December 30, 2014 archive

Have A Private New Year

One of the key components of a secure and private Internet connection is The Onion Relay Project, commonly known as Tor after its browser, a variation of the popular open source Firefox.

Recently the FBI announced that it had arrested 17 people and brought down over 400 sites including the infamous “Silk Road 2.0”.

Does that mean Tor is broken?  Not so much apparently.

Did the FBI Break Tor?

By Naomi Gingold, Slate

Dec. 8 2014 8:49 AM

This past July Tor announced it had shut down a five-month-long combined “Sybil” and “traffic confirmation attack,” allegedly carried out by researchers at CERT, a computer security research institute at Carnegie Mellon University.



A traffic confirmation attack is one of the most well-known ways to assault Tor. To carry it out, you need to be able to control the first and last relays of Tor circuits. Once in control, you secretly tag data packets when they enter the network and check those tags when they exit. This way you can figure out who is talking to whom.

A common way to gain control of those relays is through a “Sybil attack,” where you flood the system with your own relays, so that you can dominate parts of the network. (Recent research shows that it’s not that expensive to do this; after all, there are only 6,000-plus relays currently on Tor.) This Sybil attack exploits an inherit vulnerability of Tor’s design: its reliance on volunteers to create the network.

As it turns out the FBI was able to make these cases through traditional police methods (finding a weak link in the organization and threatening and lying to them in order to get them to implicate others).  However another group, the Lizard Squad (best known for hacking game servers and consoles), has also been attempting to compromise Tor security using a Sybil attack.

The Attack on the Hidden Internet

Marc Rogers, The Daily Beast

12/29/14

Most recently, it’s Tor’s ability to provide websites with a private “onion” address that has been hitting the headlines. “Onion” addresses are private addresses that can only be reached after connecting through Tor’s layers of anonymity. Ordinary Web browsers can’t see the site, in other words-protecting it from government censors. Seen both as a way to make websites used by activists accessible in countries governed by hostile regimes and as a way to host websites carrying illegal products and services, this part of the Tor network is now known as a central component of the “darknet” or “deep web.”



Over the space of a few hours on Friday, Lizard Squad registered a little more than 3,000 Tor relays. Relays are special computers that Tor uses to anonymously transmit traffic across the Internet. Comprised entirely of volunteered machines, the larger and more distributed this network of relays is, the better for the network and its users. So it’s understandable that the Tor folks wanted to make it as easy as possible to add new relays to the network, allowing it to grow. However, it appears it is this very open nature that the Lizard Squad is attempting to exploit.



Networks like Tor have long been considered to be vulnerable to an attack known as a “Sybil” attack, named after the famous 1973 book about the woman suffering from multiple personality disorder. The attack relies on flooding the network with fake nodes, or identities, until enough of them are present that the operator of those fake nodes can use them to influence or control the network. It’s like poisoning a party by overloading it with assholes.

Just how many fake nodes would be needed in order to pull off a successful Sybil attack against Tor is not known. Luckily, Tor was prepared for this sort of assault, and has built-in defenses to protect against it.

Tor’s administrators have to allow new nodes to connect and play a trusted role in the network. So to enable this while protecting the network, it has a system of evaluation that cycles the new node through several distinct phases before loading it up with traffic. This means that for the first few days the node essentially sees no traffic until the network is confident about it and its reliability.

As a result, while the 3,021 nodes added by Lizard Squad looked like a significant chunk of Tor’s more than 6,000-node network, they actually carried less than 1 percent of Tor’s traffic. Most importantly, they were all deleted long before that percentage could rise any higher. So, while Lizard Squad’s latest attack against the Internet’s most important anonymity network is troublesome, it was also completely harmless-this time. There is a lot of residual concern that Lizard Squad was able to get even this far. One of the biggest concerns is that if they had been more patient and subtler about how they executed this attack, it’s possible that they could have added relays slowly, across a wide range of networks, in such a way that they became trusted integral parts of the Tor network. At that point, who knows what they could have been capable of.

Even so the Tor browser when properly used and end-to-end encryption are the best way to protect yourself against casual snooping, including by Government Agencies.  How do we know this?   buy injectable prednisone Der Spiegel has just published a piece based on the Snowden Papers showing the “threat” (meaning difficulty in illegally spying on you) the NSA considers various practices and programs.

Prying Eyes: Inside the NSA’s War on Internet Security

By Jacob Appelbaum, Aaron Gibson, Christian Grothoff, Andy Müller-Maguhn, Laura Poitras, Michael Sontheimer and Christian Stöcker, Der Spiegel

12/28/14

For the NSA, encrypted communication — or what all other Internet users would call secure communication — is “a threat”. In one internal training document viewed by SPIEGEL, an NSA employee asks: “Did you know that ubiquitous encryption on the Internet is a major threat to NSA’s ability to prosecute digital-network intelligence (DNI) traffic or defeat adversary malware?”



The Snowden documents reveal the encryption programs the NSA has succeeded in cracking, but, importantly, also the ones that are still likely to be secure. Although the documents are around two years old, experts consider it unlikely the agency’s digital spies have made much progress in cracking these technologies. “Properly implemented strong crypto systems are one of the few things that you can rely on,” Snowden said in June 2013, after fleeing to Hong Kong.



As one document from the Snowden archive shows, the NSA had been unsuccessful in attempts to decrypt several communications protocols, at least as of 2012. An NSA presentation for a conference that took place that year lists the encryption programs the Americans failed to crack. In the process, the NSA cryptologists divided their targets into five levels corresponding to the degree of the difficulty of the attack and the outcome, ranging from “trivial” to “catastrophic.”



Things first become troublesome at the fourth level. The presentation states that the NSA encounters “major” problems in its attempts to decrypt messages sent through heavily encrypted email service providers like Zoho or in monitoring users of the Tor network*, which was developed for surfing the web anonymously. Tor, otherwise known as The Onion Router, is free and open source software that allows users to surf the web through a network of more than 6,000 linked volunteer computers. The software automatically encrypts data in a way that ensures that no single computer in the network has all of a user’s information. For surveillance experts, it becomes very difficult to trace the whereabouts of a person who visits a particular website or to attack a specific person while they are using Tor to surf the Web.

The NSA also has “major” problems with Truecrypt, a program for encrypting files on computers. Truecrypt’s developers stopped their work on the program last May, prompting speculation about pressures from government agencies. A protocol called Off-the-Record (OTR) for encrypting instant messaging in an end-to-end encryption process also seems to cause the NSA major problems. Both are programs whose source code can be viewed, modified, shared and used by anyone. Experts agree it is far more difficult for intelligence agencies to manipulate open source software programs than many of the closed systems developed by companies like Apple and Microsoft. Since anyone can view free and open source software, it becomes difficult to insert secret back doors without it being noticed. Transcripts of intercepted chats using OTR encryption handed over to the intelligence agency by a partner in Prism — an NSA program that accesses data from at least nine American internet companies such as Google, Facebook and Apple — show that the NSA’s efforts appear to have been thwarted in these cases: “No decrypt available for this OTR message.” This shows that OTR at least sometimes makes communications impossible to read for the NSA.

Things become “catastrophic” for the NSA at level five – when, for example, a subject uses a combination of Tor, another anonymization service, the instant messaging system CSpace and a system for Internet telephony (voice over IP) called ZRTP. This type of combination results in a “near-total loss/lack of insight to target communications, presence,” the NSA document states.

ZRTP, which is used to securely encrypt conversations and text chats on mobile phones, is used in free and open source programs like RedPhone and Signal. “It’s satisfying to know that the NSA considers encrypted communication from our apps to be truly opaque,” says RedPhone developer Moxie Marlinspike.

Also, the “Z” in ZRTP stands for one of its developers, Phil Zimmermann, the same man who created Pretty Good Privacy, which is still the most common encryption program for emails and documents in use today. PGP is more than 20 years old, but apparently it remains too robust for the NSA spies to crack. “No decrypt available for this PGP encrypted message,” a further document viewed by SPIEGEL states of emails the NSA obtained from Yahoo.

Phil Zimmermann wrote PGP in 1991. The American nuclear weapons freeze activist wanted to create an encryption program that would enable him to securely exchange information with other like-minded individuals. His system quickly became very popular among dissidents around the world. Given its use outside the United States, the US government launched an investigation into Zimmermann during the 1990s for allegedly violating the Arms Export Control Act. Prosecutors argued that making encryption software of such complexity available abroad was illegal. Zimmermann responded by publishing the source code as a book, an act that was constitutionally protected as free speech.

PGP continues to be developed and various versions are available today. The most widely used is GNU Privacy Guard (GnuPG), a program developed by German programmer Werner Koch. One document shows that the Five Eyes intelligence services sometimes use PGP themselves. The fact is that hackers obsessed with privacy and the US authorities have a lot more in common than one might initially believe. The Tor Project, was originally developed with the support of the US Naval Research Laboratory.

Today, NSA spies and their allies do their best to subvert the system their own military helped conceive, as a number of documents show. Tor deanonymization is obviously high on the list of NSA priorities, but the success achieved here seems limited. One GCHQ document from 2011 even mentions trying to decrypt the agencies’ own use of Tor — as a test case.

To a certain extent, the Snowden documents should provide some level of relief to people who thought nothing could stop the NSA in its unquenchable thirst to collect data. It appears secure channels still exist for communication. Nevertheless, the documents also underscore just how far the intelligence agencies already go in their digital surveillance activities.

Having used Tor on an experimental basis I’ll tell you the experience is very much like moving from 98 SE to XP 64 in that it’s mostly notable for the many things you used to do and programs that used to work that simply don’t anymore because they’re insecure.  Now this is either an insurmountable hardship for you or it isn’t.  I’ve found that as time progresses I have less and less use for my old stuff which I still have available anyway on my dusty machines that worked until I turned them off.

John Oliver: New Year’s Eve

In a New Year’s Eve message, Jon Oliver pops in with a youtube “greeting,” explaining why New Year’s is the worst and how to get our of any party you may have the misfortune to have been invited.

Happy New Year from all of us at The Stars Hollow Gazette and Docudharma.

The End of the Grimm Affair

Finally accepting his untenable position to remain in office, tough guy, Representative Michael Grimm (R-NY11) has decided to resign his House seat sparing the people of Staten Island and Brooklyn the embarrassment of having a convicted felon representing them. Mr. Grimm spoke yesterday with House Speaker John Boehner (R-OH) who obviously laid out the grim options (pardon the pun).

House rules dictate that a member convicted of a crime for which a prison sentence of two years or more may be imposed should not participate in committee meetings or vote on the floor until winning re-election. The stricture could have left Mr. Grimm’s 11th district effectively disenfranchised until 2016.

After sources leaked the news of the resignation to see The New York Daily News early Monday, Mr. Grimm released a statement at midnight that he had changed his mind and would not stay in Congress, stating that he would resign on January 5th.

New York Governor Andrew Cuomo will set a date for a special election.

The judge should throw the book at him for deceiving the voters and using his office as a bargaining chip for a lighter sentence, as expalained by Blake Zeff at Salon:

It will take some time, specifically until the announcement of his criminal sentence, to fully appreciate the snow job Michael Grimm just pulled on Staten Island voters. But we already know plenty enough to call it a criminal’s virtuoso parting heist.

Grimm, you’ll recall, ran for reelection last month as a two-term GOP incumbent in socially conservative Staten Island, with a 20-count indictment on his back. The charges, largely misunderstood by the voters (and media, for that matter), essentially amounted to this: He ran a restaurant some years back, and in an effort to skirt payroll taxes, paid workers under the table and submitted a fake payroll to the feds. He was then caught lying about it when a “real” payroll was discovered by prosecutors in his computer records.

This last part is important because it tells you what Grimm knew: he had lied to federal officers (a crime that never gets ignored), and they had the goods on him. In other words, he was very likely going to prison – and he knew it. [..]

The congressman was clearly never going to serve out his term, nor would he take his case to trial, as he had assured voters.

But he had a very good reason to convince voters otherwise.

If you’re headed to prison but want to cop a deal with the feds, you need a chip you can bargain in exchange for a lighter sentence. And for a politician, there are few chips more valuable than a seat you can resign. If Grimm lost his race last November, he’d have been a disgraced former congressman with no seat to give up and, likely, real prison time. If he won, he’d have the golden House seat to drop in exchange for – he hoped – leniency.

It is the acquisto viagra NYT article best sums up the end of this sad affair:

Whoever takes Mr. Grimm’s seat will be unlikely to match his track record as a source of national fascination, or satire. A tough-talking politician with a clenched jaw and an intense stare, a fondness for dark-tailored suits and Brooklyn wine bars, Mr. Grimm brought with him a reputation for controversy, including the time – back in his law enforcement days – when he reportedly waved a gun around a Queens nightclub. He carried himself with a bravado that was on display until the end.

Mr. Grimm knew this was coming when he was indicted for tax evasion last April. Instead of admitting it then and withdrawing from the race, he decided to arrogantly stand his ground and lie about his guilt, bringing unwanted attention to Staten Island and, now, costing NY tax payers millions for a special election. Never mind the money that his supporters donated to his campaign, they should have seen the handwriting on the wall. The IRS and FBI do not bring these charges unless they can win. Remember Al Capone?

But too many Staten Island voters still love the tough guy image and swagger, hopefully this time they will make a better choice.

Cartnoon

The Breakfast Club (A Toast to Innocence)

Welcome to The Breakfast Club! We’re a disorganized group of rebel lefties who hang out and chat if and when we’re not too hungover  we’ve been bailed out we’re not too exhausted from last night’s (CENSORED) the caffeine kicks in. Join us every weekday morning at 9am (ET) and weekend morning at 10:30am (ET) to talk about current news and our boring lives and to make fun of LaEscapee! If we are ever running late, it’s PhilJD’s fault.

 photo 807561379_e6771a7c8e_zps7668d00e.jpg

This Day in History

Saddam Hussein is executed; Fire in Chicago kills 600 people; Vladimir Lenin proclaims the establishment of the Soviet Union; The United Auto Workers union stage their first “sit-down” strike; Musician Bo Diddley is born.

Breakfast Tunes

On This Day In History December 30

This is your morning finasteride women Open Thread. Pour your favorite beverage and review the past and comment on the future.

Find the past enter follow link “On This Day in History” here.

December 30 is the 364th day of the year (365th in leap years) in the Gregorian calendar. There is one day remaining until the end of the year.

Today history was made in in Parson’s Kansas where the last roll of Kodachrome was processed at Dwayne’s Photo Shop, the only Kodak certified processor of Kodachrome film in the world as of 2010. The final roll of 36-frame Kodachrome to be manufactured was tracked by National Geographic; it was shot by photographer Steve McCurry.

For Kodachrome Fans, Road Ends at Photo Lab in Kansas By A. G. Sulzberger

PARSONS, Kan. – An unlikely pilgrimage is under way to Dwayne’s Photo, a small family business that has through luck and persistence become the last processor in the world of Kodachrome, the first successful color film and still the most beloved.

That celebrated 75-year run from mainstream to niche photography is scheduled to come to an end on Thursday when the last processing machine is shut down here to be sold for scrap.

One of the toughest decisions was how to deal with the dozens of requests from amateurs and professionals alike to provide the last roll to be processed.

In the end, it was determined that a roll belonging to Dwayne Steinle, the owner, would be last. It took three tries to find a camera that worked. And over the course of the week he fired off shots of his house, his family and downtown Parsons. The last frame is already planned for Thursday, a picture of all the employees standing in front of Dwayne’s wearing shirts with the epitaph: “The best slide and movie film in history is now officially retired. Kodachrome: 1935-2010.”

A Color-Saturated Sun Sets on Kodachrome

I have fond memories of my 35mm Yashika and Canon cameras.

Late Night Karaoke

The NYPD Gets on My Last Nerve

source Cross posted from The Stars Hollow Gazette

First let me say this: Supporting the police while calling for reform and justice are not mutually exclusive. Lives matter, all of them. This is not a zero sum game. That said, some of the members of the NYC Police Department and the bigots that support the institutionalized racism of the agency have gotten on my last nerve.

The vast majority of police officers are good people, just as the vast majority of people who are protesting in the streets across this country are good people. But some of the leadership, politicians and talking heads in the mainstream media need to shut up and listen. The people of this country deserve to be heard. The heads of the police unions in NYC seem to have forgotten that they are the employees of the people of NYC. Mayor Bill de Blasio, who was elected by 74% of those who voted in November, is their boss. He was elected to reform an increasing out of control and militarized police department. He’s doing a good job. You can tell by the squealing of the racists who can’t see beyond their own hatred of people who just want to live in peace, make a decent living and raise their children in a safe city. People should not have to fear the police.

For the last 20 years under two Republican corporate administrations, the NYPD was expanded and given unprecedented powers. The commissioners that were appointed by Mayors Rudolph Guiliani and Michael Bloomberg, that includes the current commissioner William Bratton, ran the department like it was an army and felt that they were not accountable to its citizens. The policies of “Broken Glass” and its offshoot “Stop and Frisk” were inherently racist and have led to the feeling of distrust in the minority communities of the city. It has led to the abuse and deaths of mostly young men of color and, now, two good men, NYC police officers, have been assassinated by a deranged man seeking vengeance. The union heads, especially NYC Police Benevolence Association President Patrick Lynch, decided to make the death of Officers Rafael Ramos and Wenjian Lui a political football for their hurt feelings.

What is Lynch so fired up about? He is vilifying Mayor De Blasio because the mayor, as the parent of mixed race children, spoke the truth about what every parent of a child of color must tell them about the police:

“This is profoundly personal to me,” de Blasio said. “I was at the White House the other day, and the president of the United States turned to me, and he met Dante a few months ago, and he said that Dante reminded him of what he looked like as a teenager. And he said, ‘I know you see this crisis through a very personal lens.’ And I said to him, I did.”

De Blasio went on to note that he and his wife, Chirlane McCray, who is black, “have had to talk to Dante for years about the dangers that he may face.”

The mayor described his son as “a good young man, [a] law-abiding young man who would never think to do anything wrong” — but he noted that “because of a history that still hangs over us, the dangers he may face, we’ve had to literally train him, as families have all over this city for decades, in how to take special care in any encounter he has with the police officers who are there to protect him.” [..]

he mayor described “that painful sense of contradiction that our young people see first, that our police are here to protect us, and we honor that, and at the same time, there’s a history we have to overcome.”

“For so many of our young people, there’s a fear,” de Blasio said. “And for so many of our families, there’s a fear.”

It has been bad enough that since the mayor made that statement that Mr. Lynch went tirade in an attempt to make the police the victims and not the innocent people they have abused and killed. He and other members of the NYPD have only exposed their racism.

Besides the incredibly insulting act of turning their backs on Mayor de Blasio as he was leaving Woodhull Hospital after the deaths of the two officers, what got me really angry with these bigots were two incidents that showed just how completely ignorant some of the police really are. The first was this stupid and, very likely expensive stunt by an anonymous “group of current and retired NYC Police Officers, Detectives, and Supervisors”

Friday morning, a small plane flew over New York City with a banner attached that read: “De Blasio, Our Backs Have Turned to You.” The sign, a reference to some NYPD officers protesting against Mayor de Blasio following the shooting deaths of Wenjian Liu and Rafael Ramos last weekend, was the work of a “large and unified group of current and retired NYC Police Officers, Detectives, & Supervisors,” according to blogger and former cop John Cardillo. [..]

Ashley Chalmers, the owner of the plane, told the http://cinziamazzamakeup.com/?x=viagra-generico-50-mg-in-farmacia-senza-ricetta-pagamento-online-a-Napoli New York Daily News that the people who rented it “wish to remain anonymous,” though Cardillo said he was contacted by the NYPD group on Friday and asked to release a statement.

Stay classy, guys, exposing, not only your bigotry, but the need to learn to write a sentence.

Then while attending the funeral of Police Officer Rafael Ramos, some of the police officers decided it was the place to throw a temper tantrum insulting the memory of a fallen officer and his grieving family:

Thousands of police officers from across the nation packed a church and spilled onto streets Saturday to honor Officer Rafael Ramos as a devoted family man, aspiring chaplain and hero, though an air of unrest surrounding his ambush shooting was not completely pushed aside.

While mourners inside the church applauded politely as Mayor Bill de Blasio spoke, hundreds of officers outside turned their backs on him to protest what they see as his support for demonstrators angry over killings by police.

The rush of officers far and wide to New York for Ramos’ funeral reminded some of the bond after the Sept. 11 attacks and Superstorm Sandy. Vice President Joe Biden promised that the “incredibly diverse city can and will show the nation how to bridge any divide.”

Still, tensions were evident when officers turned away from giant screens showing de Blasio, who has been harshly criticized by New York Police Department union officials as a contributor to a climate of mistrust that preceded the killings of Ramos and his partner, Wenjian Liu.

All this poutrage by Mr. Lynch, former Mayor Guiliani and company directed at Mayor de Blasio is because he spoke to the terrible fact that police departments throughout this country treat people of color differently and minority children, especially the boys, must be given “the talk.

“If you are stopped by a cop, do what he says, even if he’s harassing you, even if you didn’t do anything wrong. Let him arrest you, memorize his badge number, and call me as soon as you get to the precinct. Keep your hands where he can see them. Do not reach for your wallet. Do not grab your phone. Do not raise your voice. Do not talk back. Do you understand me?”

The mayor gave the talk to his biracial teenage son so this wouldn’t happen to him.

And as John Cole at http://cinziamazzamakeup.com/?x=cialis-generico-nao-funciona Balloon Juice noted

And let’s remember what is so particularly ugly about this- this is motivated as much by the desire to not reform and to maintain the current institutional racism as it is the current contract talks and union elections. Fuck Patrick Lynch and his goons.

If some members of the NYPD don’t like the reforms that Mayor de Blasio was elected to enact, they can go find other jobs. There are plenty of qualified people, who are working two and three underpaying jobs,  to replace them. Either that or learn to listen.