Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×

Comment Re:interesting (Score 1) 5

by PhilipTheHermit (#44443203) Attached to: Annoyed at the NSA, I've written a tutorial about anonymity...

Well, my specific concern is that the NSA's data collection system presents a real danger to us. I don't feel it's fear mongering; my fear is completely valid. Whether or not the NSA and the Obama administration are abusing these powers is irrelevant. Future presidents not only might abuse them, they are likely to abuse them. The main principle of my book is that if you have an opinion on any political matter that might be used to persecute you in the future, it's in your best interest to express it as anonymously as possible, and if you're organizing protests or otherwise interacting with fellow activists, you'd better not only do so anonymously, you'd better encrypt your comms too.

It's not about having something to hide from the NSA. It's about engaging in things which are legal NOW, but which in the future may be made illegal and punished retroactively. We don't know what future administrations will do with these powers, so it's a good idea to try to shield yourself from them insofar as you are able. Again, this isn't fear mongering. This is applying caution. The examples I use in the book are things like for/against gun control, for/against birth control, for/against abortion rights. The point I try to make is, no matter what your position is on any controversial topic, some future administration might vehemently disagree with you about it, and use things you've said against you thanks to this awful system the NSA has constructed. It's a danger. The use of Tor and encryption can help prevent the things you say from haunting you years later.

I also mention the use of Tails on a thumbdrive, which is kind of neat. Someone recommended that to me recently, and it seems pretty solid.

As for more interest in security, I'm a big fan of that, but we should address one thing at a time, and prioritize. For me, this NSA Internet dragnet is a good place to start. If you can protect yourself from that, the rest should be rather easier, don't you think?

Submission + - Cybercriminals has heroin delivered to Brian Krebs, then calls police (krebsonsecurity.com)

Submitted by Okian Warrior
Okian Warrior writes: "Fans” of [security researcher Brian Krebs] have shown their affection in some curious ways. One called in a phony hostage situation that resulted in a dozen heavily armed police surrounding my home. Another opened a $20,000 new line of credit in my name. Others sent more than $1,000 in bogus PayPal donations from hacked accounts. Still more admirers paid my cable bill for the next three years using stolen credit cards. Malware authors have even used my name and likeness to peddle their wares.

But the most recent attempt to embarrass and fluster this author easily takes the cake as the most elaborate: Earlier this month, the administrator of an exclusive cybercrime forum hatched and executed a plan to purchase heroin, have it mailed to my home, and then spoof a phone call from one of my neighbors alerting the local police. Thankfully, I had already established a presence on his forum and was able to monitor the scam in real time and alert my local police well in advance of the delivery.

Comment Re:interesting (Score 1) 5

by PhilipTheHermit (#44442899) Attached to: Annoyed at the NSA, I've written a tutorial about anonymity...

Well, I'm running Fedora Gnu/Linux, and GnuPG. For public key encryption, I recommended RSA for both signing and encrypting, with 4096 bit keys. For protecting files, I recommended 256-bit AES or Twofish and symmetric encryption, with a long passphrase memorized and never written down or stored. I didn't write any encryption software myself; I'm trusting the people who wrote GnuPG, and the open source community, to "get it right". In answer to your question, yes, my disk has encrypted partitions, including swap.

The side channel attacks you mention don't seem like they'd be particularly easy to use to go after someone, particularly someone following the recommendations of my Linux book, which include using full-disk encryption. You seem to want to discourage people from trying to use these tools ("Encryption is HARD" -- uh, huh) rather than giving useful advice about how to use them well. I don't think this is a productive approach.

I'm not doubting your technical knowledge, but I wonder if some of the challenges you're making here are a little bit exaggerated. If you grabbed my laptop, for example, and the entire disk was encrypted with a nice, long pass phrase, how would you decrypt my AES-256 encrypted file within my encrypted home partition? How would you even be able to access swap? Not doubting, asking. What scenario is there where you'd have that level of access to my system without (for example) convincing me to decrypt it for you so you can use your attacks?

Mea culpa: I didn't mention whole-disk encryption in the Windows edition because it's my assumption that all the solutions in that realm are proprietary, and you have to assume a proprietary solution has a backdoor. Better to not mention it at all than to steer someone to a bad tool... I wish there was something I could do about that, but I don't know of any open source full-disk encryption schemes for Windows.

Submission + - A Sneak Peak at the DoE's Exascale-Class Operating System (hpcwire.com)

Submitted by Anonymous Coward
An anonymous reader writes: Linux is at the heart of a super-tweaked supercomputer OS being developed at Argonne National Laboratory. Pete Beckman, who serves as Director of the Exascale Technology and Computing Institute and is spearheading a DoE funded $9.75 million effort to make a Linux core speak at scale. The project, called Argo, will address traditionally non-OS-ish functions, moving middleware into the kernel and the OS ever-closer to the chip.

Submission + - BioShock Infinite DLC: Burial At Sea (bioshockinfinitedlc.com)

Submitted by Anonymous Coward
An anonymous reader writes: The New BioShock Infinite DLC called Burial at Sea Episode One is one of the most anticipated packs that is to be released for BioShock Infinite. Burial At Sea will take you back to the city of Rapture from the original BioShock but you will see it in 1958 before the Splicers took over.

Rapture will not be the same like in previous games. In this DLC they are combining the best of BioShock and BioShock Infinite to make a new even more amazing BioShock/Rapture experience. I’m excited to see everyone in Rapture before it fell apart and was destroyed.

Take a look at the new BioShock Infinite: Burial At Sea Trailer below to see a glimpse of the new Rapture City and the People in it.

Submission + - Annoyed at the NSA, I've written a tutorial about anonymity... 5

Submitted by PhilipTheHermit
PhilipTheHermit writes: Ok, Slashdot, I've been lurking around here for the better part of a dozen years, but I don't think I've ever submitted anything too significant... I'm actually a bit terrified because this is like putting my head in the lion's mouth. If my tutorial sucks, I'll probably be torn to shreds, although I hope that it doesn't suck. Keep an open mind when you read it, OK? So, here goes.

I think the reason why most people aren't using tools like TOR and encryption is that they don't know they CAN, and they think the government is all-powerful, as it's portrayed in movies and on television. Geeks like us know that it's not too hard to be anonymous online or use encryption, but there aren't enough of us doing these things to have much of an effect. What we need to do is get everyone ELSE using this stuff, to make the operation of a potential surveillance state as difficult as possible.

My central thesis here is that the answer to a surveillance state is to maintain two personas, the boring public one you don't care they're watching, and an anonymized one they can't pin to you where you express yourself freely without fear of punishment. My recommendations are to use Tor with anonymous email and forum accounts, GnuPG to protect your files, GnuPG and Tor with Thunderbird to protect your email, and Pidgin with Tor, OTR, and GnuPG to protect your text messaging (I also talk about Cryptocat, which when used through Tor, is kind of an interesting approach).

I've written tutorials for Gnu/Linux and Windows 8 so far (I consider Windows 8 to be a worst case scenario, so anything I managed to get working on 8 should work better everywhere else). I'm going to do a Mac OS/X version also, but I haven't started that one yet.

For Gnu/Linux, which I consider the best-case scenario, the tutorial is available for free download at my website (you can also buy a paper copy if you want to, but the free PDF is exactly the same content as the paper version). On the copyright page of my Gnu/Linux version, I give you permission to copy it to anybody you like, host it on any website you like, and in general, spread it as far and wide as you can (all I ask is that you don't modify it in any way). My site only has so much bandwidth, so if you like the tutorial, PLEASE mirror it and post links to the mirror, ok?

You can download the free tutorial here:
http://www.tech-hermitage.com/BooksAndDownloads/page0.shtml#ProtectingYourPrivacyAndAnonymityOnline

For proprietary operating systems, I'm not offering a free tutorial, but rather a proprietary one at modest cost. I think there's a nice symmetry to that. Besides, if the free PDF is Linux-only, this will give people an incentive to try Linux out, which is a good thing.

Submission + - Study finds 3D printers pay for themselves in under a year (computerworld.com)

Submitted by Lucas123
Lucas123 writes: Researchers using a RepRap open source 3D printer found that the average household could save as much as $2,000 annually and recoup the cost of the printer in under a year by printing out common household items. The Michigan Technical University (MTU) research group printed just 20 items and used "conservative" numbers to find that the average homeowner could print common products, such as shower rings or smartphone cases, for far less money than purchasing them online at discount Websites, such as Google Shopper. "It cost us about $18 to print all [20] items... the lowest retail cost we could find for the same items online was $312 and the highest was $1,943," said Joshua Pearce, an associate professor in the Materials Science and Engineering Department at MTU. "The unavoidable conclusion from this study is that the RepRap [3D printers] is an economically attractive investment for the average U.S. household already."

Submission + - NSA Director Defends Surveillance to Unsympathetic Black Hat Crowd

Submitted by Trailrunner7
Trailrunner7 writes: NSA director Gen. Keith Alexander’s keynote today at Black Hat USA 2013 was a tense confessional, an hour-long emotional and sometimes angry ride that shed some new insight into the spy agency’s two notorious data collection programs, inspired moments of loud applause in support of the NSA, and likewise, profane heckling that called into question the legality and morality of the agency’s practices.

Loud voices from the overflowing crowd called out Alexander on his claims that the NSA stands for freedom while at the same time collecting, storing and analyzing telephone business records, metadata and Internet records on Americans. He also denied lying to Congress about the NSA’s capabilities and activities in the name of protecting Americans from terrorism in response to such a claim from a member of the audience.

Submission + - The Greatest Toy KIT in the Universe! Mad Science kickstarts a Robot Spider Tank (kickstarter.com)

Submitted by Paradiso Shlee
Paradiso Shlee writes: Do you want to build an army of Spider Tank Robots?

From the inventor of the award winning toys. This kit lets you build your own robot! Easy enough for novices, cool enough for anyone! Who told you educational toys are boring??? Someone who's boring! That's who! Build this and learn something, or get it for your kids, and spark their imagination. Get them interested in science and awesome robots!!

Jaimie Mantzel is easily the closest we've ever come to a real life mad scientist and he's the creator of the Attacknid Combat Creatures Battling Toy Spider Robot built by WowWee. He's organised an agreement with the toy company to create a kit version that you build and decorate yourself.

Mantzel is also hard at work building a full-size spider tank in his private mountain lair.

Submission + - Congress Wants FCC To Auction TV White Spaces (rollcall.com)

Submitted by GovTechGuy
GovTechGuy writes: Things don't look good for Google, Microsoft and other companies hoping to experiment with super WiFi and other technologies in unused TV channels or "White spaces". Both House Republicans and Senate Commerce Chairman Jay Rockefeller are prodding the FCC to sell as much spectrum as possible at next year's incentive auction, which may not leave much for those hoping to advance the next generation of WiFi technology.

Submission + - NSA General Shouts Back At Black Hat Heckler (esecurityplanet.com)

Submitted by darthcamaro
darthcamaro writes: General Keith Alexander , the man behind the NSA's prism effort delivered a keynote at the Black Hat conference today. He attempted to set the record straight claiming what they do is all lawful and is saving American lives. During the keynote, General Alexander was heckled by someone in the audience that yelled out,"You should read the constitution."

The General responded, "I have and so should you."

Submission + - Declassified Docs Show NSA Snooping Had 'Compliance' Problems (washingtontimes.com)

Submitted by cold fjord
cold fjord writes: More on the NSA controversy. The Washington Times reports, "Director of National Intelligence James R. Clapper Jr. on Wednesday declassified three documents that showed there have been “a number of technical compliance problems” with the government’s phone-snooping program, as the Obama administration fights to preserve what it says is a critical tool in the war on terror. The documents lay out the administration’s legal backing of the National Security Agency snooping program, and give some broad details of the operation. One of the documents is a secret court order authorizing the NSA program. ... the other documents are heavily redacted 2009 and 2011 reports to members of the congressional intelligence committees about the use of the programs, where the intelligence community acknowledges “a number of technical compliance problems” occurred in 2009. “However, neither DOJ, NSA nor the FISA court has found any intentional or bad-faith violations,” the 2011 document asserts. "

Submission + - Government Study Finds TSA Misconduct up 26% in 3 years (cnn.com)

Submitted by rullywowr
rullywowr writes: CNN reports that a recent government study finds TSA misconduct has risen sharply in three years. Most have heard of the problems such as stealing however they recently report that some employees are sleeping on the job, taking bribes, and letting friends/family through the checkpoints without screening.

Slashdot Top Deals

"One lawyer can steal more than a hundred men with guns." -- The Godfather

Close