Re: [liberationtech] data manipulation

also relevant: https://www.usenix.org/conference/enigma2016/conference-program/presentation/rozier Data Integrity Based Attacks in Investigative Domains: How Companies are Exploiting Data Science to Thwart Investigative Outcomes Abstract: The Trustworthy Data Engineering Laboratory (TRUST Lab)

Re: [liberationtech] data manipulation

On 11/9/15, Elias Groll wrote: > ... I've been reporting on warnings issued by DNI Clapper and NSA Director > Rogers on the threat posed by data manipulation and integrity attacks. > These statements have been vague in nature and lacking specifics. generally, manipulating

Re: [liberationtech] data manipulation

On 11/10/15, carlo von lynX wrote: > ... > in other words, these methods based on JTRIG and KARMA POLICE > dismantle democracy at its foundation - the ability to form a > political opinion and to make government act accordingly. the combination of mass spying for

Re: [liberationtech] The Future of Security Journalism

On 1/30/15, hellekin helle...@gnu.org wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 01/30/2015 08:03 AM, coderman wrote: your threat model is: securing yourself and your sources against nation state dragnet and targeted attacks, including tailored access and special

Re: [liberationtech] The Future of Security Journalism

On 1/29/15, J.M. Porup j...@porup.com wrote: ... If we don't wish to be serfs in the new feudal, digital world, we need to re-disrupt the disruption, and invent new tools that ensure human liberty and dignity. ... that time is short, and the New Dark Age is nearly upon us. as one who is

Re: [liberationtech] LRAD counter-measures?

On 12/14/14, Jay Cassano j...@jcassano.net wrote: ... If anyone knows of attempts to build such counter-measures or has ideas for how one might be built, please feel free to reply to me off-list. FU-LRAD kit: 1) Flexible Flyer: 26 Metal Saucer - Steel disc with rope handle grips, Ages 4 and

Re: [liberationtech] Any thoughts on the OPERATION CLEAVER reports?

On 12/7/14, Michael Rogers mich...@briarproject.org wrote: ... Was this meant for another thread? The Operation Cleaver report doesn't mention smartphones or baseband exploits. hi Michael, this was indeed a mis-chan; Operation Auroragold a different coordinated and and determined group

Re: [liberationtech] Any thoughts on the OPERATION CLEAVER reports?

On 12/2/14, Nariman Gharib nariman...@gmail.com wrote: OPERATION CLEAVER: A new global cyber power has emerged; one that has already compromised some of the world’s most critical infrastructure. The Operation Cleaver report sheds light on the efforts of a coordinated and determined group

Re: [liberationtech] Looking for a talented TOR/VPN developer/ops manager

On 10/29/14, William G. Gardella w...@member.fsf.org wrote: Hello Rafal, Before circulating this more widely, I would urge you to reconsider your choice of the white male hacker in hoodie surrounded by green Matrix text art next to the posting. I find it sad that even in social justice and

Re: [liberationtech] With This Tiny Box, You Can Anonymize Everything You Do Online | WIRED

On 10/13/14, Travis Biehn tbi...@gmail.com wrote: ... Interested in update mechanisms, interdiction resilience, trusted boot, web / other interfaces. These devices just change and expand your threat surface. back in 2007/2008 we launched the Janus Privacy Adapter devices. first on dual NIC

Re: [liberationtech] proof of tampering

On 9/16/14, Jonathan Wilkes jancs...@yahoo.com wrote: ... over a year after the initial Snowden-leak stories-- I'm curious if anyone has references to articles or papers that have researched and reproduced any of these exploits to show how they are used in practice to steal data, surveil, etc.

Re: [liberationtech] Foxacid payload

On Tue, Jul 22, 2014 at 1:48 AM, coderman coder...@gmail.com wrote: ... perhaps someone to help answer the question is Google, if they felt inclined. more context, although less sophisticated than TAO tech: When Governments Hack Opponents: A Look at Actors and Technology - http://www.icir.org

Re: [liberationtech] Foxacid payload

On Fri, Jul 18, 2014 at 12:22 PM, Denis 'GNUtoo' Carikli gnu...@no-log.org wrote: ... If the adversary looses one exploit each times he attacks someone, then... perhaps someone to help answer the question is Google, if they felt inclined. per re:publica 2014 - Morgan Marquis-Boire: Fear and

Re: [liberationtech] Snakeoil and suspicious encryption services

On Mon, Jul 21, 2014 at 5:52 PM, Aymeric Vitte vitteayme...@gmail.com wrote: ... including your focus on elementary mitm issue, your arguments and judgement are so basic that I am wondering why I am answering it, you should do some reading, and if you can trivially defeat Peersm, then just

Re: [liberationtech] no-disclosure / other-disclosure [was: Foxacid payload]

On Sun, Jul 20, 2014 at 8:00 AM, Michael Rogers mich...@briarproject.org wrote: ... Assuming the effort doesn't stop when exploits dry up, but instead looks for new ways to attract exploits, what's the problem? the problem is you assume this is easy. look for new ways to attract exploits is a

[liberationtech] Identifying back doors, attack points, and surveillance mechanisms in iOS devices

doubt this will surprise anyone; iOS intentionally designed to support surveillance. --- http://www.sciencedirect.com/science/article/pii/S174228761436 Identifying back doors, attack points, and surveillance mechanisms in iOS devices by Jonathan Zdziarski Abstract The iOS operating

Re: [liberationtech] Foxacid payload

On Fri, Jul 18, 2014 at 1:40 AM, Wasa Bee wasabe...@gmail.com wrote: if Google start actively looking for bugs, aren't they going to have a ranking per vendor every year to incentive bad vendors to improve? you'll be able to read the vendor responses yourself in the Project Zero blog. two

[liberationtech] Strong Security Processes Require Strong Privacy Protections

Strong Security Processes Require Strong Privacy Protections A request for all security conscious organizations handling vulnerability reports to deploy privacy enhancing technologies. --- With the Snowden disclosures and Google's Project Zero on the minds of security professionals everywhere,

Re: [liberationtech] Foxacid payload

On Thu, Jul 17, 2014 at 1:11 PM, coderman coder...@gmail.com wrote: ... Forcing deployments to move to more interesting bugs will also give insight into IAs' exploit sourcing methodologies. this is absolutely true and useful, and does not require making specific exploits public. i have

Re: [liberationtech] Foxacid payload

On Thu, Jul 17, 2014 at 1:11 PM, coderman coder...@gmail.com wrote: ... - if you want to thwart FOXACID type attacks there are ways to do it without knowing specific payloads. (architectural and broad techniques, not fingerprints on binaries or call graphs) some specific examples

[liberationtech] no-disclosure / other-disclosure [was: Foxacid payload]

On Thu, Jul 17, 2014 at 2:57 PM, Griffin Boyce grif...@cryptolab.net wrote: ... Solidarity is really important here. Increased security for those who actively set honeytraps doesn't really scale at all, and most people will never reap the rewards of this work. =/ it doesn't scale at all,

Re: [liberationtech] data mine the snowden files [was: open the snowden files]

added example privoxy config as http_proxy to Tor, add sig note for Update 13. no further updates on list; contact direct if issues encountered. best regards, Cryptome Donation Required - http://cryptome.org/donations.htm Donation also provides current archive as this selection is not

Re: [liberationtech] data mine the snowden files [was: open the snowden files]

Cryptome Donation Required - http://cryptome.org/donations.htm Donation also provides current archive as this selection is not current, and increasingly out of date by the day. - This is a trap, witting and unwitting. Do not use it or use at own risk. Source and this host is out

Re: [liberationtech] data mine the snowden files [was: open the snowden files]

On Tue, Jul 8, 2014 at 3:27 PM, grarpamp grarp...@gmail.com wrote: ... To do any of this you will need to collect all the releases of docs and images to date, in their original format (not AP newsspeak), in one place. Then dedicate much time to normalizing, convert to one format and import

[liberationtech] distributing Cryptome June 2014 [was: data mine the snowden files]

On Wed, Jul 9, 2014 at 7:04 AM, coderman coder...@gmail.com wrote: ... anyone who would like to host mirrors is welcome to tell me how they anticipate mirroring ~30G of data as quickly as possible. :) based on feedback, here is what i intend: 1. A torrent of: USB-1.rar USB-2.rar Update-13

Re: [liberationtech] data mine the snowden files [was: open the snowden files]

On Wed, Jul 9, 2014 at 9:17 AM, John Young j...@pipeline.com wrote: Tag the Cryptome Archive: This is a trap, witting and unwitting. Do not use it or use at own risk. Source and this host is out to pwon and phuck you in complicity with global Internet authorities. Signed Batshit Cryptome and

[liberationtech] data mine the snowden files [was: open the snowden files]

On Sat, Jul 5, 2014 at 11:29 AM, Geert Lovink ge...@desk.nl wrote: ... the snowden files are of public interest. but only a small circle of people is able to access, read, analyze, interpret and publish them. and only a very small percentage of those files has been made available to the

[liberationtech] XKeyScore code authenticity - genuine [was: messing with XKeyScore]

the theme of messing with XKeyScore is amusing[0], but more to the point i was asked to respond to some concerns of authenticity made in a different post: Validating XKeyScore code http://blog.erratasec.com/2014/07/validating-xkeyscore-code.html i'm trying to keep this feedback technical, as i

Re: [liberationtech] XKeyScore code authenticity - genuine [was: messing with XKeyScore]

On Sun, Jul 6, 2014 at 7:11 PM, coderman coder...@gmail.com wrote: ... a regexp rule like: ''' extractors: {{ bridges[] = /bridge\s([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}):?([0-9]{2,4}?[^0-9])/; }} ''' is both written by a novice regexp'er, and also took them a bit of time

Re: [liberationtech] XKeyScore code authenticity - genuine [was: messing with XKeyScore]

On Sun, Jul 6, 2014 at 7:30 PM, coderman coder...@gmail.com wrote: ... the code do not point toward this being a non-fictitious example, i meant non-functional, fictitious example of course. and with that, i will leave my further comments to a later, more sober date... airport security, here

Re: [liberationtech] XKeyScore code authenticity - genuine [was: messing with XKeyScore]

On Sun, Jul 6, 2014 at 7:51 PM, Nathan Andrew Fain nat...@squimp.com wrote: ... the half hazard rules protecting five eyes users. Apparently as someone (terrorist or not) accessing Tor from the five eyes nations you are filtered out. If you also happen to have looked at the linux journal there

Re: [liberationtech] Mapping out physical surveillance across a city

On Tue, Jun 24, 2014 at 11:19 AM, Patrick ape...@gmail.com wrote: How would one map an entire city's surveillance anyway? Are the location of police cameras available? And even if they are, how does one map out all the private cameras watching? you compromise all of a city's network

Re: [liberationtech] [GNU/consensus] Why support Reset the Net ? I don't get it

On Thu, Jun 5, 2014 at 11:23 AM, carlo von lynX l...@time.to.get.psyced.org wrote: ... the change of attitude needs to happen in the browsers and in the W3C, not in the gazillions of websites that should all invest serious amounts of money. browsers should ship with a public-key routing

Re: [liberationtech] [GNU/consensus] Why support Reset the Net ? I don't get it

On Thu, Jun 5, 2014 at 3:28 AM, carlo von lynX l...@time.to.get.psyced.org wrote: Heya.. I saw ... https://www.resetthenet.org Yet the things the page recommends are band-aids. in terms of first steps, the https push is the most approachable. passive, blanket surveillance resistance maybe a

Re: [liberationtech] stinky shit in fedland - lawful^H^H^Hless mobile fuckery cover-ups in progress...

for those new to this game, the storyline is summarized below, On Tue, Jun 3, 2014 at 7:53 PM, coderman coder...@gmail.com wrote: ... U.S. Marshals Seize Local Cops’ Cell Phone Tracking Files in Extraordinary Attempt to Keep Information From Public RED FLAG #1: The Sarasota Police initially

[liberationtech] PBS Frontline and The Program's innovative legal interpretations [was: stinky shit in fedland - lawful^H^H^Hless mobile fuckery cover-ups in progress...]

.2.mp4 best regards, On Tue, Jun 3, 2014 at 8:12 PM, coderman coder...@gmail.com wrote: ... - Truly In-discriminant and Whole-sale Invasions of Constitutionally Protected Communications Are Routine Fed Behaviors and not just routine but the expected side effects of military blunt-force

Re: [liberationtech] PBS Frontline: United States of Secrets ( 2 part series )

On Fri, May 23, 2014 at 9:04 PM, Gregory Foster gfos...@entersection.org wrote: http://www.pbs.org/wgbh/pages/frontline/united-states-of-secrets/ http://video.pbs.org/video/2365245528/ ... Also available at ThoughtMaybe: http://thoughtmaybe.com/the-united-states-of-secrets/ anyone know where

Re: [liberationtech] Auditing of Auto-Update of software commonly used by Human Rights Defenders

On Thu, May 15, 2014 at 2:47 PM, Tom Ritter t...@ritter.vg wrote: On 14 May 2014 23:36, Fabio Pietrosanti (naif) li...@infosecurity.ch wrote: i think that would be very important to organize a project to Audit the functionalities of Auto-Update of software commonly used by human rights

Re: [liberationtech] Programming language for anonymity network

On Fri, Apr 18, 2014 at 8:25 PM, coderman coder...@gmail.com wrote: ... the criteria:... 1) Familiarity: ... 2) Maturity: ... 3) Language security: ... 4) Security of runtime / tool chain:.. use modern C++ with testing discipline. also relevant: https://chriskohlhepp.wordpress.com

Re: [liberationtech] Programming language for anonymity network

On Fri, Apr 18, 2014 at 1:26 AM, Stevens Le Blond stev...@mpi-sws.org wrote: ... We are a team of researchers working on the design and implementation of a traffic-analysis resistant anonymity network... is this an implementation of existing research, or experimentation with novel

Re: [liberationtech] Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH]

Analysis Platform: Data analysis is performed on a cluster of 17 high-end servers connected to a Storage Area Network (SAN) with a capacity of 10 TB. On Tue, Mar 18, 2014 at 7:54 PM, coderman coder...@gmail.com wrote: ... [ lots of tapping, everywhere! ] -- Liberationtech is public archives

Re: [liberationtech] Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH]

, began in 2009. Its RETRO tool, short for retrospective retrieval, and related projects reached full capacity against the first target nation in 2011. --- end top post of great negligence --- On Tue, Jun 25, 2013 at 10:09 AM, coderman coder...@gmail.com wrote: On Tue, Jun 25, 2013 at 6:26 AM, Eugen

Re: [liberationtech] Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH]

On Tue, Mar 18, 2014 at 4:28 PM, coderman coder...@gmail.com wrote: regarding the latest discussion of full take voice and cache for weeks... i linked to WCI as one of many; the Northstar upgrade complete with wetland beautification as example of infrastructure at a landing site consistent

Re: [liberationtech] A modest proposal for protecting the work (and freedom) of activists.

On Sat, Jan 25, 2014 at 3:23 PM, Ben Laurie b...@links.org wrote: [low latency vs. anonymity] Actually, it seems it is a natural law. Hope is not a strategy. natural in that they interfere with each other? (like multi-path fade, apply science for great justice! (e.g. more radios, better

Re: [liberationtech] 15 years later, why can't Johnny still not encrypt?

On Thu, Jan 16, 2014 at 6:20 AM, Mrs. Y. networksecurityprinc...@gmail.com wrote: ... http://www.edge.org/conversation/smart-heuristics-gerd-gigerenzer your caloric heuristic optimization, is my bug. (now if only we could patch wetware! ;) Tempest: perhaps we should clarify incentives.

Re: [liberationtech] Encrypted Pastebins: Attack Vectors against ezcrypt.it and 0bin.net

On Tue, Jan 14, 2014 at 6:44 PM, Uncle Zzzen unclezz...@gmail.com wrote: 3. Passive global adversary attack: As long as the JS is what the owner claims it is (assuming it's code that has been peer reviewed enough according to your standards), it doesn't matter whether they confiscate

Re: [liberationtech] Encrypted Pastebins: Attack Vectors against ezcrypt.it and 0bin.net

On Tue, Jan 14, 2014 at 6:53 PM, Tony Arcieri basc...@gmail.com wrote: ... http://cryptosphere.org I also detail the present unsuitability of the browser for cryptographic applications in this blog post: http://tonyarcieri.com/whats-wrong-with-webcrypto i see what you did there. browser

Re: [liberationtech] The Intimidation Factor: How a Surveillance State Can Affect What You Read in Professional Publications

On Wed, Jan 1, 2014 at 9:11 PM, coderman coder...@gmail.com wrote: attempting to obtain a copy of: The Intimidation Factor: How a Surveillance State Can Affect What You Read in Professional Publications https://www.computer.org/csdl/mags/co/2013/12/mco2013120091-abs.html see also: http

Re: [liberationtech] Recent Der Spiegel coverage about the NSA and GCHQ

On Thu, Jan 2, 2014 at 4:37 PM, Jacob Appelbaum ja...@appelbaum.net wrote: ... I wanted to write to highlight some important documents that have recently been released by Der Spiegel about the NSA and GCHQ. We worked very hard and for quite some time on these stories - I hope that you'll

[liberationtech] The Intimidation Factor: How a Surveillance State Can Affect What You Read in Professional Publications

attempting to obtain a copy of: The Intimidation Factor: How a Surveillance State Can Affect What You Read in Professional Publications https://www.computer.org/csdl/mags/co/2013/12/mco2013120091-abs.html i appear unable to download successful purchase, There is no down-loadable article.. does

Re: [liberationtech] The Intimidation Factor: How a Surveillance State Can Affect What You Read in Professional Publications

On Wed, Jan 1, 2014 at 9:11 PM, coderman coder...@gmail.com wrote: ... does anyone have details on the nature of the pressure to censor in this case? only other information from RISKS digest: Surveillance leads to censorship? [PGN retitling] Robert Schaefer r...@haystack.mit.eduMon, 30 Dec

Re: [liberationtech] To Protect and Infect - the edges of privacy-invading technology

On Tue, Dec 31, 2013 at 10:04 AM, Hannes Frederic Sowa han...@stressinduktion.org wrote: ... There is a very big difference e.g. I (and a lot of other people too, I guess) will react to vendors whose debug interfaces where just hijacked by the NSA to install backdoors and where the vendors

Re: [liberationtech] To Protect and Infect - the edges of privacy-invading technology

On Tue, Dec 31, 2013 at 8:02 PM, Hannes Frederic Sowa han...@stressinduktion.org wrote: ... Most of the implants are installed without we surely know if the vendors did know about that or am I missing something? are you only considering this 30C3/catalog set of docs? venally complicit to

Re: [liberationtech] To Protect and Infect - the edges of privacy-invading technology

On Mon, Dec 30, 2013 at 9:14 PM, Hannes Frederic Sowa han...@stressinduktion.org wrote: ... Actually, somehow, I have a feeling of relief to see that major hardware vendors don't seem to specifically work hand in hand with the NSA to implement backdoors. you're assuming this dump is

Re: [liberationtech] Defunding the NSA right now

On Thu, Nov 7, 2013 at 11:51 AM, Griffin Boyce grif...@cryptolab.net wrote: ... If you want the NSA to be defunded, not only de-fund the intelligence agencies, but also disclose to vendors all of the classified vulnerabilities and exploits they've identified and weaponized under TAO and

Re: [liberationtech] arkOS starts funding campaign to push forward development

On Tue, Nov 5, 2013 at 2:09 PM, Jacob Cook ja...@jcook.cc wrote: ... I'm not sure what you mean off the top of my head by if cables will be included as a service - could you elaborate? cables: secure and anonymous communication using email-like addresses, pioneered in Liberté Linux.

Re: [liberationtech] [guardian-dev] Randomize MAC of Android phone?

On Thu, Oct 24, 2013 at 5:23 AM, Timur Mehrvarz timur.mehrv...@riseup.net wrote: ... The Android Wifi kernel drivers seem to not implement the functionality behind 'ifconfig wlan0 hw ether' (what is behind the ioctl call being used by ifconfig). i've had success with HTC, LG, and Samsung

Re: [liberationtech] Google Unveils Tools to Access Web From Repressive Countries | TIME.com

On Wed, Oct 23, 2013 at 12:13 PM, Adam Fisk af...@getlantern.org wrote: ... we really would love to hear any criticisms of Lantern people may have, including anything technical or ... make Latern function as a pluggable transport for Tor!

Re: [liberationtech] Google Unveils Tools to Access Web From Repressive Countries | TIME.com

On Mon, Oct 21, 2013 at 8:27 PM, Shava Nerad shav...@gmail.com wrote: So, I've had this post in draft since 10/15, and I added some links and a couple paragraphs,... real names as a move based on online civility is just as much bullshit today as it was then. only more evidently so! while this

Re: [liberationtech] Randomize MAC of Android phone?

On Sat, Oct 19, 2013 at 2:32 AM, Jerzy Łogiewa jerz...@interia.eu wrote: ... Is it possible to randomize wifi MAC of Andorid phone on power up? this works for most wifi devices if you have root; just modify init scripts to ifconfig hw ether a random mac (you can do this in shell). don't

Re: [liberationtech] Snowden sets OPSEC record straight

On Fri, Oct 18, 2013 at 5:43 AM, Tom O winterfi...@gmail.com wrote: ... 1. NSA won't say what damage has been caused. They still operate in the dark. They'd be stupid to say anything either way. Silence doesn't equate to no damage. desperate times and desperate measures; while this is

Re: [liberationtech] Snowden sets OPSEC record straight

On Fri, Oct 18, 2013 at 1:38 PM, Tom O winterfi...@gmail.com wrote: Greenwald has stated on twitter that Snowden has access to docs. do you have links to the tweets in question? there was interesting discussion on the reddit AMA[0] as well, however, i do not recall seeing this ongoing access

Re: [liberationtech] The missing component: Mobile to Web interoperability (in Internet Freedom Technologies)

On Wed, Sep 25, 2013 at 9:32 PM, coderman coder...@gmail.com wrote: [... re: NSA has found a way to break Tor... ] i suspect it is the latter that is more concerning. of course NSA has the ability; but do they share it? the recent releases[0] have shown this to be more complicated than

Re: [liberationtech] USB Block Erupters as RNG sources?

On Thu, Oct 3, 2013 at 2:43 AM, d.nix d@comcast.net wrote: ... Curious; anyone know much about what these inexpensive (comparatively, price seems steadily falling) ASIC Block Erupter USB Bitcoin miners can be adapted to doing? Could they be repurposed as RNG sources? at best you *might*

Re: [liberationtech] settings?

On Wed, Sep 25, 2013 at 10:47 AM, Lina Srivastava l...@linasrivastava.com wrote: ... I don't know about others, but my libtech emails are starting to end up in my spam filter, saying that others have been marking them as spam -- I didn't mark them as such. Just fyi that some subscribers might

Re: [liberationtech] settings?

On Wed, Sep 25, 2013 at 10:51 AM, Lina Srivastava l...@linasrivastava.com wrote: Never happened to me before on this particular list and I've been on it for a few years. i think you've been unusually lucky ;) it would be interesting to know if specific senders are getting spam filtered, or

Re: [liberationtech] The missing component: Mobile to Web interoperability (in Internet Freedom Technologies)

On Wed, Sep 25, 2013 at 1:34 PM, Jonathan Wilkes jancs...@yahoo.com wrote: ... Roger Dingledine has said that his biggest fear is that the NSA has found a way to break Tor, citation? ;) ... and they whisper what they know to other agencies only in those cases where doing so wouldn't risk

Re: [liberationtech] Why can’t email be secure? - Silent Circle Blog

On Wed, Sep 18, 2013 at 8:27 AM, Eric Mill e...@konklone.com wrote: I highly doubt Google is filtering stuff out for the NSA... The simpler explanation is that Google Alerts is 100% broken because it makes Google no money and doesn't do much for their core business interests. i suppose

Re: [liberationtech] Why can’t email be secure? - Silent Circle Blog

On Sun, Aug 25, 2013 at 1:21 PM, coderman coder...@gmail.com wrote: ... 10,000 news alerts from scores of filters (everything from TS//SI//NF to Flame OR Gauss OR Duqu OR Stuxnet to Goldreich–Goldwasser–Halevi),.. sometime over the past few weeks google alerts has started filtering (certain

Re: [liberationtech] Naive Question

On Wed, Sep 11, 2013 at 2:52 PM, R. Jason Cronk r...@privacymaverick.com wrote: Anything which potentially signaled your receipt of an NSL would be grounds for prosecution under the gag-order. This is what the prosecutor was alluding to when he signaled that Lavabit's shut down was tantamount

Re: [liberationtech] Random number generation being influenced - rumors

On Sat, Sep 7, 2013 at 10:26 AM, Eugen Leitl eu...@leitl.org wrote: ... There is a hardware RNG in the AMD Geode LX. I tried very hard to find any documentation, but found effectively nothing. Am I that bad at searching, or this really a black box? the only decent on-die RNG i have used was

Re: [liberationtech] WaPo releases details on US offensive cyber-ops

On Mon, Sep 2, 2013 at 10:44 AM, Gregory Foster gfos...@entersection.org wrote: ... The NSA designs most of its own implants, but it devoted $25.1 million this year to “additional covert purchases of software vulnerabilities” from private malware vendors, a growing gray-market industry based

Re: [liberationtech] FW: NSA Admits: Okay, Okay, There Have Been A Bunch Of Intentional Abuses, Including Spying On Love Interests | Techdirt

On Sat, Aug 31, 2013 at 4:10 PM, Matt Johnson railm...@gmail.com wrote: Tomasz, you seem to have a dark view of human nature. some may argue willingly participating in and furthering an illegal, global surveillance infrastructure is a character flaw consistent with other morally objectionable

Re: [liberationtech] Why can’t email be secure? - Silent Circle Blog

On Sun, Aug 25, 2013 at 11:59 AM, katana kat...@riseup.net wrote: ... as Ladar replied in http://www.democracynow.org/2013/8/13/exclusive_owner_of_snowdens_email_service to Amy's question 'Do you think people should use email?': 'Yeah, I think it’s a great way to communicate ... And I think

Re: [liberationtech] Why_can't_email_be_secure

On Sun, Aug 25, 2013 at 12:26 PM, Ali-Reza Anghaie a...@packetknife.com wrote: ... And herein lies the problem - Silent Circle isn't talking to us - they are talking to the other 99.99% of email users in the world. and to StealthMonger's point about latest generation mix networks for best

Re: [liberationtech] NSA Admits: Okay, Okay, There Have Been A Bunch Of Intentional Abuses, Including Spying On Love Interests | Techdirt

On Fri, Aug 23, 2013 at 10:25 PM, James S. Tyre jst...@eff.org wrote: Best summary: https://twitter.com/slworona/status/370946271646711809 indeed; this codename gives the lie to all the congressional testimony, to all the claims of controls and judiciary oversight, to all the attestations of

Re: [liberationtech] NSA Admits: Okay, Okay, There Have Been A Bunch Of Intentional Abuses, Including Spying On Love Interests | Techdirt

LOVEINT!!! oh god this alone makes it all worth it,,, thank you Snowden! P.S. setup a bitcoin donation address. best regards, On Fri, Aug 23, 2013 at 9:21 PM, Yosem Companys compa...@stanford.edu wrote:

Re: [liberationtech] And now for some completely different flame... Chrome + password management

On Wed, Aug 7, 2013 at 9:09 PM, Patrick Mylund Nielsen cryptogra...@patrickmylund.com wrote: Encrypting the passwords with a master passphrase wouldn't be useless... even if this is useful, it is a policy that should be implemented in the key manager and not the browser (or any other app, each

Re: [liberationtech] Anonymity Smackdown: NSA vs. Tor

On Tue, Aug 6, 2013 at 8:43 PM, Kyle Maxwell ky...@xwell.org wrote: ... The key, obviously, is the primary assertion that the NSA runs lots of Tor nodes. it is incorrect to assume this is for attacking anonymity of Tor users. more likely these nodes are used as trusted guards and exits in

Re: [liberationtech] And now for some completely different flame... Chrome + password management

On Wed, Aug 7, 2013 at 7:04 PM, Brian Conley bri...@smallworldnews.tv wrote: Are they being irresponsible or aren't they? http://mashable.com/2013/08/07/chrome-password-security/?utm_cid=mash-com-fb-main-link That is a serous question in interested to hear a variety of opinions this is how

Re: [liberationtech] Freedom Hosting, Tormail Compromised // OnionCloud

On Tue, Aug 6, 2013 at 12:28 PM, R. Jason Cronk r...@privacymaverick.com wrote: ... Anybody know what ever happened to Publius[1]? Did that concept ever go anywhere? 1 http://www.cs.nyu.edu/waldman/publius/ wow, that takes me back. i remember running publius when it launched back in the

Re: [liberationtech] EFF's new lawsuit against the NSA

On Tue, Jul 16, 2013 at 4:45 PM, James S. Tyre jst...@eff.org wrote: For those interested, we filed a new lawsuit against the NSA today. We have another still in litigation, but this one focuses on a specific aspect of the new revelations. Intro, FAQ and a link to the Complaint at

Re: [liberationtech] Call for Participants @ Noisy Square - Putting the Resistance back in OHM

On Mon, Jun 24, 2013 at 4:17 PM, Nadim Kobeissi na...@nadim.cc wrote: ... If you want to focus your ire on something, go take a look at how DEFCON and BlackHat are inviting NSA Director Keith Alexander to give the keynote! regarding same, seems the better half of these cons is giving

Re: [liberationtech] Unique Opportunity: Input to CEOs of Smartphone Manufacturers

On Thu, Jul 11, 2013 at 12:57 PM, Ben Doernberg ben.doernb...@gmail.com wrote: ... What would you change if you were the CEO of a major mobile device manufacturer? open source baseband firmware - these opaque blobs are a security nightmare and excellent point of attack for an entity with

Re: [liberationtech] In his own words: Confessions of a cyber warrior

On Wed, Jul 10, 2013 at 5:00 PM, Tom Ritter t...@ritter.vg wrote: ... if the tens of thousands figure included 'soft targets': [lots of soft targets...] ...Then I could see a tens of thousands figure. But if someone said they had more than, say, 250 completely distinct, weaponized exploits

Re: [liberationtech] In his own words: Confessions of a cyber warrior

On Wed, Jul 10, 2013 at 5:58 PM, Maxim Kammerer m...@dee.su wrote: ... He would learn about backdoors in encryption equipment by ordering their manuals? Where from, exactly, would he order such classified material? i'm not defending this individual specifically, but this is not at all

Re: [liberationtech] How to protect users from compelled fake ssl certs?

On Tue, Jul 2, 2013 at 10:01 AM, Ralph Holz h...@net.in.tum.de wrote: DANE: https://tools.ietf.org/html/rfc6698 CAA: https://tools.ietf.org/html/rfc6844 I wonder whether that would have protected against the Comodo Hacker. It seems it depends when and from where the CAA checks are run.

Re: [liberationtech] Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH]

On Tue, Jun 25, 2013 at 10:09 AM, coderman coder...@gmail.com wrote: ... cryptome has some great info on cable routes and facilities: http://cryptome.org/eyeball/cable/cable-eyeball.htm http://cryptome.org/nsa-seatap.htm http://cryptome.org/telecomm-weak.htm http://cryptome.org/nsa

Re: [liberationtech] Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH]

On Tue, Jun 25, 2013 at 6:26 AM, Eugen Leitl eu...@leitl.org wrote: ... Very few ISP's ever go to the landing stations, typically the cable operators provide cross connects to a small number of backhaul providers. That makes a much smaller number of people who might ever notice the

[liberationtech] Visual digests / checksums for security [was Re: What I've learned from Cryptocat]

On Thu, Aug 9, 2012 at 8:56 AM, Mark Belinsky mark.belin...@gmail.com wrote: ... I'm curious about the benefits/dangers of making the fingerprint of the SSL certificate more accessible to users through visual means... we've been exploring the ascii art that key fingerprints generate. It's

Re: [liberationtech] Hacking Humanitarian Technology Before the Bad Guys Do

On Fri, Jul 13, 2012 at 3:24 PM, George Chamales geo...@roguegenius.comwrote: ... As part of the process we'll be building an Openbox VM containing a dev version of OpenStreetMap, Ushahidi, and one or two other open source products. That VM will be released early next month along with a