Posts by Paul Campbell
Last ←Newer Page 1 2 3 4 5 Older→ First
-
Um oh look, over there, terrorists! (pay no attention to the GCSB behind the curtain) ...
-
well roll on IPV6 static IPs and crypto for all
-
Because few people do their own car maintenance - I'm sure there still is spark plug advertising somewhere but directed tightly at mechanics
-
Hard News: The Real Threat, in reply to David Hood,
The latest NSA from The Gaurdian I assume the New Zealand server is misplaced a little, unless it really is in Queenstown.
More important is the claim that they are basically recording all TCP sessions, recognising the SMTP (email) ones, reassembling the packets into emails and storing them indexed into a database by email address so that they can troll through them later. The same happens for web accesses.
I suspect the red spot tagged as being in NZ is really sitting on NZ in general and implies that theres some peering spot somewhere (or some spots) where they have this equipment installed (like the prism in the fibre in the AT&T exchange in SF).
Maybe the real reason why we have such limited bandwidth to the rest of the world is because the GCSB back channel to the NSA database is using of the same order of magnitude of bandwidth as the rest of us.
You can see now why they're so paranoid about Huawei equipment appearing in country backbones - not only are they worried about competition in the spying biz but they're also worried that their own spying would be compromised.
-
Hard News: The Real Threat, in reply to BLiP,
John Key's GCSB lies . . . to date:
BLiP: check out how to make a link here at the bottom of the page
-
heh - it's usually more a response to "why don't you do this on line?" - if they were that smart they'd probably realise that continually asking that question probably wasn't particularly encouraging of their long term future job prospects.
Seriously though telling someone at the bank "there's a hole in the side of your ATM, people can reach in and grab fistfulls of money" is likely to be reported upwards and something done about it. "People can break in to your phone system when you call the central office and record account numbers, passwords, security questions, etc then make the same calls themselves looking as if they were talking from your phone" probably should too.
-
I see Anonymous has taken down a bunch of Nat web sites - I bet there will be lots of gnashing of teeth, outraged people complaining about evil organisations hacking into people's website .... completely unaware of the irony
-
yeah what we really need is a secure, decentralised, easy key distribution system - as you point out currently it's a pain
The problem is that the current centralised system takes care of much of what we need quietly behind our backs but it provides a single point of failure that allows for the possibility that someone can forge my bank's public key - really I should be snarfing my bank's key off of my ATM card, or grabbing it directly at the bank rather than depending on some third party to provide the infrastructure.
Every couple of months I have a conversation with a bank teller pointing out that I have no way to know whether their banking web site is safe to use - they usually dismiss my complaints .... then I point out that the DECT phone that they just used to talk over their secure phone system is easily hackable and was broken years ago (I implement DECT for a living) - I've been pointing this out for years now but they haven't reverted to corded phones yet
-
I don't disagree - but making life difficult for the spooks by requiring them to do much more intrusive things (like demanding certs or backdoors into web sites) rather than just sitting there quietly and reassembling our packets and interpreting them in their own paranoid ways (think of it as a game of "telephone" with consequences) without out us having any knowledge it's even going on.
We've known about thing like the San Francisco AT&T internet tap (where the NSA takes a copy of every packet passing through that exchange) for several years now, Snowden tells us it's wider and more pervasive that we ever imagined. I have no controls over how my packets, my voip calls, my web accesses, etc get to the UK or Europe - I can't choose an ISP who promises not to send them through the US or through a switch tapped by the NSA - but what I can do is encrypt my packets, hopefully putting them in the "too hard" basket for casual NSA snooping.
I tossed Skype last week after we learned that Microsoft was enabling supposedly encrypted calls - peer-to-peer is the way to go - anything with a centralised service can be compromised by spooks quoting secret laws - luckily the crypto cat is out of the bag and we can all find our own secret large primes.
-
So the obvious answer to GCSB snarfing all our packets is crypto everywhere - or HTTPS everywhere - Russell can we all chip in and buy Public Address a key?
Someone also suggested on Saturday at Parliament that we should commit a DOS upon the GCSB through the FOIA - keep them busy so they're too busy to spy on us - I for one am dieing to know just how many sheets of toilet paper they have used this month