Re: [Full-disclosure] Spy Agency Mined Vast Data Trove and other tales
According to Steve Kudlak: It is kind of think it is a UFO story to say that PGP and the likes don't work and have been quietlty changed to make them easy to break. The inventors being compromised is pretty much an MIB story. It is open code so you can read it and see if it is possible to break and how easily given current open knowledge. Now if the mathematicians in the NSA know things about factoring we don't well oh well. What is depended The role of the NSA is often misunderstood. A good story that people don't know is the design of good ole' DES. Back when DES was designed, there was a first version. Then, people from an unnamable agency (No Such Agency, as it was often called) came and said replace those S-boxes by these. Lots of people assumed that it was to insert some kind of backdoor, and it took over ten years of careful cryptanalysys by various experts all over the world to conclude that the new S-boxes were in fact a bit stronger than the original ones. NSA is governed by multiple imperatives. Their first imperative is that they need to decode what's out there. But they also have another mission, which is to safeguard american interests by making sure american businesses do use encryption that is not broken by people from other countries. Given the stakes, any general backdoor will leak to someone else (there's much more than two persons that will know the secret, and as everyone knows, two persons can keep a secret only if one of them is dead). And that's almost as dangerous to american interests as NSA being unable to spy on them. -- Vincent Archer Email: [EMAIL PROTECTED] All men are mortal. Socrates was mortal. Therefore, all men are Socrates. (Woody Allen) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Spy Agency Mined Vast Data Trove
Actually after reading some of the the comments I have to say you all missed the point... *IF* you are not doing *nothing illegal* and have nothing to hide no big deal. I do not want the Government to see my banking info HUM, did you ever hear of the SSN? Are you putting massive amounts of cash that can not be accounted for into your bank? BUT wait what is the limit it used to be $10,000US that if you moved that much money you had to fill out some papers as to why you were moving that money. So the government will know. Bottom line there will me so much 'noise' if the listen to everything they will loose track of legitimate deviant traffic. The only monitor so much of it and then turn off the listening until the system wakes up. Again, if all you actions are legit they will soon go away and leave you alone. The old joke on the net like 10 years ago was to add lines like Death Bomb Kill Destroy, White House, nuclear, waste, President, Give names of current or recent past presidents, Bush, Clinton, Regan, Nixon Ford, etc. Those supposedly activated the echelon system. Also thinking back to a security to a class I had in computer security (now I may date myself just a little) Back in 1988 The instructor mentioned how the NSA monitors ALL traffic from the US to an overseas source, even more so banking traffic. Well one time a Bank had some agents visit them demanding the key to the encryption they used to send something over seas. Well the laugh was on the NSA. According to this instructor, that company said to the NSA all we did us used crypt on the VAX. The NSA agent(s) said thank you and left. Now maybe I am being monitored at this time and will be for some time because of this message. NO big deal to me. I intend no harm, at least until the government tries to control what I do when I do it and how I do it. (I see a day like that coming, I feel it will be of dare I say the word on this list??? Biblical proportions) It is inevitable, in general humans are stupid. Go to the Darwin Awards web page and see for yourself. At times the Darwin principle of the stupid and the weak creatures die off and only the strong genes survive does not always apply to the human race. We keep doing stupid things, and one day we are going to have a massive fight in the world and blow the whole dang thing up. Then again maybe the alien's that ALL governments seem to cover up the existence of will soon get ticked off at us and come and destroy our planet (Star Trek anyone?) go so that the human parasite will not come out and destroy their worlds. (MY planet! my land, no my land, mine, no mine, no mine) I will admit this... I live in a state where we have an electronic device in our car that is used on the tollway that pays your fees for being on the road. Well, that devices has time stamps for when you passed through the booth, and is registered to your car(S) well, if it is 3 miles from one booth to the next that would be 3 minutes at 60MPH So if you make it from one booth to the next in less that 3 minutes you are speeding, but then again you are already because your are supposed to go 15MPH through most booths and about 1 mile from the booth you are supposed to slow down to 40MPH and I think at .5 miles from the booth you are supposed to slow down to 30MPH. I will admit that I often find myself going in excess of 60MPH on the highway. sometimes even over 80 and that is because I am afraid I am going to get hit by the moron(s) doing 90+ For the autobahn drivers or other places where such speeds may be the norm. Our roadways are not really designed for that even more so in the winter with snow and ice. -- Leif On Tue, 2005-12-27 at 12:11 -0800, Kurt Buff wrote: Rodrigo Barbosa wrote: On Mon, Dec 26, 2005 at 10:11:45PM -0600, Leif Ericksen wrote: Really if we have nothing to hide we should not fear them listening to us. Now if they come in and start forcing a special mark or code word or something special in order to live or buy or sell anything then it is time to revolt. Now, that is an interesting view of someone who really is not paying attention. What would you qualify as something to hide ? How about my banking account data ? How about the trade secrets of my company ? Interesting line of argument, but really beside the point. You are correct that Leif has taken the wrong line of argument, but you yourself haven't quite got it right. Leif speaks as if the government has a right to monitor our thoughts. Such a stance indicates that we are property of (a|the) government. Just the opposite is true. The just government serves at the pleasure of its citizens, and must not be allowed any more power than what is strictly necessary, if any at all. For the US, the 4th Amendment applies, and all of the history surrounding it - secure in papers and effects, unreasonable search/seizure, etc. The recent NSA actions (and older programs, too, such as
Re: [Full-disclosure] Spy Agency Mined Vast Data Trove
Actually after reading some of the the comments I have to say you all missed the point... *IF* you are not doing *nothing illegal* and have nothing to hide no big deal. If you are not doing anything illegal then there is no need for law enforcement to see your papers. The point sir is that a lot of us feel it's better if a few criminals go free than if a few innocent people get locked up. You can't apply standard security practices to a population, or you would have to lock up everyone and then release those who are not guilty. Geo. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Spy Agency Mined Vast Data Trove
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Dec 28, 2005 at 09:19:26AM -0500, Geo. wrote: Actually after reading some of the the comments I have to say you all missed the point... *IF* you are not doing *nothing illegal* and have nothing to hide no big deal. If you are not doing anything illegal then there is no need for law enforcement to see your papers. The point sir is that a lot of us feel it's better if a few criminals go free than if a few innocent people get locked up. You can't apply standard security practices to a population, or you would have to lock up everyone and then release those who are not guilty. The point is a little deeper than that. How much can we trust the government ? Or, rather, how much can we trust the people (as in down to the last one) that work on/for the government ? Are 100% of the government employees trusthworthy ? Are you really willing to give everyone there (again: the employees) a 'carte blanch' to get and maybe use your information ? Again: even if you think the government is legit, and has real reasons to do it, are you sure you can trust everyone that has access to the information ? On a more philosofical note, how much can you trust someone who distrust everyone else ? - -- Rodrigo Barbosa [EMAIL PROTECTED] Quid quid Latine dictum sit, altum viditur Be excellent to each other ... - Bill Ted (Wyld Stallyns) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDsqINpdyWzQ5b5ckRArXPAKCOHEHosaLNaBlOLOE0H7dMxivd4QCglNur vkLFgOCCwyzryD3qmOv9Gbs= =KQ8D -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Spy Agency Mined Vast Data Trove
If the traffic goes through a US based HOP anticipate that it will be monitored. They do not care where you are from. IT passes through the US it will be monitored since it has a foreign start and end point. Now is your traffic legit? Are you moving legal money around? Are you a drug dealer legal or otherwise? Are you a dealing with other items that might be illegal in the US and are trying to get them here via Canada? If it is Canada to Brazil and does not touch US routing anticipate your own government as well as the Canadian government to be monitoring your traffic leaving the us completely out of the picture. IT is so easy for people to pick on the USA. But, they may fear their own government or say our government does not do that. To whit I would say Bull Shit, wake up and smell the coffee. Again it is easy to pick on the US we are allowed to speak out against our government to a point at least. I would say ALL governments that have Internet traffic will monitor it it some way shape or form, even more so for the stuff that leaves their countries boarders. -- Lhe On Wed, 2005-12-28 at 12:20 -0200, Rodrigo Barbosa wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Dec 28, 2005 at 07:59:10AM -0600, Leif Ericksen wrote: Actually after reading some of the the comments I have to say you all missed the point... *IF* you are not doing *nothing illegal* and have nothing to hide no big deal. Talk about missing the point ... I do not want the Government to see my banking info HUM, did you ever hear of the SSN? Are you putting massive amounts of cash that can not be accounted for into your bank? BUT wait what is the limit it used to be $10,000US that if you moved that much money you had to fill out some papers as to why you were moving that money. So the government will know. Lemme try explaining it to you using more words. Do I want the USA Government to see my brazilian banking information, considering I'm a brazilian citizen that might be traveling to Canada ? Including my PIN and password and such other stuff ? The point is that the NSA (et al) can't know beforehand if the trafic they are monitoring is something they are allowed to monitor, so they have to check it all. What right, or even reason, do they have to monitor banking traffic originated in Canada with Brazil as the destination ? Again, if all you actions are legit they will soon go away and leave you alone. Yes, in a perfect world, run by perfect law abiding people, which is not the case of ANY government, or even any institution. Unfortuntely, on the world we live in, powers are more often abused than not. I will admit this... I live in a state where we have an electronic device in our car that is used on the tollway that pays your fees for being on the road. We have those around here too, but you can choose not to use it, and pay in cash at the booth. It is a PITA not using it, but you have a choice. - -- Rodrigo Barbosa [EMAIL PROTECTED] Quid quid Latine dictum sit, altum viditur Be excellent to each other ... - Bill Ted (Wyld Stallyns) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDsp83pdyWzQ5b5ckRAo+lAKCsWYLUkd4gejfLLsO/V9bWi80RWACgkRXW O7/i7mqmafny5L3208M07To= =lW4X -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Leif Ericksen [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Spy Agency Mined Vast Data Trove
On Dec 28, 2005, at 8:59 AM, Leif Ericksen wrote: Actually after reading some of the the comments I have to say you all missed the point... *IF* you are not doing *nothing illegal* and have nothing to hide no big deal. Laws change. Prior to Prohibition it would have been legal to drink alcohol in the United States. The reason Big Brother is bad is not always for the laws you are breaking today, but for the laws that have not yet been written that you may be held accountable for tomorrow. There are reasons that we in the U.S. have rules around wire taps and other information gathering. I do not want to live in a prison state. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Spy Agency Mined Vast Data Trove
If you do not want to live in a prison state run for office or contact the elected officials and them them know that you are upset. With the glide path we are on now it is inevitable. I knew about monitoring of conversations on the phone and electronic dating back to 1988. We may be to late to stop it... On Wed, 2005-12-28 at 09:52 -0500, Joshua Levitsky wrote: On Dec 28, 2005, at 8:59 AM, Leif Ericksen wrote: Actually after reading some of the the comments I have to say you all missed the point... *IF* you are not doing *nothing illegal* and have nothing to hide no big deal. Laws change. Prior to Prohibition it would have been legal to drink alcohol in the United States. The reason Big Brother is bad is not always for the laws you are breaking today, but for the laws that have not yet been written that you may be held accountable for tomorrow. There are reasons that we in the U.S. have rules around wire taps and other information gathering. I do not want to live in a prison state. -- Leif Ericksen [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Spy Agency Mined Vast Data Trove
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I was going to reply to all that stuff you wrote, but since you are so intent of showing that you know nothing about how things work on other countries, I'll just reply to one statement, that seems to be the heart of the issue. On Wed, Dec 28, 2005 at 08:46:11AM -0600, Leif Ericksen wrote: Now is your traffic legit? Are you moving legal money around? Are you a drug dealer legal or otherwise? Are you a dealing with other items that might be illegal in the US and are trying to get them here via Canada? Guilty until proven innocent, is that what you mean ? []s - -- Rodrigo Barbosa [EMAIL PROTECTED] Quid quid Latine dictum sit, altum viditur Be excellent to each other ... - Bill Ted (Wyld Stallyns) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD4DBQFDsqmEpdyWzQ5b5ckRAq8VAJdnzgbJxO2bQb396PNSkaSyeKrFAJ992y3v 8azmd2SGVicg1YiPaIo9Vw== =Zc4J -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Spy Agency Mined Vast Data Trove
It's amazing nobody has brought up the fact that Bush was illegally monitoring domestic and international calls during a presidential election. He could have been listening to the Kerry camp's calls. Worse we'll never know because without a judge's approval there is no official paper trail. It's completely baffling that Clinton was almost impeached for lying about an affair, but Bush stole our civil rights, illegally monitored us, and will continue to do so forever since his perpetual war on terror technically will never end unless everyone who hates the United States is eliminated. What a fucking traitor, sb On 12/28/05, Rodrigo Barbosa [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I was going to reply to all that stuff you wrote, but since you are so intent of showing that you know nothing about how things work on other countries, I'll just reply to one statement, that seems to be the heart of the issue. On Wed, Dec 28, 2005 at 08:46:11AM -0600, Leif Ericksen wrote: Now is your traffic legit? Are you moving legal money around? Are you a drug dealer legal or otherwise? Are you a dealing with other items that might be illegal in the US and are trying to get them here via Canada? Guilty until proven innocent, is that what you mean ? []s - -- Rodrigo Barbosa [EMAIL PROTECTED] Quid quid Latine dictum sit, altum viditur Be excellent to each other ... - Bill Ted (Wyld Stallyns) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD4DBQFDsqmEpdyWzQ5b5ckRAq8VAJdnzgbJxO2bQb396PNSkaSyeKrFAJ992y3v 8azmd2SGVicg1YiPaIo9Vw== =Zc4J -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Spy Agency Mined Vast Data Trove
I think the real betrayal happened when the New York Times sat on the story for Fourteen months, and manipulated the election, then released it the day the Patriot Act was to be renewed, which just so happened to coincide with the book release of the clown who wrote the story. Us Americans are often puppets to our own foolishness. Its all about money, as it always will be. --vote for me -- Original message -- From: Stan Bubrouski [EMAIL PROTECTED] It's amazing nobody has brought up the fact that Bush was illegally monitoring domestic and international calls during a presidential election. He could have been listening to the Kerry camp's calls. Worse we'll never know because without a judge's approval there is no official paper trail. It's completely baffling that Clinton was almost impeached for lying about an affair, but Bush stole our civil rights, illegally monitored us, and will continue to do so forever since his perpetual war on terror technically will never end unless everyone who hates the United States is eliminated. What a fucking traitor, sb On 12/28/05, Rodrigo Barbosa <[EMAIL PROTECTED] .ORG>wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I was going to reply to all that stuff you wrote, but since you are so intent of showing that you know nothing about how things work on other countries, I'll just reply to one statement, that seems to be the heart of the issue. On Wed, Dec 28, 2005 at 08:46:11AM -0600, Leif Ericksen wrote:Now is your traffic legit? Are you moving legal money around? Are you adrug dealer legal or otherwise? Are you a dealing with other items thatmight be illegal in the US and are trying to get them here via Canada? Guilty until proven innocent, is that what you mean ? []s - -- Rodrigo Barbosa <[EMAIL PROTECTED]> "Quid quid Latine dictum sit, altum vid itur" "Be excellent to each other ..." - Bill Ted (Wyld Stallyns) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD4DBQFDsqmEpdyWzQ5b5ckRAq8VAJdnzgbJxO2bQb396PNSkaSyeKrFAJ992y3v 8azmd2SGVicg1YiPaIo9Vw== =Zc4J -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Spy Agency Mined Vast Data Trove
Well the harder we try to hide our data from the government the more they are going to think that you are an entity that needs to be taken down as a threat to the government be the government US, UK, Sweden, Norway, China, Japan, N/S Korea, Iraq, Iran, Pakistan, India, Africa. and down under. Yes, I missed just a few I am to lazy to list all of them. ok so you think its ok for any government on this planet to record all your data and process it on their systems. now go to google and see how many governement systems get compromised. if every nation spy's on you and saves the data, there is a higher chance that this data could be stolen. now dont tell me that those systems will be secured and junk as there is no such thing as a 100% secure system. i guess you'd be one of the first to complain about that ? or let me ask you, are you only ok with that your own government saves your data, or do you also have no problem if any other nation logs and profiles you ? i would so love to see some foreign spy agency getting busted by usa that they have been spying on u.s. people and then i would like to hear your comments aswell, or even better, the scenario i just said about compromised hosts of spy agencys. what if criminal organisations get the data ? they could blackmail you as they know about the girl you use to cheat on your wife, they got pictures of your kids and they know which dirty websites you visited. i mean this is just an example, but its not unlikely. so you see why its not a thing of having nothing to hide, but simply saving his own privacy. another thing is, just by hiding your private data it means you are a threat ?! what about a real life situation then, it would be the same if some agency sends agents to your house once in a while at night just to check that you dont hide anything. thats freedom for you ? isnt in americas law that every person has the right for privacy ? even if you have nothing to hide, you still should get your privacy, or do you want to feel beeing watched all the time whatever you do ? i dont know, but i wouldnt feel free if i knew any nation on the world (so hundreds of people) profile me and watch what i do even though i'm not a criminal. they dont have to see the pictures my friends send me or read all my emails to business partners where i signed a NDA and could get sue'd if information leaks. - Original Message - From: Leif Ericksen [EMAIL PROTECTED] To: Rodrigo Barbosa [EMAIL PROTECTED] Cc: full-disclosure@lists.grok.org.uk Sent: Wednesday, December 28, 2005 3:32 PM Subject: Re: [Full-disclosure] Spy Agency Mined Vast Data Trove As was stated in previous post Echelon is old news, even Carnivore was supposedly dumped for newer technology. As I stated in a previous example the government can come in and request the keys if they need it. If that story that my prof told the class in 1988 was true. Now that story supposedly took place a few years before that class. so lets say that happened in 1982-198 is my best guess. The key is monitoring is being done. AS for the encryption. there are some that would argue that any STRONG encryption that is allowed to exist in the US ( PGP and the likes) has been modified by the NSA so that they have a generic key that will open any door. Otherwise the creator of such encryption will disappear and never comeback. IS this true or is this just a silly story. I do not know I have not invented an encryption system. I will let you know when I do if I am forced by the government to give a cracking method. ;) If the stories of the government having a back door key are true then I would be willing to bet that any technologically advance country would subscribe to the same plan to protect their own interests. Another thing to think about is just how many PRIMARY traffic points do we have that a majority of the traffic goes through. Lets see in the US we have MEA_EAT, MAE-WEST, MAE-CENTRAL, as well as others. (what were the locations... Hendron, VA, Chicago, IL, LA, CA, Dalas, or was it Huston TX. was there not near Central Florida?) Lets look at the UFO thought here for a moment. The governments deny that they exist so people really think and believe that they do exist. So much so that some are willing to put their lives at risk to break through the Govs defenses to prove that they know Aliens do exist. Well the harder we try to hide our data from the government the more they are going to think that you are an entity that needs to be taken down as a threat to the government be the government US, UK, Sweden, Norway, China, Japan, N/S Korea, Iraq, Iran, Pakistan, India, Africa. and down under. Yes, I missed just a few I am to lazy to list all of them. Now making complaints and noise about the problem is not going to do anything abut it. IF you know the problem exists and you have an answer start fighting in it a good way. Run for office on a platform
Re: [Full-disclosure] Spy Agency Mined Vast Data Trove
Uh let's see I don't know if this is thje place to discuss this. There has been enouigh evidence of governmental misbehavior in the past with various programs that I wouldn't trust the powers that be to always be benevolent to go away if nothing bad is happening. There is Steve Kurtz the artists who got into trouble for growing a microrganism commonly gown in high school classes. If one reads the actual transcripts of Federal Prosecutions one finds that often they do go through someone's life and if they don't find the real big thing they wanted, they will try to find some very small thing, something akin to ignoring something on a click license or a shrink license. They threaten the defendents a lot and often they will get some silly conviction which to them is minor to the person who is convicted and has a messed up life is a lot. A lot of the motivating factors here, one is that such prosecutions are expensive and there is the desire not to go away empty handed. Now as of late they have gotten into so much troubl;e with this they have been losing outright in US Federal Court which usually doesn't happen. In most cases it has involved the increased descretion given to various authorities by the current atmosphere of security is so important that if the Bill of Rights is bent or ignored a bit then it's OK. I am not saying any of this(data mining and sorting thru lots of stuff trying to find scary keywords) should never ever happen but just it is sort of naive to assume that if one has nothing to hide and has done nothing wrong that one has nothing to fear. It is easy to go through someone's life and find things that while not illegal are embarassing and use this to threaten them for a variety of purposes. The story of J Edgar Hoover trying to find something to embarass or threaten Martin Luther King is well known. Others are known also and then is somewhat of a history of abuse of power so I hold the nothing to hide/nothing to fear concept to be naive. Another point is that if has ever had friends who say grew certain vegetables or did other such questionable things one obviously knows they don't refer to any of the things they are doing by cleartext names but use innocent sounding words and phrases, Now one curious thing I heard from a friend who is an Arabic translator is that some people hope that occassional in Arabic or some other native language people will mention something out in the open. I did have a technical thought or question. Datamining can be used for less nefarious purposes and I wonder if anyone knows any good source texts if one were teaching a course in the area. Those I read are woefully inadequate and I was wonde4ring if this is because those that have useful techniques aren't into much disclosure much less full disclosure. So if anyone know of any tests or sources for connections databases it would be nice to here of them. I was thinking of applications in art, science and medicine, like looking through OTC purchases to see if there has been a serious uptick in consumption of products that indicate a possible diesese outbreak. I know there was a plan to track anti-diarrhea medications because many seriousl diseases manifest themselves with that symptom and the condition in itself can be dangerous. Have Fun, Sends Steve P.S. It was funny that the head of the TIA project at DARPA at one point was someone from the Nixon Admin not necessarily concerned with people's privacy or their rights. I suspect it is the overstepping of boundaries by that adninistration that provides the most compelling evidence that maybe we want to be careful giving people too much power to look at our various dealings, Leif Ericksen wrote: Actually after reading some of the the comments I have to say you all missed the point... *IF* you are not doing *nothing illegal* and have nothing to hide no big deal. I do not want the Government to see my banking info HUM, did you ever hear of the SSN? Are you putting massive amounts of cash that can not be accounted for into your bank? BUT wait what is the limit it used to be $10,000US that if you moved that much money you had to fill out some papers as to why you were moving that money. So the government will know. Bottom line there will me so much 'noise' if the listen to everything they will loose track of legitimate deviant traffic. The only monitor so much of it and then turn off the listening until the system wakes up. Again, if all you actions are legit they will soon go away and leave you alone. The old joke on the net like 10 years ago was to add lines like Death Bomb Kill Destroy, White House, nuclear, waste, President, Give names of current or recent past presidents, Bush, Clinton, Regan, Nixon Ford, etc. Those supposedly activated the echelon system. Also thinking back to a security to a class I had in computer security (now I may date myself just a little) Back in 1988 The
Re: [Full-disclosure] Spy Agency Mined Vast Data Trove and other tales
It is kind of think it is a UFO story to say that PGP and the likes don't work and have been quietlty changed to make them easy to break. The inventors being compromised is pretty much an MIB story. It is open code so you can read it and see if it is possible to break and how easily given current open knowledge. Now if the mathematicians in the NSA know things about factoring we don't well oh well. What is depended on is that most people don't encrypt and most things are sent in the open. This includes most transactions that can be used to build a sort of profile. If I were to start spending other than cash quietly and using banks in any way at least my bankers would know some improvement had taken place and they at least have agreed to release a lot of information to competent authorities. Also this stuff is sent pretty much encrypted. SO there is a lot of information out there to gather and much of the idea about datamining is to get things out of easily available unencrypted sources. The same with phone calls. Very few people have STU phones or equivelent. it is amazing how stuff just gets known because people can't or most often won't be careful. The big problem with datamining is getting pattern out of data and telling what that pattern means. This is a problem in a lot of fields, there is a storm sitting out in the Pacific over a relatively sensor rich area and I have all sorts of information about its behavior, about SST (sea surface temperature) etc. but it is hard trying to figure out how that will impact where I live. Those of us who have worked on big projects inside of large entities and the like know that the people there are often like you and me, despite what the X-Files and true believers say. But that scary stuff does make it more romantic. You are right that however that putting pressure on politicos will get them to change, and people in security agencies are human too and not inhuman monsters and many care a lot about the nature of their work and as onme might notice when someone goes too far little leaks sprout. Have Fun, Sends Steve ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Spy Agency Mined Vast Data Trove
Rodrigo Barbosa wrote: On Mon, Dec 26, 2005 at 10:11:45PM -0600, Leif Ericksen wrote: Really if we have nothing to hide we should not fear them listening to us. Now if they come in and start forcing a special mark or code word or something special in order to live or buy or sell anything then it is time to revolt. Now, that is an interesting view of someone who really is not paying attention. What would you qualify as something to hide ? How about my banking account data ? How about the trade secrets of my company ? Interesting line of argument, but really beside the point. You are correct that Leif has taken the wrong line of argument, but you yourself haven't quite got it right. Leif speaks as if the government has a right to monitor our thoughts. Such a stance indicates that we are property of (a|the) government. Just the opposite is true. The just government serves at the pleasure of its citizens, and must not be allowed any more power than what is strictly necessary, if any at all. For the US, the 4th Amendment applies, and all of the history surrounding it - secure in papers and effects, unreasonable search/seizure, etc. The recent NSA actions (and older programs, too, such as Echelon), taken at the behest of Presidential directive, are clearly illegal, and destructive of the relationship between citizens and their government. The 1st Amendment also applies, in that free speech can also be private, with unauthorized others excluded, for whatever reason, and/or anonymous. If government intrudes, it has an unwarranted chilling effect. Kurt ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Spy Agency Mined Vast Data Trove
Does the fourth amendment really guarantee us the right to pass any information through any medium, and assume that it is still considered private? The problem is that privacy and freedom (I believe) are mutually exclusive. If we are granted total privacy in our communications systems, then that must, by definition, infringe on the freedoms of whoever owns the mediums. The argument goes back even farther to the ideas of intellectual property. Does your data transmission really belong to you? If someone copies it, do all the copies still belong to you? The way I see it, there are two things, stuff, and ideas. I believe that the fourth amendment protects all of my stuff, but not my ideas. In fact, I believe that the first amendment ensures my right to duplicate and retransmit ideas. If I send data to my local router, then whoever owns that router now has total access to my data. Expecting anything else is just naive. If I encrypt the data with my friends public key, however, the person who owns that router only has access to an encrypted block of data, which is largely (but still finitely) safe. I feel that any given three letter agency has the right to record whatever they see come in through their lines, even if transmission to them was not intentional. Notice that we also have the right to listen to open conversations, and to sniff on open networks, and even keep databases of what we learn, so why should we deny a government agency the same right? - DEAN ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Spy Agency Mined Vast Data Trove
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yo Dean! On Tue, 27 Dec 2005, Dean Pierce wrote: The problem is that privacy and freedom (I believe) are mutually exclusive. Stalin would be proud of you! You would have loved Franco's Spain. RGDS GARY - --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDsdPo8KZibdeR3qURApGfAJ4/cpKBvyMybeAsPvmq6aAQbSAEWACfctkr zi1zZV6CiwY7C92QswWc8SA= =ZkzC -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Spy Agency Mined Vast Data Trove
--On December 27, 2005 2:49:18 PM -0800 Benjamin Franz [EMAIL PROTECTED] wrote: On Tue, 27 Dec 2005, Paul Schmehl wrote: Well, no, they are not clearly illegal. That is a matter of opinion and not law. In fact, all legal precedents indicate that the program is legal, within the purview of the President's powers under Article II of the Constitution. Um. No. What he has done is attempt to completely gut the 4th Amendement of the US Constitution of any meaning. To wit: The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. Again, note the modifier, unreasonable. There are at least 26 known instances where you can be arrested without a warrant and/or your home searched without a warrant. The key is unreasonable searches. I don't see a 'except in time of war' clause anywhere. Do you? You don't have to. You can read the Supreme Court decisions and quickly realize that no right is absolute. The classic example is yelling Fire! in a crowded theatre. When your exercise of your rights begins to infringe on the rights of others, then your rights are subsumed by the needs of the greater. You don't have the right to be a terrorist and plot the murder of thousands and expect to be protected by the US Constitution from any inquiry at all into your activities. In fact there's a sound legal argument that you can be arrested and jailed without probably cause or warrant and never see the light of day until the President decides it's OK. That's written right in to the Constitution, so it's a bit hard to argue that it doesn't exist. As one Supreme Court justice once said, The Constitution is not a suicide pact. It was simply never conceived that an administration would attempt to gut the 4th Amendment by force of sheer linguistic trickery. The second sentence clearly is defining when warrants for searches allowed by the first sentence may be issued. _Implicitly_ those searches may only be legally done using a legally issued warrant (no warrantless searches or the entire Amendment would be meaninglesss). But it fails to say so explictly. Then you must explain how, for example, a police officer can enter your house without your permission and search your house without your permission if there are exigent circumstances. Warrantless searches are done routinely and accepted by the courts without question, if the circumstances fit an accepted set of criteria. Furthermore, if you think this administration is the first to do warrantless searches, then you're naive. Just seven months after FISA became Public Law 95-511, Jimmy Carter signed an order for warrantless searches of electronic communications. Sooner or later the courts will very likely slap him down. If he is very unlucky, he will lose his impeachment-proof majority in Congress next year and be impeached for it. Extremely unlikely. All court precedent is on his side. But if the rest of us are very unlucky, this huge step towards totalitarianism by the Bush administration will be let stand as a very bad precedent. You don't have a clue what totalitarianism is. Try moving to North Korea or China, for example. Great Britain will soon have a system that can photograph your car's license plate *on every highway in Britain*, so that the police can tell exactly where you were, where you went, how you got there, how fast you drove, etc.,etc. I will guarantee you that, if it stands, historians in a century or so will point to Bush's administration as the point when the Republic clearly had made the transition to a Dictatorship where laws were in practice whatever the President said they were, and the goddamned piece of paper [1] called the US Constitution was just irrelevant. People said the same thing about Lincoln when he suspended habeas corpus. They even called him King Abraham and dictator. The Chief Justice of the Supreme Court complained that what Lincoln was doing was unconstitutional but he was powerless to do anything about it because Lincoln controls the army. Now he is thought to be one of the greatest Presidents we've ever had. Before you have an apopleptic fit, you might want to bone up on your history a little. Or ditch some of the paranoia. Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Spy Agency Mined Vast Data Trove
On 12/27/05, Paul Schmehl [EMAIL PROTECTED] wrote: ... Well, no, they are not clearly illegal. That is a matter of opinion and not law. you are both correct to some degree. as an unsatisfying but appropriate conclusion consider that the interpretation of the law by a judge / jury must consider intent and actions. while a 'dragnet' style 'detection' network may not clearly fit the model of surveillance relevant to and overseen by the FISA court, it is much more clear that the actions and intents of the administration are less clear cut. i think bush's quote about that annoying document he swore to uphold being nothing more than 'a goddamn piece of paper' shows the disposition of this administration as openly capricious / thoughtless where privacy and/or essential freedoms are concerned. In fact, all legal precedents indicate that the program is legal, within the purview of the President's powers under Article II of the Constitution. but only if the dragnet itself is legal. side stepping FISA is not permissible if the FISA court is intended to oversee a program of the nature pursued by the NSA / other agencies at the continued and repeated request of the administration. a judge will have to determine this (if it comes to such). You are aware that Lincoln suspended habeas corpus during the Civil War? Many people were outraged and insisted it was clearly illegal, yet Article I, Section 9 states that habeas corpus cannot be suspended *except* in times of rebellion or invasion. So Lincoln's actions were Constitutional. this is not really relevant to the particular questions in this case and you know it. Just because you don't like something your government does doesn't make it illegal. and just because we are at war the rule of law does not dissipate. The 1st Amendment also applies, in that free speech can also be private, with unauthorized others excluded, for whatever reason, and/or anonymous. If government intrudes, it has an unwarranted chilling effect. Really? Where in the First Amendment does it mention private speech? indeed; privacy is a difficult subject wrt the bill of rights. it's not nearly as well defined and protected as you imply. but that doesn't mean there is no right to privacy either... in any case, the pissed off federal judiciary is not a good sign for bush or the administration. some toes have been stepped on and there will be some kind of fallout (though perhaps minimal...) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Spy Agency Mined Vast Data Trove
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, Dec 27, 2005 at 06:32:34PM -0600, Paul Schmehl wrote: But if the rest of us are very unlucky, this huge step towards totalitarianism by the Bush administration will be let stand as a very bad precedent. You don't have a clue what totalitarianism is. Try moving to North Korea or China, for example. Great Britain will soon have a system that can photograph your car's license plate *on every highway in Britain*, so that the police can tell exactly where you were, where you went, how you got there, how fast you drove, etc.,etc. I lived in Brazil during the military dictactorship period here. Was born during that time, in fact. Still living here. Can you say I have not a clue what totalitarianism is ? Can you say YOU know first hand what it is ? I would not be surprised if you didn't even know we have a military dictatorship here, or you thinking that the brazilian capital city is Rio de Janeiro. Can you please clarify what is YOUR first hand experience with totalitarianism is ? Benjamin is right on this one. Take the world from someone how experienced these things first hand. I'm sure anyone here who ever lived (or still live) under a totalitarian governement will agree with Benjamin. Your only excuse if that you have no idea what you are talking about. For that, I pitty you, just like I pitty any other citizen of the USA who has to see these things happening, and is powerless to stop it. - -- Rodrigo Barbosa [EMAIL PROTECTED] Quid quid Latine dictum sit, altum viditur Be excellent to each other ... - Bill Ted (Wyld Stallyns) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD4DBQFDseBXpdyWzQ5b5ckRAlUxAJ4w5XHeB5Uj8un6koIM6t1ti/ZbWACVHvcW HGbHthX7JlAJ7CVbMJerMw== =Cji8 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Spy Agency Mined Vast Data Trove
hello list; story: http://www.securityfocus.com/brief/85 [snip]- At issue are the broad, sweeping powers the NSA now have to eavesdrop on Americans without their knowledge. Commentary from Ars technical speculates on the technology behind the massive eavesdropping. Bruce Schneier has a long commentary on historical abuses as well as the NSA's use of Echelon, a massive initiative that monitors voice, fax, and data communications and is used for data mining of perhaps 3 billion communications per day. [/snip]- My concern is... (I'm from Nepal) not all ISP in my region go through the Nepal's Internet exchange point. so even the local traffic might have routed through USA if our ISP'z backbone providr is in USA. I don't have very good idea about ledal stuff but my basic assumption is BUYING SERVICE FROM A DIFFERENT COUNTRY DOESN'T MEAN WE ARE NECESSARILY SUBJECTED TO THEIR LOCAL RULES. (though depends on country foreign policy) Have our network traffic been spyed/sniffed too without our knowledge? Don't we have right of protection in the law to check such thing if any??? just willing to hear your views on what are the rules to check/tackle such issues in other foreign countries??? regards, -bipint story: http://www.securityfocus.com/brief/85 [snip]- At issue are the broad, sweeping powers the NSA now have to eavesdrop on Americans without their knowledge. Commentary from Ars technical speculates on the technology behind the massive eavesdropping. Bruce Schneier has a long commentary on historical abuses as well as the NSA's use of Echelon, a massive initiative that monitors voice, fax, and data communications and is used for data mining of perhaps 3 billion communications per day. [/snip]- My concern is... (I'm from Nepal) not all ISP in my region go through the Nepal's Internet exchange point. so even the local traffic might have routed through USA if our ISP'z backbone providr is in USA. I don't have very good idea about ledal stuff but my basic assumption is BUYING SERVICE FROM A DIFFERENT COUNTRY DOESN'T MEAN WE ARE NECESSARILY SUBJECTED TO THEIR LOCAL RULES. (though depends on country foreign policy) Have our network traffic been spyed/sniffed too without our knowledge? Don't we have right of protection in the law to check such thing if any??? just willing to hear your views on what are the rules to check/tackle such issues in other foreign countries??? regards, -bipin -- Bipin Gautam Zeroth law of security: The possibility of poking a system from lower privilege is zero unless until there is possibility of direct, indirect or consequential communication between the two... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Spy Agency Mined Vast Data Trove
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 26 Dec 2005 07:04:15 -0800 Bipin Gautam [EMAIL PROTECTED] wrote: hello list; My concern is... (I'm from Nepal) not all ISP in my region go through the Nepal's Internet exchange point. so even the local traffic might have routed through USA if our ISP'z backbone providr is in USA. I don't have very good idea about ledal stuff but my basic assumption is BUYING SERVICE FROM A DIFFERENT COUNTRY DOESN'T MEAN WE ARE NECESSARILY SUBJECTED TO THEIR LOCAL RULES. (though depends on country foreign policy) Have our network traffic been spyed/sniffed too without our knowledge? Don't we have right of protection in the law to check such thing if any??? just willing to hear your views on what are the rules to check/tackle such issues in other foreign countries??? The gist of the actions by the NSA and the Chimp in Charge should allow to you ascertain the obvious answer. One, the US government has no respect for its citizens' privacy so what makes you think it cares about the privacies of those in other countries. One of the problems with the US at this current point in time, is there is a revolving scenario being spoon fed to the public and this is being used to justify the actions of the idiots in office. This is called The War on Terror. Far too many people are quick to cower and believe whatever mass media crapaganda is being shown on television, and while this occurs, those in power jump on the opportunities to sneak in low blow, sucker punch crimes in hopes they go unnoticed. It happened with the CIA and their torture prisons, the Chimp in Charge stepping on civil liberties, you name it, this administration is doing it. So to answer your question, if it passed through any form of electronic communication, chances are ECHELON got a hold of it. Don't like it, don't use electronic communications, or use various types of encryption. Bottom line. -BEGIN PGP SIGNATURE- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkOwEHcACgkQo8cxM8/cskr21wCfaDzK6JhSQ9V8+g+pB++NqyPyFKkA n1IcgHmdLgiwhc9jCW0CwUPsExWc =26gs -END PGP SIGNATURE- Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Spy Agency Mined Vast Data Trove
On Mon, 26 Dec 2005, Bipin Gautam wrote: My concern is... (I'm from Nepal) not all ISP in my region go through the Nepal's Internet exchange point. so even the local traffic might have routed through USA if our ISP'z backbone providr is in USA. I don't have very good idea about ledal stuff but my basic assumption is BUYING SERVICE FROM A DIFFERENT COUNTRY DOESN'T MEAN WE ARE NECESSARILY SUBJECTED TO THEIR LOCAL RULES. (though depends on country foreign policy) Your service will have a contract, and in that contract will be a clause which determines which laws apply. Check it. Have our network traffic been spyed/sniffed too without our knowledge? Almost definitely yes. Don't we have right of protection in the law to check such thing if any??? No. Why should you? Like us here in the US, you are nothing but a Prole, without rights, or even the ability to ask for rights. just willing to hear your views on what are the rules to check/tackle such issues in other foreign countries??? Sorry bibint - you're screwed if you're outside the USA: we openly intercept almost every data and telephony transmission which originates outside the USA. Don't like it? Then start picking Echeclon Centers to bomb... regards, -bipint All the best! //Alif -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF 'The right of self defence is the first law of nature: in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and the right of the people to keep and bear arms is, under any colour or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction.' St. George Tucker ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Spy Agency Mined Vast Data Trove
All of Israel's inter-provider traffic goes through a central switching center. This PoP also contains much of Israel's backbones and external links. getting to the point: It's pretty obvious that the government here taps the 'net. It should be no surprise that the US listens in on traffic; they've been doing it for years - ECHELON (as mentioned below). I have a few ideas of my own that might even make it simpler for them. The moral of the story is to use encryption wherever necessary. Telnet, non-anon ftp, and rsh don't get used anymore. Hell, why not try sniffing for CVS passwords? Public WiFi access? Only through an encrypted tunnel. With the free enterprise of data, if the data is out there, anyone has the complete right to access it. Bipin Gautam wrote: hello list; story: http://www.securityfocus.com/brief/85 [snip]- At issue are the broad, sweeping powers the NSA now have to eavesdrop on Americans without their knowledge. Commentary from Ars technical speculates on the technology behind the massive eavesdropping. Bruce Schneier has a long commentary on historical abuses as well as the NSA's use of Echelon, a massive initiative that monitors voice, fax, and data communications and is used for data mining of perhaps 3 billion communications per day. [/snip]- My concern is... (I'm from Nepal) not all ISP in my region go through the Nepal's Internet exchange point. so even the local traffic might have routed through USA if our ISP'z backbone providr is in USA. I don't have very good idea about ledal stuff but my basic assumption is BUYING SERVICE FROM A DIFFERENT COUNTRY DOESN'T MEAN WE ARE NECESSARILY SUBJECTED TO THEIR LOCAL RULES. (though depends on country foreign policy) Have our network traffic been spyed/sniffed too without our knowledge? Don't we have right of protection in the law to check such thing if any??? just willing to hear your views on what are the rules to check/tackle such issues in other foreign countries??? regards, -bipint story: http://www.securityfocus.com/brief/85 [snip]- At issue are the broad, sweeping powers the NSA now have to eavesdrop on Americans without their knowledge. Commentary from Ars technical speculates on the technology behind the massive eavesdropping. Bruce Schneier has a long commentary on historical abuses as well as the NSA's use of Echelon, a massive initiative that monitors voice, fax, and data communications and is used for data mining of perhaps 3 billion communications per day. [/snip]- My concern is... (I'm from Nepal) not all ISP in my region go through the Nepal's Internet exchange point. so even the local traffic might have routed through USA if our ISP'z backbone providr is in USA. I don't have very good idea about ledal stuff but my basic assumption is BUYING SERVICE FROM A DIFFERENT COUNTRY DOESN'T MEAN WE ARE NECESSARILY SUBJECTED TO THEIR LOCAL RULES. (though depends on country foreign policy) Have our network traffic been spyed/sniffed too without our knowledge? Don't we have right of protection in the law to check such thing if any??? just willing to hear your views on what are the rules to check/tackle such issues in other foreign countries??? regards, -bipin -- Bipin Gautam Zeroth law of security: The possibility of poking a system from lower privilege is zero unless until there is possibility of direct, indirect or consequential communication between the two... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Spy Agency Mined Vast Data Trove
just willing to hear your views on what are the rules to check/tackle such issues in other foreign countries??? Well, one of the tricks these bastards play with Echelon is how they get around the typical illegality of spying on people in their own country. For instance, I'm from Canada, and our spy agencies are not allowed to spy on people inside our own country (technically). It's much the same in the USA, probably worse, as we're both pissing away our privacy. So anyways, what they do is agree to help each other out by spying on each other's citizens, then sharing the information. So, the UK will spy on Australian and American citizens, Canada will spy on US and US on Canadian citizens, Australia on UK and such, etc. That way they're not breaking the letter of the law. Twisted, huh? Perhaps your country has similar agreements with neighbouring countries. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Spy Agency Mined Vast Data Trove
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yo J.A.! On Mon, 26 Dec 2005, J.A. Terranson wrote: Your service will have a contract, and in that contract will be a clause which determines which laws apply. Check it. Than take your best guess as to whether the entities enforcing the laws bother to follow them. It is not just Bush II that considers following the laws optional. RGDS GARY - --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDsEQL8KZibdeR3qURAhBrAKDCcXZHnyal0g3vpXVqno0KIEPyiACfTizw +jCjgQpEYcxPFuFPT4oPdpU= =hIB5 -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Spy Agency Mined Vast Data Trove
the usa still controls the internet and they dont give a fuck if we feel that our privacy is invaded since we are all foreign countries to them and anything outside the usa should be sniffed as they could be potential terrorists. remember only usa is the free world lol (in their opinion) they want total control and noone can do anything against their actions. even nato is powerless against usa thats why noone ever says something if they fuck up. the us. gov knows that exactly. they dont have to execuse themselfs for things not even to their own people. if they are forced to give out information they lie their way out. manipulation is something the us gov is specialized in. with google earth you can even find a nsa echelon base in germany. i wonder what its doing there. i bet they use it to sniff our country aswell and our neighboors, since its not there for the fun of it. what if my country would start to spy on usa isp's ? that could cause serious political problems, but of course for usa everything is ok, as we have seen in the past. oh and for your law question, usa doesnt care about international laws. if you have problems you will have to ask a us. court and i doubt that will help you much complaining about some agency especially when you are from some foreign country. - Original Message - From: Bipin Gautam [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Sent: Monday, December 26, 2005 4:04 PM Subject: [Full-disclosure] Spy Agency Mined Vast Data Trove hello list; story: http://www.securityfocus.com/brief/85 [snip]- At issue are the broad, sweeping powers the NSA now have to eavesdrop on Americans without their knowledge. Commentary from Ars technical speculates on the technology behind the massive eavesdropping. Bruce Schneier has a long commentary on historical abuses as well as the NSA's use of Echelon, a massive initiative that monitors voice, fax, and data communications and is used for data mining of perhaps 3 billion communications per day. [/snip]- My concern is... (I'm from Nepal) not all ISP in my region go through the Nepal's Internet exchange point. so even the local traffic might have routed through USA if our ISP'z backbone providr is in USA. I don't have very good idea about ledal stuff but my basic assumption is BUYING SERVICE FROM A DIFFERENT COUNTRY DOESN'T MEAN WE ARE NECESSARILY SUBJECTED TO THEIR LOCAL RULES. (though depends on country foreign policy) Have our network traffic been spyed/sniffed too without our knowledge? Don't we have right of protection in the law to check such thing if any??? just willing to hear your views on what are the rules to check/tackle such issues in other foreign countries??? regards, -bipint story: http://www.securityfocus.com/brief/85 [snip]- At issue are the broad, sweeping powers the NSA now have to eavesdrop on Americans without their knowledge. Commentary from Ars technical speculates on the technology behind the massive eavesdropping. Bruce Schneier has a long commentary on historical abuses as well as the NSA's use of Echelon, a massive initiative that monitors voice, fax, and data communications and is used for data mining of perhaps 3 billion communications per day. [/snip]- My concern is... (I'm from Nepal) not all ISP in my region go through the Nepal's Internet exchange point. so even the local traffic might have routed through USA if our ISP'z backbone providr is in USA. I don't have very good idea about ledal stuff but my basic assumption is BUYING SERVICE FROM A DIFFERENT COUNTRY DOESN'T MEAN WE ARE NECESSARILY SUBJECTED TO THEIR LOCAL RULES. (though depends on country foreign policy) Have our network traffic been spyed/sniffed too without our knowledge? Don't we have right of protection in the law to check such thing if any??? just willing to hear your views on what are the rules to check/tackle such issues in other foreign countries??? regards, -bipin -- Bipin Gautam Zeroth law of security: The possibility of poking a system from lower privilege is zero unless until there is possibility of direct, indirect or consequential communication between the two... ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Spy Agency Mined Vast Data Trove
On 12/26/05, GroundZero Security [EMAIL PROTECTED] wrote: the usa still controls the internet and they dont give a fuck if we feel that our privacy is invaded ... they want total control and noone can do anything against their actions. strong encryption makes it difficult to invade your privacy. if you need to communicate with insecure/untrusted endpoints you need to be anonymous. ipsec, ssl, ssh, openvpn, lots of methods for data privacy. (i am looking forward to tun/tap device support in new openssh. openvpn is a bit tedious) regarding anonymity, tor is no longer funded by the eff and is accepting donations. if you found this project useful now is a good time to donate: http://tor.eff.org/donate.html.en stronger anonymity might entail type III mixers and/or meatspace obfuscation. a trade off depending on your needs. with google earth you can even find a nsa echelon base in germany. i wonder what its doing there. i bet they use it to sniff our country aswell and our neighboors, since its not there for the fun of it. what if my country would start to spy on usa isp's ? that could cause serious political problems, but of course for usa everything is ok, as we have seen in the past. there are echelon stations all over the world. cryptome.org has a lot of details and photos if you are curious. (the dvd archive is well worth the cost) the nuclear sub(s) with fiber tapping bays for deep sea splicing are one of my favorite examples. feeding off the coastal landing points is easier but not always possible. recent events have shown just how willing corporations are to give the government a blank check with only minimal assurances of propriety and legality. i would bet good money the number of core providers who balked at DCS1000 deployments could be counted on a single hand, if there were even any at all... oh and for your law question, usa doesnt care about international laws. if you have problems you will have to ask a us. court and i doubt that will help you much complaining about some agency especially when you are from some foreign country. i'll save you the trouble: it's not illegal (according to current interpretation of US law) for US to spy outside our borders. the current NSA debacle concerns monitoring / surveillance of US citizens without any judicial oversight (FISA, et al). while that is clearly illegal according to US law, they are splitting hairs over whether a large and non specific 'dragnet' style operation is really equivalent to targeted surveillance, which is what FISA was designed to oversee. if you value your privacy, put your money/time/efforts where your mouth is and start using, supporting and advocating strong encryption, anonymous services, and other privacy enhancing technologies. secure and intuitive (read: dead simple) user interfaces are sorely needed for these things although HCI tends to get less attention as it is not as sexy as crypto or infosec in general. these are issues which affect all nations, although the US is currently in the spotlight given the breadth and depth of its monitoring / surveillance capability in a nation which loves to boast of freedom and liberty. (oh the irony, :) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Spy Agency Mined Vast Data Trove
On Mon, 26 Dec 2005, coderman wrote: recent events have shown just how willing corporations are to give the government a blank check with only minimal assurances of propriety and legality. i would bet good money the number of core providers who balked at DCS1000 deployments could be counted on a single hand, if there were even any at all... For the record (because I think it's important that the record reflect this odd fact), there were in fact major players who said No. I know, I was there. Savvis, at least up to my departure, actively refused to go along (and yes, we *were* asked, and asked very early in the process). I suspect that the CW merger may have changed that (although I have no physical proof of this, so I cannot be absolutely certain) later on, but at least *1* of the top ten carriers had clean hands as late as 2004. -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF 'The right of self defence is the first law of nature: in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and the right of the people to keep and bear arms is, under any colour or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction.' St. George Tucker ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Spy Agency Mined Vast Data Trove
I am sorry... The largest controlling BODY is the U.N There are several cases here in the US of soldiers that refused to take orders from U.N Officers or place a UN flag on the (US) uniform. These military folks stated they took an oath to the US NOT the (stupid) UN. So the US is pushed around by the UN... I personal believe that a day will come that maybe there will be some major riots in the US and the UN will step up and tell the worlds police force to control its own people. We as a country may or may not desire to be the worlds police force but since we are a super power we can be forced into it (by the UN). I do know of some US presidents that really spat in the face of the UN for various reasons. DO I personally like the UN... N/C Now this message is part of a thread that talks about Echelon... I have one thing to say about that... Why did somebody wake that beast again. That is like 10-15 years old now... There are better methods that are being used than Echelon. News broke about that system what 8-10 years ago was it not? Since news broke about it then, that means it was old news when it broke.. SO why do we not talk about the reality that UFOs are real and were Sponsored by the US, Canada, the former Soviet Union, maybe China and Japan... It is earthly technology and they are using that to do the post modern data gathering. ;) should I toss in some Echelon key words at this time? Na, I think I will leave it alone. Peace out -- Leif Ericksen On Mon, 2005-12-26 at 16:49 +0100, GroundZero Security wrote: the usa still controls the internet and they dont give a fuck if we feel that our privacy is invaded since we are all foreign countries to them and anything outside the usa should be sniffed as they could be potential terrorists. remember only usa is the free world lol (in their opinion) they want total control and noone can do anything against their actions. even nato is powerless against usa thats why noone ever says something if they fuck up. the us. gov knows that exactly. they dont have to execuse themselfs for things not even to their own people. if they are forced to give out information they lie their way out. manipulation is something the us gov is specialized in. with google earth you can even find a nsa echelon base in germany. i wonder what its doing there. i bet they use it to sniff our country aswell and our neighboors, since its not there for the fun of it. what if my country would start to spy on usa isp's ? that could cause serious political problems, but of course for usa everything is ok, as we have seen in the past. oh and for your law question, usa doesnt care about international laws. if you have problems you will have to ask a us. court and i doubt that will help you much complaining about some agency especially when you are from some foreign country. - Original Message - From: Bipin Gautam [EMAIL PROTECTED] To: full-disclosure@lists.grok.org.uk Sent: Monday, December 26, 2005 4:04 PM Subject: [Full-disclosure] Spy Agency Mined Vast Data Trove hello list; story: http://www.securityfocus.com/brief/85 [snip]- At issue are the broad, sweeping powers the NSA now have to eavesdrop on Americans without their knowledge. Commentary from Ars technical speculates on the technology behind the massive eavesdropping. Bruce Schneier has a long commentary on historical abuses as well as the NSA's use of Echelon, a massive initiative that monitors voice, fax, and data communications and is used for data mining of perhaps 3 billion communications per day. [/snip]- My concern is... (I'm from Nepal) not all ISP in my region go through the Nepal's Internet exchange point. so even the local traffic might have routed through USA if our ISP'z backbone providr is in USA. I don't have very good idea about ledal stuff but my basic assumption is BUYING SERVICE FROM A DIFFERENT COUNTRY DOESN'T MEAN WE ARE NECESSARILY SUBJECTED TO THEIR LOCAL RULES. (though depends on country foreign policy) Have our network traffic been spyed/sniffed too without our knowledge? Don't we have right of protection in the law to check such thing if any??? just willing to hear your views on what are the rules to check/tackle such issues in other foreign countries??? regards, -bipint story: http://www.securityfocus.com/brief/85 [snip]- At issue are the broad, sweeping powers the NSA now have to eavesdrop on Americans without their knowledge. Commentary from Ars technical speculates on the technology behind the massive eavesdropping. Bruce Schneier has a long commentary on historical abuses as well as the NSA's use of Echelon, a massive initiative that monitors voice, fax, and data communications and is used for data mining of perhaps 3 billion communications per day. [/snip]- My concern is... (I'm from Nepal) not all ISP
Re: [Full-disclosure] Spy Agency Mined Vast Data Trove
Echelon YAWN... That is old news that is like 10-15 years old and was first announce like 8-10 years ago was it not... Encryption? when it comes time to NSA/CIA/Omega Sector or other unnamed government agencies if they want to decrypt it they can... That is my belief. Really if we have nothing to hide we should not fear them listening to us. Now if they come in and start forcing a special mark or code word or something special in order to live or buy or sell anything then it is time to revolt. Other wise let them hear you talk to your significant other about some hot sexual adventure, if it is not your significant other maybe it is your best friend and you are going to tell them about how you banged away at this hot chick/guy (male or female for guys/gals and those of the alternative life style (Gay, Homosexual what ever you prefer). IF we really want to sue some good encryption that will take time to break we all have to learn and start using some anchient now dead language. Then once everybody is fluent in that we need to change again just to try and stay one step ahead of the spy devices! -- lhe On Mon, 2005-12-26 at 07:47 -0800, [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 26 Dec 2005 07:04:15 -0800 Bipin Gautam [EMAIL PROTECTED] wrote: hello list; My concern is... (I'm from Nepal) not all ISP in my region go through the Nepal's Internet exchange point. so even the local traffic might have routed through USA if our ISP'z backbone providr is in USA. I don't have very good idea about ledal stuff but my basic assumption is BUYING SERVICE FROM A DIFFERENT COUNTRY DOESN'T MEAN WE ARE NECESSARILY SUBJECTED TO THEIR LOCAL RULES. (though depends on country foreign policy) Have our network traffic been spyed/sniffed too without our knowledge? Don't we have right of protection in the law to check such thing if any??? just willing to hear your views on what are the rules to check/tackle such issues in other foreign countries??? The gist of the actions by the NSA and the Chimp in Charge should allow to you ascertain the obvious answer. One, the US government has no respect for its citizens' privacy so what makes you think it cares about the privacies of those in other countries. One of the problems with the US at this current point in time, is there is a revolving scenario being spoon fed to the public and this is being used to justify the actions of the idiots in office. This is called The War on Terror. Far too many people are quick to cower and believe whatever mass media crapaganda is being shown on television, and while this occurs, those in power jump on the opportunities to sneak in low blow, sucker punch crimes in hopes they go unnoticed. It happened with the CIA and their torture prisons, the Chimp in Charge stepping on civil liberties, you name it, this administration is doing it. So to answer your question, if it passed through any form of electronic communication, chances are ECHELON got a hold of it. Don't like it, don't use electronic communications, or use various types of encryption. Bottom line. -BEGIN PGP SIGNATURE- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkOwEHcACgkQo8cxM8/cskr21wCfaDzK6JhSQ9V8+g+pB++NqyPyFKkA n1IcgHmdLgiwhc9jCW0CwUPsExWc =26gs -END PGP SIGNATURE- Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Leif Ericksen [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Spy Agency Mined Vast Data Trove
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Dec 26, 2005 at 10:11:45PM -0600, Leif Ericksen wrote: Really if we have nothing to hide we should not fear them listening to us. Now if they come in and start forcing a special mark or code word or something special in order to live or buy or sell anything then it is time to revolt. Now, that is an interesting view of someone who really is not paying attention. What would you qualify as something to hide ? How about my banking account data ? How about the trade secrets of my company ? Well, how can I be sure they are not giving or selling this data to someone else, maybe one of the corporations that are financing political campains ? Would you mind of other governments started listening to your conversation ? What about other governments listening to conversations from USA corporations ? Just because people has something to hide that doesn't mean they are terrorists, doesn't mean they are a threat to the USA, and doesn't mean some half-brain USA President can authorize their comunications monitored. - -- Rodrigo Barbosa [EMAIL PROTECTED] Quid quid Latine dictum sit, altum viditur Be excellent to each other ... - Bill Ted (Wyld Stallyns) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDsMtQpdyWzQ5b5ckRAglaAKCV4zfib1mXOzgxGMwJAPrVFWZmBgCePrMf Il5VDyGO2/D9B1qKqgYeXcc= =LpVf -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Spy Agency Mined Vast Data Trove
On Mon, 2005-12-26 at 22:11 -0600, Leif Ericksen wrote: Echelon YAWN... That is old news that is like 10-15 years old and was first announce like 8-10 years ago was it not... Since there seems to be a great deal of misinformation and paranoia regarding ECHELON and the NSA, I'd like to remind everyone that, besides as Leif mentioned it being old news, there is also a great deal of information about it available. John Young over at Cryptome.org does a great job of accumulating such information. A nice introduction to ECHELON is the report prepared for EPIC, which they decided not to publish as an official EPIC report, but still made available at Cryptome. Get your bed time reading at http://cryptome.org/sigint-hr-dc.htm. Enjoy, Frank -- It is said that the Internet is a public utility. As such, it is best compared to a sewer. A big, fat pipe with a bunch of crap sloshing against your ports. signature.asc Description: This is a digitally signed message part ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/