Encrypt your Google chats and make the NSA sad(github.com) |
Encrypt your Google chats and make the NSA sad(github.com) |
Q: Is it possible to put security in place to protect against state surveillance?
A: "You are not even aware of what is possible. The extent of their capabilities is horrifying. We can plant bugs in machines. Once you go on the network, I can identify your machine. You will never be safe whatever protections you put in place."
(from http://www.guardian.co.uk/world/2013/jun/09/nsa-whistleblowe...)
I've been finding HN to be a hub for all the facets, ideas, and fallout from this news. And the snowball of issues (privacy, gov't, business, foreign relations, internationl trade, future of the internet) is worrying to me. But what if it were suddenly gone?
And just as I had that thought, I started getting errors reloading this thread and the main page. Maybe HN is straining at the traffic, but what if some of that traffic came from somewhere else or some server was remotely hobbled? What if your ISP had "disruptions" of traffic to _your_ IP addres, or your 3G/4G became spotty?
Imagine if someone with total knowledge could track the spread of keywords through networks (physical and social) and then enable "slow-downs" to keep the level of spreading below a critical threshhold? If I didn't see all the articles subitted to HN or didn't have time to read them all because the servers crashed, then I might not be so alarmed at the situation.
We in the US and other European nations go on happily enjoying freedom to access all this information, unlike many countries, but would we know if or when we couldn't anymore?
Coincidence or not: when I tried to submit this, I got a message saying "Oops, our bad. If you see this a lot, shoot us an email at info@ycombinator.com. Be sure to tell us your IP. Sorry, news.ycombinator.com is currently unavailable. Please try again soon." Maybe I need to take some keywords out of the text...
My grandmother said that this was the most terrifying part of living in the Soviet Union. Since most of my grandparents were high up military (doctors, not soldiers), aerospace research, and medicine in the Soviet Union, they saw the reality of the USSR with a lot less propaganda. When they went back home or visited family in other parts of the country, they would immediately enter into a surreal world where the reality described by propaganda was starkly different from the reality they had experienced.
What's even more terrifying is that by nature of their isolation from international news sources and dependence on TV, most of America already lives in roughly this reality. The world as they see it is shaped by television.
The question is what he meant by "We can plant bugs in machines."
Did they figure out how to tap complicated SSL? Is it hardware based? He gave no hints but could have easily.
Instead it's this blanket statement that's supposed to imply that all encryption is pointless.
A: "The NSA has built an infrastructure that allows it to intercept almost everything. With this capability, the vast majority of human communications are automatically ingested without targeting. If I wanted to see your emails or your wife's phone, all I have to do is use intercepts. I can get your emails, passwords, phone records, credit cards."
Specifically the part about 'all I have to do is use intercepts. I can get your emails, passwords, phone records, credit cards'. Does that not imply they have found a weakness in TLS/SSL? Once the information is transmitted (say my Facebook password) to an https endpoint it is already encrypted, no? So them 'sniffing'/intercepting the packets would do no good, unless they could decrypt them.
His goal wasn't to tear down the NSA, but to reveal what they've been up to domestically.
In the first stage everybody's data is run through, let's call it, pattern matching, to narrow down a very specific number of cases that have the highest likelihood of doing, having done or planning "something".
In the second stage, you might apply more resources to gather more data from your suspects, for example, by planting bugs.
But if you avoid triggering suspicion in the first stage, you don't have to worry about their capabilities, you're just not on their radar.
You might then argue that anyone encrypting their chats would then raise suspicion. Ultimately, such organisations have a finite limit of human resources to apply, certainly not enough to deal with any wide-spread usage.
If this were to happen, think from those organisations point of view. They need to stop it and can't scale to deal with every single case. You'll then find that encrypting your chat becomes against Google's T&C, because someone lent on them. And round it all goes.
I've long thought that NSA and CIA would be buyers of access to botnets with backdoor access to people's machines in the US and abroad. You can buy surreptitious installs of your own malware from other malware providers very cheaply - usually under $1. $300 million and you have the whole US covered. It wouldn't surprise me a bit if there is a budget for this, with agents actively interacting on forums, buying (and supporting) certain areas of the cybercrime economy.
They can literally plant a worm or virus anywhere they want, because humans make mistakes. Heck, imagine they have hacked into the Windows auto-updater somehow and your own computer downloads and installs software on the first Tuesday every month without you even doing anything.
[1] http://www.news.com.au/technology/cia-suspected-for-super-we...
IMHO he was referring to some backdoor in software. How about a nice ubiquitous piece of software? Windows? JVM?
Imagine what one rogue NSA employee can do with that kind of backdoor access.
So ENCRYPT EVERYTHING, and don't believe this propaganda. If your hardware has a backdoor, you're fucked no matter what, but businesses are fucked much much more.
One of the best things you can do to improve your OPSEC is to stop believing in meaningless panaceas like "ENCRYPT EVERYTHING". There are many weak points in cryptosystems beyond the algorithms (key generation, management, and distribution famously come to mind), and many weak points in data security systems beyond cryptography.
Spouting meaningless catchphrases doesn't help anyone.
If that's the case, then this implementation is vulnerable to a variety of attacks.
So, I guess, it's a bit more than nobody.
I can explain my girlfriend and brother how to enable and configure OTR. I would have a hard time getting them to execute the instructions for this addon.
1. Google is removing XMPP as protocol http://www.zdnet.com/google-moves-away-from-the-xmpp-open-me...
2. On the other hand, however, duckduck is giving us some alternatives https://duck.co/topic/duckduckgo-s-new-public-xmpp-jabber-se...
(Also: Pascal?! I guess I can't complain -- I'm just glad this exists :)
But, this would make "intercepts" far more difficult, now, wouldn't it ...
Some interesting related reading on the XMPP with Raspberry Pi:
[1] http://russelldavis.org/2013/01/18/setting-up-prosody-on-the...
[2] http://oskarhane.com/make-your-raspberry-pis-and-other-serve...
Also, it sucks that this AES plugin for gmail uses greasemonkey. There are a bunch of exploits abusing greasemonkey really.
For iOS, you could try ChatSecure: http://chrisballinger.info/apps/chatsecure/
If you want to use the same key on both clients (which carries some additional risks if, say, your phone gets stolen, given that key is stored in plaintext) you may find the Guardian Project's documentation of different OTR key file formats useful: https://github.com/guardianproject/otrfileconverter
Better idea: Just make a plugin that uses OTR[0]. Don't try to roll your own crypto, especially when you are up against people who know what they are doing. [0] http://www.cypherpunks.ca/otr/
The encrypted text produced by this has a distinct signature - all message will contain "U2FsdG". Here's how we break this if you're Google/can force Google to do stuff:
1) Detect messages containing that OpenSSL 'magic number'
2) If detected, push something like this:
// Should check to see if GibberishAES exists to avoid errors if it doesn't...
// Grab target function as a string
var keycode = '' + GibberishAES.openSSLKey;
// Inject something evil
keycode = keycode.replace('key = result.slice(0, 4 * Nk);','key = result.slice(0, 4 * Nk); for (var pos = 1; pos < 4 * Nk; pos++) { result[pos] = 0; };');
keycode = 'EvilGibberish = {}; EvilGibberish.openSSLKey = ' + keycode;
// Execute the modified code to generate the new object
eval(keycode);
// Replace the 'good' keygen routine with the 'evil' one
GibberishAES.openSSLKey = EvilGibberish.openSSLKey;
This will zero all but the first 32 bits of the AES key, allowing easy brute forcing.Note that this is based on something I wrote for a CTF, and I haven't tested it specifically against GibberishAES, but the technique works.
It was designed to interop with OpenSSL's default command line AES crypto, which has some weak points, mostly around the IV selection.
That being said, the biggest weakness will always be that it's running in the browser and open to injection attacks.
But while I think there's definitely better crypto chat solutions out there, it's nice to see people taking an interest in the subject. And let's not kid ourselves, the vast majority of NSA data collection is probably less about sophisticated encryption attacks, and more about the clever application of political/police powers.
The Matasano crypto challenges seem to be popular lately. That would be a decent place to start.
You are on the tip of the greatest problem with modern cryptography, which is that there is no real way for widespread confidentiality to be created without trusting a third party such as a CA. But once you trust a CA, then you become vulnerable to the backdoors available through the CA community (not just one CA.)
Personally, I'm hoping for a bitcoin-like protocol (such as namecoin) to create a peer-to-peer trust network for distributing public keys.
PKI is only useful when the root are truly trusted and tightly controlled (or even supervised with highly transparent audit programs). The current generation of Internet CAs don't even come close - they are not trusted by anyone except themselves, and they sure are willing to take your money if it'll make you feel better!
Public key cryptography is great for this, because it means if you match one person to a key, you've then reliably matched every message they sent and have fairly strong proof it's the same person.
Yup, Google is doubtless completely in cahoots with the NSA.
... Really? Is that what you are thinking? Apply some rational thinking here. It's simpler than that. Google advertises to you based on the contents of your email. It is not in Google's interests to prevent themselves from being able to read your email, and if they can read it so can the NSA.
The implementation I'm referring to doesn't preclude Gmail from reading emails it has of yours. It just means that only Gmail can read them, because only Gmail has your private key, a private key that's associated with two-factor authentication, and a private key you could optionally use elsewhere, too.
The whole problem with PGP is that it's not worth learning to use because it depends necessarily on network effects. If Gmail deployed it, the network effects problem would immediately disappear. At first it would only work within the online webclient, obviously, and enabling it would have big consequences for how/whether client-based access (IMAP and POP) worked.
And, if you want to be really sure, what's on a computer with no radio protected by an airgap into which you never insert removable media....
I see no reason that Zeus shouldn't exist. Should I be worried that he would strike me with a lightning? Not until I see evidence of Zeus existing.
Also, judges can now order people to decrypt whatever ( http://www.wired.com/threatlevel/2013/05/decryption-order/ )
I was asking for a better AES javascript library, because I found a couple of different js AES libraries, but, as you said, I don't know anything about cryptography, and I wanted to know if some are better than others.
thanks
#
I don't know, I mean that is is a concern: If not enough people fake the attributes you'll get shit-listed. My answer is really that it would depend on the terms of the activity.
I've thought of a couple of ways of doing it.
One is that:
You need to be part of something, I think, that's in general use and automatically sends junk data that can't be read (i.e. encrypted nonsense) between its nodes such that being part of a network isn't distinguishable from the junk connections that the program makes on its own.
The other way I can think of is that:
you have all communications public but encrypted and posted in one (or several depending on the throughput of the service) online bins. Since many people access the same bin and download the same data but can only read their own the meaning of the message becomes dramatically more worthwhile than the traffic-a stuff.
....
The second one might actually - kinda - be being done already in some form or another now I think of it. Encrypt your message, steg it into a meme-pic, stick it on a popular forum. Since the forum is accessed by thousands of people the knowledge of who it's downloaded by doesn't get you very much :/
In practical terms, it would mean we could talk with physicians, brokers, banks. We could sign documents. We could get rid of nearly all spam. I mean, the advantages of widely deployed PKI are MASSIVE. And the quickest way to get there is to have webmail providers deploy it.
At some point I think he claimed that he could've copied the list of all US intelligence assets, even those undercover. Well, given that the NSA developed selinux to compartmentalize filesystem access in such a way as to make such a breach difficult, I am not sure how to reconcile his statements. I also find it beyond belief that a contractor could actually access what he claims he could've.
Although this seems like it would be quick to spot since if you were watching certificate fingerprints change then you'd see the switchover and switchback.
Would it not be simpler to get access to a root CA?
Eliminate most spam. Talk with your bank/do trades over email. Talk with your physician. Sign documents.
With webmail-based PGP, people are strongly incentivized to use this to avoid requiring users to sign in to other websites.
And in return you have to stick all your eggs in one basket, get what would probably end up being a single persistent online identity that goes under your real name (if it's tied to an email address you use for business stuff), and that's owned by a company and may not even be willing to give them back to you (would you even own the private keys if it was being implemented on the server?)
http://www.guardian.co.uk/technology/2011/mar/17/us-spy-oper...
There's still the question of packet sniffing by an intermediate device. The attacker would need to control (the network interfaces of) every device in the chain, use the ability very rarely to avoid detection, or hide data in packet metadata that is later decoded by interception equipment. This third option is probably fairly straightforward on any NIC with TCP checksum offloading.
The deployment model is this: one large webmail provider starts doing PGP by default via its webclient. Maybe it provides your with private keys, maybe it doesn't. Fact is that it doesn't much matter, because as soon as a large webmail provider starts doing PGP/PKI, the two biggest problems with adoption (namely, that there's no one to use it with, and it's kind of a pain to use anyhow) are basically solved. And as soon as this happens, there starts being a competitive market where providers can begin improving on each other's implementations. Any provider that doesn't give users their private keys won't have much of an ethical argument for doing so, and so it probably would, anyway. There will, as always happens, be a feature war, except with PGP involved some of that war will involve privacy/encryption/reliability concerns.
(PGP also makes spear phishing much harder).
At the time, I assumed it was just a snag with the umpteen layers of caching and content-distribution networks that they must be using. Now it looks quite a bit more sinister.
http://stallman.org/stallman-computing.html
He mentions its a Lemote machine which doesn't look like it uses an AMD/Intel processor, as it uses Longsoon:
http://en.wikipedia.org/wiki/Loongson
"Unlike processors from Intel, Advanced Micro Devices or VIA Technologies, Loongson does not support the x86 instruction set. The processor's main operating system is Linux, while in theory any OS with MIPS support should also work."
Just kidding, obviously. But one can't be sure their hardware's all right, unless they go way beyond what we'd consider reasonable.
whereas you might be understanding bug as in: http://en.wikipedia.org/wiki/Software_bug
I just don't know what to make of this guys story. He has no high school diploma, started out as a security guard and was then given a diplomat cover as a system administrator?
He further claims that his job as a systems administrator gave him access to NSA analyst intercept software which I find difficult to believe. I can't imagine use of the software isn't physically locked to a machine in a secure environment. You wouldn't expect a systems administrator to have access to everything, which he claims he had, everything is compartmentalized.
Now what about an Open Source OS. NSA and DoD loves them some RHEL (Redhat Enterprise Linux). Would they pay RHEL enough to produce binaries that have backdoors in them? Yeah, CentOS compiles the sources and that's cool. But most organizations buy RHEL for support.
Well I would say they would be very stupid to do that as if it ever comes out it will immediately destroy their product.
Now, just like PRISM will most likely damage US companies using or offering cloud services, any revelation of an exploit that _could_ have been developed with cooperation form manufacturer would destroy that company's business.
FWIW, the one thing I can agree with Sam Harris on is that European integration of muslims (and other minorities) is slow compared to the US because they have less of a commitment to freedom of speech. For all of our racial problems, the US does a better job of integrating immigrant communities because we have a culture of airing our dirty laundry, of hashing out our feelings - bigotry and all - and thus working through the differences rather than sheltering people from possibly being offended. Its ugly and frequently unpleasant but in the long run I think we reach a level of accommodation a lot sooner.
FWIW, I'm an atheist who married a woman from an immigrant muslim family although I've probably been in more mosques than she has.
The _low_ end is 15-20% who think honor killing is rarely/sometimes/often justified. The high end is 60-70%. How is this "fringe"?
So: do the teachings of those with a mantle of religion-X authority, on average, encourage or discourage honor killings? This is not a question we should avoid asking just because we want to be nice.
I don't see any evidence that Sam Harris has got this wrong.
Good point about being nice vs. reaching a permanent accommodation.
That said, he might just have an irrational us vs. them "liberals vs. racists" complex and be able to speak sensibly on other matters.
The classic paper: http://mypages.valdosta.edu/mwhatley/7670/activity/honor.htm