This stupid sidebar is stil there
Sometimes I wonder.
Then sometimes I just weep.
You can't make it up.
77 posts • joined 28 Jun 2011
Sometimes I wonder.
Then sometimes I just weep.
You can't make it up.
"Free, usable on windows and linux. What't not to like?"
Fine, if you are happy for Google to own one more bit of your data. A BIG bit of your data, to go with all your email and all your search data.
I despair. Why do people care so little for their privacy?
"If that's what they do with things like a browser plug in, what's their router source code like?!"
You don't want to know. You really don't want to know.
"PS: If you want proper secure IM from a known and honest developer, take a look at Conversations.im (no, I have no connection to the developer and his software does not rock my boat so I don't use it myself)."
Or do what I do and set up your own XMPP server (there are plenty of options available) on a VM somewhere you trust with a provider you trust, and then use the conversations app to communicate with that server. In my case I use my own X500 certicate on the XMPP sever for TLS protected comms and OTR for end to end encryption between parties.
It works. It's cheap. I manage it. I trust it.
Set up your own on a rented VPS somewhere outside the UK/US (and not owned by a UK/US company).
It should cost you between £3.25 and £5.00 pcm
Make sure you don't keep logs.
Better yet, use Tor.
GCHQ always hated the fact that NISCC reported to the DG of the Security Service. So, NCSC re-invents NISCC but reporting to GCHQ. I see nothing here that NISCC wasn't already doing, and more openly, years ago.
Whoop de do.
Anyone remember PGP for HMG? Now that went down well.
"Not having a CISSP badge doesn't mean not qualified."
On the contrary, it can mean the actor actually takes security seriously rather than being impressed by post nominal "qualifications"
Cough "MBCS" Cough "CITP"
"Suggest you either tweet the questions or send the letters via your MP."
I'd go for the letter to your MP as the most effective route if you want a Minister to actually see your complaint - whether that Minister actually does anything as a result is of course a moot point.
Letters from the public to HMG Ministers are treated in one of two ways. If the letter is direct to the Minister (or his office or an official in the Department) then the Minister never actually gets to see it. It is handled only by officials (this is known as "treat official"). If, however, the same letter is sent to an MP and is then forwarded by that MP to a responsible Minister for reply, then the Minister will get it in his red box along with a draft reply (from the same official who would have replied directly as before). The Minister then signs the reply to the MP and encloses the constituent's original letter with the reply. Said constituent then gets back the official line trotted out by the Department with a nice letter from both his or her MP as well.
In my experience however, this is a largely futile exerccise unless you happen to like collecting letters from Ministers and MPs.
+1 to that
But regardless of whether or not there is any remotely exploitable vulnerability, trusting a bloody phone for sensitve transactions is just loopy. The damned things get lost and stolen.
"a lot better than ROT13"
Personally I prefer ROT26 - 'cos, you know, double encryption has got to be better.
+1 and have an upvote.
When I read that I thought "Fuck me, a thinking Tory. Whatever next."
+1 to that. Anyone who trusts any Israeli "security" company deserves all they get.
Black helicopter - for obvious reasons.
Yes. Dan Pollock has a very good site at http://someonewhocares.org/hosts/. I uses his hosts file, appended to my own local hosts file on my home DNS server (which runs DNSmasq). DNSMasq reads the local hosts file before consulting a downstream DNS server. Dan's host file listing points all unwanted domains at local loopback.
Take that you malicious ad-serving bastards.
"Better yet, send them an email (using AES-256 encryption) that explains how it all works."
Ummm. In order to send an MP an encrypted email you would need that MP's public key (assuming a PKI type system). My MP barely copes with email in clear. He certainly doesn't have a GPG key. And even if he did, GCHQ would never allow encrypted email in through the Parliamentary email gateway.
and back in the day, CCTA, one of CCS's predecessor organisations, had precisely 1.
One of the /really/ cool things about these devices is that they can be used (remotely) to switch off supply. Guess how they need to be reset? Yes, that's rght - manually.
Now imagine finding the resource to reset 20 million domestic units which have been remotely terminated in an attack.
WTF we are still even contemplating this madness is beyond me. Especially with Crapita in the driving seat.
"Using either WILL get you under the baleful eye of various spooks"
Using ANY form of encryption will draw attention.
The question is, do you care?
(And I agree with a later poster, the FACT poodles - COLP have massively over reached here. I sincerely hope they try to take it to court).
6... any of the old chemistry books I possess (from the days when they included details of explosives, or "hazards in the chemical laboratory").
7. Copies of strong anonymising software such as tails or whonix.
8. Copies of privacy enhancing software such as GPG.
9. Provision or maintenance of privacy enhancing tools such as Tor....
"One of the problems with Linux is it's probably a hell of a lot harder to insert spyware, if you're any sort of a halfway decent admin."
Ummm - no actually it isn't. Where did you get your distro? How do you update it? Which repos do you use? Are you /certain/ that last update was completely free of any /deliberate/ trojan? Are you /certain/ that last update didn't contain any remotely exploitable vulnerability?
"If you look at the Windows processes list, you have no idea what half that shit is. They could probably run xkeyscore.exe and I sure as hell wouldn't find it."
Thay just says that you are not a windows admin. It does not mean that no-one else understands the windows process listing. But see the argument above. The same applies (but worse because the software is proprietary.)
"However, on my Linux box I know what every single process in pstree is doing and why it is there. I also know what's going on in the network activity bar of xosview and the netstat listing. Anything reporting back to NSA HQ would have to be pretty subtle."
No you don't. You just think you do. And even if you did, your pstree could be tojaned and not show processes it wanted to hide. So could netstat, or wireshark. That cupsd may not be just listening for print commands you know.
The point is, unless you have an external monitor (say a /known/ /provably/ clean network monitor running on a /known/ /provably/ clean OS) sitting on the wire between you and your ISP you have no guarantee whatosever that what is going in or out of you nice safe secure linux box is all it should be.
And even if you have, you could still be stuffed unless you /really/ understand network protocols in depth (Ever hear of DNS being used as a wrapper for file exfiltration? Or long time based UDP to call home?)
Don't be complacent. The only secure computer is one not switched on, not connected to anything and buried in a lead lined box in concrete.
And even then I'd worry in case it was exhumed and disk forensics run on it......
Well, I had to make it 50.......
or as XKCD would have it - why attack the crypto when there are easier targets?
They could have chosen Charles Farr.
Words fail me.
Yes, we certainly need a troll icon.
Actually I doubt that they will be paid very much. UK Public servants rarely get rich.
There is a very good post over at https://medium.com/technology-and-society/cb596ce5f27 by Zeynep Tufecki. She argues that Turkey is not really intending to block Twitter per se, because the Turkish Administration knows that to be largely futile (and it pushes the populace towarrds using avoiding technologies such as VPNs and Tor to bypass the problem). Rather, she says that Erdogan is attempting to "poison the well" of social media by painting it as a threat to family values in Turkey. She notes that Erdogan has talked about social media's disruption of privacy, and how the foreign companies do not obey Turkish court orders but obey US and European courts.
Well worth reading.
Take a look at Andrews and Arnold (aaisp.net).
No-one, but no-one should use BT.
I got mine from the Guardian offers page at http://entertainment.guardianoffers.co.uk/i-aa-rm001699/g-c-h-q-always-listening-to-our-customers/. My wife bought me the NSA version for Christmas.
Unfortunately, the GCHQ version does actually not feature their logo - more a generic HMG "crown". As another poster has said though, GCHQ's site specifically states that the logo may not be used "inappropriately".
No sense of humour.
Journalistic licence. And in my view, not unreasonable. When I read the original article last night, my immediate conclusion was "wget".
But whatever the tool, the principle remains the same. An NSA insider, and a contractor to boot, was able to recursively scan and download a bucketload of highly classified documents, including documents from a Five Eyes partner, without any effective alarms going off.
That says an awful lot about the effectiveness of the NSA's security practices (for both technical and personnel security). No wonder they are pissed off.
I have deleted all copies of wget from all my systems.
Plus 1 for that.
In the UK, the police call the "high vis jacket" the "cloak of invisibility". Wear one and no-one looks at you.
"Aside from the orchestration capability, it also removes the most troublesome parts of running a cloud - network engineers."
Great. I'm really looking forward to hosting a bunch of applications with a "cloud" provider which employs no network engineers. I feel safer already.
Yep. Back in September 2002 OGC published "Open Source Software: Guidance on implementing UK Government Policy." I wrote it.
And if you look very carefully at the cover of that document you will notice that it includes a picture of a laptop running the (then) popular X11 game called "kill bill".
Nobody, but nobody, in the publication QA process spotted it.
"Mind you, the picture at the foot of their home page makes it look like their test servers are in someone's garage!"
They probably are. I understand that TDR runs the build and test servers himself.
"All I want for Christmas is a VPN connection outside of blighty."
Try openvpn. You can rent a really cheap VPS (less than 5.00 USD per month) in a variety of places other than dear old blighty. With your own VPN to that VPS (running on say, port 443) you are good to go.
Oh yes indeed. Because taking a tablet into the bog with you looks a little, shall we say, suspect.......
Despite the fairly obvious troll traits, I was going to comment on (and down vote) your original post. But a moderator quite sensibly removed it.
For some statistics on the relative usages of linux v BSD, take a look at http://w3techs.com/technologies/comparison/os-bsd,os-linux. BSD is not even in the running in an environment (servers) where it could be expected to be used. On the desktop it is not even a rounding error. I log statistics of OS/browser types hitting my website. I don't see any BSD anywhere.
And I note from your posting history that you have an apparently disturbing set of phobias. Seek help.
If you have to ask. then you wouldn't understand the answer.
"You will also need strong identification to get into a royal event such as a Buckingham Palace garden party – Palace police are quite strict on checking ID"
Several years ago I was doing some work with the Royal Palace on behalf of the UK Gov Dept I then worked for. Entry to the site was controlled by Police Officers who insisted on two pieces of identfiication. My official pass sufficed as one piece, but they needed another. On my first visit I gave them my ID pass and my passport. On a subsequent visit I forgot my passport so the officer on duty asked for an alternative to add to my ID pass. I furtled in my wallet, but all I could come up with (beyond the usual bank cards etc) was a fishing licence. He said, "OK, that'll do, it's an official document."
You can buy fishing licences at a post office.
Raiu said "“They are opening stolen documents on virtual machines without any internet connection to avoid exposing themselves that way,”
So how does he know that?
At least he didn't sing.
Good grief. I agree with Eadon.
Very nice. But I think Andrew Lipson beats him. See http://www.andrewlipson.com/escher/relativity.html for example.
Please dear Reg, use english in your reporting. The phrase "The Register reached out to Facebook" simply made me cringe. Yes, I am an old fart, yes I am being finnicky, yes I know what you think it means, but it is nonsense. It irritates me almost as much as "going forward" and other such twaddle.
There, I feel so much better now.
"random data generators, random traffic flows, leave your PC browsing on its own whilst you go to the park"
Interesting idea. Now how, exactly, would you get your PC to "randomly browse" in a way that would look anything other than stupidly robotic and predictable?
Seems to have been off-line for a while. I first tried about an hour ago, but of course it may have been down before that. Mobile banking and payments also down.
Back when I first installed FW/1, I was puzzled to find that they wanted the external IP address of the device before they would send the licence key (I assumed that the key would be hashed to that address in some way). No entirely happy with that, I stuck mine behind a NAT device so that the external address I gave them was drawn from RFC 1918,
They are quite well embedded over here too. See http://www.cesg.gov.uk/News/Pages/Cyber-Incident-Response.aspx for example.
Biting the hand that feeds IT © 1998–2017