lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4ef5fec60512261544y4816bdf7y83ac64aec92ee2df@mail.gmail.com>
Date: Mon Dec 26 23:44:38 2005
From: coderman at gmail.com (coderman)
Subject: Spy Agency Mined Vast Data Trove

On 12/26/05, GroundZero Security <fd@....org> wrote:
> the usa still controls the internet and they dont give a fuck if we
> feel that our privacy is invaded ...
> they want total control and noone can do anything against their actions.

strong encryption makes it difficult to invade your privacy.  if you
need to communicate with insecure/untrusted endpoints you need to be
anonymous.

ipsec, ssl, ssh, openvpn, lots of methods for data privacy. (i am
looking forward to tun/tap device support in new openssh.  openvpn is
a bit tedious)

regarding anonymity, tor is no longer funded by the eff and is
accepting donations.  if you found this project useful now is a good
time to donate: http://tor.eff.org/donate.html.en

stronger anonymity might entail type III mixers and/or meatspace
obfuscation.  a trade off depending on your needs.


> with google earth you can even find a nsa echelon base in germany. i wonder what its doing there.
> i bet they use it to sniff our country aswell and our neighboors, since its not there for the fun of it.
> what if my country would start to spy on usa isp's ? that could cause serious political problems,
> but of course for usa everything is ok, as we have seen in the past.

there are echelon stations all over the world.  cryptome.org has a lot
of details and photos if you are curious.  (the dvd archive is well
worth the cost)

the nuclear sub(s) with fiber tapping bays for deep sea splicing are
one of my favorite examples.  feeding off the coastal landing points
is easier but not always possible.

recent events have shown just how willing corporations are to give the
government a blank check with only minimal assurances of propriety and
legality.  i would bet good money the number of core providers who
balked at DCS1000 deployments could be counted on a single hand, if
there were even any at all...


> oh and for your law question, usa doesnt care about international laws. if you have problems you
> will have to ask a us. court and i doubt that will help you much complaining about some agency
> especially when you are from some foreign country.

i'll save you the trouble: it's not illegal (according to current
interpretation of US law) for US to spy outside our borders. the
current NSA debacle concerns monitoring / surveillance of US citizens
without any judicial oversight (FISA, et al).  while that is clearly
illegal according to US law, they are splitting hairs over whether a
large and non specific 'dragnet' style operation is really equivalent
to targeted surveillance, which is what FISA was designed to oversee.

if you value your privacy, put your money/time/efforts where your
mouth is and start using, supporting and advocating strong encryption,
anonymous services, and other privacy enhancing technologies.  secure
and intuitive (read: dead simple) user interfaces are sorely needed
for these things although HCI tends to get less attention as it is not
as sexy as crypto or infosec in general.

these are issues which affect all nations, although the US is
currently in the spotlight given the breadth and depth of its
monitoring / surveillance capability in a nation which loves to boast
of freedom and liberty. (oh the irony, :)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ