[sudo-discuss] Sudden public interest in basic crypto/security tools.
Steve Berl
steveberl at gmail.com
Tue Jun 11 21:20:44 PDT 2013
I'm curious to hear more about your PSTN based addressing scheme, and how
one could build a large distributed network with it.
-steve
On Tue, Jun 11, 2013 at 8:30 AM, GtwoG PublicOhOne <g2g-public01 at att.net>wrote:
>
> Re. Alcides: Nope, haven't heard of CJ-DNS yet.
>
> A lot of us are thinking along similar lines. The internet as it now
> stands is thoroughly broken, an ecosystem dominated by predators and
> parasites of all kinds, from the obvious scum who engage in phishing
> attacks, botnets, and spam, to the less obvious types who do things like
> offer "free" candy in exchange for stalking us everywhere we go, whether we
> know it or not, and whether we like it or not (see also my item (8)
> below). It's buggy, bloated, and broken, and it's overdue for a change.
>
> I'm looking for someone who can write an IPV4/6 to decimal PSTN address
> conversion application, suitable for mesh. Mesh by its nature requires
> using the address of the device as its routable destination. This does not
> work for telephony beyond the level of small PBX at present, and will
> completely break in IPV6. Using a centralized address server to manage
> transactions breaks the mesh paradigm. Therefore the need for a new
> addressing system based on the PSTN (public switched telephone network).
> The version I'm proposing will also give each address 10,000 extension
> addresses for any combination of voice and data devices.
>
> More about which later, as I've gotta scoot off to work right now; be back
> this evening.
>
> -G.
>
>
>
> =====
>
>
>
>
>
> On 13-06-11-Tue 7:54 AM, Alcides Gutierrez wrote:
>
> G,
>
> Have you heard of cjdns? Do you have any thoughts on it? The ideal goal is
> to replace the Internet (current) with a new one. ProjectMeshnet.org
>
> Alcides Gutierrez
> http://e64.us
> On Jun 11, 2013 7:41 AM, "Andrew" <andrew at roshambomedia.com> wrote:
>
>> maybe sudoroom should run an email server that encrypts messages on the
>> disk as well offers end to end encryption over the air.
>>
>>
>> On Tue, Jun 11, 2013 at 4:07 AM, GtwoG PublicOhOne <g2g-public01 at att.net>wrote:
>>
>>>
>>> Hi Max, YOs-
>>>
>>> Speaking from more than casual knowledge of the subject matter, as a few
>>> of us here know:
>>>
>>>
>>> 1) If you read the denials issued by Google and Facebook, you'll
>>> discover that they used almost identical language. And while it's true
>>> that corporate PR-speak and legal-speak are usually as bland as baked
>>> beans, this stuff reminds one of the story where Mrs. Jones and Mrs.
>>> Smith each had a baby that bears more than a slight resemblance to the
>>> guy who delivers both of their newspapers:
>>>
>>> Google: "First, we have not joined any program that would give the U.S.
>>> government—or any other government—direct access to our servers."
>>>
>>> Facebook: "Facebook is not and has never been part of any program to
>>> give the US or any other government direct access to our servers."
>>>
>>> Google: "We had not heard of a program called PRISM until yesterday."
>>>
>>> Facebook: "We hadn't even heard of PRISM before yesterday."
>>>
>>> Google: "Our legal team reviews each and every request..."
>>>
>>> Facebook: "When governments ask Facebook for data, we review each
>>> request carefully..."
>>>
>>>
>>> 2) Of course they didn't "join" a program or become "part of" a program.
>>> NSA isn't a "club" that you can just "join." What Facebook and Google
>>> did was become ASSETS of a program.
>>>
>>> That is a very subtle but important distinction. If you were to ask
>>> their lawyers if they "had become assets or had acted in any capacity as
>>> assets of any entity within the United States Intelligence Community
>>> (USIC)," they would clam up right quick. One needs to know how to ask
>>> the question in order to get at the answer.
>>>
>>> Also, it is the case that the assets of a program or operation rarely if
>>> ever know the name of the program or operation involved. Knowing the
>>> name of the program or op would give the assets the ability to compare
>>> notes and possibly compromise the program or op. Very often, even the
>>> names of programs or ops are themselves classified.
>>>
>>> By the way, some of y'all may have heard my comments about Steve Jobs'
>>> application for a security clearance, shortly after Jobs died and his
>>> bio was published. The media were preoccupied with the usual celebrity
>>> gossip about how he could have gotten a clearance when he'd admitted to
>>> taking LSD and building blue boxes (naughty phone-phreak devices). But
>>> the real story, as I said at the time, was that the purpose of the
>>> clearance was to facilitate relationships with certain agencies
>>> regarding surveillance opportunities in the Macintosh operating systems
>>> and other products. It is almost 100% certain that Microsoft and certain
>>> of the commercial companies involved in Open Source operating systems,
>>> had similar relationships. ("Intel Inside", anyone?;-)
>>>
>>> One more item. Watch for the names Cisco, Comcast, and Symantec, in the
>>> news.
>>>
>>> Aww hell, one more after that. Twitter claims to have refused to
>>> participate in PRISM. That's very convenient for them to say, because
>>> Twitter itself is a complete intel collection platform with fully open
>>> access, and a variety of software tools for analysis. Twitter is the
>>> easiest of the bunch to intercept and fully exploit. You too can play at
>>> that game (just a little but enough to get the flavor of it), if you
>>> want to pay for the software.
>>>
>>>
>>> 3) Yes, NSA can monitor traffic without a carrier or service provider
>>> knowing it. This is done by intercepting the traffic at the carrier
>>> level. By analogy, if I want to tap your broadband service, I don't have
>>> to break into your house to do it: I can do it from any point between
>>> your house and the service provider's central office.
>>>
>>>
>>> 4) Telcos and broadband providers are required to have CALEA intercept
>>> equipment (such as the infamous Naris box of EFF fame) installed in
>>> their racks. This equipment enables authorized entities to siphon the
>>> data streams in realtime, either in whole or in part depending on
>>> various assigned levels of privilege.
>>>
>>> If everything that's on a server has gotten there via a connection that
>>> is being intercepted constantly in real-time, there's no need to get
>>> inside the server itself.
>>>
>>>
>>> 5) NSA and real-time decryption: There is reason to believe, based on
>>> published accounts, that certain types of decryption are routine and
>>> automated. I also know from unpublished but not classified sources, that
>>> there are automated tests that examine ciphertext to determine
>>> specifically which encryption method and key length were used to encrypt
>>> the data. I would conclude that automated decryption exceeds the
>>> capabilities that have been reported in the press.
>>>
>>> Further, I would strongly suggest that we compile versions of PGP and
>>> GPG from source code, and modify them to eliminate the upper limit on
>>> key sizes. I can explain further how to perform that modification of the
>>> source code, once we have it downloaded. It's remarkably easy.
>>>
>>>
>>> 6) Compromise of private keys: Given the number of methods available,
>>> and given the track records of the various entities involved, I would
>>> not be surprised.
>>>
>>> "Mary had a private key, with which to open PGP.
>>> The key fell into hostile hands. Now Mary's hiding, with her lambs."
>>>
>>>
>>> 7) Did Google and Facebook lie?
>>>
>>> Do bears shit in the woods?
>>>
>>>
>>> 8) A modest prediction, and y'all can file this under "he wasn't crazy
>>> after all."
>>>
>>> I've been saying this stuff for a while now, but recent news makes it
>>> more, uhh, "topical":
>>>
>>> The entire advertising-based model of internet services, with its
>>> reliance on "free" services "supported" by advertising that "requires"
>>> pervasive tracking of every user's every activities and whereabouts,
>>> will be demonstrated to have been an enormous cover story of
>>> convenience, for a degree of mass surveillance that far exceeds anything
>>> has been reported thus far.
>>>
>>> The goal is to have 100% collection of all communications and location
>>> data, online and face-to-face, every conversation as well as metadata,
>>> to be permanently archived for retrieval and analysis at any later point
>>> in time. (This has not yet been achieved, but they're working on it.)
>>> The goal of that, in turn, is to enable making accurate predictions
>>> about the activities and location of any person, at any point in the
>>> future. What gets done with those accurate predictions is a matter of
>>> discretionary policy by those who control the data.
>>>
>>> Orwell: "He who controls the past controls the future. He who controls
>>> the future controls the present." Me: "Knowledge is power. When they
>>> know all about you, and you know nothing about them, who has the power?"
>>>
>>>
>>> 9) Lastly, Max, you might especially appreciate this bit of history:
>>>
>>> In the 1970s, GCHQ was engaged in targeted surveillance of various
>>> dissident groups in the UK. But since GPO Telephones' switching systems
>>> were entirely electro-mechanical (Strowger switches), GCHQ had to depend
>>> on the GPO engineers to execute every request by making physical
>>> connections to the lines at the Central Offices.
>>>
>>> The GPO engineers' sympathies were often with the dissidents. So,
>>> shortly after the GCHQ officers left, the GPO engineers would quietly go
>>> about undoing the unwanted connections or otherwise rendering them
>>> useless. Such are the advantages of electro-mechanical analog switching
>>> systems, maintained by skilled workers, with a strong union, and strong
>>> class consciousness.
>>>
>>>
>>> Cheers-
>>>
>>> -G.
>>>
>>> "You search Google, and Google searches you. Deal?"
>>>
>>>
>>> ======
>>>
>>>
>>>
>>> On 13-06-10-Mon 11:46 PM, Max B wrote:
>>> > I have a quick question to throw out for anyone with opinions:
>>> >
>>> > When the NSA PRISM program was exposed, it was leaked that the NSA has
>>> > the capabilities to monitor the content of communications taking place
>>> > through any of the list of companies they mentioned. Then Google,
>>> > Apple, and crew came out and denied it.
>>> >
>>> > Would it be possible for the NSA to be monitoring traffic without them
>>> > knowing it/allowing a backdoor? Would that require NSA servers doing
>>> > 128-bit SSL decryption at real-time speeds? Or perhaps only when
>>> > specific emails needed to be read? Could they have covertly
>>> > compromised the private keys of all of these establishments? ("US
>>> > Government hacked google" seems like a great Guardian headline)
>>> >
>>> > Or do folks think that those companies are just lying through their
>>> > teeth?
>>> >
>>> > On Mon 10 Jun 2013 10:43:42 PM PDT, Rabbit wrote:
>>> >> Yes, let's have a end-user focused crypto workshop!
>>> >>
>>> >> I'm not an expert but I can help OS X users get set up with
>>> >>
>>> >> Tor
>>> >> Adium + OTR
>>> >> Making encrypted disk images
>>> >> Truecrypt
>>> >>
>>> >> And I wanna learn about web of trust, keysigning, gpg for email
>>> >>
>>> >> Also I'm really wishing for a better social network for people to
>>> >> switch to. Any thoughts on that?
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >> On Mon, Jun 10, 2013 at 7:55 PM, GtwoG PublicOhOne
>>> >> <g2g-public01 at att.net <mailto:g2g-public01 at att.net>> wrote:
>>> >>
>>> >>
>>> >> YES! a crypto party.
>>> >>
>>> >> PGP and GPG won't protect your metadata from traffic analysis ("TA"),
>>> >> which is what's been revealed that Anagram Inn has been up to. But
>>> >> protecting your content is a good start, and building email
>>> >> servers that
>>> >> are end-to-end encrypted is the next step.
>>> >>
>>> >> -G.
>>> >>
>>> >>
>>> >> =====
>>> >>
>>> >>
>>> >>
>>> >> On 13-06-10-Mon 7:13 PM, William Budington wrote:
>>> >> > There was some discussion about this at the last meeting, mostly
>>> >> around
>>> >> > securing personal data on physical devices, but it would be good
>>> >> to have
>>> >> > another end-user based cryptoparty, even have it be a full-day event
>>> >> > stemming from Today I Learned. I'll bring this up at the meeting on
>>> >> > Wednesday.
>>> >> >
>>> >> > Bill
>>> >> >
>>> >> > On 06/10/2013 07:02 PM, William Gillis wrote:
>>> >> >> Hey Sudoroomers,
>>> >> >>
>>> >> >> I've been deluged by friends this weekend suddenly interested
>>> >> in things
>>> >> >> like finally figuring out how to install that there tor, or god
>>> >> forbid
>>> >> >> venturing into the realm of pgp. I offered my nonstop 1:1
>>> >> handholding
>>> >> >> services over facebook to any and all friends and have been a
>>> >> little
>>> >> >> overwhelmed by the number.
>>> >> >>
>>> >> >> Someone local suggested a teach day at Sudoroom and I thought
>>> >> I'd check to
>>> >> >> see if anyone else is interested and, you know, what actual
>>> >> members have to
>>> >> >> say.
>>> >> >>
>>> >> >> There has never been a more opportune moment for cryptoparty
>>> >> outreach, and
>>> >> >> yet I haven't seen anyone declare anything yet. Am I just out
>>> >> of the loop?
>>> >> >>
>>> >> >>
>>> >> >>
>>> >> >> _______________________________________________
>>> >> >> sudo-discuss mailing list
>>> >> >> sudo-discuss at lists.sudoroom.org
>>> >> <mailto:sudo-discuss at lists.sudoroom.org>
>>> >> >> http://lists.sudoroom.org/listinfo/sudo-discuss
>>> >> >>
>>> >> > _______________________________________________
>>> >> > sudo-discuss mailing list
>>> >> > sudo-discuss at lists.sudoroom.org
>>> >> <mailto:sudo-discuss at lists.sudoroom.org>
>>> >> > http://lists.sudoroom.org/listinfo/sudo-discuss
>>> >> >
>>> >>
>>> >> _______________________________________________
>>> >> sudo-discuss mailing list
>>> >> sudo-discuss at lists.sudoroom.org
>>> >> <mailto:sudo-discuss at lists.sudoroom.org>
>>> >> http://lists.sudoroom.org/listinfo/sudo-discuss
>>> >>
>>> >>
>>> >>
>>> >>
>>> >> _______________________________________________
>>> >> sudo-discuss mailing list
>>> >> sudo-discuss at lists.sudoroom.org
>>> >> http://lists.sudoroom.org/listinfo/sudo-discuss
>>> > _______________________________________________
>>> > sudo-discuss mailing list
>>> > sudo-discuss at lists.sudoroom.org
>>> > http://lists.sudoroom.org/listinfo/sudo-discuss
>>> >
>>>
>>> _______________________________________________
>>> sudo-discuss mailing list
>>> sudo-discuss at lists.sudoroom.org
>>> http://lists.sudoroom.org/listinfo/sudo-discuss
>>>
>>
>>
>>
>> --
>> -------
>> Andrew Lowe
>> Cell: 831-332-2507
>> http://roshambomedia.com
>>
>>
>> _______________________________________________
>> sudo-discuss mailing list
>> sudo-discuss at lists.sudoroom.org
>> http://lists.sudoroom.org/listinfo/sudo-discuss
>>
>>
>
> _______________________________________________
> sudo-discuss mailing list
> sudo-discuss at lists.sudoroom.org
> http://lists.sudoroom.org/listinfo/sudo-discuss
>
>
--
-steve
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://sudoroom.org/pipermail/sudo-discuss/attachments/20130611/7be4a7b7/attachment.html>
More information about the sudo-discuss
mailing list