Tento web používá soubory cookie. Dalším používáním webu s tímto souhlasíte.
jméno
heslo
přihlásit
zaregistrujte se
zapomněli jste heslo?
Anonymita na internetu :: TOR - FREENET - FREEPROXY - ...
LITTLEBOY

[https://keybase.io/images/blog/series_a/pgp_xkcd.png]

Temata


  • novinky ze sveta #security #privacy obecne, nejen #tor #pgp ale taky app pro telefony, sifrovani disku [#truecrypt, #luks/#dm], bezpecne #backupy
  • ocenovany jsou navody a howto pro ruzne novacky, pokud mate, dejte vedet, dame i na home
  • aktualni admin: Overdrive, takze pokud neco, klidne piste do posty
  • PROSBA: pokud linkujete, vzdy napiste co to vlastne linkujete, ne, ze by jeden neveril neznamemu linku, ale je to tak prehlednejsi

  • Spratelene kluby: [ PGP, SSL & Co. ] -- [ Technoparanoia (Facebook, Google latitude a další) + NSA + účinné postupy při obraně soukromí ] -- [ Cyber.Punk: cyberpunk is not dead! cyberpunk is NOW! : SubHuman, PostHuman, TransHuman, InHuman ]
    Know & Howto: [ Pretty Good Privacy - Wikipedia ]
    Máte k tomu co říct? Vložte se do diskuze.
    OVERDRIVE --- 12:30:04 27.9.2013
    NSA v SouthParku
    Let Go, Let Gov (Season 17, Episode 1) - Full Episode Player - South Park Studios
    http://www.southparkstudios.com/full-episodes/s17e01-let-go-let-gov
    OVERDRIVE --- 15:25:37 17.9.2013
    ----- Forwarded message from Yosem Companys <companys@stanford.edu> ----- Date: Wed, 11 Sep 2013 15:29:15 -0700 From: Yosem Companys <companys@stanford.edu> To: Liberation Technologies <liberationtech@lists.stanford.edu> Subject: [liberationtech] Inside the Effort to Crowdfund NSA-Proof Email and Chat Services | Motherboard Reply-To: liberationtech <liberationtech@lists.stanford.edu> http://motherboard.vice.com/blog/inside-the-effort-to-crowdfund-nsa-proof-email-and-chat-services Back in 1999, Seattle-based activists formed the communication collective Riseup.net. The site's email and chat services, among other tools, soon offered dissidents a means of encrypted communication essential to their work. Fourteen years later, Riseup is still going strong. In fact, they've been fighting the US state surveillance apparatus longer than most people have been aware of the NSA's shenanigans. Now, the collective is hoping to expand, given the gross privacy transgressions of the NSA and US government as a whole. "What surveillance really is, at its root, is a highly effective form of social control," reads an AugustRiseup newsletter. "The knowledge of always being watched changes our behavior and stifles dissent. The inability to associate secretly means there is no longer any possibility for free association. The inability to whisper means there is no longer any speech that is truly free of coercion, real or implied. Most profoundly, pervasive surveillance threatens to eliminate the most vital element of both democracy and social movements: the mental space for people to form dissenting and unpopular views." The impetus behind the project is Riseup's struggle to keep up with new user demand for an email service that doesn't log IP addresses, sell data to third parties, or hand data over to the NSA. Riseup will also be able to expand its considerable anonymous emailing lists, which features nearly 6 million subscribers spread across 14,000 lists. Their Virtual Private Network (VPN), which allows users to securely connect to the internet as a whole, will also be made more robust. What Riseup can't do is offer its users an anonymous browsing experience, but that's not their aim. To offer Riseup to more users, Free Press's Joshua Levy, Elizabeth Stark (an open internet advocate who has taught at Stanford and Yale), as well as others at the StopWatching.Us campaign (backed by Mozilla) recently launched an Indiegogo crowd-funding effort on behalf of the group. They hope to raise $10,000 in order to provide Riseup—which is run by volunteers—with a new server, hardware, and software capabilities. In short, they want to expand their reach so that internet users have another alternative to email services such as Gmail, Yahoo, and Hotmail. To get a clearer picture of what StopWatching.Us and Riseup are doing, I spoke with Levy, Stark, and an anonymous Riseup collective member. We talked about how the crowdfunding money will be spent; how Riseup helps users avoid NSA, as well as state and local repression; and why, contrary to reports, the Tor Browser bundle is still the best option for anonymous, encrypted browsing. (As of today, the crowdfunding campaign reached it's $10,000 goal, but the organizers are hoping to exceed that total by a good margin.) [snip]
    OVERDRIVE --- 15:09:49 17.9.2013
    HoneyDocs
    Create documents that buzz back home.
    https://www.honeydocs.com/
    OVERDRIVE --- 11:39:15 13.9.2013
    Data Broker Acxiom Launches Transparency Tool, But Consumers Still Lack Control

    https://www.eff.org/.../2013/09/data-broker-acxiom-launches-transparency-tool-consumers-lack-control


    [ zkousel jsem ten jejich web, bohuzel opravdu chteji cislo socialniho pojisteni, ktere ja nemam a zaroven se mi nelibej jejich licencni podminky - tedy sdileni dat s rodinou jejich podnikatelskych zameru, to je divne, kazdopadne chtel bych takove data minery/data broker tools verejne, porad se ptam, zna nekdo neco takoveho? datamining? hmmm? ]
    OVERDRIVE --- 13:53:54 12.9.2013
    THEBYS --- 19:11:24 11.9.2013
    Stalkeři a crawleři budou brzo buď automatičtí nebo dobře placení. Dovedu si představit pracovní pohovor typu: dejte nám přístup ke svému facebookovému profilu v co nejširším rozsahu a my vám dáme vědět. Google je dobrý rozcestník, sociální sítě taky často prozradí hodně a chce to hledat na základě všech informací (např. spojit dvě přezdívky pomocí icq čísla / mailu atp...).

    Extrémně zajímavý to začíná být až v momentě kdy je/bude k dispozici vyšší datovej potenciál (bankovní data, sledování (kamery, 4square), přístup do domácí sítě oběti, k chytrému telefonu)...

    Několik zajímavostí je k dispozici třeba i tady:
    Pološero : Někdo se dívá — Česká televize
    http://www.ceskatelevize.cz/porady/10318730018-polosero/213562222000007-polosero-nekdo-se-diva/
    Obecně je to docela kvalitní pořad pro seznámení s nějakou problematikou, ale nejde moc do hloubky.

    Rešerše je fakt dobrej eufemismus :D
    OVERDRIVE --- 18:48:21 11.9.2013
    hezky vtip:

    na ukladani dat se pouziva: SAN, NAS, a NSA - to posledni ma semanticke vyhledavani ;]


    --- vlastne nam to rika, mj. ze cely svet zaspal, pokud nastroje typu Intella nejsou proste volne k dostani...
    MMchodem, kdyz by nekdo vedel, kde tahle vec roste, tak by me to zajimalo na odzkouseni, pripadne nejake chytre vyhledavadla...

    MMchodem dostal uz nekdy nekdo z vas za ukol nekoho identifikovat podle netove stopy? Ja jednou kdysi, kdyz jedne firme nekdo poslal seznam emailu, koho jeste oslovuje do tenderu. I jen s googlem to byla hodne dobra prace, dost jsem se dozvedel a pobavil.

    nejake chytre nastroje pro nejake takove vyhledavani napadaji nekoho?
    Tedy zahrajme si na to tady opacne. Rekneme, ze se nechceme branit, ale rekneme, ze chceme o danem jedinci najit to nejvic co jde. O me to bude asi hodne jednoduche. Kdo se hlasi dobrovolne, ze si tady na nej dame resersi.
    Ale muzete klidne i me, jen s tim, ze pokud pouzijete neco chytrejsiho nez google, a dostanete nejake zajimave odpovedi, tak chci vedet co to bylo.

    Jsem k dispozici hurra. [nemusite mi kvuli tomu volat, ju? ani mlatit me hadici, hrajem hru, co se povaluje na netu, ne jak se chovat jako debil ;]
    OVERDRIVE --- 16:23:33 11.9.2013
    Date: Tue, 10 Sep 2013 14:38:01 -0400
    From: John Young <jya@pipeline.com>
    To: cryptography@randombit.net, cyperhpunks@cpunks.org, cryptome@freelists.org
    Subject: [cryptography] ProPublica's Jeff Larson on the NSA Crypto Story and Another View
    X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9

    ProPublica's Jeff Larson on the NSA Crypto Story

    http://source.mozillaopennews.org/en-US/articles/propublicas-jeff-larson-nsa-crypto-story/

    Describes two months of digging through the Snowden documents, using
    search tool Intella, finding code words, looking for references to those,
    scrambling to understand and explain the technology to experts and the
    public, traveling between New York and London, thrill of working with
    NYT, Guardian and others.

    Claims extraordinary security was laid on to protect the material. But
    doesn't say what it was or is.

    Pretty good gritty back story compared to the burnished fronts. Hard to
    tell if it is a front story as well due to admission of withholding materials.

    Nothing said about consulting with USG or HMG.

    Here's a much less polite viewpoint:

    http://ohtarzie.wordpress.com/2013/09/10/fuck-the-guardian-take-your-drip-and-stick-it/
    OVERDRIVE --- 14:28:13 10.9.2013
    OVERDRIVE --- 13:44:25 10.9.2013
    Me pripadlo tohle hodne uzitecne, neptejete se me proc...
    eugen@leitl.org
    Re: [cryptography] [Cryptography] Opening Discussion: Speculation on "BULLRUN"

    ----- Forwarded message from arxlight <arxlight@arx.li> ----- Date: Fri, 06 Sep 2013 00:46:15 +0200 From: arxlight <arxlight@arx.li> To: cryptography@metzdowd.com Subject: Re: [Cryptography] Opening Discussion: Speculation on "BULLRUN" User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:17.0) Gecko/20130620 Thunderbird/17.0.7

    -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What surprises me is that anyone is surprised. If you believed OpenBSD's Theo de Raadt and Gregory Perry back in late 2010, various government agencies (in this specific case the FBI- though one wonders if they were the originating agency) have been looking to introduce weaknesses wholesale into closed AND open source software and OS infrastructures for some time. Over a decade in his example. (See: http://marc.info/?l=openbsd-tech&m=129236621626462&w=2) Those of us old enough might marvel at the fact that going back to the late 1980s a huge dust up was caused by the allegations that Swiss firm "Crypto AG" introduced backdoors into their products at the behest of Western (read: United States and the BND) intelligence agencies, products that, at the time, were in widespread use by foreign governments who, one presumes, could not afford to field their own national cryptology centers to protect their own infrastructure (or were just lazy and seduced by a Swiss flag on the corporate domicile of Crypto AG). For the unwashed on the list, Wikipedia (and Der Spiegel) relate the story of (probably) hapless Crypto AG salesman Hans Buehler's 1992 arrest by the Iranian authorities after those allegations came to light, and the fact that Crypto AG paid a $1m ransom for him (but then later billed him for the $1m--you stay classy, Crypto AG). (See: http://en.wikipedia.org/wiki/Crypto_AG) But fear not. Governments and NGOs around the world will be pleased to know that Crypto AG lives on and continues to provide superior crypto and security solutions to foreign institutions of all kinds, including: "National security councils, national competence centres, e-government authorities, encryption authorities, national banks, ministries of defence, combined/joint commands, cyber commands, air forces, land forces, naval forces, special forces, military intelligence services, defence encryption authorities, ministries of foreign affairs and numerous international organisations, ministries of the interior, presidential guards, critical infrastructure authorities, homeland security authorities, intelligence services, police forces, and cyber forces." (See: http://www.crypto.ch/ - The inclusion of a shot of the Patrouille Suisse is an especially nice touch. I often drive by their offices in Steinhausen and was stunned to realize a few years ago that they are thriving- I can only imagine what the mortgage on that place costs). I expect that today many of us feel quite naive at being shocked by those penetration revelations (sorry, allegations) given that it seems highly probable now that anyone using any sort of Microsoft, Cisco, Google, Facebook, Yahoo, YouTube, Skype, AOL or Apple product has now been elevated to a collection priority that seemed confined to the Irans of the world in the 1990s and early 2000s. Perry wondered after the "unpardonable carelessness" of the NSA in giving 50,000 Snowden's access to a Powerpoint with all the Prism partners. I would argue that the NSA had good cause to think no one would notice or care given how many people who should know MUCH MUCH better still send Crypto AG scads of money. And going back to the days of toad.com hasn't this always been the story? Security is expensive. Most people (and some governments) are cheap. There's something about the present political climate in the United States that really interests me. Mere mention of the word "fascism" in any context other than sarcasm seems to brand one quite instantly as a tin-foil nutjob. Granted, I think the world "fascism" is as overused as the word "communism," but it bears mentioning that the usurpation of corporate entities and industry by the state to its own purposes is one of the classic tenants of fascism. I'm sure the list's readers sense where I'm going with this by now. It is hard to escape noticing that the NSA and its sister and orbital agencies have long since broken the traditional firewall and morphed themselves into domestic surveillance agencies. But the United States is late to the party here. In the world of finance it was long understood that certain state-dominated Russian firms were front-running a number of U.S. economic indicators prior to release. The rumor at the time was that this activity stopped cold after a security audit at the offending U.S. agencies. It's possible that the story was apocryphal, but I sort of doubt it. The economic intelligence apparatus of foreign intelligence services was the place to be if you wanted to find yourself in the good graces of your nation-state. (It's not an accident that Nikolay Patolichev, once the Soviet Union's Foreign Trade Minister, led the pack having been awarded the Order of Lenin twelve times). Of course, drafting otherwise independent-appearing private enterprises to the purposes of the state was popular then (the CIA would routinely interview U.S. businessmen and businesswomen after trips to jurisdictions of interest, and leverage their presence in foreign lands to their own advantage), and appears even more popular now. I won't belabor the point (made long ago and loudly by Kate Martin, only to fall upon decidedly deaf ears) that U.S. Courts generally refuse to examine the legality of collection of inculpatory evidence that is dropped into their lap- but it is important to at least acknowledge. Again, those of us shocked by those revelations (that evidence of domestic crimes "accidentally" collected by intelligence agencies would not necessarily be inadmissible) might feel awfully stupid now that it seems that the NSA expressly retains or passes on evidence of crimes unrelated to foreign intelligence activities or terrorism, and that the DEA (presumably among others) routinely engages what could fairly be called wholesale perjury to conceal the source of such evidence from courts and defense counsel when it is presented in support of criminal prosecutions. Finally returning to the original topic (please forgive the diversion) I think what is the most important element to understand is that what was once opportunistic synergy between national intelligence agencies and law enforcement agencies (here the War on Drugs was clearly the camel's nose) has become Fusion Center level integration- and bilateral information flow. Don't take my word for it, just read some of the Fusion Center testimony to various congressional committees- this is their bread and butter. Whichever asshole it was who first blamed 911 on a lack of cooperation between law enforcement and intelligence did a great deal of damage to the United States, but the trend was already pressing forward. What seems even more daunting is the new path of information from the bottom up. Now that you have local law enforcement humming around in cars collecting position and "metadata" on every license plate within 20m of a cop car prowling around on its beat, federal agencies are just a "Fusion Center query" away from access to... well... nearly everything. Look at this model (local collection at local expense re-purposed to federal exploitation), basic "exception processing," and the impact of the last decade and a half of "crony capitalism" and it is suddenly pretty hard not to credit BULLRUN with far more access than is public even given the latest revelations. Certainly, I don't run the NSA, but it doesn't take much more than a middling operations professional to tell you that exception processing is the key. Attacking this stuff is a question of priorities. Though experiment: What order of difficulty would you assign: Catch it in the clear. Compromising a vendor (including keys and users passwords- which might be reused). Injecting poor RNG (with vendor cooperation). Stealing a master key. Stealing a session key. Stealing a password to master or session key. Dictionary-attacking a password. Brute-forceing a weak password. Compromising an endpoint. Compromising a physical machine. Rubber-hoseing a password. Brute-forceing a strong password. Brute-forceing a weak key. Brute-forceing a strong key. Include in your analysis the cost of bending (or breaking) constitutional protections in the post-911 era (if any). Just look at the leverage an unwieldy, all-encompassing central government has on large US based firms (See e.g. Qwest post-cooperation refusal) and reflect on the bi-lateral Fusion Center model and then try to speculate that BULLRUN is overstated. I don't think you need a major factoring breakthrough to have FANTASTIC success in accessing the vast majority of (for example) SSL "protected" internet traffic. Anyone know what the market penetration of Microsoft IIS is? No, quite the contrary. I'll be amazed to find that the NYT piece isn't UNDERstated. To coin a phrase with reference to large and medium sized Western IT firms: They're all Crypto AG now. - - uni -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (Darwin) iQIcBAEBAgAGBQJSKQm3AAoJEAWtgNHk7T8QJOEQALI381nUcAHtALvqw/ac/k84 Tdn+Zd2+T54stDJPwJvOQXkeIJJKAURyhPgG+oGkXHbzjLnwTp6zpB9+et4pM5n7 PRc8X/9fAF8+X8EzDwQA90wYEZaAaSmnnaXi034faw0kKw0T0EDenDBgJ6J9fHGa DtsQECUlYenj2Evm0cY60Uz52/zJcXryWS5vRS4IU+i4ELCC3CbY6cX3MAT6Y6jc reh1B8Wf1fbmaXYR5Ws+Dd5VE4+9T2VkB2MZQN9T+/NbS9abe+lFVZkqjNx28RT4 OHC9VVqG0rGgn3a7tiLY2StmPSIxyV08LRmoz89CU0smdjb8pZDc+08V29anIH+Q E6xo+pJdc+SF34wHurCBRYqeH4TLowB2Bl/pLQ05FUFCcj6bIGO1lwf5sHaPpsKU 3mAC4HnQwlgd61epbLVbNcltp40nz5Soz/tfyyRM2T2VNdkxcriJUezKQRwu+t6d pCbQow9KEpcrdL3TlaQgcvNH0btU5HRnz7EJSrctL+FfZBKUj4jcRCUgASt6gRBd cnrzFcFAYoSgBBR/wJBxUATpzxMl+xZ74zPKJPdaIiA0XPd1F9ZIUe+mzDL+IxHT b08+gUgME9OMpjwToSkoopYL02AkK/GRirC14C2cXieC8JwjrevIoBQmCLUutNK6 XC4sOGrFZ7Z37sXL+1jT =4NbV -----END PGP SIGNATURE----- _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography ----- End forwarded message -----
    -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography