Government snooping, backdoors and #necessaryhashtags - Page 48

ewmayer · 2015-02-21, 01:22

Quote:

Originally Posted by only_human

"THE GREAT SIM HEIST
HOW SPIES STOLE THE KEYS TO THE ENCRYPTION CASTLE"

Since I think a snip from the article for the benefit of workaday-inundated readers is warranted, here ya go:

Quote:

American and British spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according to top-secret documents provided to The Intercept by National Security Agency whistleblower Edward Snowden.

The hack was perpetrated by a joint unit consisting of operatives from the NSA and its British counterpart Government Communications Headquarters, or GCHQ. The breach, detailed in a secret 2010 GCHQ document, gave the surveillance agencies the potential to secretly monitor a large portion of the world’s cellular communications, including both voice and data.

The company targeted by the intelligence agencies, Gemalto, is a multinational firm incorporated in the Netherlands that makes the chips used in mobile phones and next-generation credit cards. Among its clients are AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers around the world. The company operates in 85 countries and has more than 40 manufacturing facilities. One of its three global headquarters is in Austin, Texas and it has a large factory in Pennsylvania.

In all, Gemalto produces some 2 billion SIM cards a year. Its motto is “Security to be Free.”

With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt.

Another encryption-bypassing hack. I'm sensing a theme here...

only_human · 2015-02-21, 03:33

That streaming camera that you put in your home to keep an eye on a pet, etcetera. Well, that camera may not be your friend:
"THE SPIES OF LIFE
Police have asked Dropcam for video from people’s home cameras"

Quote:

Dropcam, which makes popular $199 cameras that capture audio and video for live streams to smartphones or for storage in the cloud, tells Fusion that it has received a “limited number of law enforcement requests”—search warrants—for video from its customers’ cameras. The six-year-old company, which was purchased by Google-owned Nest Labs last year for more than $500 million, says it has only received these requests “in individual cases” and has not received “any broad-based government requests.” In other words, when law enforcement has come to Dropcam, it has been for eyes into a single home at a time, not a whole neighborhood.

“When we’ve received search warrants for Dropcam footage, we’ve provided notice to the email address associated with the account, unless compelled by a court not to do so,” said Thai. She says the requests so far have only been for stored footage not for access to a live video stream.

ewmayer · 2015-02-21, 05:41

Quote:

Originally Posted by only_human

That streaming camera that you put in your home to keep an eye on a pet, etcetera. Well, that camera may not be your friend:

Et tu, Lenovo?

Dubslow · 2015-02-21, 06:19

http://spritesmods.com/?art=hddhack

One need not use any of the actual disc to store hacked firmware.

kladner · 2015-02-21, 06:50

Quote:

Originally Posted by ewmayer

Et tu, Lenovo?

Quote:

Because if Lenovo is doing this, are we supposed to be so naïve to presume that Google, Apple, AT&T, etc. are not?

How is the company going to put things right with the customers? We wonders, yes we wonders, my Precious. I also wonder if there are enough injured parties to launch a Class Action suit against Lenovo. I foresee many attorneys scarfing down a feast of fees, as there are bound to be suits already in progress, and many more to come.

From Blooomberg:

Quote:

Superfish uses image-recognition algorithms that watch where users point on their screens and suggest ads based on the images they’re looking at. The software was included on some models of consumer laptops sold worldwide between September and December and was turned off in January after user complaints, Lenovo said.

"Turned off," eh? That is not exactly comforting. Actually, it seems that-

Quote:

Lenovo Group Ltd. apologized to customers as it works with users to enable laptop computer owners to remove pre-installed software that potentially exposed them to hacking attacks and unauthorized activity monitoring. The biggest maker of personal computers said it was a mistake to have the software, made by a company called Superfish, included on Lenovo machines. Lenovo posted links on Twitter to its website with information about the software and removal instructions.

"And TRUST Us, this really, truly, pinky-swear, this Really removes the malware, and doesn't just cover it up somehow."

EDIT: It also really chaps my ass that the situation is being cast, at least sardonically, as "a very poor security-versus-user-experience trade-off.” Is it supposed to IMPROVE my bleeding "User Experience" to have sneaky malware bombard me with targeted ads?

[/LEWIS_BLACK]

retina · 2015-02-21, 07:08

Quote:

Originally Posted by kladner

EDIT: It also really chaps my ass that the situation is being cast, at least sardonically, as "a very poor security-versus-user-experience trade-off.” Is it supposed to IMPROVE my bleeding "User Experience" to have sneaky malware bombard me with targeted ads?

It probably did improve user experience, just that that user was not intended to be the person that bought the laptop.

ETA: Advertisers and marketeers won't be satisfied until every square millimetre of every surface your eyes and ears can see and hear is presenting their ads 24/7 for your viewing pleasure. I'm sure they would have Mars lit up also if they could so that people with telescopes can enjoy the ads also.

Nick · 2015-02-21, 08:50

Ben Edelman's latest report is also relevant:

Quote:

In public statements, IronSource promises "empower software" through "faster" downloads, "smoother" installations, and increased "user trust." It sounds like a reasonable business -- free software for users in exchange for advertising. Yet a closer look at IronSource installations reveals ample cause for concern. Far from facilitating "user trust," IronSource installations are often strikingly deceptive: they promise to provide software IronSource and its partners have no legal right to redistribute (indeed, specifically contrary to applicable license agreements); they bundle all manner of adware that users have no reason to expect with genuine software; they bombard users with popup ads, injected banner ads, extra toolbars, and other intrusions. It's the very opposite of mainstream legitimate advertising. We are surprised to see such deceptive tactics from a large firm that is, by all indications, backed by distinguished investors and top-tier bankers.

Full details: http://www.benedelman.org/news/021815-1.html

only_human · 2015-02-23, 21:54

More man-in-the-middle experience improvements are popping up:

Quote:

Security software found using Superfish-style code, as attacks get simpler
Titles from security firms Lavasoft and Comodo leave users open to easier attacks.

Quote:

Two more software makers have been caught adding dangerous, Superfish-style man-in-the-middle code to the applications they publish. The development is significant because it involves AV company Lavasoft and Comodo, a company that issues roughly one-third of the Internet's Transport Layer Security certificates, making it the world's biggest certificate authority.

Quote:

Readers with either Lavasoft Ad-aware Web Companion or the stand-alone version of PrivDog should err on the side of caution and uninstall both the app and the underlying root certificate as soon as possible.

xilman · 2015-02-24, 09:53

Transcript: NSA Director Mike Rogers vs. Yahoo! on Encryption Back Doors

retina · 2015-02-24, 09:59

Quote:

Originally Posted by xilman

Transcript: NSA Director Mike Rogers vs. Yahoo! on Encryption Back Doors

Very unsatisfying. No answers at all, just waffle.

xilman · 2015-02-24, 10:11

Quote:

Originally Posted by retina

Very unsatisfying. No answers at all, just waffle.

Did you seriously expect anything else?

2015-02-24, 09:53	#526
xilman Bamboozled! "𒉺𒌌𒇷𒆷𒀭" May 2003 Down not across 10786₁₀ Posts	Asymmetric encryption Transcript: NSA Director Mike Rogers vs. Yahoo! on Encryption Back Doors

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
I'm rich AND on a government check.	jasong	jasong	18	2013-08-12 18:21
How does proper government manifest in regulation?	cheesehead	Soap Box	10	2011-04-17 02:29

2015-02-21, 06:19	#521
Dubslow Basketry That Evening! "Bunslow the Bold" Jun 2011 40<A<43 -89<O<-88 3·29·83 Posts	http://spritesmods.com/?art=hddhack One need not use any of the actual disc to store hacked firmware.