Slashdot Mirror


User: AHuxley

AHuxley's activity in the archive.

Stories
0
Comments
11,974
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 11,974

  1. Re:The real problems. on French Conservatives Push Law To Ban Strong Encryption (dailydot.com) · · Score: 1

    Re " You can force every hardware manufacturer to sell machines pre-installed with weak encryption,"
    That was done at the emergence of cell phones in the UK back in the early 1980's. No cell phone system sold in the UK or Ireland was going to be too difficult to listen in and locate on in real time. The press and home computer enthusiast could be kept out of recording voice conversations but the security services would get every word or message and location on any network.
    The US did talk in public about such national systems later with the Communications Assistance for Law Enforcement Act.

  2. Re:Software on French Conservatives Push Law To Ban Strong Encryption (dailydot.com) · · Score: 1

    Back in the old days, say the 1950's?
    Look back at telco crypto system sold in the 1850-90's in the West. The NSA and GCHQ ensured the design was weak ad developed and they always got plain text.
    A nation would select a system to test and find the connection over a long distance was secure against any reversal, the maths was correct as sold.
    The hardware would be installed at say an embassy and vast amounts of data sent back to the home nation with a complex telco and new device upgrade.
    Every message could then be decrypted at the end point. The US and UK got all of Frances embassy hardware communication in the 1950's by ensuring France was happy with its junk level of hardware encryption and felt safe using it for years and with vast amounts of communications.
    Only in the early 1960's did France finally understand what it gad done and try to fix the hardware issues.
    Some more info is at:
    "How embassy eavesdropping works" http://www.duncancampbell.org/...
    Special Collection Service
    http://www.duncancampbell.org/...

  3. Re:This only deals with hardware-based encryption on French Conservatives Push Law To Ban Strong Encryption (dailydot.com) · · Score: 1

    Software sits on hardware so the weak junk hardware will just allow France to get any "software" layer plain text, voice, data before OS application level encryption.
    The hardware will always report your ip, and log, collect or allow a trap door, back door. Any software allowed on top is just bait to make a user think they have something creative and useful.

  4. Re:NSA has ruined the American tech sector on Questions Linger As Juniper Removes Suspicious Dual_EC Algorithm (threatpost.com) · · Score: 2

    Re 'Was it worth it?"
    It seems a hold over from the cold war. US friendly theocracies, monarchies, juntas ie freedom loving emerging democratic leaders got cheap US deals.
    Cheap to import, US friendly interconnects, cheap international peering with domestic prices, keeps the Soviet Union out.
    The hardware exported was police tap ready, NSA ready, GCHQ ready. No person in the importing country was really expected to understand or inspect the inner workings, just upgrade or keep networks working. Request help to fly in as needed.
    The next step was the NDA and contracts to keep next generation well educated staff from looking at the digital inner workings and never to mention in public any expert findings.

  5. Anonymity and privacy on Questions Linger As Juniper Removes Suspicious Dual_EC Algorithm (threatpost.com) · · Score: 1

    Meet face to face, use a one time pad, number stations. Type on paper in a secure vault.
    At a national level stop importing and using export grade junk standard crypto and create your own trusted networking systems.
    It will be expensive, slow, hard to cool, power demanding work but it will be your own system that is fully tested and understood from the domestic fab up.
    Local staff and experts loyalties are a lot more easy to ensure long term than allowing fully imported hardware on secure gov networks.
    It was telling during the US and UK gov/mil crypto comments over the years that the UK and US did not seem interested in denouncing VPN use or onion routing.
    The worlds standards and interconnects belong to the five eye nations https://en.wikipedia.org/wiki/.... Trap doors, back doors and tame standards are just all part of getting plain text or the origin ip every decade.
    The other aspect is who has the keys. Five Eyes nation staff, ex staff, former staff, trusted third party nation invited in, all their ex staff, former staff.

  6. Find another German Wernher von Braun, Walter Dornberger https://en.wikipedia.org/wiki/..., Arthur Rudolph https://en.wikipedia.org/wiki/... ?
    Build a really expensive use once system that looks great on TV and can keep new funding flowing for each unique mission build?
    Go for another spy space plane that has room to interact with or capture other nations satellites?
    Go with US Space Command's Vision for 2020 with full spectrum warfighting capabilities?
    The reasons to fund have to be sold in a grand way. Work that contractor jingoism.
    The Germans granted full protection after 1945 understood how to sell big projects that always needed more funding and more experts for the next important stage.
    Ensure funding is interconnected long term over US political dynasties so it cannot be blocked or stopped.
    Get the press optics ready to sell funding. Contract for new photogenic uniforms and TV sci fi series like command seats. Sell big on 24/7 look down capability and the vision of controlling the high ground.
    Something creative about been over every region of the world all the time. A new network of totally 100% stealth satellites no other nation could even begin thinking about how to looking for. Nothing to stand out against empty space.
    A fast moving spy platform that is never expected or is predictable as it can change location without any traditional propulsion limitations.

  7. Re:Social media and public Internet data on Police Agencies Using Software To Generate "Threat Scores" of Suspects (washingtonpost.com) · · Score: 1

    The "guilt by proximity". Proximity != Association is all Germany (East and West) ever had under its legal system. Germany (East and West, 1930's-45) always had the informants and vast numbers of clandestine officers needed. They liked the watch, arrest, interrogate, turn informant or prison as standard operating procedure. Great for promotions, good in the press that results are been obtained and no "freedoms" in any court worry about.
    Such methods seems amazing to US mil and gov officials in 2015 who have been so totally reliant on contractors selling ever more US signals intelligence collection for many decades.
    The digital "guilt by proximity" will allow the US to cover any gaps until it has rebuilt its traditional human internal clandestine security cadre with the staffing numbers and institutional loyalty to cover all meetings, groups again in person as it could in the 1950's to 1970's.

  8. Re:I suppose there were no hackers prior t the 198 on Hackers and Heroes: A Tale of Tech Communities In Two Countries (hackaday.com) · · Score: 1

    Networking as a computer function was more an elite educational project that had to be granted per seat access too. Vetting, an academic feel to well educated students ensured only the people with trust would be allowed near emerging, advanced networks.
    To upset that trust would be to remove or risk the access granted after years of good grades and study. Security clearances also acted as top down academic gate keepers. The university could lose funding, grands and staff access to advance projects with never ending or questioned funding.
    Staff looked after their own projects, status, gov grants and funding to ensure that many did not even know of advanced projects until mil/gov or commercial release decades later.
    The Vietnam war also played its part in shaping US academic freedom and access to advanced gov funding computing projects. A lot of top US academia got a lot of funding as contractors for advanced networking, communications systems, global digital computer links in the 1960's to 1970's.
    Random students, the press, political leaders did not get a look in on that emerging mil and gov data collection and networking.
    The only private global network that was easy to access was the phone network.
    This was a time when other very advanced nations still used paper index cards and had a few networked super computers.
    ie the US was going to let the wider world discover the "internet" and global digital databases a decade or two later.
    No US student was going to get to sit down, understand, play with and then write a paper on the US mil side of US academic networking.

  9. Re: silly premise on Hackers and Heroes: A Tale of Tech Communities In Two Countries (hackaday.com) · · Score: 1

    Re "the gumment hacks you"
    Yes the "turned by entrapment" is a huge tool in the West. You are let out, free to create a network, forum, chat site, huge front company over decades to attract and bring in a lot more people globally.
    Big bands with tainted leadership pushing broken junk encryption, total logging or never comment on government/mil optical allowed to run deep behind any brand listed protections, deep into the plain text networks of their "secure" servers.
    Get to the next generation of emerging leadership early, every new brand is tame when the mil or federal gov has a suggestion or request.

  10. Re:'Fraidy Cat Republicans on Marco Rubio: We Need To Add To US Surveillance Programs (dailydot.com) · · Score: 1

    Yes, no state or federal law, authority, legal authorities, findings, executive orders, special procedures can remove or use color of law to try to get around the full protections of the 4th Amendment.
    Feels good for domestic staff who do the "collect it all" bulk domestic collection to read up on some fancy Amendments Act.
    No legal indulgence to get around the the 4th Amendment "shall not be violated" part can just be legally created.
    A real warrant is needed with a real open court every time.

  11. States now have "ag-gag" or Agriculture laws that stop, block, make, talking about findings or data collection not legal.
    https://en.wikipedia.org/wiki/...
    The state rules can even be pushed to new limits to try and prevent photography on public land and later conversations/reports about findings from public land.
    Wyoming Law May Cause Legal Problems For Photographers Shooting on Public Land, Including National Parks (May 14, 2015 )
    A new state law takes aim at citizen scientists
    http://www.popphoto.com/did-wy...
    "“... to take a sample of material, acquire, gather, photograph or otherwise preserve information in any form from open land which is submitted or intended to be submitted to any agency of the state or federal government."

  12. Social media and public Internet data on Police Agencies Using Software To Generate "Threat Scores" of Suspects (washingtonpost.com) · · Score: 1

    That the big one. The gov's are be sold ideas that worked so well in East Germany. Updated to sell to Western nations who have very few skilled clandestine officers but have been mastered signals intelligence.
    A lot of nations now use mandatory government ID photo records to look back over everything the gov and private NGO's, other private groups collected on the net.
    Facial recognition: Privacy advocates raise concern over 'creepy' system Government says will enhance national security (2015-09-09)
    http://www.abc.net.au/news/201...
    Add in mil grade cell phone tracking and long term mapping.
    The "manage actively dangerous situations" is government terms for taking away your freedom of assembly and freedom of association.
    No peace protesting, anti war protesting. No questioning big agriculture, pharma. No walking around in public on public land with out an official chat down.
    Journalists need to be really aware that their driving, walks to meet whistleblowers can and will be mapped every day. Slow down and talk for a few mins, sit with another phone owner, then change direction to walk away... all that shows a meeting. Your story just got discovered by a few different gov's and the mil.
    With live mic gov ready cell phones that random conversation in a park or cafe is now very easy to collect.
    Be aware of public and private CCTV. It all feeds into public private partnerships for realtime facial recognition and movement (gait analysis).

    How to have fun with your citizen score? Download different onion routing software from varied websites with every new IP you get. Be seen in public by CCTV with a DSLR a lot. When confronted by an official ID yourself or walk back to your car to ensure your licence plate can be observed by the official.
    Buy a drone and ensure the required registration number is requested and you always get a few chat downs. Be seen near or with all different types of protesters.
    Walk into their gatherings with your phone on. Park your car near their events for hours.
    Buy a few political books gov's and mil's like to watch for online in one order with a credit card.
    Grow that gov electronic file for many random reasons. In some areas your might get a chat down request at your front door. Usually two officials with federal ID or a state based task force trying to pass working with federal funding as been a federal investigator. The chat down and card offer makes for a great "first amendment audit" video on social media further adding to your citizen score :)

  13. Re:Is the systemd problem fixed yet? on Linux Kernel 4.4 LTS Officially Released · · Score: 1

    Yes the only way to escape the systemd Insert is to use an older but still supported long term distro or find some that have moved away from systemd.

  14. Re:underestimating governments' resolve on Crypto Guru David Chaum's Private Communications Network Comes With a Backdoor (softpedia.com) · · Score: 1

    Yes the 1950-90's is filled with stories about 5 eye nations getting to complex hardware codes used by a lot of nations embassies.
    https://en.wikipedia.org/wiki/...
    Within advanced factories in "neutral" nations the issue was worked on until the Western powers had plain text from every complex crypto device offered for sale.
    Western governments do not stop until they have the plain text from any product or service on the market as designed, sold, used and upgraded over any decade.
    The UK has its "Draft Communications Data Bill" that grants a gov trapdoors, backdoors by design. The wider public public now understands what governments have always expected.

  15. Re:Here's an even simpler one on Crypto Guru David Chaum's Private Communications Network Comes With a Backdoor (softpedia.com) · · Score: 1

    Yes crypto should be as secure as a one time pad.
    That gives back privacy. People are secure in their houses and papers again.

  16. Re:Fuck adverts on Apple Purchases Software Company To Read Users' Expressions (thestack.com) · · Score: 2

    Think of eyes tracking over a long list of decades of poster art for movies. The brand likes what artwork got a person to stop scrolling, stop, start reading a synopsis and even track the "look" at the rent/buy area of the gui.
    All that can help create per generation, age group or faith or region ready art or other ways of drawing people in.
    Was the art work in that part of the world too graphic, new or suggestive? Was the art work too dated for an emerging demographic? A brand can then track how its products are considered not just by gui mouse tracking, touch or final actual payments.
    Was a title rejected by activists but on average people seemed fine with looking at the book or movie when in private?
    Is their a very real public, wide spread, national grass roots dislike over a topic or title or issue?
    With face tracking that can be done for people watching political leaders, new brands, old products, using services.. the list of deep emotional feedback has value, even if no real gui interaction is made.
    ie cover any webcam, turn off any mic that ships with any future computer :) Aspects of conversations in a room around the computer will be fair game soon too.

  17. Some ideas on The FSF Is 30 Years Old; Where Should They Go From Here? (fsf.org) · · Score: 1

    File systems, cryptography, networking logging, a deeper understanding of safer cpu, gpu options that cannot hide malware, ship with trapdoors, backdoors.

  18. Re:I don't turn off Ad Block on Forbes Asks Readers To Disable Adblock, Serves Up Malvertising (engadget.com) · · Score: 1

    Yes soon this might be the only way. A VPN setup that can fail and will not revert to the ISP IP and a Linux VM.

  19. Layers of options on Antivirus Software Could Make Your Company More Vulnerable (csoonline.com) · · Score: 1

    If its vital, use a typewriter, secure limited amounts of paper files and hold face to face meetings in a secure room with only trusted staff. Works well during policy creation. Use the internet to push out a final policy statement, not create policy over years, weeks via junk encryption.
    Learn about good quality encryption so that years of plain text data are not just sitting on fast internet facing servers.
    As for AV brands: The global reach and trust means they are getting reports back of bespoke 5 eye crafted code in the wild.
    AV brands that have the ability to understand every users network and create complex reports in near realtime.
    Suite of Sophisticated Nation-State Attack Tools Found With Connection to Stuxnet (02.16.15)
    http://www.wired.com/2015/02/k...
    That is the real issue. The tame crypto academics, consumer OS designers are the way in. AV brands that can understand and get a wide range of reports are starting to see what was and is been done to wide open export grade OS's and hardware.
    The other issue is the numbers of contractors and brands selling one time, unknown, not yet found access tools to govs/mil.
    Well staffed AV brands are slowly understanding how to more protect wide open junk consumer OS's and then tell the world.
    Gov funded malware is having less of a free open window for access over years to months or been patched or discovered in use..

  20. Re:This Is Not A Problem on Tokyo Rose 2.0: White House Asks Silicon Valley For Terrorism Help · · Score: 1

    Re 'social media":
    The US and UK governments have opened the domestic propaganda pipes. Expect a lot of "good" news stories on social media, web 2.0 and the free online portals sites, walled sites.
    Their own domestic audiences are now been subjected short term and long term psychological operations online by their own mil.
    'Anti-Propaganda' Ban Repealed, Freeing State Dept. To Direct Its Broadcasting Arm At American Citizens (2013/07/15)
    https://www.techdirt.com/artic...
    British Army To Create 1500-Strong Social Media Propaganda Force (2015/02/04)
    https://www.techdirt.com/artic...

  21. Re:War Propaganda on WW2 Hero Who Captured Enigma For Allies Has Died (express.co.uk) · · Score: 3, Informative

    Yes the winner gets to fit history into war movie plots :)
    The "AC" might like to have some dates over the different Enigma systems. Different parts of the many different German encoding systems got decoded before May 1941.
    January 1940 was the Rejewski Zygalski, Turing time frame. March 1940 was the UK delivery of the electromechanical efforts after the 1939 designs.
    France had German crypto insight thanks to an spy called Hans Schmidt. Poland was reading German Army traffic in 1938.
    The UK had the Red (German Army and the Luftwaffe liaison) code by February 1940.
    The more complex automatic German Tunny system also had to be broken. For that Colossus was built.
    The UK also went after its allies: Russia, the Free French, neutral nations.
    Japan had Magic and its Purple machines to consider. Enigma also changed a lot as Germany always had some ideas about possible Enigma weaknesses.
    The German Army, Navy, Airforce had different day changes, higher security setting options eg Pink, Geheimkommandosache.
    Later into 1942 more keys got added. By 1944 the Uhr device was in use and later the Umkehrwalze D (UKW-D). The Lückenfüllerwalze was also designed to be an upgrade into 1945.

  22. The US grid is designed to... on Domestic Terrorists Could Use OSINT To Pinpoint US Substations For a Blackout (darkreading.com) · · Score: 1

    work even if an event like Northeast blackout of 1965 https://en.wikipedia.org/wiki/... could happen again. The still slightly separated and distinct grids are pushed to the limits and beyond thanks to poor design, lack of national planning, errors, over usage and the important sites per state, city stays up even when the grid power fails locally.
    When the US grid fails locally most of the federal and important sites have really well designed, bespoke deep back up power. Inner city ares might not have power, some folks might do stuff in the dark, banking services might not work but the US mil bases, larger teaching hospitals, well guarded gov and mil storage site, bases will be just fine.
    Why? They suffer black out and brownouts every decade due to a lack of local grid reliability.
    Most of the security cleared shift workers have trained for years about what to do when a really unexpected event occurs. Stay at work, traditionally expect a land line phone call or pager or other contact if away from work or just return to work by default if no contact is made due to total power loss.
    The shift at work can manage until their expert co worker drive in just as trained.
    Most advanced nations have kind of "trained" their vital infrastructure staff for all kinds of strange events over different decades.
    The USA has had several different larger events eg 1965 or 2003 https://en.wikipedia.org/wiki/... that have given decades of standard operating procedures to a total power loss events over hours, days or much longer per state, region, city, federally.
    What happens next? The faults are traced back, contractors have staff, funds and equipment made available just like during a really big storm, flood or other state wide event.
    A new narrative of spending more on some expensive tech, enlarge or grant more hidden powers to the federal bureaucracy, enrich foreign contractors with a US front company to "rent" a fancy security new solution is always interesting.
    "Substations" are deigned to be isolated, fixed and are really well understood by gov, private sector owners and operators. Every part of the grid can turn off, on and be fixed over time. Just as its fixed during normal maintenance or after unexpected big storms or massive once in a generation floods, weather... or after another brownout https://en.wikipedia.org/wiki/... .

  23. http://www.parliament.uk/busin... is the background.
    UK mass surveillance 'totalitarian' and will 'cost lives', warns ex-NSA tech boss (06 Jan 16 )
    http://www.wired.co.uk/news/ar... has some more background with the pdf:
    Re link to the draft bill https://www.gov.uk/government/...

  24. Re:End-To-End Encrytion is the Issue on Facebook, Google, Microsoft, Twitter and Yahoo Balk At UK's Investigatory Powers (betanews.com) · · Score: 1

    Privacy and anonymity is very hard to recover. Privacy is captured as a plain text message is entered and before it is encrypted at any consumer software level.
    Anonymity on average is difficult given every internet connection and cell phone is "networked" back to some company that has to know who is using and paying for network access.
    The UK"s telecommunications laws and expectations over the digital generation where formulated from the GCHQ's experiences in Ireland. Every call domestically and in/out of Ireland was collected in full. Special interest went to all US/Ireland communications links using only trusted UK staff, hardware and software.
    No company or brand selling in the UK today has escaped that long term, total access responsibility if it wants to sell any networking product or service in the UK.

  25. Why did UK politicians even comment? on Facebook, Google, Microsoft, Twitter and Yahoo Balk At UK's Investigatory Powers (betanews.com) · · Score: 3, Interesting

    The UK gov and mil has had total control over all communications systems since 1914.
    From the Defence of the Realm Act 1914 https://en.wikipedia.org/wiki/... to every phone line domestically and in and out of Ireland to all calls on Intelsat via CSO Morwenstow/GCHQ Bude.
    The ability to collect all and then use parallel construction over the decades was never really fully worked out by the press, lawyers, human rights campaigners, tech experts or academics.

    All MI5/6 and the GCHQ had to do in closed courts was to ensure a protected "witness" could be presented to confirm what "collect it all" had originally found.
    Legal experts would assume someone had been turned and offer immunity or a deal. Few in public really understood the collaboration between the US, UK tech sectors, academics and the UK gov over decades.
    All the UK political experts should have said was that VPN, US consumer grade cryptography, onion routing was a complex issue that the government was spending money on trying to understand over time.

    Generations of interesting people would have continued to be fooled into using fully tracked VPN services, gov malware ready cell phones, tracked telecommunications products, junk consumer grade encryption, IP reporting onion routing applications. All networking would have been under full UK gov observation with only hints that sock puppets could have been used to counter.

    Projects like Tempora https://en.wikipedia.org/wiki/... would have given the UK the world if UK politics would have just been more vague about global collection.
    Why did the UK intelligence services even allow UK political talking points to the formulated and talked about on topics like trapdoors, backdoors, new gov keys to all UK encryption?
    Academics and software developers to help to trapdoor crypto by design and sharing of extra keys with the UK gov?

    Now everyone knows "Designed in the UK" is code for the UK gov and mil listening in by default over all generations of UK products and brands.
    Local manufacture is now synonymous with hardware tracking and default backdoors out of the box.
    If only decades of clever policy surrounding crypto ambiguity had been allowed to continue.