies have also given or offered very advanced US hardware to their friends in the EU to track crime. Hearts and minds. Such staff in other nations are very supportive of helping the US with any and all later requests thanks to that trust with advance software or hardware.
    The US is never informed that such methods are passed around and used globally beyond the original case or taskforce.
    Contractors who worked for work with a mil/gov get to see such methods and then work for the private sector walking out with advance US software, hardware needed to ensure they can attract clients in the private sector years later.
    So a lot of teams, nations, contractors move around networks with a lot of different advanced US only methods.
    All the enduser will see is a perfect supported site or server or a staging server selling ads from some front company.
    Or old malware that AV can detect that reports back to a staging server that could be anyone.
    "OPERATION SOCIALIST The Inside Story of How British Spies Hacked Belgium’s Largest Telco" (December 13 2014)
    https://theintercept.com/2014/...
    "Under the conditions of a non-disclosure agreement, they could not speak about what they had found, nor could they publicly warn against the malware. Moreover, they were not allowed to remove the malware."
    Such changes to US laws will only encounter many different nations and their contractors in the wild that are totally protected by their own nations.

  20. Re:What exactly is Netflix doing? on Netflix Uses AI in Its New Codec To Compress Video Scene By Scene (qz.com) · · Score: 1

    Creating a vast overview of different many nations telco conditions.
    Optical, POTS to optical, coax. Is the national internet shared a lot and slow most nights?
    Once that regional data is sorted movies can be made ready for local conditions. What is the actual connection from an ISP to the user when movies are been requested.
    Is the connection good but the amount of bandwidth shared with a lot of other providers due to cost or other per nation issues?
    Once local conditions are finally understood a movie can be compressed as needed per user.
    Thats much better than testing for say "100" down once at mid day or late night when a user set up their system.
    Night time movie watching might present very different network conditions as everyone else is using all the bandwidth in that part of a city or nation.
    So that users movie is then very responsive to such issues rather than a one time network test.
    So every part of an action movie, cartoon or drama gets just the compression it needs on very different networks.

  21. Some fly over states have low power costs, the power stays on, the internet was upgraded in special areas designed to attract new high tech jobs.
    Good quality, new low cost housing is offered for staff locally without the need for hours of driving every week. Starting up or moving into such areas can also attract a lot of support from local and state governments. Less tax and the ability to hire, keep or replace staff is less of an issue in some states.
    The internet can be as fast as in an other state for most business needs. The quality of education for workers is often still merit based and ensures good productive local workers.
    See what some of the better states will do to attract and keep your brand. A lot of federal and state investment has gone into some areas to ensure everything is ready for investment.
    Legal teams are happy to help anyone get all the support a city and state has to offer.
    Private sector education and medical care is as good as in any other part of the USA.

  22. Re:Global competition on Laid-Off IT Workers Worry US Is Losing Tech Jobs To Outsourcing (www.cio.in) · · Score: 1

    An equalized economy is not making profits for shareholders and owners who expected low wages. Once a nation has failed to keep its wages low, a new low cost nation will be found.
    The economically poor nations don't rise as they gave concessions to attract the brands.
    Any attempt to rise wages or local taxes results in that low wage nation been abandoned.
    Then all they have is the best of the airport, port, upgraded power generation, new roads, fast internet to service.
    Then the next poor nation has to take on a loan to build up its power grid and networks to attract the jobs but has to offer lower wages.
    If conditions change, another lower cost nation is found.

  23. Re:It will ultimately balance out on Laid-Off IT Workers Worry US Is Losing Tech Jobs To Outsourcing (www.cio.in) · · Score: 1

    Indonesia, Vietnam, Laos, parts of Africa will be waiting once nations like India or China become too expensive.
    Robots will help with production lines, cheaper engineers will be found in other nations.
    Offshored jobs are about profits and wage saving for owners, generational shareholders. If a nation becomes too expensive, another nation with lower wages, less tax and a better exchange rate is found.
    The only wage expectation is finding lower wages in another other nation, tax cuts, free support from a national or local government.
    Th only calculation is when to move to the next nation and how to get the most support of a government for services.

  24. Re:The future on White House Supports Renewal of Spy Law Without Reforms (reuters.com) · · Score: 2

    The last time that split with the US and UK was considered in any detail was near the end of 1945 during a crypto review.
    What the US and UK understood, what codes they had on Japan and Germany in the 1930's-45. What was held back and what would have been vital in the war with Japan.
    The feeling was split. Go alone and try and decode Russia, China, Asia using local experts after 1945. Or sign up with what would be the NSA, CIA and get given all the raw intercepts in real time.
    The cost and risk of going alone into the 1950's or give the US total access to Australia.
    The same charm was used on West German staff after ww2, now German staff.
    Data privacy was given away. The deal was for all Soviet and Asian gov, mil networks ready for translation, raw traffic in real time, decoded.

  25. Re:Do they need Infrastructure People? on New Zealand Will Give You a Free Trip If You Agree To a Job Interview (esquire.com) · · Score: 1

    That like any nation would depend on the telco costs, plans and peering. Find a good telco and its good.