OnPoint by Keith Ng

Read Post

OnPoint: BTW, the NZ Police can use PRISM against you now

85 Responses

First ←Older Page 1 2 3 4 Newer→ Last

  • nzlemming, in reply to BenWilson,

    I may have paid off the mortgage on my 1/4 acre and 1970s assortment of sticks and jib, too, which will be worth approximately 50 million dollars.

    Don't worry, you'll still have your student loan to keep you warm. Even if you never took one out...

    Waikanae • Since Nov 2006 • 2937 posts Report

  • Sacha, in reply to nzlemming,

    unwilling students of history, all

    Ak • Since May 2008 • 19745 posts Report

  • Martin Lindberg, in reply to Paul Campbell,

    Now how do I choose an ISP who publishes their router source?

    That may not matter if you have a Lenovo PC anyway.

    MI6 and MI5 'refuse to use Lenovo computers' over claims Chinese company makes them vulnerable to hacking

    Stockholm • Since Jul 2009 • 802 posts Report

  • Paul Campbell,

    well of course they are, they keep putting Windows on them

    Dunedin • Since Nov 2006 • 2623 posts Report

  • Matthew Poole, in reply to Martin Lindberg,

    MI6 and MI5 ‘refuse to use Lenovo computers’ over claims Chinese company makes them vulnerable to hacking

    The discovery has led to a written banning order being issued among the “Five Eyes” alliance of British, American, Australian, Canadian and New Zealand eavesdropping agencies, including the US National Security Agency, according to the respected Australian Financial Review.

    It's all of Five Eyes, not just the UK, courtesy of the inter-agency links which exist, according to the AFR article. It's only applicable to environments which handle classified material, but it's still interesting. Given that the acceptable alternative manufacturers - the AFR says Dell and HP are allowed - make extensive use of Chinese-manufactured hardware, it seems somewhat cosmetic.

    Auckland • Since Mar 2007 • 4097 posts Report

  • Steve Barnes, in reply to Martin Lindberg,

    MI6 and MI5 ‘refuse to use Lenovo computers’ over claims Chinese company makes them vulnerable to hacking

    Like Duh! Oceania has always been at war with East Asia, get with the program kiddo.
    And... American computers are so doubleplus good that those inferior Asian units don't stand a chance of corrupting the pure Arian super computers made by Dell and HP.
    Be seeing you.

    Peria • Since Dec 2006 • 5521 posts Report

  • Matthew Poole, in reply to Martin Lindberg,

    And relatedly, kinda, Snowden's latest document leak is part of the US-FY13 "Black Budget" document that goes to the Congressional Budget Office. Highly-classified doesn't quite adequately describe something which is only meant to be seen by US citizens who hold Top Secret clearance with Sensitive Compartmented Information access to the entirety of US satellite-based and terrestrial intelligence-gathering programmes.
    This release breaks down where the money goes within the spooky parts of the US government. It's a $56.2b budget!

    I don't think Snowden has released anything else which is meant to be this tightly controlled (other TS material, yes, but nothing else that's NOFRN SCI). He clearly wasn't kidding about a mere system administrator having the keys to the kingdom.

    Auckland • Since Mar 2007 • 4097 posts Report

  • Chris Waugh,

    And another bit of cosmetology I noticed with that Independent article:

    the state-backed technology company

    and:

    It is the latest company with links to the Chinese state to fall foul of concerns about its hardware

    Suitably scared yet? Because here's the state backing:

    Lenovo, which is based in Beijing, is indirectly backed by the Chinese state. The Chinese Academy of Sciences, a public body, owns more than a third of Legend Holdings, which in turn owns 34 per cent of the computer company and is its biggest shareholder.

    Oh. So by the same logic, I'm an agent of the Chinese state. Quick, rend me extraordinarily, extract all my secrets. At least Huawei has the decency to have an honest-to-God ex-military man as founder.

    Wellington • Since Jan 2007 • 2401 posts Report

  • Rich of Observationz, in reply to Chris Waugh,

    I have a Raspberry PI and a Beagleboard on my desk: both are British system integration, British CPU architecture, open-source everything from the bootrom up, US chipset and physically stuck together in China. (NZ designed and built case, too)

    Also, simple enough that the community would probably find any trapdoors - especially on the Beagleboard which has a documented Ti chipset, not that NDAed Broadcom crap.

    Maybe that's why I had to sign an agreement not to use the Beagleboard to make WMD before Element14 would ship it.

    Back in Wellington • Since Nov 2006 • 5550 posts Report

  • Paul Campbell,

    And on my desk is a pile of NZ designed, NZ built, boards also with TI hardware - I have to sign that same agreement to get the chips (AES, and I use it, even though we're just building a mesh net to monitor stoat traps) - the rules are slightly silly - I'm allowed to send the chips to China for assembly provided I ship the result somewhere else, but I'm not allowed to sell them to the Chinese military

    I can buy the same chips cheaper and without signing the disclaimer on Alibaba ....

    Meanwhile the bespoke AES chip market (bitcoin) seems to be taking off

    The people who make these silly rules don't really care, they just like being able to make people's lives more difficult

    Dunedin • Since Nov 2006 • 2623 posts Report

  • Ian Dalziel, in reply to Paul Campbell,

    needs mustelidae...

    ...even though we’re just building a
    mesh net to monitor stoat traps

    What a cunning plan, to hide in plain sight as you beaver away on your plans for a breakaway Southern Tartan 'Stoat-tally-tarian Matrix '...

    ;- )

    Christchurch • Since Dec 2006 • 7953 posts Report

  • Paul Campbell,

    well there's that whole low power only good for a km or so thing and the fact that this will be an all solar net only running for a few minutes a day on the smell of an oily rag in a bush filled valley .... it's going to be a very sparse matrix

    Dunedin • Since Nov 2006 • 2623 posts Report

  • Steve Barnes, in reply to Paul Campbell,

    . it’s going to be a very sparse matrix

    That's Stoatally amazing, was it weasely implimented?.
    (he asked, on his Lenovo)

    Peria • Since Dec 2006 • 5521 posts Report

  • Martin Lindberg,

    While it's already possible to securely encrypt email using public key encryption, as Keith is demonstrating, it's still a pain. The good thing about the revelations around NSA et al is that this has created a much greater public interest in security. So now there is a need for an easier way to secure communications.

    Inventing geeks to the rescue:

    Developers Scramble to Build NSA-Proof Email

    In surveillance era, clever trick enhances secrecy of iPhone text messages

    Also, here's a cool stick-figure presentation of the background and implementation of AES. Good if you are interested in the mathematics behind cryptography (and let's face it - who isn't?)

    A Stick Figure Guide to the Advanced Encryption Standard (AES)

    Stockholm • Since Jul 2009 • 802 posts Report

  • Ian Dalziel, in reply to Martin Lindberg,

    A Stick Figure Guide to the Advanced Encryption Standard (AES)

    <snap>
    I was just about to re-aggregate that from boing boing myself!
    :- )

    Christchurch • Since Dec 2006 • 7953 posts Report

  • Ian Dalziel,

    the machines did it!
    Keith, looks like another Gov't dept is experiencing computer problems...

    An immigration bungle in which a computer gifted an extra 120 people a place on a visa scheme has raised doubts about the Government's $80 million online visa programme.
    Documents provided under the Official Information Act show demand for the Silver Fern job search visa this year was so high that the system jammed, allowing 420 potential migrants to grab a place, despite the visa being capped at 300 people.
    And the privacy of at least nine people was breached during the hectic online application process, about which Immigration New Zealand fielded dozens of complaints.

    Christchurch • Since Dec 2006 • 7953 posts Report

  • Paul Campbell,

    Scarier is "N.S.A. Foils Much Internet Encryption" - it's hard to tell exactly what they're saying there, but it seems to hint to me that SSL is toast.

    Dunedin • Since Nov 2006 • 2623 posts Report

  • Rich of Observationz,

    I'm seriously hoping that someone in NSA/GCHQ/GCSB gets caught in massive financial fraud soon:
    - grabbing credit card transactions
    - grabbing online banking logins
    - some other type of couffabling

    I imagine this must be happening on some scale and being covered up, but it might wake up the sheeple if they find government employees have been stealing their bank account contents

    Back in Wellington • Since Nov 2006 • 5550 posts Report

  • Paul Campbell,

    one has to assume that some percentage of everyday spam is the NSA trying to grow their stable of pwned machines

    Dunedin • Since Nov 2006 • 2623 posts Report

  • Matthew Poole, in reply to Paul Campbell,

    it seems to hint to me that SSL is toast.

    SSL has been toast for a long time. TLS wasn’t created just for the sake of it, and TLS1.0 is already considered insecure.

    Auckland • Since Mar 2007 • 4097 posts Report

  • Paul Campbell,

    What we really need are some great mathematicians who aren't beholding to anyone

    Dunedin • Since Nov 2006 • 2623 posts Report

  • Paul Campbell,

    Bruce Schneier is a little pissy ....

    "To the engineers, I say this: we built the internet, and some of us have helped to subvert it. Now, those of us who love liberty have to fix it."

    word

    Dunedin • Since Nov 2006 • 2623 posts Report

  • Matthew Poole, in reply to Paul Campbell,

    it’s hard to tell exactly what they’re saying there, but it seems to hint to me that SSL is toast.

    Cryptographers have long suspected that the agency planted vulnerabilities in a standard adopted in 2006 by the National Institute of Standards and Technology, the United States’ encryption standards body, and later by the International Organization for Standardization, which has 163 countries as members.

    Classified N.S.A. memos appear to confirm that the fatal weakness, discovered by two Microsoft cryptographers in 2007, was engineered by the agency. The N.S.A. wrote the standard and aggressively pushed it on the international group, privately calling the effort “a challenge in finesse.”

    That section implies that it's not SSL which is toast, because SSL 3.0 was first released in draft in 1996. The implication is that it's TLS 1.1 which is compromised. And that's a big, big deal, because TLS 1.2 is only just starting to be fully supported by clients (and isn't supported by a lot of older server platforms. Like, nothing from MS prior to Server 2008R2, which was released in 2010).

    Auckland • Since Mar 2007 • 4097 posts Report

  • Matthew Poole,

    It is telling that the NSA approves particular combinations of public security protocols for securing information up to and including material classified as Top Secret. Historically they have only approved black-box crypto systems for such material. If they are prepared to allow US national security material to use these protocols, the protocols are probably not insecure-by-design; the NSA is perfectly happy to read everyone else's traffic, but they're really unhappy about the converse being true.

    Auckland • Since Mar 2007 • 4097 posts Report

  • Rich of Observationz,

    Interesting as to whether it's a component or system-wide crack. Factoring public keys would give them full access to anything under than private key, while cracking the conventional crypto would have to be run for every session and any sort of active attack on the protocol (like MITM) would be detectable.

    securing information up to and including material classified as Top Secret

    Or the US is willing to risk foreign agencies reading their Top Secret traffic in return for access to everyone's personal email? Maybe they take the view that even if the Russians know the location of every Trident sub, they probably won't be starting a nuclear war anytime soon.

    Back in Wellington • Since Nov 2006 • 5550 posts Report

First ←Older Page 1 2 3 4 Newer→ Last

Post your response…

This topic is closed.