[sudo-discuss] Sudden public interest in basic crypto/security tools.
GtwoG PublicOhOne
g2g-public01 at att.net
Wed Jun 12 14:15:44 PDT 2013
Yo Steve et. al.-
I just got an unexpected large chunk of work on my hands that's due
tomorrow, so I'm not going to be at the meeting tonight. More later...
-G.
=======
On 13-06-11-Tue 9:20 PM, Steve Berl wrote:
> I'm curious to hear more about your PSTN based addressing scheme, and
> how one could build a large distributed network with it.
>
> -steve
>
>
> On Tue, Jun 11, 2013 at 8:30 AM, GtwoG PublicOhOne
> <g2g-public01 at att.net <mailto:g2g-public01 at att.net>> wrote:
>
>
> Re. Alcides: Nope, haven't heard of CJ-DNS yet.
>
> A lot of us are thinking along similar lines. The internet as it
> now stands is thoroughly broken, an ecosystem dominated by
> predators and parasites of all kinds, from the obvious scum who
> engage in phishing attacks, botnets, and spam, to the less obvious
> types who do things like offer "free" candy in exchange for
> stalking us everywhere we go, whether we know it or not, and
> whether we like it or not (see also my item (8) below). It's
> buggy, bloated, and broken, and it's overdue for a change.
>
> I'm looking for someone who can write an IPV4/6 to decimal PSTN
> address conversion application, suitable for mesh. Mesh by its
> nature requires using the address of the device as its routable
> destination. This does not work for telephony beyond the level of
> small PBX at present, and will completely break in IPV6. Using a
> centralized address server to manage transactions breaks the mesh
> paradigm. Therefore the need for a new addressing system based on
> the PSTN (public switched telephone network). The version I'm
> proposing will also give each address 10,000 extension addresses
> for any combination of voice and data devices.
>
> More about which later, as I've gotta scoot off to work right now;
> be back this evening.
>
> -G.
>
>
>
> =====
>
>
>
>
>
> On 13-06-11-Tue 7:54 AM, Alcides Gutierrez wrote:
>>
>> G,
>>
>> Have you heard of cjdns? Do you have any thoughts on it? The
>> ideal goal is to replace the Internet (current) with a new one.
>> ProjectMeshnet.org
>>
>> Alcides Gutierrez
>> http://e64.us
>>
>> On Jun 11, 2013 7:41 AM, "Andrew" <andrew at roshambomedia.com
>> <mailto:andrew at roshambomedia.com>> wrote:
>>
>> maybe sudoroom should run an email server that encrypts
>> messages on the disk as well offers end to end encryption
>> over the air.
>>
>>
>> On Tue, Jun 11, 2013 at 4:07 AM, GtwoG PublicOhOne
>> <g2g-public01 at att.net <mailto:g2g-public01 at att.net>> wrote:
>>
>>
>> Hi Max, YOs-
>>
>> Speaking from more than casual knowledge of the subject
>> matter, as a few
>> of us here know:
>>
>>
>> 1) If you read the denials issued by Google and Facebook,
>> you'll
>> discover that they used almost identical language. And
>> while it's true
>> that corporate PR-speak and legal-speak are usually as
>> bland as baked
>> beans, this stuff reminds one of the story where Mrs.
>> Jones and Mrs.
>> Smith each had a baby that bears more than a slight
>> resemblance to the
>> guy who delivers both of their newspapers:
>>
>> Google: "First, we have not joined any program that would
>> give the U.S.
>> government—or any other government—direct access to our
>> servers."
>>
>> Facebook: "Facebook is not and has never been part of any
>> program to
>> give the US or any other government direct access to our
>> servers."
>>
>> Google: "We had not heard of a program called PRISM until
>> yesterday."
>>
>> Facebook: "We hadn't even heard of PRISM before yesterday."
>>
>> Google: "Our legal team reviews each and every request..."
>>
>> Facebook: "When governments ask Facebook for data, we
>> review each
>> request carefully..."
>>
>>
>> 2) Of course they didn't "join" a program or become "part
>> of" a program.
>> NSA isn't a "club" that you can just "join." What
>> Facebook and Google
>> did was become ASSETS of a program.
>>
>> That is a very subtle but important distinction. If you
>> were to ask
>> their lawyers if they "had become assets or had acted in
>> any capacity as
>> assets of any entity within the United States
>> Intelligence Community
>> (USIC)," they would clam up right quick. One needs to
>> know how to ask
>> the question in order to get at the answer.
>>
>> Also, it is the case that the assets of a program or
>> operation rarely if
>> ever know the name of the program or operation involved.
>> Knowing the
>> name of the program or op would give the assets the
>> ability to compare
>> notes and possibly compromise the program or op. Very
>> often, even the
>> names of programs or ops are themselves classified.
>>
>> By the way, some of y'all may have heard my comments
>> about Steve Jobs'
>> application for a security clearance, shortly after Jobs
>> died and his
>> bio was published. The media were preoccupied with the
>> usual celebrity
>> gossip about how he could have gotten a clearance when
>> he'd admitted to
>> taking LSD and building blue boxes (naughty phone-phreak
>> devices). But
>> the real story, as I said at the time, was that the
>> purpose of the
>> clearance was to facilitate relationships with certain
>> agencies
>> regarding surveillance opportunities in the Macintosh
>> operating systems
>> and other products. It is almost 100% certain that
>> Microsoft and certain
>> of the commercial companies involved in Open Source
>> operating systems,
>> had similar relationships. ("Intel Inside", anyone?;-)
>>
>> One more item. Watch for the names Cisco, Comcast, and
>> Symantec, in the
>> news.
>>
>> Aww hell, one more after that. Twitter claims to have
>> refused to
>> participate in PRISM. That's very convenient for them to
>> say, because
>> Twitter itself is a complete intel collection platform
>> with fully open
>> access, and a variety of software tools for analysis.
>> Twitter is the
>> easiest of the bunch to intercept and fully exploit. You
>> too can play at
>> that game (just a little but enough to get the flavor of
>> it), if you
>> want to pay for the software.
>>
>>
>> 3) Yes, NSA can monitor traffic without a carrier or
>> service provider
>> knowing it. This is done by intercepting the traffic at
>> the carrier
>> level. By analogy, if I want to tap your broadband
>> service, I don't have
>> to break into your house to do it: I can do it from any
>> point between
>> your house and the service provider's central office.
>>
>>
>> 4) Telcos and broadband providers are required to have
>> CALEA intercept
>> equipment (such as the infamous Naris box of EFF fame)
>> installed in
>> their racks. This equipment enables authorized entities
>> to siphon the
>> data streams in realtime, either in whole or in part
>> depending on
>> various assigned levels of privilege.
>>
>> If everything that's on a server has gotten there via a
>> connection that
>> is being intercepted constantly in real-time, there's no
>> need to get
>> inside the server itself.
>>
>>
>> 5) NSA and real-time decryption: There is reason to
>> believe, based on
>> published accounts, that certain types of decryption are
>> routine and
>> automated. I also know from unpublished but not
>> classified sources, that
>> there are automated tests that examine ciphertext to
>> determine
>> specifically which encryption method and key length were
>> used to encrypt
>> the data. I would conclude that automated decryption
>> exceeds the
>> capabilities that have been reported in the press.
>>
>> Further, I would strongly suggest that we compile
>> versions of PGP and
>> GPG from source code, and modify them to eliminate the
>> upper limit on
>> key sizes. I can explain further how to perform that
>> modification of the
>> source code, once we have it downloaded. It's remarkably
>> easy.
>>
>>
>> 6) Compromise of private keys: Given the number of
>> methods available,
>> and given the track records of the various entities
>> involved, I would
>> not be surprised.
>>
>> "Mary had a private key, with which to open PGP.
>> The key fell into hostile hands. Now Mary's hiding, with
>> her lambs."
>>
>>
>> 7) Did Google and Facebook lie?
>>
>> Do bears shit in the woods?
>>
>>
>> 8) A modest prediction, and y'all can file this under "he
>> wasn't crazy
>> after all."
>>
>> I've been saying this stuff for a while now, but recent
>> news makes it
>> more, uhh, "topical":
>>
>> The entire advertising-based model of internet services,
>> with its
>> reliance on "free" services "supported" by advertising
>> that "requires"
>> pervasive tracking of every user's every activities and
>> whereabouts,
>> will be demonstrated to have been an enormous cover story of
>> convenience, for a degree of mass surveillance that far
>> exceeds anything
>> has been reported thus far.
>>
>> The goal is to have 100% collection of all communications
>> and location
>> data, online and face-to-face, every conversation as well
>> as metadata,
>> to be permanently archived for retrieval and analysis at
>> any later point
>> in time. (This has not yet been achieved, but they're
>> working on it.)
>> The goal of that, in turn, is to enable making accurate
>> predictions
>> about the activities and location of any person, at any
>> point in the
>> future. What gets done with those accurate predictions is
>> a matter of
>> discretionary policy by those who control the data.
>>
>> Orwell: "He who controls the past controls the future. He
>> who controls
>> the future controls the present." Me: "Knowledge is
>> power. When they
>> know all about you, and you know nothing about them, who
>> has the power?"
>>
>>
>> 9) Lastly, Max, you might especially appreciate this bit
>> of history:
>>
>> In the 1970s, GCHQ was engaged in targeted surveillance
>> of various
>> dissident groups in the UK. But since GPO Telephones'
>> switching systems
>> were entirely electro-mechanical (Strowger switches),
>> GCHQ had to depend
>> on the GPO engineers to execute every request by making
>> physical
>> connections to the lines at the Central Offices.
>>
>> The GPO engineers' sympathies were often with the
>> dissidents. So,
>> shortly after the GCHQ officers left, the GPO engineers
>> would quietly go
>> about undoing the unwanted connections or otherwise
>> rendering them
>> useless. Such are the advantages of electro-mechanical
>> analog switching
>> systems, maintained by skilled workers, with a strong
>> union, and strong
>> class consciousness.
>>
>>
>> Cheers-
>>
>> -G.
>>
>> "You search Google, and Google searches you. Deal?"
>>
>>
>> ======
>>
>>
>>
>> On 13-06-10-Mon 11:46 PM, Max B wrote:
>> > I have a quick question to throw out for anyone with
>> opinions:
>> >
>> > When the NSA PRISM program was exposed, it was leaked
>> that the NSA has
>> > the capabilities to monitor the content of
>> communications taking place
>> > through any of the list of companies they mentioned.
>> Then Google,
>> > Apple, and crew came out and denied it.
>> >
>> > Would it be possible for the NSA to be monitoring
>> traffic without them
>> > knowing it/allowing a backdoor? Would that require NSA
>> servers doing
>> > 128-bit SSL decryption at real-time speeds? Or perhaps
>> only when
>> > specific emails needed to be read? Could they have covertly
>> > compromised the private keys of all of these
>> establishments? ("US
>> > Government hacked google" seems like a great Guardian
>> headline)
>> >
>> > Or do folks think that those companies are just lying
>> through their
>> > teeth?
>> >
>> > On Mon 10 Jun 2013 10:43:42 PM PDT, Rabbit wrote:
>> >> Yes, let's have a end-user focused crypto workshop!
>> >>
>> >> I'm not an expert but I can help OS X users get set up
>> with
>> >>
>> >> Tor
>> >> Adium + OTR
>> >> Making encrypted disk images
>> >> Truecrypt
>> >>
>> >> And I wanna learn about web of trust, keysigning, gpg
>> for email
>> >>
>> >> Also I'm really wishing for a better social network
>> for people to
>> >> switch to. Any thoughts on that?
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> On Mon, Jun 10, 2013 at 7:55 PM, GtwoG PublicOhOne
>> >> <g2g-public01 at att.net <mailto:g2g-public01 at att.net>
>> <mailto:g2g-public01 at att.net
>> <mailto:g2g-public01 at att.net>>> wrote:
>> >>
>> >>
>> >> YES! a crypto party.
>> >>
>> >> PGP and GPG won't protect your metadata from traffic
>> analysis ("TA"),
>> >> which is what's been revealed that Anagram Inn has
>> been up to. But
>> >> protecting your content is a good start, and building
>> email
>> >> servers that
>> >> are end-to-end encrypted is the next step.
>> >>
>> >> -G.
>> >>
>> >>
>> >> =====
>> >>
>> >>
>> >>
>> >> On 13-06-10-Mon 7:13 PM, William Budington wrote:
>> >> > There was some discussion about this at the last
>> meeting, mostly
>> >> around
>> >> > securing personal data on physical devices, but it
>> would be good
>> >> to have
>> >> > another end-user based cryptoparty, even have it be
>> a full-day event
>> >> > stemming from Today I Learned. I'll bring this up at
>> the meeting on
>> >> > Wednesday.
>> >> >
>> >> > Bill
>> >> >
>> >> > On 06/10/2013 07:02 PM, William Gillis wrote:
>> >> >> Hey Sudoroomers,
>> >> >>
>> >> >> I've been deluged by friends this weekend suddenly
>> interested
>> >> in things
>> >> >> like finally figuring out how to install that there
>> tor, or god
>> >> forbid
>> >> >> venturing into the realm of pgp. I offered my
>> nonstop 1:1
>> >> handholding
>> >> >> services over facebook to any and all friends and
>> have been a
>> >> little
>> >> >> overwhelmed by the number.
>> >> >>
>> >> >> Someone local suggested a teach day at Sudoroom and
>> I thought
>> >> I'd check to
>> >> >> see if anyone else is interested and, you know,
>> what actual
>> >> members have to
>> >> >> say.
>> >> >>
>> >> >> There has never been a more opportune moment for
>> cryptoparty
>> >> outreach, and
>> >> >> yet I haven't seen anyone declare anything yet. Am
>> I just out
>> >> of the loop?
>> >> >>
>> >> >>
>> >> >>
>> >> >> _______________________________________________
>> >> >> sudo-discuss mailing list
>> >> >> sudo-discuss at lists.sudoroom.org
>> <mailto:sudo-discuss at lists.sudoroom.org>
>> >> <mailto:sudo-discuss at lists.sudoroom.org
>> <mailto:sudo-discuss at lists.sudoroom.org>>
>> >> >> http://lists.sudoroom.org/listinfo/sudo-discuss
>> >> >>
>> >> > _______________________________________________
>> >> > sudo-discuss mailing list
>> >> > sudo-discuss at lists.sudoroom.org
>> <mailto:sudo-discuss at lists.sudoroom.org>
>> >> <mailto:sudo-discuss at lists.sudoroom.org
>> <mailto:sudo-discuss at lists.sudoroom.org>>
>> >> > http://lists.sudoroom.org/listinfo/sudo-discuss
>> >> >
>> >>
>> >> _______________________________________________
>> >> sudo-discuss mailing list
>> >> sudo-discuss at lists.sudoroom.org
>> <mailto:sudo-discuss at lists.sudoroom.org>
>> >> <mailto:sudo-discuss at lists.sudoroom.org
>> <mailto:sudo-discuss at lists.sudoroom.org>>
>> >> http://lists.sudoroom.org/listinfo/sudo-discuss
>> >>
>> >>
>> >>
>> >>
>> >> _______________________________________________
>> >> sudo-discuss mailing list
>> >> sudo-discuss at lists.sudoroom.org
>> <mailto:sudo-discuss at lists.sudoroom.org>
>> >> http://lists.sudoroom.org/listinfo/sudo-discuss
>> > _______________________________________________
>> > sudo-discuss mailing list
>> > sudo-discuss at lists.sudoroom.org
>> <mailto:sudo-discuss at lists.sudoroom.org>
>> > http://lists.sudoroom.org/listinfo/sudo-discuss
>> >
>>
>> _______________________________________________
>> sudo-discuss mailing list
>> sudo-discuss at lists.sudoroom.org
>> <mailto:sudo-discuss at lists.sudoroom.org>
>> http://lists.sudoroom.org/listinfo/sudo-discuss
>>
>>
>>
>>
>> --
>> -------
>> Andrew Lowe
>> Cell: 831-332-2507 <tel:831-332-2507>
>> http://roshambomedia.com
>>
>>
>> _______________________________________________
>> sudo-discuss mailing list
>> sudo-discuss at lists.sudoroom.org
>> <mailto:sudo-discuss at lists.sudoroom.org>
>> http://lists.sudoroom.org/listinfo/sudo-discuss
>>
>
>
> _______________________________________________
> sudo-discuss mailing list
> sudo-discuss at lists.sudoroom.org
> <mailto:sudo-discuss at lists.sudoroom.org>
> http://lists.sudoroom.org/listinfo/sudo-discuss
>
>
>
>
> --
> -steve
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://sudoroom.org/pipermail/sudo-discuss/attachments/20130612/0890a912/attachment.html>
More information about the sudo-discuss
mailing list