Posts by Keith Ng
Last ←Newer Page 1 2 3 4 5 Older→ First
-
OnPoint: Budget 2014: Yeah okay., in reply to
The visualisation's a bit off for MPI - "Border Biosecurity Risk Management" is listed as both increasing and decreasing by 100%, as is "Implementation of Policy Advice" (at least I think those are the same thing both times). LINZ has similar issues - it thinks almost everything is new.
So sometimes items change in scope (e.g. From "policy advice" to "policy advice and support" or something). Technically, if a scope is worded differently, then it actually is a different budget item, so get its own ID, so the visualisation treats them as separate item. This isn't very helpful, but is an accurate rendering of the data.
-
OnPoint: The Big Guns: Truecrypt and Tails, in reply to
Should I be looking into public/private keys, Truecrypt and the like? Would I get any practical benefit out of them?
Pretty much what Michael said. Your biggest risks are from accidental loss/opportunistic theft. Encrypting your hard drive (especially on your laptop) and USB drives is something you should definitely do.
(c) Supports online privacy?
Using VPN as a matter of course would be helpful - it doesn't help you much against a serious adversary, but it offers you a pretty decent level of privacy. Also, it's helpful for online privacy, because it creates more locked doors, which creates cover for everyone who actually needs it.
-
OnPoint: The Big Guns: Truecrypt and Tails, in reply to
If you have access you can read the crypto keys out of memory (along with the decrypted data itself, of course). So installing that cool screensaver is still dangerous with Tails/TrueCrypt.
You're right. I was trying to illustrate the point of a straight-to-ram OS, but I overstated the safety of Tails. However, being a Linux system, and with Tails making it very difficult to install anything, it should be fairly difficult to do.
-
OnPoint: The Big Guns: Truecrypt and Tails, in reply to
then existence of second layer files can be found, and you can be compelled to give the keys for those too.
No. From http://www.truecrypt.org/docs/hidden-volume#Y0:
Even when the outer volume is mounted, it should be impossible to prove whether there is a hidden volume within it or not, because free space on any TrueCrypt volume is always filled with random data when the volume is created and no part of the (dismounted) hidden volume can be distinguished from random data.
-
OnPoint: The Big Guns: Truecrypt and Tails, in reply to
The irony is that in the "security vs obscurity" stakes that is common in encryption speak, any people really planning to do things that intelligence services (and police) really should be worried about, tend to use obscurity.
This has all been aimed at journalists and their sources. For journalists, obscurity is not an option. But on the up side, journalists aren't going to get Gitmo'd in the near future. I'm not worried about the entirety of the NSA, just about some very specific powers of some very specific individuals.
In this case, that the Police can get a search warrant and seize your computers and your devices, and upon discovery of an encrypted hard drive, can compel you to give up the password. It's a VERY specific adversary. It's not unlimited, it doesn't involve rubber hosing or extraordinary rendition, or indefinite detention, or supercomputers brute forcing your shit, or the TAO using custom exploits to target whatever.
-
OnPoint: The Big Guns: Truecrypt and Tails, in reply to
Even if they are on the hard drive, a 1GB hidden volume would be hard to spot in the clutter of a Terabyte drive.
(Speculation:) I imagine that encrypted files are reasonably distinct, and that a forensic analysis tool should be able to find them, regardless of size.
But yeah, a microSD card is a great form factor.
-
I wouldn't know. I have no hidden volumes.
-
OnPoint: The Gift that Keeps on Making…, in reply to
There's really not that much point worrying about what access to your data intelligence services have (unless, of course, you are a spook yourself), because they have the power to coerce from you anything you care to hide.
Though I keep talking about PRISM and other NSA systems, this is not the same as "avoiding the NSA". Avoiding active surveillance by the NSA is, obviously, some next level shit. However, avoiding passive surveillance by the NSA is not.
The main threat for journalists in NZ is the use of NSA systems by the GCSB, probably at the behest of the Police. That means they have access to some NSA systems, but it doesn't mean they can bring the full force of the NSA to bear.
PRISM data can be acquired by lawful search/interception, which is why allowing NZ to use it isn't a big deal. Giving NZ access to a system which cracks encryption would reveal their capability to crack encryption, which would be a big deal. This limits what we have to worry about.
Nor, presumably, would TAO be part of what NZ can access. So in that sense, we can speculate about all the amazeball capabilities of the NSA, but it doesn't all automatically transfer to the GCSB.
And yeah, we've seen instances where they've gone to the boundaries of the law, and then took a few more steps. But that doesn't mean they're completely rogue and would go around renditioning and waterboarding New Zealanders.
-
OnPoint: BTW, the NZ Police can use…, in reply to
Thanks, it took me nigh on 1/2 an hour though so...
*LIKE*.
-
OnPoint: Ich bin ein Cyberpunk, in reply to
umm, not really. It means the request has a classification level of Secret, that its subject relates to communications intelligence (you got that bit right), and that it may be released to the members of Five Eyes.
My "it means that.." statement was supposed to be a summary of the header in the context of all the facts that have come before it, not a straight translation of what the header meant.