OnPoint: BTW, the NZ Police can use PRISM against you now
85 Responses
First ←Older Page 1 2 3 4 Newer→ Last
-
nzlemming, in reply to
I may have paid off the mortgage on my 1/4 acre and 1970s assortment of sticks and jib, too, which will be worth approximately 50 million dollars.
Don't worry, you'll still have your student loan to keep you warm. Even if you never took one out...
-
Sacha, in reply to
unwilling students of history, all
-
Martin Lindberg, in reply to
Now how do I choose an ISP who publishes their router source?
That may not matter if you have a Lenovo PC anyway.
-
well of course they are, they keep putting Windows on them
-
Matthew Poole, in reply to
MI6 and MI5 ‘refuse to use Lenovo computers’ over claims Chinese company makes them vulnerable to hacking
The discovery has led to a written banning order being issued among the “Five Eyes” alliance of British, American, Australian, Canadian and New Zealand eavesdropping agencies, including the US National Security Agency, according to the respected Australian Financial Review.
It's all of Five Eyes, not just the UK, courtesy of the inter-agency links which exist, according to the AFR article. It's only applicable to environments which handle classified material, but it's still interesting. Given that the acceptable alternative manufacturers - the AFR says Dell and HP are allowed - make extensive use of Chinese-manufactured hardware, it seems somewhat cosmetic.
-
Steve Barnes, in reply to
MI6 and MI5 ‘refuse to use Lenovo computers’ over claims Chinese company makes them vulnerable to hacking
Like Duh! Oceania has always been at war with East Asia, get with the program kiddo.
And... American computers are so doubleplus good that those inferior Asian units don't stand a chance of corrupting the pure Arian super computers made by Dell and HP.
Be seeing you. -
Matthew Poole, in reply to
And relatedly, kinda, Snowden's latest document leak is part of the US-FY13 "Black Budget" document that goes to the Congressional Budget Office. Highly-classified doesn't quite adequately describe something which is only meant to be seen by US citizens who hold Top Secret clearance with Sensitive Compartmented Information access to the entirety of US satellite-based and terrestrial intelligence-gathering programmes.
This release breaks down where the money goes within the spooky parts of the US government. It's a $56.2b budget!I don't think Snowden has released anything else which is meant to be this tightly controlled (other TS material, yes, but nothing else that's NOFRN SCI). He clearly wasn't kidding about a mere system administrator having the keys to the kingdom.
-
And another bit of cosmetology I noticed with that Independent article:
the state-backed technology company
and:
It is the latest company with links to the Chinese state to fall foul of concerns about its hardware
Suitably scared yet? Because here's the state backing:
Lenovo, which is based in Beijing, is indirectly backed by the Chinese state. The Chinese Academy of Sciences, a public body, owns more than a third of Legend Holdings, which in turn owns 34 per cent of the computer company and is its biggest shareholder.
Oh. So by the same logic, I'm an agent of the Chinese state. Quick, rend me extraordinarily, extract all my secrets. At least Huawei has the decency to have an honest-to-God ex-military man as founder.
-
Rich of Observationz, in reply to
I have a Raspberry PI and a Beagleboard on my desk: both are British system integration, British CPU architecture, open-source everything from the bootrom up, US chipset and physically stuck together in China. (NZ designed and built case, too)
Also, simple enough that the community would probably find any trapdoors - especially on the Beagleboard which has a documented Ti chipset, not that NDAed Broadcom crap.
Maybe that's why I had to sign an agreement not to use the Beagleboard to make WMD before Element14 would ship it.
-
And on my desk is a pile of NZ designed, NZ built, boards also with TI hardware - I have to sign that same agreement to get the chips (AES, and I use it, even though we're just building a mesh net to monitor stoat traps) - the rules are slightly silly - I'm allowed to send the chips to China for assembly provided I ship the result somewhere else, but I'm not allowed to sell them to the Chinese military
I can buy the same chips cheaper and without signing the disclaimer on Alibaba ....
Meanwhile the bespoke AES chip market (bitcoin) seems to be taking off
The people who make these silly rules don't really care, they just like being able to make people's lives more difficult
-
Ian Dalziel, in reply to
needs mustelidae...
...even though we’re just building a
mesh net to monitor stoat trapsWhat a cunning plan, to hide in plain sight as you beaver away on your plans for a breakaway Southern Tartan 'Stoat-tally-tarian Matrix '...
;- )
-
well there's that whole low power only good for a km or so thing and the fact that this will be an all solar net only running for a few minutes a day on the smell of an oily rag in a bush filled valley .... it's going to be a very sparse matrix
-
Steve Barnes, in reply to
. it’s going to be a very sparse matrix
That's Stoatally amazing, was it weasely implimented?.
(he asked, on his Lenovo) -
While it's already possible to securely encrypt email using public key encryption, as Keith is demonstrating, it's still a pain. The good thing about the revelations around NSA et al is that this has created a much greater public interest in security. So now there is a need for an easier way to secure communications.
Inventing geeks to the rescue:
Developers Scramble to Build NSA-Proof Email
In surveillance era, clever trick enhances secrecy of iPhone text messagesAlso, here's a cool stick-figure presentation of the background and implementation of AES. Good if you are interested in the mathematics behind cryptography (and let's face it - who isn't?)
A Stick Figure Guide to the Advanced Encryption Standard (AES)
-
Ian Dalziel, in reply to
A Stick Figure Guide to the Advanced Encryption Standard (AES)
<snap>
I was just about to re-aggregate that from boing boing myself!
:- ) -
the machines did it!
Keith, looks like another Gov't dept is experiencing computer problems...An immigration bungle in which a computer gifted an extra 120 people a place on a visa scheme has raised doubts about the Government's $80 million online visa programme.
Documents provided under the Official Information Act show demand for the Silver Fern job search visa this year was so high that the system jammed, allowing 420 potential migrants to grab a place, despite the visa being capped at 300 people.
And the privacy of at least nine people was breached during the hectic online application process, about which Immigration New Zealand fielded dozens of complaints. -
Scarier is "N.S.A. Foils Much Internet Encryption" - it's hard to tell exactly what they're saying there, but it seems to hint to me that SSL is toast.
-
I'm seriously hoping that someone in NSA/GCHQ/GCSB gets caught in massive financial fraud soon:
- grabbing credit card transactions
- grabbing online banking logins
- some other type of couffablingI imagine this must be happening on some scale and being covered up, but it might wake up the sheeple if they find government employees have been stealing their bank account contents
-
one has to assume that some percentage of everyday spam is the NSA trying to grow their stable of pwned machines
-
Matthew Poole, in reply to
it seems to hint to me that SSL is toast.
SSL has been toast for a long time. TLS wasn’t created just for the sake of it, and TLS1.0 is already considered insecure.
-
What we really need are some great mathematicians who aren't beholding to anyone
-
Bruce Schneier is a little pissy ....
"To the engineers, I say this: we built the internet, and some of us have helped to subvert it. Now, those of us who love liberty have to fix it."
word
-
Matthew Poole, in reply to
it’s hard to tell exactly what they’re saying there, but it seems to hint to me that SSL is toast.
Cryptographers have long suspected that the agency planted vulnerabilities in a standard adopted in 2006 by the National Institute of Standards and Technology, the United States’ encryption standards body, and later by the International Organization for Standardization, which has 163 countries as members.
Classified N.S.A. memos appear to confirm that the fatal weakness, discovered by two Microsoft cryptographers in 2007, was engineered by the agency. The N.S.A. wrote the standard and aggressively pushed it on the international group, privately calling the effort “a challenge in finesse.”
That section implies that it's not SSL which is toast, because SSL 3.0 was first released in draft in 1996. The implication is that it's TLS 1.1 which is compromised. And that's a big, big deal, because TLS 1.2 is only just starting to be fully supported by clients (and isn't supported by a lot of older server platforms. Like, nothing from MS prior to Server 2008R2, which was released in 2010).
-
It is telling that the NSA approves particular combinations of public security protocols for securing information up to and including material classified as Top Secret. Historically they have only approved black-box crypto systems for such material. If they are prepared to allow US national security material to use these protocols, the protocols are probably not insecure-by-design; the NSA is perfectly happy to read everyone else's traffic, but they're really unhappy about the converse being true.
-
Interesting as to whether it's a component or system-wide crack. Factoring public keys would give them full access to anything under than private key, while cracking the conventional crypto would have to be run for every session and any sort of active attack on the protocol (like MITM) would be detectable.
securing information up to and including material classified as Top Secret
Or the US is willing to risk foreign agencies reading their Top Secret traffic in return for access to everyone's personal email? Maybe they take the view that even if the Russians know the location of every Trident sub, they probably won't be starting a nuclear war anytime soon.
Post your response…
This topic is closed.