Slashdot Mirror


User: AHuxley

AHuxley's activity in the archive.

Stories
0
Comments
11,974
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 11,974

  1. Re:Turn on FileVault on First OSX Bootkit Revealed · · Score: 1

    Once control over a computer is lost, any actions during daily use can be networked.
    The users computer loads some extra new software and is now more networked. A wide open path with access to load and then update any software.
    Any use of any data stored or encrypted is then opened to any new logging or spyware installed as the user would do during normal use. New logging or spyware installed with the same everyday accounts and applications in use. Antivirus or an outgoing software firewall would just be told to allow a new spyware application.
    Once any encrypted data is opened and worked on, every action and change can be sent out.
    Would a user notice? Would a third party software firewall offer a strong alert to a flow out of data from an application it was told was safe?

  2. Re:Well Then on Tips For Securing Your Secure Shell · · Score: 1

    Re AC and the "You can't protect yourself from state actors, but you can make sure they're only reading your communications if they actually have a reason to put effort into targeting you."
    Under "collect it all" every message is in play over decades. The option exists to go back to a one time pad or number station. Air gap the networked computer and just send out your message on a VPN or Tor.
    Expect every hop on any network to be tame, junk and in full collaboration with state actors. The NSA can track that message back under all networking conditions and have your ISP account logged. A sneak and peak search linked to that ISP account could update all networked devices found with extra software.
    The idea is to get access to that plain text as entered before it is encrypted. The expectation is that same computer on site will be used.
    If you can encrypt without using a computer and then just send the message? Nothing is found other that the encrypted message as sent.
    Use any network as a number station. Number stations and one time pads work well. Just dont enter the plain text message into any device or reuse.
    The next sneak and peak event would try and add cameras to capture one time pad use at a desk. Learn to cover your work :)
    State actors can always work out who is communicating but what is been said can still be one time pad secure.

  3. Re:Gee, wonder why on Report: DHS Failing On Cybersecurity · · Score: 1

    It was such a good idea. Replace all the well paid union workers sitting around at small and remote sites with new computer systems and cheap networks.
    Less staff cost, less union workers and a few experts could care for a larger system of networked equipment over wide areas.
    So a lot of once secure air gapped sites where connected with low cost networks and everything seemed ok. Fewer on site workers, the same oversight and maintenance.
    Now for the next huge boondoggle. Remote site security upgrades. Shared logs to see who is trying to map the networks.
    What the "huge new bureaucracy" needs now is news "stories" about ip ranges and malware from distant regimes and their educated experts.
    All the new domestic upgrades and staff with a new legal system for the growing cyber bureaucracy :)
    For all the new cyber costs, a human team back on site with less networks will not be so expensive soon.

  4. Re:Are emails copyrighted ? on Sony Sends DMCA Notices Against Users Spreading Leaked Emails · · Score: 1

    The UK seems to want to offer next gen D-Notice for the public and private sectors with the chilling super injunctions and libel tourism :) https://en.wikipedia.org/wiki/...

  5. Re:Yeah, so... on The 5 Cases That Could Pit the Supreme Court Against the NSA · · Score: 1

    To use the German context. If the US courts fail the Fourth Amendment then a new digital Berlin Wall will be very clear.
    Domestic and other users can then route around that issue. Another issue to consider when upgrading or buying the next generation of networking products and services.

  6. Re:A wish from an American on The 5 Cases That Could Pit the Supreme Court Against the NSA · · Score: 1

    The courts, free press, political leaders, advertizing and computer brands, academics and telcos have to start wondering about the optics of the legal situation long term.
    How will they be seen by domestic and international users, the paying public and developers?
    Will generations of new products just route around the NSL issues and collect it all domestic spying programs?
    What are the big brands options?
    To be seen as front companies for the security services of a few different nations? Tame networks and junk crypto? Trap doors and backdoors in every product as shipped? Plain text in real time, all the time?
    Under constant legal pressure to help the security services by keeping their networks open to the security services?
    Too inept, lazy or cheap to secure or even fully understand their own internal networks?
    The US courts could note that "collect it all" is not part of been secure in papers, and effects.
    If that is not done then the world knows that "collect it all" is the new color of law and that all papers, and effects are in play. Crypto is junk and any brand or network is tame.
    Parallel construction to build a case. A new "reasonable mistakes" clause to cover any tricky legal questions?
    Time for one time pads, number stations and other more secure methods of communications.

  7. Re:i heard that Sony hack was insiders on US Slaps Sanctions On North Korea After Sony Cyberattack · · Score: 1

    Anonymous Coward what is in public and points to any nation? "Anonymous officials"?

  8. Re:i heard that Sony hack was insiders on US Slaps Sanctions On North Korea After Sony Cyberattack · · Score: 1

    "North Korea/sony Story Shows How Eagerly U.S. Media Still Regurgitate Government Claims" ( Jan 2015) https://firstlook.org/theinter...
    News is now from "intelligence agencies and government officials".
    Some part of the US gov and its contractors really wants a cybercrime boondoggle.

  9. Re:Are emails copyrighted ? on Sony Sends DMCA Notices Against Users Spreading Leaked Emails · · Score: 1

    Re: "Does the UK system cause fundamental human nature to change such that you can trust those in power to act responsibly with no scrutiny?"
    "You lose, journalism. Carrying GCHQ docs is terrorism" 19 Feb 14
    http://www.wired.co.uk/news/ar...
    "... because the journalist will have his own take or focus on what serves the public interest, for which he is not answerable to the public through Parliament."
    The UK has other ideas on press freedoms and any scrutiny :) The US had a much more clear approach with The Pentagon Papers.

  10. Re:Are emails copyrighted ? on Sony Sends DMCA Notices Against Users Spreading Leaked Emails · · Score: 1

    re "American laws better than the Americans?"
    The Pentagon Papers https://en.wikipedia.org/wiki/... did offer some insight into the idea that publication and discussion was the role of a free and unrestrained press in the USA.
    The other legal idea is that of the Snowden GCHQ files and the UK gov understanding of the jigsaw quality of intelligence information.
    Do people in the US want to enjoy the role of a free and unrestrained press or enter a new UK like legal system of professional responsibility and legal safeguards?

  11. Re:NSA-resistant VPN's were done before... on NSA Says They Have VPNs In a 'Vulcan Death Grip' · · Score: 1

    Re "For starters, the design must be as such that every state the system might be in is known, every error state is shown to fail safe, only the strongest configurations are used, an inspection happens for every known weakness, safe subsets are used for the coding, those are extensively tested, covert channel analysis, minimal TCB, and so on."
    That was attempted going back to the 1950's. Martin and Mitchell defection 1960 should have been a hint:
    https://en.wikipedia.org/wiki/...
    "Our main dissatisfaction concerned some of the practices the United States uses in gathering intelligence information ... deliberately violating the airspace of other nations ... intercepting and deciphering the secret communications of its own allies ..."
    Now into 2015 over decades of generations of hardware and software the same basic issues is still news to generations of staff.
    Nations in the 1950-1980's tried to find "commercial best practices" and all they got was NSA and GCHQ branded crypto that gave back plain text.
    Now the wider software and hardware crypto community is back to where it always was. Users been tracked and junk crypto been offered as been tested and strong.
    Backdoors, trapdoors or just staff only understanding sections of older systems and hoping the wider product range got updated by some other team?
    Users are left wondering if they are dealing with front companies set up by the security services, brands under constant NSL obligations or the staff are just really happy to sell older, junk subsystems over decades.
    Some nations got very addicted to collecting all crypto on many new networks. The good news is users now know more about what expensive networking products are really doing to secure communications.

  12. Re:Is it a Denial of Service or an exploit !? on When FISA Court Rejects a Surveillance Request, the FBI Issues a NSL Instead · · Score: 1

    If you become a telco expect to have to set up a Room 641A https://en.wikipedia.org/wiki/...
    Expect to have different NSL to cover all users or entire sections of hardware and software to track one user for many years.
    Think of it as a Communications Assistance for Law Enforcement Act https://en.wikipedia.org/wiki/... that covers every aspect of internal networking and all emerging systems :)
    In the past people liked to think collection was only in place after been activated when needed with court supervision.
    Now people understand court supervision is the tricky public part to try and hide the decades of a collect it all policy.

  13. Re:The FISA court turned down a request? on When FISA Court Rejects a Surveillance Request, the FBI Issues a NSL Instead · · Score: 1

    The good news is people globally can avoid all that by just not using standard US communications networks anymore.
    With the new VPN news more people are starting to understand that their telco, VPN, provider is not really secure.
    "NSA has VPNs in Vulcan death grip—no, really, that’s what they call it" (Dec 31 2014)
    http://arstechnica.com/tech-po...
    The world is now more aware of the internal working of networks after the news about BLEAKINQUIRY, TOYGRIPPE and XKEYSCORE.
    What is a telco or provider now reduced to trying to distance its reputation from?
    They are not a front company set up by the US security services?
    Staff who work with the security services do not have total control over internal networks?
    The network is under some secret court oder and has to provide all data over years but the legal team is now more responsive?
    Staff are just lazy and let the security services of a few nations into their internal networks over decades?
    Secret courts, other methods to get around the lack of legal paperwork, parallel construction is now in the media :)
    The rest of the world can just route around junk network encryption and tame legal protections.
    The fun part is the UK and US are now left with a huge military industrial complex budget to keep on tracking the worlds communications networks.
    The rest of the world can just opt to use other older, more secure methods of communications or keep junk networks open for long term disinformation.

  14. Re:NSA-resistant VPN's were done before... on NSA Says They Have VPNs In a 'Vulcan Death Grip' · · Score: 1

    If "It's not rocket science" then how are the security services getting back to the end users over generations of networking products?
    From hardware encryption of the 1950-80's to todays VPN providers, crypto and secure networking always seems to fail or be trivial to track.
    Insiders or sealed legal letters? Front companies? Weak encryption? VPN providers reselling standard tame junk solutions every generation?

  15. Re:NSA-resistant VPN's were done before... on NSA Says They Have VPNs In a 'Vulcan Death Grip' · · Score: 1

    Re "You must clearly understand where the risks are, mitigate them in the design".
    Costs and design cannot get around cooperation needed for an ongoing investigation over a few years covering an ip range entering the USA.
    If that ip range covers the internet then a VPN would have to help and never talk.
    A few years later another request is sealed and more logs requested?
    Hardware encryption systems of the 1950-80's faced all the same questions and idealism. The NSA and GCHQ got the plain text every time on generations of standard systems sold over the decades.
    Users where as trusting as they are now. Embassy communications ended up in the hands of the press for the world to read.
    Software is no different. If staff and management wont help with weak products then the tame competition is supported. Or a front company is set up in direct competition with endless support and promotion until standards are more tame.

  16. Re:A little help here. on NSA Says They Have VPNs In a 'Vulcan Death Grip' · · Score: 1

    For that a person would need a real computer service at both ends of a network with good encryption at both ends and along the network.
    So the home computer would have to encrypt that connection from some distant country to the USA.
    The computer in the USA would have to then exit to the internet use and pass the network back to some distant country and the home computer.
    That service and networking product would have to be registered in the USA and that would allow for ip ranges to be tracked as exits from a global VPN ending in the USA.
    The question of how to find that computer user in some distant country who trusted the US VPN seems to be a not very hard problem even with great crypto at both ends.
    Is the crypto tame? Would the US VPN have some responsibility to log and track all ip requests in the clear? A never ending legal letter covering all international networking use? A version of the Communications Assistance for Law Enforcement Act (CALEA) for all US VPN users and services?
    VPN providers should be able to understand their own internal networks and hardware?
    The "specific repository" would hint at some long term international standard been junk.
    So to help with this a VPN would really need some new skills and really have to reinvent every connection as requested per session and then reset.
    Back to needing powerful bespoke connections that are not part of some tame junk international standard on a cheap shared server.
    The user has to trust that service and all the networking and staff.
    Number stations and one time pads do seem the more interesting solution.

  17. Re:Wait - what? on Did North Korea Really Attack Sony? · · Score: 1

    Experts Are Still Divided on Whether North Korea Is Behind Sony Attack ( 12.23.14)
    http://www.wired.com/2014/12/s...
    "Rather, he thinks someone in a political position inside the FBI, not actual investigators, got hold of a report ..."
    "These FBI insiders read this and “wanted it to be North Korea so much that they just threw away caution,” he suggests. "
    BREAKING: We Can Conclusively Confirm North Korea Was Not Behind #Sony Hack (DECEMBER 22, 2014 )
    http://gotnews.com/breaking-ca...

  18. Re:Gone "dark"??? on GCHQ Warns It Is Losing Track of Serious Criminals · · Score: 1

    The GCHQ and NSA faced that with Soviet Union in the 1950's when better use of one time pads was introduced. GCHQ got less and less from the Soviet Union for a while. Then all the messages returned as the Soviet Union needed a complex, real time command and control system and understood the UK and US was getting all networked messages.
    The GCHQ is hoping that all the UK and EU networks of interest will go back to the telecommunications networks soon too.
    The problem for the UK is that the people of interest dont need telecommunications networks. They have family, village, city, tribe, cult, faith, generational, professional person to person connections.
    A message takes a week and might have the courier identified. A phone call will be identified every time.
    With voice prints global tracking is easy. With cell phones been tracked, computers compromised and junk encryption standards why would anyone interesting risk a phone call? The GCHQ had all phone networks for decades. The idea that the rest of the world does not need the tame Western networks is not a new one.

  19. Re:Not a flaw... on Researchers Discover SS7 Flaw, Allowing Total Access To Any Cell Phone, Anywhere · · Score: 1

    Yes when the NSA and GCHQ where setting up the standards with the telcos in the 1980's they had Ireland (live monitoring) and other cold war issues in mind.
    A standard that was just able to keep the press out and users safe but be open to the security services in real time.
    Voice, gps, video, images, live mic, plain text, tracking and all the other wiretap friendly methods and standards could be seen with CALEA and what is shipped now.
    Italy had the SISMI-Telecom scandal https://en.wikipedia.org/wiki/...
    Greek wiretapping case 2004–05 https://en.wikipedia.org/wiki/...–05
    Now the world knows more with every year.

  20. Re:Who are you defending against? on Verizon "End-to-End" Encrypted Calling Includes Law Enforcement Backdoor · · Score: 1

    The voice side and network will always be wiretap friendly. So expect any new device on any network to stay backdoor and trapdoor friendly too.
    Any voice or text entered will just be collected on the device before the encryption software.
    Think about a number station or one time pad. Anyone can hear that long list of personal messages.

  21. Re:I call BS on Govt Docs Reveal Canadian Telcos Promise Surveillance Ready Networks · · Score: 1

    If a court order is ready then a telco will log and track all calls or network use as needed and requested.
    The issue with that is the number or device or network been tracked is now in a database at the telco.
    The security services in the US, UK did notice that over the years when they put in request for tracking, their case falls apart.
    The people of interest just escape or the flow of information stops. The telco, billing and legal system seems to ensure people of interest are able to see the lists of new networks tasked for surveillance.
    To counter that many nations are rushing out to find contractors and hardware to try and get into the telco networks with no paperwork or court contact. Parallel construction is now been made easy and legal. If the security services can get into the networks so can ex and former staff.

  22. Re:Tech angle? on Apparent Islamic Terrorism Strikes Sydney · · Score: 1

    None but some AC likes the Strategy of tension news reports. https://en.wikipedia.org/wiki/...

  23. Re:blow their minds on Tracking the Mole Inside Silk Road 2.0 · · Score: 1

    Re: "That would prevent moles."
    Thats why traditional structures like family, extended family, village, tribe, cult, faith region or other aspects that can be understood.

  24. Re:ok..what if i don't have one? on Are the TSA's New Electronic Device Screenings Necessary? · · Score: 1

    That will not help if the device is cloned or out of sight for a while.
    Or have free services in the area "How the NSA, GCHQ and crooks can hack mobile apps" (30 Jan 14) http://www.wired.co.uk/news/ar...

  25. Re:ok..what if i don't have one? on Are the TSA's New Electronic Device Screenings Necessary? · · Score: 2

    Then a person is of more interest as they know all devices face to risk of been cloned or having globally unique numbers recorded.
    Buy an old laptop, replace the storage, load in Linux. Add some productivity applications.
    Find a phone that is so cheap it can really only make a voice call and has few other functions.
    The reason to ask for a power on is so that consumer grade devices look for a network.
    A lot of unique numbers and other device details are sent out or can be requested by local networks.
    That device is then recorded as been linked to travel documents and biometric data.