[sudo-discuss] Sudden public interest in basic crypto/security tools.
GtwoG PublicOhOne
g2g-public01 at att.net
Tue Jun 11 08:30:24 PDT 2013
Re. Alcides: Nope, haven't heard of CJ-DNS yet.
A lot of us are thinking along similar lines. The internet as it now
stands is thoroughly broken, an ecosystem dominated by predators and
parasites of all kinds, from the obvious scum who engage in phishing
attacks, botnets, and spam, to the less obvious types who do things like
offer "free" candy in exchange for stalking us everywhere we go, whether
we know it or not, and whether we like it or not (see also my item (8)
below). It's buggy, bloated, and broken, and it's overdue for a change.
I'm looking for someone who can write an IPV4/6 to decimal PSTN address
conversion application, suitable for mesh. Mesh by its nature requires
using the address of the device as its routable destination. This does
not work for telephony beyond the level of small PBX at present, and
will completely break in IPV6. Using a centralized address server to
manage transactions breaks the mesh paradigm. Therefore the need for a
new addressing system based on the PSTN (public switched telephone
network). The version I'm proposing will also give each address 10,000
extension addresses for any combination of voice and data devices.
More about which later, as I've gotta scoot off to work right now; be
back this evening.
-G.
=====
On 13-06-11-Tue 7:54 AM, Alcides Gutierrez wrote:
>
> G,
>
> Have you heard of cjdns? Do you have any thoughts on it? The ideal
> goal is to replace the Internet (current) with a new one.
> ProjectMeshnet.org
>
> Alcides Gutierrez
> http://e64.us
>
> On Jun 11, 2013 7:41 AM, "Andrew" <andrew at roshambomedia.com
> <mailto:andrew at roshambomedia.com>> wrote:
>
> maybe sudoroom should run an email server that encrypts messages
> on the disk as well offers end to end encryption over the air.
>
>
> On Tue, Jun 11, 2013 at 4:07 AM, GtwoG PublicOhOne
> <g2g-public01 at att.net <mailto:g2g-public01 at att.net>> wrote:
>
>
> Hi Max, YOs-
>
> Speaking from more than casual knowledge of the subject
> matter, as a few
> of us here know:
>
>
> 1) If you read the denials issued by Google and Facebook, you'll
> discover that they used almost identical language. And while
> it's true
> that corporate PR-speak and legal-speak are usually as bland
> as baked
> beans, this stuff reminds one of the story where Mrs. Jones
> and Mrs.
> Smith each had a baby that bears more than a slight
> resemblance to the
> guy who delivers both of their newspapers:
>
> Google: "First, we have not joined any program that would give
> the U.S.
> government—or any other government—direct access to our servers."
>
> Facebook: "Facebook is not and has never been part of any
> program to
> give the US or any other government direct access to our servers."
>
> Google: "We had not heard of a program called PRISM until
> yesterday."
>
> Facebook: "We hadn't even heard of PRISM before yesterday."
>
> Google: "Our legal team reviews each and every request..."
>
> Facebook: "When governments ask Facebook for data, we review each
> request carefully..."
>
>
> 2) Of course they didn't "join" a program or become "part of"
> a program.
> NSA isn't a "club" that you can just "join." What Facebook and
> Google
> did was become ASSETS of a program.
>
> That is a very subtle but important distinction. If you were
> to ask
> their lawyers if they "had become assets or had acted in any
> capacity as
> assets of any entity within the United States Intelligence
> Community
> (USIC)," they would clam up right quick. One needs to know how
> to ask
> the question in order to get at the answer.
>
> Also, it is the case that the assets of a program or operation
> rarely if
> ever know the name of the program or operation involved.
> Knowing the
> name of the program or op would give the assets the ability to
> compare
> notes and possibly compromise the program or op. Very often,
> even the
> names of programs or ops are themselves classified.
>
> By the way, some of y'all may have heard my comments about
> Steve Jobs'
> application for a security clearance, shortly after Jobs died
> and his
> bio was published. The media were preoccupied with the usual
> celebrity
> gossip about how he could have gotten a clearance when he'd
> admitted to
> taking LSD and building blue boxes (naughty phone-phreak
> devices). But
> the real story, as I said at the time, was that the purpose of the
> clearance was to facilitate relationships with certain agencies
> regarding surveillance opportunities in the Macintosh
> operating systems
> and other products. It is almost 100% certain that Microsoft
> and certain
> of the commercial companies involved in Open Source operating
> systems,
> had similar relationships. ("Intel Inside", anyone?;-)
>
> One more item. Watch for the names Cisco, Comcast, and
> Symantec, in the
> news.
>
> Aww hell, one more after that. Twitter claims to have refused to
> participate in PRISM. That's very convenient for them to say,
> because
> Twitter itself is a complete intel collection platform with
> fully open
> access, and a variety of software tools for analysis. Twitter
> is the
> easiest of the bunch to intercept and fully exploit. You too
> can play at
> that game (just a little but enough to get the flavor of it),
> if you
> want to pay for the software.
>
>
> 3) Yes, NSA can monitor traffic without a carrier or service
> provider
> knowing it. This is done by intercepting the traffic at the
> carrier
> level. By analogy, if I want to tap your broadband service, I
> don't have
> to break into your house to do it: I can do it from any point
> between
> your house and the service provider's central office.
>
>
> 4) Telcos and broadband providers are required to have CALEA
> intercept
> equipment (such as the infamous Naris box of EFF fame)
> installed in
> their racks. This equipment enables authorized entities to
> siphon the
> data streams in realtime, either in whole or in part depending on
> various assigned levels of privilege.
>
> If everything that's on a server has gotten there via a
> connection that
> is being intercepted constantly in real-time, there's no need
> to get
> inside the server itself.
>
>
> 5) NSA and real-time decryption: There is reason to believe,
> based on
> published accounts, that certain types of decryption are
> routine and
> automated. I also know from unpublished but not classified
> sources, that
> there are automated tests that examine ciphertext to determine
> specifically which encryption method and key length were used
> to encrypt
> the data. I would conclude that automated decryption exceeds the
> capabilities that have been reported in the press.
>
> Further, I would strongly suggest that we compile versions of
> PGP and
> GPG from source code, and modify them to eliminate the upper
> limit on
> key sizes. I can explain further how to perform that
> modification of the
> source code, once we have it downloaded. It's remarkably easy.
>
>
> 6) Compromise of private keys: Given the number of methods
> available,
> and given the track records of the various entities involved,
> I would
> not be surprised.
>
> "Mary had a private key, with which to open PGP.
> The key fell into hostile hands. Now Mary's hiding, with her
> lambs."
>
>
> 7) Did Google and Facebook lie?
>
> Do bears shit in the woods?
>
>
> 8) A modest prediction, and y'all can file this under "he
> wasn't crazy
> after all."
>
> I've been saying this stuff for a while now, but recent news
> makes it
> more, uhh, "topical":
>
> The entire advertising-based model of internet services, with its
> reliance on "free" services "supported" by advertising that
> "requires"
> pervasive tracking of every user's every activities and
> whereabouts,
> will be demonstrated to have been an enormous cover story of
> convenience, for a degree of mass surveillance that far
> exceeds anything
> has been reported thus far.
>
> The goal is to have 100% collection of all communications and
> location
> data, online and face-to-face, every conversation as well as
> metadata,
> to be permanently archived for retrieval and analysis at any
> later point
> in time. (This has not yet been achieved, but they're working
> on it.)
> The goal of that, in turn, is to enable making accurate
> predictions
> about the activities and location of any person, at any point
> in the
> future. What gets done with those accurate predictions is a
> matter of
> discretionary policy by those who control the data.
>
> Orwell: "He who controls the past controls the future. He who
> controls
> the future controls the present." Me: "Knowledge is power.
> When they
> know all about you, and you know nothing about them, who has
> the power?"
>
>
> 9) Lastly, Max, you might especially appreciate this bit of
> history:
>
> In the 1970s, GCHQ was engaged in targeted surveillance of various
> dissident groups in the UK. But since GPO Telephones'
> switching systems
> were entirely electro-mechanical (Strowger switches), GCHQ had
> to depend
> on the GPO engineers to execute every request by making physical
> connections to the lines at the Central Offices.
>
> The GPO engineers' sympathies were often with the dissidents. So,
> shortly after the GCHQ officers left, the GPO engineers would
> quietly go
> about undoing the unwanted connections or otherwise rendering them
> useless. Such are the advantages of electro-mechanical analog
> switching
> systems, maintained by skilled workers, with a strong union,
> and strong
> class consciousness.
>
>
> Cheers-
>
> -G.
>
> "You search Google, and Google searches you. Deal?"
>
>
> ======
>
>
>
> On 13-06-10-Mon 11:46 PM, Max B wrote:
> > I have a quick question to throw out for anyone with opinions:
> >
> > When the NSA PRISM program was exposed, it was leaked that
> the NSA has
> > the capabilities to monitor the content of communications
> taking place
> > through any of the list of companies they mentioned. Then
> Google,
> > Apple, and crew came out and denied it.
> >
> > Would it be possible for the NSA to be monitoring traffic
> without them
> > knowing it/allowing a backdoor? Would that require NSA
> servers doing
> > 128-bit SSL decryption at real-time speeds? Or perhaps only when
> > specific emails needed to be read? Could they have covertly
> > compromised the private keys of all of these establishments?
> ("US
> > Government hacked google" seems like a great Guardian headline)
> >
> > Or do folks think that those companies are just lying
> through their
> > teeth?
> >
> > On Mon 10 Jun 2013 10:43:42 PM PDT, Rabbit wrote:
> >> Yes, let's have a end-user focused crypto workshop!
> >>
> >> I'm not an expert but I can help OS X users get set up with
> >>
> >> Tor
> >> Adium + OTR
> >> Making encrypted disk images
> >> Truecrypt
> >>
> >> And I wanna learn about web of trust, keysigning, gpg for email
> >>
> >> Also I'm really wishing for a better social network for
> people to
> >> switch to. Any thoughts on that?
> >>
> >>
> >>
> >>
> >>
> >> On Mon, Jun 10, 2013 at 7:55 PM, GtwoG PublicOhOne
> >> <g2g-public01 at att.net <mailto:g2g-public01 at att.net>
> <mailto:g2g-public01 at att.net <mailto:g2g-public01 at att.net>>>
> wrote:
> >>
> >>
> >> YES! a crypto party.
> >>
> >> PGP and GPG won't protect your metadata from traffic
> analysis ("TA"),
> >> which is what's been revealed that Anagram Inn has been up
> to. But
> >> protecting your content is a good start, and building email
> >> servers that
> >> are end-to-end encrypted is the next step.
> >>
> >> -G.
> >>
> >>
> >> =====
> >>
> >>
> >>
> >> On 13-06-10-Mon 7:13 PM, William Budington wrote:
> >> > There was some discussion about this at the last meeting,
> mostly
> >> around
> >> > securing personal data on physical devices, but it would
> be good
> >> to have
> >> > another end-user based cryptoparty, even have it be a
> full-day event
> >> > stemming from Today I Learned. I'll bring this up at the
> meeting on
> >> > Wednesday.
> >> >
> >> > Bill
> >> >
> >> > On 06/10/2013 07:02 PM, William Gillis wrote:
> >> >> Hey Sudoroomers,
> >> >>
> >> >> I've been deluged by friends this weekend suddenly
> interested
> >> in things
> >> >> like finally figuring out how to install that there tor,
> or god
> >> forbid
> >> >> venturing into the realm of pgp. I offered my nonstop 1:1
> >> handholding
> >> >> services over facebook to any and all friends and have
> been a
> >> little
> >> >> overwhelmed by the number.
> >> >>
> >> >> Someone local suggested a teach day at Sudoroom and I
> thought
> >> I'd check to
> >> >> see if anyone else is interested and, you know, what actual
> >> members have to
> >> >> say.
> >> >>
> >> >> There has never been a more opportune moment for cryptoparty
> >> outreach, and
> >> >> yet I haven't seen anyone declare anything yet. Am I
> just out
> >> of the loop?
> >> >>
> >> >>
> >> >>
> >> >> _______________________________________________
> >> >> sudo-discuss mailing list
> >> >> sudo-discuss at lists.sudoroom.org
> <mailto:sudo-discuss at lists.sudoroom.org>
> >> <mailto:sudo-discuss at lists.sudoroom.org
> <mailto:sudo-discuss at lists.sudoroom.org>>
> >> >> http://lists.sudoroom.org/listinfo/sudo-discuss
> >> >>
> >> > _______________________________________________
> >> > sudo-discuss mailing list
> >> > sudo-discuss at lists.sudoroom.org
> <mailto:sudo-discuss at lists.sudoroom.org>
> >> <mailto:sudo-discuss at lists.sudoroom.org
> <mailto:sudo-discuss at lists.sudoroom.org>>
> >> > http://lists.sudoroom.org/listinfo/sudo-discuss
> >> >
> >>
> >> _______________________________________________
> >> sudo-discuss mailing list
> >> sudo-discuss at lists.sudoroom.org
> <mailto:sudo-discuss at lists.sudoroom.org>
> >> <mailto:sudo-discuss at lists.sudoroom.org
> <mailto:sudo-discuss at lists.sudoroom.org>>
> >> http://lists.sudoroom.org/listinfo/sudo-discuss
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >> sudo-discuss mailing list
> >> sudo-discuss at lists.sudoroom.org
> <mailto:sudo-discuss at lists.sudoroom.org>
> >> http://lists.sudoroom.org/listinfo/sudo-discuss
> > _______________________________________________
> > sudo-discuss mailing list
> > sudo-discuss at lists.sudoroom.org
> <mailto:sudo-discuss at lists.sudoroom.org>
> > http://lists.sudoroom.org/listinfo/sudo-discuss
> >
>
> _______________________________________________
> sudo-discuss mailing list
> sudo-discuss at lists.sudoroom.org
> <mailto:sudo-discuss at lists.sudoroom.org>
> http://lists.sudoroom.org/listinfo/sudo-discuss
>
>
>
>
> --
> -------
> Andrew Lowe
> Cell: 831-332-2507 <tel:831-332-2507>
> http://roshambomedia.com
>
>
> _______________________________________________
> sudo-discuss mailing list
> sudo-discuss at lists.sudoroom.org
> <mailto:sudo-discuss at lists.sudoroom.org>
> http://lists.sudoroom.org/listinfo/sudo-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://sudoroom.org/pipermail/sudo-discuss/attachments/20130611/19d08b29/attachment.html>
More information about the sudo-discuss
mailing list