|
not newsome of the major makers in laptops allowed key loggers to be default installed into the bios shortly after 2001 in the fight against terrorism and tablets have had their own spytools put into them as well.
so unless you recode the entire products being made today including low-level bios's you have the probability of it being non-secure.
there's probably a good market in older devices which have not been compromised by these measures. |
|
3 recommendations |
nice story.I don't care. Hack away, read all my email, texts, bills, whatever. Enjoy it. These are the consequences when we communicate digitally/online. Deal with it. |
|
Kilroy MVM join:2002-11-21 Saint Paul, MN
5 recommendations |
You obviously misunderstand. Anything that the NSA can use, so can hackers. If there is a backdoor built into anything that allows the NSA to access it, rest assured that someone else can be using it also. That is one of the primary problems with creating a method for the "good guys", nothing stops the "bad guys" from using it also. |
|
ironweaselWeezy Premium Member join:2000-09-13 Belen, NM
6 recommendations |
to ihatedslr
No, these are not the consequences when we communicate digitally.
These are the consequences when an alphabet agency decides it needs to spy on anything and everything in the name of "national security". One can argue the whole point of "if you're not doing anything wrong then you have nothing to hide", but that's just a lame excuse to justify their actions. It doesn't matter if I'm sending an email to my Aunt Gertie or chatting online with a support rep from my cable company - I should be able to do it without having someone basically standing over my shoulder the entire time.
Encryption exists for a reason and I'm sure there are nefarious reasons but there are also plenty of legitimate reasons as well. It's like making sure you have steel doors and bullet proof glass on your house along with the most sophisticated alarm system out there and then giving the keys and access code to your nosy neighbor knowing full well that they like to come snoop around in your house looking for that meth lab you might have. You're not actually the next Walter White, but it's cool if that neighbor comes in and checks your house out all the time, right? |
|
|
AnonMan
Anon
2013-Sep-6 10:00 am
Most encryption has been defeated for a while by NSAI find it funny people are finding all this stuff shocking. Most of the encryption used today was invented MANY years ago. AES encryption has been defeated by the NSA for a bit now and I have been telling people that but they like to say and feel otherwise and laugh. Hardware and technology has came a long way and made the process of breaking these things faster and faster. Your avg. consumer processor has built in AES now which makes it process this faster. That same technology can be used to reverse it. That said, no your avg. Joe Shmow won't break it anytime soon but consider the NSA has one of the most powerful Super Computer in the world and is building an even bigger one that is almost done it shouldn't be shocking. A few hundred thousand processors and specially designed crypto hardware can do wonders on breaking encryption Nothing is un-hackable. It's the same for home security systems and doors and locks. The point is to make it cost prohibited for anyone to bother wanting your data. Yes it's true if a backdoor exists someone else can find it, but if it requires $100 million in computer hardware to breach it, you probably don't have to worry about someone beyond the NSA getting to it. Now the issue is them storing the unencrypted data and it leaking or someone gaining access to it... But that's always been an issue. People have access to SSN database and I assure you a lot of ID theft happens as a result of leaked data from that you don't hear about. Point is, if you're not doing anything illegal don't worry. Yea it sucks maybe knowing someone has access to the data but the only thing you need worry about is if someone else with ill intentions is able to gain access to it, which at end of the day is my concern. |
|
miatamanI've attained a PHD in DVR. Premium Member join:2010-10-27 Chelmsford, MA |
to tmc8080
Re: not new If we could just identify the hardware.
|
|
|
FFH5 Premium Member join:2002-03-03 Tavistock NJ |
to Kilroy
Re: nice story.said by Kilroy:You obviously misunderstand. Anything that the NSA can use, so can hackers. If there is a backdoor built into anything that allows the NSA to access it, rest assured that someone else can be using it also. Then why haven't they? If it was easy for hackers to do what the NSA and other national security groups from countries like China do, then there would be no savings account in the country not drained of its money. |
|
|
NoSoAble to Kilroy
Anon
2013-Sep-6 10:28 am
to Kilroy
Exactly. An army of hackers is working feverishly to discover the backdoors the NSA has placed in operating systems, encryption software, firewalls, routers, etc. These will be found and exploited. And since the NSA has undermined and corrupted the integrity of so many software (and even hardware) vendors, no one is going to be able to trust the fixes when they are released. Many organizations - businesses of all kinds, hospitals, universities, NGOs, etc, etc - have statutory and ethical obligations to securely encrypt and store data. How is this supposed to happen when so much of the security infrastructure has been compromised? The NSA has essentially destroyed the internet as a system for secure data storage and communication. |
|
SarickIt's Only Logical Premium Member join:2003-06-03 USA 1 edit |
Sarick
Premium Member
2013-Sep-6 10:04 am
Why can't we Encrypt?I was wondering why we can't take a standard message completely unrelated as a key to a message that's sub encrypted? Seriously, If the first message has unencrypted data that's a stage one key how is anyone outside the two parties going to decrypt it?
Example: The ball rolls fast.
This text is used as a source to decrypt an encrypted message that in itself is encrypted using another message. It in itself could be multiple pages long. The Key is else where or even hidden inside the text in a common phase.
If enough levels are encrypted with the right amount of well placed garbage in the output even fully decrypted it would be extremely hard to decode even with the best systems. If it takes several minutes for a powerful computer to decode a message with known codes how long will it take to decrypt one without codes?
Come on, if given the effort and resources encryption could be created thats so secure by the time the fastest computers crack its already not worth anything.
I think in the future people should not measure encryption as now many bits are used to protect privacy but how long will it delay information they want to kept private. In the case of the parties communicating the amount of time it takes to crack the encryption may be more important ten the content contained inside it. |
|
morboComplete Your Transaction join:2002-01-22 00000
3 recommendations |
to AnonMan
Re: Most encryption has been defeated for a while by NSAsaid by Anon80:Point is, if you're not doing anything illegal don't worry. That is not the point at all. |
|
PToN Premium Member join:2001-10-04 Houston, TX |
PToN to FFH5
Premium Member
2013-Sep-6 10:18 am
to FFH5
Re: nice story.Stop saying "National Security Groups...". These are all "terrorist" organizations and shall be treated as such. |
|
FFH5 Premium Member join:2002-03-03 Tavistock NJ |
FFH5
Premium Member
2013-Sep-6 10:29 am
said by PToN:Stop saying "National Security Groups...". These are all "terrorist" organizations and shall be treated as such. Treated as such by who? You? The UN? I don't think they care what you or the UN thinks. And exactly in what manner will they be treated as terrorists? What actions are you or anyone else going to take to hold them to account? |
|
Metatron2008You're it Premium Member join:2008-09-02 united state
2 recommendations |
to ihatedslr
People in the 30's also didn't have anything to worry about from the Nazi SS if they did nothing wrong, right?
It's not like anyone who has absolute power has ever abused it before, right...?? |
|
Metatron2008
2 recommendations |
to AnonMan
Re: Most encryption has been defeated for a while by NSAYes, because giving men complete power over your lives has never backfired. |
|
|
My KeyringIt's only just recently, and somewhat reluctantly, I've moved to one of those new-fangled "smart"phones. One reason I resisted for so long was the encrypted keyring on my trusty old Palm device. Two advantages had that thing: 1. The handheld was not Internet-connected. 2. Sync was local, to my own desktop machine, and so was the desktop app.
Now I have a "smart"phone and, in two weeks of looking into it, have yet to have selected a replacement for my trusty Palm Keyring. They all either have no multi-device synchronization/replication at all, or they use a crude "replicate the entire database" (which means, essentially, the same thing), or they want a shared database on Google's cloud, DropBox or elsewhere. That last is entirely unacceptable. I'm not going to have my keyring out there where somebody could snag a copy and spend their own sweet time cracking it.
Maybe Schneier's "Password Safe" will fill the bill? If not: I may have to write my own.
Jim |
|
guppy_fish Premium Member join:2003-12-09 Palm Harbor, FL |
Here is a good article to pair with what Karl posted» www.theguardian.com/worl ··· eillanceShort summary: Gets further into the details, If you buy it ( software ) its most likely has back doors or intentional weaknesses added |
|
|
TelecomEng to FFH5
Anon
2013-Sep-6 11:01 am
to FFH5
Re: nice story.said by FFH5:Then why haven't they? And how do you know they haven't? You obviously do not know much about those groups operate because they typically do not go about announcing their attack vectors or doing grandiose stunts that would garner lots of attention (something totally fanciful and stupid like draining every saving account of its money). |
|
TelecomEng |
TelecomEng to morbo
Anon
2013-Sep-6 11:03 am
to morbo
Re: Most encryption has been defeated for a while by NSAsaid by morbo:said by Anon80:Point is, if you're not doing anything illegal don't worry. That is not the point at all. I do not think the poster is making the argument that you should not be concerned, just that it is highly unlikely that the jack-booted thugs will kick in your door and cart you off to Gitmo. |
|
modifiy join:2001-04-13 Minneapolis, MN |
to AnonMan
said by Anon80:I find it funny people are finding all this stuff shocking. Most of the encryption used today was invented MANY years ago. AES encryption has been defeated by the NSA for a bit now and I have been telling people that but they like to say and feel otherwise and laugh. That would be shocking if they broke most encryption used today. No one has been able to prove that is possible yet with modern encryption. And I would still be very skeptical of it myself especially when you read the article. The NSA is going after the weakest link in the chain and it's not the encryption itself. It's the implementation that's weak. Chances are that it's a bug, backdoor, or faulty configuration in the encryption software or social engineering the holders of the private keys to hand them over "for the good of the Nation." Most encryption methods have been around for many years, but that's a good thing. New encryption shouldn't be used until it's been hammered on by cryptanalysis. That's why the adoption for AES didn't start when it was published; it took a few years. AES is still very strong and has shown some theoretical weaknesses, but nothing that has shown to make it defeated and some of those weaknesses have countermeasures already in place (additional rounds). If you have a chance go read Bruce Schneier's blog. I have to agree with what he said: "Honestly, I'm skeptical. Whatever the NSA has up its top-secret sleeves, the mathematics of cryptography will still be the most secure part of any encryption system. I worry a lot more about poorly designed cryptographic products, software bugs, bad passwords, companies that collaborate with the NSA to leak all or part of the keys, and insecure computers and networks. Those are where the real vulnerabilities are, and where the NSA spends the bulk of its efforts." |
|
tshirt Premium Member join:2004-07-11 Snohomish, WA |
to Metatron2008
Re: nice story.If they have absolute power, AND wished for you to disappear... You'd already be gone. Why would they waste time collecting/manufacturing evidence, if none is needed? |
|
|
|
to Metatron2008
I didn't say anything about doing nothing wrong... just saying if I choose to send emails to someone, it's logical that every connection point in between me and them has the opportunity to read/log/collect data. I am ok with that. |
|
firephotoTruth and reality matters Premium Member join:2003-03-18 Brewster, WA |
to jseymour
Re: My KeyringThe issue you may have is that any encryption used could be generated on a not actually random number generator. There are implementations that use hardware that generates the "random" numbers to speed things up rather than waiting for enough actual randomness. This weakness is possible via very large computer chip corporations that are "inside" most things.
So this applies to the device and it's security itself and the security used on your bits.
It's really a worrying situation and more so with some people trying to downplay the seriousness of this. |
|
|
to miataman
Re: not newToo add more fun to that... back in the 90's, CPU manufacturers added in serial number tracking abilities. Pretty much EVERY aspect of a modern computer can be tracked by serial / embedded firmware. This came more into play after NICs had their MACs cloned. |
|
1 recommendation |
to TelecomEng
Re: Most encryption has been defeated for a while by NSAThat they won't do that NOW is a meaningless argument. Civil Libertarians argue that the problem is we're building systems that will be abused down the line. Look at what Bush and Obama, two (though surely debated by wingnuts) relatively sane people did with these programs. Guess what an elected leader with even less respect for privacy, human lives, ethics or the rule of law would do? |
|
Metatron2008You're it Premium Member join:2008-09-02 united state
1 recommendation |
People keep saying it'll be abused down the line. What is the difference? It's already abused, and our leaders are corrupt. What is this fabled 'president abuser' people keep on commenting about? Do we expect another Adolf Hitler to show up as president and begin killing before people wake up? |
|
|
to ihatedslr
Re: nice story.said by ihatedslr:I don't care. Hack away, read all my email, texts, bills, whatever. Enjoy it. These are the consequences when we communicate digitally/online. Deal with it. Really? Who is setting these imaginary standards/expectations? |
|
kerya666 |
to AnonMan
Re: Most encryption has been defeated for a while by NSAsaid by Anon80:Point is, if you're not doing anything illegal don't worry. Yea it sucks maybe knowing someone has access to the data but the only thing you need worry about is if someone else with ill intentions is able to gain access to it, which at end of the day is my concern. Says a person that is posting from an anonymous account... the irony. |
|
|
Trimox
Member
2013-Sep-6 1:39 pm
A good laugh"Intelligence officials asked The Times and ProPublica not to publish this article, saying that it might prompt foreign targets to switch to new forms of encryption or communications that would be harder to collect or read."
ROFLMAO of course they point out foreign not that they care about anybody else haha. If I knew someone else other than myself had keys to my house of course I would change the locks. That is not to say they couldn't pick it in the future but why make it simple for them now. If it were a perfect world we wouldn't even need doors but since it is not we take what precautions to a point we feel comfortable. |
|
|
to Metatron2008
Re: Most encryption has been defeated for a while by NSABasically, yes. I should note that Adolf Hitler himself didn't seem like such a bad guy when he first took office (at least no more so than any other politician). So I can further assert that the people probably won't know they even elected a Hitler-like person until much later. |
|
|
AnonMan
Anon
2013-Sep-6 2:30 pm
Random numbers don't exist though on computers...The thing is no "true" random number generator exists.
We can get close but no such thing as random when it comes to programs. Generators try to use various variables etc. to be close to random but you simply can't guarantee randomness and this is one of the things that can help defeat encryption.
That and it takes two sides to encrypt something. You visit a website with SSL, your computer/browse decrypts it just as any other one can. So as you see the encryption have a small part in common and this can further be exploited. These public keys are the next thing that can be attacked.
The NSA has broken AES but it's not broken to the point where it can be done easily, it's not a flat out it's broken to point that they can instantly decrypt something. It still takes processing power and time and as such it's often faster and more simple to bypass it as this article talks about. That said you won't find this information ever public about AES being broken short of someone else figuring it out and showing it because in it's very nature it would hurt the internet and themselves plus why does the NSA or any gov agency need to share it has been exploited? You should know by now our gov lies or hides things it feels are in the gov best interest. For better or worse.
The world has evolved. This is going to be an ever evolving game. Like email spam. New ways to catch it come out, and new ways for spammers to bypass it do. Most places block port 25 because spammers use it, but okay so we just make a new port, oh look everyone uses that now, now we do reverse look up etc and as such spammers make that stuff validate. Cat and mouse game.
Downloading illegal software, same thing, people always find a way around it.
Cyber security is a tough situation. On one side you have people crying foul over what you're doing but on the other side you have to do some things to try to protect the people.
Would you rather someone get caught trying to set a nuke off in your town by means of the NSA monitoring everything or rather the nuke just go off and your family taken with it while you are away on a business trip?
The real issue is the oversight and what is done with the data. It should be restricted to only true national threats and not useable by other agencies for local or otherwise things as it does violate our rights but out of security some of those rights need to be, just not the way we currently do it.
The world is full of more and more crazy people. Back in the days you didn't have to lock your doors or worry. Today, people walk down my street every night looking for cars and houses unlocked they can steal from. Now you can argue that is the gov fault in many ways from jobs to criminal system etc but the point is we know right from wrong and a lot more people are doing wrong in the world.
I don't defend what is being done 100% but I respect it's something that sadly has to be done in some manner. |
|