Jun 01 2011

Choose your weapon

Tag: (i)realidad,01,Informática LegalJoaquim Anguas @ 3:25 pm

Under the new framework, the use of a weapon such as Stuxnet could occur only if the president granted approval, even if it were used during a state of hostilities, military officials said. The use of any cyber-weapon would have to be proportional to the threat, not inflict undue collateral damage and avoid civilian casualties.

WP.


May 16 2011

Bitcoins

Tag: 01Joaquim Anguas @ 10:24 am

The benefits of a currency like this:

a) Your coins can’t be frozen (like a Paypal account can be)
b) Your coins can’t be tracked
c) Your coins can’t be taxed
d) Transaction costs are extremely low (sorry credit card companies)”

More info here.

Discussion.

Paper.

Video.

Exchange rate.

Update: good explanation + Q&A.


May 10 2011

Cooperative and defective strategies

Tag: 01,Informática LegalJoaquim Anguas @ 8:56 am

All complex systems contain parasites. In any system of cooperative behavior, an uncooperative strategy will be effective — and the system will tolerate the uncooperatives — as long as they’re not too numerous or too effective. Thus, as a species evolves cooperative behavior, it also evolves a dishonest minority that takes advantage of the honest majority. If individuals within a species have the ability to switch strategies, the dishonest minority will never be reduced to zero. As a result, the species simultaneously evolves two things: 1) security systems to protect itself from this dishonest minority, and 2) deception systems to successfully be parasitic.”

From Schneier on Security.


Dic 28 2010

the leaking society

Tag: (i)realidad,01Joaquim Anguas @ 1:33 pm

The general model behind Wikileaks comprises:

  • A system that allows someone (the leaker) to release information to an organization (receiving organization) leaving no traces that lead to him. As a variation, the possible traces may be in the only possession of the receiving organization. In this case the organization either guarantees to keep them secret or destroy them effectively. At last it is a matter of trust: if the leaker trusts the system behind the receiving organization, he will relase the information. Otherwise, he will not.
  • A receiving organization that receives the so called “leaks”, verifies and evaluates them and evacuates them to the public or to some other organizations for publishing (publishing organizations).
  • In case there are publishing organizations involved, they add some context to the leaks and publish them to the public.

Today there are entities working by this model other than Wikileaks which, at least by now, haven’t attracted (much) public attention to them.

All these organizations have had some permeability within their workforce, they share some of the procedures, general systems and tools they use to achieve their goals.

At this point of time most look at the actual scenario these entities draw. Fewer look forward to future scenarios. When they do, most of the attention goes towards the implications in the specific field where they are being used in: international relations and, laterally, journalism.

But once the systems are in place and have proved to be effective (in the case of Wikileaks, the person who is held responsible exposed himself, it was not because of a failure in the system), why should them be kept bound to secrets related to diplomacy?

Once they spread (and they will), why not use them to reveal administration’s misbehaviors?

And why not use them to report the (naughty) private life of famous people or VIPs?

Or to circulate the life of your neighbor, at least?

I bet there’s a market for that…

We’ll see…


Dic 24 2010

The emotional computer

Tag: (i)realidad,01Joaquim Anguas @ 3:07 pm

By analyzing faces, gestures, and tone of voice, it is hoped that machines could be made to be more helpful (hell, we’d settle for “less frustrating”).

From IEEE Spectrum via engadget.


Dic 21 2010

DDoS

Tag: (i)realidad,01Joaquim Anguas @ 11:19 am

Our research suggests that:

  • DDoS attacks against independent media and human rights sites have been common in the past year, even outside of elections, protests, and military operations. With recent highly publicized DDoS attacks on Wikileaks, and “Operation Payback” attacks by “Anonymous” on sites perceived to oppose Wikileaks, we expect these attacks to become more common.”

2010 Report on Distributed Denial of Service (DDoS) Attacks.

Via boingboing.


Dic 16 2010

SNAFU, Merry Christmas…

Tag: (i)realidad,01,Informática LegalJoaquim Anguas @ 12:01 am

BSD project leader Theo de Raadt received an email from former NETSEC CTO Gregory Perry in which Perry claims he helped FBI to plant backdoors in OpenBSD Cryptographic Framework:

My NDA with the FBI has recently expired, and I wanted to make you
aware of the fact that the FBI implemented a number of backdoors and
side channel key leaking mechanisms into the OCF, for the express
purpose of monitoring the site to site VPN encryption system
implemented by EOUSA, the parent organization to the FBI.”

Some say the leaking mechanisms could be placed on the IPSEC stack.

If this didn’t look bad enough, Perry also suggests that DARPA withdrew his funding on OpenBSD because of this.

From openbsd-tech, via arstechnica.

If you haven’t read this, it’s never too late…

P.S: see SNAFU principle.

UPDATE:

Jason Wright’s response and clear denial.

I’ll put my money where my mouth is.

IPsec gossip.

OpenBSD is a great product, but y’all are too easily trolled.

His NDA with the FBI *expired* so he 1) discloses information that’s
privileged at the very least and a political stick of dynamite at
worst, 2) discloses it in a private forum to an individual known for
his transparency and total lack of tact, 3) doesn’t bother contacting
anyone in the press about it, 4) claims to know various other pundits
are “on the FBI payroll,” and 5) claims that the FBI deliberately
compromised an open source project in order to spy on its parent
organization and other government agencies.

Here’s a tip: when a government organization works with private
contractors to help them spy on other government organizations, those
NDAs don’t fucking expire.

Jesus.”

See original message.

LATERAL:

_NSAKEY.

New UPDATE:

OpenBSD code audit uncovers bugs, but no evidence of backdoor (arstechnica). It does not mean that the audit of the thousands of lines of code involved is over. We’ll have to wait for some months to get a reliable result.

More:

how i stopped worrying and loved the backdoor.

My NDA with the FBI has recently expired, and I wanted to make you
aware of the fact that the FBI implemented a number of backdoors and
side channel key leaking mechanisms into the OCF, for the express
purpose of monitoring the site to site VPN encryption system
implemented by EOUSA, the parent organization to the FBI.

Dic 13 2010

GSM-based ATM skimmers

Tag: (i)realidad,01,Informática LegalJoaquim Anguas @ 12:23 pm

And at cashout if the hacked ATM is in Europe, that’s approximately 20-25k Euros. So we potentially have already about 20k dollars. Also imagine that if was not GSM sending SMS and to receive tracks it would be necessary to take the equipment from ATM, and during this moment, at 15:00 there comes police and takes off the equipment.
And what now? All operation and your money f#@!&$ up? It would be shame!! Yes? And with GSM the equipment we have the following: Even if there comes police and takes off the equipment, tracks are already on your computer.”

Form krebsonsecurity via BoingBoing.


Dic 12 2010

For those who can (and want to) read…

Tag: (i)realidad,01Joaquim Anguas @ 5:21 pm

Simulacra and Simulation (The Body, In Theory: Histories of Cultural Materialism)” , University of Michigan Press, 1995, p106

There is no more hope for meaning. And without a doubt this is a good thing: meaning is mortal. But that on which it has imposed its ephemeral reign, what it hoped to liquidate in order to impose the reign of the Enlightenment, that is, appearances, they, are immortal, invulnerable to the nihilism of meaning or of non-meaning itself.

This is where seduction begins.”

Handle these links with care, you’ve been warned:

<added>

</added>


Dic 06 2010

Secrets…

Go to an esoteric book shop and you’ll find that every book on the shelf (on the Holy Grail, the “mystery” of Rennes-le-Château [a hoax theory concocted to draw tourists to a French town], on the Templars or the Rosicrucians) is a point-by-point rehash of what is already written in older books. And it’s not just because occult authors are averse to doing original research (or don’t know where to look for news about the non-existent), but because those given to the occult only believe what they already know and what corroborates what they’ve already heard.

Umberto Eco


« Página anteriorPágina siguiente »