In light of this, it's high time the NSA's selinux underwent a proper audit.
Just like Microsoft, how can you trust Linux when key security components were designed and coded by these people?
There are red faces in Redmond after Edward Snowden released a new batch of documents from the NSA's Special Source Operations (SSO) division covering Microsoft's involvement in allowing backdoor access to its software to the NSA and others. Documents seen by The Guardian detail how the NSA became concerned when Microsoft …
For instance, take this well known Latin phrase dating back to Roman times:
"Quis custodiet ipsos custodes?"
Loosely translated, it means 'Who watches the watchers/who will guard the guards' etc.
The obvious solution is no secrecy--make it open to the public. But that's hardly likely. The writer and philosopher Albert Jay Nock pretty well sums up the problem in is 1935 book "Our Enemy, the State".
There's a link to a PDF copy of the book at Wiki.
> You mean the VMS security model that Cutler took from DEC to MS?
WHO CARES!
IMPLEMENT IT NAOW.
I have to confess I gave up in SELinux. I have had the item "learn about SELinux" on my agenda for the last 10 years or so but I never find the actual time. And I'm not sure how it will help me.
Tears of distress...
You mean, an audit above and beyond every line of code being visible to anybody who pulls down the kernel source from git.kernel.org, including about 10 thousand very experienced programmers world-wide, many of whom work for governments not-at-all friendly to the US, who can evaluate the security impact of all that code?
Let me guess: your next post will be about how we have to distrust AES, because "the NSA maded it" (hint: no, the folks who created AES were Belgian mathematicians, and the algorithm was vetted by cryptographers around the planet before the NSA simply said "yes, that'll do, we approve using that").
OK, supposing you work for a government or a corporate not wanting to be seen to be friendly to the NSA.
Supposing you do find a security hole.
There's a choice: report it to the world, or stay quiet. If you stay quiet, you too may be able to exploit that hole. Go public and all the spooks lose the facility. Is the answer still obvious?
Not saying it's a likely scenario. But then none of this was considered likely six months ago, let alone 10+ years ago when the existence of NSAkey slipped out accidentally and was played down by the MS ecosystem.
"Not saying it's a likely scenario. But then none of this was considered likely six months ago, let alone 10+ years ago when the existence of NSAkey slipped out accidentally and was played down by the MS ecosystem."
Then you'd better start reading, hadn't you Mr AC.
Funny how these notions always seem to come from a) People posting AC and b) It's always someone else who needs to do it.
Stuff goes into Linux without it necessarily being very well understood by anyone other than the people who submit it. (The original XFS for example).
Not that many people even know how to use selinux properly.
Maybe the NSA submitted it without any flaw but as complicated as it is knowing that in the real world most of the time it won't be configured properly.
There is binary blobs in the kernel who knows what are in them.
I wonder if the 9 billion for Skype was just paid for by the US government.
Yeah...
Anyone remember the mysterious gitBitKeeper push in which a "==" was actually a "=", opening a root access backdoor hey presto?
Software developers on Wednesday detected and thwarted a hacker's scheme to submerge a slick backdoor in the next version of the Linux kernel, but security experts say the abortive caper proves that extremely subtle source code tampering is more than just the stuff of paranoid speculation.
The backdoor was a two-line addition to a development copy of the Linux kernel's source code, carefully crafted to look like a harmless error-checking feature added to the wait4() system call - a function that's available to any program running on the computer, and which, roughly, tells the operating system to pause execution of that program until another program has finished its work.
"That's the kind of pub talk that you end up having," says BindView security researcher Mark 'Simple Nomad' Loveless. "If you were the NSA, how would you backdoor someone's software? You'd put in the changes subtly. Very subtly."
"Whoever did this knew what they were doing," says Larry McVoy, founder of San Francisco-based BitMover, which hosts the Linux kernel development site that was compromised. "They had to find some flags that could be passed to the system without causing an error, and yet are not normally passed together... There isn't any way that somebody could casually come in, not know about Unix, not know the Linux kernel code, and make this change. Not a chance."
On Wed, Nov 05, 2003 at 04:48:09PM -0600, Chad Kitching wrote:
> From: Zwane Mwaikambo
> > > + if ((options == (__WCLONE|__WALL)) && (current->uid = 0))
> > > + retval = -EINVAL;
> >
> > That looks odd
> >
>
> Setting current->uid to zero when options __WCLONE and __WALL are set? The
> retval is dead code because of the next line, but it looks like an attempt
> to backdoor the kernel, does it not?
>>"There is binary blobs in the kernel who knows what are in them."
>WHAT !
No need to panic.
Those binary blobs are only loaded into some devices as their firmware, not run by the kernel itself. In fact, the same thing Windows drivers often do (except that in Windows, you cannot see the source even for the parts run by the kernel). Any code executed by the kernel in Linux has visible source, unless you use some proprietary binary module requiring abomination, like ClearCase.
If you really want to avoid the blobs (at the cost of losing support for some devices), use one of the fanatically "libre" Linux distribution like gNewSense that configures them out.
Quote: "You mean, an audit above and beyond every line of code being visible to anybody who pulls down the kernel source from git.kernel.org..."
To put it bluntly, there are vast swathes of kernel code which are understood by ~ 5-10 people out there. There are whole arch/ trees that have even less people fully understanding all the fine points of how they function.
I have worked with various bits and pieces over the years. In each case, it took me half a year to get up to speed with the (rather small) areas I had to play with. None of them was anywhere near the complexity of SE linux.
So while the idea "it is in the open, someone should have noticed" has some merit, the idea "put some proper pros on it and do a proper audit" has considerable merit as well.
Just ditch it, and not just because of the NSA, but primarily because its obscene complexity actually threatens security rather than enforces it, since (as others have stated) so few understand it.
At best this results in distro-provided default policies that may or may not be secure, depending on who was paying attention at the time (and whether or not they have a hostile agenda), and at worst it results in users arbitrarily punching holes in security (or just turning it off completely) that they don't understand, because it's preventing them from getting something done, pretty much just like the way typical Windows users (and application vendors) treat firewalls.
Exactly the same goes for PolicyKit (e.g. the infamous Fedora incident), which has nothing to do with the NSA, AFAIK. In particular, note the hostile attitude of the maintainers toward security, and the users who complained about the lack of it, in the aforementioned example.
IMO "policy" based security is inherently dangerous, and moreover completely unnecessary on any Unix-like system, regardless of whether or not the NSA has any involvement, unless you're prepared to have ultimate trust in the only person who actually understands that policy.
> its obscene complexity actually threatens security rather than enforces it
It does not.
SELinux does not permit operations that would otherwise be disallowed; it further restricts operations to the contexts in which they should be performed.
In the event that the policy prevents an operation which ought to be allowed - usually because the files in question are local to this machine only, and have not been labelled at all - the operation fails. This is why so many people disable SELinux.
In the event that the policy permits an operation that should be prevented, that operation only succeeds if the underlying DAC permits it; in other words, it is *exactly* the same situation as if SELinux were disabled.
SELinux is very far from perfect, but it does not threaten security.
Vic.
SEL is a massive bodge on top of the massive bodge that is the Linux security model. It's 2013, and still Linux can't do basic things like constrained delegation properly, doesn't have dynamic access control, and relies on tools like SUDO that are inherently secure as they run as root.
it is about time that Linux was redesigned to integrate security from the ground up, much like Windows did with the launch of NT.
"integrate security from the ground up, much like Windows did with the launch of NT."
You mean the VMS security model that Cutler took from DEC to MS?
VMS is still available from HP if you try really really hard and don't mind running on an IA64 rather than something relevant.
VMS fundamentals have changed little since Cutler arrived at MS.
VMS is somewhat lacking in what some may consider "modern" features (e.g. unauthenticated code execution exploits, unauthorised privilege escalation exploits, exploitable buffer overflows, etc).
It may not even have a usable NSA backdoor, who knows.
Buy now, while stocks (and expertise) lasts.
They need to do better. Linux as it is today is insecure by default, not just that. It is bloated and buggy due to version number race that is currently taking place. Fast phase of releases means that more bugs are left unresolved or fixed in next release.
A high version number does not give a quailty and stable code. Far from it.
>"It's virtually pointless unless you encrypt everything first."
Then you don't want to read the Wired article on the NSA's new encryption-busting supercomputer and data retention facility in Utah. Standard AES encryption doesn't stand a chance:
http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/1
ALL YOUR SECRETS ARE BELONG TO US
@Destroy - >"I don't believe that for an instant. You can't decrypt everything all the time."
Told you that you would NOT want to read the article.
Standard AES is vulnerable to the new supercomputers because they can do brute force attacks so much faster. Stronger methods of encryption will still rebuff these sorts of attacks - for now.
Standard AES is vulnerable to the new supercomputers because they can do brute force attacks so much faster.
They need to be much much more faster unless there is some computational shortcut and/or additional information reducing the problem (there may be: AES crypto broken by 'groundbreaking' attack; Faster than simply brute-forcing).
But still:
How secure is AES against brute force attacks?
As shown above, even with a supercomputer (50 PetaFLOPS, which is the wrong kind of oomph, but let it rest for now), it would take 1 billion billion years to crack the 128-bit AES key using brute force attack. This is more than the age of the universe (13.75 billion years). If one were to assume that a computing system existed that could recover a DES key in a second, it would still take that same machine approximately 149 trillion years to crack a 128-bit AES key.
Unless I misunderstand badly, to a first approximation, brute force recovery of a 256 bit key based on known plain text would be expected to take on the order of 2^128 ~ 3*10^34 operations. If you can do 10^15 per second (probably a stretch even for NSA) that would come down to 3*10^23 seconds, or about 10^16 years, a few orders of magnitude larger than the current age of the universe. Brute force seems likely to be a poor choice.
There may be undisclosed vulnerabilities in AES, and if so NSA may know them. Even more likely, there may be vulnerable (poor) AES implementations that make key recovery easy. And most likely, there are vulnerable systems that can provide access to either the key or the actual message.
You can do like the Russians and move back to typewriters:
http://mobi.iafrica.com/world-news/2013/07/11/russia-eyes-old-school-security/
Otherwise you're (we) are screwed. Anything you send online has to be assumed slurped. It is extraordinarily unlikely anyone will care or even read your data, but that's not really the point is it...
No, we don't have to be defeatist and go back to typewriters. Snowden successfully communicates using encryption, its just a case of adding encryption to everything and using the OS he uses (linux?).
There are problems, but they can be fixed.
Email encryption is a weak spot. Missing is a simply OTR first time key exchange for end to end encryption of email. NSA scoops it all up and reads it. Identity documents, private comms, saucy pictures of your GF's, you name it they spy on it.
We just need to be more on guard and generate open verifiable encryption standards and move away from the known backdoor US tech and UK comm transits.
How to stop NSA snooping
If you do not want NSA snooping or any other spy agency for that matter.
Go back to old school
Paper and pen hand delivered to the recipient
Ok it’s a bit labour intensive and does not work too well over long distances but “they” do not get to see your stuff.
You could take the risk of using a state run postal service.
Another method
Face to face meetings.
@AC 23:52 - >"If you do not want NSA snooping or any other spy agency for that matter.
Go back to old school
Paper and pen hand delivered to the recipient"
====================================================
Pen and paper was hacked many, many years ago - possibly centuries ago. Simply get the written message from the pen impressions left on the next clean piece of paper on the tablet.
Anyone know of an Outlook.com alternative that I can move my mail to, where my personal life won't be siphoned into a database? Already deleted skype.
First, forget the idea that there is such a thing as absolute security, and certainly that you can come near that for "free" (if "free" means in reality "paid for with personal details", then that it isn't free, but I'll get off that soapbox now). Even companies that protect you may have to open the doors for a warrant, the clever idea is to use a company in a legal system that still works most of the time, because that would mean that the US would be forced to follow due process: a cross-judicial request for assistance relies on the laws of the country the assistance is requested from.
As in corporate security, there is a whole span between "idiotically risky but cheap" (Google, Yahoo, Outlook) to "expensive but fully protected". A possible solution is simply to move things to Switzerland. A host is relatively cheap, and buying a domain through SwitchPlus there means a 3rd party cannot redirect your mail path either (non-US registrar - only leaves root server manipulation, and that's IMHO too big to go unnoticed). If you want to talk to friends safely, you just give them an account on your machine and make sure you use SSL for IMAP and SMTP. It means for about £100 a year you're set, and you can run your own webhost on top.
Although the Americans have been VERY hard at work to make you think it isn't a safe haven for data (because they can't afford you know this), it is a fact that Switzerland is (a) one of the last remaining functional direct democracies and (b) has privacy EXPLICITLY written into its federal constitution. I'll translate that for you: affecting that fundamental a law is very, very difficult because everyone would have to vote on it. An even better translation for that is: any hoster who would read your email without your permission doesn't get a slap on their fingers with a wet noodle, it means jail time. What is interesting is that that entry is actually fairly recent (1999), and thus includes telecommunications.
At the very top end you could get yourself an account with the only setup in the world that sells privacy protected email, which means you'd enjoy legal protection, discretion and security managed by people that frankly scare me (I know some of them), but you pay for that, it's rumoured to set you back at least triple digits annually for the most basic service. It's were Special Forces, celebrities and VIP go since the News of the World hacking affair.
It's actually a good question - I should write an article about this.
"it is a fact that Switzerland is (a) one of the last remaining functional direct democracies and (b) has privacy EXPLICITLY written into its federal constitution. I'll translate that for you: affecting that fundamental a law is very, very difficult because everyone would have to vote on it. An even better translation for that is: any hoster who would read your email without your permission doesn't get a slap on their fingers with a wet noodle, it means jail time. What is interesting is that that entry is actually fairly recent (1999), and thus includes telecommunications."
ex Schweiz resident here: I think that is a very benign view of La Suisse. The gnomes will anything for money
UK adopted the human right to privacy directly into UK law. It makes no difference, GCHQ did a
http://cryptome.org/2013/07/snowden-spiegel-13-0707-en.htm
" In some cases, the so-called Five Eye Partners 4 go beyond what NSA itself does. For instance, the UK's General Communications Headquarters (GCHQ) has a system called TEMPORA. TEMPORA is the signals intelligence community's first "full-take" Internet buffer that doesn't care about content type and pays only marginal attention to the Human Rights Act. If you send a single ICMP packet 5 and it routes through the UK, we get it. If you download something and the CDN (Content Delivery Network) happens to serve from the UK, we get it. If your sick daughter's medical records get processed at a London call center … well, you get the idea. "
Note, he's talking about 'we' as in NSA, so any claim they delete the data is a lie, the NSA gets a copy that isn't deleted.
ex Schweiz resident here: I think that is a very benign view of La Suisse. The gnomes will anything for money
Not anymore, at least not when it comes to law. That is the one benefit of the recent US shenanigans: it has scared the bejeezus out of the abusers because the drains are up in almost every level of government.
It's a bit like traveling by plane or ferry: the companies tend to be safest right after an accident.
I don't know of any surely safe, but I sense some enterprising people might now make millions by creating one...
Yes, but whatever you do, CHECK. I have already seen a number of people and companies that promise a lot, but fail even the most cursory check. A demanding market attracts snake oil vendors like no other. Also beware of tech-only solutions, because technology isn't actually the problem.
In addition, if you're looking for an enterprise-wide solution you're wasting your time if your HQ is in the US. If you move your HQ outside the US it's credible to have a US subsidiary which is simply barred from accessing any other corporate resources than it needs for its business, but if your decision power resides in the US you'll be at the mercy of whoever wants to play with FISA and the USA PATRIOT Act..
> In addition, if you're looking for an enterprise-wide solution you're wasting your time if your HQ is in the US.
After writing the first post with this subject, I read the original Guardian article which says Skype was in the bugging program even before Microsoft bought it. I'm not sure where its HQ was before the deal. If outside the US, the pressure exerted by the US gov must have been quite something ("Nice IP telephony system you have here, too bad if became totally inaccessible from the US...").
So I suspect that not only does the postulated secure system have to be based completely outside the US, it must also stay small enough to not attract attention. So no big bucks possible here after all.
I guess if you want a snoop-free webmail and cloud storage, there is no alternative to running your own server, or one shared only by people you trust. And keep it under lock and key in your own basement...
You can guarantee they have everything else, If you don’t want The Man ® to have the chance to look at your emails the best bet is to use some Russian, Iranian or North Korean option, then at least the Americans will have to put some effort into spying on you (and being aware that the Russia, Iran or the Norks are already doing it, probably without a court order).
On a side note, as I have stated before I am not really worried, I am under no illusions that they can see what I am doing if they want, I am a realist, anyone who thought this ‘could’ not happen if they wanted it to is very naïve, the surprising thing for me is thy bothered getting any legal backing, and while I don’t subscribe to the ‘if you have nothing to hide…’ mentality the amount of time, money and man power it would take to monitor everyone’s email, phone calls, movements and online presence is ridiculous, it’s more a case of ‘I am so unimportant I really doubt they would bother’. That is until Obama announces his new plan to combat unemployment and the NSA has 100 Million new jobs going, then I will get worried…
As I said on slashdot the other day...
My email is very dull and boring. But there are people I respect who's email is NOT dull and boring. Campaigners, activists, journalists, even lawyers and policiticans. Unless I protest nosily, and adopt privacy tools myself, the government can get away with recording the correspondence of people for whom it does matter. In fact, they can even spot the ones to watch because they are the ones using encryption and privacy tools.
Remind yourself of https://en.wikipedia.org/wiki/First_they_came
... the problem lies less with the companies, they would love to just normally break privacy laws and get fined rather than having to cope with government competition. The main issue is the nefarious combination of US laws that make the whole Safe Harbor even more of a useless marketing gimmick than it already was - this means the problem cannot be addressed by the companies.
From a European perspective, as long as US laws don't change it is evidently impossible to trust ANY US organisation with your data because they don't have the final say. It makes things very simple: if the company you are planning to give your data to has a US HQ you better think again. Or, if you're a business, you are about to wilfully break EU Data Protection laws which creates a liability. Still feeling smart for having outsourced your email to Gmail?
You forget Germany. And the Dutch.. (although those intelligence agencies are running under rather strict mandates, nothing like the free-for-all of the NSA, and possibly the UK.)
The Luxembourg spook squad has been proven to be well out of control, and "inquiries are ongoing".
One can only speculate what Italy under Berlusconi has gotten up to, and as far as the former eastern european bloc countries are concerned .... *ahem*
> The Luxembourg spook squad has been proven to be well out of control
What I hear from the street, that's only "medium rare" stuff. Typical entitled bureaucracy shenanigans. Unrequired spying on about 30 "persons of interest". Tarring ops. Plus making money on the side by selling service vehicles at discount prices. Still, there will be new elections (will anything change? RUH..ROH!)
Oh yeah, there is also a false-flag terror thing that's been disinterred, from the 80's.
Anybody think all this confirmation of what we already suspected is going to slow down the rush to the cloud? I see a future for boutique shops that cater to the wisely paranoid by providing on-premises Linux servers, secure ISP service and custom ROM smartphones.
Black helo for obvious reasons.
Anybody think all this confirmation of what we already suspected is going to slow down the rush to the cloud?
If I recall correctly that has been said right here the moment this marketing word started to appear. I should know - I must have been one of them.
I see a future for boutique shops that cater to the wisely paranoid by providing on-premises Linux servers, secure ISP service and custom ROM smartphones
The challenge isn't on-premise, it's protecting ex premise comms and relationships with 3rd parties. Protecting privacy is a lot more complex than just slapping some crypto on email, but it's still not impossible, even across multiple jurisdictions. Important is that you ensure you stay within the law, yet avoid consequential liabilities: the one battle you can never win is one with authorities. This is why you must understand the whole picture, not just security.
Not all countries have equivalent oversight requirements to protect civil liberties and privacy,"
You're right! I can't think of any that do.
They've all gotten together and weaseled around any and all legal protections once afforded the at large citizen. Disingenuous bitchs. You've lost your right to claim moral superiority in this area. Damn them and damn the cowards who quiver in fear of everything and allow, even encourage, this sort of thing.
Not all countries have equivalent oversight requirements to protect civil liberties and privacy,"
You're right! I can't think of any that do.
Here is one. Unfortunately they have left wing idiots in government who are quite happy to cause collateral damage as long as some rich people suffer (which is the actual play the US used to wedge its way in), but the backlash has already started. The link above is federal constitutional law, the most powerful and overreaching law of the land, and quite a number of people are now working on making sure that gets enforces.
I feel sorry for US citizens, but in many places they are actually asked to either give up their US citizenship or find another place to be (also from a corporate risk management perspective), and banks boot them out because the overhead involved in holding a bank account for a US passport holder is just not worth the cost. It's interesting (and saddening) to see US passport holders being treated like terrorists because of their government, but I can see the sense of it - I have never seen such a massive breakdown in trust in the US government than over the last one or two decades.
I'm sure the Swiss themselves may enjoy privacy, but the Swiss banks already rolled over on citizens of other countries and the banks are what they're famous for*. Can't really trust them either.
I realize the Swiss have done a lot of things other than banking, but to if you talk about the impact of nationalized mercenary armies on European history or the cultural implications of a heavily armed citizen defense force built around pseudo-isolationist policies people glaze over. Everybody knows about their banks though. And chocolate...
I'm sure the Swiss themselves may enjoy privacy, but the Swiss banks already rolled over on citizens of other countries and the banks are what they're famous for*. Can't really trust them either.
You must understand the difference between politics and law. What happened with the US was indeed bad, and needed an act of parliament to legalise it after the fact. The Swiss government is hopelessly naïve when it comes to negotiating with bullies (blackmail really only has one answer: no). However, the upside is that laws were recognised as being broken, and the current play is actually cleaning it up. That's one of the key reasons why people with a US passport get ejected out of their jobs and banks left, right and centre.
When it comes to protecting corporate data, when someone arrives at your door with a warrant, you have no option but to comply (after your lawyer has checked it carefully). What you do as an organisation is ensure that (a) there is due process before it ever gets that far (impossible in the US as the system now lacks effective oversight), (b) such a warrant can only ever be focused, not broad based fishing (again, avoid US style, but UK RIPA is also dangerous in that respect as is what the Swedes are doing - forgot the name), (c) data obtained during this process is protected well (glaring deficiencies anywhere but Switzerland) and (d) post process this data is destroyed.
Sure, you stand little chance if a foreign intelligence has decided to screw over the nation and damage the competitor to its own financial markets with slurs that apply just as well at home (minus the "causing yet again a global economic meltdown", that is clearly a Wall Street exclusive), but it's still the best shot you have compared to the alternatives, and said foreign entity will eventually be found out, resulting in a backlash (there are actual arrest warrants out in Switzerland for some key figures in the German government, and I really don't need to mention the NSA post Snowden, do I?). The fun part is that you can then use that legal system against the abusers - they may abuse the law, but in a decent democracy they cannot wholly rewrite the law to suit themselves. Switzerland is the only remaining nation that hasn't seen the need to write anti-terror backdoors into law, sensibly they decided they had enough LEGAL means to manage.
As I said before, you cannot REMOVE the risk, but you can certainly lower it.
This shouldn't come as a surprise in my opinion. That is; not to those who read Microsoft's services agreement policy before using them.
For starters (for real, this is at the top and also bold):
"IF YOU LIVE IN THE UNITED STATES, SECTION 10 CONTAINS A BINDING ARBITRATION CLAUSE AND CLASS ACTION WAIVER. IT AFFECTS YOUR RIGHTS ABOUT HOW TO RESOLVE ANY DISPUTE WITH MICROSOFT. PLEASE READ IT."
That should be an eye opener in my opinion. So what is section 10 (I prefer Section 9 myself, but then again; I'm a GiTS addict ;))? The usual kind of clause one could expect in a country which seems totally obsessed with lawsuits (seems obsessed to an outsider like me anyway).
Nah, what I'm referring to is section 5; "Privacy": "How does Microsoft respond to legal process?". And what do you know: "Microsoft may be obligated to comply with requests for your information or your content as part of such investigations or legal proceedings.".
Its right in their policies: they're following the law, as I somewhat would expect from them.
Don't blame Microsoft, BUT: Blame the big brother government of the United States instead.
But somehow I don't see that happening; Microsoft is a much easier target of course.
Who do you think you are? Coming to an online forum and bringing reason with you?
In all seriousness, you are correct, this is not an MS issue, they didn't/don't have a choice in the matter. Same with any US company. It is plain silly when people say company (x) should have blabbed to the press and broken this story. You can't win a fight with the U.S. government on its home turf, those involved either go to prison or end up on the run for the rest of their lives. Very few people want that life...
My only real question in all this is how much the companies were paid to make the "lawful intercept" upgrades and put staff on it. The remuneration is required by law so we know they got paid; but how does that money get recorded? I'm curious if all involved were using the money to pad accounts to shore up losses or if the funds simply disappeared into private accounts. More people knew something fishy was going on than the corporate gobbledygook lets on.
This is an interesting angle on it.
That makes them liable to 10% of their world turnover for their "assistance" as it becomes competition matter instead of the pittance data protection fee.
The problem is that the current competition commissioner would probably not have the cajones to start an investigation into "illegal state subsidies" and "price dumping" by USA. Funny though - we are happy to investigate Huawei for _EXACTLY_ _THE_ _SAME_ _THING_
Wonder may be the wrong word, given how obvious it was.
Think of these facts.
Skype was supposed to be secure. Microsoft bought it.
Nokia was not under American control, neither were its OSes. Its smartphones now run windows.
Why is Windows so easy to pirate? Because the alternative would be a FOSS system rather than a purchase, and this might not have a backdoor..
Killing Linux netbooks.
Always on camera on XBox 180
Each of these on its own implies very little, but looked at together, Snowden's revelations don't seem surprising.
This post has been deleted by its author
"Nokia was not under American control, neither were its OSes. Its smartphones now run windows."
Which remains secure and unhacked, whilst Android and IOS are like Swiss cheese, and even Blackberry 10 was fully compromised.
"Why is Windows so easy to pirate"
erm - you must have not yet used Windows 8. It's very hard to pirate and is still not properly cracked. Hacked versions keep having to be re-hacktivated, and if you try hacking the binaries, the Windows Store and Windows update wont work properly...
"Always on camera on XBox 180"
Kinect might always be connected - but it is not always on - you can disable functionality via the privacy controls. Or you can just turn the power off if you wish.
"Not all countries have equivalent oversight requirements to protect civil liberties and privacy," they said. "In practice, US companies put energy, focus and commitment into consistently protecting the privacy of their customers around the world, while meeting their obligations under the laws of the US and other countries in which they operate."
And nothing at all was being said.
Contrails are mind control gas dispersed at high altitude by the Lizard People to keep Humans complacent and prevent them from engaging in the interstellar economy.
Ha! Take that Señor Tinfoil unbelievable conspiracy person. If you're really a person...
If you've got an always on internet, pick yourself a cheap mini-itx system, stick linux on it, pay a £5 for a valid SSL cert, configure apache, imap and smtp to use it, set-up email server and configure your email client appropriately and you have something they can't access unless they succeed in hacking you.
Works for me.
Over the last few weeks I have given the question of whether you can trust a bought SSL, i.e. is it knobled. Tough I am not an expert, I think it is pretty safe because (1) Snowden says so and (2) I think it would show up in the trust chain and browsers (makers) would cry foul if they discovered a bad top cert.
If in doubt, create a self cert.
Bit harsh on the down vote.
I think a rasp pi is a bit short on memory if you are going to do the spamassassin/av/etc on it. I actually use a virtual machine for it.
> the government went to Verisign et al. and told them "you have to help us decrypt this traffic"
My server has a self-signed, out-of-date certificate.
If ever I connect and I *don't* get a warning, I know someone is intercepting the traffic.
The fingerprintprint lives on a piece of paper in my wallet (I usually only check each end from memory).
Vic.
Years ago it occurred to me to ask the question 'why is it so hard to clean traces of one's activity out of Windows?' Since then, it's become much harder to do so despite the obvious security concerns. Ask yourself why it's so.
Windows is so hard to clean properly that it's almost an impossible task, moreover, after purging the known user activity there's no way of actually interrogating the O/S to see if one has actually gotten all of it and that the O/S is actually clean--Microsoft hasn't provided a facility to do this. In fact, it's so hard that it's earlier to purge the disk completely with DBAN--Darik's Boot And Nuke which also erases every trace of Windows, alternatively one can put the disk into a metal shredder or run over it with steamroller or forklift to rid oneself of the history and other telltale metadata.
Also ask yourself why Microsoft didn't include another root directory alongside 'Documents and Settings' say perhaps called 'Configuration, Logs and Activity' (a single and only place for all such data) with the ability to easily delete all or part of its contents. Simply deleting all files (either by simple or secure delete) would restore Windows to a default state (a la a 'pre-installed' laptop with programs). A similar arrangement could be used to purge programs and user accounts.
Of course there's the obvious reasons: it was more work for Microsoft, and/or that Microsoft made it deliberately difficult so users would delete all of Windows prior to the sale/disposal of a PC so that another copy of Windows would have to be purchased by a new owner; or that deliberate obfuscations within Windows made it easier to protect copyright/rego of both Windows and installed programs.
Such excuses alone would have been plausible back in the days of Windows NT, Windows 2000 and perhaps even XP but look at what's happened since then: one has to completely re-evaluate the situation when one looks at later Windows O/Ses. Take Windows 7 for instance, it's a nightmare to purge all the logs let alone all the other associated metadata--just finding everything is a mammoth task in itself.
Remember also that in later Windows O/Ses such as Windows 7 that Microsoft has not only turned on dozens more log files and retained much more metadata but it has also mandated NTFS and outlawed FAT32 for the Windows installation volume. NTFS uses both Streams and a MFT (Master File Table), which are difficult to purge. When files are deleted the MFT remains full of the file particulars. Even if purged using special sanitising software, remnants of the file entries are still there. The only truly effective way to clean a NTFS volume is to copy all remaining/active/wanted files to a FAT32 volume then clean--completely purge the NTFS Volume with say DBAN--then reformat it and then copy the wanted files back from the FAT32 volume.
Frankly, the totally inadequate situation of being unable to purge NTFS volumes of remnant metadata and such from within Windows is just absurd--so much so that it must have been deliberately planned this way to make it so difficult.
Despite all the obvious hoo-hah over security in recent years, Microsoft has still not provided any services or facilities whatsoever to clean up/purge the O/S of user activity. In fact, Microsoft has just made matters worse. Instead (it seems to me as a cover), Microsoft has provided users with so-called security features such as the annoying and essentially useless User Account Control (UAC). These may be of some help with simple viruses but they're totally useless when someone or a government agency wants information about the user's PC activity.
So after several decades and many versions of Windows why wouldn't Microsoft do things correctly?
It seems damn clear to me--and it ought to be so even to Blind Freddy--that Microsoft is under pressure to ensure that when a Windows O/S comes into the possession of law enforcement and or other Government agencies that it's comparatively easy to analyse in great detail what the user has been doing on his/her PC--even if he/she has gone to considerable lengths to clean up traces of this activity.
Frankly, I am simply amazed that these massive and glaring privacy anomalies within Windows aren't the subject of massive user outrage; especially go given that they've been going on for such a long time.
Is this just user complacency or is it massive user ignorance?
This post has been deleted by its author
I hate to stir you from your conspiratorial slumber, but a few fact are in order:
(1) There are two directories \Users and \ProgramData. Ideally most of user specific information should be in those dir trees. Programs on Windows (real ones, not TIFKAM apps) are however free to create files wherever they want and some do. Data always leaks in ways that an OS can't completely control.
(2) If you do want to 'clean your traces' you can do the following:
(2a) Boot to a differencing VHD. The BCD hive is on the system partition and the boot entry normally points to another partition which is the boot partition (usually C:). However you can specify a VHD instead.
(2b) When you are done doing whatever it is that you want to leave no trace of, boot to WinPE, secure delete the VHD diff file and create a new blank one.
(2c) Once a month on Patch Tuesday, or whenever you do want to make a sticky change, go ahead make the change then boot to WinPE and merge the diff VHD into the base VHD and create a new blank diff VHD.
(3) FAT12/16/32 do not proactively try to make deleted files go away. They just set the first character of the shortname dirent to 0xE5 and clear the FAT chain. The full long name, all the file data, and the first cluster number are still present. If the file was contiguous and nobody else has re-used the clusters you can undelete the file.
(4) NTFS $MFT records have an in-use bit so just like FAT32 all the metadata remains upon delete. NTFS stores all the mapping information in the file record, so that survives a delete (unlike FAT). This was not done to support NSA forensics; it was done to reduce the number of disk I/Os required to allocate and free disk space.
(5) ReFS, the new Win8 file system, uses logging to never overwrite metadata until the log rolls. You will probably think this is to give the government easy access. It's rather just the evolution of file system design. Not overwriting metadata solves lots of tough problems when dealing with imperfect disks, write caches and power loss. Read about Sun's ZFS file system.
(6) User Account Control was not designed to protect you from a targeted attack by the NSA. That is hard. It was designed to protect stupid people who click on every link in a dancing hamster email they get. Also a bit of CYA for MS, i.e. they clicked "Allow", so it's their fault they got a virus.
WTF - When did Microsoft and NSA work on the same team? Do they get promotions at Redmond for teamwork with spooks or a good old pat on the back from Uncle Sam? I wonder if NSA agents and Software Engs actually have friendly chats the water cooler? I bet some graduate thought it would also be a great idea to give a back door to Windows 8 so NSA could install key loggers. Stupid.
And since when do Al Quieda communicate via Skype video chats?
err ... no .. DoJ .. SEC could have shut Microsoft down in 2001-2002 .. instead a panel of government experts got the OS source code for 5 years .. Microsoft got a slap on the wrist ..
and seeing that MS settled November 2001 .. I'll *speculate* that NSA .. DoJ .. CIA .. CSS .. FBI .. DEA .. DHS .. DNI .. hell .. there's about 50 US intelligence agencies that have access to your Windows machine if it's on the network .. not to mention dozens of foreign and extra-national entities that have probably figured the access out or spied it away from some insecure US gov Windows 'puter
"And since when do Al Quieda communicate via Skype video chats?"
Only newbies actually believe this is about terrorism.
THE PATRIOT act is about 360 pages of legal jargon and came out 6 weeks after 9/11.
That's a big law in a very short time span unless you've already got something in the works and you just need a justification to bring it in.
That's a big law in a very short time span unless you've already got something in the works and you just need a justification to bring it in.
Well, if we're on the conspiracy track it's worth asking who benefitted from 9/11. Was that really terrorists? All I can see is more money blown in one DAY of shock-and-awe that they ever hope to recover from tax absconders ever, a vast fortune blown on establishing the DHS, which in turn blew stack of cash on airport scanners with the flimsiest of justification (and apparently, a lot of that kit was not even installed). That is a LOT of tax money turned into private equity for no real benefit whatsoever - wars are good for that. If I recall correctly, the guy that was singing along with that tune in the UK had to create his own private bank to hold all the loot.
Then we enter stage two, where this scam had to be continued to damage the global competition to Wall Street, at the same time neatly removing Wall Street from the headlines for causing YET AGAIN a global crisis...
It does add up, but the resulting picture is not exactly rosy.
"That's a big law in a very short time span unless you've already got something in the works and you just need a justification to bring it in"
It was initially opposed by a number of lawmakers. These were the prime targets, along with a few media types, for the subsequent anthrax attack. Unsurprisingly, the US PATRIOT act was then passed.
"THE PATRIOT act is about 360 pages of legal jargon and came out 6 weeks after 9/11.
"That's a big law in a very short time span unless you've already got something in the works and you just need a justification to bring it in."
Moreover, hardly any Congresscritters even troubled to read it before they voted it into law. (They didn't even have time to read it).
Much the same way as laws on banking and finance get written by bankers and financiers, handed to their pet Congresscritters, and voted into law by the usual machine political manipulation.
Mark my words. The NSA has the private keys to all signed SSL certificates, they can decrypt anything at will. Any "real" cert signed by any cert authority Comodo, Verisign, etc, NSA already have all the keys to decrypt it, provided to the NSA by the cert authority itself.
"Mark my words. The NSA has the private keys to all signed SSL certificates, they can decrypt anything at will. Any "real" cert signed by any cert authority Comodo, Verisign, etc, NSA already have all the keys to decrypt it, provided to the NSA by the cert authority itself."
True. If the certificate is a company subject to US law.
Non US certificate authorities?
It makes no difference if the certificate is from a non-US entity. If *any* of the trusted authorities is an NSA front, then it can trust any fake certificate.
You have to mark a lot of certs as untrusted, and that's really difficult in browser like Firefox at the moment. It restores them if you delete them.
At the moment, all https traffic that routes across networks that can be intercepted is likely tapped. The only thing that prevents https being intercepted is if the routing prevents that man in the middle attack. The key is worthless now.
Can the Reg make an article showing what we can do to protect ourselves on the desktop, laptop, mobile and web browsing point of view? Like a list of the best OS distros, mobile and desktop apps, encryption tools, web browsers, etc for us to use and avoid Skype, outlook.com, Gmail, androids, iPhones, etc.
I would love to have a big guide showing all the alternatives.
It's too late for that. Although if you want secure internet comms you might want to go checkout silent circle. It's used by the US Military and other US Gov Dept but they aren't big on back doors, if the NSA or Spy of your choice can access a back door so can any other miscreant. Which seems a sensible approach
https://silentcircle.com
So I can tell my strategy guys that their plans to move Large financial organisation data to an external cloud based service will be fine and that they don't have anything to worry about?
So lets have an analogy, Store your data with any US and probably most other cloud hosting company equates to standing in the high street on a saturday afternoon naked.
Personally I figured cloud would grow by leaps and bounds until something went sideways and suddenly people start asking questions about jurisdiction and liability
For you Comp. Sci OO types it's a case of where the method is instantiated, not where it's defined that matters.
No real judge was going to fall for the old marketing line "It's in cyberspace so it's not anywhere" BS.
Same for me, my Junk mail is where most of my mail is delivered and is usually chock full fake bank/game site scams, diet products, Work from Home scams, penile enlargement ads, and links to porn sites usually from Russian, Eastern European or Chinese addresses, Microsoft totally suck at filtering this stuff, I must have 5-6 email accounts and only the Hotmail/Outlook one is consistently full of stuff from sites i never signed up with and are obvious scams.
The NSA, and Co. are welcome to all the Nigerian Princeses with shedloads of Cash just looking for a new home, and those other Adds for Penis Pills. I didn't want them anyway. If I had, i would have registered myself (To this Site), along with every other Site IN THE WORLD to my One True Internet Provided Address. Which I don't to keep it Spam free. See what I did there?
Everybody should switch to OpenBSD then. Linux has so high code turn over, which makes it impossible to catch up the audit. When you audit one line, three new lines have been added. The code base is completely rewritten every... half a year(?). In a very short period. It is like all those device drivers that need to be updated as soon as Linus Torvalds breaks them in an ABI upgrade (which happens all the time). HP spends millions of USD to update every device driver when Linux has been upgraded. And Long Term Distros does not help, because when you install a new software, it needs new updated libraries, forcing you to upgrade them, which forces you to upgrade everything else.
OpenBSD has very strong audit all the time. I suspect NSA hates OpenBSD and actively tries to diminish it. Linux suits NSA very well, with the very high code turn over.
Maybe Richard Stallman was right when he insisted on taking extreme precaution before surfing on the web. People here called him moron for doing that. Maybe RMS is clever-er than both you and me.
....up to now, the Powers-That-Be have been going to some lengths to tell us that the snooping is all fine because they are only capturing the meta-data, and *not* the content; but then we get this...
"The audio portions of these sessions have been processed correctly all along, but without the accompanying video. Now, analysts will have the complete 'picture'," it says.
Audio and Video? well thats clearly content and not meta-data, isn't it? More lies?
NSA Even Spied on Google Maps Searches, Documents Suggest
I'm eagerly awaiting a new "Big Brother" icon with CoolShades shopped in.