* Posts by doronron

31 publicly visible posts • joined 10 Oct 2013

Quantum crypto pitches for data centre links

doronron

Don't forget one-time-pads are secure

If you really want something secure, generate your own one-time-pad (OTP) by sampling signal noise, and install it at either end in person, and use that for encryption. You then don't need to run multiple rounds, simply Xor the garbage-like key onto the data to make random garbage.

The important thing is to make the key bigger than all the data for the next few years, and to never use the same part of the key twice, so that it never repeats.

[If that is not possible, then you can make an initial key, validate decrypted messages and then send updates to the OTP over the, now, secure link.]

This is an engineering not a crypto solution, it does no rely on the strength of a crypto algorithim and does not become more breakable as the power of computers increase. It is insanely fast, and easy to implement.

So, regardless of what other crypto solutions are used on the network, if you are dealing with trusted-end to trusted-end communications, add the extra OTP layer onto it.

So for example, if there is an internal Parliament communication system between Parliament and UK Cabinet, then that data can be seen by GCHQ and in turn the NSA/CIA/Obama etc. If you were the tech in charge of that link, you could easily add the extra layer of OTP security to that to protect it. Then if it turns out the 'crypto' algo has been backdoored, the link is still secure.

The only way is Office: UK Parliament to migrate to Microsoft cloud

doronron

To sum up

Obama gets most of his morning digest from the PRISM program.

NSA leaks show it has a secret policy of keeping UK information even despite the no-spy gentlemans agreement.

Snowden leaks show Britain allowed it to keep email data on Brits.

Merkel/Sarkozy leaks shows they spy on politicians.

Snowden interview shows they use data to leverage control of political and economic figures.

Despite this, they're migrating to a US controlled cloud. That will mean that Obama can monitor policies at the fledgling stage, before they're discussed, before they're voted on, and work to eliminate those at an early stage, or work to marginalize any politician with policies he doesn't like.

The job of securing British political emails, and protect them from foreign spies is GCHQs. Are they really so broken and 'turned' that they permitted this cloud move???

Really?

What next? US based cloud voting?

You THINK you're watching your LG smart TV - but IT's WATCHING YOU, baby

doronron

Re: Linked to the TV Guarantee card

These TVs surf the net don't they? Does LG also get the internet surf data? Because that links to 'selectors' like email etc.

I see it sends the details of DNLA (media on your local network) played, and the details of of USB stick files played. So I bet they send stuff about the apps run, and internet surfed.

A person that would think its OK to spy on people, doesn't draw a line at how much data they grab. The 'grab it all'.

Supreme Court can't find barge pole long enough to touch NSA lawsuit

doronron

Putin of the NSA

If the Supreme Court doesn't have jurisdiction to decide what is constitutional then who does? General Alexander? Because that's whose in charge right now.

Web giants cry foul over US gov's refusal to budge on NSA spy gag orders

doronron

Lavabit keys

Lavabit was required to hand over the keys while they went after 1 account, Snowdens, and required to have a box on their network. The Judge was told the box would only record Snowdens account and everyone elses would be discarded, which might well be true....of the box.

i.e. Lavabit's transparency report would say "1 request about 1 account".

But the NSA has the backbone tapped, and it keeps all encrypted traffic for when it can get the keys. The NSA also is the technical center for this tapping. So it *would* get the keys.

So in reality, by giving them the keys, you gave them every past and present Lavabit users account. The box isn't needed because the backbone tap provides the data and they have all the encrypted emails on file.

So suppose the Fed did agree to release the warrants, there would be large blacked out bits to hide the key requests (Lavabit could hardly have been the first, they have the boxes already, so there must be a system of grabbing the keys for these boxes and many boxes on many US networks).

So the release would shed more light on this practice, which is enlightening for the judges I think, because I suspect they've been duped as to the 'narrow' nature of these taps. As well as enlightening Congress and Senate.

Europe, SAVE US! Patriot Act author begs for help to curb NSA spying

doronron

William Hague admits Parliament & Ministers kept in dark

In case you missed it, William Hague did an attack on the press a couple of days ago. One of the things he admitted was that Ministers and Parliament were kept in the dark about GCHQs surveillance programs, (even as they were debating the Snoopers Charter).

http://www.theguardian.com/media/2013/nov/10/guardian-nsa-revelations-edward-snowden?CMP=twt_gu

"Hague defended the fact that the full scope of surveillance by GCHQ was not discussed at the national security council or the cabinet. Last month, Chris Huhne used a Guardian article to complain that both bodies were kept in a state of "utter ignorance" about the programmes subsequently publicised by the Guardian,"

" "That is the political and legal framework in which these decisions about intelligence are made. Are they made in much larger groups? Well, no they're not. That's because so much of what we do has to be so secret."

So while Theresa May was telling Parliament that Snoopers Charter was needed because GCHQ needed the metadata, nobody was telling them that GCHQ was already capturing EVERYTHING and most of it on Brits.

You may think your viewing of this article from Britain to elReg in Britain is not spied upon by GCHQ, but look again and you'll see most of the page dressing comes from US servers and hence your viewing of this page and all the identity info it contains, has been logged by GCHQ in direct violation of the law.

Imagine if GCHQ monitored your newspaper viewing to check you didn't hold 'terrorist views' by viewing 'unapproved newspapers' and that is EXACTLY what they are doing by monitoring readers of the Guardian, the BBC or elReg.

William Hague tries to shut down the press, because they told Parliament what he'd done. He's actually defended deception of Parliament.

This link is Theresa May, back before the Snowden leaks:

http://news.sky.com/story/1095766/theresa-may-backs-snoopers-charter-powers

" Speaking on the BBC's Andrew Marr Show, she said: "I've always been clear that access to communications data is essential for the law enforcement agencies and intelligence agencies."

"There is a reducing capability in relation to access to communications data and as far as I'm concerned I think this is a very important thing we need to ensure we are giving our law enforcement agencies and intelligence agencies access to the tools that they need to fight crime, paedophiles and terrorists."

See? SHE'S KNOWS ABOUT TEMPORA AND PRISM, BUT SHE LIES ABOUT GCHQ'S NEED OF THE LAW.

GCHQ doesn't need the laws to spy on Brits, it's needs the laws to MAKE THEIR SPYING LEGAL.

Now Theresa May is attempting to get the right to strip suspects of citizenship. Letting her police accuse *anyone* of terrorism, and being able to simply banish them from the UK. They don't need evidence enough to prosecute them, only a claim is needed, and so any Brit can be banishes this way.

This is a person WHO DECEIVED PARLIAMENT trying to get the power to strip people of their citizenship based on nothing but a claim of 'suspect'.

Lavabit, secure email? Hardly, says infosec wizard Moxie Marlinspike

doronron

Re: This Annoyed the Hell out of Me

Today its fixed, all 301 and 302's have gone completely from Tamperdata logs.

I can browse Google in https, Wikipedia in https, DuckDuckgo in https all without the endless redirecting to 'special servers' that are overloaded. Without the redirection https is practically as fast as http.

Hoorah!

I don't think its the certificates that are fake, what I'm going to do is write some software to track DNS changes and secure sites that start throwing up 301s and other redirects when they previously didn't.

doronron

Re: This Annoyed the Hell out of Me

Yep, reset the DSL to force a new IP, clear the cache, and repeating the test, I don't get the 301 redirect but I still get the 302. Google.co.uk is now fast again.

Commentard or terrorist?, you say po-ta-to, and I say pot-a-to!

Now that I've visited elReg again, I'll give it a few minutes to see if the 301 comes back. This could be the flying pig leak we heard about. That's supposed to be a redirect injected into the connection, i.e. likely a 301 response.

http://www.scribd.com/doc/166822246/flying-pig-motivations

After a few minutes, I still don't see the 301 only the 302 and Google uk now shows its home page in 100458 ms, i.e. 100 seconds to bring up the Google homepage.

12:38:10.486[99886ms][total 100458ms] Status: 200[OK]

GET https://www.google.co.uk/?q=chocolate Load Flags[LOAD_DOCUMENT_URI LOAD_REPLACE

Seems having an opinion is terrorism now? Or did the spooks misunderstand a 'death by chocolate' ad and are grabbing all searched for 'chocolate'?

doronron

Re: This Annoyed the Hell out of Me

I have an oddity now with certs. All certificates are coming in incredibly slow.... like 30-40 seconds to get a reply from ocsp server, often timing out the connection. Secure sights are slowed way down too.

For example, google.co.uk takes 21.6 seconds to respond on https. While on http is reponds immediately, with a 'moved permanently' followed by a temporary moved totally about 4 seconds. This is not Google, google respond in milliseconds, this is something else.

I suspect shenanigans, but then I have been complaining about GCHQ, so its to be expected.

11:44:23.231[21650ms][total 21650ms] Status: 200[OK]

GET https://www.google.co.uk/?q=chocolate Load Flags[LOAD_DOCUMENT_URI LOAD_REPLACE LOAD_INITIAL_DOCUMENT_URI ] Content Size[-1] Mime Type[text/html]

Request Headers:

Host[www.google.co.uk]

[snipped]

**************On http: a 301

11:46:52.462[173ms][total 173ms] Status: 301[Moved Permanently]

GET http://google.co.uk/?q=chocolate Load Flags[LOAD_DOCUMENT_URI LOAD_INITIAL_DOCUMENT_URI ] Content Size[233] Mime Type[text/html]

Request Headers:

Host[google.co.uk]

User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20100101 Firefox/21.0]

Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]

Accept-Language[en-US,en;q=0.5]

Accept-Encoding[gzip, deflate]

DNT[1]

Cookie[[snip]

****************Then a very slow 302, follow eventually by a Google page

11:46:52.853[236ms][total 4587ms] Status: 200[OK]

GET https://www.google.co.uk/?q=chocolate Load Flags[LOAD_DOCUMENT_URI LOAD_REPLACE LOAD_INITIAL_DOCUMENT_URI ] Content Size[-1] Mime Type[text/html]

Request Headers:

Host[www.google.co.uk]

User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20100101 Firefox/21.0]

Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]

Accept-Language[en-US,en;q=0.5]

Accept-Encoding[gzip, deflate]

DNT[1]

The TRUTH behind Microsoft Azure's global cloud mega-cock-up

doronron

Re: GM Foods

They issue the recall, the GM crop just continues to produce seeds regardless. It's almost as if the duplication mechanism doesn't care about the recall notice.

You can't stop invasive plants spreading across Britain, so you can't stop invasive GM plants either.

"GMO are much more regulated that software"

Create a law making it illegal for invasive species to spread across Britain, does it work? Of course not, they're just words if there's no way to enforce those words.

doronron

GM Foods

Be thankful.

If this was a genetically modified food rollout, they wouldn't be able to do a recall, and it would self replicate.

You may make bugs and failures in software and hardware but at least you can do product recalls and upgrades.

Asparagus apocalypse is real and it's coming to a farm near you!

Privacy warriors haul NSA into court, demand swift end to mass call snooping

doronron

Re: Can we haul GCHQ into court?

"Just think how much dirt these intelligence services have"

I watched that Spy chiefs appearance testifying to Rifkin (who is like the British Diane Feinstein), and it was like Gerry Anderson was back from the grave and Silvia Anderson had made the costumes.

Heaven forbit they should get a f**ing warrant to spy on Brits, instead of claiming there are thousands of domestic extremists in the UK, when Rifkin only a few months ago said there were only 200 or so Brits being spied on. They can't even get their story straight.

doronron

Can we haul GCHQ into court?

They're spying on Brits for the CIA, when they are supposed to be spying on the CIA for Brits.

And can we sue ministers and Parker too?

Because they're mincing around like the CIA is operating them like puppets.

Are they compromised? Has the CIA got something on them? Because they're talking a load of b*ll*cks when justifying traitorous behaviour.

Watch out spooks: STANDARDS GROUPS are COMING AFTER YOU

doronron

Re: The problem with email encryption

I don't like PGP, its the wrong choices, it's gotten bogged down in key-revoke and proving federated identity. It bites off more than it can deliver to a non-expert user. A non expert user just wants to send a message and expects it to be private. That can be delivered easily.

The 'from' and 'to' would be fixed if you encrypted traffic from Domain1 to Domain2, the spies would only know that *someone* in Domain1 is talking to *someone* in domain 2. They would not get to see *who*, only domain1 and domain2 would know who they route to internally.

i.e. it would restore the freedom of association. It is not necessary to fix this problem in the email end to end part since you trust your email provider to *route* the message, even if you don't want them to *read* the message..

Email encryption would fix the content, and domain to domain encryption would limit the routing from outside inspection.

The subject line should be swapped for a coded one and moved into the encrypted body of the message. Currently its in the header.

Tor is pointless, the exit nodes can be intercepted.

This is quite trivial to deliver but porting the encryption code to Thunderbird might be tricky.

doronron

Pick 3 encryption schemes

Pick 3 public key encryption schemes.

Pick a USA public key encryption, a Russian public key encryption and a Chinese public key encryption. We don't know if they are backdoored, but we do know they don't cooperate and thus a message encrypted with all 3 schemes isn't backdoored.

Put the public keys for these in the DNS server as TXT records.

Every browser should keep a key-chain for every site they visit, and if they visit a site and its public keys are changed, the user should be warned of possible man in the middle attack.

When sending any request to these servers, use the public key in the DNS together with 3 return keys for the return leg.

To man-in-the-middle this scheme, you need to intercept all DNS requests everytime, right from day one, and do a key swap 100% of the time. To defeat such a man-in-the-middle attack, you need simply send the keys via a different route. So this is next to impossible to intercept on a mass scale and easy to detect and defeat.

EMAIL

Send out the 3 public keys in the header of every email to everyone.

When your email client receives an email with these keys, it then always uses these keys to encrypt messages to that email address.

If you receive an email with different keys, then the user is notified of a possible MITM attack, and can take steps to verify the key change, or simply treat the message as identity theft.

To attack this scheme, you have to swap/or strip all keys all the time, right from day 1.

To fix the attack, simply send the keys via a different route.

Thus we should be able to protect journalism, political activism, protest, voters, innocent people, etc. from mass surveillance, of course terrorists and criminals will still be bugged, but it will stop the massive warrantless fishing that's been going on.

Notice that it doesn't get bogged down in 'proving identity', this is unnecessary, you don't do this now with ordinary email.

How do you change keys? You convince the receiver you are the genuine Bob Simpkins exactly as you do now when you email someone. If they believe you, they can accept the key, or not. Just as they accept your email or not as from you now.

It just eliminates Big Brother from watching.

AT&T turns spying on customers for CIA into cash waterfall – report

doronron

What about free VOIP?

Free VOIP anyone? How many free VOIP and messenger services are there that have no income, and yet can pay the ISP bills.

I read Viber was suspected of being a surveillance app, but they're hardly the only company that collect information without a business model to pay for their servers.

Kwack for [Talmon Marco viber CIO] to see what I mean.

Berners-Lee: 'Appalling and foolish' NSA spying HELPS CRIMINALS

doronron

It's not a negotiation

It's not a negotiation!

It's not that we discuss this 'right to privacy/right to judicial process', thing with the spooks and agree some sort of compromise that they're prepared to offer as a concession.

No, they need to get back within the law and the limits of democracy. They're not the boss in a democracy, the voters are the boss. If they want their way, go stand for election and see if you can get people to vote for you.

It's no good trying to shut down discussion by claiming we're terrorists.

It's no good trying to shut down discussion by suggesting we're pedos.

The mere fact the spooks are trying to attack the press and shut down discussion shows we are not a democracy.

Because you GCHQ lot, discussed stuff with the US NSA that you hid from Parliament and Ministers, it shows we are not a democracy. It shows you are traitors to your f**ing country.

How Google paved the way for NSA's intercepts - just as The Register predicted 9 years ago

doronron

Unified Privacy Policy

The point I started to eliminate Google was when they unified their privacy policy, which lets them match your web visits (from Google Analytics and Google adverts) to your searches, to your Android device, to your location, to your identity, to the YouTube videos you watch, even to the telephone number you give in case you lose the account login*

ALSO BE CAREFUL IF YOU USE CLOUD PRINT.

Those documents you print go through Google servers and hence through NSA data captures. If you print commercially sensitive data using Cloud print, business emails, identity document copies, political campaign leaflets, medical or financial documents, any customer data, or any other document of interest to a spying agency, then you are exposing that data to the NSA by using Cloud Print.

To get an idea of how unique your browser is, visit Panopticlick (link below), my browser is unique to 1 in 3.5 million, together with the IP address, it's totally unique. Google has this data now and the policy change gave them permission to make that link between all their sites.

https://panopticlick.eff.org/

For me, Gmail is gone, replaced by Yandex. Google has gone, replaced by DuckDuckgo (and waiting for a non-US search alternative). Android will be gone soon, replaced by a generic (non Google'ified) Android generic.

I am sympathetic a little for the NSA thing, but Google assembled this data for themselves, so of course others would grab it. They should not have assembled it, they should not have been allowed to assemble it.

* [Added] Oh I haven't even got the association data yet. By analyzing your location metadata, who you associate with, where you shop, political affiliations, who you sleep with and so on. NSA of course grabs that same data.

Furious Google techie on NSA snooping: 'F*CK THESE GUYS'

doronron

Re: Mindboggling

You're joking right? They get $10 billion a year in funding, they have 4 major data centers, soon to be 5. The 5th alone likely has Gigabytes of data on everyone. Nothing to do with terrorism (only a $20 million program) nothing to do with catching pedos ($0 budget for that), just the usual spying on foreign powers an attempting to bend their political machines to US interests.

Which apparently is where we are at in the UK.

What upsets Google is that the FISA court wouldn't grant the spooks permission to tap their network, so they tapped it off-shore, and with the help of GCHQ. Claiming that FISA court didn't have jurisdiction so it doesn't need to ask. So spooks claim that no court has jurisdiction over them for that surveillance.

So where the (blank) is the judicial checks on any of that? Because that's mostly US data in those wires. Also what the (blank) did GCHQ think they were doing? UK data is in those wires too, since when has it been OK to spy on Britain for a foreign power?

Cyber dragnet: Five new HACKERS join FBI's 'most wanted' list

doronron

Irony

“The FBI will not stand by and watch our cyber adversaries attack our networks; we will track down and arrest individuals who have made it their mission to spy on and steal from our nation and citizens,” cyber crime branch assistant director Richard McFeely said in a statement.

No irony at all there. I wonder if he'll help them track down the Belgacom hackers, or the Vodafone Greece hackers?

Antivirus bods grilled: Do YOU turn a blind eye to government spyware?

doronron

Sophos OWNs Utimaco software

Wikileaks is your friend, their Spyfiles project shows who sells what surveillance kit that we know of:

http://wikileaks.org/spyfiles/

And Sophos has companies in that market,

http://wikileaks.org/spyfiles/files/0/54_200906-ISS-PRG-UTIMACO2.pdf

Sophos sell Government interception and data logging software courtesy of their Utimaco subsidiary, which is quoted in Germany.

I view this as a conflict of interest, so I don't trust them. But until I get rid of Windows on the next upgrade, I tolerate companies like this.

[Added]

Take a look at Glimmerglass, they make an automatic mirror tap for fibre optic cable intercepts under the sea (with a nice picture showing the data going into the NSA).

http://wikileaks.org/spyfiles/files/0/274_GLIMMERGLASS-AVIATIONWEEK-201004.pdf

John Kerry bombshell: 'Yes, the NSA... reached TOO FAR, inappropriately'

doronron

Re: Translation

It's the last one.

He does know if innocent people are abused, that *was* for the court to protect against, he *Kerry* is not in the loop. He doesn't review the queries, he doesn't know the targets, he knows what he's been told, and most of them learn more from the leaks than the official version they are told.

William Hague did the same thing, claiming they were fine honorable men. He's never met them, there's hundreds/thousands of them, half are American. He cannot vouch for people he doesn't know and he isn't in a position to vet the 40,000 selectors he's been told about let alone all the future ones run against the data he's authorizing, and secret ones he doesn't know about.

He simply wanted to do a stock speech hoping to kill discussion early on, by his "ordinary citizens going about their business" payload. A veiled threat that if you stand up and criticize then you will be spied on.

Rifkin did the same mistake, he said he's seen the list of people spied on and it was OK. Yet the data retained for 6 years by the US runs into the future, how could he have seen the list of who they'll be spying on 6 years from now? And of course he also assumes they're telling him the truth, even as they're lying to others. Even GCHQ's copy runs into the future, I bet it's 3-6 months of data by now, the leaks are quite old.

Interesting to see, they're forced to admit there is a problem, yet they won't fix it.

Lavabit, Silent Circle form Dark Mail Alliance to destroy email snooping

doronron

How to fix email

That's a pretty poor choice of name 'dark'? They should call themselves 'privacy shield alliance', since privacy is a fundamental human right that's been removed illegally.

It's quite straight forward to secure email, Thunderbird supports TLS, TLS is only broken a little.

The NSA leaks show they substitute their own certificates to hack TLS (=HTTPS)

or

They have a lot of private keys in Bullrun which they likely get from court orders like the Lavabit ones, where the judge orders the keys to be handed over for a limited intercept, and actually it's just stuck in the big database and used to decrypt all previous traffic they stored and all future traffic.

So the fix is a certificate authority that issues certs on nothing but an email address, and a modification to Thunderbird to automatically sign users up for a cert when they add any account.

Thunderbird should also have it's certificates stripped of all NSA domain CAs, since they are inherently untrustable, and the final mod should be to warn users whenever the fingerprint of the certificate changes for a given email address. Which would indicate a possible man-in-the-middle attack.

The certificate should be hosted in a location that has strong legal protections and not puppet democracy (i.e. not US/UK/NZ/AUS/CAN).

I'd also like to see 3 or 4 layers of certificate encryption, so we can encrypt with a Russian/Chinese/American/German key and to decrypt you'd have to fake all the certificates.

---

To go the next step is also easy, you don't really need the CA. SSH for example exchanges a public key certificate, you accept it the first time, and it works from then on. To man-in-the-middle these exchanges, you would have to catch 100% of these, every-time, all the time. Even then I can simply put the cert on a USB key and bypass the hack.

These are all really easy things to do and would eliminate the problem the CA offers with its weak link.

The first email would send the public key, all later traffic would be encrypted to any address you have the public key. You don't know 'bob' is 'bob simkins of 123 highstreet', but you don't need to since you don't know that now when you send email. The conversation though is encrypted.

----

I see the latest talking points across the boards is "the NSA is too big to defeat, just accept your new masters the Generals", but that's not really true.

That latest reacharound the FISA court, by tapping Google's internal networks because the FISA court won't issue the order under PRISM. It would be trivial/ultra-fast for Google to encrypt those links with a huge private key even.

What's the first Kinetic Ethernet hard drive? Psst, it's the 4TB Terascale

doronron

So an enclosure is 2,400TB, say 20 isles of 20 enclosures, so nearly a million TB of data, or 1 exabyte.

That's 1GB of data on each of 1 billion people, just for the NSA's Utah datacenter and there's 4 others.

"Metadata only" my ass.

Let police track you through your mobe - it's for your OWN GOOD

doronron

Re: Sensible approach or is it?

So you want your location sent when you make a 999 call, in case you don't know it and are outside in the middle of nowhere.

"I'm all for protecting privacy,"

Good, so what protections are you proposing for when your NOT making a 999 call?

Or *don't* want the location sent?

Or are just wandering around and thus free to associate with people without being tracked?

Or are a whistleblower revealing law breaking by a military agency on a power grab?

Or just bob, who doesn't think his pub crawl is any of the governments business?

I don't quite get why you have a smartphone and can pull up a map, but don't know here you are?? Or can't tell them your gps location. Or can't simply install one of the apps that sends your location. But I'll play along.

"This is not the same as the government collecting information on all of your phone calls, who to and at what time to see if you are a bad person..."

Well there's the elephant in the room. NSA & GCHQ collect metadata, it includes tower and signal strength (i.e. location to about 60 metres). Yet its not legal, Snoopers Charter was not passed. So *laws* alone won't protect that data.

So what *technical* measures do you propose to protect that 999 location, data?

And what crimes do you propose if they defeat those technical measures?

I still don't get it, why can't you just use one of the many GPS apps that sends your location? They also interpolate from the tower data too you know? They even interpolate it from wifi to a very high accuracy.

"Please take off the tin foil hats guys."

If Snowden is reality I wonder what a tin-foil hat person is now? Patronising remark aside, Snowden did have to put his phone in the fridge.

Snowden: NSA whacks US in the WALLET, slurps millions of contacts books

doronron

Thanks NSA, you're smashing

I for one like to buy American made kit. I find comfort in the NSA checking my router configuration for attacks from terrorists.

I think it's good that my business data is stored on US servers with hidden logins, finally, someone takes an interest in my powerpoint presentation!

I like that they vet my girlfriends, and take an interest in my life. I don't bother to reading all my email, but NSA spends more time doing that. That's the benefit of US cloud services!

Somebody cares to check my Google searches for terrorist tendencies? Terrific, my terrorist tendencies need to checked for. Can they also check my doctors report too?

My mother didn't download those photos I sent her, but the NSA did and took enough trouble to run face matching software on them. They care more than my own mother.

Look, any agency that can turn MI5 and GCHQ against Brits is one hell of a good agency. It must have been their overwhelming goodness that convinced Parker to defend spying on Brits for a foreign power.

What I think we need is a little light, it lights green if the NSA approves and red if the NSA doesn't approve. Then we go through life, voting, eating, shagging, speaking and always checking the light to make sure we're good citizens. No saying the wrong thing, or searching for bad stuff, voting the wrong candidate, shagging the bad girl.

Control panel backdoor found in D-Link home routers

doronron

Found in 2010, Backward "Edit by 04882 Joel Backdoor"

Well its clearly a malicious backdoor, "Joel" even calls it a backdoor.

http://forum.codenet.ru/q58748/

It seems to have been known/exploitable since 2010. At this point a full recall of D-Link kit and a lawsuit are required.

xmlset_roodkcableoj28840ybtide backwards is:

editby04882joelbackdoor_teslmx

ECHR rejects free speech plea over offensive online comments

doronron

A few points

ECHR isn't the EU. It's the court of human rights, that can only rule if its a violation of human rights. So it's not a violation of his human right to prosecute him for libel.

"EU Directive 2000/31/EC on Electronic Commerce".

Comes under the European Court of Justice. Confusing I know. But this ruling doesn't change anything. It simply says this directive doesn't rise to the level of defining a human right.

Commentards are what's left of the the free press these days. elReg is kinda meek without us, but we're worth supporting. Watch for the 'IMHO' in my posts moderator. I'm flagging it as a personal opinion of mine (followed by the reasoning) and not a definitive truth of elReg.

I wouldn't worry about the current attacks on the free press.

MI5 chief is likely IMHO worried about what they'll leak about himself. That Belgacom hack for example, that's a 6 year stretch for whoever was involved. There may be many such crimes hiding in the Snowden files.

IMHO Theresa May lied or withheld details from the Cabinet, because we learned that the Cabinet weren't told about Tempora on Monday's leak. Even though they were discussion Snoopers Charter, the law by which it would be made legal! So maybe she discussed it pretending it wasn't already happening, or maybe she avoiding telling them, but she has something bad to hide there.

Various Generals attacking free speech. Ah military men in costume with their shiny medals. "Look at me, I have a shiny medal, so shut up and only report what I say or I'll shoot you with my gun" they all say.

[Next time you see a General on the news attacking the free press, notice he will be in costume]

NSA tactics no better than a CYBERCRIME GANG, says infosec'er

doronron

Dear GCHQ

IMP 2009 *never* made it into law. Your legal basis for mass surveillance was NOT passed by Parliament. Snoopers charter, the latest version *never* had enough support and was NEVER made law.

Here's the Queens speech from May this year:

"The government is committed to ensuring that law enforcement and INTELLIGENCE AGENCIES have the powers they need to protect the public and ensure national security."

"These agencies use communications data – the who, when, where and how of a communication, BUT NOT ITS CONTENT – to investigate and prosecute serious crimes."

So at best Snoopers Charter was the be resurrected and you would get meta-data but not content IF Parliament passed it.

The current claim to legality is a fraud, that even Cameron doesn't believe, hence the need to resurrect the snoopers charter.

This is the law of the land as it stands today. So what the f*** are you doing spying on Brits? not just meta-data but also content? Britain is ruled by Parliament not the MI5 Chief and his American astroturfer support. You are outside British law and you are undermining the democracy.

So NSA feeds you some tidbits and in exchange you spy on Brits for them. Do you lot in GCHQ realize that the 'national' in 'national security' means Britain? You are supposed to protect us from NSA spying too FFS, not help them. We don't have a vote in the USA. No surveillance without representation!

HP: Classic storage? Nah. They'll eat glommed store+serve gloop in '14

doronron
Linux

26% drop in sales?

http://www.theregister.co.uk/2013/07/11/hp_prepping_fix_for_latest_storage_vuln/

"HP admits to backdoors in storage products"

It's a wonder their sales only dropped 26%.

PC sales continue meteoric death plunge through 3rd quarter, drop another 8.6 per cent

doronron

Re: The elephant in the room

The *other* elephant in the room is NSA PRISM program.

It showed Microsoft cooperating with NSA since 2007, tapping their online services, breaking their own encryption. Microsoft provides 0-day exploits to NSA, who use them in their Fox Acid malware servers to capture PCs.

I find it dumb/incompetent that Microsoft is focussing on Skype as their unique selling point, when surely that's the epitomy of spyware.

So yeh, they reap what they sow.