Showing posts with label Slider. Show all posts
Showing posts with label Slider. Show all posts

Friday, May 1, 2015

The obvious solution and the remaining problem with it

Refocus the Priority of the NSA back onto National Security

  • We need a 100% disclosure rate for exploits discovered by the NSA. The NSA should report every single vulnerability it finds to the relevant software vendor within one month of discovering it. The funny thing about exploits is that smart people all over the world are working on finding them every day, and nobody seems to be substantially faster than anybody else. When one person discovers an exploit and reports it to a bug bounty program, 500 hackers sigh with disappointment because they were days or weeks from discovering the same one.

  • We need an end to mandatory backdoors into communications systems. Backdoors cannot be relied upon to remain hidden and only available to the law-enforcement or government personnel who are the intended users. Quite the contrary, backdoors render a cryptosystem worse-than-useless because they deliberately cultivate a false sense of security while simultaneously providing a predictable avenue of attack for malicious actors. Eventually, this should culminate in the drastic revision of ECPA and CFAA, and the repeal of CALEA.

  • We need to end mass surveillance because it's not helping us identify threats. As a technology, the hypothesis has failed and it's time to stop wasting money repeating the same mistakes.

  • We need to focus on combating cyber-espionage and cyber-warfare proactively, by fixing bugs before they can be exploited by malicious actors rather than hoarding exploits, which disproportionately leaves innocent computer users vulnerable. If cybersecurity is to be the purview of the US Government and the NSA, then the NSA must be re-imagined as a security research and bug reporting agency. In this way only can we perfect our computer systems and protect our people from cyber-espionage and cyber-warfare in the long term

Fix the Problems with The Chain of Evidence

  • We need something quite bizarre to fix this problem. We need to encourage a criminal escalation in cybercrime and cyber-related crime like online drug trafficking. The escalation we need is an SSL-Encrypted, peer-to-peer Log-Hash-Escrow system, which stores non-reversible hashes of security logs for sensitive sites. This is to assure that all hacking performed by law-enforcement agencies is accurately reported when it is entered into evidence in a court of law. This will also help limit frivolous and excessive inaccuracies of lawsuits on the part of copyright lobbying agencies that stifle innovation like the RIAA and MPAA.

  • This is another difficult decision, like Tor itself was, but it is one of the only credible ways of restoring credibility to American cybercrime investigators.

The obvious solution and the remaining problem with it

2:52 PM , , , ,

Wednesday, April 29, 2015

Cost-benefit is all well and good, but does it work? Does the technology yield results?

It really doesn't look like it. Here's the thing. If you're willing to take a few fairly simple precautions, you can and will be able to avoid NSA, GHCQ, or cranked-out Russian teenager surveillance for sensitive communications. People who really need to hide from the U.S. Government, generally already do. It is possible to avoid the BitLocker key escrow/ password reset backdoor by powering on your machine on an offline connection and disabling that section of the backup software. Off-The-Record messaging, which uses a different key for every chat session and thus any intercepted key is only useful for a single conversation, has been widely available for a very long time and can be applied to any messaging protocol. The most dangerous people are already capable of avoiding mass surveillance. What it comes down to is a choice. Do we want these products, which are not going anywhere, to be protecting innocent people as well as they do soldiers, journalists, victims and criminals, or do we want to leave innocents exposed by leaving known problems in critical infrastructure in order to mostly fail to track criminals?

Cost-benefit is all well and good, but does it work? Does the technology yield results?

2:50 PM , , , ,

Tuesday, April 28, 2015

Let's start with blanket surveillance, can compromising privacy en masse save lives?

Balancing selection and privacy

How about programs that provide proactive intelligence based on so-called "Selectors?" Do they save enough lives to justify the invasiveness and expensiveness of mass archival of personal, potentially sensitive information?

The NSA currently claims that it's intelligence has prevented 55 terrorist events or cyberattacks this year. This is not likely to be true. As a matter of fact it's much more likely that this figure was made up on the spot. Statistically, the likelihood that 55 terrorist attacks on Americans were planned this year is almost inconcievable. I cannot find a calculator capable of turning that into a Z-score. We're like more than 30 standard deviations above the mean here. It's that unlikely. Bottom line, either the NSA has perjured itself or in the years since the US started the War on Terror the likelihood of a terrorist attack on Americans has exploded at a unprecedentedly catastrophic rate. Either way, that is a Really Big Problem.

But let's take them at their word for a moment and assume that they have actually prevented 55 terrorist attacks. The NSA spends about $10 billion per year, roughly 14% of the total national budget. $10 billion divided by 55 is an average cost of $181818181.81 per attack. Almost 200 million dollars per attack. It is not callous to call for this process to be more efficient.

Another potential analysis of the costs and benefits of this information is the problematic factors of putting such tempting information at the fingertips of fallible human agents. The widespread sharing of private love letters, especially those containing nude photos intended for personal messages between lovers, has occurred many many more than 55 times, although the actual figure is as yet indeterminate. Instances of stalking are also common among NSA employees, civilian contractors, and police all over the world, including in the US.

And let's not forget, if the NSA can get it, so can anyone else.

Let's start with blanket surveillance, can compromising privacy en masse save lives?

2:49 PM , , , ,

Monday, April 27, 2015

But does it do any good? Can it do any good?

So we know that if the NSA can get it, anyone can get it, but if the NSA can do it's job efficiently enough to prevent loss of life or destruction of property does the end justify the means, if only in terms of cost-benefit analysis? In order to examine this we need to break internet surveillance into several categories.

First, a distinction needs to be made between Privacy and Anonymity.

Privacy in this context pertains to the contents of messages sent between users on the internet.

Anonymity pertains to the identifiable characteristics pertaining to the sender and recipient of a message.

Next, a distinction needs to be made between two types of surveillance.

Selection is defined as the process of distinguishing the majority of collected internet traffic from a potential risk. This is the "Needle in the haystack" analogy.

Targeted is defined as the use of exploits to compromise targets in order to gather evidence or determine the identity of a suspect.

But does it do any good? Can it do any good?

2:48 PM , , , ,

Saturday, April 25, 2015

So what is the point?

The point is that if the NSA can get it, anybody can get it. Accomodating NSA spying, far from being a way of preventing attacks on critical infrastructure, actually preserves dangerous attack vectors for criminal use. If the NSA discovers an exploit and does not report it to the developers of the vulnerable application, that application remains vulnerable for everyone who uses it, the vast majority of whom will by definition be non-criminal actors within the developed world. People with jobs, paying taxes that are, also by definition, making them less safe.

Exploit hoarding disproportionately harms Americans. Whatever else happens, the NSA's exploit hoarding programs, including but not limited to BULLRUN, must be stopped.

So what is the point?

2:46 PM , , , , ,

Friday, April 24, 2015

And oh, by the way, here's why backdoors are a bad idea

Some editions of Microsoft Windows include a full-disk encryption scheme called BitLocker. In order to enable a Windows user to recover the encryption key required to unlock their hard drive if they lose it, that key is kept in escrow by Microsoft on their Azure cloud platform. there are obviously good reasons to do something like this. In order for an attacker to retrieve a copy of that key, he can browse a user's social network profiles to troll for information which he can use to impersonate the target to Microsoft support. They call Microsoft, use the information to impersonate the target, Microsoft will send them the key. It's that simple. A glorified crank call. It is known that the NSA can access information on the Azure cloud both surreptitiously and by court order.

There is an easy way to avoid this. Don't escrow keys in systems which can be viewed by the person administering the server. Instead, use double-blind ways of storing the data, which leave the only usable, unencrypted copy of the key with the account holder and never hold an unencrypted key on the server. This has been implemented in Tahoe-LAFS and is now being implemented in many consumer grade clouds(Yay!). This is called Zero-Knowledge encryption.

This is essentially a password-reset vulnerability used to privelege-escalate into an encrypted storage device. A similar password-reset vulnerability exists on Facebook, Amazon.com, Linkedin, Netflix, World-of-Warcraft, a ton of other sites and in all Two-Factor Authentication schemes that rely on text-messaging a transient key to an account holder.

Additionally, the recent iCloud breaches somewhat ignominously dubbed "The Fappening" utilized a well-known backdoor used by law-enforcement agents in the U.S.

And oh, by the way, here's why backdoors are a bad idea

2:45 PM , , , ,

Thursday, April 23, 2015

And if that weren't bad enough

There are vulnerabilities available in many operating, communication, and encryption systems which require greater or lesser degrees of sophistication to exploit. Some of these are deliberately placed by a developer, manufacturer, or other intermediary in the software/hardware supply chain and qualify as backdoors, but most are the result of honest mistakes, lack of funding, insufficient testing, or run-of-the-mill incompetence. This is where the NSA's so-called "Advanced Intercept Capabilities" come in, and we actually have much less to be worried about here. Advanced Capabilities are usually targeted techniques against specific computers which, rather than passive eavesdropping, exploit them to give up non-standard information, like the various side-channel attacks carried out on Tor.

The critical issue with Advanced Capabilities is two-fold, first, we must cease the NSA's sabotage operations carried out against products used by U.S. persons, and second, we must provide an effective bug-disclosure policy which does not allow computer vulnerabilities discovered in the course of signals intelligence gathering to remain exploitable by criminals and enemies of America.

And if that weren't bad enough

2:44 PM , , ,

Wednesday, April 22, 2015

And it gets way worse...

In order to tolerate when those routers go down, those requests can be sent to many different routers, potentially. One router might be a backup in case the other router is experiencing heavy traffic, for instance. If an attacker has compromised one router, he can target messages by simply flooding the other router with fake traffic. That's just one of many, many ways. Some of them are even scarier.

Because of the voluntary nature of encryption use, anyone can do this, not just state actors like the US Government or the NSA.

It also means that you only need to compromise a fraction of the routers on the internet to compromise nearly all the traffic on the internet.

And it gets Way Worse

2:43 PM , , ,

Tuesday, April 21, 2015

A General Overview of Eavesdropping

Communications traveling over the internet are routed through many intermediate computers, called routers, which direct messages as they are sent by the programs that send them. If the programs that send them send all or part of those messages in an unencrypted format or in an encryption format known to be breakable those routers can intercept and copy those messages as they are routed, if necessary decrypting them at their leisure.

But NOTHING is encrypted unless the program tells it to be

Also, the NSA isn't compromising home computers directly, it is monitoring them by compromising routers and stealing the messages they communicate.

A General Overview of Eavesdropping

2:42 PM , , ,

Monday, April 20, 2015

Dispelling the key misconception about online tracking

Most people believe that online tracking is primarily contingent on the exploitation of vulnerable computers. While that does exist and is a serious concern, the reality of mass surveillance is much more banal and terrifying.

Think of it like Archimedes in the bath. The internet is like a bathtub, filled to the brim with water. As a function of getting into the bath, an equivalent volume of water is displaced, just as a function of connecting to the internet you disturb the activity of the surrounding network. For instance, in 1986, hacker and scientist Clifford Stoll was able to pinpoint the location of spy and mercenary Marc Hess in Germany by timing how long it took for Hess's computer to respond to a network diagnostic "Ping" request. This is one of the most basic, essential, and long-standing internet protocols and isn't going anywhere because something like Ping will always be required for computer networks to work. This kind of data will always be available to some degree or another. But the problem is that there is an immeasurable amount of superfluous water being displaced, figuratively speaking, just waiting for anyone to come along and calculate your volume.

Everything you do on the internet is easy to steal because nobody is doing anything right in the commercial space with regard to privacy.

Dispelling the Key Misconception about Online Tracking

2:41 PM , , ,

Wednesday, April 15, 2015

To do this project, all you'll need is a 3.5mm Floppy Disk and a cheap digital camera. A digital camera in a super cheap phone could easily be suitable, we'll get to why cheap is important in a second, but for right now I'm going to address that double take you're doing. A Floppy Diskette? Yes, a floppy Diskette. While not much use as a storage medium anymore, it does have the useful property of blocking most visible light while allowing most infrared light to pass through. But most companies have discontinued manufacturing of floppy diskettes, and they can be a little hard to come by. Any of the following links might die when supplies run out.

You will need to get ahold of the clearest packing tape you possibly can, the kind they use as a sort of ad-hoc way to laminate shipping labels. The clearer and thinner the better. This Shurtape PP-803 is some of the clearest and thinnest I've used, but I have no reason to think it is the best other than my anecdotal experience. This might be useful information to have on-hand.

You should also have a small pair of sharp scissors, and a pair of tweezers will help you keep from getting fingerprints on the filter you will be building.

Additionally, disclaiming the title, don't rely on me for real counter-surveillance tips. If you need that, you'd be much better off getting your information from the Electronic Frontier Foundation, The Guardian Project, The Tactical Technology Collective, or another similar organization who makes it their mission to protect people from the dangerous erosision of privacy we're experiencing. I write these articles because they're enjoyable and I hope they are informative, but I can't save your life with a blog. So, as always, grain of salt.

Why You Shouldn't Use Old Floppy Disks For This Project

The history of computing is important, and much of it is housed on fragile, obsolete media like ancient cellophane tapes and thin magnetic film slices. This data can be precious in unexpected ways, sometimes even valuable. If you must recycle an old floppy disk for this project, you should back up the information on it first as a disk image, then upload it to a server of your choice for safekeeping. Do not commit copyright infringement, don't share anything you're not allowed to by your terms of ownership, but don't let the information go to waste.

If you need a floppy drive to do your backups with, external drives are really cheap these days.

Out of the Pulpit, on to the Practical

So you wanna know something else neat about floppy disks? They block out almost all visible light, but they let almost all Infrared light through. They aren't perfect infrared filters, but they work great for detecting certain types of Infrared Security Cameras. How? Well it's actually pretty simple.

First, find a suitable phone and set it up.

The first thing you're going to need is a digital camera of some kind, with a low-end Infrared Filter which doesn't attempt to filter out any more than the average, ambient ultraviolet light given off by say, the sun. This means that cheaper, older cameras can be recycled and put to this use fairly easily, as well as cameras in cheap smartphones and even feature phones if they support increased exposure. In order to test your camera's IR filter, get a remote control with fresh batteries and go into a dark room. Press buttons on the remote while taking a picture with the camera. If you see a bright purple flash in the picture, congratulations! You have a phone with a suitable Infrared filter.

Now that you have your camera, turn the "Exposure" setting up as high as it will go. If you can change the default settings, you may just want to make maximum exposure the default setting. Now set it aside for later.

Second, get the required piece of the Floppy Diskette

Next, get one of your floppy diskettes and hold it flat by either side. Gently bend it until you hear the sound of the glue cracking in each of the corners of the diskette. Pull off the metal protective plate from the diskette and carefully remove the film material within. Carefully cut a slice of the material which is just large enough to cover the lens of the camera from a section which your fingers have not touched. Pick the slice up with your tweezers and place it on a clean sheet of paper and set it to the side.

Third, apply the Floppy Diskette to the Camera Lens

Put your camera flat on the table with the lense facing up. Pick up the slice of floppy diskette material and place it on the lense. Pull some tape off the roll, then use your scissors to cut a clean section, devoid of oil and dust as much as possible. Quickly use the tape to secure the floppy diskette material to the lens of the camera. Press it down firmly and then wipe the surface with a clean towlette.

And there you have it. Now the camera will, as near as makes no matter, only detect light from the Infrared spectrum. On to why that's important:

Why it works

Because security cameras that need to operate at night have to find a way to illuminate the field without introducing light pollution or informing uncareful persons of their presence. In order to do this, they use these big arrays of infrared LED's which illuminate an area with Infrared light, which they then use to produce the security image. We use this to our advantage by using it to detect the presence of the Infrared emitter by making it the most visible light source in our field of vision. Hold your camera up and look for purple-to-white areas of light. Those are Infrared emitters, usually indicative of IR photography nearby.

For more information on Infrared Hacking, visit my project blog for ig88ROM at ig88rom.github.io.

Infrared Detection for Beginners(On the Cheap)

1:01 PM , , , , ,

Sunday, April 12, 2015

On-The-Go USB cable

Android OTG adapter First, you need an On-The-Go USB cable. This is a USB cable that has a male Micro-USB end and a female standard USB end. This allows you to attach a peripheral USB device to your phone like, in this case, a USB Wireless Adapter. Save yourself some time, you can by one for 10 Cents U.S. from here but one with the ability to charge your phone or attach a backup battery is also available and it is also possible to have multiple USB ports and a charger port, too.

External Battery

One thing you should know is that attaching peripherals will reduce your battery life, but not by that much. You can compensate by disabling the onboard wireless or disabling your mobile network, but it shouldn't be necessary. If your On-The-Go cable is capable of charging from an external power supply, you could consider a backup battery, a solar panel or even a backup battery with a built-in flashlight depending on your style.

USB Wireless Card that Supports Monitor Mode

Next, you need a wireless card that supports Monitor Mode. You have some choices in which one you can use, but I recommend one of these 2 types because of their reliability. Qualcomm Atheros 9000 series(ath9k) : The Ath9k series of wireless cards actually includes several wireless cards that use very similar drivers. They are capable of working with 802.11b/g/n and are also capable of ad-hoc networking, and of course, monitor mode. There are no reasons not to use one of these cards, and one very good reason to use it, it may have lower power consumption than the Realtek 8187. You can purchase an Ath9k for 5 dollars from here and a version with a swappable high-power antenna is also available here
Realtek 8187 Series(rtl8187) : The rtl8187 has been used in many of these "Poor Man's Pwnie" projects because it's capable of most of the things that the Ath9k is and has longer range, but has greater power consumption.You can purchase an rtl8187 for 15 dollars from here and One with a higher power Antenna can be found here for about a dollar more

RTL-SDR Reciever

Many, many things can be possible with a Software-Defined Radio reciever Unfortunately, right now just what those things are and how they might be implemented on Android. This section will be updated shortly.

Infrared Leads

With an Infrared Emitter it is possible to signal devices that are controlled by Infrared sensors, such as Televisions and Stereos. This is often a matter of scanning a wide range of Infrared signals. You'll need to do a little hardware hacking, securing these Infrared emitters onto a 3.5mm audio jack in order to control them using audio signals.

Male-To-Male 3.5mm Leads

In order to use an Infrared Emitter, you'll need to secure it to a Male to Male 3.5mm Connector along the lines of the following guide from Hack-A-Day here. I know it says iPhone but it will work for any audio jack. A better version is here.

The Phone I use

I use a Samung Galaxy Centura for lots of reasons, but one important one is I'm the kind of masochist who will put himself through porting CyanogenMod to a 40 dollar burner phone. I've got it mostly working now, too LOL, but I'll actually have a release of IG88ROM at about the same time because one pretty much fulfulls all the dependencies of the other, thus, the Galaxy Centura is the first one that gets a tested release. I'll build for CyanogenMod supported devices and Devices I own after that, should be a fairly rapid process, relatively speaking.

Hard Cases

It also helps to have a rigid case for your phone of some kind, in order to secure peripherals in a way that is not damaging to the integrity of your device. A Hard and Rubberized case is also probably available as well and may suit your preferences. You can secure your OTG peripherals to your case using Velcro or hot glue or quick-drying cement or super-glue.

Other Things that Might Be Useful

A 3D Printing Pen could concievably be used for any number of potentially useful case modifications.
Steel-Reinforced Putty is useful for modeling small prototypes or even building functional temporary parts.
A Mini Bluetooth Keyboard will save you the trouble of trying to touchscreen commands in the Kali chroot.
A device mod that isn't necessarily penetration-testing oriented, but it might be kind of cool, might be to incorporate a self-destruct into your device by incorporating ribbons of magnesium.

Android Device Modifiers Toolkit

12:28 PM , , , ,

Much of the content on this blog will be syndicated from the blogs of my projects related to hacking on Android and manipulating the single-board computing hardware in Android phones. When I say hacking I mean it primarily in the original sense of the word hacking, which focuses on using computers to build new things that are useful or interesting, but also at times in the incorrect, but commonly used sense which concerns security testing and the relevant, interesting areas where they overlap today. I am particularly interested in Android-Based wireless Mobile Ad-Hoc Networks and Android ROM and Kernel customization. decentralization and how it can enable account-less, end-to-end encrypted communication which exists beyond the control of a third party, concepts which are realized in some form or another with i2p, cjdns, TOX, and Twisterd, and how this relates to how the network "routes around censorship."

My Projects

CyanogenMod on the Centura:

This project is my attempt to generate a working, current CyanogenMod-Like device tree which can be used to create Android ROM's for the Samsung Galaxy Centura mobile device based on the Qualcomm MSM7x27A board. I picked this board to make CyanogenMod easily accessible to people on phones they can afford to brick if something goes wrong. The Centura is a 30-50 dollar phone. I also fiddle a bit with ROM's for the ZTE force, a much more powerful budget phone.
Status: WIP with occasional useable releases.

ig88ROM

ig88ROM is my attempt at developing a custom ROM which can be built using a CyanogenMod device tree which includes a range of amusing pranks, useful tips, and dirty tricks presented with explanations for how they work and how they are performed in order to make how exploits work and how they can affect you more accessible. This is intended only for educational and professional purposes where legally allowed, whether I agree with the law or not. If you use it otherwise, I warned you, don't blame me if you get caught, I am telling you NOT to use it for illegal purposes.
Status: WIP with some usable components.

freeLAIR

freeLAIR is the 5th and final rewrite of the video game I frequently used to explore programming concepts I was interested in. It's a procedurally generated RPG inspired by the Rogue-likes, but which deviates by being multiplayer and played in real-time by nature. It will initally be for desktop GNU/Linux and eventually for Windows and OSX. freeLAIR may be the first multiplayer game to use the peer-to-peer Tox protocol for multiplayer communication.
Status: Beginning of the final rewrite, which won't take long believe it or not.

libtox++ TOX_Net2

libtox++ is a C++ wrapper for the Tox library which is not a one-to-one wrapper in order to make it easy to use modern C++(C++11, 14) features in C++ applications which make use of TOX. TOXNet2 is a library and partial TOX client implementation which aims to make incorporating TOX into your application for communication as easy as using the widely understood SDLNet Library.
Status: Definitely not ready yet. But soon.

Smaller Projects

Rotation Lock Plus Landscape

A fork of the Free and Open Source "Rotation Lock" app which adds landscape support. Status: Released.

CardCoin

A alternate coin which is intended to be used to track digital trading cards. Status: Barely started. Might take a while.

Projects I'm interested in/Think everyone should use

TOX

Tox is a free and open-source, peer-to-peer, encrypted instant messaging and video calling software. The stated goal of the project is to provide secure yet easily accessible communication for everyone. Users are assigned a public and private key, and they connect to each other directly in a fully distributed, peer-to-peer network. Users have the ability to message friends, join chat rooms with friends or strangers, and send each other files.

i2p/i2pd

I2P is an anonymous overlay network - a network within a network. It is intended to protect communication from dragnet surveillance and monitoring by third parties such as ISPs. I2P is used by many people who care about their privacy: activists, oppressed people, journalists and whistleblowers, as well as the average person. No network can be "perfectly anonymous". The continued goal of I2P is to make attacks more and more difficult to mount. Its anonymity will get stronger as the size of the network increases and with ongoing academic review.

cjdns

Cjdns is a networking protocol, a system of digital rules for message exchange between computers. The philosophy behind cjdns is that networks should be easy to set up, protocols should scale up smoothly and security should be ubiquitous. Cjdns implements an encrypted IPv6 network using public key cryptography for network address allocation and a distributed hash table for routing.

Twisterd

twister is the fully decentralized P2P microblogging platform leveraging from the free software implementations of Bitcoin and BitTorrent protocols.

Projects

12:21 PM , , , , ,
Subscribe to: Posts (Atom)

 
Cmotc © | Partner: Toxigon ©
CMotC © 2015 - Designed by Templateism.com