Dic 28 2010

the leaking society

Tag: (i)realidad,01Joaquim Anguas @ 1:33 pm

The general model behind Wikileaks comprises:

  • A system that allows someone (the leaker) to release information to an organization (receiving organization) leaving no traces that lead to him. As a variation, the possible traces may be in the only possession of the receiving organization. In this case the organization either guarantees to keep them secret or destroy them effectively. At last it is a matter of trust: if the leaker trusts the system behind the receiving organization, he will relase the information. Otherwise, he will not.
  • A receiving organization that receives the so called “leaks”, verifies and evaluates them and evacuates them to the public or to some other organizations for publishing (publishing organizations).
  • In case there are publishing organizations involved, they add some context to the leaks and publish them to the public.

Today there are entities working by this model other than Wikileaks which, at least by now, haven’t attracted (much) public attention to them.

All these organizations have had some permeability within their workforce, they share some of the procedures, general systems and tools they use to achieve their goals.

At this point of time most look at the actual scenario these entities draw. Fewer look forward to future scenarios. When they do, most of the attention goes towards the implications in the specific field where they are being used in: international relations and, laterally, journalism.

But once the systems are in place and have proved to be effective (in the case of Wikileaks, the person who is held responsible exposed himself, it was not because of a failure in the system), why should them be kept bound to secrets related to diplomacy?

Once they spread (and they will), why not use them to reveal administration’s misbehaviors?

And why not use them to report the (naughty) private life of famous people or VIPs?

Or to circulate the life of your neighbor, at least?

I bet there’s a market for that…

We’ll see…


Dic 24 2010

The emotional computer

Tag: (i)realidad,01Joaquim Anguas @ 3:07 pm

By analyzing faces, gestures, and tone of voice, it is hoped that machines could be made to be more helpful (hell, we’d settle for “less frustrating”).

From IEEE Spectrum via engadget.


Dic 23 2010

The year in 3D printing

Tag: (i)realidadJoaquim Anguas @ 4:54 pm

3D Printing

Via boingboing.


Dic 21 2010

DDoS

Tag: (i)realidad,01Joaquim Anguas @ 11:19 am

Our research suggests that:

  • DDoS attacks against independent media and human rights sites have been common in the past year, even outside of elections, protests, and military operations. With recent highly publicized DDoS attacks on Wikileaks, and “Operation Payback” attacks by “Anonymous” on sites perceived to oppose Wikileaks, we expect these attacks to become more common.”

2010 Report on Distributed Denial of Service (DDoS) Attacks.

Via boingboing.


Dic 18 2010

On the menu for today: Motion to quash

Tag: Informática LegalJoaquim Anguas @ 6:25 pm

ORDER: denied as moot [7] Motion to Quash. All defendants except Doe 1 are hereby SEVERED from this action. Civil Action No. 3:10-CV-93 SHALL BE assigned to John Doe No. 1 as an individual defendant. Signed by Chief Judge John Preston Bailey on 12/16/2010.

Single action, multiple defendants cases continue their own via crucis. You can find some background here, here and here.

Latest news come from a last wave of cases filled by copyright holders against some thousands of “Does”. Chief Judge John Preston Bailey decided to severe all “Does” but one in the cases he is involved with.

Via arstechnica.


Dic 17 2010

Measuring Stuxnet effects

Tag: (i)realidad,Informática LegalJoaquim Anguas @ 10:34 am

Evidence of continued disruption comes from security firms providing solutions to industrial companies to deal with Stuxnet infections. Eric Byres, an expert from SCADA security firm Tofino Security, told the Post that his company’s website was receiving an increasing number of visits from Iranians in recent weeks, suggesting that dealing with Stuxnet and properly securing industrial automation and control systems was still a problem for the Iranians.

Iranians may consider an anonymous proxy. If they happen to find an anonymous proxy they can rely on (oxymoron?).

This one’s for the SCADA experts around here. Yes, I mean you Pau ;-)

Via arstechnica.

See SCADA, Stuxnet.


Dic 16 2010

SNAFU, Merry Christmas…

Tag: (i)realidad,01,Informática LegalJoaquim Anguas @ 12:01 am

BSD project leader Theo de Raadt received an email from former NETSEC CTO Gregory Perry in which Perry claims he helped FBI to plant backdoors in OpenBSD Cryptographic Framework:

My NDA with the FBI has recently expired, and I wanted to make you
aware of the fact that the FBI implemented a number of backdoors and
side channel key leaking mechanisms into the OCF, for the express
purpose of monitoring the site to site VPN encryption system
implemented by EOUSA, the parent organization to the FBI.”

Some say the leaking mechanisms could be placed on the IPSEC stack.

If this didn’t look bad enough, Perry also suggests that DARPA withdrew his funding on OpenBSD because of this.

From openbsd-tech, via arstechnica.

If you haven’t read this, it’s never too late…

P.S: see SNAFU principle.

UPDATE:

Jason Wright’s response and clear denial.

I’ll put my money where my mouth is.

IPsec gossip.

OpenBSD is a great product, but y’all are too easily trolled.

His NDA with the FBI *expired* so he 1) discloses information that’s
privileged at the very least and a political stick of dynamite at
worst, 2) discloses it in a private forum to an individual known for
his transparency and total lack of tact, 3) doesn’t bother contacting
anyone in the press about it, 4) claims to know various other pundits
are “on the FBI payroll,” and 5) claims that the FBI deliberately
compromised an open source project in order to spy on its parent
organization and other government agencies.

Here’s a tip: when a government organization works with private
contractors to help them spy on other government organizations, those
NDAs don’t fucking expire.

Jesus.”

See original message.

LATERAL:

_NSAKEY.

New UPDATE:

OpenBSD code audit uncovers bugs, but no evidence of backdoor (arstechnica). It does not mean that the audit of the thousands of lines of code involved is over. We’ll have to wait for some months to get a reliable result.

More:

how i stopped worrying and loved the backdoor.

My NDA with the FBI has recently expired, and I wanted to make you
aware of the fact that the FBI implemented a number of backdoors and
side channel key leaking mechanisms into the OCF, for the express
purpose of monitoring the site to site VPN encryption system
implemented by EOUSA, the parent organization to the FBI.

Dic 15 2010

search warrant > court order

Tag: (i)realidad,Informática LegalJoaquim Anguas @ 11:53 am

The Sixth Circuit Court of Appeals has ruled that police must obtain a valid search warrant before accessing a suspect’s e-mail in a criminal investigation.

EFF via arstechnica.

BONUS: Search Warrant Affidavit example via Forensic Focus :-)


Dic 14 2010

Computer Science Education Week

Tag: La ProfesiónJoaquim Anguas @ 6:05 pm

 

http://www.youtube.com/user/csedweek
http://www.csedweek.org/


Dic 13 2010

GSM-based ATM skimmers

Tag: (i)realidad,01,Informática LegalJoaquim Anguas @ 12:23 pm

And at cashout if the hacked ATM is in Europe, that’s approximately 20-25k Euros. So we potentially have already about 20k dollars. Also imagine that if was not GSM sending SMS and to receive tracks it would be necessary to take the equipment from ATM, and during this moment, at 15:00 there comes police and takes off the equipment.
And what now? All operation and your money f#@!&$ up? It would be shame!! Yes? And with GSM the equipment we have the following: Even if there comes police and takes off the equipment, tracks are already on your computer.”

Form krebsonsecurity via BoingBoing.


Página siguiente »