* Posts by DeKrow

120 posts • joined 3 Aug 2011

Australian Feds cuff woman who used BTC to buy drugs on dark web

DeKrow
Facepalm

Where digital and meatspace intersect

This is a fine example of why all the crypto backdooring talk is redundant (not to mention stupid, but that's a separate argument).

The big old major crimes cannot be committed purely in the digital realm. Drug deals involve something in physical existence (assuming Snow Crash doesn't exist yet), as do the various elements of terrorism (lone crazy or organised group), child abuse, murder, rape.

Meatspace is where the insecurities lie, and this is where law enforcement should put its focus, which is likely what happened in this case. Darkweb this, bitcoin that. Pfft.

The only crimes that are purely digital are the Gen Z's such as corporate data theft (old crime but dressed up modern), identity theft, carding, etc. Strangely, these aren't the ones being mentioned when discussing encryption backdoors or "going dark", and the whole lack of regulation, and seeming desire to regulate, on IoT will only make these kinds of attacks more frequent and have greater impact.

They're not just putting the cart before the horse, they're putting the horse in the cart, then pushing the cart themselves.

Exposed: Lazy Android mobe makers couldn't care less about security

DeKrow

I'm hoping to take delivery of an Android One device some time this week. I'll get back to you in a couple of years as to its on-going support.

Rudd-y hell, dark web! Amber alert! UK Home Sec is on the war path for stealthy cyber-crims

DeKrow

Re: Kingpin or strike.

Treating the symptoms rather than the cause.

I see this everywhere. You can measure the symptoms, so they're relatively easy to "treat" and show that they're being treated by using statistics. Causes require real work to both determine and remedy, and are often cultural and therefore too long-term or too difficult to tackle.

Treating symptoms is a politicians bread and butter because you can treat symptoms forever and thus suckle at its teat long-term. Treating causes tends to be unpopular because the 'common folk' may not be able to understand the frequently complex relationship between cause and symptom, so it ain't a vote-winning / promotional exercise.

Replace "politician" with "manager" and the above remains true.

They're back! 'Feds only' encryption backdoors prepped in US by Dems

DeKrow
Holmes

Re: There is no God given right to digital security

That's like saying that there's no God given right to life either because every single human can be murdered and some have been. There are laws against it, as are there laws against hacking.

Really, there are no God given rights at all. For various reasons...

"Anyone who believes that encryption will protect them from being prosecuted for their crimes is in for a reality check."

But this is what "they" are proclaiming: encryption is protecting criminals from prosecution.

Which side are you (dis)agreeing with?

DeKrow
Mushroom

Political mindset extrapolation

What I find the most scary about this on-on-on-going debate, is that politicians (on both sides of the fence, I'm not partisan in this) are continuing to try and find ways to defeat maths; where maths is the immovable object, and has been described as such by all the experts (in both mathematics and IT security).

The fact that politicians (around the world) cannot let go of a blindingly obvious exercise in futility gives me nightmares about how they treat other, more malleable, things that may get in the way of their 'seizure of power'. If the immovable object mathematics doesn't stop them, then mere human-constructed laws would be treated as potholes to be ridden roughshod over whilst keeping their eyes on the prize.

We've bred this species of arrogant, 'we can do anything' politicians because the punishment for corrupt, or not-in-the-best-interests-of-the-people, behaviour is dictated by the very people that have the capacity to be the wrong-doers. Far from being punished for working for personal rather than societal goals, they're making bank from it. This situation has continued long enough such that it has attracted the exact kinds of people that work towards self-aggrandisement, as opposed to 'nation leading', to political careers, thus magnifying the problem.

In Australia's system, at least, it's led to in-fighting that's resulted in four changes of Prime Minister outside of the election cycle in the last decade.

If you do something wrong, and don't get punished for it, how do you know it's wrong?

That long-awaited Mark Zuckerberg response: Everything's fine! Mostly fixed! Facebook's great! All good in the hoodie!

DeKrow
Holmes

Nothing to see here folks, sorry that the curtain got lifted a little, we're weighing it down a bit heavier now. We don't want third parties using the kind of power that we've been working for years towards leveraging.

There's more to blockchain than dodgy cryptocurrencies

DeKrow

Middle-aged man rocking up to the skatepark, saying:

"Right now, it's this Cambrian explosion kind of moment where it's worth mapping the landscape rather than being Teutonic about it."

There's your catch phrase folks.

OK, deep breath, relax... Let's have a sober look at these 'ere annoying AMD chip security flaws

DeKrow

Timeline

- Intel's MELTDOWN and SPECTRE issues were disclosed in late January 2018.

- amdflaws.com registered 22nd of Feb 2018

- AMD informed of the issues 12th of March 2018

- actual disclosure / news release 13th of March 2018

Three things:

This looks like an Intel-sponsored hit on AMD to 'level the playing field'

The web domain was registered well in advance of any warning being given to AMD - because we're a security company, so fuck security we've got marketing to do: flashy website and high-production-value YouTube videos here we come!

Just like hacking evolved from a hobby into serious criminal enterprise, security disclosure has turned from noble and responsible act (with some self-advertising for employment purposes) to blatant stock market manipulation.

Other things:

- The amdflaws.com domain was registered with a 2-year expiry (22/02/2018 - 22/02/2020)

- The cts-labs.com domain was registered with a 1-year expiry (25/06/2017 - 25/06/2018)

- Both were registered with GodAddy

- Linus Torvalds gets more respectable the more outbursts I read about

DeKrow

Re: Closed black box firmware

No, AMD doesn't look as bad as Intel, unless you're taken in by all the sparkles and glitter in the news release.

And since when is Intel cheaper? Not in my living memory has Intel been the cheaper option.

Gits club GitHub code tub with record-breaking 1.35Tbps DDoS drub

DeKrow
Pirate

Grey hat response...

Would an appropriate response to those who take too long* to secure their systems be to cross-fire DDoS's between the various insecure systems until they magically become either secure, offline, or blocked by upstream network providers?

*tolerance dependent upon seriousness of potential in combination with inaction after notification.

Australia joins the 'decrypt it or we'll legislate' club

DeKrow

Only the ones running the country...

Hua-no-wei! NSA, FBI, CIA bosses put Chinese mobe makers on blast

DeKrow

Re: China trash.

Feeding the troll here, but Cisco gear was proven to have been modified by the NSA prior to shipping to non-US countries. So, yeah, buy Cisco and be owned, LOSERS.

I think the position of the US is "We're doing all these things, so we expect them to be doing it as well. But not on our front lawn!"

It's understandable, but unfortunate, and there's no 'good guy'. What's surprising is that it's taken so long to reach this point.

I'll torpedo Tor weirdos, US AG storms: Feds have 'already infiltrated' darknet drug souks

DeKrow

The Middle Men are the Problem!

We'll go after the middle men!

They're making profits that we can't tax, therefore they're a disposable resource for the scoring of political favour. We can't go after upper management because they're essentially our bosses and are thought leaders in the structure of our way of life.

America restarts dodgy spying program – just as classified surveillance abuse memo emerges

DeKrow

Re: Fundamental Situational Correction ... Lunatics in Charge of the Asylum vs AI Bombes in Nations

Yes, you're right, I didn't see it initially, I was one layer too low.

It's the ultra-minority influencing the voting majority such that the informed minority are left without a voice. To quote Jeffrey Lebowski "my thinking about this case had become very uptight"

Thanks for loosening the hinges on the doors of perception.

DeKrow

Re: Good news for Yandex and AliBaba

I was informed it was a buck o five.

DeKrow

Re: Good news for Yandex and AliBaba

China is the asymptote to the US' trajectory

DeKrow

Re: Help is Available for Any Such Condition/All Such Situations. *

So you're saying they've brought it upon themselves?

If so, I agree, but I lament for the minority that are being swept along by the rest.

DeKrow

No longer recognise the US

This is one of those logical fallacies, and I know it, but I still want to fall into it's trap:

How can anyone take other US laws seriously, which deal with far more trivial matters such as copyright infringement, when the screw things up so terribadly on the important stuff?

The US, in it's march towards fascism, may well find itself tripping and falling into anarchy.

Linux's Grsecurity dev team takes blog 'libel' fight to higher court

DeKrow

Re: Way to damage your own credibility

Freedom of speech except if you're actually an expert on said topic?

That sounds a lot like what the US would be aiming at.

Intellectual Property Office drops, er, patently cool cartoon to teach kids about trademarks

DeKrow
Black Helicopters

Key Life Skills

A basic understanding of IP and a respect for others' IP rights is therefore a key life skill.

Is "Protecting your online privacy from advertisers and governments as well as predators and groomers" a course given to all primary school students as well? I'd rate that a fair higher priority - as in, IP rights are barely visible from this height.

Obvious government priorities are obvious.

Uncle Sam's treatment of Huawei is world-class hypocrisy – consumers will pay the price

DeKrow

Remember how the US Government (via the NSA) was accessing Google's servers via an exploit?

Blame is on all sides; the finger pointing can legitimately go in all directions. The point of this article is to make clear the hypocrisy of the finger pointing and deal-breaking.

US House reps green-light Fourth Amendment busting spy program

DeKrow
Trollface

Just setting a precedent

They're actually being very clever. By setting a precedent that they can pass legislation that effectively ignores parts of the constitution (whether literally or 'in spirit'), it's paving the way for tougher gun laws because constitutional arguments against gun control will no longer have any sway.

Taking off the troll mask for a minute, they can write words to get around the literal meaning of the constitution in order to pass police-state-style legislation like this, but no amount of English-language sorcery can explain itself around breaking the mathematical rules behind encryption. Thank goodness.

Totally shock claim: Comcast accused of gouging TV rivals

DeKrow
Mushroom

Neutral

Isn't this "the market" at work? If Comcast has gotten itself into a commercial position such that smaller players are forced to accept less-than-ideal contracts, isn't that just the fulfillment of The American Dream?

FCC douses America's net neutrality in gas, tosses over a lit match

DeKrow

Politics

Politics is now a sport. It's played by those who either have or desire corporate sponsorship.

Running a country is tangential; almost a by-product. They choose a 'play' that they think will win, no matter the short- or long-term effects, and they follow through with all the will and commitment to make sure it does win.

They even have flags, hats, screaming fans, team colours, mascots, chants...

US government seizes Texas gun mass murder to demand backdoors

DeKrow

No room for 7,000 more

Aren't their jails already full? Lucky they can't get into the 7,000 phones, because they'd surely find SOMETHING to put those 7,000 phone owners into government-sponsored corporate slavery jail for.

DeKrow

Shoot the phone?

All US problems can be solved with guns, fists, or cars.

Any problems created by unpatriotic miscreants that can't be solved with the above shall result in legislative changes such that those kinds of problems no longer exist.

Anything more complicated can't be allowed because movie and TV audiences won't like it. I mean, the denoument of the first season of Heroes (yeah, the show with cool super-power kids) was a fist-fight between two multi-powered mutants. A fist fight?

And we wonder why they struggle with the concept of encryption.

US domestic, er, foreign spying bill progresses through Congress

DeKrow

North Amerikorea

At what point does the US become a rogue state? Has it passed that point?

The history of the US is littered with decisions and directions based on paranoia. The importance they continue to place on their independence corrupts their view of opposing ideologues, so much so that they twist these opposing ideologies (and religions) into existential threats to their very way of life.

The power of human denial is so strong that, as per another Reg article, encryption of a communications device is a more important issue to deal with than gun ownership, because "It was through these guns that we earned our independence from The British Empire". Anyone who thinks differently in any manner is each partiotic US citizens equivalent to a soldier of The British Empire of 200 years ago.

Trump is the perfect embodiment of this, he is the leader they deserve, and the leader the world deserves having let them earn it through years of subservience.

(Not all US citizens are tarred by this brush, obviously, but Trump won the election, so, you know, majority)

Verizon whips out Big Johnson to lure FCC into axing US states' net neutrality, privacy rules

DeKrow

Re: State law over-rules Fed law

I've been involved in infrequent discussions about whether the States in Australia need their own government separate to Federal. I was a bit neither here-nor-there about it until relatively recently when it's been the States doing their own thing on renewable energy pretty much diametrically opposed to what the Federal Government is pushing for.

The end result is that the States are being progressive whilst the Fed are being classical conservatives.

Whilst the topic of renewable energy is a divisive one, it's the example that made it clear to me. I'd probably be annoyed if the situation was reversed (Feds pushing renewables and States stalling), but the point is the overall 'balance' provided by having two layers rather than one.

Ironically, but also entirely predictably, the power players that politicians think they are will keep each other in check to a certain extent lest they submit to the 'power' of the other. Disagreement because agreement may be seen as weakness. /cynicism.

It's one of those rare situations where two wrongs make a pretty-much-right or a best-that-we-can-expect.

DeKrow
Mushroom

Lisa Simpson said it pretty well

"And this will be one nation, under the dollar, with liberty and justice for none."

Vlad the blockader: Russia's anti-VPN law comes into effect

DeKrow
Stop

If Russia implements anything like the Great-Firewall-of-China, most of the methods you list will be detected and blocked. The Chinese one is scarily "smart". This article is very interesting:

http://blog.zorinaq.com/my-experience-with-the-great-firewall-of-china/

US Congress mulls first 'hack back' revenge law. And yup, you can guess what it'll let people do

DeKrow

Re: erm isn't this what law enforcement is for?

If nothing else, your commentary is incredibly useful for providing an insight into the way certain individuals think.

Things to note:

- Lumping murder and rape together with robbery

- Using rape and murder as a comparison to copyright infringement / IP theft or other hacking related crimes

- Comparing a "caught in the act whilst physically present to witness" crime to a digital crime for which the thorough analysis of logs is required in order to confirm whether a crime has even taken place. The very quote you chose from the article means that an immediate response is excluded from this law.

Overall you come off very "kill 'em all and let god sort 'em out", even without your S&W bumper sticker. That's just the teflon on the tip.

/me isn't worried about your Smith & Wesson when I'm thousands of 0.62 miles away.

DeKrow

Re: Hacking back against forged attacks

They're an odd mix of throttlingly tight control in some areas (copyright - where money is at risk but lives aren't) and "go get 'em tiger" chaos in others (abhorrently loose gun control - where lives are at risk but money isn't).

This revenge hack thing sits firmly under chaos, the necessity of which is driven by "corporate / IP" psychopathy.

Very plain to see what's important to those who occupy the halls of power in the ol' US of A. Land of the free, so long as you can wrench that freedom from thy neighbour's cold dead hand like the true winner you are!

U! S! A!

U! S! A!

U! S! A!

P.S. If this law passes, the ultimate challenge to a black hat hacker is this:

Create a circle of forever legitimate revenge attacks between Apple, Google, Facebook, and Microsoft.

Australia launches critical infrastructure security reforms

DeKrow
Holmes

But how else do you expect them to be able to maintain their claim that they're better economic managers than "the other guys"? They gotta keep their budget in the black by selling everything, so when the cycle turns and they lose power, whoever takes up the mantle has to spend big time on infrastructure and projects to rebuild the country. That way they can keep pointing their fingers at the other guys and saying they're wasting tax payers money. WIn-Win in their eyes.

How bad can the new spying legislation be? Exhibit 1: it's called the USA Liberty Act

DeKrow
Big Brother

The meaning of words

The USA Liberty Act is to liberty as the Australian Liberal Party is to liberalism.

The US takes another step towards (or further into - fuhrer into?) totalitarianism.

Australia approves national database of everyone's mugshots

DeKrow

Australia is a testing ground for US anti-terror laws

Australia has 'beaten the US to the bottom' in a few recent terror-knee-jerk-legislation-reactions.

Firstly, there was the mandatory metadata* retention by ISP's. There was a lot of argument about how the data would be managed and fears of rubber stamping access to said data, which was allayed by our honourable leaders as unfounded as warrants are required in order to access the data. There is some belief that this legislation, down the slippery slope, may be used for policing copyright infringement.

Here are some articles proving how unfounded these fears were:

https://www.theguardian.com/australia-news/2017/apr/28/federal-police-admit-accessing-journalists-metadata-without-a-warrant

https://www.itnews.com.au/news/australias-data-retention-scheme-is-still-a-mess-456421

(excerpt:

The RSPCA, state coroners, and the Environment Protection Authority are also using powers in their own statutes to circumvent their exclusion from the data retention scheme.

Such organisations were among those lobbying the AGD to be designated a criminal enforcement agency under the TIA Act, a classification that is required to access the data.)

https://www.techdirt.com/articles/20170819/15471638040/australian-govt-accessed-domestic-metadata-thousands-times-shared-some-it-with-china.shtml

Secondly, we have legislation to require ISP's to have their network infrastructure changes authorised by the office of the Attorney General's Department to ensure the ISP's aren't implementing changes that may decrease Australia's national security vulnerability. This sounds a little like the pre-cursor to the Kaspersky kerfuffle in the US.

Article:

https://www.itnews.com.au/news/brandis-hits-telcos-with-new-security-reforms-405808

Thirdly, we have our fearless leader Malcolm Turnbull implying Australian law trumps the natural laws of mathematics:

http://www.abc.net.au/news/2017-07-14/facebook-google-to-be-forced-to-decrypt-messages-fight-terrorism/8707748

Specifically this quote:

"The laws of mathematics are very commendable but the only laws that apply in Australia is the law of Australia."

... and now we have this facial recognition database.

If it can be passed in Australia, it can probably be passed in the US and UK. Australians have a history of not putting up with this sort of shit, so it makes sense that it gets tested here first and if it passes then it can go up the chain to the more paranoid countries. The fact these things have passed in Australia already means that Australia has become one of the paranoid countries. Sad times.

Don't sweat the small stuff, she'll be right mate. There's less of that; more people that like to get in everyone else's business. But we generally got up did something for the stuff that mattered. Now we just reach for another beer, or change channels to the Bachelorette. Or both.

Australia is another US in the making, ably led by Turnbull's Liberal Party (which is still really Abbott's Liberal Party). Not that the alternative offers much of a change of direction.

* For the definitive explanation of metadata, please search YouTube for "George Brandis Metadata"

Five-eyes nations want comms providers to bust crypto for them

DeKrow
Big Brother

Re: "deal with the relentless threats of terrorism"

The only "threats of terrorism" I'm relentlessly exposed to are those from various governments continually threatening to erode privacy, human rights, and civilisations existence through various forms of denial of facts and paths of causation.

Things that terrify me more than the spectre of terrorism:

The trend of government control fetishism

Riding a bike alongside humans driving cars

My children learning to drive amongst said humans driving cars

Governments that use the word 'mandate'

Wilfully ignorant people with the right to vote

Skepticism of the scientific method

The weight given to anecdotal evidence

The government spending tax payer's money on a new coal-fired power station (what century is this?)

The lack of security around the electricity grid against the constant threat of squirrorists

Australian govt promises to push Five Eyes nations to break encryption

DeKrow
Coffee/keyboard

Law hierarchy

Natural laws > Human laws

For example:

Mathematics > Legislation, in the same way that

Evolution > Creationists desire for evolution not to exist

Where's Reality's Esc key?

Look who's joined the anti-encryption posse: Germany, come on down

DeKrow
Meh

Option 3 - Limited to...

If Option 3 is the 'solution' they're aiming for, it could be a human-rights-friendly (or at least a less human-rights-violating) solution if, and only if, a warrant is required to alter the target's phone.

From what I've read, most of the recent terrorist attacks have been committed by people already on the radar of the various agencies (and this is it's own issue and probably more pertinent than the encryption discussion, but isn't the point I'm trying to make here). That being the case, could "being on a watch list" be a valid, minimally human-rights-violating, option for getting one's phone OS modified for the purposes of spying?

(also assuming that there can be scales of acceptability for human rights violations, and the 'slippery slope' and all that).

Of course, it gets into seriously blurry grey area once you start to list people that have been on watch-lists and no-fly lists and "harass whenever they cross the border" lists who would be 0% chance of performing an actual terrorist attack. That's where "trust" is a puzzle that's very difficult to put back together.

Five Eyes nations stare menacingly at tech biz and its encryption

DeKrow

Re: Pointless

If legitimate companies have to put back doors in all their encryption schemes doesn't that just mean terrorists will buy their encryption from criminals or roll their own?

I actually see it going a different way. If legitimate companies have to put back doors in all their encryption schemes doesn't that just mean terrorists will target these back doors, and if (when) successful, will have the keys to all the kingdoms and thus be able to cause much larger scale terror than a few suicide bombs ever could.

mumble groan law of unintended consequences grumble moan concentration of power creates a more likely target something something.

DeKrow
Holmes

And what then?

If new laws come to pass enforcing that which goes against the advice of all the experts on the topic, what is to be done / blamed / politicised against / axe ground upon when, inevitably, there's another "terror" attack?

Will the five-eyes governments guarantee that these democracy-threatening, privacy-invading, human-rights eroding laws will banish the spectre of terrorism from western civilisation for as long as these laws are in effect? If not, then the risk is not worth the reward. I wouldn't sacrifice the very core of my being for a (slight lead in the polls) "somewhat likelihood of a reduction in terror-related events". But maybe that's just what separates politicians from worthwhile members of society.

Let's Encrypt in trademark drama

DeKrow
Trollface

Re: Oh, they've replied now.

It sounds as if Comodo has found their avenue for 'revenge' after Let's Encrypt 'stole' the concept of 90 days from them. Trolls.

Let's Encrypt should rename themselves Komodo in return and offer 120 days free SSL certs.

NASA's stadium-sized sandwich bag overflies Oz

DeKrow
Trollface

CC

I wonder if they'll try and manipulate any climate change statistics out of this?

amiritelester?

Australian Federal Police say government ignorant of NBN raids

DeKrow
Holmes

Raises more questions

Does this get added to the "increased surveillance keeps us safer" ledger?

Did Australia lower it's terror threat level, justifying the Feds spending time on the campaign trail for the incumbent government?

Supernova bubble clocked at 19,000,000 km/h

DeKrow
Trollface

Consensus?

Is there scientific consensus for any of the statistics or results mentioned in this article? Seems like a bunch of the information comes from NASA who have been promoting things like climate change. How can we believe any of this guff?

United Nations orders plan for tackling online terror propaganda

DeKrow
Mushroom

Post WWII Foreign Policy

See icon.

Australian Greens don't believe Silicon Valley can save the world

DeKrow
Facepalm

Re: RE: julian.smith Read the post and do a google search.

Jesus, talk about Scorched Earth. julian.smith merely asks for citations for seemingly outrageous claims and you start a politically biased rant.

Admittedly, julian.smith didn't also provide citations for his claim of "evidence based" policy from the Australian Greens, but you seem to have missed that entirely in favour of said rant.

A modest proposal: dump the NBN mess on Telstra

DeKrow

I see what you're trying to say, but using the argument that FTTN is a stepping stone to FTTP would also allow the Libs to use that argument to say they were "on the right track" anyway. The additional and on-going expense of powering and maintaining the FTTN nodes is one of the useful arguments against the Libs version of the nbn, since it's not really a stepping stone to FTTP.

How to evade the NSA: OpSec guide for journalists also used by terrorists

DeKrow
Pint

Re: a bloke in the pub told me that...

SPLITTERS!

FBI's PRISM slurping is 'unconstitutional' – and America's secret spy court is OK with that

DeKrow
Unhappy

Re: Those of us in other countries may laugh now

How sad is it that we have to resort to a "yeah, but we're still better than them" argument. I might have failed maths but I didn't fail as bad as that guy!

It's a race to 2nd to bottom. And with North Korea behaving as it does, there's still a lot of scope for slippage.

Waleed Aly's NBN intervention is profoundly unhelpful

DeKrow
Facepalm

Unhelpful? Let's call it going a small distance to balance the ledger

Whilst Waleed's comments may not necessarily be absolutely technically correct, they're at least on the correct side of the argument. I'm a bit squirmy about having this opinion because I'd prefer the whole argument to be solid, but we in Oz are in serious need of arguments, or even rhetoric, that reaches the masses on a non-technical level to balance out the even-more-technically-incorrect statements coming out of the mouths of those who actually do know better.

For example:

https://delimiter.com.au/2016/04/05/nbn-ceo-morrow-says-hfc-will-30gbps-fttn-5gbps/

https://delimiter.com.au/2016/03/22/google-fiber-shows-people-dont-want-fttp-says-morrow/

And then there's all the political posturing:

https://delimiter.com.au/2016/04/06/fifield-keeps-pressure-labor-lack-nbn-policy/

We don't want the 2016 election result to be considered a 'mandate' to avoid FTTP, and getting the message out to the mass-market, rather than just the technologically literate crowd, is what's necessary for the government to have the vague possibility of getting the message.

Good on you Waleed Aly.

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020