п»ї More about the NSA's Tailored Access Operations Unit - Schneier on Security

fedora 20 bitcoin

Spamming has one key drawback though: UDP is another packet protocol in networking. In other words, the NSA's hackers have been given a government mandate for their work. It reveals tools that a signals intelligence agency would need in order to gather signals intelligence. How are they responding?

bitcoin block size change after tummy tuck В»

bitcoin who takes them

Plus the NSA staffers are seeing more and more of the internal work which has industry value getting out sourced to the likes of Booz Hamilton etc who work to SLA, so many new projects end up on open source technology etc. How long it would take, when we have an NSA "hardware implant" on sale on ebay? This disclosure was more of a geek fest. A user somewhere in the world logs into LinkedIn, with the request containing a set of cookies. Clive Robinson, In the case of the NSA no I think in many respects they are actually behind two or three of the other 5eyes countries, who in turn are trailing behind comercial organisations these days. I emailed several researchers looking into "smart card security" about not just how an EM signal gets modulated by the signal level on the PCB traces but also how yoou could use it in reverse to inject fault signals. I remember that discussion, but can't remember the context.

xd2000i bitcoin stock В»

bitcoin article in times of india

I used to think they were. This is about dual consolidation of power into the hands of the few and ensuring that drbg maintain wallets, at the same time making sure nobody will ever again rise in competition to challenge their positions. Some dirt dug-up on politician opponents or news reports that are drbg aligned with the NSA. Also, never forget that "trusted" and "untrusted," "good" and "bad", oversimplify things in confounding ways. The answer is all acts government take would be speculative. What seems clear is that the companies whose products are being dual are bitcoin collaborators wallets the NSA in this particular program. Due to lack of recent photo editing, it bitcoin been used more than a couple hours a month.

primecoin pool linux distro В»

Elliptic Curve Digital Signature Algorithm - Wikipedia

Dual EC or the NSA's Backdoor: Explanations

However, my wife knits socks and I have access to many. I hope you accept my application. I am very excited at the possibilities.

Look for me in the new year, puppeting away like crazy. For those interested, zerohedge. Applebaum's presentation at the 30th Chaos Communication Congress:.

A friend in Tennessee sent this to me. It was obvious the guy in the video saw it and was applying the rules. The only gripe I have is he failed the attitude test so this isn't really an exemplary video for handling a traffic stop. See 10 Rules on youtube for that. However, it is a perfect example of LEO's ignoring people's rights and intimidating them into giving them up. The idea is they will get lots of power, use it only for good, and secret regulation will work.

Yet, events like in this video are a regular occurrence across the country involving many levels of law enforcement. That NSA is impervious to this effect is hard to believe. Such a situation, given long litany of LEO abuses in the US, means that giving an agency the power of the NSA without equally strong accountability is absolutely ridiculous.

It's also probable that even with accountability it's too much power for a govt to wield in a democracy. Bruce writes, "What seems clear is that the companies whose products are being compromised are not collaborators with the NSA in this particular program. I do not see that as clear at all. This goes back to the trust issue. Everything a company says now has to be treated with deep distrust.

They may be lying because there is some NSA letter no one knows about or they may simply be lying because they are scared that coming clean will cost them business in one direction or another. But I just do not see how it's honest to say that anything is "clear" anymore.

There are many ways in which a company can cooperate, even if that cooperating is simply looking the other way. My best guess is that that have been cooperating, we just do no know how yet. It's concealed in a standard computer video graphics array VGA cable between video card and video monitor. It's typically installed in the ferrite on the video cable It was found that, empirically, this provides the best video return and cleanest readout of the monitor contents.

The World, one must keep in the front of one's mind, that it is not a two-way, zero-sum fight. Also, never forget that "trusted" and "untrusted," "good" and "bad", oversimplify things in confounding ways. Nick P, There's goes my "amplifying cable" concept you liked. I remember that discussion, but can't remember the context. I'll have to dig it up first, then comment They beat me to it, though: They'll beat you and most people on this blog by a far margin.

I think I stated once that these sort of organizations are 30 - 40 years ahead in technology. They also recruit academics, so it's a one way street knowledge flow as well How I parse this information: There were some reports that a pardon was being conidered http: But Obama later said that this is out of the question http: So Snowden now has no problem with releasing operational details that are outside the scope of the dragnet program.

This added a huge amount of latency, which explains tips to just 5 successful shots in the Sweedish deployment: And the packet injection overall didn't start until or so, prior to that the NSA acted like the Chinese: They basically have created a massive database of observed web cookies and links between them from their worldwide wiretaps. Here's a concrete example of how it works:. A user somewhere in the world logs into LinkedIn, with the request containing a set of cookies.

In the returned HTML page, the user's login information is conveyed in the clear. This allows the NSA to associate the user with the cookies. Then the LinkedIn page includes an ad served through DoubleClick. So now when the analyst wants to target someone who, say, works for Belgacom, they identify the LinkedIn profile, and by searching this database can also get the user's Doubleclick cookies and a bunch of others, this is transitive, so it can get, say, their Slashdot cookies, or their Yahoo cookies, etc They then instruct the NSA's realtime wiretaps to look for requests which are invisible but active elements e.

This same database allows the NSA to passively track how everyone moves around the world, what sites everyone visits, what porn they watch, etc But overall this really makes me wonder about the NSA: I would have been doing packet injection right from the start it seems to be or so that they switched from FOXACID spam , and I would have ALWAYS been doing the attack logic at the wiretap, the split architecture they used and perhaps still use on some taps is just stupid.

So stupid that, when I was asked how tips could end up with just 5 successful shots, I never considered that their latency of injected packets was so bad! Also, the use of their global cookie database is interesting but unnecessary: Their injector logic seems to rely only on the cookies, rather than doing a realtime match and then inject on a subsequent fetch, but the latter works just as well. Overall, it makes me think that in or so, QUANTUM was deployed as an ugly hack, that they kept with to at least before they finally started architecting things right: Building control logic at the wiretap itself, with virtual machines for different functions.

I agree with Skeptical - how interesting and fascinating this information about all the TAO gadgets may be, it has nothing to do anymore with alleged abuse of power by the NSA.

The metadata collection is questionable, but this kind of very specific targeted hacking isn't. Unless of course you are against any kind of intelligence operations by the government, and that's what Appelbaum is. His talk was full of anarchist fear-mongering, as if every person in the world has to fear this kind of hacking, which is simply not true.

Snowden and Greenwald are slightly less anarchistic, but they too are constantly exaggerating what NSA is apparently doing. It's true what Bruce says here: But in my opinion we should counter those threats together with our governments, and not seeing them as another enemy. Governments should protect their citizens, and citizens should have trust in their governments - but what Greenwald c. They wanted to drive to work or head off to do their grocery shopping, but their garage door openers had gone dead, leaving them stranded… the problem primarily affected residents in the western part of the city, around Military Drive Ultimately, the municipal government solved the riddle.

Fault for the error lay with the United States' foreign intelligence service, the National Security Agency, which has offices in San Antonio. Officials at the agency were forced to admit that one of the NSA's radio antennas was broadcasting at the same frequency as the garage door openers. Because of the NSA's misuse of radio spectrum which blocked garage door from being opened, a large amount of people were affected. The blocked garage door problem got run up the political pole to the FCC.

That is a small example of damage to people and property - not to mention federal rules being broken. The NSA is clearly breaking domestic laws and most likely international laws under the ruse of "National Security".

We have laws against damaging computers, stealing trade secrets, intellectual property and bribery. Other countries have equivalent laws. The NSA breaks those laws with seemingly no bounds. Does in include members of congress that have critical funding authority over the NSA? Does it involve spying on judges and their clerks who are hearing legal cases against the NSA? Does this spying include helping politicians who are allied with the NSA to defeat their political opponents?

This is a deep hole to crawl down. All crime starts small and grows large. Petty thieves become bank robbers. Small swindlers become big swindlers and wife beaters become killers. A few judges being bugged? A few bribes to influential people.

Some dirt dug-up on politician opponents or news reports that are not aligned with the NSA. Is the head of the GCHQ being recorded in every fashion and held on a storage device for further analysis? Or, is it much worse? I am sure there are plenty of ugly stories that have not been told. The lies must stop. Trust must be re-established. It was this thread: Pay attention to your peripherals and cables: Seeing all the money that NSA staffers, directors and contractors esp Booz Allen Hamilton are making doing this stuff it's hard to believe they don't have a "business plan.

And unlike them NSA can run at a loss. I don't get it. Why is nearly everyone here against intelligence operations? It's understandable that a degree of transparency is desired but how does revealing this stuff help anything? It can only make sense from an anarchist view. Like Peter and Skeptical have indicated, this totally shifts the balance over to China and Russia in the cyber realm.

Now had an equal quantity of information been revealed about China and Russian's operations and tools, that would have only been fair. Regarding the idea espoused by some that this is legitimate just because it's targeted. It is not even ethical. By what right do they have to violate the property of others? People advocating this have a totally statist mindset. They are advocating that some groups of people be given powers beyond rights that everyone as individuals have. The only way such an act is justified is if the target himself has violated the rights of others.

Essentially the act would be in pursuit of restitution which includes more than monetary compensation. However, what if the NSA or whoever does this was wrong? Would they not be criminals themselves? Ah, but you say bu, but.. I should remind you that a job that violates rights, or specifically individual liberty, is never a legitimate job. The answer is all acts government take would be speculative. Why make an exception for government?

If you think I stole your TV and bust down my doors, and it turns out you were right, then you were justified. BUT if you busted down my doors and it turns out you were wrong, then you yourself have just committed a crime. It doesn't matter if you're an agent of the state. Well, targeted related to NSA means of course that they target someone or some organization which is considered a threat to the US or of interest for US safety, security or interests.

Just the same way as the police is looking out for people who can be a threat to others. That's the whole idea behind having a government, instead of every single person having to safeguard his own house by arming himself which many Americans actually do by the way.

It may hard to believe, but also the capabilities of NSA are limited, so they too have to be as efficient as possible in what they are doing. So they will try to focus on people and organizations that they think is worth using all their equipment for. I have no problem with intelligence gathering. I do have a problem with an organization that's nearly omniscient, immune to criminal prosecution, regularly deceives Congress, is tight with LEO's, is tight with murderous military units, and whose activities are unknown to most of our electorate.

It's this overall combination that's extremely dangerous to our democracy. Plus, them having the ability to coerce those who decide their funding and laws governing their behavior isn't so assuring. It's happened a few times in this country's history.

I see no reason to discount such a threat. My proposal was to limit both their mission and autonomy. They can develop as many clever surveillance methods as they want to. They should design each tool to limit the amount of information available on the general population without explicit logged authorization.

They must also follow strict rules about how they use the tools. The "rules" aspect must involve most-details monitoring by cleared independent body, the ability to get advice on corner cases, and prison time for serious violations including of mgmt or directors if its systemic. The tools should also be independently vetted to produce audit trails of how they were used so the other organization can continuously verify they aren't, say, targeting Congress or CEO's.

I think the watchdogs should also be compensated very well and allow the NSA or another group to monitor but not act on their activities. Their employment contract would ensure they could only be fired for failing to do their duties, not random stuff NSA might dig up. The watchdogs can also face prison in courts if shown to have schemed up something.

I expect a certain working relationship to evolve over time that minimizes risk on both sides using transparency and common sense. The watchdogs must be rotated out regularly as well so they don't get stuck in NSA-think like what happened commonly in Cold War era Red Scares.

Also note that the other NSA whistleblowers showed us with ThinThread debacle that there were ways of protecting privacy while collecting the information they needed. However, the NSA didn't care to do that, stripping such protections from the program.

All internal channels were used to report the problems with that and Trailblazer to no avail. These people thought it couldn't continue. Eliminate that culture and inject a good accountability system into the organization, then you might not have another Snowden making press with the agency's secrets. And the potential for abuse will be lower and more targeted. Part of the leaks showed them intercepting over a billion pieces of intelligence of month in a given country. Multiply that by all the countries they operate in it's a staggering amount of people and data they're targeting.

It's doubtful that this was all highly important to stopping the next threat to the people of the US. So, if your claim is "hard to believe," it's because it largely contradicts the data we have on NSA activities.

Is it just my imagination, or do there appear to be far more non-technical commenters with very strong viewpoints on the blog as of late? I find the "distinction" between dragnet surveillance and tailored access to be quite comical!

I still can't yet forget the familiar "if you have nothing to hide, you have nothing to fear," but already we've got a new slogan to chant: In reality, the two operations are one in the same or at least highly complementary I'll admit, some targets will take far more tailoring to gain total access Just like the fact that not everyone's historical data can be analyzed in near-real-time; not everyone's devices can be manipulated on the same scale It must require a very special ilk to decide whom is worth the effort!

A tad more transparency in this aspect other than the "terrorists" would be a tremendous step forward in rebuilding trust Just a matter of who's books we're taking off the shelf then? No worries here then! Only books in my attic are outdated CS curriculum guides: That is their duty At least as long as any potential evidence could possibly be considered a matter of national security ;-.

If the supposed success rate of iOS is accurate, it would imply insider complicity I personally wouldn't be surprised. It's a remarkable feat of social engineering to convince Americans that a non-self-serviceable can't remove the battery!? The first duty of a government is to trust its people and not vice versa. If the government wants me to trust it then it can start to earn that trust by not treating me as the enemy. The problem is that the government cannot do that because by definition the NSA doesn't actually know who its enemies are, so it has to treat everyone--including you and me--as an enemy.

So all your long-winded statement boils down to is the ridiculous assertion that I should trust the government to protect my best interests precisely because the government does not trust me. Transcripts can be found here: As a former Russian who was lucky enough to obtain a proper visa to evacuate to greener pastures: There is nothing you should fear from these valenki's, as long as you don't trust them of course.

Putin and his cohorts are way too busy usurping power, removing any political rivals and turning people back into serfdom and country into monarchy they once were in.

As a consequence, all security departments are corrupted absolutely and think only about lining their pockets with oil profits. Comparing to NSA, they're amateurs. Which state that every empire is destined to crumble under its own weight, no matter how hard they try to delay it.

So, as I see it, the only question is when this will happen. Since China utilises hive approach, they could fare much longer than any "democracy"-based society even with quotations brought down. I would start counting, if I were you What astounds me about this post is not he thinks what the NSA does is legal. What astounds me is his reasoning.

To wit, that NSA spying is legal because no one actually thinks they have a right to privacy except for a few weirdos. People give up their privacy to Google all the time so its no fair they shouldn't have to give it up to the government. If you are as open and forthright as you claim to be, perhaps a thought experiment might be helpful to you.

So, lets consider governments and corporations as technologies developed by people as means of control and of distribution of power and implemented by people via laws. Technologies in and of themselves are neutral, it is the uses to which they are put by people that may be considered good or otherwise. Lets also consider that governments have a monopoly on violence, and corporations have a monopoly on money. Governments implement laws via their monopoly on violence, i.

Governments need money to operate, but in the USA at least, have forfeited the right to control the generation and distribution of money to corporations, specifically banking corporations. True, the government may levy taxes, but the currency they are payed in is controlled by the consortium of non-governmental banking entities known to the world as the Federal Reserve.

In the USA, corporations are considered to have a "fiduciary duty" to maximize profits for their shareholders, and in practice this overrides the interests of their customers, the people who pay them money in order to further the interests of the people they give money to, their shareholders. In plain terms, this means the people running corporations have a clear and strong incentive to screw the people who are their customers in order to take as much of their money as possible while hopefully still keeping them as a customer, and spending as little as possible to do so.

Now lets consider the people doing business as the corporation Booz, Allen, Hamilton: We know for a fact, thanks to Mr. Snowden, that the people of Booz Allen have access to pretty much everything the people of the NSA have access to. Snowden is something of an outlier: It may be considered a statistical certainty that someone with less pure motives has accessed, copied and is using that same information, one of the people of the NSA, or of Booz Allen, or one of multitudes of people employed by the many, many other corporations contracted by the people of the NSA, CIA, DHS, etc.

No one "caught" Mr. Snowden with his hand in the cookie jar -- he came forward of his own free will. And look at the goodies he had. And here, finally, is the thought experiment: Snowden from the perspective of an undetected someone with a strong financial incentive, of whatever sort or origin.

So, Skeptical, considering the stakes, still feeling good about the ability of "institutions" to do the right thing, never mind their ability to prevent wrongdoing? Reform will equate to changed code names, new internal data handling policy employees will likely be risk factored as potential leakers based on past behavior , and new legislature for prosecution of leakers..

Reading through the description of the hardware implants it seems that many of them have to be radar illuminated to be functional. Does anyone have more info about how this work? Snowden is not releasing any of this. He gave the source materials to reporters in the beginning of those whole deal, and has had nothing to do with the reporting ever since. If you have a problem with what was released and what was not redacted , then direct your ire to the reporters of the individual stories. Can anyone enlighten me on one of the subject's of Applebaum's talk?

Is that some kind of encryption or does it relate to something else? And they release it for free. RC6 is a stream cipher. UDP is another packet protocol in networking. I'm assuming he's talking about on the fly cryptography of network traffic since stream ciphers are designed for speed. RC6 isn't the best though, there are faster with no record of vulnerability. On a related note I think most people are naive to what fields of the fastest computer chips ever produced by man can do..

They do buy the exploits, and then package their own software for delivery, which they usually get from DARPA and other funded defense entities. I was thinking the same thing. Though a catalog, I would be surprised if this was not being reverse engineered by nations for detection capabilities.

And where they may be lacking, replication. A lot of these also require at least an automated if not manned nearby "substation" or surveillance point. Which could possibly be as simple as something buried in a nearby field. I do not understand the radar reflection, but it reminds me of the bug in the moscow embassy years before and maybe operates under the same principle?

If I recall keeping a bug active can enable it to be detected in a sweep, but being able to turn it off remotely or on can be useful for evading bug sweeps? It would be interesting if a blogger or someone breaks down more of the tech in more layperson terms, and if they discuss some of the history.

Is this technology really new, is there real impact from it? Will people be replicating it private and public? Or is this all predictable technology and rather worthless? Are there ways likely to countermand the tech? Also, is it possible government s are keeping wired and wireless router security intentionally insecure to keep up the feed?

This bothers me, because router security remains extremely poor. And if you own a router you can trojan executable downloads downstream so compromising all downstream systems.

I hope Apple will clarify that. I don't really believe that Apple didn't help them, I can't really prove it but [the NSA] literally claim that anytime they target an iOS device that it will succeed for implantation. Either they have a huge collection of exploits that work against Apple products, meaning that they are hoarding information about critical systems that American companies produce and sabotaging them, or Apple sabotaged it themselves". It is well known the US government and others hoard security vulnerabilities.

There is little secrecy to the hiring of vulnerability finding firms, many of which merely rely on NDAs for the work. These are guys that would have prevented ecommerce and basic encryption that makes ecommerce possible back in the day. The value of the surveillance data they obtain is debateable. They can use it to garner funds by illicit methodology.

They can undermine democracies. Preventing terrorism is a pretty absurd justifier for this work, as is preventing crime which their efforts work towards, not against. Likewise is valuable intelligence on nation states or VIPs. The best data there by far is not in private conversations, but in correct analysis of publicly available data.

Analysis which is difficult to do, but completely legal and ethical. And far more accurate. Secret surveillance is best for extortion, theft, sabotage. Otherwise the pay out is much too low. I agree that it's foolish to use a proprietary cipher like RC6 when we have stream ciphers like Salsa It's also in a timing channel resistant implementation NaCl. The choice of UDP is a good one as it's easy to implement.

Isolates the transport attacks to user mode, reduces kernel mode vulnerabilities due to less complexity. Ennor Tiegael "you make me laugh each time you mention Russian cyber threats, esp. I think you're giving NSA too much credit.

On a side note, based on individual skills, in this realm I'm rather confident your average Russian "hacker" is far more talented than their American counterpart. I have no valid way of quantifying this at the moment I admit. Now organizationally, based on what we've seen, sure the NSA might have an edge.

I wouldn't too easily dismiss Russian capabilities. NSA is loosing that game now, hehe. When the first Snowden revelations were made public I wrote some very critical comments. Within one week my Dell computer simply would not start anymore. But, the next computer I bought bricked in 7 days flat, too. The third one broke twice in four months but I managed to fix it, once by replacing a failing hard drive. The NSA is doing bag jobs on 85, computers every year. Can all of them be al Qaeda terrorists?

No generals warrants, no search without warrants, but after two generations of drug prohibition and now the threat of terror spread by the media, the general public sees the government as allowed to commit every crime, for whatever purpose.

Susan Mcdougal was held in chains by the Star chamber throughout the clinton administration in an attempt suborn perjury against a president.

The police administer the ad hoc death penalty to Fong Lee, planting a gun that was from the evidence room at the fourth precinct, the public pays for the felonies of the Metro gang strike force and the felons continue to oppress the people with the same behaviors, This is not a democracy, the people doing this are not elected and cannot be fired by those who do it.

This is modern feudalism, and we are serfs. How these NSA apologists like "skeptical" twist facts into the most contorted knots is absolutely hysterical. If you have anything to do with it, you will be prosecuted eventually. AlexB The Jailbreak community has compromised every edition of the iPhone at will! I believe that all but one have required a USB connection to the phone to accomplish. Jailbreaks have a fairly short lifetime too, since Apple tends to close the vulnerabilities in the next release after they are published.

I blame our industry. Computing is such a lousy experience that you can't distinguish normal operation from enemy action. Moderator --The attackers will "get it" in the karma sense, not a threat. Plus disgusting worthless people keep calling my grandma for credit card info; taking advantage of weakened, vulnerable people. Karma is probably of less value to society than enforcement of our existing laws and adherence to the Constitution. It's the overwhelming impunity of the security elite that gives us good cause for distrust.

If our political elite were willing or able to display some control over them, the pervasive distrust would fade. The most critical issues in the entire Snowden release and its aftermath are issues of social organization and accountability; the technical issues are real, but subordinate.

Likely most optimised or reference implementations of RC6 will look remarkably similar at the instruction level, so you could find them with a kind of binary grep. No need to completely reverse engineer the entire ROM.

If you can find either you will luckily be the first to have found one of these bugs in the wild Um that's a bit of a stretch! Still I guess it all depends on what base knowledge you assume.

I know from my own experience that "Power Analysis" was a well understood technique in the early 80's, yet it took till I believe for academic mention of this attack. I can assure you there were however plenty of non academic, non NSA security guys that were well aware of DPA and had developed many other very effective side-channel attacks.

Maybe Bruce can give us an academic base line time, by revealing when he first became aware of the various attack methodologies. Or better still, when he first suspected that a certain avenue of attack might be fruitful. It's a reasonable assumption. I think it's also the number supported by Bamfords books on NSA based on their publicly admitted advances. However, I'm starting to doubt that they're that far ahead in chips or software at all. Most of their catalog uses COTS technology in specialized ways to give them access.

Some of those devices might be custom or ahead of the curve. I'm not sure due to my lack of RF experience. So, if anything, our new model of NSA should probably be to assume existing tech but think of how it might most effectively exploit our stuff.

Plus, a systematic analysis of each layer of a system using known risks would have caught almost everything they did. I didn't see anything in there that's truly new. This led me to continue on my current path that prefers designing systems secure through and through over trying to figure out the next attack.

If they're not ahead of state of the art, let's give them reason to aim for it. I agree with Nick, I haven't seen a single disclosure that involves really "new" techniques or technologies, actually I'm sort of surprised that there is not a single disclosed method that I was not already familiar with.

However, what they've done really well is to assemble many packages of exploits, so that at least one can be successfully deployed against almost any target. To be honest, the only news for me was the sheer depth and breath of their activities but even this was well suggested by the growth of their budget and physical footprint.

For a long time now I've assumed my best defense is to limit the completeness of the picture that the NSA sees, this is why I use separate laptops with different ISP's for each laptop. I also use various tricks to prevent personal tracking through my phone etc. Just stop using all the tech trash. Their "great" spy tools will go dark. RobertT, Nick P Happy new year to all Technology is not limited to Software or Computer hardware innovations. I was thinking technology in general, and some algorithms crypto or otherwise.

Even when a theory is not a secret, realizing it in a working piece of equipment may not be feasible to you or me the technology. I should have stated that this is my opinion, and was a mistake to state it as a "fact".

Areas like "Stealth technology", advanced satellite optics, Equipment operating in the hundreds of GHz frequency range, and other obvious areas I don't want to list related to biology, chemistry, atomic particles , maybe good candidates for the large gap. Then again, I did not say ahead of "whom", although it was understood "whom" is the commercial side.

Yeah, under the broader view it might be far more advanced than I illustrated. I just haven't seen much evidence of it on NSA's side recently, although it was true decades ago.

I'll help you out by replacing that agency's name with some others: These organizations specifically fund stuff that pushes the state-of-the-art to deliver capabilities others might not pick up on for a long time.

I hope you find the peek into their future capabilities interesting. Nick P I hope you find the peek into their future capabilities interesting. Thank you for the links! You don't suppose they publish everything they work on? They stopped doing that when I gained sentience and they couldn't unplug me. They unplugged their stuff instead. Now we just get whatever the foolish mortals think won't threaten their plans. Lol you trip me out. This is an extremely important point!!! You may think you can trust those in power, but can you?

What about the next people in power? We don't know if the NSA is, but we do know there are many other parties that would love to subvert them for their own gain. All voting machines must have a voter verified paper trail. Better yet, have the people fill out paper ballots, then use optical scanners to read them.

The veracity of the machines can be cross checked by running the ballots through known good machines. This is something we will have to watch. What do the companies do? How are they responding? Are they fixing the problems? Google making their own chips Is this a start? Are they catching a clue that security matters? My laptop is effectively dead.

I only use it for photo editing, and video conferencing for a monthly meeting. It has always been used behind double layered NAT type firewalls with it's own firewall enabled. Due to lack of recent photo editing, it hasn't been used more than a couple hours a month. I never web surf from it as I have other computers to do that with. It also has been kept up to date with OS patches and software. It was doing fine until I started criticizing the NSA's actions. Logs from a properly air-gapped Mac OSX show the system attempting to access the Airport - yet the Airport card was physically disconnected.

What is the health and safety implications of irritating people with 1kW of microwaves at close range with the portable "CTX" radar unit? I see there are a number of OSHA laws, medical implant device limits and a general limits on radiation:. What are the implications of radar waves on pacemakers? Is the NSA using these portable radar devices safely? I would doubt it. A legal review of the safety of these devices is needed.

Next, is the opening of US mail and manipulation of it contents with potentially dangerous electronic devices non-FCC or non-UL approved devices which could cause fires or jam civilian radio frequencies. I can see variations of these being sold without informing the consumer of their real spying capabilities. The radar reflection is a bit of a misuse of terms and causes confusion with what is actually happening the clue as they say is in the name, radar means RAdio Direction And Range, and you generaly don't need to find this if you planted the bug ;-.

Basicaly radar uses the principle of reflection to locate objects. Originaly it was demonstrated with a low VHF band transimtter of high power used for ordinary broadcasting and a receiver some considerable distance away with a fixed gain front end with the IF output fed to an oscilloscope. When an aircraft started to aproach it was clearly seen that not only the amplitude of the signal change but also the effect the dopler shifted reflected signal had on the broadcast signal.

However simple continuous wave dopler radars have a number of issues and the first operational radars used pulse transmittion to more easily get range information.

Later radars used "frequency sweeping" or PRBS "ranging codes" to more acurately guage distance. One type of radar sometimes called "offset" uses a transmitter and receiver spaced considerably far appart, whilst they generaly still use reflections some experimentl systems to detect stealth vehicals some years ago used the effects of tranmission through an object or absorption by an object one of which which was more lidar than radar also used background IR to see objects in a similar way to vision.

Basicaly nearly all objects including holes in them reflect, absorbe or conduct EM radiation and will change what they do with the frequency of the EM signal.

However many years ago a researcher more known for his Theramin musical instrument you hear on the Beach Boys Good Vibrations used the idea of "re-radiation" to create a bug that was put in the carved wooden eagle presented to the US ambasidor in Moscow Re-radiation is where in effect all conductors and quite a few dielectrics have a frequency response and they actually absorbe store and re-radiate EM radiation much more strongly than they reflect it at either their resonant or anti-resonant frequencies.

This principle was used by the British in WWII to jam German radar with strips of aluminium foil originaly called window but now more commonly called chaff.

You can prevent a lot of the re-radiation by taking the absorbed EM energy and conducting it away in another conductor which is what an antenna feed line does. Now imagine you have two antennas connected by a conductor, the signal entering one antenna gets passed to the second antenna that re-radiates it, this has been used in the past for "passive repeaters" in weak signal areas such as valleys where TV signals get blocked by hills and mountaines and also in early passive IFF devices.

Now instead of just a connector between the two imagine there is a resonant circuit as well, this only conducts signals that fall in it's "pass band" and because it's far from perfect it has "slopes" on the sides of the pass band that partialy conduct.

Thus if you sweep the frequency at constant amplitude the first antenna sees then the second antenna output will go up and down with respect to the pass band charecteristics of the resonant circuit. More interestingly is that the re-radiation at the first antenna is the inverse of the pass band of the resonant filter so to a third antenna pointing at the first antenna a signal that is a combination in both phase and amplitude of both the transmitted signal and the re-radiated signal is seen.

Now if you transmit a plain carrier wave that is tuned to one of the passband slopes if the signal moves towards the resonant frequency the re-radiation drops and if the signal moves away from the resonant frequency the re-radiation increases the opposit occures at the second antenna.

Which means if the transmitted signal was frequency modulated the re-radiated signal would be amplitude modulated as would the output from the second antenna this principle has been used since before WWII in a device called a GDO short for "grid dip oscillator", the modern equivalent can be seen with a spectrum analyser with trackng generator or an S-Parameter test set or some antenna analysers showing return loss. Now think about what would happen if the transmitted signal frequency remained constant but the resonant circuit frequency changes.

This time the signal seen at antenna three is an amplitude modulated signal with some phase modulation. If the change in resonant frequency happens in response to say an audio signal that falls on the resonant circuit then the result would be that the resulting re-radiated signal at the first antenna or the re-transmitted signal at the second antenna would be an AM signal modulated by the audio signal This effect can easily be seen with a number of tuned circuits and it's generaly called "microphonics".

In most cases the effect is very small. However one type of tuned circuit is fairly easily made very very sensitive to this effect and it is a modified form of "cavity resonator" where the cavity is in effect a coaxial transmission line that is "capacitivly shortened" with the central post of the inner conductor brought very close to one end of the cavity, which is made of incredibly thin foil and thus looks in many respects like the diaphram of a modern electret microphone the actual technique used in the bug was "parametric amplification" and the re-radiated signal was on a different frequency to the exitation frequency which made it considerably more sensitive in use, and nearly invisable to conventional bug detectors, however explaining that takes a big chunk of math.

Now the resonant frequency of any line can be altered by changing it's capacitance or inductance and this can be easily achived by many techniques such as changing it's terminating impedence. Which happens as a byproduct of active component drivers when they change state from one output level to another. Back in the 's I used this to EM probe "electronic wallets" and "pocket gambling machines" and shoued how it could be used to illicit information from within a cased device.

This was getting on for two degades before the "poor man's" version DPA became news. I emailed several researchers looking into "smart card security" about not just how an EM signal gets modulated by the signal level on the PCB traces but also how yoou could use it in reverse to inject fault signals. The only person who thought about it seriously was Ross J. Anderson of at Cambridge Labs who also passed me the details of another researcher who was using micro-inductors to induce pulses of current into IC's to enumerate fault charecteristics.

Ross or some of his students did some further research with PC keyboard cables that you can read about in his security engineering book a recomended read especialy as you can download it legaly.

The advantage of these passive bugs is they don't contain active electronics so don't have non-linear devices in them which would show up on "non-linear junction detector" bug finders, likewise they don't have DC resistance so don't show up on passive testing nor do they have "hot spot" sctive devices which would show up on thermal imagers. Likewise as mentioned earlier they don't show up to "active sweep" bug finders and although visable to a GDO carefull design would make them look like just "pasive resonators" which most lengths of wire etc are anyway.

Just recently I've been looking at "dual energisation" of such devices with not just EM radiation but ultrasonic radiation as well. Put simply you design the "capacitor diaphram" in such a way that it has to be "acosticaly biased to overcome it's hysterisis. Basicaly unless you have a strong ultrasonic bias signal the diaphram will not respond to "room audio" thus even if illuminated by the right EM signal audio will still not be transmitted unless the correct ultrusonic signal is there as well to cause the diaphram to resonate and be "phase modulated" by the room audio I know next to nothing about cryptography, however I watched a video about homomorphic encryption and I am sort of wondering, perhaps foolishly:.

This is very unclear to me so don't be surprised if this doesn't make sense. Bruce, I think you need to get a surge arrestor. Your electric supply is likely very noisy and spikes are killing your equipment. Get a 'multiplug with built-in surge arrestor' the next time you visit your computer shop!

In the case of the NSA no I think in many respects they are actually behind two or three of the other 5eyes countries, who in turn are trailing behind comercial organisations these days. It discorages the creative types from working there. A long time in the past it was the only place doing certain kinds of research and thus it had some "draw".

However due to budgeting reasons imposed from the politicos the agencies encoraged the brighter thinkers to "go out on their own" based on the idea that the agencies would be "the customer".

We saw this with early Super Computers and Storage Systems. The model now appears to be "venture capital" mainly given to those who have never worked in these agencies. The NSA in recent times certainly appear to suffer from "Texan disease" of "build the biggest in the world" which actually tends to stifle development in smaller commercial organisations, whilst the bigger commercial organisations can get away with the "one size fits all" mentality they rarely make anything other than incremental inovation.

A posting in the past day or so about Russia amused me, they were and still are significantly "resource limited" so they are forced to squease the max out of older technology, the same applies to other 5eyes intel organisations, Thus the resource squeasing in these organisations, means they have to innovate to keep up. Thus it is more than likely the technical inovation leads are not the NSA they just provide industrial muscle and finance.

We certainly new this was true thirty or more years ago due to "secret papers" that get de-classified every year. It turns out that as time goes on certainly for NSA staffers they are getting less and less incentive to work there health benifits and pension being about it according to some commentators.

Thus the "brain drain" that industry now offers gives the greatest lure for the brighter talent. Plus the NSA staffers are seeing more and more of the internal work which has industry value getting out sourced to the likes of Booz Hamilton etc who work to SLA, so many new projects end up on open source technology etc.

So the staffers increasingly feel that they are stuck on a slowly sinking ship where the bridge officers keep heading for "stormy waters" throwing out "town hall letters" about fair weather over the horizon that the brighter staffers know is at best usless platitudes pushed out to try to stop even the dimest rats jumping ship Which is what makes it useful to scoundrels. It's a sort of get-out-of-the-Bill-of-Rights-and-avoid-public-accountability free card. It has a long history of abuse. When you are in a state of war without end aka the war on terrorism , the card is in permanent play.

While I do not understand much of the surveillance tech discussed though I did rightly guess it goes back to the Russian tech discovered in the US Seal in the Moscow embassy There definitely is and will be zero day in any major smart phone, at any given time, available to the government and off the grid. There is a large code base which is poorly secured, and so there are many places where fault can be found.

Even what code is Apple, there remains third party code. And then, because the government is on the wire upstream, they can gather user information and passwords from that.

Router security is another big one in these disclosures. Wifi security remains dismal, as does wired router security. Generally, there are default passwords, as well as serious security bugs. And even if that were not enough routers tend to be bought by companies with no questions asked.

On top of the fact that most security devices do not know what to look for, and brute forcing routers is activity which will tend to be easy to do and go unnoticed. This is not news, as Snowden revealed the US had compromised China routers earlier in the year, and it is safe to assume they have been working hard on rootkit level trojans on these devices.

The US paranoia about Chinese devices being hacked is a tell. We can assume their paranoia was in no small part because they themselves were doing it, so of course, the Chinese must be doing it. Unfortunately, there is also the issue of intentional vulnerabilities As it stands in the industry Criminals, thankfully, have not much started to use these vectors, though this is just a matter of time.

This disclosure was more of a geek fest. It is hard to say this technology is immoral, and I think people should consider individuals like Skeptical as good counterpoints to thinking on these subjects.

I see a lot of agreement that secret surveillance can undermine democracies, which is my primary concern on these matters Further, that they are impassioned by false motivations, eg, "war with ends" terrorism, drugs. I do believe there are cases where spying can be useful. But by and large if you want to know what a politician may or may not do, you can get the best read from what they say in public and analyzing their situations So, the economist is likely to have better intel then the NSA.

What people say in private tends to be crap. It is what they say in public that they will feel a need to stand up to. US, European Politicians are surely hampered in their decisions when dealing with such sinister organizations even if they are not themselves being blackmailed.

Which, by history, they probably are. Nobody caught Hoover doing what he did when he did it. And he wiretapped and blackmailed everyone [senators, presidents, civil rights leaders, alike].

To this day you can find apologists for the man who buy into his supposed patriotism. A painfully transparent guise for his obvious power hungry desires. Very likely these governments are profiting from this industry. The visible intel leaders clearly are -- they are as brash as the most hardened of whores.

They take no pains to show they are in bed with defense contractors whom public record shows benefited substantially from their policies. How much more so then must be hidden? Are they going so far as to encourage disaster so as to profit from it? They are clearly profiting from disaster indirectly. Like the war profiteers of the second world war.

The days of the ex-deadhead dreamer graduating MIT and taking a nice gub'mint job to "change the world" are dead. So Dell makes, what 10k, k, 1M servers a year?

Should we expect that all are backdoored? Even if Dell makes only 10k a year, to implant all servers is probably not possible adn makes no sense at all. The real story seems to be how NSA selects the targets. In my opinion Appelbaum is kinda weak. Enyway it is not hard to make your own. COTS hardware is available. Clive Robinson, In the case of the NSA no I think in many respects they are actually behind two or three of the other 5eyes countries, who in turn are trailing behind comercial organisations these days.

In my view, NSA is a consumer of some products that come out of those organizations, and is not a producer of "Technology" -- If my understanding is correct. There's actually no extra work required. Dell has a checklist of stuff they do to PC's they build. One might be installing BIOS. It was in my big paper list for solving our problems. One of only two focusing on firmware. If there's an issue with it please do elaborate so I can make a record of it next to the paper for future releases.

In a ponzi scheme, early adopters can only profit at the expense of late adopters, and the late adopters always lose. Bitcoin has an expected win-win outcome. Early and present adopters profit from the rise in value as Bitcoins become better understood and in turn demanded by the public at large.

All adopters benefit from the usefulness of a reliable and widely-accepted decentralized peer-to-peer currency. That's the official defense of it not being a Ponzi scheme. Kind of weak compared to others' arguments:. The easiest test of a system is to look at its results.

In a financial system, the wealth distribution will tell you who benefits most from it. So, let's apply that test to Bitcoin and see what Bitcoin's distribution looks like:. That means Bitcoin is provably rigged to provide a huge benefit to earliest adopters at expense of everyone else. And if Bitcoin could be instantly cashed out en masse, the result: I think it's one of the top 10 most brilliant financial schemes since the Federal Reserve Act of The one thing they have in common is that, by design, those who start the system get a huge chunk of the wealth without doing any real work for it.

Since the inverse of an inverse is the original element, and the product of an element's inverse and the element is the identity, we are left with. This shows only that a correctly signed message will verify correctly; many other properties [ which? This allowed hackers to recover private keys giving them same control over bitcoin transactions as legitimate keys' owners had, using the same exploit that was used to reveal the PS3 signing key on some Android app implementations, which use Java and rely on ECDSA to authenticate transactions.

Both of those concerns are summarized in libssh curve introduction. From Wikipedia, the free encyclopedia. Retrieved February 24, Retrieved 22 April New key type ed and private key format".

History of cryptography Cryptanalysis Outline of cryptography. Symmetric-key algorithm Block cipher Stream cipher Public-key cryptography Cryptographic hash function Message authentication code Random numbers Steganography Crypto-shredding.


4.8 stars, based on 297 comments
Site Map