mersenneforum.org  

Go Back   mersenneforum.org > Extra Stuff > Soap Box

Reply
 
Thread Tools
Old 2015-02-21, 01:22   #518
ewmayer
2ω=0
 
ewmayer's Avatar
 
Sep 2002
República de California

19·613 Posts
Default

Quote:
Originally Posted by only_human View Post
"THE GREAT SIM HEIST
HOW SPIES STOLE THE KEYS TO THE ENCRYPTION CASTLE"
Since I think a snip from the article for the benefit of workaday-inundated readers is warranted, here ya go:
Quote:
American and British spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according to top-secret documents provided to The Intercept by National Security Agency whistleblower Edward Snowden.

The hack was perpetrated by a joint unit consisting of operatives from the NSA and its British counterpart Government Communications Headquarters, or GCHQ. The breach, detailed in a secret 2010 GCHQ document, gave the surveillance agencies the potential to secretly monitor a large portion of the world’s cellular communications, including both voice and data.

The company targeted by the intelligence agencies, Gemalto, is a multinational firm incorporated in the Netherlands that makes the chips used in mobile phones and next-generation credit cards. Among its clients are AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers around the world. The company operates in 85 countries and has more than 40 manufacturing facilities. One of its three global headquarters is in Austin, Texas and it has a large factory in Pennsylvania.

In all, Gemalto produces some 2 billion SIM cards a year. Its motto is “Security to be Free.”

With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt.
Another encryption-bypassing hack. I'm sensing a theme here...
ewmayer is online now   Reply With Quote
Old 2015-02-21, 03:33   #519
only_human
 
only_human's Avatar
 
"Gang aft agley"
Sep 2002

1110101010102 Posts
Default

That streaming camera that you put in your home to keep an eye on a pet, etcetera. Well, that camera may not be your friend:
"THE SPIES OF LIFE
Police have asked Dropcam for video from people’s home cameras"
Quote:
Dropcam, which makes popular $199 cameras that capture audio and video for live streams to smartphones or for storage in the cloud, tells Fusion that it has received a “limited number of law enforcement requests”—search warrants—for video from its customers’ cameras. The six-year-old company, which was purchased by Google-owned Nest Labs last year for more than $500 million, says it has only received these requests “in individual cases” and has not received “any broad-based government requests.” In other words, when law enforcement has come to Dropcam, it has been for eyes into a single home at a time, not a whole neighborhood.

“When we’ve received search warrants for Dropcam footage, we’ve provided notice to the email address associated with the account, unless compelled by a court not to do so,” said Thai. She says the requests so far have only been for stored footage not for access to a live video stream.
only_human is offline   Reply With Quote
Old 2015-02-21, 05:41   #520
ewmayer
2ω=0
 
ewmayer's Avatar
 
Sep 2002
República de California

19·613 Posts
Default

Quote:
Originally Posted by only_human View Post
That streaming camera that you put in your home to keep an eye on a pet, etcetera. Well, that camera may not be your friend:
Et tu, Lenovo?
ewmayer is online now   Reply With Quote
Old 2015-02-21, 06:19   #521
Dubslow
Basketry That Evening!
 
Dubslow's Avatar
 
"Bunslow the Bold"
Jun 2011
40<A<43 -89<O<-88

3·29·83 Posts
Default

http://spritesmods.com/?art=hddhack

One need not use any of the actual disc to store hacked firmware.
Dubslow is offline   Reply With Quote
Old 2015-02-21, 06:50   #522
kladner
 
kladner's Avatar
 
"Kieren"
Jul 2011
In My Own Galaxy!

100111101011102 Posts
Default

Quote:
Originally Posted by ewmayer View Post
Et tu, Lenovo?
Quote:
Because if Lenovo is doing this, are we supposed to be so naïve to presume that Google, Apple, AT&T, etc. are not?
How is the company going to put things right with the customers? We wonders, yes we wonders, my Precious. I also wonder if there are enough injured parties to launch a Class Action suit against Lenovo. I foresee many attorneys scarfing down a feast of fees, as there are bound to be suits already in progress, and many more to come.

From Blooomberg:
Quote:
Superfish uses image-recognition algorithms that watch where users point on their screens and suggest ads based on the images they’re looking at. The software was included on some models of consumer laptops sold worldwide between September and December and was turned off in January after user complaints, Lenovo said.
"Turned off," eh? That is not exactly comforting. Actually, it seems that-
Quote:
Lenovo Group Ltd. apologized to customers as it works with users to enable laptop computer owners to remove pre-installed software that potentially exposed them to hacking attacks and unauthorized activity monitoring. The biggest maker of personal computers said it was a mistake to have the software, made by a company called Superfish, included on Lenovo machines. Lenovo posted links on Twitter to its website with information about the software and removal instructions.
"And TRUST Us, this really, truly, pinky-swear, this Really removes the malware, and doesn't just cover it up somehow."

EDIT: It also really chaps my ass that the situation is being cast, at least sardonically, as "a very poor security-versus-user-experience trade-off.” Is it supposed to IMPROVE my bleeding "User Experience" to have sneaky malware bombard me with targeted ads? [/LEWIS_BLACK]

Last fiddled with by kladner on 2015-02-21 at 07:17
kladner is offline   Reply With Quote
Old 2015-02-21, 07:08   #523
retina
Undefined
 
retina's Avatar
 
"The unspeakable one"
Jun 2006
My evil lair

22×32×173 Posts
Default

Quote:
Originally Posted by kladner View Post
EDIT: It also really chaps my ass that the situation is being cast, at least sardonically, as "a very poor security-versus-user-experience trade-off.” Is it supposed to IMPROVE my bleeding "User Experience" to have sneaky malware bombard me with targeted ads?
It probably did improve user experience, just that that user was not intended to be the person that bought the laptop.

ETA: Advertisers and marketeers won't be satisfied until every square millimetre of every surface your eyes and ears can see and hear is presenting their ads 24/7 for your viewing pleasure. I'm sure they would have Mars lit up also if they could so that people with telescopes can enjoy the ads also.

Last fiddled with by retina on 2015-02-21 at 07:13
retina is offline   Reply With Quote
Old 2015-02-21, 08:50   #524
Nick
 
Nick's Avatar
 
Dec 2012
The Netherlands

29·59 Posts
Default

Ben Edelman's latest report is also relevant:
Quote:
In public statements, IronSource promises "empower software" through "faster" downloads, "smoother" installations, and increased "user trust." It sounds like a reasonable business -- free software for users in exchange for advertising. Yet a closer look at IronSource installations reveals ample cause for concern. Far from facilitating "user trust," IronSource installations are often strikingly deceptive: they promise to provide software IronSource and its partners have no legal right to redistribute (indeed, specifically contrary to applicable license agreements); they bundle all manner of adware that users have no reason to expect with genuine software; they bombard users with popup ads, injected banner ads, extra toolbars, and other intrusions. It's the very opposite of mainstream legitimate advertising. We are surprised to see such deceptive tactics from a large firm that is, by all indications, backed by distinguished investors and top-tier bankers.
Full details: http://www.benedelman.org/news/021815-1.html
Nick is offline   Reply With Quote
Old 2015-02-23, 21:54   #525
only_human
 
only_human's Avatar
 
"Gang aft agley"
Sep 2002

2·1,877 Posts
Default

More man-in-the-middle experience improvements are popping up:
Quote:
Security software found using Superfish-style code, as attacks get simpler
Titles from security firms Lavasoft and Comodo leave users open to easier attacks.
Quote:
Two more software makers have been caught adding dangerous, Superfish-style man-in-the-middle code to the applications they publish. The development is significant because it involves AV company Lavasoft and Comodo, a company that issues roughly one-third of the Internet's Transport Layer Security certificates, making it the world's biggest certificate authority.
Quote:
Readers with either Lavasoft Ad-aware Web Companion or the stand-alone version of PrivDog should err on the side of caution and uninstall both the app and the underlying root certificate as soon as possible.
only_human is offline   Reply With Quote
Old 2015-02-24, 09:53   #526
xilman
Bamboozled!
 
xilman's Avatar
 
"𒉺𒌌𒇷𒆷𒀭"
May 2003
Down not across

1078610 Posts
Default Asymmetric encryption

Transcript: NSA Director Mike Rogers vs. Yahoo! on Encryption Back Doors
xilman is offline   Reply With Quote
Old 2015-02-24, 09:59   #527
retina
Undefined
 
retina's Avatar
 
"The unspeakable one"
Jun 2006
My evil lair

22×32×173 Posts
Default

Very unsatisfying. No answers at all, just waffle.
retina is offline   Reply With Quote
Old 2015-02-24, 10:11   #528
xilman
Bamboozled!
 
xilman's Avatar
 
"𒉺𒌌𒇷𒆷𒀭"
May 2003
Down not across

101010001000102 Posts
Default

Quote:
Originally Posted by retina View Post
Very unsatisfying. No answers at all, just waffle.
Did you seriously expect anything else?
xilman is offline   Reply With Quote
Reply

Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
I'm rich AND on a government check. jasong jasong 18 2013-08-12 18:21
How does proper government manifest in regulation? cheesehead Soap Box 10 2011-04-17 02:29

All times are UTC. The time now is 22:30.


Fri Aug 6 22:30:50 UTC 2021 up 14 days, 16:59, 1 user, load averages: 3.40, 3.30, 3.23

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.

This forum has received and complied with 0 (zero) government requests for information.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.
A copy of the license is included in the FAQ.