of course it will work
Anyone remember PGP for HMG? Now that went down well.
71 posts • joined 28 Jun 2011
Anyone remember PGP for HMG? Now that went down well.
"Not having a CISSP badge doesn't mean not qualified."
On the contrary, it can mean the actor actually takes security seriously rather than being impressed by post nominal "qualifications"
Cough "MBCS" Cough "CITP"
"Suggest you either tweet the questions or send the letters via your MP."
I'd go for the letter to your MP as the most effective route if you want a Minister to actually see your complaint - whether that Minister actually does anything as a result is of course a moot point.
Letters from the public to HMG Ministers are treated in one of two ways. If the letter is direct to the Minister (or his office or an official in the Department) then the Minister never actually gets to see it. It is handled only by officials (this is known as "treat official"). If, however, the same letter is sent to an MP and is then forwarded by that MP to a responsible Minister for reply, then the Minister will get it in his red box along with a draft reply (from the same official who would have replied directly as before). The Minister then signs the reply to the MP and encloses the constituent's original letter with the reply. Said constituent then gets back the official line trotted out by the Department with a nice letter from both his or her MP as well.
In my experience however, this is a largely futile exerccise unless you happen to like collecting letters from Ministers and MPs.
+1 to that
But regardless of whether or not there is any remotely exploitable vulnerability, trusting a bloody phone for sensitve transactions is just loopy. The damned things get lost and stolen.
"a lot better than ROT13"
Personally I prefer ROT26 - 'cos, you know, double encryption has got to be better.
+1 and have an upvote.
When I read that I thought "Fuck me, a thinking Tory. Whatever next."
+1 to that. Anyone who trusts any Israeli "security" company deserves all they get.
Black helicopter - for obvious reasons.
Yes. Dan Pollock has a very good site at http://someonewhocares.org/hosts/. I uses his hosts file, appended to my own local hosts file on my home DNS server (which runs DNSmasq). DNSMasq reads the local hosts file before consulting a downstream DNS server. Dan's host file listing points all unwanted domains at local loopback.
Take that you malicious ad-serving bastards.
"Better yet, send them an email (using AES-256 encryption) that explains how it all works."
Ummm. In order to send an MP an encrypted email you would need that MP's public key (assuming a PKI type system). My MP barely copes with email in clear. He certainly doesn't have a GPG key. And even if he did, GCHQ would never allow encrypted email in through the Parliamentary email gateway.
and back in the day, CCTA, one of CCS's predecessor organisations, had precisely 1.
One of the /really/ cool things about these devices is that they can be used (remotely) to switch off supply. Guess how they need to be reset? Yes, that's rght - manually.
Now imagine finding the resource to reset 20 million domestic units which have been remotely terminated in an attack.
WTF we are still even contemplating this madness is beyond me. Especially with Crapita in the driving seat.
"Using either WILL get you under the baleful eye of various spooks"
Using ANY form of encryption will draw attention.
The question is, do you care?
(And I agree with a later poster, the FACT poodles - COLP have massively over reached here. I sincerely hope they try to take it to court).
6... any of the old chemistry books I possess (from the days when they included details of explosives, or "hazards in the chemical laboratory").
7. Copies of strong anonymising software such as tails or whonix.
8. Copies of privacy enhancing software such as GPG.
9. Provision or maintenance of privacy enhancing tools such as Tor....
"One of the problems with Linux is it's probably a hell of a lot harder to insert spyware, if you're any sort of a halfway decent admin."
Ummm - no actually it isn't. Where did you get your distro? How do you update it? Which repos do you use? Are you /certain/ that last update was completely free of any /deliberate/ trojan? Are you /certain/ that last update didn't contain any remotely exploitable vulnerability?
"If you look at the Windows processes list, you have no idea what half that shit is. They could probably run xkeyscore.exe and I sure as hell wouldn't find it."
Thay just says that you are not a windows admin. It does not mean that no-one else understands the windows process listing. But see the argument above. The same applies (but worse because the software is proprietary.)
"However, on my Linux box I know what every single process in pstree is doing and why it is there. I also know what's going on in the network activity bar of xosview and the netstat listing. Anything reporting back to NSA HQ would have to be pretty subtle."
No you don't. You just think you do. And even if you did, your pstree could be tojaned and not show processes it wanted to hide. So could netstat, or wireshark. That cupsd may not be just listening for print commands you know.
The point is, unless you have an external monitor (say a /known/ /provably/ clean network monitor running on a /known/ /provably/ clean OS) sitting on the wire between you and your ISP you have no guarantee whatosever that what is going in or out of you nice safe secure linux box is all it should be.
And even if you have, you could still be stuffed unless you /really/ understand network protocols in depth (Ever hear of DNS being used as a wrapper for file exfiltration? Or long time based UDP to call home?)
Don't be complacent. The only secure computer is one not switched on, not connected to anything and buried in a lead lined box in concrete.
And even then I'd worry in case it was exhumed and disk forensics run on it......
Well, I had to make it 50.......
or as XKCD would have it - why attack the crypto when there are easier targets?
They could have chosen Charles Farr.
Words fail me.
Yes, we certainly need a troll icon.
Actually I doubt that they will be paid very much. UK Public servants rarely get rich.
There is a very good post over at https://medium.com/technology-and-society/cb596ce5f27 by Zeynep Tufecki. She argues that Turkey is not really intending to block Twitter per se, because the Turkish Administration knows that to be largely futile (and it pushes the populace towarrds using avoiding technologies such as VPNs and Tor to bypass the problem). Rather, she says that Erdogan is attempting to "poison the well" of social media by painting it as a threat to family values in Turkey. She notes that Erdogan has talked about social media's disruption of privacy, and how the foreign companies do not obey Turkish court orders but obey US and European courts.
Well worth reading.
Take a look at Andrews and Arnold (aaisp.net).
No-one, but no-one should use BT.
I got mine from the Guardian offers page at http://entertainment.guardianoffers.co.uk/i-aa-rm001699/g-c-h-q-always-listening-to-our-customers/. My wife bought me the NSA version for Christmas.
Unfortunately, the GCHQ version does actually not feature their logo - more a generic HMG "crown". As another poster has said though, GCHQ's site specifically states that the logo may not be used "inappropriately".
No sense of humour.
Journalistic licence. And in my view, not unreasonable. When I read the original article last night, my immediate conclusion was "wget".
But whatever the tool, the principle remains the same. An NSA insider, and a contractor to boot, was able to recursively scan and download a bucketload of highly classified documents, including documents from a Five Eyes partner, without any effective alarms going off.
That says an awful lot about the effectiveness of the NSA's security practices (for both technical and personnel security). No wonder they are pissed off.
I have deleted all copies of wget from all my systems.
Plus 1 for that.
In the UK, the police call the "high vis jacket" the "cloak of invisibility". Wear one and no-one looks at you.
"Aside from the orchestration capability, it also removes the most troublesome parts of running a cloud - network engineers."
Great. I'm really looking forward to hosting a bunch of applications with a "cloud" provider which employs no network engineers. I feel safer already.
Yep. Back in September 2002 OGC published "Open Source Software: Guidance on implementing UK Government Policy." I wrote it.
And if you look very carefully at the cover of that document you will notice that it includes a picture of a laptop running the (then) popular X11 game called "kill bill".
Nobody, but nobody, in the publication QA process spotted it.
"Mind you, the picture at the foot of their home page makes it look like their test servers are in someone's garage!"
They probably are. I understand that TDR runs the build and test servers himself.
"All I want for Christmas is a VPN connection outside of blighty."
Try openvpn. You can rent a really cheap VPS (less than 5.00 USD per month) in a variety of places other than dear old blighty. With your own VPN to that VPS (running on say, port 443) you are good to go.
Oh yes indeed. Because taking a tablet into the bog with you looks a little, shall we say, suspect.......
Despite the fairly obvious troll traits, I was going to comment on (and down vote) your original post. But a moderator quite sensibly removed it.
For some statistics on the relative usages of linux v BSD, take a look at http://w3techs.com/technologies/comparison/os-bsd,os-linux. BSD is not even in the running in an environment (servers) where it could be expected to be used. On the desktop it is not even a rounding error. I log statistics of OS/browser types hitting my website. I don't see any BSD anywhere.
And I note from your posting history that you have an apparently disturbing set of phobias. Seek help.
If you have to ask. then you wouldn't understand the answer.
"You will also need strong identification to get into a royal event such as a Buckingham Palace garden party – Palace police are quite strict on checking ID"
Several years ago I was doing some work with the Royal Palace on behalf of the UK Gov Dept I then worked for. Entry to the site was controlled by Police Officers who insisted on two pieces of identfiication. My official pass sufficed as one piece, but they needed another. On my first visit I gave them my ID pass and my passport. On a subsequent visit I forgot my passport so the officer on duty asked for an alternative to add to my ID pass. I furtled in my wallet, but all I could come up with (beyond the usual bank cards etc) was a fishing licence. He said, "OK, that'll do, it's an official document."
You can buy fishing licences at a post office.
Raiu said "“They are opening stolen documents on virtual machines without any internet connection to avoid exposing themselves that way,”
So how does he know that?
At least he didn't sing.
Good grief. I agree with Eadon.
Very nice. But I think Andrew Lipson beats him. See http://www.andrewlipson.com/escher/relativity.html for example.
Please dear Reg, use english in your reporting. The phrase "The Register reached out to Facebook" simply made me cringe. Yes, I am an old fart, yes I am being finnicky, yes I know what you think it means, but it is nonsense. It irritates me almost as much as "going forward" and other such twaddle.
There, I feel so much better now.
"random data generators, random traffic flows, leave your PC browsing on its own whilst you go to the park"
Interesting idea. Now how, exactly, would you get your PC to "randomly browse" in a way that would look anything other than stupidly robotic and predictable?
Seems to have been off-line for a while. I first tried about an hour ago, but of course it may have been down before that. Mobile banking and payments also down.
Back when I first installed FW/1, I was puzzled to find that they wanted the external IP address of the device before they would send the licence key (I assumed that the key would be hashed to that address in some way). No entirely happy with that, I stuck mine behind a NAT device so that the external address I gave them was drawn from RFC 1918,
They are quite well embedded over here too. See http://www.cesg.gov.uk/News/Pages/Cyber-Incident-Response.aspx for example.
Actually, no I would not. Not ever.
You clearly are not from Norfolk or you would know that a Norfolk "boy" is actually a good old "bor".
I, however, do live in Norfolk, and we are not all "bumpkins".
"Linux never supported the 286 or earlier."
Well, the linux kernel didn't appear until 1991 and Linus built it for a 386/486 target (he was playing with Minix 386 and was frustrated with its limitations).
However, somewhere in my loft I still have a copy of v2 of Xenix (an MS licensed version of Unix) dating from the mid 80s which ran on a 286. The earlier version ran on 8086 I believe.
Interesting that your pic of the "prototype keyboard" shows a rather, errm odd, layout. Looks as if someone has been prising off the chiclets and re-seating them.
I had one of these back in the late 80s when I was working in HMT's IT Unit (and shorty before I joined CCTA). It was a rather nice piece of kit. Light, good battery life, excellent screen for its time, and robust too. I used to carry mine around in my briefcase bungied onto the back of my motorcycle. It came loose one day and bounced down the Wandsworth road on the approach to Vauxhall. Brieface a bit battered, but the Liberator still worked perfectly.
I'm note sure the office Lisa would have coped as well.
Yes. If you a re a reasonably savvy consumer (and of course, as a Reg reader you are, right?) For the price of a cheap NAS running debian hanging off your home ADSL router you can set up openVPN and tunnel out through that from wherever you may be. Or you could spend a few more quid and set up the tunnel end point on a rented VPS somewhere. Just check the terms of serrvce first.
"Probably just paranoid (adjusts tinfoil hat), but I do know that about 85% of the intrusion attempts on my various networks originate from China."
No. You mean that "85%" (or whatever) attempts have source IP addresses in Chinese address space. You have no idea whether the /actual/ source is in some other place and is simply using chinese IP addresses as a cover. In the same way you have no idea of the /actual/ source of any DDOS attack - all you see are the multiple IP addresses of the compromised machines which form the 'bot.
"false flagging" is probably more common than most people believe.