| |
| Current Topic: Miscellaneous |
|
Cisco’s Wiretap Security Flaws Not Getting Fixed - The Firewall - the world of security - Forbes |
|
|
|---|
| Topic: Miscellaneous |
11:17 pm EDT, Aug 4, 2010 |
Coverage of my talk at Blackhat Vegas. The larger barrier to closing the gaps in networking equipments’ wiretap functions may be what Cross calls a “market failure.” Unlike many security vulnerabilities in products, the product’s buyer isn’t the one who suffers from this flaw. Internet service providers want to make sure they comply with law enforcement’s demands, and agencies who use the intercept function want it to provide the maximum surveillance, with as few people aware of the wiretap as possible. “Network providers aren’t demanding [a fix],” says Cross. “The customer for this is law enforcement. You are not the customer.”
Cisco’s Wiretap Security Flaws Not Getting Fixed - The Firewall - the world of security - Forbes |
|
Legal wiretap mechanisms may be open to abuse within ISPs |
|
|
|---|
| Topic: Miscellaneous |
11:14 pm EDT, Aug 4, 2010 |
Coverage of my talk at Blackhat Vegas. "To me this is bizarre," Cross says, because it makes it impossible to demonstrate that someone has tapped communication illegally. He says he understands law enforcement officials want the feature because it prevents insiders at the ISPs from checking the logs to spot what the cops are tapping and tipping off the parties being investigated. But still, "There's no way to see if a person is lying if they say they didn't tap a line," he says.
Legal wiretap mechanisms may be open to abuse within ISPs |
|
The Volokh Conspiracy - What Is “Project Vigilant,” and Is It Violating the Law? |
|
|
|---|
| Topic: Miscellaneous |
9:08 am EDT, Aug 4, 2010 |
Greenwald’s coverage suggests that the group is in cahoots with the feds, and that it is conducting some sort of mass surveillance of lots of people and then handing over the leads to the federal government. If that is true — which remains unclear to me — then the legality of the project’s work strikes me as questionable.
The Volokh Conspiracy - What Is “Project Vigilant,” and Is It Violating the Law? |
|
US Government performing warrantless Internet wiretapping through EULA loopholes |
|
|
|---|
| Topic: Miscellaneous |
10:46 pm EDT, Aug 3, 2010 |
According to Uber, one of Project Vigilant's manifold methods for gathering intelligence includes collecting information from a dozen regional U.S. Internet service providers (ISPs). Uber declined to name those ISPs, but said that because the companies included a provision allowing them to share users' Internet activities with third parties in their end user license agreements (EULAs), Vigilant was able to legally gather data from those Internet carriers and use it to craft reports for federal agencies. A Vigilant press release says that the organization tracks more than 250 million IP addresses a day and can "develop portfolios on any name, screen name or IP address." "We don't do anything illegal," says Uber. "If an ISP has a EULA to let us monitor traffic, we can work with them. If they don't, we can't."
Jesus Christ! If this is even remotely true it will be a massive scandal. The ISP industry needs to come clean on this now. Hopefully its a bunch of lies. Bejtlich is not buying it. US Government performing warrantless Internet wiretapping through EULA loopholes |
|
Julian Assange Responds to Increasing US Government Attacks on WikiLeaks |
|
|
|---|
| Topic: Miscellaneous |
10:27 pm EDT, Aug 3, 2010 |
Very interesting and up to date interview with Assange: I see this a bit as a floating balloon that Thiessen has put up. Of course, he is no doubt doing it in order to show that he’s at the vanguard of that school of thought. And it will be seen whether that balloon gets shot down or not by the American people. And if it doesn’t get shot down by criticism, then it will be assumed that that behavior is in some way acceptable... If the political will in the United States doesn’t shoot down these floating balloons that Rogers and Thiessen are putting up, then we could see a shift towards finding that behavior or similar behavior acceptable. People have to shoot those statements down; otherwise, they will become the new norm.
Julian Assange Responds to Increasing US Government Attacks on WikiLeaks |
|
Marc A. Thiessen - WikiLeaks must be stopped |
|
|
|---|
| Topic: Miscellaneous |
10:45 pm EDT, Aug 2, 2010 |
I was absolutely horrified by this editorial in the Washington Post in which a former Bush Administration official calls for US Cyber Command to declare war on the Internet by DDOSing wikileaks. (Liz Cheney has also apparently come out in support of this position, so clearly there is a coordinated effort going on here.) Assange recently boasted that he has created "an uncensorable system for untraceable mass document leaking." I am sure this elicited guffaws at the National Security Agency... With the stroke of his pen, the president can authorize USCYBERCOM to protect American and allied forces by eliminating WikiLeaks' ability to disseminate classified information that puts their lives at risk. WikiLeaks represents a clear and present danger to the national security of the United States... Will President Obama stop WikiLeaks from doing so -- or sit back and do nothing?
This would result in a massive counter-reaction from people who don't believe that the United States should use DDOS attacks to censor information it doesn't like on the Internet. The Wikileaks files would end up all over the place and the fundamental question of freedom of speech would completely overshadow the question of whether or not it was irresponsible for wikileaks to repost this material unredacted. US Cyber Command would be forced into an ugly conflict with a large group of the general public, including American citizens, that would have repercussions for years into the future. The mere fact that this has been suggested by these people itself constitutes a significant problem. US Cyber Command has an important mission, but it must now be considered a weapon that may be pointed at the American public, and that fact will cloud future discussions about its development. Stupid. Marc A. Thiessen - WikiLeaks must be stopped |
|
Wikileaks' estranged co-founder becomes a critic (Q&A) | Privacy Inc. - CNET News |
|
|
|---|
| Topic: Miscellaneous |
12:40 am EDT, Jul 31, 2010 |
John Young: You cannot provide any security over the Internet, much less any other form of communication. We actually post periodically warnings not to trust our site. Don't believe us. We offer no protection. You're strictly on your own. We also say don't trust anyone who offers you protection, whether it's the U.S. government or anybody else. That's a story they put out. It's repeated to people who are a little nervous. They think they can always find someone to protect them. No, you can't. You've got to protect yourself. You know where I learned that? From the cypherpunks.
Wikileaks' estranged co-founder becomes a critic (Q&A) | Privacy Inc. - CNET News |
|
WikiTrust: The English Wikipedia is up! |
|
|
|---|
| Topic: Miscellaneous |
8:54 pm EDT, Jul 21, 2010 |
Finally, we are happy to announce that WikiTrust works on the English Wikipedia!
Just install the WikiTrust Firefox extension and visit any page.
Finally! After so many years since my wikipedia paper it is awesome to actually see this! Big ups to the Wikitrust team for making this a reality. Looking at their algorithm page it appears they decided on an approach that is different from my original suggestion: It is possible to compute text trust also based on a mix of text age, and number of revisions for which the text has been present; in fact, it is straightforward to modify WikiTrust to do so. The reason WikiTrust uses also the reputation of authors is to prevent a well-organized set of new users from cheating the system, creating content that gains full trust due to their coordinated revisions. Since new users have low reputation, this type of attack cannot be carried out.
Great work! WikiTrust: The English Wikipedia is up! |
|
