Re: [leaf-user] NSA back doors
On 09/05/2013 07:47 PM, Victor McAllister wrote: The Guardian has an interesting article on how to make it a little harder for NSA to read your encrypted traffic. Evidently they are tapping fiber, have compromised many routers and have back doors on lots of commercial software. The terrorists are not as dangerous to democracy as the spies. The politician who controls internet decryption can control the world. Think about it. http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance Victor, The NANOG mailing list is finding some gems too. NSA Laughs at PCs, Prefers Hacking Routers and Switches http://mailman.nanog.org/pipermail/nanog/2013-September/060773.html The US government has betrayed the Internet. We need to take it back http://mailman.nanog.org/pipermail/nanog/2013-September/060812.html Internet Surveillance and Boomerang Routing: A Call for Canadian Network Sovereignty http://mailman.nanog.org/pipermail/nanog/2013-September/060877.html [Cryptography] Opening Discussion: Speculation on BULLRUN http://mailman.nanog.org/pipermail/nanog/2013-September/060894.html -- Mike Noyes http://sourceforge.net/users/mhnoyes https://plus.google.com/113364780158082152468 -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58041391iu=/4140/ostg.clktrk leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] NSA back doors
On 09/05/2013 07:47 PM, Victor McAllister wrote: The Guardian has an interesting article on how to make it a little harder for NSA to read your encrypted traffic. Evidently they are tapping fiber, have compromised many routers and have back doors on lots of commercial software. The terrorists are not as dangerous to democracy as the spies. The politician who controls internet decryption can control the world. Think about it. http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance Victor, Thanks for the link to a good article by Bruce Schneier who recently joined the EFF. -- Mike Noyes http://sourceforge.net/users/mhnoyes https://plus.google.com/113364780158082152468 -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58041391iu=/4140/ostg.clktrk leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] NSA back doors
On 9/9/2013 9:50 AM, Mike Noyes wrote: On 09/09/2013 08:29 AM, Thomas Nail wrote: -snip- I totally believe that the NSA has and will continue to have significant eavesdropping and signals counter-intelligence capacity, including systems cracking and other nefarious measures. Intercepts have happened and will continue to happen. However, I think that the capabilities of this organization are being overblown in order to prop up it's own reputation and to spread FUD amongst it's enemies (a very good strategy for a spying agency, IMHO). Just looking at the logistical problems of routing and storing that much data - never mind doing any sort of real-time processing on it - makes me think that the grey hats might be exaggerating a bit for their target audience. That, and to sell more news stories... Tom, See: The Utah Data Center, also known as the Intelligence Community Comprehensive National Cybersecurity Initiative Data Center, is a data storage facility for the United States Intelligence Community that is designed to store extremely large amounts of data, estimated to be on the order of exabytes or higher. https://en.wikipedia.org/wiki/Utah_Data_Center How does NSA do it? Read about the special room (641A) discovered in an ATT building in San Francisco. Please notice they were using fiber splitting and probably routing the signals using their own equipment. http://en.wikipedia.org/wiki/Room_641A They also have the capability of splitting fiber as it passes between routers through oceans. Read 2005 article on USS Jimmy Carter. http://www.nytimes.com/2005/02/20/politics/20submarine.html?_r=0 If they can split fiber under the ocean, it would be trivial to do it to signals passing through a forest, renting fiber in the same cable to return the signals to their own routers and data centers. After all, they can command silence to those who might notice the evidence of fiber taping. How do they handle all this data? Well they store it in a buffer bigger than google. Eventually data that is not useful surely gets overwritten. Even NSA has limits. My Senator (Dianne Finstein) is the chairwoman of the Intelligence Committee. I wrote her on a number of occasions about the danger to constitutional government by NSA's total surveillance. Her answer is they are not touching the data without a court order. This is nonsense. They simply run everything through huge filters and a human only touches what the filter pulls out as interesting. The parameters of the filters are surely changed daily to fit what they are currently looking for. They can claim no one looked at the data even as the fastest parallel computers in the world are filtering it for them. LEAF can't help you when it comes to fiber taping on the internet backbones but it could help with this problem. http://www.internetnews.com/security/article.php/3895916/Millions+of+Home+Routers+Insecure+Black+Hat.htm Victor -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58041391iu=/4140/ostg.clktrk leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] NSA back doors
On Mon, Sep 9, 2013 at 8:28 AM, Mike Noyes mhno...@users.sourceforge.netwrote: On 09/05/2013 07:47 PM, Victor McAllister wrote: The Guardian has an interesting article on how to make it a little harder for NSA to read your encrypted traffic. Evidently they are tapping fiber, have compromised many routers and have back doors on lots of commercial software. The terrorists are not as dangerous to democracy as the spies. The politician who controls internet decryption can control the world. Think about it. http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance Victor, The NANOG mailing list is finding some gems too. NSA Laughs at PCs, Prefers Hacking Routers and Switches http://mailman.nanog.org/pipermail/nanog/2013-September/060773.html The US government has betrayed the Internet. We need to take it back http://mailman.nanog.org/pipermail/nanog/2013-September/060812.html Internet Surveillance and Boomerang Routing: A Call for Canadian Network Sovereignty http://mailman.nanog.org/pipermail/nanog/2013-September/060877.html [Cryptography] Opening Discussion: Speculation on BULLRUN http://mailman.nanog.org/pipermail/nanog/2013-September/060894.html -- Mike Noyes http://sourceforge.net/users/mhnoyes https://plus.google.com/113364780158082152468 -- leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ Trying not to be disingenuous, but how does all this data get where it's going? Suppose the NSA gets a carrier to turn on the firehose and intercept all traffic going through it's network. We're talking multiple terabyte streams of data *per day* at that point. One would think that a movement of traffic that large to a single place or set of known places, would be easily trackable over internet routers that report statistics publicly. Assuming that these carriers are under a gag order, there could certainly be a movement to dispute all of ones' network and/or cellular bills, citing said company's inability to provide accurate user data. Just a thought... Certainly, having to maintain a 50% router capacity overhead for governmental use would be galling to many networking companies. I totally believe that the NSA has and will continue to have significant eavesdropping and signals counter-intelligence capacity, including systems cracking and other nefarious measures. Intercepts have happened and will continue to happen. However, I think that the capabilities of this organization are being overblown in order to prop up it's own reputation and to spread FUD amongst it's enemies (a very good strategy for a spying agency, IMHO). Just looking at the logistical problems of routing and storing that much data - never mind doing any sort of real-time processing on it - makes me think that the grey hats might be exaggerating a bit for their target audience. That, and to sell more news stories... -- -=Tom Nail -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58041391iu=/4140/ostg.clktrk leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] NSA back doors
On 9/9/2013 6:28 AM, Mike Noyes wrote: On 09/05/2013 07:47 PM, Victor McAllister wrote: The Guardian has an interesting article on how to make it a little harder for NSA to read your encrypted traffic. Evidently they are tapping fiber, have compromised many routers and have back doors on lots of commercial software. The terrorists are not as dangerous to democracy as the spies. The politician who controls internet decryption can control the world. Think about it. http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance Victor, The NANOG mailing list is finding some gems too. NSA Laughs at PCs, Prefers Hacking Routers and Switches http://mailman.nanog.org/pipermail/nanog/2013-September/060773.html The US government has betrayed the Internet. We need to take it back http://mailman.nanog.org/pipermail/nanog/2013-September/060812.html Internet Surveillance and Boomerang Routing: A Call for Canadian Network Sovereignty http://mailman.nanog.org/pipermail/nanog/2013-September/060877.html [Cryptography] Opening Discussion: Speculation on BULLRUN http://mailman.nanog.org/pipermail/nanog/2013-September/060894.html The NSA secret court does not allow those forced to give up their users or open secret back doors to tell anyone about the secret orders. (Secret courts, IMO, fundamentally contradicts the notion of equal and open justice for all). Here is a scheme whereby a company would post a dead man switch message. If the sign went away, users would be notified in a negative way. http://www.theguardian.com/technology/2013/sep/09/nsa-sabotage-dead-mans-switch Victor -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58041391iu=/4140/ostg.clktrk leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] NSA back doors
On 09/09/2013 08:29 AM, Thomas Nail wrote: -snip- I totally believe that the NSA has and will continue to have significant eavesdropping and signals counter-intelligence capacity, including systems cracking and other nefarious measures. Intercepts have happened and will continue to happen. However, I think that the capabilities of this organization are being overblown in order to prop up it's own reputation and to spread FUD amongst it's enemies (a very good strategy for a spying agency, IMHO). Just looking at the logistical problems of routing and storing that much data - never mind doing any sort of real-time processing on it - makes me think that the grey hats might be exaggerating a bit for their target audience. That, and to sell more news stories... Tom, See: The Utah Data Center, also known as the Intelligence Community Comprehensive National Cybersecurity Initiative Data Center, is a data storage facility for the United States Intelligence Community that is designed to store extremely large amounts of data, estimated to be on the order of exabytes or higher. https://en.wikipedia.org/wiki/Utah_Data_Center -- Mike Noyes http://sourceforge.net/users/mhnoyes https://plus.google.com/113364780158082152468 -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58041391iu=/4140/ostg.clktrk leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] NSA back doors
Hi Victor I have to partially disagree :-) at 09.09.2013 19:10, Victor McAllister wrote: ... LEAF can't help you when it comes to fiber taping on the internet Sure it can, just remember the original goal of FreeSWan was opportunistic encryption of data links. It might be possible to break it, but it would give organizations like the NSA some time to tinker with it. Erich -- How ServiceNow helps IT people transform IT departments: 1. Consolidate legacy IT systems to a single system of record for IT 2. Standardize and globalize service processes across IT 3. Implement zero-touch automation to replace manual, redundant tasks http://pubads.g.doubleclick.net/gampad/clk?id=5127iu=/4140/ostg.clktrk leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/