September 7, 2013 archive

Cross posted from The Stars Hollow Gazette

In a joint report by The Guardian, the New York Times, and ProPublica, courtesy of the documents leaked by Edward Snowden, it was revealed how the NSA and British GCHQ broke encryption to unlock unlock encryption used to protect emails, banking and medical records. The detailed article describes how the program, called “Bulrun,” foils the safeguards of our internet privacy:

The agency, according to the documents and interviews with industry officials, deployed custom-built, superfast computers to break codes, and began collaborating with technology companies in the United States and abroad to build entry points into their products. The documents do not identify which companies have participated.

The N.S.A. hacked into target computers to snare messages before they were encrypted. In some cases, companies say they were coerced by the government into handing over their master encryption keys or building in a back door. And the agency used its influence as the world’s most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world.

A cryptographer and research professor at Johns Hopkins University, Michael Green summerizes some of the “bad things” that the NSA and GCHQ have been doing with the joint cost of $250 million per year:

   (1.) Tampering with national standards (NIST is specifically mentioned) to promote weak, or otherwise vulnerable cryptography.

   (2.) Influencing standards committees to weaken protocols.

   (3.) Working with hardware and software vendors to weaken encryption and random number generators.

   (4.) Attacking the encryption used by ‘the next generation of 4G phones‘.

   (5.) Obtaining cleartext access to ‘a major internet peer-to-peer voice and text communications system’ (Skype?)

   (6.) Identifying and cracking vulnerable keys.

   (7.) Establishing a Human Intelligence division to infiltrate the global telecommunications industry.

   (8.) And worst of all (to me): somehow decrypting SSL connections.

Columnist on civil liberties and U.S. national security issues for The Guardian, Glenn Greenwald discussed this latest revelation with Amy Goodman and Juan González of DemocracyNow!.

“It’s what lets you enter your credit card number, check your banking records, buy and sell things online, get your medical tests online, engage in private communications. It’s what protects the sanctity of the Internet.” [..]

“The entire system is now being compromised by the NSA and their British counterpart, the GCHQ,” Greenwald says. “Systematic efforts to ensure that there is no form of human commerce, human electronic communication, that is ever invulnerable to their prying eyes.”

Security technologist and a fellow at the Berkman Center for Internet and Society at Harvard Law School, Bruce Schneiner said, in an article at The Guardian, that the public has been betrayed by the US government and that the NSA has undermined the social contract with the public. He proposes that since it was engineers who built the internet, it is time that they “fix it”.

One, we should expose. If you do not have a security clearance, and if you have not received a National Security Letter, you are not bound by a federal confidentially requirements or a gag order. If you have been contacted by the NSA to subvert a product or protocol, you need to come forward with your story. Your employer obligations don’t cover illegal or unethical activity. If you work with classified data and are truly brave, expose what you know. We need whistleblowers. [..]

Two, we can design. We need to figure out how to re-engineer the internet to prevent this kind of wholesale spying. We need new techniques to prevent communications intermediaries from leaking private information.

We can make surveillance expensive again. In particular, we need open protocols, open implementations, open systems – these will be harder for the NSA to subvert.

Prof. Schneiner also offers a guide to staying secure and gives five piece of advice:

1) Hide in the network. Implement hidden services. Use Tor to anonymize yourself. Yes, the NSA targets Tor users, but it’s work for them. The less obvious you are, the safer you are.

2) Encrypt your communications. Use TLS. Use IPsec. Again, while it’s true that the NSA targets encrypted connections – and it may have explicit exploits against these protocols – you’re much better protected than if you communicate in the clear.

3) Assume that while your computer can be compromised, it would take work and risk on the part of the NSA – so it probably isn’t. If you have something really important, use an air gap. Since I started working with the Snowden documents, I bought a new computer that has never been connected to the internet. If I want to transfer a file, I encrypt the file on the secure computer and walk it over to my internet computer, using a USB stick. To decrypt something, I reverse the process. This might not be bulletproof, but it’s pretty good.

4) Be suspicious of commercial encryption software, especially from large vendors. My guess is that most encryption products from large US companies have NSA-friendly back doors, and many foreign ones probably do as well. It’s prudent to assume that foreign products also have foreign-installed backdoors. Closed-source software is easier for the NSA to backdoor than open-source software. Systems relying on master secrets are vulnerable to the NSA, through either legal or more clandestine means.

5) Try to use public-domain encryption that has to be compatible with other implementations. For example, it’s harder for the NSA to backdoor TLS than BitLocker, because any vendor’s TLS has to be compatible with every other vendor’s TLS, while BitLocker only has to be compatible with itself, giving the NSA a lot more freedom to make changes. And because BitLocker is proprietary, it’s far less likely those changes will be discovered. Prefer symmetric cryptography over public-key cryptography. Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can.

These are some of the programs he has been using: GPG, Silent Circle, Tails, OTR, TrueCrypt, BleachBit and Password Safe. He also advises the use of a Linux operating system.

Obama asks Congress for Syria AUMF (Are U MoFo’s going to take this off my hands?)

Bernhard at MoonofAlabama remains a continual flow of common sense with respect to US foreign policy, strangely similar to Herr Daniel Larison, in some ways.  I really don’t care about their conservative or liberal affiliations and credentials.  They both sound right to me on most occasions.

Apparent jackass, Laura Rozen had this to say of MoA’s analysis of Syria:    

Laura Rozen ?@lrozen

look moon you wld like nothing better than russia & iran & china architects of global order. “@MoonofA:

To which billmon sed:

billmon ?@billmon1

@MoonofA @lrozen Scratch a “liberal” interventionist, find Joe McCarthy hiding underneath.

Sure enough.  I’m still looking at you, driftglass, even tho’ you disavowed intervention in Syria, I am still looking at you.  And booman, yeppers.  I’m looking at you both with one eye.  

You are the people for whom the term, “cruise missile liberals,” was invented.  You and John Kerry…and the Muslim Kenyan Usurper Hawaiian Devil Baby, Barack Obama.

Instead I’d suggest trying Living in Truth:

Vaclav Havel: Living in Truth:

(The power of living in truth) does not reside in the strength of definable political or social groups, but chiefly in a potential, which is hidden throughout the whole of society, including the official power structures of that society. Therefore this power does not rely on soldiers of its own, but on soldiers of the enemy as it were-that is to say, on everyone who is living within the lie and who may be struck at any moment (in theory, at least) by the force of truth (or who, out of an instinctive desire to protect their position, may at least adapt to that force). It is a bacteriological weapon, so to speak, utilized when conditions are ripe by a single civilian to disarm an entire division…. This, too, is why the regime prosecutes, almost as a reflex action, preventatively, even modest attempts to live in truth (p.23).

forgive me for not providing links.  I’m very, prohibitively tired and time-constrained, wishing you all the best.

Move over latte art, it’s all about toast art now!

The newest food decorating trend to come out of Japan since latte art is, surprisingly, toast art. But this isn’t just any plain old toast with butter and maybe a swirl of jam that vaguely resembles a smiley face (but I still appreciate all those years of happy toast, mom!). No, the toast decorations created by Twitter user ginkei_18 are embellished with popular anime characters from Free!, Uta no Prince-sama, Gin Tama and Attack on Titan. Even if you don’t recognize any of the characters, ginkei_18′s ability to skillfully draw directly onto a piece of bread is amazing.

First up, characters from Free!, an anime television series that follows the members of a high school swimming club:

Amy Lieberman has been covering the danger inherent in being a transgender woman for a few years now for women’s eNews.  Most recently she has been in Mexico, delving into the consequences when a transwoman is deported back to Mexico.

Mexico is one of the world’s most dangerous places to be transgender.  But as lawmakers try to change that, transgender women who are deported confront a social backlash that makes their homeland more fearful than ever.

If you pass inside, you will likely find yourself decrying the way Mexican transgender women are treated.  But you should be aware that it is not all that much different than transwomen are treated in the US.