* Posts by noj

80 publicly visible posts • joined 1 Aug 2015

Page:

Comcast staffers join walkout over Trump's immigration crackdown

noj
Thumb Up

A comment worth thinking about.

Russian hackers got Trump elected? Yeah, let's take a close look at that, says Obama

noj

"... let's take a closer look... "

There is an excellent article on The Intercept on the topic of this article:

https://theintercept.com/2016/12/10/anonymous-leaks-to-the-washpost-about-the-cias-russia-beliefs-are-no-substitute-for-evidence/

IMO its a worthy read.

Apple hires crypto-wizard Jon Callas to beef up security

noj

Re: no useful info?

I wonder if the FBI even broke into that phone. How can you trust anything that comes from the FBI when Comey lied so many times?

Stop resetting your passwords, says UK govt's spy network

noj

I only skimmed all the posts

So I might have missed it but I didn't spot mention of a password manager. I have well over 100 passwords, professional and personal. I don't trust clouds with my password vault so I keep on an encrypted computer. Of course there are encrypted backups too.

My organization requires password changes every 90 days. I'm fine with that; I just create another password using the password manager and I'm good. When there is no password change expectation I change them periodically anyway. A forum password won't be changed as often as a financial institution password but they all change eventually.

I feel the effort is worth it and not much of a bother given the benefit. If there is a breach at my bank, my hope is that I've changed it before it can be used by someone other than me.

I feel like a good password manager that works with your workflow is the easy answer to what, in my opinion, is just one of the more mundane but necessary parts of living in the digital age. I have strong passwords, changed with some frequency, and stored as safely as I can come up with.

FBI boss: We paid at least $1.2m to crack the San Bernardino iPhone

noj

we'll believe you when you can PROVE you're telling the truth.

"It's easy to paint the FBI or the FBI director as the enemy of privacy. I love privacy. I'm a huge fan of strong encryption."

Q: How many lies can an FBI Director tell before he's censored?

A: As many as he wants to.

FBI's PRISM slurping is 'unconstitutional' – and America's secret spy court is OK with that

noj

Re: And this is why

Meanwhile, encryption itself is under attack in the US. If the FBI is successful in its continual attempts to get back doors into operating systems, encryption is a moot point.

Upvoted anyway because I would like Apple to fully encrypt all their devices too.

Tweak Privacy Shield rules to make people happy? Nah – US govt

noj

its complicated

or maybe not.

See Reg article "FBI's PRISM slurping is 'unconstitutional' – and America's secret spy court is OK with that" http://www.theregister.co.uk/2016/04/20/public_advocate_fbi_actions_are_unconstitutional_secret_court_nah_were_good/

What this article says to me is that regardless of Privacy Shield or any of the versions that follow, one or more department in the US government will do what it damn well pleases anyway. And that's something we've all known for a while.

FBI Director defends iPhone 5C unlock tool that's obviously going to leak into wrong hands

noj

FBI Director James Comey says...

Whatever. It doesn't matter. Nobody believes you anymore.

Mal Men men hit LiveJournal with Angler exploit kit

noj

more justification for ad blockers

Ditto to others who have said the same.

Adobe will track you across all your devices with new co-op project

noj

Re: Note to Adobe:

@Zolko: Thanks! I have both on FireFox. The way the article was written - to my understanding - What Adobe had concocted was something new and therefore maybe not thwarted by current blockers. Glad to hear that the ones I already have should work.

@Shadow Systems: I should have said in my first post that I have a Mac - but then other not-as-tech-savvy like myself who are on Windows machines would not have had the benefit of your advice. A very sincere thank you for spending your time writing such a detailed post.

noj

Re: Note to Adobe:

Plenty of love in the posts here. What I want is a blocker that sticks it to their trackers.

Suggestions most welcome...

iOS flaw exploited to decrypt iMessages, access iThing photos

noj

Re: Nation-state?

Up voted...

Good point!

Question for all: Have we ever heard of a zero-day exploit from our own nation states?

Obama puts down his encrypted phone long enough to tell us: Knock it off with the encryption

noj

bad analogy

Obama and others say authorities have the right to break into someone's house and rifle through their drawers when a person is suspect of doing wrong.

Obama and others claim authorities have always had the right to do this. But doing so has always meant singling out specific suspects, putting in some work to insure you have something of a case, getting a warrant, and going after those specific suspects.

Installing backdoors allow authorities to rifle through everyone's digital drawers whether suspect or not. It effectively bypasses the entire process of going after only those who are suspect, the need for a warrant, and so on. And All Writs was not written with effectively putting the entire population under surveillance in mind.

So no, Obama, its not something authorities have always had the right to do and no, you or anyone else should not have the right to do it now.

noj

I don't know if anyone else has posted this, but if a backdoor is forced on all phones then that backdoor will most likely be accessible remotely. The FBI wouldn't be satisfied with having to go after individual phones. And once the backdoor is compromised all of the phone related data, in the cloud or only on the phone, will be there for the taking.

On a different note, I watched the video of Obama. He goes on with the rhetoric about stopping terrorists and catching pedophiles - then says something about catching people who cheat on their taxes. After that he says that predictions of an Orwellian society are overblown.

The road we are traveling down looks very dark ahead.

noj

Re: best comment ever

@AC: No. I mean by not marching into another country and destroying it.

noj

best comment ever

"If you are concerned about terrorists, then you should be working on building a society that terrorists don't want to destroy."

And where you start is by not destroying their society.

Apple: FBI request threatens kids, electricity grid, liberty

noj

the average customer

I don't think people on this forum are average customers. And I don't think the people in Security who decide whether a device has access to their business are average customers either. I know of one such institution that prefers the iPhone precisely because of its "walled garden" and the fact that it will erase itself after 8 attempts.

There will always be a majority of people who don't care about security. And some of them are going to suffer for it. That doesn't mean that a the option shouldn't be available for those who do care.

For the record: I have an iPhone. I work at at a pediatric hospital. I want to be able to be in touch with my hospital 24x7 to provide the best support I can. And I want to protect those kids by having the best security possible for the hospital and that includes the devices that attach to it. I don't care who manufactures the device or what their motives are, profit or philanthropic, as long as they are secure and the more secure the better.

More and more Brits are using ad-blockers, says survey

noj

Re: @ noj

@Someone_somehere:

Not considered criticism at all; I asked for comments and received very detailed and well intended post from you. Thank you.

noj

I use Tor anonymous browsing and fully unfilter-bubbled searches, Firefox for other browsing, and Safari for specific sites that disallow Tor or can't get past the Firefox safeguards below.

After reading some of the posts here (well, all of them) I took a look in my FireFox Add-Ons to see what I have there to block ads. I was surprised to see quite a collection of add-ons that I've collected over the years. Might be some overlap - need to prune: Click-per-pay element, Clickjacking Reveal, Disconnect, Facebook Disconnect, FlashOnOff (always off), Google Disconnect, HTTP Nowhere, HTTPS Everywhere, NoScript, PrivacyBadger, and ShareMeNot. I also run Cookie, which is set to remove any type of cookies, flash stuff, browser databases, and clear cache of all browsers.

All browsers are set to remove all browsing history, cookies, etc when they close and when browsing I frequently hit Cookie to clear everything out when going to more than one site during a browsing session.

I don't have an ad blocker (yet) on my desktop because I don't like sending my browser choices to an external site for filtering. If anyone has a suggestion for an ad blocker like 1Blocker (below) please let me know.

I use 1Blocker on my phone because it sends me a list of ads to block and it doesn't send any info to an outside web site. Funny, I can't decide which ads to block on my phone so I just chose the "block all" button and haven't thought about it since.

Google gives ringing endorsement to US VPN providers with 'right to be forgotten' expansion

noj

perhaps just not using Google will help

Walked away from Google search a long time ago, after learning what filter bubbling was through a TED talk. Then walked away from Gmail and started using email aliases instead of my "real" address.

A couple of times a year I Google search myself and as time goes on see less and less "front page" references to my real name that actually refer to me. This seemed to accelerate as I discovered how to block cookies, ads, and the like.

I don't doubt there is still information about me on some Google boxcar. But the less I add to it the happier I am.

French parliament votes to jail tech execs who refuse to decrypt data

noj

Re: Irrelevant to Apple, even if they pass it

"Apple is fixing the method by which the FBI is trying to get them to hack their phone. By the end of the year 80% of all iOS devices will be running iOS 10 and be immune to this."

Question: Where did you get this? I'd like to read the article.

Thanks...

Apple fires legal salvo at FBI for using All Writs law in iPhone brouhaha

noj

@Valarian: I often think of this one:

"And where once you had the freedom to object, to think and speak as you saw fit, you now have censors and systems of surveillance coercing your conformity and soliciting your submission. How did this happen? Who's to blame? Well certainly there are those more responsible than others, and they will be held accountable, but again truth be told, if you're looking for the guilty, you need only look into a mirror. I know why you did it. I know you were afraid. Who wouldn't be? War, terror, disease. There were a myriad of problems which conspired to corrupt your reason and rob you of your common sense."

noj

Re: One thing I don't understand

@ Neil Barnes: "What are 'they' trying to find?"

IMO the short answer is, they (FBI and more) are trying to find out if they can force a US company to install a backdoor in its product. It has absolutely nothing to do with finding anything useful on the phone itself.

noj

Re: perhaps Apple should install a panic button

@AC and "The iPhone already has that facility..."

What you say may be true. And I have a very long alphanumeric passcode that would insure more than 8 tries. But then that means having to have an argument with customs and the delay it entails in crossing a US (or any other) border where the passcode might be requested.

Rather, I'd like to just wipe everything I consider sensitive on my way to the border with a single button. That way when access to the phone is requested I could honestly say, "Sure. I have nothing to hide," hand over the phone and the passcode and everyone is happy.

A side note: There is the possibility of malware being placed on the phone while in their possession. I already backup my phone regularly and always just before I travel. If my phone is accessed by the authorities when I get back home I would wipe the phone completely and restore from backup. That may not be a bulletproof solution but its the only one I can think of. Other suggestions are welcome.

One last thing: "I'd be careful with Silent Circle..." Please elaborate. I don't use SC (can't talk anyone into using it) but I follow their product development. I would ask that you include Signal Private Messenger in your comments since I do occasionally use Signal. Thanks.

noj

perhaps Apple should install a panic button

I just saw a Silent Circle iPhone app feature update that allows wiping all conversation history. Its under SC Settings and labeled "Wipe Silent Phone" with the description "Clear application data and log out."

It would not take a lot to install the same feature on the iPhone. I already clear all cache and cookies after each browser session. Combine that with the ability to wipe all text history, phone history, and location history and I'd have just one button to push. I like that.

noj

but when you look at it a different way...

"Today's filing points out that the legal action wouldn't have been necessary if the FBI hadn't stupidly changed the shooter's iCloud password..."

Given the political and legal maneuvering of Comey et al, I would say the word "stupidly" could reasonably be replaced with "shrewdly".

The other one. No, not WhatsApp. Telegram. It hit 100 million users

noj

Re: No Love For Signal?

Not to mention encrypted phone calls. I use Signal as well. FWIW I have mentioned Signal, here on The Reg and elsewhere, but few people comment on it.

Latest in Apple v FBI public squabble over iPhone crack demand

noj

Pew Research Center

May be as reputable for lack of bias as claimed in the article but I question whether it can really depict public sentiment after reading this article:

http://www.slate.com/articles/news_and_politics/politics/2012/05/survey_bias_how_can_we_trust_opinion_polls_when_so_few_people_respond_.html

where Pew itself said that only a 9% response rate to telephone opinion surveys.

FBI says it helped mess up that iPhone – the one it wants Apple to crack

noj

Re: Cook is just grandstanding

@Peter R. 1: Some of your comments have merit but you've left out some important points. Apple products, the iPhone in particular, have generally become more secure and more private with each generation. This trend has accelerated since Cook became CEO. Also, Cook publicly stated that privacy was a goal quite a while back, not "...all of a sudden..." as you assert. Here are some links that support my comments:

http://www.theguardian.com/technology/2015/feb/13/apple-ceo-tim-cook-challenges-obama-privacy

http://www.theguardian.com/technology/2015/jun/03/apple-tim-cook-google-facebook-privacy

http://www.theguardian.com/technology/2015/feb/13/apple-ceo-tim-cook-challenges-obama-privacy

https://www.eff.org/who-has-your-back-government-data-requests-2015

https://www.eff.org/secure-messaging-scorecard

noj

Re: longer passcodes?

@Pascal Monett: Thanks for the link! Funny, makes the point.

noj

longer passcodes?

Recently read this article on The Intercept, basically about using longer passcodes to keep an iPhone secure:

https://theintercept.com/2016/02/18/passcodes-that-can-defeat-fbi-ios-backdoor/

Makes sense to me - but I'm not a super tech. Comments from more knowledgeable folks on this thread are most welcome!

Global crypto survey proves govt backdoors completely pointless

noj

Reg: please update link

https://www.schneier.com/cryptography/archives/2016/02/a_worldwide_survey_o.html

I may have missed it, but a quick glance through https://www.schneier.com/blog/archives/2016/02/ didn't yield a title that looked like it had the mentioned survey

Thanks!

US Congress locks and loads three anti-encryption bullets

noj

its probably just a matter of time

Before laws are passed that hamstring US companies, back doors are required, secret deals are a given, and the whole damn thing is compromised. Whether or not US citizens or anyone else is put at risk is irrelevant. Whether or not US businesses are put at a disadvantage in the world economy is irrelevant too. Whether or not all the information gathered makes the US safer or not is also irrelevant. The US has an insatiable appetite for gathering every shred of information, regardless of its usefulness, and there is absolutely no laws domestic or foreign that will force it to do otherwise.

Would any other country really be able to resist the temptation to do the same if they had the ability to do so as the US does right now? I doubt it. But that doesn't make the US right in doing it.

What a shame. All that creativity, all that computing power, all that potential for doing good in the world, set aside to be the equivalent of a neighborhood bully.

Brit spies want rights to wiretap and snoop on US companies' servers

noj

"Curiously, that doesn't seem to bother the US government. "

You mean the same US government that has total disregard for its own laws?

Who would code a self-destruct feature into their own web browser? Oh, hello, Apple

noj

Working for me too. Each browser has its pros and cons; there's no one size fits all. I use three browsers: Tor, Firefox (with lots of privacy add ons), and Safari. Which one I use depends on what I'm doing. I consider it leveraging the strengths of each browser rather than pushing it to do something its not good at.

NSA snooped on German chancellors for DECADES: Wikileaks

noj
Joke

Might be easier to simply list the people the NSA did NOT spy on. There must be someone out there that's never used a phone, US mail, credit card, only uses cash, been seen on a street cam...

Layoffs! Lawsuits! Losses! ... Yahoo! is! in! an! L! of! a! mess!

noj

Re: Wait, what?

@JamesPond: There are many other options. Try a search on "email service comparison" to see some choices. You can add words like private, free, secure, client to narrow your search. I did the same and moved from a free service to a paid one to take advantage of some special features important to me.

NOTE: This is not a rant for or against gmail or any other email service. Simply a response to your saying "...what other choices are there?"

Europe wants end to anonymous Bitcoin transactions

noj
Thumb Up

Re: Numpties

@Arthur the cat: Thanks for a good chuckle this morning...

Most of the world still dependent on cash

noj

Re: Eh?

"With an online order, you can order it before you even arrive and have it ready for you when you walk in the door. "

Not criticizing your logic, but if I really want a beverage that quickly I can have it before I walk OUT the door AND use cash! All I have to do it open the refrigerator...

Senate marks Data Privacy Day with passage of critical bill for Safe Harbor

noj

"The details of that agreement are still currently a closely held secret."

"A guarantee from liars is but a walking shadow, a poor player,

That struts and frets his hour upon the stage,

And then is heard no more. It is a tale

Told by an idiot, full of sound and fury,

Signifying nothing.”

(with apologies to WS; this was just the first thing that came to mind)

Cops hate encryption but the NSA loves it when you use PGP

noj

Re: The more, the merrier?

@ZSn: No geek here, but I was able to setup up PGP on a Mac's Apple Mail client using GPG Tools in very little time. Click to sign, click to encrypt or not... its ridiculously easy to use. Technical support was great too.

For me its actually a lot harder for me to find other people within my circle of friends who will send PGP encrypted email back and forth. So I don't encrypt anything but I like signing my email. I guess that's better than nothing.

Safe Harbor 2.0: US-Europe talks on privacy go down to the wire

noj

Re: simple question..

I agree. There are alternatives that already exist for most US-based software. And with China getting into the chip market that's a big step toward replacing hardware as well.

noj

safe harbor or not

the US alphabet departments will continue to slurp data from all over the world. Given their actions and the complete inaction by US government to curtail their actions there will be no change.

NASA, Dept of Defense, Commerce etc probed over use of backdoored Juniper kit

noj

Grilling government officials by government officials is nice. But if Comey and others can lie to Congress without penalty then this probe is nothing more than a show.

Five technologies you shouldn't bother looking out for in 2016

noj

"...look around at your colleagues and tell me honestly whether you think they’re hot..."

The field may never be considered sexy or hot but please don't extend it to the people who are in it.

Sorry to disappoint, but 3 of my female colleagues are among the hottest women I've ever met. Smart, successful, great to work with and easy on the eye. And before you ask: too late they're all happily married and no, I will not tell you where I work.

200 experts line up to tell governments to get stuffed over encryption

noj

Its true that the agencies can't deal with all the traffic now. But what they are most likely banking on is that computers will get more powerful, analytics more precise, to the point that all that data will be easier to utilize later on. I would think that some politicians are thinking the same thing. When looked at that way surveillance hasn't even started yet. We're merely in the data collection stage.

LogMeIn adds emergency break-in feature to LastPass

noj

Re: AgileBits

@JimmyPage: Thanks for the upvote. I can't speak to the difference between LastPass and 1Password. Any knowledge of other password managers I have is dated; I started using 1Password a couple of years ago and have been satisfied since. When I hear someone dissatisfied with their password manager I suggest taking a look at 1Password because I'm happy with it and maybe that person would be too.

Also, unlike some of the people I've seen posting here, I'm not super technical. So I can't promote my choice based on 1Password's technical superiority over any other password manager. What drew me to 1Password was the fact that its AgileBits' flagship product, my experience with customer service has been well above average. AgileBits is continually improving 1Password in ways I approve of. Within days of Heartbleed OpenSSL AgileBits had implemented an upgrade to warn of sites that had not yet patched. When I communicate with product support I receive answers I understand and in a timely manner. In the 1Password forums I see the same help for others in addition to those with more technical background being pleased with the answers they receive as well. For someone like me these are features that sell a person on a product.

In spite of all that, again, I'm not super technical. I don't try to sell 1Password. I just suggest that when people are looking to select a password manager that they take a look at 1Password too.

noj

Re: Seems sensible ...

FWIW I use 1Password by AgileBits. Not open source, so if that's a deal breaker read no further. It also isn't free but I think its worth every penny.

Lots of nice features, easy to use. Allows select cloud syncing but also my preference, which is syncing via wifi.

Active forum, constant CPI, responsive support. Spent a lot of time emailing their support with questions, always received great answers and sometimes a warm reception for a recommended change. If you're still searching for a replacement to FastPass, consider taking a look at AgileBits and 1Password.

Disclaimer: None. I have no affiliation with AgileBits except being a very satisfied customer.

OK Google? Firefox to nibble Chrome extensions from 2016

noj

Re: why do I stick with Firefox?

Ditto except for sniffing other browsers. I have no complaints with Firefox. I don't get the reminders that others are remarked about, but I do get all the add ons I want including NoScript, Disconnect, Privacy Badger, and HTTP Nowhere. Speed is not an issue for me either with all the ad and tracking stuff blocked.

Former security officials and BlackBerry CEO pile in on encryption debate

noj

maybe its all just a distraction

In the greater picture of things the back door encryption debate is just a straw man that directs attention from the real debate. Both sides know that weakening encryption won't result in better security. So why keep debating it?

What about the real issue? In my opinion the real debate, which politicians choose not to partake in, is how to reign in the mass surveillance that continues unabated.

Page: