Re: Privacy-protected registration
Not being that proficient at layer 7 activities, are there any useful guides out there to hardening various systems?
5770 publicly visible posts • joined 29 May 2007
After further reading, it does seem that the author has given some thought to the protection of privacy and free speech, but I can't help but feel that it hasn't been thought through properly, or properly peer reviewed.
If this were a document I was reviewing officially the margins would be red with review comments and questions relating to unintended consequences and insufficient provisions or lack of clarity in purpose relating to some of the clauses - and there also appears to be a section where a particular term is used to describe data content, but further references in the section seem to muddle the names and use different ones (with potentially different meaning).
Not something I would expect a non-techie well versed in impact analysis (i.e. forward thinking) would readily grasp upon first reading, and once the information is parsed and simplified the errors can only be magnified horribly.
There are provisions as to how an application for intercept should be justified - I would like to see some real world samples to judge whether this aspect is being adhered to - I suspect not.
There is a link at the bottom of that pdf, to another pdf..
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/426248/Acquisition_and_Disclosure_of_Communications_Data_Code_of_Practice_March_2015.pdf
There is a lot in there to be worried about, this for instance..
"2.7. Particular consideration must also be given, when pertinent, to the right to freedom of expression.[28]
[28] See the section on communications data involving certain professions, beginning at paragraph 3.72, for further information and guidance, including on the requirement for the use of the Police and Criminal Evidence Act 1984 until such time as there is specific legislation to provide judicial authorisation for applications for communications data to determine journalistic sources."
My emphasis in bold.
Journalistic sources are fair game apparently, along with everything else. IANAL and the guidelines are a bit wordy, but a lot of it can be interpreted in an 'abusive' way. Particularly the bit about stopping data interceptions when it relates to someone in a public office under particular circumstances - very shady looking notes.
Perhaps I'm just paranoid or I'm incorrectly parsing the information, but it basically says that they can use the RIPA for anything deemed a 'crime' or for anything they like really under a lot of pretext-type categories, and that it extends to anywhere in the world if it relates to a service supplied to someone in the UK. It even trumps the ECHR!
"Maybe they're providing cover, to distract us, while something else is going on?"
I believe they are, and that 'thing' is the end of diseases that can be treated with anti-biotics, which should literally scare the piss out of everyone.
http://www.cdc.gov/features/AntibioticResistanceThreats/index.html
http://www.irishtimes.com/news/health/hospitals-given-28-days-to-make-plan-for-antibiotic-resistance-1.2441826
http://www.nhs.uk/news/2015/11November/Pages/Last-line-in-antibiotic-resistance-under-threat.aspx
http://who.int/mediacentre/news/releases/2015/antibiotic-resistance/en/
Ask yourself why this isn't on the mainstream news channels. Let me know if you come up with a good answer that isn't "The government are scared to tell people about something that will probably kill them or someone they love, and that there's absolutely fuck all they can do about it".
If this has been in the wild for so long, you can bet that they have already engineered a replacement that does not rely on the same obfuscation tricks that this one uses, as they are now obviously compromised.
These people are clever - they would have planned ahead and will already be deploying the new variant (assuming it isn't already out there).
(Hypothetical question)..
If the data were to be stored at rest UN-encrypted, but only accessible via an 'encryption' gate at the hardware level, this would prevent remote access to the data if you don't have the key.
However, using a physical switch inside the device to bypass the encryption gate would give access to the data without a key, but only if you have the device.
Alternatively, you could set up a second encryption gate where the fuzz have the other key, but the interface to this second gate is only accessible physically.
I'm not sure if this is possible, or even advisable, I'm just thinking out loud about a possible compromise that doesn't open up everyone's full details to remote scrutiny, yet does allow for law enforcement to properly investigate a crime.
If no compromise is found, the powers that will be will just stomp all over device-end encryption with their jack-boots to the point where even owning a device capable of running an app on it that performs that function could become a crime.
Personally I am more scared about the prospect of a post antibiotic world than I am of a terrorist event.
It's odd how that 'little' piece of news has been left out of the mainstream news the last week or so.
Considering the rise of TB and other diseases in the UK, we all have a lot more to worry about than a few nutters with guns/bombs* if a resistant strain develops.
*I'm not trying to reduce the events in Paris or underestimate their impact to those involved, but in a like for like comparison the threat of drug resistant diseases is a FAR greater risk.
Actually this scenario seems to be more prevalent than ever these days, have you ever come across this situation..
You: <Explanation of something you know a lot about>
Other: <Failure to understand> & <Treating you like an idiot because they don't understand what you said>
You: ?! <sigh>
I've encountered this quite a few times in recent years, and it doesn't seem to be limited to the young - it's almost like some kind of mind-disease.
Is gullibility,ignorance and arrogance a mental health issue?
I know it's been said before ad nauseam, but please can we try and correct this..
Innocent unless proven guilty.
The 'until' bit implies that you are guilty, you just haven't been processed yet.
I know it sounds picky, but language is really important in matters of propaganda (and anti-propaganda).
@AC Whilst I take your point, since this is open source and that it could always benefit from a few tweaks and improvements, perhaps a new version of the code (with the delta closely scrutinised with every update) is a good thing?
Having the signed binaries from the original is a good thing, and always useful as a back-stop, but compiling* it yourself from known code is also good.
*Assuming you can trust your compiler of course :)
Rather than banning weapons, how about the US stop funding and selling said weapons to radical militant groups in foreign parts to act as their proxy in directing the world to a place where we are all effectively slaves? That would be a good place to start re-building confidence.
I know exactly what you mean. I did a stint as an account manager for an ISP that was in Chapter 11 at the time. We were all told to try and retain business from existing accounts.
I ended up being the only one that managed to generate a further £500k in sales after brokering a deal with their most obstreperous client (he could smell bullshit a mile off, and I have a bullshit-detector detector).
I flat out told him that the routers were the main source of the problems he was having in his network (Netblazers). The sales droid nearly pitched a fit when he found out that I had suggested he upgrade them all to Cisco, but quickly back-tracked when the customer decided to upgrade all his leased lines if the ISP paid for the routers. Turns out the customer had been holding off upgrading due to lack of confidence and their 'salesy' attitude.
Unfortunately Engineers are just not power hungry enough to get to the top, and if they were they would probably lose the traits that would be of most value in the process. Whoever designed human nature needs to take a good long look in the mirror.
The primary advantage I can see in Engineers running the country is that when faced with a problem which they have no experience of, they will most likely admit that fact AND THEN GO AND LEARN ABOUT IT!
As opposed to a politician, who will sit there and try and out-think the electorate to work out which sound-byte will get him on the side of the mob without upsetting anyone else in the corridors of power. They are self-serving by definition and I have no idea why people are ever surprised by this.
Ah well.
Underlying all this could also be the short-sighted approach to education and the lack of encouragement for critical thinking - a key skill in the IT Security realm.
Not 100% sure it's the same in the US as it is in the UK of course, but it wouldn't surprise me.
They seem happy that they are churning out millions of products consumers, but then bemoan the lack of well rounded, free thinking, individuals.
I'm sorry if this disturbs anyone else, but it set me off on..
128, 192, 224, 240, 248, 252, 254, 255
(Helps when working out what the dotted decimal notation should be for a /27 subnet mask for example)
First 3 octets must be .255 (since 3*8=24 < 27) That leaves three bits left for the mask in the fourth octet. Reading the third off the above list gives .224 (which mentally subtracted from 256 gives 32)
Therefore a /27 = 255.255.255.224 (which gives 32 possible variations, and usually 30 useable addresses (in normal usage)). In a NAT situation you can just use all 32 :)
"What's fresh DNA? Stuff that's just been swabbed from your cheek, not from the remenants of that pizza you chucked out last night."
What's fresh DNA? Stuff that's just been swabbed from your cheek, not from the remenants of that tissue you chucked out last night.
Tftfy. It looks like there's something on the keyboard too -->
(although if it's that colour you may need to see your Dr.)
I agree that these guys used awful terminology, but deciding to face the people themselves took guts and showed some respect at least.
Although I understand why the workers reacted how they did, they didn't seem to give them much credit for this.
The only result of this for other companies will be that they will do their firing remotely from a bunker.