Re: Revealed: NSA program collects 'nearly everything a user does on the internet'
On Thu, Aug 1, 2013 at 8:53 PM, Nick Khamis sym...@gmail.com wrote: I'll make this short. Is our OpenVPN server prone? if you sent pictures it's surelybe easier to tell if it were prone, or standing...
Re: Revealed: NSA program collects 'nearly everything a user does on the internet'
On Aug 1, 2013, at 7:55 PM, Nick Khamis sym...@gmail.com wrote: I'll make this short. Is our OpenVPN server prone? prone to what exactly? If you mean your connection to the server then I would say no but the server to other servers is a different story.
Re: Revealed: NSA program collects 'nearly everything a user does on the internet'
I'll make this short. Is our OpenVPN server prone?
Revealed: NSA program collects 'nearly everything a user does on the internet'
Tin foil hat Wednesday, limited supplies. Revealed: NSA program collects 'nearly everything a user does on the internet' http://gu.com/p/3hy4h Sent from my Mobile Device.
Re: Revealed: NSA program collects 'nearly everything a user does on the internet'
On 31 July 2013 16:46, Warren Bailey wbai...@satelliteintelligencegroup.com wrote: Tin foil hat Wednesday, limited supplies. Revealed: NSA program collects 'nearly everything a user does on the internet' http://gu.com/p/3hy4h - Have I read it correctly. Can then break into a vpn connection, then leach documents that a german in pakistan is sending to his office in germany? - So excel documents store MAC address?... time to set them to random numbers :D - What is the red dots in the bottom of the map? satellites? penguin powered servers on the south pole? - The document make it looks like this exist to spy religious terrorist and industrial espionage. But who know. Woah, thats a lot of red dots in europe. Must be to protect the europeans. -- -- ℱin del ℳensaje.
Re: Revealed: NSA program collects 'nearly everything a user does on the internet'
Interesting that they are showing screen captures of a ppt file. -Jorge On Jul 31, 2013, at 9:46 AM, Warren Bailey wbai...@satelliteintelligencegroup.com wrote: Tin foil hat Wednesday, limited supplies. Revealed: NSA program collects 'nearly everything a user does on the internet' http://gu.com/p/3hy4h
Re: Revealed: NSA program collects 'nearly everything a user does on the internet'
On Jul 31, 2013, at 10:26 AM, \tei'' oscar.vi...@gmail.com oscar.vi...@gmail.com wrote: - Have I read it correctly. Can then break into a vpn connection, then leach documents that a german in pakistan is sending to his office in germany? I would guess that it's becasuse many VPN services still support PPTP which can be attacked as outlined here: http://www.schneier.com/paper-pptpv2.html --Chris
Re: Revealed: NSA program collects 'nearly everything a user does on the internet'
Don't forget Theo DeRaadt's email about IPSec! http://marc.info/?l=openbsd-techm=129236621626462 On 31 July 2013 16:50, Chris Boyd cb...@gizmopartners.com wrote: On Jul 31, 2013, at 10:26 AM, \tei'' oscar.vi...@gmail.com oscar.vi...@gmail.com wrote: - Have I read it correctly. Can then break into a vpn connection, then leach documents that a german in pakistan is sending to his office in germany? I would guess that it's becasuse many VPN services still support PPTP which can be attacked as outlined here: http://www.schneier.com/paper-pptpv2.html --Chris
Re: Revealed: NSA program collects 'nearly everything a user does on the internet'
And how many people utilize a VPN for site to site? You can convince me you can spin up an Ipsec connection, but at that point your originating gateway changed from your way to the Internet to the VPN's way. Either.. Way.. You still head out in clear channel Internet and get owned elsewhere. I can't see a giant this doesn't work here sign on much except for Tor. Sent from my Mobile Device. Original message From: Chris Boyd cb...@gizmopartners.com Date: 07/31/2013 8:52 AM (GMT-08:00) To: NANOG nanog@nanog.org Subject: Re: Revealed: NSA program collects 'nearly everything a user does on the internet' On Jul 31, 2013, at 10:26 AM, \tei'' oscar.vi...@gmail.com oscar.vi...@gmail.com wrote: - Have I read it correctly. Can then break into a vpn connection, then leach documents that a german in pakistan is sending to his office in germany? I would guess that it's becasuse many VPN services still support PPTP which can be attacked as outlined here: http://www.schneier.com/paper-pptpv2.html --Chris
Revealed: NSA program collects 'nearly everything a user does on the internet'
Chris Boyd cboyd at gizmopartners.com Wed Jul 31 15:50:09 UTC 2013 I would guess that it's becasuse many VPN services still support PPTP which can be attacked as outlined here: http://www.schneier.com/paper-pptpv2.html --Chris That link doesn't even mention the worst vulnerability in PPTP/MS-CHAPv2. Strangely, it's only in the PDF version http://www.schneier.com/paper-pptpv2.pdf at the bottom of page 6: Note also that the MS-CHAP response generation algorithm is also a weak link, even when passwords contain adequate entropy. It is clear that the NT hash can be recovered with just two DES exhaustive keysearches (about 256 trial DES decryptions on average) In other words, PPTP/MS-CHAPv2 is equivalent to encrypting your password with *single DES* and sending it over the untrusted network. It doesn't matter how strong your plaintext password is. Not only can the passive eavesdropper decrypt your VPN-tunneled data, he can obtain the NT hash which is a password-equivalent credential allowing him to impersonate the user to log into any other network services. Moxie Marlinspike and David Hulton described the exploit for it at Defcon 20 last summer: Defeating PPTP VPNs and WPA2 Enterprise with MS-CHAPv2 http://www.youtube.com/watch?v=vWXP3DvH8OQ Moxie's Cloudcracker online service will decrypt your PPTP packet captures using an FPGA cluster from Pico Computing. Last I heard, the price was a flat fee of $200, although it sometimes goes on sale. http://www.h-online.com/security/features/A-death-blow-for-PPTP-1716768.html http://h-online.com/-1716768 So it's not just the NSA, it's any passive observer with a budget of $200 for a one-off or ~$10K for their own hardware capability. PPTP is old and busted, don't let your friends use it! If you've ever used it, change your password. IMHO, if there's any other protocol more deserving of the internet kill switch I don't know what it is. - Marsh (sorry for not threading properly, I just subscribed to reply)