NSA has direct access to tech giants' systems for user data, secret files reveal

Re: NSA Foils Internet Encryption

I was just there.

 

Does this include Apple?

 

Of course.

 

reminds me off previous situation where one leader was being impeached and then next thing we knew Serbia needed to be bombed immediately. the one prior to that seemed almost giddy on announcing the first Iraq war

(i left names and parties out so i hope this comment can stand as somewhat apolitical)

 

Connecting directly, Bruce Schneiers site never loads. Through Tor it does.

 

Before everyone starts blaming vendors and calling them liars and cheats, I think we should consider several points. All of the articles I have seen are very vague about what the NSA has actually done, with the descriptions ranging through a laundry list of possibilities. Undoubtedly, the NSA has some of the best mathematicians and cryptographers in the world. The NSA also has some of the fastest computers in the world, as well as vast financial resources. It is fairly likely that they could know about some systemic weaknesses in certain encryption algorithms that others would not. Indeed, this is also on the list of accusations, that the NSA purposely steered the encryption standards process in the ways they desired as advantageous to their interests.

If that is the case, then it may be true that the NSA knows of an exploitable weakness that wasn't obvious to the vendors when they were implementing their code. If the vendor was simply implementing encryption code according to the published standard, they may be totally unaware of any complicity in the NSA's decryption efforts. According to the experts, it is actually very difficult to properly code an encryption algorithm, even based off of published standards. In many cases, even the simplest choice, of say, what routine to use for your psuedo-random number generator can determine if your final encryption is vulnerable or not. The NSA could very well be aware of systemically poor choices in the code of Microsoft, Google, Apple, or whoever... that perhaps the vendors themselves aren't even fully aware. You are talking about a team of thousands of the best minds in cryptography with essentially all of the time & money in the world, versus maybe a dozen coders for a vendor just trying their best to knock out an encryption algorithm by management's deadline.

I just feel all of the angst and mistrust of vendors is a bit overboard. But then I find the level of paranoia in this whole discussion to be rather amazing. The honest truth -- and this may sound a bit mean -- is that 99.999% of us aren't doing anything that the NSA would even care about. Ok, so maybe that isn't the point. Maybe it is just about whats "right" and about people being entitled to "privacy". But, then, as I have said in the past, "privacy" isn't in the Constitution, and definitely not some absolute notion of impenetrable privacy. All of this dismay and anxiety over what some vendor did or didn't do is really doing nothing but weakening the American economy little by little. The irony of foreign nationals complaining about the American NSA and American vendors not safeguarding their privacy is almost nauseating to me. It's astounding to me that because these same articles aren't being written about their respective governments and top corporations, that they aren't doing -- or wanting to do -- the exact same things or worse. No, maybe that doesn't make it right for the USA to be doing it too, but it does make it extremely hypocritical of those complaining.

 

See https://www.wilderssecurity.com/showthread.php?p=2277012#post2277013

The last I knew, Bruce Schneier was American, and he's calling for engineers to speak out and reestablish Internet privacy.

https://en.wikipedia.org/wiki/Bruce_Schneier

 

With all due respect, I totally disagree with you. This is no overboard story. Still, no body can force anyone else to join the dots and to essentially stop being wilfully blind in the face of conclusive evidence. Unless youre on the inside track, how would you know what the honest truth is as to what the NSA's motives are? umm nor do I see what "sounding mean" has got to do with it.

The fact is they care very much about anything they can pull out on you later to substantiate a charge against you. Remember how broad the word terrorist has become. You can poohoo this now, but you wont be in time to come.

 

That's been the problem for way too long. People get so focused on the individual "dots" and finding ways to individually explain them away that they never see the dots forming a pattern. We've had plenty of evidence in front of us for many years. The real problem is that most didn't (and still don't) want to see what it really adds up to. History is too full of examples of where this kind of blindness leads. Humanity has been on this road before and we know where it leads. The belief that "it can't happen here" usually proves wrong over time.

 

Well said.

 

If someone had told you 10 years ago that downloading music with P2P software would get you labelled as supporting terrorism, would you have believed it? Would you have expected such a label for supporting the Occupy Wall Street protests? How about being labelled as a communist for preferring open source software? How about having to wear an RFID tag so they can tell where you are, like they're trying in some schools now? Even a couple years ago, was using a proxy to change or hide your IP a computer crime?

How many pages of examples does it take to demonstrate a pattern of behavior?

 

-http://www.washingtonpost.com/business/technology/google-encrypts-data-amid-backlash-against-nsa-spying/2013/09/06/9acc3c20-1722-11e3-a2ec-b47e45e6f8ef_story.html

Edit: Microsoft and Yahoo aren't happy either

-http://www.theguardian.com/world/2013/sep/06/yahoo-nsa-gchq-decryption-abuse

 

The actual word Privacy isn't, but the meaning of it is

 

id like to read that proof , may i remind you microsoft has been doing this since windows 95 so backdooring isnt anything new , only cause a couple articles released with this "news" doesnt change what the games been since a long time , this an excerpt from techrights: "For one criminal entity to collude with another is only natural and NSA back doors for Windows are now confirmed. These have been around for ages"
http://techrights.org/2013/07/11/microsoft-nsa-direct-access/
, so as long as you check and make sure to take vulnerability precautions for your OS no matter if linux or windows , those nsa backdoors cant really help whatsoever if your OS is configured in such a way as to thwart

theyre funtions mind you backdoors are possible in open source as well if you dont review every single bit of code after every release , starting with encypted bytes configuring for windows 7 thread is a good start and can be further improved with completely disabling access to the internet with a proper firewall 3rd party of course, and tunnel every bit of net connectivity through a vpn chain, using wireshark to confirm the packets , only thing windows should be is the OS itself , firewall , AV, SB, VMs , suits, browsers, email client ,etc etc should be

opensource aka 3rd party as said or as close to it as possible meaning properly reviewed code by trusted sources as far as trusted goes , am a linux and windows user myself , and both have theyre merits , what i cant do on one i can do on the other, linux is exspecially a bitch when it comes to video filters and codecs and of course games, mind you on top of that you can activate windows in a anonymous way and use TC with hidden OS feature wich to date only works for windows to my knowledge ,to further thwart any of those backdoors , treating your OS as compromised from the getgo as i have been doing for quite some time now should be a given anyhow and hidden os feature of TC helps alot with compartmentalization of your IRL and Anonymous identity , using a mac randomizer helps as well as using a full virtualization tool such as shadow defender it prevents infections on the volume level as long as active and ram caching active , use the tools that are at your disposal, and kids remember encryption encryption encryption dont matter what it is you do use it , what has been revealed so far is chump change theres far worse things going on behind the curtains that snowdeen doesnt even know about , if the NSA really wanted snowden removed from sight they wouldve done so long ago think about it for a sec

oh and one more thing for all those w8 users out there this might make you go one version back

http://americablog.com/2013/08/leak...ndows-8-computers-potential-backdoor-nsa.html


windows 7 will be good for quite a few years to come and once it becomes obsolete , whenever that is looking at xp , we will either have a new microsoft company that did a complete 180° turn from sleeping with the nsa to a peoples company , if not then we will all be running w7 for a very long time or eventually switch to opensource OSs completely , microsoft has its own fate in its hands its up to bill now cause the future isnt looking good at all for them

and yes i wouldnt trust apple one sec , since its not just software but the entire hardware platform could be backdoored as above link demonstrates is possible ,wich we have no control over , id go for android with aosp any day wich the code can be properly reviewed , over apple products

 

Microsoft Corp. (MSFT), the world’s largest software company, provides intelligence agencies with information about bugs in its popular software before it publicly releases a fix, according to two people familiar with the process. That information can be used to protect government computers and to access the computers of terrorists or military foes.

Skype is said to have several back doors. Our latest post about it got updated with new information. Skype can be used as a back door on any platform (known holes left unaddressed), GNU/Linux included. Microsoft controls it and it has a monopoly on the source code.

And so yes Linux would be ok if you can trust the programs installed.

 

900% in total agreement with every aspect and points stated.

For sensible folks about this a NO BRAINER

 

now that we know calling out Windows is a serious matter of national security (the NSA regularly gets back doors for access, as noted in more and more articles right now), we should consider what it really means. With UEFI it has been demonstrated that motherboards can be bricked , irrespective of the platform (provided there is remote access to it). Imagine what can happen at times of war. If the NSA can take over Windows, which it can, it can brick any computer with such motherboards. This is serious because it means that not even reinstalling the operating system or swapping operating systems would help. This is what one gets when the most ferocious cyberarmy has back door access to the system. This new article about restricted boot covers antitrust issues as well:

 

Remote access such as ports that can't be closed? UEFI, another "dot" that helps to make the pattern clearer, one that was explained away in the usual fashion while the larger implications were ignored. I'm glad that none of my equipment has it.
Controler.
Got a link to that article?

 

actually about uefi , i woulndt worry too much about it as it can be disabled using legacy mode, never used uefi ever since its release , so no remote access id be more worried owning devices with tpm chips

http://www.pcmag.com/article2/0,2817,2417361,00.asp

 

That doesn't mean one can't respectfully disagree with Bruce Schneier. I'm actually not all that enamored with him, and find him to be this decade's Steve Gibson... albeit perhaps a bit more professional. That is, these are people that essentially make a living off of being security gadflies. They use it as a means of self-promotion, sometimes over reality and common-sense. Much akin to those paid "consultants" who raised such a fuss and essentially tried to promote mass hysteria over Y2K, which in retrospect everyone agrees was a non-event.

In order to agree with you or Bruce Schneier, I would have to agree that "Internet privacy" was a worthwhile goal. Personally, I actually do not have any expectation of privacy on the Internet, nor do I have any expectation of privacy when I drive down the highway. You may say, "Ah, but Alec, what about your financial transactions with banks and such?" And the truth is, even there, I don't really care that much about privacy, what I care about is accurate authentication and authorization. No, to me, privacy on the Internet leads to anonymity on the Internet, and anonymity on the Internet leads to very undesirable behavior. It lets people act like retarded 12-year olds without any repercussions... and those are the people that aren't even trying to do something truly nefarious or malicious. Darkness generally does not promote healthy behavior.

Nor do I care for any condescending remarks about dots and their connections, or forests and trees. I get it. The US government likes to spy on people. But... shhh... let me let you in on a little secret: all governments like to spy on people. (Condescension right back at you.) There is nothing uniquely American here. Indeed, the only thing somewhat unique is that in America we generally allow people to publish such criticisms of their government. Now, certainly, Western European countries do as well... so I'm not trying to be smug; but isn't it interesting that the countries to which Edward Snowden ran -- Hong Kong, aka China, and Russia -- would likely have summarily executed him had he done the same thing to one of their governments as a citizen. (Granted, if the US catches him they will likely try him for treason and lock him up for 20 years. As they should since he violated oaths taken to acquire his security clearance.)

I am also well aware of the Fourth Amendment to United States Constitution. Please read it carefully. It contains several qualifiers:

1. Applies to "their persons, houses, papers and effects". Little bits of data that people themselves intentionally place onto a public medium such as the Internet, does not constitute any of the above. An email or a web post is not equivilent to a person's papers or effects. Effects are personal property; and papers are exactly that, physical papers and documents within a person's direct possession.
2. Applies to "unreasonable searches and seizures". It all comes down to what is reasonable and unreasonable. The Fourth Amendment doesn't say that you can't be searched at all, nor does it say that you have some indefeasible blanket right to privacy and anonymity. Given that people are putting the data out on a public medium, there should be no expectation of the Fourth Amendment to apply. Placing something on the Internet is like shouting from a rooftop, encryption is simply like shouting in Greek rather than English. You should expect people to be able to hear you regardless.

 

http://techrights.org/2013/05/30/uefi-and-eula/

http://techrights.org/2013/06/15/nsa-and-microsoft/

 

Did the NSA secretly make a major math breakthrough?.

-- Tom

 

NSA Codebreaking: I Am The Other.

-- Tom

 

Google encrypts data amid backlash against NSA spying?
Is this written for DUMMIES? Considering they are a bigger spy threat then the NSA. What a joke!



http://www.washingtonpost.com/busin...cc3c20-1722-11e3-a2ec-b47e45e6f8ef_story.html