Government snooping, backdoors and #necessaryhashtags - Page 50

ewmayer · 2015-03-18, 00:50

o The new MacBook's single port comes with a major security risk | The Verge

Quote:

In practical terms, that means MacBook and Chromebook Pixel users are now exposed to what you might call a "borrowed charger" attack. The new chargers don't have the firmware needed to carry the BadUSB virus, but it would be easy for an attacker to install it herself, then spend a day in a coffee shop waiting for some unsuspecting target to plug in. From there, the bug would spread to every compatible device the target plugged into. Nearly everyone with a laptop has shared a power cable at some point — compared with the much smaller number who have plugged in a stranger's USB stick — so the attack could reach a lot of otherwise protected computers.

Sounds like the firmware-exploit equivalent of unsafe sex...

o ‘Is It Compromised?’ Is the Wrong Question about US Government Funding of Tor | Uncomputing

LaurV · 2015-03-18, 09:23

Quote:

Originally Posted by ewmayer

Sounds like the firmware-exploit equivalent of unsafe sex...

Hehe... nice one!
To give my contribution to the topic, few weeks ago we brought in an antediluvian PowerEdge server from China (our Hong Kong branch, in fact), some colleague handcarry it (!! no joke, people go lengths to avoid customs), which we dismounted and recovered what we could from it (not much). It served us well for years, but it was not needed (not profitable) anymore. When playing with it, we found out it was trying to access the net when powered on, in spite of the fact that there was nor harddisk neither any nonvolatile memory. That is, directly from bios (!)

We knew that Dell employs lot of shit for anti-theft solutions, etc, but still, the activity and the things it wanted to reach seemed suspect and we looked into it. I guess (I can't be sure I am not dealing with some open-manage or theft-protection stuff, but I will get help soon in this direction from some friends) that it was for the first time in my life, and most probable for the last, when I put my nose into "deitybounce" (you can google for it, it is worth reading about). It was a PowerEdge manufactured for (in?) China in about 2008.

ewmayer · 2015-03-29, 01:16

Passphrases That You Can Memorize — But That Even the NSA Can't Guess - The Intercept

Not that they need to guess your pass-stuff if they are logging your keystrokes, but for the dwindling pool of people not yet on the sekrit 'persons of interest' list this seems a sound approach. Never thought the expression "you're really rolling the dice with this approach" would take on a positive connotation.

retina · 2015-03-31, 01:38

http://www.cypherspace.org/adam/hack...s-nsa-key.html

Quote:

Before the US crypto export regulations were finally disolved the export version of Lotus Notes used to include a key escrow / backdoor feature called differential cryptography. The idea was that they got permission to export 64 bit crypto if 24 of those bits were encrypted for the NSA's public key.

When things like this are happening it makes it hard to trust a US produced closed source software product.

ewmayer · 2015-04-03, 22:32

U.S. Supreme Court: GPS Trackers Are a Form of Search and Seizure | The Atlantic

Quote:

the Court has considered the Fourth Amendment quite a bit recently. In 2012, it ruled that placing a GPS tracker on a suspect’s car, without a warrant, counted as an unreasonable search. The following year, it said that using drug-sniffing dogs around a suspect’s front porch—without a warrant and without their consent—was also unreasonable, as it trespassed onto a person’s property to gain information about them.

Both of those cases involved suspects, but the ruling Monday made clear that it extends to those convicted of crimes, too.

But much remains unclear about how the Fourth Amendment interacts with digital technology. The Court so far has only ruled on cases where location information was collected by a GPS tracker. But countless devices today collect geographic information. Smartphones often contain their own GPS monitors and can triangulate their location from nearby cell towers; electronic toll-collection systems like E-ZPass register, by default, a car’s location and when it passed through a toll road.

Lynch, the EFF attorney, said that the justices seem to know that they’ll soon have to rule on whether this kind of geo-locational information is protected.

She also said that those questions are more fraught for the Court than ones just involving GPS tracker data. Some members of the Court, including Justice Antonin Scalia, argue the Fourth Amendment turns on whether the government has trespassed on someone’s private property. Other members—represented in arguments by Justices Sonia Sotomayor and Samuel Alito—say that people have a reasonable expectation to the privacy of their location data.

=====================

‘Is It Compromised?’ Is the Wrong Question about US Government Funding of Tor | Uncomputing

Quote:

If you are asking how government funding compromises Tor and “internet freedom,” you are asking the wrong question. The right question is: how do Tor and “internet freedom” serve the interests of those who fund them so generously -— and have virtually no history of funding (especially on an ongoing basis) projects that are contrary or even irrelevant to their interests? Why do major factions within the US Government so steadfastly promote an internet project whose supporters routinely insist that “the government sure does hate the Internet”?

We don’t have to look far or think that hard to develop answers to these questions. Just the other day, Shawn Powers and Michael Jablonski, authors of the new and fascinating-sounding book, The Real Cyber War: The Political Economy of Internet Freedom (University of Illinois Press, 2015), announced the publication of their book by writing:

Efforts to create a universal internet built upon Western legal, political, and social preferences is driven by economic and geopolitical motivations rather than the humanitarian and democratic ideals that typically accompany related policy discourse. In fact, the freedom-to-connect movement is intertwined with broader efforts to structure global society in ways that favor American and Western cultures, economies, and governments.

The inability of many Tor and “internet freedom” and even super-encryption supporters to understand (or at least, to talk as if they understand) this point of view is part of what is so disturbing about this whole situation. “Internet freedom” and “internet privacy” and even “Tor” have become like articles of religious faith: creeds whose fundamental tenets cannot be questioned, even if they also cannot be stated in anything like the clarity with which “freedom of the press” can be stated. The critique we need to consider is not merely that major powers are “paying lip service” to the idea of internet freedom; it is that the idea itself is bankrupt: it is a propagandistic slogan in search of a meaning, a set of meaningful-sounding (but meaningless) words, like “right to work,” that exists only to serve a powerful and disturbing agenda (which is one direction that the outsize “internet freedom” funding provided by the US State Department, and Google’s triumphalist support for the idea, should raise questions for everyone). Indeed, if the putative freedom of information on which “the internet” (and Tor, and “internet freedom,” etc.) is supposedly based is going to mean anything–if it at least entails the “freedom of speech” and “freedom of the press” that in my opinion it does not eclipse in especially legible ways–it has to mean being willing always to question our fundamental assumptions, making it beyond ironic that its fiercest champions work so hard to prevent us from doing just that.

ewmayer · 2015-04-11, 01:30

Our frenemies in Beijing appear to be working hard to catch up with the NSA/GCHQ alliance when it comes to offensive cyber operations against its own citizenry and those who would try to aid same in evading government censorship:

China Is Said to Use Powerful New Weapon to Censor Internet | NYT

And on a lighter surveillance note, an expert authority weighs in on The Pros And Cons Of Body Cameras For Police.

chappy · 2015-04-13, 02:42

This could have gone in the funny thread, but sometimes I need a laugh when I think about this topic.

xilman · 2015-04-13, 16:09

Quote:

Originally Posted by chappy

This could have gone in the funny thread, but sometimes I need a laugh when I think about this topic.

The old ones are indeed the best.

ewmayer · 2015-04-19, 23:17

NSA and FBI fight to retain spy powers as surveillance law nears expiration | US news | The Guardian

Quote:

Section 215 is the authority claimed by the NSA since 2006 for its ongoing daily bulk collection of US phone records revealed by the Guardian in 2013 thanks to leaks from whistleblower Edward Snowden. While the Obama administration and US intelligence agencies last year supported divesting the NSA of its domestic phone metadata collection, a bill to do so failed in November.

But the FBI and its supporters fear that the expiration of Section 215 will cut deeper than the loss of bulk collection. The FBI is warning that it will lose access to investigative leads for domestic terrorism and espionage, such as credit card information, hotel records and more, outside normal warrant or subpoena channels.

While the briefings were not described as a platform for defending the controversial Section 215, they “offer an important opportunity to hear directly from analysts and operators who use Section 215 as part of their daily mission to protect the Nation from terrorist attacks,” according to an announcement for legislators sent by intelligence committee chairman Devin Nunes and Georgia Republican Lynn Westmoreland and obtained by the Guardian.

The tone of the quoted snip from that "announcement for legislators" tells you all you need to know about the odds of meaningful reform coming from the current batch of congresscritters.

VictordeHolland · 2015-04-21, 10:59

A bit of an old article, but I wasn't aware until I the National Geographic documentary "De Tijd Vliegt".
22 B61 nuclear bombs (4 times more powerful as Hiroshima) at Volkel (Dutch airbase). If you look at Google maps, you can see.... a white space.
Naughty boys, those former prime ministers van Agt and Lubbers for admitting that

!
http://www.telegraph.co.uk/news/worl...h-airbase.html

Lets fire them at ISIS, Iran, North Korea and a bunch of other countries and we'll have world peace. Oh wait, that is genocide, but we'll get away with it, just like America got away with Hiroshima and Nagasaki!

kladner · 2015-04-21, 15:08

As if their existence and deployment isn't bad enough, the Wiki on this family of weapons (which seems to be the basis of the Telegraph's description,) includes the following discouraging bit:

Quote:

As of 2013, the Pentagon is asking for an $11 billion life-extension program for the B61 bomb, which would be the most ambitious and expensive nuclear warhead refurbishment in history. Congress is opposed to this effort for cost and timeline issues and questions for the B61's need. Cost estimates have doubled from $4 billion to $8 billion and production slipped from 2017 to 2020, then grew to $10 billion for life extension plus $1 billion for tail guidance kits and production was delayed to 2021. Sequestration budget cuts in early 2013 delay any start until 2020. The Senate Energy and Water Appropriations Subcommittee stated that extending the life of B61s and consolidating its variants may not be a cheap and low-risk method to meet military requirements

I have little doubt that this insane scheme will continue to resurface.

2015-04-11, 01:30	#545
ewmayer ∂²ω=0 Sep 2002 República de California 10110101111111₂ Posts	Our frenemies in Beijing appear to be working hard to catch up with the NSA/GCHQ alliance when it comes to offensive cyber operations against its own citizenry and those who would try to aid same in evading government censorship: China Is Said to Use Powerful New Weapon to Censor Internet \| NYT And on a lighter surveillance note, an expert authority weighs in on The Pros And Cons Of Body Cameras For Police. Last fiddled with by ewmayer on 2015-04-11 at 01:31

2015-04-13, 02:42	#546
chappy "Jeff" Feb 2012 St. Louis, Missouri, USA 1157₁₀ Posts	This could have gone in the funny thread, but sometimes I need a laugh when I think about this topic. Attached Thumbnails

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
I'm rich AND on a government check.	jasong	jasong	18	2013-08-12 18:21
How does proper government manifest in regulation?	cheesehead	Soap Box	10	2011-04-17 02:29

2015-03-29, 01:16	#542
ewmayer ∂²ω=0 Sep 2002 República de California 19×613 Posts	Passphrases That You Can Memorize — But That Even the NSA Can't Guess - The Intercept Not that they need to guess your pass-stuff if they are logging your keystrokes, but for the dwindling pool of people not yet on the sekrit 'persons of interest' list this seems a sound approach. Never thought the expression "you're really rolling the dice with this approach" would take on a positive connotation.

2015-04-21, 10:59	#549
VictordeHolland "Victor de Hollander" Aug 2011 the Netherlands 2³×3×7² Posts	A bit of an old article, but I wasn't aware until I the National Geographic documentary "De Tijd Vliegt". 22 B61 nuclear bombs (4 times more powerful as Hiroshima) at Volkel (Dutch airbase). If you look at Google maps, you can see.... a white space. Naughty boys, those former prime ministers van Agt and Lubbers for admitting that ! http://www.telegraph.co.uk/news/worl...h-airbase.html Lets fire them at ISIS, Iran, North Korea and a bunch of other countries and we'll have world peace. Oh wait, that is genocide, but we'll get away with it, just like America got away with Hiroshima and Nagasaki!