[liberationtech] GCSC critical infrastructure survey

2017-11-08 Thread Bill Woodcock 
One of PCH’s long-term efforts has been to encourage governments to restrict 
their use of offensive cyber capabilities against the private sector.  As you 
might imagine, this is a reasonably popular idea everywhere except the US, 
Russia, and China.  As the GGE effort in the UN has stalled, we’ve successfully 
prevailed upon a number of governments, lead by the Dutch and Singaporeans (but 
with French participation as well) to stand up a purpose-specific commission on 
this issue, to try to establish a diplomatic norm.

   https://cyberstability.org/about/

We’re currently working in two working-groups, one focusing on what the norm 
would say (i.e. what specific behaviors would be discouraged, and under what 
circumstances), and the other focusing on the infrastructures about which it 
would be said (for instance, should hospitals, schools, or the electric grid be 
excluded from targeting-lists?).  I’m coordinating that second working-group, 
and we have a public survey, in which we’re assessing what people think should 
be protected:

   https://www.surveymonkey.com/r/criticalinfrastructure

We’re getting very good input from the Internet technical community, but 
somewhat less from the Internet Governance / Civil Society / Diplomatic 
communities.

Please consider taking the survey (should just take a couple of minutes) to 
help us establish a broad-based consensus on what infrastructures are worthy of 
special protection, and encourage others to take the survey as well.

Much appreciated,

-Bill Woodcock
 Executive Director
 Packet Clearing House





-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing the moderator at 
zakwh...@stanford.edu.

Re: [liberationtech] Twitter robots now block Internet Archive?

2017-04-08 Thread Bill Woodcock 
FWIW, I just asked Brewster, and he said that it's "always been blocked."


-Bill


> On Apr 9, 2017, at 02:26, Yosem Companys  wrote:
> 
> From: Christopher Philippo 
> 
> It used to be that one could access archives of Twitter posts, and if there 
> were no archive of a particular Tweet or Twitter feed one could create it.
> 
> That doesn’t seem to be the case now?
> 
> https://web-beta.archive.org/web/*/https://twitter.com/realDonaldTrump
> 
> When and why did the change occur, if this is not merely a momentary glitch?
> 
> Chris Philippo
> 
> -- 
> Liberationtech is public & archives are searchable on Google. Violations of 
> list guidelines will get you moderated: 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
> change to digest, or change password by emailing moderator at 
> compa...@stanford.edu.
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] PGP keysigning at ICANN 52 / Singapore

2015-02-07 Thread Bill Woodcock 

 On Feb 7, 2015, at 2:12 PM, Dr Eberhard W Lisse e...@lisse.na wrote:
 where will this be?

 There have been enough respondents to the Doodle poll that I think it’s safe 
 to fix the two times at 10am on Sunday, and noon on Tuesday.  There is no 
 respondent who isn’t able to make one or the other of those two times, and 
 most people can make both.
 David, can you or your staff suggest a location in the venue?

I haven’t heard anything from David, so let’s just use a back corner of the 
rotunda where the registration badge pickup is, at the top of the escalators, 
in the conference center.  There are plenty of tables and chairs.  I’ll stake 
one out early, and keep an eye out for everyone I recognize.  I’ll bring paper 
printouts of the keyring, also.

See (many of) you in twelve hours.

-Bill




-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] PGP keysigning at ICANN 52 / Singapore

2015-02-07 Thread Bill Woodcock 

 On Feb 8, 2015, at 2:26 PM, stefi st...@gn.apc.org wrote:
 
 missed you guys today.
 is tuesday at noon still on?

Yes.  Please add your key to the keyring before then.  Thanks.

-Bill




-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] PGP keysigning at ICANN 52 / Singapore

2015-02-05 Thread Bill Woodcock 

 On Feb 2, 2015, at 9:17 PM, Bill Woodcock wo...@pch.net wrote:
 
 I imagine a number of you will be at the ICANN meeting in Singapore next 
 week.  There will be a PGP keysigning during the ICANN meeting.  The keyring 
 is on BigLumber:
 
   http://biglumber.com/x/web?keyring=7522


There have been enough respondents to the Doodle poll that I think it’s safe to 
fix the two times at 10am on Sunday, and noon on Tuesday.  There is no 
respondent who isn’t able to make one or the other of those two times, and most 
people can make both.

David, can you or your staff suggest a location in the venue?

-Bill




-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Cuba: 5% Internet penetration

2015-01-08 Thread Bill Woodcock 

 On Jan 8, 2015, at 12:49 PM, Collin Anderson col...@averysmallbird.com 
 wrote:
 
 
 On Thu, Jan 8, 2015 at 2:27 PM, Bill Woodcock wo...@pch.net wrote:
 It’s called fiber.
 
 Fiber is cheap?

Relatively.  It’s sand, somewhat processed.  And it carries a lot of bits.  
Nothing else carries a lot of bits.  So, since it’s the only option that 
actually carries lots of bits, it’s sorta academic how much it costs relative 
to other things, that don’t carry lots of bits.  So, yes, less than a penny a 
strand-foot is cheap.

-Bill




-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Cuba: 5% Internet penetration

2015-01-08 Thread Bill Woodcock 

 On Jan 8, 2015, at 11:21 AM, S.Aliakbar Mousavi mousavi.s...@gmail.com 
 wrote:
 
 Hi,
 
 You just mentioned that There are technologies out there that make this 
 cheap, feasible, and reliable.
 What technologies you mean? Can you give me some examples?

It’s called fiber.  As always, the problem is not a technological one, so the 
technological solution doesn’t answer the actual problem.

-Bill




-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Time validation for 2-step verification codes

2014-08-27 Thread Bill Woodcock 

On Aug 27, 2014, at 8:29 AM, Amin Sabeti aminsab...@gmail.com wrote:
 Recently, a bunch of Iranian journalists/ activists have been targeted by 
 Iranian hackers.
 Some of them said their 2-step verification was active during the attack but 
 hacker could reuse the code that sent by Google via SMS and passed 2-step 
 verification!
 I was wonder to know if some folks here know the validation time for the 
 2-step verification code that users receive through SMS not the app.

I just checked with Google security, and this was the response:

 I think the code lasts as long as the one displayed on a phone... I
 suspect that even in the case where the code is 'short lived' getting
 it over SMS is considered 'insecure' and really, really not the best
 plan :(
 
 android/i-device/blackberry all have OTP apps that work with google's
 2-step, suggest that they use that instead of sms?

…for the same reasons Richard Brooks outlined in his reply.

-Bill




-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Internet Infrastructure Software Database

2014-08-03 Thread Bill Woodcock 

Without making any claims as to the value of maintaining such a list, I'll 
point out that I included gcc.

-Bill


 On Aug 3, 2014, at 3:06, danimoth danim...@cryptolab.net wrote:
 
 On 02/08/14 at 07:36am, Rich Kulawiec wrote:
 I think this list is a pretty good starting point.  Of course,
 having said that, now I want to edit it. ;)
 
 IMHO the idea is pretty stupid. The implementation also, because
 nobody mentioned a compiler.. lol, how to waste time
 -- 
 Liberationtech is public  archives are searchable on Google. Violations of 
 list guidelines will get you moderated: 
 https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
 change to digest, or change password by emailing moderator at 
 compa...@stanford.edu.
 

-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Internet Infrastructure Software Database

2014-08-02 Thread Bill Woodcock 

On Aug 2, 2014, at 6:11 PM, Travis Biehn tbi...@gmail.com wrote:

 Starting it on Wikipedia?

Not sure it’s appropriate for Wikipedia, since it’s just a list of people’s 
opinions, rather than anything remotely objective, but:

https://wiki.pch.net/doku.php?id=pch:public:critical-internet-software

 BGP.

Added bgpd.  BGP per se is a protocol, rather than a package, library, or OS.

-Bill




-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Internet Infrastructure Software Database

2014-08-01 Thread Bill Woodcock 

On Aug 1, 2014, at 9:46 AM, Jonathan Wilkes jancs...@yahoo.com wrote:

 Is there anything like a database for software that is critical to a 
 functioning internet?

That’s a really interesting question.  We maintain databases of critical 
Internet _infrastructure_, but not software.

I suspect that a software list would be even more controversial and subjective 
than infrastructure.  But that doesn’t make it less worthwhile to track.

A few starting points:

Applications and Libraries:
BIND
NSD
Sendmail
GnuPG and/or OpenPGP
OpenDNSSEC
Apache/httpd
sshd
OpenSSL
MySQL
PostgreSQL
PHP
Perl
Safari
Firefox
Chrome
CyrusSASL
FreeRADIUS
Nginx
haproxy
memcached

Operating systems:
Cisco IOS
Juniper JunOS
Some Linux variants, like CentOS
VMware hypervisor
KVM hypervisor

What makes something critical?  It seems like it needs to occupy a critical 
niche (a function that is, itself, important), be widely used, and have few 
easily-substituted alternatives.

-Bill




-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] *My* new book: DotCombat

2014-01-29 Thread Bill Woodcock 

On Jan 29, 2014, at 7:05 AM, Griffin Boyce grif...@cryptolab.net wrote:

  Granted, it's not written yet, but I'm starting to feel like I'm the
 only one in this space who *hasn't* written a book, haha. Calling dibs
 on the title. ;-)

See if you can get it to #1 on Amazon pre-orders!  :-)

-Bill




-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] dark mail alliance

2013-11-03 Thread Bill Woodcock 



 On Nov 3, 2013, at 3:30, phree...@yandex.ru phree...@yandex.ru wrote:
 
 I don't see how pasting over a QR code in a way that's not easily 
 detectable is somehow harder than pasting over a domain/email, or printing a 
 real-looking fake ad and pasting it over the real one.

A QR code is already isolated in an opaque white square.  It's single color, 
and moreover, that color is black. And it's smaller than a billboard. 

By contrast, a textual URL or email address will be in a specific typeface, 
probably matched to the rest of the billboard. It's also likely size-matched to 
other text. Most importantly, it's likely printed right over a patterned and 
colored background. 

While you're correct that you can address, to some degree, all of those issues 
by wheatpasting over the entire billboard, provided you're at least as 
competent a visual designer as the person who executed the original ad, which 
is easier to print and transport? A full-color billboard, or a black-on-white 
sheet of tabloid-sized paper?

To put this all in more practical terms, since these issues were not apparent 
to you, you're a less-skilled visual designer than anyone who would be paid to 
produce an advertisement. Therefore, you would not be capable of covertly 
coopting their advertisement. Yet you'd still be perfectly capable of 
successfully pasting over their QR code without anyone being the wiser. 

-Bill
-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Question re Cisco auth and remote login.best-practices

2013-09-23 Thread Bill Woodcock 
Doesn't scale until airlines go multicast.  :-)


-Bill


 On Sep 22, 2013, at 22:39, Paul Ferguson fergdawgs...@mykolab.com wrote:
 
 On 9/22/2013 10:32 PM, Bill Woodcock wrote:
 
 
 So, if we assume the worst, and figure we're just doing damage-control and 
 minimizing a large problem, what are the best-practices to follow in 
 configuring Cisco routers in remote locations?
 
 Generate max-length (4096-bit?) RSA keys on them, for the SSH sessions…
 
 Use remote auth to do command-by-command authorization, no level-15 logins?
 
 Run TACACs over IPsec?  Over something else?
 
 Locally trusted human. :-)
 
 - ferg
 
 
 
 -- 
 Paul Ferguson
 Vice President, Threat Intelligence
 Internet Identity, Tacoma, Washington  USA
 IID -- Connect and Collaborate -- www.internetidentity.com
 -- 
 Liberationtech is public  archives are searchable on Google. Violations of 
 list guidelines will get you moderated: 
 https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
 change to digest, or change password by emailing moderator at 
 compa...@stanford.edu.
-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Brazil Looks to Break from U.S.-Centric Internet

2013-09-20 Thread Bill Woodcock 

On Sep 18, 2013, at 9:40 AM, Bill Woodcock wo...@pch.net wrote:
 Well, there are a bunch of different concepts being discussed.  The primary 
 one is localization of routing, which isn't just possible, it's 
 best-practice, and something Brazil has been doing an excellent job of 
 already for quite a few years…  

David asked me to write this up in a bit more detail, with links to references, 
et cetera:

http://america.aljazeera.com/articles/2013/9/20/brazil-internet-dilmarousseffnsa.html

Despite the clear benefits of these developments for Brazilians, their 
government's statements have been shrilly and incorrectly branded as extreme 
and decried as Soviet socialism by some US media. This is largely due to a 
misimpression that what Brazil is doing is cutting itself off from the Internet 
or balkanizing the Internet -- when in reality, it's building more Internet 
faster.  et cetera.

-Bill




-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Brazil Looks to Break from U.S.-Centric Internet

2013-09-18 Thread Bill Woodcock 

On Sep 18, 2013, at 8:28 AM, David Johnson david.john...@aljazeera.net wrote:

 Interesting ... but is this even possible?
 http://world.time.com/2013/09/18/brazil-looks-to-break-from-u-s-centric-internet/

Well, there are a bunch of different concepts being discussed.  The primary one 
is localization of routing, which isn't just possible, it's best-practice, and 
something Brazil has been doing an excellent job of already for quite a few 
years.  If you look at https://pch.net/applications/ixpdir/summary/ you'll see 
that they've got 23 active exchanges, which puts them second in the world after 
the U.S., with 77% annualized growth, compared to 10% in the U.S.  If you look 
at the Brazil section of https://pch.net/ixpdir you'll see that almost all of 
that growth has been occurring since they made it an explicit policy goal in 
2008, and began aggressively implementing IXP best-practices.

At a governance level, Brazil is divided.  The CGI, which decides and 
implements domestic Internet policy, is the agency responsible for all this 
growth and best-practices-following.  As such, they've been largely aligned 
with OECD-country and Internet interests.  The Brazilian federal government, on 
the other hand, sets foreign policy, interacts with the ITU, et cetera.  And so 
although it has no appreciable influence over what happens _within_ the 
country, it's what's seen by other national governments in diplomatic circles.  
In Internet governance, Brazil tends toward this Brazil-India-South Africa 
axis, which doesn't particularly align with the Internet or OECD countries, 
unless by accident.  This is the area that Internet folks are most worried 
about, since those three countries are second-tier thought-leaders in the ITU, 
and can swing a lot of developing-country votes in their respective regions.  
So Brazil is, in many ways, the U.S.' opposite: they do the right thing 
domestically, but say the wrong thing internationally. 

-Bill




-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Brazil Looks to Break from U.S.-Centric Internet

2013-09-18 Thread Bill Woodcock 

On Sep 18, 2013, at 9:25 AM, Bill Woodcock wo...@pch.net wrote:
 On Sep 18, 2013, at 8:28 AM, David Johnson david.john...@aljazeera.net 
 wrote:
 
 Interesting ... but is this even possible?
 http://world.time.com/2013/09/18/brazil-looks-to-break-from-u-s-centric-internet/
 
 Well, there are a bunch of different concepts being discussed.  The primary 
 one is localization of routing, which isn't just possible, it's 
 best-practice, and something Brazil has been doing an excellent job of 
 already for quite a few years.  If you look at 
 https://pch.net/applications/ixpdir/summary/ you'll see that they've got 23 
 active exchanges, which puts them second in the world after the U.S., with 
 77% annualized growth, compared to 10% in the U.S.  If you look at the Brazil 
 section of https://pch.net/ixpdir you'll see that almost all of that growth 
 has been occurring since they made it an explicit policy goal in 2008, and 
 began aggressively implementing IXP best-practices.
 
 At a governance level, Brazil is divided.  The CGI, which decides and 
 implements domestic Internet policy, is the agency responsible for all this 
 growth and best-practices-following.  As such, they've been largely aligned 
 with OECD-country and Internet interests.  The Brazilian federal government, 
 on the other hand, sets foreign policy, interacts with the ITU, et cetera.  
 And so although it has no appreciable influence over what happens _within_ 
 the country, it's what's seen by other national governments in diplomatic 
 circles.  In Internet governance, Brazil tends toward this Brazil-India-South 
 Africa axis, which doesn't particularly align with the Internet or OECD 
 countries, unless by accident.  This is the area that Internet folks are most 
 worried about, since those three countries are second-tier thought-leaders in 
 the ITU, and can swing a lot of developing-country votes in their respective 
 regions.  So Brazil is, in many ways, the U.S.' opposite: they do the right 
 thing domestically, but say the wrong thing internationally. 

Sorry, hit send too soon.  The third area is content and the application 
layer.  Localizing routing doesn't make any difference if users explicitly 
choose a service that's only hosted elsewhere, so promoting local content and 
online services is also important, and an inherently good thing (in that it's 
more efficient from routing, performance, and economic standpoints).  Getting 
all their users off Orkut, for instance.  :-)

So, my guess is that what happened here is that the Brazilian federal 
government went to the CGI, asked what the scoop was, got clued in, and crafted 
the most opportunistic possible spin on what they've already been doing (well) 
for the past six years.  Because they've already been doing a good job of it, 
the announcement looks particularly momentous to people who haven't been paying 
attention.

-Bill




-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Brazil Looks to Break from U.S.-Centric Internet

2013-09-18 Thread Bill Woodcock 

On Sep 18, 2013, at 5:52 PM, Andrés Leopoldo Pacheco Sanfuentes 
alps6...@gmail.com wrote:
 What do you mean exactly by second-tier thought-leaders?

I mean that, in ITU politics, there are basically three camps: the OECD country 
camp, the China-Saudi Arabia camp, and the undecided, our-votes-are-for-sale 
camp.  I can explain the positions of each of these camps in more detail if 
you're not familiar with the ITU or what it's about.  Brazil, South Africa, 
India (and Russia, to round out the BRICS) are firmly in the undecided camp, 
voting in support of the Internet in some cases, against it in others.  In each 
case, these countries have regional influence over a set of other undecided 
countries, that tend to follow their vote relatively indiscriminately.  This is 
far less true of the members of the two decided camps; there aren't, for 
instance, a set of countries that are otherwise-undecided about the benefits of 
the Internet, that vote with, say, Canada, indiscriminately.  With regard to 
Brazil, the important thing to understand is that it's the foreign ministry of 
the Brazilian federal government that decides Brazil's ITU voting strategy, not 
CGI, and they're often diametrically opposed.

 It REALLY, AWFULLY, sounds patronizing and imperialistic etc.

The ITU is exactly that, yes.

-Bill




-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Massive passive wiretapper: How to technically troll them?

2013-09-14 Thread Bill Woodcock 

On Sep 14, 2013, at 8:35 AM, Fabio Pietrosanti (naif) li...@infosecurity.ch 
wrote:
 two peer could cost $500/month

Remember that it's my $500/month that you're talking about, not yours.  In the 
larger picture, that's $500/month removed from the productive side of the 
global economy.  Causing me to pay more money for someone to inspect things I'm 
not saying doesn't scale too well.

-Bill




-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] Modulo the usual problems with HTTPS/SSL, anyone have any critiques of this?

2013-09-10 Thread Bill Woodcock 

http://www.kickstarter.com/projects/1904431672/trsst-a-distributed-secure-blog-platform-for-the-o

-Bill




-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] iPhone 5S Fingerprint and Records (Was: iPhone5S and 5th amendment)

2013-09-10 Thread Bill Woodcock 

On Sep 10, 2013, at 2:54 PM, Scott Elcomb pse...@gmail.com wrote:

 Starting a new thread - it's related but a slightly different topic.
 
 Despite having several devices with fingerprint scanners, I've never used one.
 
 With the release of iPhone 5S and all the discussion around it, I'm
 curious if fingerprints on file with various Law Enforcement agencies
 could be printed out or otherwise used to unlock devices detained at
 border crossings or during other investigations?

Coming soon to a checkpoint near you:  3D printing in gummi-bear material.

-Bill




-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Announcing Scramble.io

2013-08-23 Thread Bill Woodcock 

On Aug 23, 2013, at 7:12 PM, Ali-Reza Anghaie a...@packetknife.com wrote:
 - (To everyone) Why is there almost never a discussion on RFCs and
 talking something down the pathway of what would it take to make a
 standard out of this?

Because, at this point, very few useful standards make it through the IETF.  
There are things for which the IETF is completely appropriate.  VoIP and jabber 
and so forth work pretty well in the IETF, for a variety of reasons.  But 
something like this, which is much more about the application layer, needs to 
be implemented first, get a base of users and testers and contributors, and 
then if there's something innovative about it down at the protocol layer, that 
can be run through the IETF after-the-fact.

-Bill




-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Anonymity Smackdown: NSA vs. Tor

2013-08-07 Thread Bill Woodcock 

On Aug 7, 2013, at 12:05 AM, Roger Dingledine a...@mit.edu wrote:
 Consider two scenarios. In scenario one, NSA doesn't run any Tor
 relays, but they have done deals with ATT and other networks to be
 able to passively monitor those networks -- including the (honest,
 well-intentioned) Tor relays that run on those networks. They're able to
 monitor some fraction of the Tor network capacity -- whether that's 1%
 or 10% or 30% is a fine question, and depends on both Internet topology
 and also what deals they've done.
 
 In scenario two, they do that plus also run some relays. They have to
 deal with all the red tape of deploying and operating real-world things
 on the Internet, and the risk that they'll do it wrong, somebody will
 notice, etc. And the benefit is maybe a few percent increase in what
 they can watch.
 
 Why would they choose scenario two? 

Geographic reach.  In order to observe exit and entry nodes that are not within 
the coverage footprints of the telcos with whom they have special relationships.

-Bill




--
Liberationtech list is public and archives are searchable on Google. Too many 
emails? Unsubscribe, change to digest, or change password by emailing moderator 
at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Critically Examining What Would Happen if the U.N. (or another international body) Administered the Internet?

2013-07-16 Thread Bill Woodcock 

On Jul 16, 2013, at 3:08 PM, Zack Brisson z...@thereboot.org wrote:
 Have there been nuanced and balanced explorations of how the U.N. (or another 
 international organ) could serve as reasonably equitable hub for a 
 multi-stakeholder Internet from actors others than those with a clear 
 position biasing their analysis? Having worked closely with the U.N., I am 
 under no illusions as its infallibility or consistent effectiveness. But is 
 this End of the Internet/Internet Freedom truly an inevitable outcome for 
 either technical or political reasons?

It's not a question of the end of the Internet, it's a question of whether 
the U.N. has any way to facilitate the continuance of bottom-up 
multistakeholder governance (since that's not how they operate, and none of 
their structures natively support non-governmental decision-making), and at a 
greater degree of remove, whether any nationalistic form of governance would, 
in the long run, preserve the end-to-end model.

Most people believe that if governments were to gain control over Internet 
governance, that they'd do what they do with everything else, and start making 
national-scale divergences from the current global standards. They're strongly 
incentivized to do so, at the expense of global markets, and the global public, 
the vast majority of whom are not their constituents.  It's a potential tragedy 
of the commons, which is held in check by the fact that it's currently 
communally governed, rather than individually governed, so it's governed in the 
common good, rather than to the maximization of individual goods at the expense 
of the whole.

It's very difficult to talk for very long about the abstract theory of all 
this, before someone drags in the actual, more complicated, situation, wherein 
the U.N. isn't just the U.N., but also the ITU, and the ITU isn't just the ITU, 
but the ITU staff, and three camps of ITU member states that are at odds with 
each other, and that whole mess is just a pawn in the larger WTO chess-match, 
etc., etc., etc.

-Bill





--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] One time pad Management system?

2013-07-12 Thread Bill Woodcock 

On Jul 12, 2013, at 7:15 AM, Eugen Leitl eu...@leitl.org wrote:
 I would be very interested in hardware recommendations for
 an affordable, high-quality hardware RNG (ideally something
 like VIA Padlock RNG).

We use these:

http://www.entropykey.co.uk

Cheap in bulk.

-Bill





--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] How many of us are at CFP?

2013-06-25 Thread Bill Woodcock 

...today?  Apropos question, given that it's nearly lunchtime in D.C.


-Bill


--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] [cryptography] [ipv6hackers] opportunistic encryption in IPv6

2013-06-13 Thread Bill Woodcock 

On Jun 12, 2013, at 4:25 PM, Nico Williams n...@cryptonector.com wrote:
 There have been many proposed ways of doing roughly the same thing.
 To my knowledge not one has succeeded wildly.  RFC5660 has not been
 implemented.  Lacking IPsec channels one needs something like CGA to
 ensure peer key/ID continuity, as otherwise IPsec only authenticates
 individual packets (and their senders), not *packet flows*, which
 wouldn't be a problem if IP addresses weren't assigned dynamically.

Any reasonable way to bootstrap this off DNSSEC and dynamic DNS in the in-addr? 
 More complicated than DANE, but if the key distribution is the hard part, and 
DNSSEC solved that, I'd rather do the hard part once and get the benefit of it 
for multiple other protocols, rather than reinvent the wheel each time.

-Bill





--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Designing the best network infrastructure for a.Human Rights NGO

2013-02-28 Thread Bill Woodcock 

Ah, yes, those expensive man-hours.  Security is so much easier when you don't 
give it time and attention.  It also doesn't work. 


-Bill


On Feb 28, 2013, at 8:09, anonymous2...@nym.hush.com 
anonymous2...@nym.hush.com wrote:

 I knew this was coming at some point. Yes I am starting with 
 Windows, it's more functional (awaits incoming) and costs less in 
 terms of expensive man hours (the hidden cost vs software) for an 
 Linux guru to run and monitor the network.
 
 On Thu, 28 Feb 2013 13:03:00 + Bill Woodcock wo...@pch.net 
 wrote:
 You want to do this securely, and you're _starting_ with Windows?
 
 
   -Bill
 
 
 On Feb 28, 2013, at 7:40, anonymous2...@nym.hush.com 
 anonymous2...@nym.hush.com wrote:
 
 Hi, 
 We are a human rights NGO that is looking to invest in the best 
 possible level of network security (protection from high-level 
 cyber-security threats, changing circumvention/proxy to protect
 IP 
 address etc, encryption on endpoints and server, IDS/Physical
 and 
 Software Firewall/File Integrity Monitoring, Mobile Device 
 Management, Honeypots) we can get for a our internal network. I
 was 
 wondering if people would critique the following network, add 
 comments, suggestions and alternative methods/pieces of
 software. 
 (Perhaps if it goes well we could make a short paper out of it,
 for 
 others to use.)
 
 -Windows 2012 Server
 -VMWare virtual machines running Win 8 for remote access
 -Industry standard hardening and lock down of all OS systems.
 -Constantly changing proxies
 -PGP email with BES
 -Cryptocard tokens
 -Sophos Enterprise Protection, Encryption and Patch management
 -Sophos mobile management
 -Encrypted voice calls for mobile and a more secure alternative
 to 
 Skype via Silent Circle.
 -TrueCrypt on all drives - set to close without use after a 
 specific time
 -Easily controlled kill commands
 -False and poison pill files
 -Snort IDS
 -Honeypots
 -Tripwire
 -Cisco Network Appliance
 -No wifi
 -Strong physical protection in a liberal country as regards
 human 
 rights
 
 I know there are many other factors, good training, constant 
 monitoring, avoiding spearfishing, penetration testing, etc but
 if 
 possible I would please like to keep the conversation on the 
 network design and software.
 
 Thanks guys.
 -Anon
 
 --
 Too many emails? Unsubscribe, change to digest, or change
 password by emailing moderator at compa...@stanford.edu or 
 changing your settings at 
 https://mailman.stanford.edu/mailman/listinfo/liberationtech
 
 --
 Too many emails? Unsubscribe, change to digest, or change password 
 by emailing moderator at compa...@stanford.edu or changing your 
 settings at 
 https://mailman.stanford.edu/mailman/listinfo/liberationtech
 

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Designing the best network infrastructure for a.Human Rights NGO

2013-02-28 Thread Bill Woodcock 

Sorry, thought you'd asked for advice about the best possible way to do it. 
Didn't realize you meant best possible with no time or attention.  But, wait, 
that's not quite it either, is it?  You meant that you don't want to invest 
_your_ time and attention, but you think people on the list can solve that for 
you by contributing _our_ time and attention?  I'm not sure it works that way, 
but perhaps someone who's feeling more charitable than I am right now can 
suggest the best possible solution that requires none of your time and 
attention and runs on Windows. 

Since I'm now 34 hours into an Ottawa-bound itinerary for the CIF, a tip of the 
hat to Canada: As secure as possible, under the circumstances.

-Bill


On Feb 28, 2013, at 8:22, anonymous2...@nym.hush.com 
anonymous2...@nym.hush.com wrote:

 Can we please get back to the issue at hand
 
 On Thu, 28 Feb 2013 13:16:03 + Bill Woodcock wo...@pch.net 
 wrote:
 Ah, yes, those expensive man-hours.  Security is so much easier 
 when you don't give it time and attention.  It also doesn't work. 
 
 
   -Bill
 
 
 On Feb 28, 2013, at 8:09, anonymous2...@nym.hush.com 
 anonymous2...@nym.hush.com wrote:
 
 I knew this was coming at some point. Yes I am starting with 
 Windows, it's more functional (awaits incoming) and costs less
 in 
 terms of expensive man hours (the hidden cost vs software) for
 an 
 Linux guru to run and monitor the network.
 
 On Thu, 28 Feb 2013 13:03:00 + Bill Woodcock
 wo...@pch.net 
 wrote:
 You want to do this securely, and you're _starting_ with
 Windows?
 
 
  -Bill
 
 
 On Feb 28, 2013, at 7:40, anonymous2...@nym.hush.com 
 anonymous2...@nym.hush.com wrote:
 
 Hi, 
 We are a human rights NGO that is looking to invest in the
 best 
 possible level of network security (protection from high-level
 
 cyber-security threats, changing circumvention/proxy to
 protect
 IP 
 address etc, encryption on endpoints and server, IDS/Physical
 and 
 Software Firewall/File Integrity Monitoring, Mobile Device 
 Management, Honeypots) we can get for a our internal network.
 I
 was 
 wondering if people would critique the following network, add 
 comments, suggestions and alternative methods/pieces of
 software. 
 (Perhaps if it goes well we could make a short paper out of
 it,
 for 
 others to use.)
 
 -Windows 2012 Server
 -VMWare virtual machines running Win 8 for remote access
 -Industry standard hardening and lock down of all OS systems.
 -Constantly changing proxies
 -PGP email with BES
 -Cryptocard tokens
 -Sophos Enterprise Protection, Encryption and Patch management
 -Sophos mobile management
 -Encrypted voice calls for mobile and a more secure
 alternative
 to 
 Skype via Silent Circle.
 -TrueCrypt on all drives - set to close without use after a 
 specific time
 -Easily controlled kill commands
 -False and poison pill files
 -Snort IDS
 -Honeypots
 -Tripwire
 -Cisco Network Appliance
 -No wifi
 -Strong physical protection in a liberal country as regards
 human 
 rights
 
 I know there are many other factors, good training, constant 
 monitoring, avoiding spearfishing, penetration testing, etc
 but
 if 
 possible I would please like to keep the conversation on the 
 network design and software.
 
 Thanks guys.
 -Anon
 
 --
 Too many emails? Unsubscribe, change to digest, or change
 password by emailing moderator at compa...@stanford.edu or 
 changing your settings at 
 https://mailman.stanford.edu/mailman/listinfo/liberationtech
 
 --
 Too many emails? Unsubscribe, change to digest, or change
 password 
 by emailing moderator at compa...@stanford.edu or changing your
 
 settings at 
 https://mailman.stanford.edu/mailman/listinfo/liberationtech
 

--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Comprehensive overview of IG related processes

2013-01-15 Thread Bill Woodcock 

On Jan 14, 2013, at 1:02 PM, Marcin de Kaminski 
marcin.de_kamin...@soclaw.lu.se wrote:

 Hi!
 
 I'm looking for a tool (or list) that visualizes the multitude of
 Internet Governance related processes going on atm. Is anyone aware of
 such a service?

Processes is more complicated than meetings, but this may give you a start:

http://internetmeetings.org

-Bill





--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] Bitcoin and The Public Function of Money

2012-10-30 Thread Bill Woodcock 

On Oct 30, 2012, at 2:10 PM, Dmytri Kleiner d...@telekommunisten.net wrote:
 The critical feature required of public money is that we can socially 
 determine how much of it there is, and how much of we want to apply to public 
 purpose. We need ways to create and destroy public money so that we can can 
 have a counter-balance to private activity, to manage cycles, to 
 counter-balance economic sectors, and to socially pursue public objectives.
 -- 
 Dmytri Kleiner
 Venture Communist


Something I've noted about both Bitcoin and bullion-backed currencies, that 
might hold true of some other currencies as well, is that they're the product 
of the consumption of labor.  With bitcoin, you can waste CPU cycles on a task 
with no intrinsic value, and the result is bitcoin.  With bullion-backed 
currencies, you can send miners into one hole in the ground to consume 
calories, and construction workers into another hole in the ground to consume 
calories and construction materials, and move metal from one hole to the other, 
and the result is money.

Potlatch economies have always resonated a little more sympathetically for me.

-Bill Vladimir Ilyich Perkins Woodcok





--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] anyone attending WCIT-12?

2012-10-24 Thread Bill Woodcock 

On Oct 24, 2012, at 8:30 AM, Muzammil M. Hussain muzam...@uw.edu wrote:
 I'll be attending WCIT-12 http://www.itu.int/en/wcit-12/Pages/default.aspx -- 
 anyone on this list headed to Dubai in December? 

Are you going as part of a delegation?

-Bill





--
Unsubscribe, change to digest, or change password at: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] First World Internet freedom problem

2012-06-15 Thread Bill Woodcock 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

http://www.guardian.co.uk/uk/2012/jun/15/girl-photos-school-meals-blog?CMP=twt_gu


-Bill




-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJP21W9AAoJEG+kcEsoi3+HAzgP/1GcgCSITPybES8m0QNgZubk
epIep9mOl29km90FPrVB9FME6uoHJHxr8NDhQfGkyciEzVOQ65ESCyc2qtQlXrlU
BcTFtCHBSVdjEpU4meMqTWzfXEZJ50C2RdhBKFc82PSI+RZJD5A5XWil0W3Zdn6N
WElKJNcD6su72Oke+w8QUcYmstMAJcstgNNYvaPpU6hnk60E8NkUmdGpDiI/1VD2
1WSEJ9ijMA0qNzNgYP76pY+AberhzbKE82c6+cCMwytTJSG90cY197pdGwaILvji
OMu5h5tlHISZaRWMIAy+wzI0OqtzlSWe6TE/2L6RE210vU7H4H7OwjftVPlBs7sE
WPM5s9gS0k4VLjjk58RiI928pwlvxNqgU7/JphSeU2HKVpPJEYFxrrc/EDAliRyo
KYz6mCkJww1yRasfSE0AuQm6ZgTBqDiKWY3WpQZ+82+3XIv2uDDKCgnHz/gyyByt
z32iO3V8SgmyUTxdCgiQGdc5mDObvXWUrpdJVIhoKh0EqI/PW7PdM76NT3eU//Em
PmivhQV/mgui4+ioLUWFYj2Ao9dm3AZJz3Rp+w0psOy0yi1S2DcfrzchyrZeBgnJ
IguYva32hwBizVLcb1iOBBlswgDDue5IyzOEmW1X8pTufOtCWsVLEauTVwF23zP2
KtPG/0Xrda7Ct2WsYAbX
=t/tb
-END PGP SIGNATURE-

___
liberationtech mailing list
liberationtech@lists.stanford.edu

Should you need to change your subscription options, please go to:

https://mailman.stanford.edu/mailman/listinfo/liberationtech

If you would like to receive a daily digest, click yes (once you click above) 
next to would you like to receive list mail batched in a daily digest?

You will need the user name and password you receive from the list moderator in 
monthly reminders. You may ask for a reminder here: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Should you need immediate assistance, please contact the list moderator.

Please don't forget to follow us on http://twitter.com/#!/Liberationtech