Re: [cryptography] NSA Attacks on VPN, SSL, TLS, SSH, Tor
Cryptome does not pretend to provide illusory security, that is security. It is a vile, rotten, corrupt endeavor, like life. Chuckle. Visitors, readers, consumers must be skeptical of security, and not rely upon security promoters, their followers and investors who exploit dependency by fear uncertainty and doubt. Skepticism of security claims and methods is one of the purposes of these lists. Perhaps the main purpose, although it is commonplace for these lists to be used for soliciting befuddled consumers to hop aboard the gravy train. Now and then skeptcism of the security arises but is usually suppressed during times of crisis when incentive is rich to promote poor products and services. Governments, commerce, orgs, experts cooperate to foster crises under guise of opposition. This applies to all forms of security, safety, protection, defense, hygienic pharma. Still, Cryptome endorses the continuing struggle to improve citizen protection, not only as a job, career, industry, but as citizens' obligation to bear responsibility for the commonweal against its inside and outside enemies, if you will, common math against the deadly germs. One way to do that is to not oversell it, tone down the threats, reduce drumbeating, avoid hyperbole for and against, forego advertising, gang-bang hectoring, circle jerk conferencing, TEDing, prize bestowing, to quietly invent, improve, critique, test, apply, re-test often, expect to be deceived by colleagues witting or unwitting, especially by sales, politicians, authoritarians -- the persistent germs. At 02:50 AM 12/30/2014, you wrote: john likes to be poetic as a wall - dear john please listen to the smart people and have a small bit of humility - it will make you better at your job and we need EVERYONE to step up and be better at their jobs On Tue, Dec 30, 2014 at 7:38 AM, grarpamp mailto:grarp...@gmail.comgrarp...@gmail.com wrote: On Mon, Dec 29, 2014 at 8:20 AM, John Young mailto:j...@pipeline.comj...@pipeline.com wrote: Hash this motherfucker, said math to germ. JYA, you, as the original publisher of various and valued datasets... the responsibility to calculate, sign, and publish said hashes rests with you alone. Please consult with any trusted parties should you need assistance in such matters. A future of archivers, disseminators, and analysts will thank you. -- Cari Machet NYC 646-436-7795 mailto:carimac...@gmail.comcarimac...@gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Reykjavik +354 894 8650 Twitter: @carimachet https://twitter.com/carimachethttps://twitter.com/carimachet 7035 690E 5E47 41D4 B0E5 B3D1 AF90 49D6 BE09 2187 Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] NSA Attacks on VPN, SSL, TLS, SSH, Tor
John Young j...@pipeline.com writes: At 02:50 AM 12/30/2014, you wrote: On Tue, Dec 30, 2014 at 7:38 AM, grarpamp mailto:grarp...@gmail.comgrarp...@gmail.com wrote: On Mon, Dec 29, 2014 at 8:20 AM, John Young mailto:j...@pipeline.comj...@pipeline.com wrote: Hash this motherfucker, said math to germ. JYA, you, as the original publisher of various and valued datasets... the responsibility to calculate, sign, and publish said hashes rests with you alone. john likes to be poetic as a wall - dear john please listen to the smart people and have a small bit of humility - it will make you better at your job and we need EVERYONE to step up and be better at their jobs Visitors, readers, consumers must be skeptical of security ... Advocacy of skepticism is rendered ineffective if that advocacy extends to skepticism of logic and mathematics. -- -- StealthMonger Long, random latency is part of the price of Internet anonymity. Key: mailto:stealthsuiteyouknowwhatgoesherenym.mixmin.net?subject=send%20stealthmonger-key pgpwT3h7OvJgk.pgp Description: PGP signature ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] NSA Attacks on VPN, SSL, TLS, SSH, Tor
On Tue, Dec 30, 2014 at 7:17 AM, John Young j...@pipeline.com wrote: Cryptome does not pretend to provide illusory security, that is security. It is a vile, rotten, corrupt endeavor, like life. Chuckle. Visitors, readers, consumers must be skeptical of security, and not rely [...] All due respect to Cryptome, and points well made and taken. Yet this isn't really an effective response to the issue at hand. While we should and must be skeptical... until contrary proof exists we should be taking advantage of all means available regarding distribution integrity and even provenance and secret comms if desired. That's hard, it involves some work, and homework. Yet until such proof, it's probably better than going bare assed to the Sun. Still, Cryptome endorses the continuing struggle to improve citizen ... common math against the deadly germs. Indeed. One way to do that is to not oversell it, tone down the threats, reduce Interestingly true in some regards. Yet in the context herein, it's probably not the place to make a stand. Especially considering the stand itself is in one's very existance all so long. Is it not? Oh were there but more of this kind, be they true or not :) ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] NSA Attacks on VPN, SSL, TLS, SSH, Tor
you know what nietzsche said about the skeptics - stranglers of life force Scepticism is the chastity of the intellect; it is shameful to give it up too soon, or to the first comer. -- George Santayana And now that we have reached the dueling quotes stage, it is time to move on to something productive. --dan ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] NSA Attacks on VPN, SSL, TLS, SSH, Tor
From discussion on these lists and elsewhere tampering with data can, does, occur at every software and hardware hand-off, with each self-serving iteration having hidden and vulnerable hardware and software undisclosed malignity, no matter the security ostentatiously applied: reputation, credibility, impeccability, highly trusted, crypto, hashes, fail by ruses of unexamined modules and inevitable, unavoidable deceptions of too little skill, too little time, too little suspicion, driven by need to pay alimony, debts, IRS, loutish family's begging. Selected hand-offs of innumerable: Multiple devious inventors, manufacturers and handlers inside and outside NSA Devious NSA leaking like a sieve to madly grabbing everything devious Snowden Snowden madly shoveling everything to multiple exceptionally devious media persons Multiple media persons to hyper devious lawyers, publishing staff, tech experts, govs consulted Devious selections of data to publish, then revised, then corrected DEvious posting on outlet web sites and shoveling to cohort journos Devious authenticating of docs (the prime deception) Deviously orchestrated subsequently: Downloads of docs Sharing of docs Archiving of docs Dropboxing, torrenting of docs Biased analysis and cherrypicking of docs Multiple tagging and piggybacking and implanting of docs Shading, smearing, vaunting, lying about docs Accusing and defending about docs Writing, lecturing, TEDing about docs Dismissing of docs, the threat, the countermeasures Then deviously shipping, shopping fools to take blame by signature-bold leaders of pro and con opportunities or to a prize ceremony for valorizing the criminal prize-funder and bestowing generous tax avoidances. These vulns and subterfuges and braggardies are as old as comsec, hyperbolized by the digital era for rep building, monetizing, and political ideology. These lists survive on ingesting these toxic fumes and expel multiple recyclings of them for jingle-jangle of gullible consumers, here as in in the spy agencies working the yokels. NSA or some monstrous threat -- God, Google, Cisco, MS -- is inside our skulls and peripherals, left brain in mortal combat with the right brain, digital vs analog. Or so we imagine the two halves pretending opposition like officials and anarchists to outfox deviously malign genitalia orchestrating brain to slave at getting food, air and water -- rigging the mind game to lose after 60-70 years of wanking the slot handle obsessively. Hash this motherfucker, said math to germ. At 03:02 AM 12/29/2014, you wrote: Suggestion: Anyone with a correct version, post sha512 hashes to list. Those with hashes matching John: Do *NOT* change filename, make a single-file torrent, and start seeding. Should have same info-hash, so should simultaneously seed from same DHT node. John can post a magnet link here (or the torrent file on cryptome?) and we can get a verifiable version through P2P. On 29/12/14 06:33, Peter Tonoli wrote: On 29/12/2014 3:50 pm, Gregory Foster wrote: On 12/28/14 10:07 PM, Ryan Carboni wrote: CRC failed in 'media-35515.pdf' file is broken http://www.spiegel.de/media/media-35515.pdf I guess this is why John never promised anonymity to his sources, he can't get zip files right. Zip worked for me. Thanks, John. Failed for me, using both UnArchiver and UnRarX :( ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] NSA Attacks on VPN, SSL, TLS, SSH, Tor
On Mon, Dec 29, 2014 at 8:20 AM, John Young j...@pipeline.com wrote: Hash this motherfucker, said math to germ. JYA, you, as the original publisher of various and valued datasets... the responsibility to calculate, sign, and publish said hashes rests with you alone. Please consult with any trusted parties should you need assistance in such matters. A future of archivers, disseminators, and analysts will thank you. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
[cryptography] NSA Attacks on VPN, SSL, TLS, SSH, Tor
Der Spiegel released largest single day number of Snowden docs today, 666 pages, on NSA Attacks on VPN, SSL, TLS, SSH, Tor. http://www.spiegel.de/international/world/nsa-documents-attacks-on-vpn-ssl-tls-ssh-tor-a-1010525.html We offer a RAR of the 44 docs: http://cryptome.org/2014/12/nsa-spiegel-14-1228.rar (197MB) ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] NSA Attacks on VPN, SSL, TLS, SSH, Tor
On Sun, Dec 28, 2014 at 3:14 PM, John Young j...@pipeline.com wrote: Der Spiegel released largest single day number of Snowden docs today, 666 pages, on NSA Attacks on VPN, SSL, TLS, SSH, Tor. http://www.spiegel.de/international/world/nsa-documents-attacks-on-vpn-ssl-tls-ssh-tor-a-1010525.html We offer a RAR of the 44 docs: http://cryptome.org/2014/12/nsa-spiegel-14-1228.rar (197MB) my browser says it's 188 MB... am I being man in the middled? -Ryan C. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] NSA Attacks on VPN, SSL, TLS, SSH, Tor
On 28 Dec 2014 15:24 -0800, from rya...@gmail.com (Ryan Carboni): On Sun, Dec 28, 2014 at 3:14 PM, John Young j...@pipeline.com wrote: We offer a RAR of the 44 docs: http://cryptome.org/2014/12/nsa-spiegel-14-1228.rar (197MB) my browser says it's 188 MB... am I being man in the middled? Some quick math says 188 × 2^20 ~ 197 × 10^6. Let's have a hash and I think we can boil this one down to decimal versus binary prefixes. -- Michael Kjörling • https://michael.kjorling.se • mich...@kjorling.se OpenPGP B501AC6429EF4514 https://michael.kjorling.se/public-keys/pgp “People who think they know everything really annoy those of us who know we don’t.” (Bjarne Stroustrup) ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
