Investigatory Powers Bill

November 22, 2016

The UK government has passed the Investigatory Powers Bill. This, according to the Guardian, “legalises a whole range of tools for snooping and hacking by the security services unmatched by any other country in western Europe or even the US”.

In truth, it merely legalizes what the government has been doing for years anyway – just consider what Ed Snowden revealed about the USA (via the NSA)n and the UK (via GCHQ) and their nasty snooping.  Indeed, Snowden said in Laura Poitras’ documentary film Citizenfour that GCHQ were spying illegally far more than the villainous NSA!  (I advise everyone to see Citizenfour – it’s widely available on bittorrent, check the Pirate Bay Proxy List for available downloads).

The Guardian rightly describes this new law-in-waiting “extreme surveillance”.  Also noted that it passed “with barely a whimper” – which is, of course, due to the atmosphere of heightened tension over “terrorist plots” that has hung over us for 15 years, since the Twin Towers atrocity.

We all need to use encryption and to anonymize as much as possible.  But as the companies that carry the bulk of internet traffic are in either UK or USA, it doesn’t look good. But try to get into encryption anyway – for everything – it’s the technical equivalent of putting your email in an envelope.  Would you be comfortable writing all your correspondence on the back of postcards, knowing that just anyone can read it?

 

7


Apple vs the FBI: Go on, Apple!

February 18, 2016

At the FBI’s urging, a federal magistrate has ordered Apple to create a program that will allow the FBI to get into an iPhone belonging to one of the San Bernardino shooters.  They claim this a one-off thing; they just want to gain access to the shooter’s phone.  On the radio I heard a federal justice spokesman explain it like this:  “If the FBI had a warrant to enter and search a house, but the house had a combination lock that would permanently lock the door if the wrong combination was entered a few times, the FBI would knock the door in using a tank.  All we want is for Apple to supply us with the tank.”

But that is nonsense.  If the locked-door scenario happened, the FBI would bring their own tank to knock the door in.  They wouldn’t ask a lock manufacturer to build the tank for them.

The US government have wanted a back-door into Apple’s iPhones for a while now. This has especially been the case since September 2014, when Apple introduced new encryption into its iPhone operating system that would make it mathematically impossible for the company to unlock them for investigators. This was a departure from the past, when investigators could get access to a device if they sent it to Apple headquarters with a search warrant.

The US authorities are painting this as strictly an anti-terrorism move, and that it would apply only to the iPhone in question.  But that is plain wrong.  Ever since the Ed Snowden revelations, FBI director James Comey has been trying to figure out a way around the software as he and Apple’s Tim Cook have traded barbs publicly and privately.  And now he and his colleagues are using thie San Bernadino murders as a way to create case law that could force tech companies to provide back doors into their products.  The FBI claim they want Apple to create a master key just for the one iPhone; but once the precedence had been set, the authorities would use the Apple master key whenever they felt like it, and would be on sure ground to insist other Silicon Valley companies do the same.

Security professionals have pointed out that back doors are not the way to carry out investigations: see here and here for just a couple of examples.  The tragic San Bernadino shootings are, I’m sorry to say, just a way for the US authorities to get the back doors they want on faulty reasoning.  I’m happy Apple have contested this court order.  I don’t like Apple products or their propriety approach, but I’m at one with them that individual freedom is paramount.  After all, isn’t individual freedom what we are trying to defend from people like ISIS?

In addition to that: criminals might get hold of back door tools and use them to steal identities, bank details etc; and oppressive foreign governments might use them to persecute pro-democracy activists.  The authorities will obviously claim that no one will be able to access these master keys.  But the US government, among others, have suffered theft of data frequently; and foreign governments have spies, whose job is to steal secret tools and information.

To go back to the locked door and tank scenario: in this case the US authorities should bring their own tank – the NSA.  Or do they really expect us to believe that the NSA couldn’t crack this one phone?

Apple-Logo

Apple: doing the right thing


Why putting back doors in message apps will not stop terrorism

February 17, 2016

I’m not a security expert.  So why don’t you listen to one?  This video is Bruce Schneier, a well-known security and cryptography expert, taking questions at DEFCON 23.  He addresses the issue of back doors at about 07:20, but the entire video is worth watching.

If you don’t want to watch it, I’ll paraphrase:   The feds say that ISIS recruits via Twitter.  A recruiter will get into conversation with people,  and the feds can monitor that okay.  But then the recruiter says “go download secure-app X” and all of a sudden the authorities can’t monitor them any more.  This makes the cops sad.  So they want to put back doors in all the messaging apps.  But that is not going to solve the problem!

(About 09:10) “This is not a scenario that any type of back door solves. The problem isn’t that the main security apps are encrypted. The problem is that there is one security app that is encrypted. The ISIS guy can say ‘Go download Signal, go download Mujaheddinsecrets, go download this random file encryption app I’ve just uploaded on Github ten minutes ago.’ The problem is not the encryption apps that the authorities want to get into, the problem is general purpose computers.  The problem is the international market for software.”  Back doors are not the solution for the problem the authorities claim to have.

You’d have to put back-doors in all messaging apps.  Not just the mainstream ones.  Not the not-so-popular niche apps that some people like to use.  ALL apps.  Including ones created by ISIS guys and uploaded to whatever-server-wherever-whenever.  “So we need to stop talking about that [back doors] or we’re going to end up with some really bad policy.” [about 10.00]

 

 


The govt need “back doors” to thwart terror attacks? Bullshit: they just need to do their jobs properly.

January 1, 2016

Govts everywhere are talking up their need for back-doors in encryption etc by saying how the Paris killers got away with so much because of their encryption opsec skillz… but it turns out their opsec is flaky as shit and backdoors wouldn’t be nearly as useful to the cops as listening to the repeated warnings they’d got from Turkey.

Wired.com reported that “news reports of the Paris attacks have revealed that at least some of the time, the terrorists behind the attacks didn’t bother to use encryption while communicating, allowing authorities to intercept and read their messages…

“Reports in France say that investigators were able to locate some of the suspects’ hideout this week using data from a cellphone apparently abandoned by one of the attackers in a trashcan outside the Bataclan concert hall where Friday’s attack occurred, according to Le Monde. Authorities tracked the phone’s movements prior to the attack, which led them to a safehouse in a Paris suburb where they engaged in an hours-long shootout with the other suspects early Wednesday. These would-be attackers, most of whom were killed in the apartment, had been planning to pull off a second round of attacks this week in Paris’s La Defense business district, according to authorities.”

Other reports indicate that a previous ISIS terrorist plot targeting police in Belgium was disrupted in that country last January because Abdelhamid Abaaoud—suspected mastermind of both that plot and the Paris attacks—had failed to use encryption. He also carelessly left behind a cellphone in Syria, which contained unencrypted pictures and videos, including one now-infamous video showing him smiling from a truck as he dragged bodies of victims through a street.

The killers were guilty of serious OPSEC failures… sometimes they didn’t use encryption at all, sometimes they left plaintext evidence lying round where anyone could find it. But as crappy as the terrorists were, the French cops were worse: Turkish authorities have said they tried to warn French authorities twice about one of the suspects but never got a response.

But Western authorities, notably the US and the Brits, have been complaining that they need their secret back-doors to beat the killers, even suggesting that  “US companies like Apple and Google have blood on their hands for refusing to give intelligence and law enforcement agencies backdoors to unlock customer phones and decrypt protected communications”.

My question for the authorities is this: if encryption products have back doors built into them for law enforcement to use, isn’t it likely that crooks will also be able to use these back doors to steal our personal info, IDs, banking details, our entire fucking lives?  The govt are constantly losing top secret laptops on trains and in taxis, and computer intruders regularly bust into official data centres and make off with piles of sensitive data.  Do the authorities think their new back doors will somehow be magically better than all the fucked up attempts at secrecy and security they’ve tried before?

US-paramilitaries

Also, if the authorities get their way, they will be able to find out anything they want to about us.  Maybe (ha ha) that’s not a big problem right now.  But who knows what changes in governments will happen?  Far-right parties are getting more popular all the time.  And look at US presidential hopeful cock Trump: one press of a button and he’ll know exactly where to go to round up the Muslims he hates and send them to be tortured and killed by his friend Assad in Syria.

Don’t listen to the authorities when they say why they “need” the ability to access every bit of data on us.  They don’t need it.  They want it.  Just as they’ve always wanted new ways to eliminate those they don’t like.

giff-logo-small

CLICK ME FOR FREE SIMS!

free web stat


How to search the internet 4: Understanding search engine results

May 12, 2010

This is the fourth part of my guide on how to search the internet. Part 1 is here, part 2 is here, and part 3 is here. Part 5, about using “advanced operators” is here.

So you’ve used Google or some other web search engine, following the tips I’ve given you in this little series, and you’ve been confronted with “results” that don’t actually seem to be any help whatsoever. And it’s true, often Google comes across as an incomprehensible joke designed to make you feel bad. But don’t fret: Google (and its kind) really don’t want you to run screaming; they want you to use the results to find what it is you’re looking for. Unfortunately, this may involve having to learn a thing or two about how Google works. It may be scary-looking at first glance, but really Google want you to find their results pages easily to comprehend. They want you to return to Google.com every time you want help in finding what you want. It can be a rather intimidating interface the first time you look at a results page: but it is all pretty simple really. You just need to know how to understanding the reams of info Google throws at you. Hopefully, this 4th part of my guide will make it all seem far easier.

First thing first: very often Google will offer you a list of sponsored results that may give you what you’re looking for; but if you click on a sponsored link you will be putting money in Mr Google’s pocket and chances are that link will be useless. Forget the sponsored links: go for the meat and potatoes in the list of real links.

Look at the search results; very often you will find other kinds of info alongside those results. Stuff like:

Suggested spelling corrections: Google may think you typed in your query incorrectly. If you’re no good at spelling, this can be a life-saver. But if you know damn well you typed your query correctly, forget this option;

Dictionary definitions: Are you actually searching for the word/s you mean to search for? Maybe you are, maybe you’re not. Think about it. Spelling can be a right tricky operation;

Cached pages: Google carries a huge number of pages that are not currently up to date. Maybe one of those cached pages may contain the info you need. Worth checking if regular searches are turning up sweet F-all;

Similar pages: Often Google won’t find a page that contains the precise info you want, but it has algorithms to turn up similar results. Have a look at them, you’ve nothing to lose really…;

News headlines: A webpage dealing with your query might be hard to find, but it’s often easier for Google to find news stories on related material. And these news stories may well include links to more relevant info. This can save you a bunch of time searching for that little nugget of info that will give you what you want. Remember: news stories are updated frequently, whereas a static page may never be more relevant. Use those options;

Product search: You want to know something about a particular project name. So search for that project name, add a bit of info on what the product can/is meant to do, and see what turns up. This approach works a lot more than you might think;

Translation: So what you want isn’t available in your mother tongue. But it may well be out there for speakers of other languages. Just think: if you are looking for info on a product released by a Portugese company, what makes you think that info will be in English? Search Portugese sites, using Google’s Translation feature or the other translators offered by search services. These translators are often pretty crap; but at least it’ll give you a good idea of what’s what;

Do book searches: Useful info may not yet be available in articles, but books often contain useful stuff. So it can often be a good idea to do a book search;

Cached pages: When a web page is undergoing a lot of changes, clicking on a Google link to a page might take you to the latest version of that page, which may be missing information that was presented some time before. Sometimes, these changes can happen frequently, so a Google link will not take you to the info that the search results first suggested.

Fortunately, Google will often cache an earlier version of the page. So, let’s say a particular page yesterday contained the info you want; but you go to today’s version of the page no longer holds that info. A problem? Not necessarily. Next to the Google link to the updated page will be a link to a [i]cached[/i] version of the page; basically, a version of the page that Google downloaded and cached before the important info was removed. So you click to navigate to the cached page, and you will find the info as it was before it got removed. Google’s system of caching certain pages helps ensure that the history of the web is respected to a certain extent.

If you want to download a version of a page that existed longer ago (several weeks, or months, maybe even years) you can go to [b]The Wayback Machine[/b] at archive.org. This is a project to archive internet sites the way they were in the past, so the current generation’s “now now now” attitude doesn’t drive the history of internet sites into oblivion. [b]The Wayback Machine[/b] doesn’t promise to archive the internet of the past forever; but it is a very useful project that has a multitude of potential uses. Archive.org, like most such projects, is run by volunteers and is always in need of financial support, as well as more practical support such as providing servers. I’d advise anyone who finds such projects very useful to contribute even just a few dollars.

There’s a lot of info on how to understand Google results, and how to configure the way Google works to it gives you the info you want and hopefully protects your privacy, here: http://www.googleguide.com/category/understanding-results/http://www.googleguide.com/category/understanding-results/. I really advise anyone who’s seriously into using Google as best they can to check out this info. Google really is one of the best resources available online… and it’s free! Let’s make the most of it while we can! Before the goddamn Man tries to take it away from us!

_gos=’c4.gostats.com’;_goa=354450;
_got=2;_goi=2;_goz=0;_gol=’Free hit counter’;_GoStatsRun();
Free hit counter
Free hit counter

var _clustrmaps = {‘url’ : ‘https://ihatehate.wordpress.com’, ‘user’ : 904987, ‘server’ : ‘2’, ‘id’ : ‘clustrmaps-widget’, ‘version’ : 1, ‘date’ : ‘2011-06-30’, ‘lang’ : ‘en’ };(function (){ var s = document.createElement(‘script’); s.type = ‘text/javascript’; s.async = true; s.src = ‘http://www2.clustrmaps.com/counter/map.js’; var x = document.getElementsByTagName(‘script’)[0]; x.parentNode.insertBefore(s, x);})();Locations of visitors to this page


Chaos Communication Congress 2009: media files of presentations available for download

December 31, 2009

No one can say the Chaos Computer Club is slow off the mark. The 26th Chaos Communication Congress, the CCC’s annual tech conference ended just the other day, and the German hackers have already posted on the internet audio and video files of the various talks and presentations. You can download video (.mp4 and iPhone-friendly .mp4) and audio files (.mp3 and .ogg) here.

I haven’t had a chance yet to view any of the files, but I will as soon as I can. The CCC made big news by announcing they’d successfully cracked GSM cellphone encryption – you can read reactions in the tech press here and here. This isn’t just big news – it’s massive (though GSM spokespeople have been dismissing its importance) – as soon as I’ve checked out the presentation and looked at any accompanying documentation I’ll post my badly informed opinion. But right now I can’t see how cracking GSM could be dismissed as unimportant; it has up to an estimated 3 billion users worldwide, which surely makes it very important to a lot of people. I think the GSM Association is blowing smoke out of its ass trying to minimize the bad press. But will my opinion change once I’ve studied the materials? Watch this space!

I doubt the GSM crack will be the only thing at 26C3 to grab my attention. I recommend anyone with an interest in IT (in)security to go look at the media files of presentations that always become available after a hacker conference. For instance, you can get video/audio of DEFCON17 talks here, and recordings from the Dutch hacker camp HAR2009 here. I find this stuff so interesting… and seriously educational too. So check it out, peeps!

_gos=’c4.gostats.com’;_goa=354450;
_got=2;_goi=2;_goz=0;_gol=’Free hit counter’;_GoStatsRun();
Free hit counter
Free hit counter


%d bloggers like this: