news.cyb/sec/#politics of on-going #malware injustice:
summary:
. we need a hardware system redesign that will
give the NSA the information they search for
but will not allow them to modify our systems,
so then criminals cannot modify our systems .
Showing posts with label security. Show all posts
Showing posts with label security. Show all posts
2014-03-01
#privacy not the purpose of #Qubes
2.17: co.cyb/sec/qubes/privacy not the purpose of qubes,
[3.1: intro:
. the Qubes project provides sure isolation
with a hardening of the hypervisor Xen;
you can have several virtual machines (vm) at once
and can safely run a web browser in one vm
knowing it will not infect your other vm's .]
Peter Chin Sat, Feb 8, 2014 at 6:06 AM
Re: [qubes-devel] Digest for qubes-devel@googlegroups.com
[3.1: intro:
. the Qubes project provides sure isolation
with a hardening of the hypervisor Xen;
you can have several virtual machines (vm) at once
and can safely run a web browser in one vm
knowing it will not infect your other vm's .]
Peter Chin Sat, Feb 8, 2014 at 6:06 AM
Re: [qubes-devel] Digest for qubes-devel@googlegroups.com
This entire project is a total useless waste of time.
Please do due diligence in your research
about all threat levels that actually exist:
The very first compilers that were
created for the design of computers
were already compromised by the time they were used to
compile code for designing even rudimentary computers
2014-02-11
anti- #nsa #surveillance activist day
11: web.pol/surveillance/co.tw(thedaywefightback.org):
[ twitter news ] philip torrance @addn
[ twitter news ] philip torrance @addn
@ http://thedaywefightback.orgPRISM US Gov @PRISM_NSA 15h
if we let #nsa #surveillance then
no more malware on computers to force it ;)
Note to staff:
All leave is cancelled for the next 24 hours
– tomorrow is going to be a very busy day for us:
https://thedaywefightback.org
2013-12-31
chromebook #ChromeOS #VerifiedBoot
12.12: web.cyb/sec/chrome's verified boot:
. chromebooks grow while microsoft shrivels?
. promising better security makes a diff .
12.25: best-seller on amazon:
. the best selling laptop on amazon.com [2013.1]
was the Samsung ARM-powered, Linux-based Chromebook.
7.28: news.cyb/chrome/sec
/some vulnerabilities found but many avoided:
application-sandboxes-a-pen-testers-perspective .
see also pdf .
Verified boot provides a means of11.8: news.cyb/chrome/doing well while ms declines:
getting cryptographic assurances
that the Linux kernel, non-volatile system memory,
and the partition table are untampered with
when the system starts up.
This approach is not "trusted boot"
as it does not depend on a TPM device
or other specialized processor features.
Instead, a chain of trust is created
using custom read-only firmware
that performs integrity checking on
a writable firmware.
The verified code in the writable firmware
then verifies the next component in the boot path, and so on.
. chromebooks grow while microsoft shrivels?
. promising better security makes a diff .
12.25: best-seller on amazon:
. the best selling laptop on amazon.com [2013.1]
was the Samsung ARM-powered, Linux-based Chromebook.
7.28: news.cyb/chrome/sec
/some vulnerabilities found but many avoided:
application-sandboxes-a-pen-testers-perspective .
see also pdf .
. Chrome OS kernel exploits are not easy,
but are of medium difficulty to pull off;
OS user mode exploits are very difficult,
and every other penetration test was
not even applicable to Chrome OS
-- these included off the shelf exploits,
and various sandbox leakages:
keylogging, remote webcam/mic access,
clipboard hijack, screen scraping,
file stealing, network shares access .
Dell Latitude E6430 #QubesOS #xen #security&freedom
12.31: summary:
. I feel secure on Chromebook with its verified boot;
but that is very limited in what it can do .
. the Qubes OS provides virtualization of linux
that is needed to isolate computer activities
into separate linux virtual machines .
. by providing this "security by isolation"
your web surfing of unsafe sites
can't be exploited to steal your bank's password
because they run on virtually separate machines .
. there is an hcl (hardware compatibility list)
to help you find a computer that Qubes works with;
and it says a Dell Latitude E6430 does work,
but doesn't work out-of-the-box
(it needs some sort of unspecified "tweaking").
. I feel secure on Chromebook with its verified boot;
but that is very limited in what it can do .
. the Qubes OS provides virtualization of linux
that is needed to isolate computer activities
into separate linux virtual machines .
. by providing this "security by isolation"
your web surfing of unsafe sites
can't be exploited to steal your bank's password
because they run on virtually separate machines .
. there is an hcl (hardware compatibility list)
to help you find a computer that Qubes works with;
and it says a Dell Latitude E6430 does work,
but doesn't work out-of-the-box
(it needs some sort of unspecified "tweaking").
#Apple #iMac #badBIOS #malware
12.15: summary:
. my 2008 imac seemed infected by opening pdf's,
and I suspected it was #badBIOS malware;
because, it gave my dvd player troubles:
it made the os x installer disk unreadable,
and it also seemed to be coming from firmware,
as even after I reinstalled the OS via download,
and hadn't opened any more pdf's or javascript,
I still seemed to get infected again .
. my troubles started with finding a new pdf library,
and I ended up finally replacing my sick mac
with a chromebook featuring verified boot!
. my 2008 imac seemed infected by opening pdf's,
and I suspected it was #badBIOS malware;
because, it gave my dvd player troubles:
it made the os x installer disk unreadable,
and it also seemed to be coming from firmware,
as even after I reinstalled the OS via download,
and hadn't opened any more pdf's or javascript,
I still seemed to get infected again .
. my troubles started with finding a new pdf library,
and I ended up finally replacing my sick mac
with a chromebook featuring verified boot!
2013-12-28
#OKL4 #opensource to see what #NSA did to it
2: co.okl4-developer/cyb/sec/OKL4
/open source to see what NSA did to it:
Ph.T 8:57 PM to Jim, developer
/open source to see what NSA did to it:
Ph.T 8:57 PM to Jim, developer
I think the problem is OKL4 is military-grade isolation,
and the NSA doesn't want us to be protected like that .
2013-12-15
you want my wot?!
11.4: pos.cyb/net.mywot/you want my wot?!
. after I found out I really need to
integrate mywot into chrome browser
in order to post reviews of sites;
I was not so sure I felt safe
having them read my every link;
and, with malware so good at cracking any site,
what is the purpose of a service like mywot
that pretends today's safe site
is likely to be tomorrow's safe site ?
12.15:
. simply trust who you have to;
and have separate virtual machines
for each level of trust;
eg, have at least these levels:
# banks,
# the pit for everyone else .
. when I want to use my bank,
I restart my chromebook
to have its verified boot flush the malware .
. after I found out I really need to
integrate mywot into chrome browser
in order to post reviews of sites;
I was not so sure I felt safe
having them read my every link;
and, with malware so good at cracking any site,
what is the purpose of a service like mywot
that pretends today's safe site
is likely to be tomorrow's safe site ?
12.15:
. simply trust who you have to;
and have separate virtual machines
for each level of trust;
eg, have at least these levels:
# banks,
# the pit for everyone else .
. when I want to use my bank,
I restart my chromebook
to have its verified boot flush the malware .
2013-12-14
#nsa forces Torvalds' hand? #linux
12.14: intro:
see NSA backdoors all encryption software
12.12: news.cyb/sec/linux/nsa forces Torvalds' hand?:
rt.com:
see NSA backdoors all encryption software
12.12: news.cyb/sec/linux/nsa forces Torvalds' hand?:
rt.com:
. MIT-educated cryptographer and Linux developer
Theodore Ts'o stated publically that
he was happy with his decision to resist
earlier pleads from Intel engineers
to have that operating system commit entirely to
RDRAND [intel's on-chip routine] for encryption:
"Relying solely on the hardware random number generator
which is using an implementation sealed inside a chip
which is impossible to audit
is a BAD idea" . Now just three months later,
FreeBSD is rescinding their reliance on Intel and Via’s RNGs.
[by contrast:]
When a petition began circulating in mid-Sept
imploring Linux to stop relying on RDRAND,
one of the OS’s leading developers, Linus Torvalds,
called those who made those pleads "Ignorant" .
2013-11-30
#badBIOS @dragosr vs Mac, Linux and PC
4: cyb/sec/#badBIOS/
30: summary:
. malware that spreads via usb devices
can infect other usb devices,
and the problem is not the os;
it is the hardware and usb standards
which expose the os to malware infection .
. Dragos Ruiu talks about a mac infection
which sounds like the one I got;
it prevented me from reinstalling the os;
and it started infecting my chromebook,
but the chrome os was able to clean it up .
. my 2005 ubuntu laptop was not so lucky .
. a laptop in my future that will likely do well
is one running the xen hypervisor,
hardened with the Qubes OS .
(see #Qubes #Xen vs Dragos Ruiu's #badBIOS).
30: summary:
. malware that spreads via usb devices
can infect other usb devices,
and the problem is not the os;
it is the hardware and usb standards
which expose the os to malware infection .
. Dragos Ruiu talks about a mac infection
which sounds like the one I got;
it prevented me from reinstalling the os;
and it started infecting my chromebook,
but the chrome os was able to clean it up .
. my 2005 ubuntu laptop was not so lucky .
. a laptop in my future that will likely do well
is one running the xen hypervisor,
hardened with the Qubes OS .
(see #Qubes #Xen vs Dragos Ruiu's #badBIOS).
#Qubes #Xen vs Dragos Ruiu's #badBIOS
6: co.cyb/sec/qubes/Xen vs Dragos Ruiu's #badBIOS:
me to qubes-devel 5:41am:
me to qubes-devel 5:41am:
. reading about the #badBIOS infection,
blog.erratasec.com/2013/10/badbios-features-explained.html
I was surprised to learn that all computing accessories
(mouse, trackpad, hub, keyboard, and of course
flash drives) could have a software-programmable firmware
and this could be infected with malware that could spread
to your next computer if attached to dom0 .
. I was also concerned that a new flash drive malware
-- Dragos Ruiu's #badBIOS --
could infect a next machine without even being mounted;
is this a new threat that xen has yet to adapt to?
2013-10-01
NSA backdoors all encryption software
9.18: news.cyb/sec/NSA backdoors all encryption software:
fierce government it`NSA backdoor:
fierce government it`NSA backdoor:
. the NSA's SIGINT (signals intelligence) Enabling Project
covertly influences or overly leverages
the policies, standards and specifications
of the global cryptography marketplace
to make commercial public key technologies
more crackable by the cryptanalytic capabilities
being developed by the NSA and DOD's
Central Security Service.
. it has used a quarter billion dollars yearly
for at least the past 2 years .
2013-09-26
NSA's globalized internet security
9.26: news.cyb/sec/NSA's globalized internet security:
Sept. 25, 2013, Army Gen. Keith B. Alexander,
Sept. 25, 2013, Army Gen. Keith B. Alexander,
Cybercom commander, and director of NSA,
at the National Press Club
or 4th Annual Cybersecurity Summit .
. in the past year, we saw more than 300
distributed denial-of-service attacks
on Wall Street.
We saw destructive attacks against
Saudi Aramco and RasGas [Co. Ltd.],
and against South Korea .
. U.S. Cyber Command (Cybercom)
has activated the headquarters for
one of its 3 Cyber Force branches:
Cyber National Mission Force,
that defends the nation;
Cyber Protection Force
defends DOD's information environment.
and Cyber Combat Mission Force
will provide assistance to the military
to implement cyber counterattacks .
Cybercom teams are now fully operational
and working side by side with NSA
to defend the nation.
The Army, Navy and Marines
trained about a third of the force in 2013
and they will train a third in 2014
and another third in 2015.
2013-09-19
USA intel has SOA on High-Security Internet
9.11: news.cyb/sec/USA intel has SOA on High-Security Internet:
Sept. 11, 2013
. high-security wide-area networks are
connected by Tesla beam transmissions,
which unlike fiber optic cable,
can be transmitted wirelessly,
and are very difficult to intercept .
. the govt denies this technology even exists,
but they've used it to communicate with submarines,
and a chinese-american collaboration is developing it .]
Sept. 11, 2013
Al Tarasiuk, intelligence community CIO[18:
and assistant director of national intelligence .
. the IC ITE ( Intelligence Community
Information Technology Enterprise )
is a new IT environment that will
vastly improve information sharing
across the intelligence community .
. consolidating IT across the community
was driven by budget considerations.
But today,
it's more than an efficiency play on IT:
intelligence integration,
information sharing and safeguarding .
. that translates into 3 goals:
1: effectiveness,
2: security
3: efficiency .
"In the past, these were mutually exclusive,
but now we'll have more of all 3 goals
because of cloud technologies,
and a [SOA (service-oriented architecture)]
or "service-provider-based business architecture"
providing an IC cloud not on the Internet,
but privately hosted on TS|SCI networks
(top secret / Sensitive Compartmented Information)
. high-security wide-area networks are
connected by Tesla beam transmissions,
which unlike fiber optic cable,
can be transmitted wirelessly,
and are very difficult to intercept .
. the govt denies this technology even exists,
but they've used it to communicate with submarines,
and a chinese-american collaboration is developing it .]
2013-06-19
iMac Mountain Lion infected by Vmware Fusion Ubuntu
19: mis.cyb/mac.vmware/freeze with black screen:
. the usual:
I'm running vmware on a 2008 imac,
my virtual machine is running ubuntu;
I'm using firefox with noscript,
and my editor is komodo edit;
then a freeze requires a hard reset .
but this time,
I catch a keylogger or something ...
[@] mis.cyb/mac/fake log-in after crash
. the usual:
I'm running vmware on a 2008 imac,
my virtual machine is running ubuntu;
I'm using firefox with noscript,
and my editor is komodo edit;
then a freeze requires a hard reset .
but this time,
I catch a keylogger or something ...
[@] mis.cyb/mac/fake log-in after crash
2012-12-05
creating chaos is a suicide mission
12.4: pol/purges/war/creating chaos is a suicide mission:
. I noticed a problem in our war policy
from listening to the medal of honor hero
[oct 25 2007 specialist Salvatore Giunta]
who was on the Rusty Humphrey show:
. we are supposed to charge an ambush
in order to get close to the snipers
and create chaos,
but chaos works both ways if we
try giving the chargers air support:
helicoptor gunners can't tell
chargers apart from the enemy,
thereby increasing the risk of friendly fire .
-- basically these are suicidal tactics:
hopefully you'll be left with someone alive
after all of them are dead or running into air support .
. I noticed a problem in our war policy
from listening to the medal of honor hero[oct 25 2007 specialist Salvatore Giunta]
who was on the Rusty Humphrey show:
. we are supposed to charge an ambush
in order to get close to the snipers
and create chaos,
but chaos works both ways if we
try giving the chargers air support:
helicoptor gunners can't tell
chargers apart from the enemy,
thereby increasing the risk of friendly fire .
-- basically these are suicidal tactics:
hopefully you'll be left with someone alive
after all of them are dead or running into air support .
2012-10-30
crash predicted after election
8.5: news.cyb/pol/purges/reaganomics/
crash coming in after election:
. at coast to coast an astrologer Joni Patry
has predictions about this november;
she also predicted the japan erthquake in march 2011
and they were very thankful for the heads up .
. she says september is a high:
there will be a major crash in november;
when the election will be like Bush's
with much irate contention about the results .
[. how could that cause a crash?
# obama wins:
people wanting romney
will rage about unemployment endless
and taxes look relentless
this could cause the market to go into theatric lows .
# romney wins:
. people wanting obama
will see obamacare getting dismantled,
and there could be something like a 9-11
to greet a usa that is once again christian-headed . ]
says we should buy xmas gifts now
because the bottom falls out:
crash coming in after election:
. at coast to coast an astrologer Joni Patry
has predictions about this november;
she also predicted the japan erthquake in march 2011
and they were very thankful for the heads up .
. she says september is a high:
there will be a major crash in november;
when the election will be like Bush's
with much irate contention about the results .
[. how could that cause a crash?
# obama wins:
people wanting romney
will rage about unemployment endless
and taxes look relentless
this could cause the market to go into theatric lows .
# romney wins:
. people wanting obama
will see obamacare getting dismantled,
and there could be something like a 9-11
to greet a usa that is once again christian-headed . ]
says we should buy xmas gifts now
because the bottom falls out:
2012-09-26
internet with both privacy and security
7.26: co.apt/cyb/sec/cloud computing is not easy:
. I thought cloud computing would be a breeze;
it was just like SOA, right?
only SOA is on a private network,
while cloud computing is using a public network .
. can that even be done securely?
[ it seems like shifting code tech should do it .
. being able to initialize the session
might be complicated .]
7.8: sci.cyb/sec/how to get secure internet?:
. can there be secure communications networks
that are also self healing ?
how can we support openware and anonymity too?
to be anonymous you simply get another service to
send the message for you
but for openware that depends on
whether we need OS cooperation for the security .
[9.26:
. openware-based internet depends on
whether we need OS cooperation for the security?
I don't think the problem is software,
so, having openware wouldn't make the net more secure .
. there are 2 problems:
# denial of service:
. it's too easy for too many machines to be
owned by malware .
# id theft:
. it's too easy to spoof being someone else .
the solution?:
. there should be special hardware available
in order to authenticate your id;
if you don't have that box,
then you can't do banking, credit-card shopping,
and if there's a denial of service attack,
then you can't get through;
because, nodes stop forwarding your messages .]
7.10: news.cyb/sec/
DOD says we can have both privacy and security:Cybersecurity and American power 7.9:
is that our foreign policy is so offensive
to so many bright communists and liberals
but, we'd be in the same danger anyway,
because there's so much money to be gained
from cracking our banks and intellectual property .
9.26:
. when they talk about remediation costs
they are referring to having their hands tied
by an internet that is inherently insecure;
I wonder what the cost would have been
if we had just rebuilt the internet from scratch
with security in mind .
. can the surveillance proposed by this legislation
make up for the lack of a dual system,
one that promotes anonymity,
and the other that promotes reliability? ]
. I thought cloud computing would be a breeze;
it was just like SOA, right?
only SOA is on a private network,
while cloud computing is using a public network .
. can that even be done securely?
[ it seems like shifting code tech should do it .
. being able to initialize the session
might be complicated .]
7.8: sci.cyb/sec/how to get secure internet?:
. can there be secure communications networks
that are also self healing ?
how can we support openware and anonymity too?
to be anonymous you simply get another service to
send the message for you
but for openware that depends on
whether we need OS cooperation for the security .
[9.26:
. openware-based internet depends on
whether we need OS cooperation for the security?
I don't think the problem is software,
so, having openware wouldn't make the net more secure .
. there are 2 problems:
# denial of service:
. it's too easy for too many machines to be
owned by malware .
# id theft:
. it's too easy to spoof being someone else .
the solution?:
. there should be special hardware available
in order to authenticate your id;
if you don't have that box,
then you can't do banking, credit-card shopping,
and if there's a denial of service attack,
then you can't get through;
because, nodes stop forwarding your messages .]
7.10: news.cyb/sec/
DOD says we can have both privacy and security:Cybersecurity and American power 7.9:
At an American Enterprise Institute (AEI) event[ you might think the reason we are such targets
U.S. Army Gen. Keith B. Alexander
urged us to support cybersecurity legislation
being pushed through Congress .
. it asks internet service providers to
help federal anti-virus software,
by searching all emails for viral signatures,
and reporting malware event parameters
(malware signature, source address, destination address).
. when asked about china's role in the motivation
he reminded us that there is a high cost from malware
due to intellectual property loss via cyber espionage.
"Symantec placed the cost of IP theft
at $250 billion a year .
The director of the National Security Agency (NSA)
and chief at the Central Security Service (CSS)
reemphasized an immense problem the U.S. is facing:
cybercrime has been "the greatest
transfer of wealth in history,"
Alexander said in a statement.
global cybercrime is $114 billion annually
($388 billion when you factor in downtime),
and McAfee estimates that
$1 trillion was spent globally under remediation.
is that our foreign policy is so offensive
to so many bright communists and liberals
but, we'd be in the same danger anyway,
because there's so much money to be gained
from cracking our banks and intellectual property .
9.26:
. when they talk about remediation costs
they are referring to having their hands tied
by an internet that is inherently insecure;
I wonder what the cost would have been
if we had just rebuilt the internet from scratch
with security in mind .
. can the surveillance proposed by this legislation
make up for the lack of a dual system,
one that promotes anonymity,
and the other that promotes reliability? ]
2012-06-12
unlimited free online storage
6.12: summary:
. there is plenty of free storage online:
2GB from dropbox
5GB from google's g'Drive
7GB from Microsoft's SkyDrive,
and 5GB sync'ing services from
Ubuntu One and Apple's iCloud;
however,
iCloud doesn't sync just any folder:
it sync's your iWork doc's,
and 3rd party app's are free to sync
what's in their sandbox;
it also pushes your itune purchases
to all your devices .
. there are many more free sites too,
and, even some unlimited free plans
as long as you're publicly sharing your files,
or not using an ad'blocker, etc .
. DropBox and SkyDrive may be deleted
if not visited every 90 days;
google's gmail has an inactivity policy
but it's Drive service apparently does not .
5.5: news.cyb/net.dropbox/no passwords needed for hours!:
"( Why I switched from Dropbox to Windows Live Mesh ...)
. there is plenty of free storage online:
2GB from dropbox
5GB from google's g'Drive
7GB from Microsoft's SkyDrive,
and 5GB sync'ing services from
Ubuntu One and Apple's iCloud;
however,
iCloud doesn't sync just any folder:
it sync's your iWork doc's,
and 3rd party app's are free to sync
what's in their sandbox;
it also pushes your itune purchases
to all your devices .
. there are many more free sites too,
and, even some unlimited free plans
as long as you're publicly sharing your files,
or not using an ad'blocker, etc .
. DropBox and SkyDrive may be deleted
if not visited every 90 days;
google's gmail has an inactivity policy
but it's Drive service apparently does not .
5.5: news.cyb/net.dropbox/no passwords needed for hours!:
"( Why I switched from Dropbox to Windows Live Mesh ...)
. dropbox had an amazing lapse in security:
for several hours any password would open any acct!
facebook security options
6.12: summary:
. I enabled secure connection
so that facebook uses https
to encrypt the info it sends to me .
. while doing that I found an
even more important security feature:
if an attempt is made to log in
from a device I don't usually use,
they will text my cell phone
and ask me what was sent
to ensure the user also has my cell phone
as proof it is really me .
. I enabled secure connection
so that facebook uses https
to encrypt the info it sends to me .
. while doing that I found an
even more important security feature:
if an attempt is made to log in
from a device I don't usually use,
they will text my cell phone
and ask me what was sent
to ensure the user also has my cell phone
as proof it is really me .
Subscribe to:
Posts (Atom)
