Main Area and Open Discussion > Living Room

Kiss Encryption Goodbye... :*

<< < (8/8)

40hz:
The neutral tone of NPR is a refreshing departure from the utter drivel and gnashing of teeth that you get in the MSM, but it's still state run media.-Renegade (September 13, 2013, 09:04 PM)
--- End quote ---

It's not. You really need to spend a little more time in the USA to understand how things actually work here, as opposed to 'just knowing' how they do. :-\ :P

I don't know why people always go on about the "neo-con talk show hosts" being douches. Sure, Rush Limbaugh has a solid douchebaggery score. So do other right-aligned commentators. But why does nobody ever point out the douchebaggery of the left-aligned commentators?
--- End quote ---

That's probably because nobody really ever listens to the left-wing pundits. They are "bombinating in a vacuum" to borrow a phrase of James Thurber's. Even the diehard leftists generally ignore them. Possibly because the right-wing likes to have their arguments and "talking points" provided to them, whereas the left-leaning crowd tends to resist any attempt to hand them pre-canned anything. As one old saying from the 60s used to go: The Left needs to stand apart with each other on this issue.
;)

Renegade:
The neutral tone of NPR is a refreshing departure from the utter drivel and gnashing of teeth that you get in the MSM, but it's still state run media.-Renegade (September 13, 2013, 09:04 PM)
--- End quote ---

It's not. You really need to spend a little more time in the USA to understand how things actually work here, as opposed to 'just knowing' how they do. :-\ :P
-40hz (September 14, 2013, 01:45 PM)
--- End quote ---

http://www.npr.org/about-npr/178660742/public-radio-finances

Other than that 39% there, my bet is that we can call those "state". If there's actually a difference anymore, I don't see it. ;) ;D

Renegade:
I'm not sure if Rick Falkvinge is a full on crypto-anarchist, but he sure seems like it sometimes.

http://falkvinge.net/2013/09/12/the-nsa-and-u-s-congress-has-destroyed-ssl-we-must-rebuild-web-security-from-the-ground-up/

The NSA has forged web security certificates. What’s worse, we knew that they could, and we still trusted certificate-based web security. Web security as we know it is dead and worthless – worse than worthless, even – and must be rebuilt from the ground up.

When you are going to a website that bills itself as secure, it uses a so-called “security certificate”. Such certificates on the web serve two purposes. One, they encrypt the session between your computer and the web server, so nobody else can listen in, and two, they identify the web server you are talking to and tell you whose web server it is. When you log onto your bank, you will see a little padlock next to the bank’s name in the address bar. The NSA and their ilk have effectively negated both of these security mechanisms.

This makes today’s Web security worse than worthless. It is not just worthless, as in not providing the claimed security whatsoever; it is worse than worthless, as it provides people at large with a thoroughly false sense of security. It’s like if all the front door locks in the world were dead easy to open for somebody who knew the magic word. Unless this lack of security is well understood – and being a technical issue, it won’t – people will keep thinking they’re secure. That’s horrible, frankly.

...

Many certificate suppliers are based in the USA. This, combined with the infamous National Security Letters (NSLs) that the U.S. Congress has created, is a death knell. There is nothing stopping the NSA from issuing such a letter compelling Verisign or any other U.S.-based certificate authority to issue a forged certificate to the NSA, and be forced by law to not tell anybody about it.

The mere possibility of this happening is enough to declare certificate-based web security stone dead as a technology – but we know now that the NSA has already used forged certificates to impersonate Google. That’s extra damning. Let’s take that again: the NSA forced web traffic intended for Google’s servers to take a route through the NSA’s servers, where the NSA presented themselves as Google and were able to wiretap traffic intended for Google’s servers, negating both functions of certificate-based security.
--- End quote ---

And from a link in there:

http://www.techdirt.com/articles/20130910/10470024468/flying-pig-nsa-is-running-man-middle-attacks-imitating-googles-servers.shtml

FLYING PIG: The NSA Is Running Man In The Middle Attacks Imitating Google's Servers


Glyn mentioned this in his post yesterday about the NSA leaks showing direct economic espionage, but with so many other important points in that story, it got a little buried. One of the key revelations was about a program called "FLYING PIG" which is the first time I can recall it being clearly stated that the NSA has been running man-in-the-middle attacks on internet services like Google. This slide makes it quite clear that the NSA impersonates Google servers:
--- End quote ---

More at those links.

SSL is dead.

Kleptography:

http://datatracker.ietf.org/doc/draft-hallambaker-prismproof-req/?include_text=1

3.4. Kleptography

   Kleptography is persuading the party to be intercepted to use a form
   of cryptography that the attacker knows they can break. Real life
   examples of kleptography include the British government encouraging
   the continued use of Enigma type cryptography machines by British
   colonies after World War II and the requirement that early export
   versions of Netscape Navigator and Internet Explorer use 40 bit
   symmetric keys.
--- End quote ---

Navigation

[0] Message Index

[*] Previous page