Suggested Reading:
Data and Goliath (Bruce Schneier)
the challenge we will be facing is to identify "back doors" and other illicit and disgusting trash that commercial and government interests will be targeting our Computer Systems with.
Microsoft Petitions U.S. Government for Surveillance Reform "ROF,LMAO": listen to the pot calling the kettle black!!
keeping Uncle Sam out of our Computer System
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
-
mike acker
- Level 7
- Posts: 1517
- Joined: Wed Jul 31, 2013 6:29 pm
- Location: Kalamazoo, MI
keeping Uncle Sam out of our Computer System
Last edited by LockBot on Wed Dec 07, 2022 4:01 am, edited 1 time in total.
Reason: Topic automatically closed 30 days after creation. New replies are no longer allowed.
Reason: Topic automatically closed 30 days after creation. New replies are no longer allowed.
¡Viva la Resistencia!
Re: keeping Uncle Sam out of our Computer System
As always, open source is your friend.
Netcat. An open source TCP/UDP read/writing utility that can also double as a port scanner and listener for detecting backdoor intrusions. It's GPL'd and completely legal to use (as long as you don't use it to compromise) and only use it to monitor your own systems.
It allows scripts too so you could knock up a utility in bash to listen on all your open ports and scan them every minute.
Netcat. An open source TCP/UDP read/writing utility that can also double as a port scanner and listener for detecting backdoor intrusions. It's GPL'd and completely legal to use (as long as you don't use it to compromise) and only use it to monitor your own systems.
It allows scripts too so you could knock up a utility in bash to listen on all your open ports and scan them every minute.
-
mike acker
- Level 7
- Posts: 1517
- Joined: Wed Jul 31, 2013 6:29 pm
- Location: Kalamazoo, MI
Re: keeping Uncle Sam out of our Computer System
increasingly, I'm afraid we need to guard against illicit hardware mods,-- where such mods are to be found in the hardware "firmware"var wrote:As always, open source is your friend.
{snip}
For example, I've seen a report regarding a USB stick that was modified to tell the O/S that "I'm a keyboard" -- and then it starts typing instructions. The O/S has to regard any USB device as a potential threat. worse of course is bad firmware manufactured into (e.g.) a hard-drive...
¡Viva la Resistencia!
-
mike acker
- Level 7
- Posts: 1517
- Joined: Wed Jul 31, 2013 6:29 pm
- Location: Kalamazoo, MI
Re: keeping Uncle Sam out of our Computer System
governments are going to attack security, -- hard!!
Suggested Reading: Article on ZD Net this morning / Charlie Osborne
by "terrorists" do they mean dissidents ?
at times, I suppose, but what's the mix on this ? I've been reading Bruce Schneier Data and Goliath. the key point he makes is: you either have secure systems or you have exploitable systems; and says in essence "we can't have it both ways": exploitable-- but by privileged parties.
this is a Timely Topic, "IMHO"
Suggested Reading: Article on ZD Net this morning / Charlie Osborne
by "terrorists" do they mean dissidents ?
at times, I suppose, but what's the mix on this ? I've been reading Bruce Schneier Data and Goliath. the key point he makes is: you either have secure systems or you have exploitable systems; and says in essence "we can't have it both ways": exploitable-- but by privileged parties.
this is a Timely Topic, "IMHO"
¡Viva la Resistencia!
-
mike acker
- Level 7
- Posts: 1517
- Joined: Wed Jul 31, 2013 6:29 pm
- Location: Kalamazoo, MI
Re: keeping Uncle Sam out of our Computer System
the intensity projected by governments against Freedom of Speech will know no limits
GitHub DDoS attack March, 2015
GitHub DDoS attack March, 2015
¡Viva la Resistencia!
Re: keeping Uncle Sam out of our Computer System
I think the problem is, computers were not designed to be used as a secure communication channel in a hostile environment. They were designed to compute, even if few of us do math with them nowadays. It's okay to use encryption to hide an extramarital affair, or maybe your medical records, but I would never use email or forums or whatever to, say, discuss a criminal plot with accomplices; that's just common sense. And if I, a peaceful citizen, know this stuff, I'm quite sure real criminals know that too, and certainly better than I do.
So why do governments spy on citizens and try to justify it on national security, or fighting terrorism, or whatever? Because they are quite powerless to stop anything, if shit has to happen, it will, no matter what; they just don't want people to notice, they want people to get the illusion that they have it under control. Take "security" at airports: does forcing poor travellers to surrender bottled water and nail clippers make flights safer? Unfortunately not, not if the very pilot turns out to be a madman, for instance.
So, we all have the same (very tiny) probability to be involved in an act of terrorism or in a major criminal attack, and on top of that we have the certainty to be bullied around and spied upon by the very people who are supposed to be protecting us.
Ok, rant mode off.
So why do governments spy on citizens and try to justify it on national security, or fighting terrorism, or whatever? Because they are quite powerless to stop anything, if shit has to happen, it will, no matter what; they just don't want people to notice, they want people to get the illusion that they have it under control. Take "security" at airports: does forcing poor travellers to surrender bottled water and nail clippers make flights safer? Unfortunately not, not if the very pilot turns out to be a madman, for instance.
So, we all have the same (very tiny) probability to be involved in an act of terrorism or in a major criminal attack, and on top of that we have the certainty to be bullied around and spied upon by the very people who are supposed to be protecting us.
Ok, rant mode off.
-
mike acker
- Level 7
- Posts: 1517
- Joined: Wed Jul 31, 2013 6:29 pm
- Location: Kalamazoo, MI
Re: keeping Uncle Sam out of our Computer System
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
="I think the problem is, computers were not designed to be
used as a secure communication channel in a hostile
environment. "
yes, and no
If you look at the 8088 and 8086 chips -- these operated
only in real mode; as such they could not provide privileged
operation exceptions or memory protection. These features
appeared in the 80386 and are the fundamentals of building
secured operating software.
Secure operating software builds on the privileged operation
protection and memory protection by adding a system of file
permissions. Linux is particularly good in this area --
having been developed from Unix -- which was developed to be
a secure system. Some other software -- not so good.
Once you have a secure operating system you are able to
protect your software from un-authorized modifications --
aka malware, and computer virus.
which brings us to the critical issue of the day, and that
is authentication.
it's all well and good to have a secure o/s but you also
need to authenticate messages where the term messages
includes software transmittals, eMail, and online filings
such as online shopping and forms 1040 used in tax returns.
Linux has brought us a long way toward the secured operating
software requirements. and even includes Public Key
Encryption -- in the form of the Gnu Privacy Guard for us.
the trouble now is that commercial interests and government
are loath to admit the need for public key encryption: they
HATE it. The hate the thought of it: it would obstruct
snooping in a serious way.
As I understand it, GPG version 2.1 will be supporting
[url=h tp://arstechnica.com/security/2013/10/a-relatively-eas - -to-understand-primer-on-elliptic-curve-cryptography/]
Eliptic Curve Encryption (click this link for primer )[/url]
. I notice that the Thunderbird eMail client v 1.8.1 is
now using GPG Version 2.0 -- and I think xneopeek figured to
use V 2.1 with the LMDE/2 system .
according to the article ( referenced above ) EC is much
much more difficult to crack than existing RSA or DH keys
based on prime numbers. We likely won't see much
difference at the dialog level -- just an option to use EC
key rather than RSA -- most likely, "IMHO".
if you think about this, Public Key Encryption is a solution
to Computing in a Compromised Environment. Given that in
a Compromised Environment all of our identifying data -- our
name, address, date of birth, Soc.Sec. Nr, financial history
- -- all of it -- has been acquired by hackers and is now for
sale on the DarkNet in places like "Superget" ( see essay by
Brian Krebs ) . In this Compromised Environment we all
need an identifier such that can be offered as
authentication in public -- but which cannot be cut and
pasted and put to improper use by grifters.
this is exactly what public key encryption does.
I can sign this message for you using GPG. and you can
verify the signature -- my public key is on the server --
but you cannot alter the message and have my signature still
validate -- nor can you cut and paste my signature onto
another message and have that validate.
and this is protected -- as long as the security of my
workstation is good.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (GNU/Linux)
iQEcBAEBAgAGBQJVHeAdAAoJEI+zAVMjpGDYEmUH/RoetmYkOA9Uczq4MsYU312q
wbOjxYCyimkWE9pV6+VDbZAdxL5mfn822wRLVlw1WhTl5q6ErdrVTmWhMZZSQO7G
9dBZqdMDS9bYMEh0Giq47TZUt0PS0P8OOv1g16VHUN7kgu0Awu5PgyG27uEZlSy+
OGBQQaq6JjqqMrovNqao4dHMn0bW/jc6KifrkYRXqdtISN3bGtEA+iaMuibrl+/E
c/d2KZI9qR97StCKi+pOmyN8dHMvvXRRjp6ZG0UZggbeiTx9Ir5n0K6jgYDSfUON
M+m+DZCvNuODf0EYSAKEc95pT5hRHGCiLCFucL7CxoUXLXD90sMYJCLUw47Ej3w=
=iKtG
-----END PGP SIGNATURE-----
Hash: SHA1
="I think the problem is, computers were not designed to be
used as a secure communication channel in a hostile
environment. "
yes, and no
If you look at the 8088 and 8086 chips -- these operated
only in real mode; as such they could not provide privileged
operation exceptions or memory protection. These features
appeared in the 80386 and are the fundamentals of building
secured operating software.
Secure operating software builds on the privileged operation
protection and memory protection by adding a system of file
permissions. Linux is particularly good in this area --
having been developed from Unix -- which was developed to be
a secure system. Some other software -- not so good.
Once you have a secure operating system you are able to
protect your software from un-authorized modifications --
aka malware, and computer virus.
which brings us to the critical issue of the day, and that
is authentication.
it's all well and good to have a secure o/s but you also
need to authenticate messages where the term messages
includes software transmittals, eMail, and online filings
such as online shopping and forms 1040 used in tax returns.
Linux has brought us a long way toward the secured operating
software requirements. and even includes Public Key
Encryption -- in the form of the Gnu Privacy Guard for us.
the trouble now is that commercial interests and government
are loath to admit the need for public key encryption: they
HATE it. The hate the thought of it: it would obstruct
snooping in a serious way.
As I understand it, GPG version 2.1 will be supporting
[url=h tp://arstechnica.com/security/2013/10/a-relatively-eas - -to-understand-primer-on-elliptic-curve-cryptography/]
Eliptic Curve Encryption (click this link for primer )[/url]
. I notice that the Thunderbird eMail client v 1.8.1 is
now using GPG Version 2.0 -- and I think xneopeek figured to
use V 2.1 with the LMDE/2 system .
according to the article ( referenced above ) EC is much
much more difficult to crack than existing RSA or DH keys
based on prime numbers. We likely won't see much
difference at the dialog level -- just an option to use EC
key rather than RSA -- most likely, "IMHO".
if you think about this, Public Key Encryption is a solution
to Computing in a Compromised Environment. Given that in
a Compromised Environment all of our identifying data -- our
name, address, date of birth, Soc.Sec. Nr, financial history
- -- all of it -- has been acquired by hackers and is now for
sale on the DarkNet in places like "Superget" ( see essay by
Brian Krebs ) . In this Compromised Environment we all
need an identifier such that can be offered as
authentication in public -- but which cannot be cut and
pasted and put to improper use by grifters.
this is exactly what public key encryption does.
I can sign this message for you using GPG. and you can
verify the signature -- my public key is on the server --
but you cannot alter the message and have my signature still
validate -- nor can you cut and paste my signature onto
another message and have that validate.
and this is protected -- as long as the security of my
workstation is good.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (GNU/Linux)
iQEcBAEBAgAGBQJVHeAdAAoJEI+zAVMjpGDYEmUH/RoetmYkOA9Uczq4MsYU312q
wbOjxYCyimkWE9pV6+VDbZAdxL5mfn822wRLVlw1WhTl5q6ErdrVTmWhMZZSQO7G
9dBZqdMDS9bYMEh0Giq47TZUt0PS0P8OOv1g16VHUN7kgu0Awu5PgyG27uEZlSy+
OGBQQaq6JjqqMrovNqao4dHMn0bW/jc6KifrkYRXqdtISN3bGtEA+iaMuibrl+/E
c/d2KZI9qR97StCKi+pOmyN8dHMvvXRRjp6ZG0UZggbeiTx9Ir5n0K6jgYDSfUON
M+m+DZCvNuODf0EYSAKEc95pT5hRHGCiLCFucL7CxoUXLXD90sMYJCLUw47Ej3w=
=iKtG
-----END PGP SIGNATURE-----
¡Viva la Resistencia!