Forgot your password?

Comment: Re:It's time we own up to this one (Score 3, Informative) 149

by AHuxley (#46730655) Attached to: NSA Allegedly Exploited Heartbleed
Re even qualified to implement protocols like this. Thats a very interesting point. How many have their tools of the trade via a top university settings and a security clearance option and dependant funding.
Once you start down the math path the classes get smaller and fewer stay for needed years vs lure of private sector telco or unrelated software work.
Most nations really do produce very few with the skills and keep them very happy.
Trips, low level staff to help, good funding, guidance, friendships all just seem to fall into place.
Bringing work home and helping open source could be seen as been an issue later vs students or team members who did open source games or made apps.

Comment: Re:Allegedly? (Score 2) 149

by AHuxley (#46730541) Attached to: NSA Allegedly Exploited Heartbleed
Re how did nobody else find out about this until now?
The same reason NATO and other US allies did not understand the NSA Martin and Mitchell defection in 1960 with the press conference saying:
"As we know from our previous experience working at N.S.A., the United States successfully reads the secure communications of more than forty nations, including its own allies."
Embassies, govs and firms went on using the same junk standard crypto hardware over decades of revisions. Some even got to re read their own secure embassy communications 'leaked' to the Western press.
There seems to be something missing on the story of gov, staff and developers when it comes to crypto products.
Skilled EU gov experts handing their own political leaders broken crypto that 5++ other nations can break seems too good to be true over generations.
Junk in the hardware decades, junk in the software decades all for speed, interoperability and after a good sales pitch?
Or a lot of skilled people around the world know and just tell their respective govs to bait the junk communications networks until US political leaders speak out.

Comment: Re:Conflict of interest (Score 2) 149

by AHuxley (#46730409) Attached to: NSA Allegedly Exploited Heartbleed
Re How do you propose to separate them? Offense and defense are not really two separate things; if you can do one, you can do the other.
Think back to past presidents views on parts of the the US intelligence community.
JKF had is views on the CIA after the Bay of pigs.
Rockefeller Commission, Church Committee, Pike Committee, Murphy Commission, the Select Committee on Intelligence and the Directorate of Operations events in 1977. The domestic activities, human experimentation issues and need for a ban on assassinations all became public. The CIA changed to technical collection removing a lot of staff.
Then you had joys of the Iran-Contra Affair then onto Intelligence Authorization Act.
The NSA could face the same path due to the loud, public domestic activities around U.S. citizens and persons with U.S. permanent residence. A return to its classic quiet support role around the world vs its new emerging need to play a role or say in offensive direct action roles.
The GCHQ had it right - stay hidden, build a vast tech, political and staff foundation going back generations and never comment on very much.
Recall the end of the Clipper conversations the US gov had with the public over role of US code experts and US exports?
In the end it seemed you could have any crypto you wanted at any price or for free....
The "separate" has to come back to protecting U.S. citizens from a vast life long domestic spying program and global junk US crypto standards.

Google News Sci Tech: NSA denies report that it knew about Heartbleed from the start [Updated] - Ars T->

From feed by feedfeeder

Ars Technica

NSA denies report that it knew about Heartbleed from the start [Updated]
Ars Technica
Citing two anonymous sources “familiar with the matter,” Bloomberg News reports that the National Security Agency has known about Heartbleed, the security flaw in the OpenSSL encryption software used by a majority of websites and a multitude of other...
NSA Denies Report It Knew About And Exploited Heartbleed For YearsForbes
NSA Denies Exploiting Heartbleed for Surveillance PurposesPC Magazine
NSA denies report it exploited Heartbleed for yearsUSA TODAY
Reuters-San Jose Mercury News-Wired
all 2,941 news articles

Link to Original Source

+ - Bloomberg News: NSA has been using HeartBleed for years->

Submitted by jasonla
jasonla (211640) writes "We all knew this was coming, right? From the article:

"The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said.""

Link to Original Source

+ - Snowden's purloined documents are now available online->

Submitted by Frosty Piss
Frosty Piss (770223) writes "The ACLU and others have long suspected that the National Security Agency has gone far beyond its mandate of gathering information for counter-terrorism and foreign intelligence purposes. Many Those suspicions were confirmed when, on June 5, 2013, The Guardian released the first in a series of documents provided by Edward Snowden detailing the NSA's unlawful spying activities. All of the documents released since that day, both by the media and the government, are housed in a database maintained by the ACLU and accessible by the public on-line."
Link to Original Source

Comment: Re:I take it this is a server concern (Score 1) 303

by AHuxley (#46690645) Attached to: OpenSSL Bug Allows Attackers To Read Memory In 64k Chunks
It really depends on the end game for *you*.
Client data might be used for "full spectrum" efforts e.g. propaganda, deception, mass messaging, pushing stories, spoofing, alias development or psychology.
i.e. the service you use is weekend.
The other aspect is how many groups knew of this crypto trick? The US and just a few friendly govs, their staff, their contractors and any ex staff or staff open to faith or cash needs.
Just another way in :)

+ - "NSA-Proof" Apps Actually Funded by US Government->

Submitted by Anonymous Coward
An anonymous reader writes "Right after the NSA spying scandal broke, people searched for programs that promised to help fight against mass surveillance. Maybe it was too good to be true? It turns out that Cryptocat, RedPhone, TextSecure, and many others are actually funded by the US government as part of its "democracy promotion" programs. How many more "Cuban twitters" are there?"
Link to Original Source

Comment: Re:Things are starting to turn around (Score 1) 303

by AHuxley (#46690549) Attached to: OpenSSL Bug Allows Attackers To Read Memory In 64k Chunks
Re " both models have advantages and disadvantages depending on what the product is, the size of its market, the type of market, etc. and sometimes those advantages can't even be realised"
The problem with a closed source effort is what we saw with Prism
The legal system and dev staff stay with the closed source product.
With open source code - when an issue is found days, months, years later it can be corrected, fully understood and fed back into further world wide crypto education.
The other option is to trust known weakened corporate encryption over many new versions and have faith in their legal teams ... just like you did the first few times...
The other emerging aspect is that of US National Security Letters (NSL) for ongoing bulk collection 'efforts' vs a more global open source code.
After Snowden many more people will be looking at crypto, with open source code someone might be able to offer reviewed, tested fixes to junk standards.

Comment: Re:Please NOTE... (Score 1) 141

Thats the question, with todays computerized lists, decades of state and federal informants, interconnected fusion centres and war hardened troops all that you need is flimsy legality of local door to door searches.
A knock on the door to surrender all now listed 'illegal' hardware. A truck waiting for a drive to a local reeducation camp would be quick solution for many.
Any people not understanding the lawful request to comply would be re interviewed and their complex views taken into consideration by teams with different skills.
At a later time flat empty blocks of land will become available at affordable prices for redevelopment with local tax breaks.
The past owners having moved away during difficult economic times a few years ago...

Comment: Re:Need to follow the proper approach (Score 1) 141

A few different groups tried that with very skilled lawyers and had some success.
The problem now is a new legal limbo - you can have all the Fourth Amendment you want but NSA color of law efforts have ensured your US domestic/international network use fair game.
Your legal protections cannot be weakened, removed and still stand but the NSA seems to have ensured no timely legal remedy from a vast long term illegal domestic surveillance network.
Many people saw a vast illegal domestic surveillance network forming as a US digital Berlin Wall and hoped they would end up the west with court rulings.
With US legal indifference to an illegal domestic surveillance network and no firm legal support on the Fourth Amendment: welcome to the new legal selective, color of law side of US history.

+ - Crypto Wars ..->

Submitted by Anonymous Coward
An anonymous reader writes "In the 1970s, a group of quirky academics and scientists came up with a means of providing encryption to the masses. America’s National Security Agency went to war with them – doing its best to suppress the emerging technology of public encryption. In the 1990s the US government pushed to have every computer and phone installed with something called a ‘clipper’ chip which would allow the government to break encryption if needed – effectively a back door for the state. They lost that battle and so what we have learnt from the Snowden leaks is how they tried to work round encryption by hacking into companies and other spy-type methods to retain their edge."
Link to Original Source

Comment: Re:Sure, but... (Score 1) 392

by AHuxley (#46665911) Attached to: How Many People Does It Take To Colonize Another Star System?
You have a some very old royal bloodlines that tried interesting ways to keep 'pure'.
You had some very smart, wealthy bloodlines that tried interesting ways to keep in their structure close and preserve/enhance expected positive traits.
You now have a few faiths and cults who dont mix very much and shame/demand their communities stay very local :)
Over generations you see a few hints at really rare, diverse medical conditions become more common and needing longterm care and medical experts.

There are worse things in life than death. Have you ever spent an evening with an insurance salesman? -- Woody Allen