If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Apple Insider)   U.S. Drug Enforcement Agency openly frustrated that they cannot crack Apple's iMessage encryption to listen in on suspects   (appleinsider.com) divider line 140
    More: Spiffy, DEA, encryption, Mac computers, Internet Crime Complaint Center  
•       •       •

9623 clicks; posted to Main » on 04 Apr 2013 at 3:56 PM (1 year ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



140 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

Archived thread
 
2013-04-04 01:55:21 PM
I thought the #2 mobile OS was better, with all the anti virus programs you can download from Google play.
/Grabs popcorn and holds tight to my lumia 920
 
2013-04-04 02:02:46 PM
It's Drug Enforcement Administration, Not Drug Enforcement Agency.
In any case, those assholes are the problem, not the solution.
 
2013-04-04 02:05:55 PM
Meh.  I can do better with paper and pencil, something not even the NSA can crack.  Ever.
 
2013-04-04 02:18:50 PM
imgs.xkcd.com
 
2013-04-04 02:20:31 PM
DanZero:
imgs.xkcd.com

Assuming this is pointed at me, you can't be expected to remember a long string of random numbers that you destroyed immediately after use.
 
2013-04-04 02:26:25 PM

TommyymmoT: It's Drug Enforcement Administration, Not Drug Enforcement Agency.
In any case, those assholes are the problem, not the solution.


i.imgur.com
 
2013-04-04 03:01:46 PM
why wasnt DEA funding cut by 100%?
absolutely NOTHING would have changed and all that money would have been saved.

I guess that is a question for the small government people. 
WHY does the DEA exist?
 
2013-04-04 03:03:20 PM

dittybopper: DanZero:
[imgs.xkcd.com image 448x274]

Assuming this is pointed at me, you can't be expected to remember a long string of random numbers that you destroyed immediately after use.


Makes it a lot harder for you to decrypt if you neither have nor can remember the key, though.

And sure, here's a block of text from a famous historical document encrypted according to my own uncrackable cipher:

1

Just try to crack that one, guys.
 
2013-04-04 03:12:02 PM
Well bless their hearts.
 
2013-04-04 03:13:43 PM
HR MSG NR 1 GR 9 BT
05231 05231 90079 02269 13953  55743 44189 77571 89058
AR
 
2013-04-04 03:15:09 PM

Krymson Tyde: Well bless their

little pea-picking hearts.

FTFordY.
 
2013-04-04 03:42:36 PM
I'm ok with that
 
2013-04-04 03:43:53 PM
How about just assuming anything you send wirelessly is not going to be secure in any way.
 
2013-04-04 03:47:33 PM
This is terrifying!

If the DEA can't read everybody's texts then the bad guys will win the drug war, causing black men to smoke pot and have sex with white women!


The 4th Amendment is NOT a suicide pact.
 
2013-04-04 03:48:10 PM
What if the DEA cracked the encryption and want all drug dealers to use iMessage now thinking it's safe?

i.imgur.com
 
2013-04-04 04:03:06 PM

WalkingCarpet: What if the DEA cracked the encryption and want all drug dealers to use iMessage now thinking it's safe?

[i.imgur.com image 246x245]


Inception!
 
2013-04-04 04:03:22 PM
Time to switch to iMessage!
 
2013-04-04 04:04:35 PM
There has to be a similar market for ... never mind... off to the patent office.
 
2013-04-04 04:05:11 PM

WalkingCarpet: What if the DEA cracked the encryption and want all drug dealers to use iMessage now thinking it's safe?

[i.imgur.com image 246x245]


Sounds like another issue is that iMessage doesn't use the SMS system.  KiK, Gtalk, etc. may also be safe to use.
 
2013-04-04 04:05:56 PM

Strategeryz0r: WalkingCarpet: What if the DEA cracked the encryption and want all drug dealers to use iMessage now thinking it's safe?

[i.imgur.com image 246x245]

Inception!


That's what I'm thinking.
 
2013-04-04 04:06:45 PM
WalkingCarpet: "What if the DEA cracked the encryption and want all drug dealers to use iMessage now thinking it's safe?"

Drug Dealers use burners.
It's cute to have encryption, but if you're carrying the same tracking beacon 24/7 they'll get plenty of evidence the old fashioned way.
 
2013-04-04 04:09:16 PM

dittybopper: Meh.  I can do better with paper and pencil, something not even the NSA can crack.  Ever.


Just write it in Cherokee, then translate to Sandia man hieroglyph, then back into Navaho.
 
2013-04-04 04:11:30 PM
I didn't submit this link with a funnier headline...but I'm confident someone did.
 
2013-04-04 04:11:37 PM
I have 5000 sheets of random numbers generated from a cosmic ray detector hooked up to a typewriter.

Bring it.

/carrying them around is a biatch tho'
 
2013-04-04 04:11:53 PM

dittybopper: DanZero:
[imgs.xkcd.com image 448x274]

Assuming this is pointed at me, you can't be expected to remember a long string of random numbers that you destroyed immediately after use.


Actually not only is it directed at you, Randall Munro originally created the comic with you in mind.  You're that big a deal.
 
2013-04-04 04:12:04 PM

dittybopper: HR MSG NR 1 GR 9 BT
05231 05231 90079 02269 13953  55743 44189 77571 89058
AR


Okay, I'll ask. I know the layout- that's likely Enigma code. How does one set the machine to decode it, if you know the reel settings?
 
2013-04-04 04:12:32 PM
Encryption, folks.  It's not too hard to set up.
 
2013-04-04 04:12:54 PM
So, what this means is that iMessage is actually the easiest thing for them to spy on and they want everyone who's doing illicit business to use it, right?
 
2013-04-04 04:14:35 PM
You mean they totally have the encryption keys to iMessage and just want you to think that they can't crack it.  Matter of fact if you are to something nefarious they would kindly ask you to use iMessage since this will streamline their wiretaps a good bit.
 
2013-04-04 04:15:37 PM

dittybopper: Meh. I can do better with paper and pencil, something not even the NSA can crack. Ever.


Dilettantes have been telling themselves that for millennia.

It's long been rumored that Microsoft has placed backdoors in Windows for government surveillance. They've never denied this as far as I know. Given the kind of pressure the US government can exert, I don't think anyone would be surprised if they did the same to Apple. This could just be a clever false flag operation. Convince drug dealers and other criminals to use something they know to be cracked wide open, like say iMessage, versus using a service with strong, open source encryption.
 
2013-04-04 04:15:43 PM

Riche: This is terrifying!

If the DEA can't read everybody's texts then the bad guys will win the drug war, causing black men to smoke pot and have sex with white women!


The 4th Amendment is NOT a suicide pact.


Plus, it leads to bestiality, don't ya know.
 
2013-04-04 04:17:08 PM

dittybopper: Meh.  I can do better with paper and pencil, something not even the NSA can crack.  Ever.


If you are referring to using a one-time pad, don't ignore the inconvenience of those pads: they must be shared first.  Why even bother?  Choose a strong enough key, and AES will stand up to the NSA.  (Not forever, but long enough).

 
2013-04-04 04:17:23 PM

dittybopper: HR MSG NR 1 GR 9 BT
05231 05231 90079 02269 13953  55743 44189 77571 89058
AR


You're the reason I enjoy crypto threads, FYI.
 
2013-04-04 04:17:45 PM

Sword and Shield: dittybopper: HR MSG NR 1 GR 9 BT
05231 05231 90079 02269 13953  55743 44189 77571 89058
AR

Okay, I'll ask. I know the layout- that's likely Enigma code. How does one set the machine to decode it, if you know the reel settings?


No it isn't:  Enigma doesn't encrypt numbers.  An Enigma message will consist entirely of letters.

Everything you need to decrypt that is in my profile.

I suggest you also read the Wikipedia articles about straddling checkerboards and  one time pads.
 
2013-04-04 04:18:59 PM

ceebeecates4: dittybopper: Meh.  I can do better with paper and pencil, something not even the NSA can crack.  Ever.

If you are referring to using a one-time pad, don't ignore the inconvenience of those pads: they must be shared first.  Why even bother?  Choose a strong enough key, and AES will stand up to the NSA.  (Not forever, but long enough).


Pads can be transferred face-to-face.  Rare is the person you wish to communicate with that you never meet.
 
2013-04-04 04:19:25 PM
BBM was meant to be "untraceable" during the london riots. IIRC they tried to shut it down at one point
http://m.guardian.co.uk/media/2011/aug/08/london-riots-facebook-twitt e r-blackberry
 
2013-04-04 04:21:18 PM
I'm an android guy, but score one for the fruits.
 
2013-04-04 04:22:11 PM
Nowadays the laptop has only one function for Randy: he uses it to communicate with other people, through e-mail. When he communicates with Avi, he has to use Ordo, which is a tool for taking his ideas and converting them into streams of bits that are almost indistinguishable from white noise, so that they can be sent to Avi in privacy. In exchange, it receives noise from Avi and converts it into Avi's thoughts.

At the moment, Epiphyte has no assets other than information--it is an idea, with some facts and data to back it up. This makes it eminently stealable. So encryption is definitely a good idea. The question is: how much paranoia is really appropriate?
Avi sent him encrypted e-mail:

When you get to Manila I would like you to generate a 4096 bit key pair and keep it on a floppy disk that you carry on your person at all times. Do not keep it on your hard disk. Anyone could break into your hotel room while you're out and steal that key.

Now, Randy pulls down a menu and picks an item labeled: "New key. . ." A box pops up giving him several KEY LENGTH options: 768 bits, 1024, 1536, 2048, 3072, or Custom.

Randy picks the latter option and then, wearily, types in 4096.

Even a 768-bit key requires vast resources to break. Add one bit, to make it 769 bits long, and the number of possible keys doubles, the problem becomes much more difficult. A 770-bit key is that much more difficult yet, and so on. By using 768-bit keys, Randy and Avi could keep their communications secret from nearly every entity in the world for at least the next several years. A 1024-bit key would be vastly, astronomically more difficult to break.

Some people go so far as to use keys 2048 or even 3072 bits in length. These will stop the very best codebreakers on the face of the earth for astronomical periods of time, barring the invention of otherworldly technologies such as quantum computers. Most encryption software--even stuff written by extremely security-conscious cryptography experts--can't even handle keys larger than that. But Avi insists on using Ordo, generally considered the best encryption software in the world, because it can handle keys of unlimited length--as long as you don't mind waiting for it to crunch all the numbers.

Randy begins typing. He is not bothering to look at the screen; he is staring out the window at the lights on the trucks and the jeepneys. He is only using one hand, just flailing away loosely at the keyboard.

Inside Randy's computer is a precise clock. Whenever he strikes a key, Ordo uses that clock to record the current time, down to microseconds. He hits a key at 03:03:56.935788 and he hits another one at 03:05:57.290664, or about .354876 seconds later. Another .372307 seconds later, he hits another one.
Ordo keeps track of all of these intervals and discards the more significant digits (in this example the .35 and the .37) because these parts will tend to be similar from one event to the next.

Ordo wants randomness. It only wants the least significant digits--say, the 76 and the 07 at the very ends of these numbers. It wants a whole lot of random numbers, and it wants them to be very, very random. It is taking somewhat random numbers and feeding them through hash functions that make them even more random. It is running statistical routines on the results to make sure that they contain no hidden patterns. It has breathtakingly high standards for randomness, and it will not stop asking Randy to whack on the keyboard until those standards are met.

The longer the key you are trying to generate, the longer this takes. Randy is trying to generate one that is ridiculously long. He has pointed out to Avi, in an encrypted e-mail message, that if every particle of matter in the universe could be used to construct one single cosmic supercomputer, and this computer was put to work trying to break a 4096-bit encryption key, it would take longer than the lifespan of the universe.

"Using today's technology," Avi shot back. "that is true. But what about quantum computers? And what if new mathematical techniques are developed that can simplify the factoring of large numbers?"

"How long do you want these messages to remain secret?" Randy asked, in his last message before leaving San Francisco. "Five years? Ten years? Twenty-five years?"

After he got to the hotel this afternoon, Randy decrypted and read Avi's answer. It is still hanging in front of his eyes, like the afterimage of a strobe:

I want them to remain secret for as long as men are capable of evil.
 
2013-04-04 04:22:28 PM

barnacleboy: BBM was meant to be "untraceable" during the london riots. IIRC they tried to shut it down at one point
http://m.guardian.co.uk/media/2011/aug/08/london-riots-facebook-twitt e r-blackberry


And I know quoting myself is kinda lame but
"Technology adviser to Boris Johnson likens BBM service to 'text-messaging with steroids'."

http://www.dailymail.co.uk/news/article-2023924/London-riots-2011-Bla c kBerry-Messenger-shut-unbelievable.html
 
2013-04-04 04:23:11 PM

WhoopAssWayne: dittybopper: Meh. I can do better with paper and pencil, something not even the NSA can crack. Ever.

Dilettantes have been telling themselves that for millennia.


It's provably so.  

Better yet, it can be implemented without any resort to electronics.  This is a set of pads I generated with 10-sided dice and a manual typewriter:

i55.tinypic.com

Completely random.
 
2013-04-04 04:24:00 PM

lewismarktwo: Strategeryz0r: WalkingCarpet: What if the DEA cracked the encryption and want all drug dealers to use iMessage now thinking it's safe?

[i.imgur.com image 246x245]

Inception!

That's what I'm thinking.


You'll notice how little time the security agencies spend spreading warnings about how they can't read, say, PGP/GPG-coded messages.  Not sure if that's just a case of 'really, nobody uses it except extreme geeks', or a case of 'let's not entice criminals to use those tools'.
 
2013-04-04 04:25:32 PM

WhoopAssWayne: dittybopper: Meh. I can do better with paper and pencil, something not even the NSA can crack. Ever.

Dilettantes have been telling themselves that for millennia.

It's long been rumored that Microsoft has placed backdoors in Windows for government surveillance. They've never denied this as far as I know. Given the kind of pressure the US government can exert, I don't think anyone would be surprised if they did the same to Apple. This could just be a clever false flag operation. Convince drug dealers and other criminals to use something they know to be cracked wide open, like say iMessage, versus using a service with strong, open source encryption.


What encryption method does iMessage use?  Is it a stream or block cipher?  What is the key strength?  While encryption is mathematically complicated, the concepts of use are not.

Additionally, while I don't expect you to name the "backdoors" you allege Microsoft products contain, (so Windows, Active Directory etc), can you explain how it would communicate benefit the government?  Even if Windows was written by the government, how do you expect to snoop on protected communications?  Other than kernel-based key-logging (which is both unlikely and uni-directional), how exactly would Microsoft relay your traffic to the government?

You mentioned dilettantism.
 
2013-04-04 04:25:44 PM
Lev_Astov: "So, what this means is that iMessage is actually the easiest thing for them to spy on and they want everyone who's doing illicit business to use it, right?"

Or they're about to make (yet another) play to regulate government backdoors in all encrypted communication and need to pretend like they can't do their job or stop so much as the corner dope dealer without it.  Which is more likely.  Because, again, criminals use burners.
 
2013-04-04 04:25:48 PM

THX 1138: Nowadays the laptop has only one function for Randy:


Not sure if you know this, but Stephenson published a collection of short works last year. I'm reading it now and it's worth picking up if you're a fan.
 
2013-04-04 04:27:42 PM
Um... messages are usually sent to be easily read so I really don't want all kinds of custom encryption on my messages so nothing else but an Apple machine can read it. My messages are not very interesting or incriminating anyway.

Encryption is not hard. Use a globally unique identifier as a key and no one will ever, ever decrypt your message without some kind of 'back door'... just don't lose that key.
 
2013-04-04 04:28:14 PM

dittybopper: It's provably so.


Can it stand up to Rubber Hose Cryptanalysis?
 
2013-04-04 04:29:33 PM

mrlewish: You mean they totally have the encryption keys to iMessage and just want you to think that they can't crack it.  Matter of fact if you are to something nefarious they would kindly ask you to use iMessage since this will streamline their wiretaps a good bit.


it isnt that they cant crack it. They need physical access to the device. They are biatching that they can't just demand the info from the provider. They will actually have to get a warrant to search the device.
 
2013-04-04 04:30:16 PM

WhoopAssWayne: THX 1138: Nowadays the laptop has only one function for Randy:

Not sure if you know this, but Stephenson published a collection of short works last year. I'm reading it now and it's worth picking up if you're a fan.


Are you referring to  Some Remarks?  I was curious about it, but held off on buying it because I wasn't sure if it'd be as good as his full-length fiction.  Might have to pick it up on the way home from farking all day er, I mean work.
 
2013-04-04 04:31:24 PM

Sword and Shield: dittybopper: HR MSG NR 1 GR 9 BT
05231 05231 90079 02269 13953  55743 44189 77571 89058
AR

Okay, I'll ask. I know the layout- that's likely Enigma code. How does one set the machine to decode it, if you know the reel settings?


Google *one time pad*

Then look at DITTY's profile to decypher.
 
2013-04-04 04:33:28 PM
Heh, yeah. That's what they want you to think.
 
2013-04-04 04:33:55 PM
Look, all of you obviously know nothing about intelligence work. It's an X-K-Red-27 technique
 
2013-04-04 04:35:39 PM
Anyone can be a suspect, so good. Let the subhuman scum work for a living.

Does this mean the DEA needs to be brought up to speed for every new encryption system or chat program?

DEA officials first discovered that iMessages could be a hinderance to their efforts when a real-time electronic surveillance under the Federal Wiretap Act failed to yield all of a target's text messages.

I am so sure that it was the 'one target' they had difficulties with. I shouldn't be surprised but I am still disgusted. Just because its legal doesn't mean it's right.

/special hatred for dea scum
 
2013-04-04 04:36:52 PM

WhoopAssWayne: It's long been rumored that Microsoft has placed backdoors in Windows for government surveillance.


Rumored?  I think that's pretty much confirmed.  And not just surveillance: you can expect that Microsoft has NSA affiliated programmers hired into staff to put backdoors and zero day exploits into the code of every version of Windows.

You remember how that huge anti-trust case just disappeared?  It probably went something like this: NSA and other government people approached Bill Gates and flat-out told him that if MS agreed to hire X number of programmers into the core Windows team, they would make the anti-trust stuff go away.  Not that the G-men were going to do anything like steal trade secrets, but just to have them there for "emergencies" or other issues of National Security.  Like, oh, I don't know, maybe the day that they need to code a worm that can destroy some Iranian uranium centrifuges.

THAT is the way that Windows now works for out government to take advantage of when they need it.  Heck, for all we know the people in the Clinton Administration saw the future of cyber warfare, tried the pretty-please approach to get their people on the inside of MS, got turned down by Bill Gates, and the anti-trust case was blackmail to hammer Bill Gates into saying YES.
 
2013-04-04 04:37:39 PM

ceebeecates4: What encryption method does iMessage use? Is it a stream or block cipher? What is the key strength? While encryption is mathematically complicated, the concepts of use are not.


Given that it's closed-source, it could be a variation of ROT13 for all we know.

ceebeecates4: while I don't expect you to name the "backdoors" you allege Microsoft products contain


Obviously I'm speculating, but I believe you're being naive if you think microsoft would put up some kind of principled fight if the government asked for such access. As far as communicating the results, it could be as simple as collecting keystrokes and saving them until the warrants get served and the machine gets confiscated. If you want to go the network route, which I think is what you were getting at, then who really monitors what their system sends out? Firewalls are pretty forgiving for anything sent over http, could be a lot of things sent in those headers, etc.
 
2013-04-04 04:38:22 PM
Also, Apple announced that iMessages would be encrypted when they launched the service.  Why did it take the DEA 18 months to figure this out?
 
2013-04-04 04:38:48 PM
Let's be honest.  If you trust the government when they say that they can't crack your system, then you deserve whatever happens when it turns out that they're lying.
 
2013-04-04 04:41:20 PM

THX 1138: Are you referring to Some Remarks? I was curious about it, but held off on buying it because I wasn't sure if it'd be as good as his full-length fiction.


Yes, Some Remarks, and no, it's not as good as his full-length work, but if you're a huge fan it's worth it. It has some interesting short stories, his Gresham College lecture notes, slashdot interview, Salon interview, etc. It's a real hodgepodge.
 
2013-04-04 04:43:08 PM
Dont. You. Believe. It.

sounds like a trap
 
2013-04-04 04:43:21 PM

mrmopar5287: Rumored? I think that's pretty much confirmed. And not just surveillance: you can expect that Microsoft has NSA affiliated programmers hired into staff to put backdoors and zero day exploits into the code of every version of Windows.


That level of paranoia overlooks the basic fact the most paranoid group of people on the entire planet, and the loudest to protest any perceived coercion, is software programmers.

You just can't make conspiracy like that work with skilled worked unless they actually believe they are personally saving lives.
 
2013-04-04 04:43:25 PM
I don't think its reasonable to assume that widely-used encryption schemes have "back doors".  There is nothing a cryptoanalyst would love more than breaking (defeating without brute-forcing) a widely used scheme.  Generally, encryption methods are developed in academia buy math wunderkind who are then checked up on by other wunderkind.

Back doors exist in computer software because once high level code is compiled into executable code, it is virtually unreadable by humans. Complex software tends to be large, with lots of hiding spaces among the binary code.   AES is a scheme that can be described fully on Wikipedia.  It is open, readable and audit-able.

This is why most attacks won't even try to decrypt the ciphertext, but rather compromise the endpoint devices.  (Which may have backdoors programmed in by the behest of the government, especially if the software is proprietary and un-audtiable)
 
2013-04-04 04:44:07 PM

ringersol: WalkingCarpet: "What if the DEA cracked the encryption and want all drug dealers to use iMessage now thinking it's safe?"

Drug Dealers use burners.
It's cute to have encryption, but if you're carrying the same tracking beacon 24/7 they'll get plenty of evidence the old fashioned way.


bingo! cash purchase fresh phones regularly are the cure to what ails ya.
 
2013-04-04 04:45:06 PM

WhoopAssWayne: it's not as good as his full-length work, but if you're a huge fan it's worth it.


Fair enough.  I liked the few short works of his I've seen, like In the Beginning... and Jipi and the Paranoid Chip, so I'll give it a shot.  I appreciate the recommendation.
 
2013-04-04 04:45:07 PM

namatad: why wasnt DEA funding cut by 100%?
absolutely NOTHING would have changed and all that money would have been saved.

I guess that is a question for the small government people.
WHY does the DEA exist?


It's to help prop up prices. The last thing drug dealers want is a bunch of noobs entering the market and depressing prices with excess supply. It hurts their bottom line.
 
2013-04-04 04:45:17 PM

mrmopar5287: WhoopAssWayne: It's long been rumored that Microsoft has placed backdoors in Windows for government surveillance.

Rumored?  I think that's pretty much confirmed.  And not just surveillance: you can expect that Microsoft has NSA affiliated programmers hired into staff to put backdoors and zero day exploits into the code of every version of Windows.

You remember how that huge anti-trust case just disappeared?  It probably went something like this: NSA and other government people approached Bill Gates and flat-out told him that if MS agreed to hire X number of programmers into the core Windows team, they would make the anti-trust stuff go away.  Not that the G-men were going to do anything like steal trade secrets, but just to have them there for "emergencies" or other issues of National Security.  Like, oh, I don't know, maybe the day that they need to code a worm that can destroy some Iranian uranium centrifuges.

THAT is the way that Windows now works for out government to take advantage of when they need it.  Heck, for all we know the people in the Clinton Administration saw the future of cyber warfare, tried the pretty-please approach to get their people on the inside of MS, got turned down by Bill Gates, and the anti-trust case was blackmail to hammer Bill Gates into saying YES.


As far as I am aware no one has ever found a backdoor of any kind into any Microsoft operating system, working or otherwise. The simple presence of code allowing for that kind of operation would have been found by now if it existed. Further, if it existed it would have been exploited by malware authors.

That said - Microsoft doesn't need to include backdoors, the US Government trades in zero-days. Those are better than any built-in backdoor for a multitude of reasons.

Also, what made that anti-trust case go away was the same thing that brought it on. Money.
 
2013-04-04 04:47:01 PM

dittybopper: WhoopAssWayne: dittybopper: Meh. I can do better with paper and pencil, something not even the NSA can crack. Ever.

Dilettantes have been telling themselves that for millennia.

It's provably so.  

Better yet, it can be implemented without any resort to electronics.  This is a set of pads I generated with 10-sided dice and a manual typewriter:



Completely random.


Don't forget to burn the ribbon.
 
2013-04-04 04:48:41 PM
There's a better way.  Just start talking in Navajo with your friends.  Hey, it worked before...
 
2013-04-04 04:49:19 PM

turtleking: Dont. You. Believe. It.

sounds like a trap


DEA - "Oh, we can't seem to break this encryption! Please criminals, don't use this messaging system that we can't monitor and is available on millions of devices!" *wink*
 
2013-04-04 04:49:24 PM
the DEA needs to be shut down and their employees  allowed to pursue productive employment.

Al Capone, Prohibition, Crime
Drug War, Crime,   Dead Prison Wardens, District Attornoys
 
2013-04-04 04:52:04 PM

A Shambling Mound: As far as I am aware no one has ever found a backdoor of any kind into any Microsoft operating system, working or otherwise. The simple presence of code allowing for that kind of operation would have been found by now if it existed. Further, if it existed it would have been exploited by malware authors.


For further proof, plenty of people have run Windows machines behind Linux box firewalls/bit-loggers (which have had code reviewed all the way down), and haven't seen any evidence of unanticipated communications.  Unless they're hiding their communications very cleverly (timing of packets or some such) or communicating some way other than the internet, there's not much evidence of backdoors.
 
2013-04-04 04:53:21 PM

Wittenberg Dropout: Look, all of you obviously know nothing about intelligence work. It's an X-K-Red-27 technique


Are you doing the Litmus Configuration?
 
2013-04-04 04:56:12 PM

Lawnchair: A Shambling Mound: As far as I am aware no one has ever found a backdoor of any kind into any Microsoft operating system, working or otherwise. The simple presence of code allowing for that kind of operation would have been found by now if it existed. Further, if it existed it would have been exploited by malware authors.

For further proof, plenty of people have run Windows machines behind Linux box firewalls/bit-loggers (which have had code reviewed all the way down), and haven't seen any evidence of unanticipated communications.  Unless they're hiding their communications very cleverly (timing of packets or some such) or communicating some way other than the internet, there's not much evidence of backdoors.


Further proof, there have been exactly zero cases of stalking, extortion, exploitation, or other access of data resulting in criminal charges by any member of the Microsoft development team that have popped up.  You really have to stretch the limits of reasonableness to realize how many people would need to be aware of such a thing, and never to have ONCE used it in the course of all the marriages, break ups, divorces, stock decisions, lawsuits, and other myriad of situations in which any single one of the people who would need to be aware of it may have decided to use such a backdoor to target someone inappropriately.  Not one single disgruntled employee, pervert, or corrupt lawyer has been caught using information alleged to have been obtained this way.
 
2013-04-04 04:57:36 PM

WhoopAssWayne: ceebeecates4: What encryption method does iMessage use? Is it a stream or block cipher? What is the key strength? While encryption is mathematically complicated, the concepts of use are not.

Given that it's closed-source, it could be a variation of ROT13 for all we know.

ceebeecates4: while I don't expect you to name the "backdoors" you allege Microsoft products contain

Obviously I'm speculating, but I believe you're being naive if you think microsoft would put up some kind of principled fight if the government asked for such access. As far as communicating the results, it could be as simple as collecting keystrokes and saving them until the warrants get served and the machine gets confiscated. If you want to go the network route, which I think is what you were getting at, then who really monitors what their system sends out? Firewalls are pretty forgiving for anything sent over http, could be a lot of things sent in those headers, etc.


I know its fun to hate on Microsoft, but I believe they  would put up a principled fight against a government's request for a back door.  Here's why: A back door (especially a low-level one such as a system-level keylogger) could never be protected well enough that only its intended user (such as the US government) would find it.  This is why good programmers do  not write back doors.  Imagine if some Ukrainian hacker was able to find the secret keylog cache within every implementation of Windows.  His next step will be to write software that includes a routine to collect this information (The AV companies have NO clue of this vulnerability, so they provide little to no protection) and distribute it.  Back doors simply subvert all the other security mechanisms in place.

Regarding network security :SSL/TLS is a biatch to break.  It doesn't take much at ALL to snoop in on ordinary HTTP/SMTP traffic, and if you do anything you would like to keep private you use end-to-end encryption.

"The government" doesn't have any super powers when it comes to software or math.  Everyone plays by the same rules, so there have been very smart people dealing with how to ensure privacy for awhile.  This is why PGP had export controls on it for awhile.
 
2013-04-04 04:57:55 PM

Uzzah: dittybopper: DanZero:
[imgs.xkcd.com image 448x274]

Assuming this is pointed at me, you can't be expected to remember a long string of random numbers that you destroyed immediately after use.

Makes it a lot harder for you to decrypt if you neither have nor can remember the key, though.

And sure, here's a block of text from a famous historical document encrypted according to my own uncrackable cipher:

1

Just try to crack that one, guys.


Done:

 Since, moveover, for God and the amendment of our kingdom and for the better allaying of the quarrel that has arisen between us and our barons, we have granted all these concessions, desirous that they should enjoy them in complete and firm endurance forever, we give and grant to them the underwritten security, namely, that the barons choose five and twenty barons of the kingdom, whomsoever they will, who shall be bound with all their might, to observe and hold, and cause to be observed, the peace and liberties we have granted and confirmed to them by this our present Charter, so that if we, or our justiciar, or our bailiffs or any one of our officers, shall in anything be at fault towards anyone, or shall have broken any one of the articles of this peace or of this security, and the offense be notified to four barons of the foresaid five and twenty, the said four barons shall repair to us (or our justiciar, if we are out of the realm) and, laying the transgression before us, petition to have that transgression redressed without delay. And if we shall not have corrected the transgression (or, in the event of our being out of the realm, if our justiciar shall not have corrected it) within forty days, reckoning from the time it has been intimated to us (or to our justiciar, if we should be out of the realm), the four barons aforesaid shall refer that matter to the rest of the five and twenty barons, and those five and twenty barons shall, together with the community of the whole realm, distrain and distress us in all possible ways, namely, by seizing our castles, lands, possessions, and in any other way they can, until redress has been obtained as they deem fit, saving harmless our own person, and the persons of our queen and children; and when redress has been obtained, they shall resume their old relations towards us. And let whoever in the country desires it, swear to obey the orders of the said five and twenty barons for the execution of all the aforesaid matters, and along with them, to molest us to the utmost of his power; and we publicly and freely grant leave to everyone who wishes to swear, and we shall never forbid anyone to swear. All those, moveover, in the land who of themselves and of their own accord are unwilling to swear to the twenty five to help them in constraining and molesting us, we shall by our command compel the same to swear to the effect foresaid. And if any one of the five and twenty barons shall have died or departed from the land, or be incapacitated in any other manner which would prevent the foresaid provisions being carried out, those of the said twenty five barons who are left shall choose another in his place according to their own judgment, and he shall be sworn in the same way as the others. Further, in all matters, the execution of which is entrusted,to these twenty five barons, if perchance these twenty five are present and disagree about anything, or if some of them, after being summoned, are unwilling or unable to be present, that which the majority of those present ordain or command shall be held as fixed and established, exactly as if the whole twenty five had concurred in this; and the said twenty five shall swear that they will faithfully observe all that is aforesaid, and cause it to be observed with all their might. And we shall procure nothing from anyone, directly or indirectly, whereby any part of these concessions and liberties might be revoked or diminished; and if any such things has been procured, let it be void and null, and we shall never use it personally or by another.
 
2013-04-04 04:59:56 PM

Wittenberg Dropout: Look, all of you obviously know nothing about intelligence work. It's an X-K-Red-27 technique


The Niners couldn't defend that play worth shiat the entire first half of the Super Bowl. At halftime, they modified "double-red shift 86," which lined up the middle linebacker 2 yards deeper on the slot receiver running the crossing route, but still allowed him to stop a play for short yardage if Flacco audibled to Rice up the A gap. I wish they'd figured it out sooner, but there's always next year.
 
2013-04-04 05:01:28 PM

WhoopAssWayne: dittybopper: It's provably so.

Can it stand up to Rubber Hose Cryptanalysis?


If the pad is destroyed after use and the interrogator can only get a hold of the sender, yes it is.
 
2013-04-04 05:02:15 PM

mrmopar5287: WhoopAssWayne: It's long been rumored that Microsoft has placed backdoors in Windows for government surveillance.

Rumored?  I think that's pretty much confirmed.  And not just surveillance: you can expect that Microsoft has NSA affiliated programmers hired into staff to put backdoors and zero day exploits into the code of every version of Windows.

You remember how that huge anti-trust case just disappeared?  It probably went something like this: NSA and other government people approached Bill Gates and flat-out told him that if MS agreed to hire X number of programmers into the core Windows team, they would make the anti-trust stuff go away.  Not that the G-men were going to do anything like steal trade secrets, but just to have them there for "emergencies" or other issues of National Security.  Like, oh, I don't know, maybe the day that they need to code a worm that can destroy some Iranian uranium centrifuges.


Perhaps my tinfoil hat is on too tightly, but I actually buy this post.
 
2013-04-04 05:03:38 PM
Meanwhile the NSA chuckles.
 
2013-04-04 05:05:01 PM

Lt. Cheese Weasel: There's a better way.  Just start talking in Navajo with your friends.  Hey, it worked before...


Yeah, right. Like Rosetta Stone doesn't have a backdoor.
 
2013-04-04 05:05:02 PM

namatad: why wasnt DEA funding cut by 100%?
absolutely NOTHING would have changed and all that money would have been saved.

I guess that is a question for the small government people. 
WHY does the DEA exist?


Because pot makes you do things that Jebus doesn't like.
 
2013-04-04 05:06:20 PM

FizixJunkee: mrmopar5287: WhoopAssWayne: It's long been rumored that Microsoft has placed backdoors in Windows for government surveillance.

Rumored?  I think that's pretty much confirmed.  And not just surveillance: you can expect that Microsoft has NSA affiliated programmers hired into staff to put backdoors and zero day exploits into the code of every version of Windows.

You remember how that huge anti-trust case just disappeared?  It probably went something like this: NSA and other government people approached Bill Gates and flat-out told him that if MS agreed to hire X number of programmers into the core Windows team, they would make the anti-trust stuff go away.  Not that the G-men were going to do anything like steal trade secrets, but just to have them there for "emergencies" or other issues of National Security.  Like, oh, I don't know, maybe the day that they need to code a worm that can destroy some Iranian uranium centrifuges.

Perhaps my tinfoil hat is on too tightly, but I actually buy this post.


Because it makes sense on a number of fundamental levels.
 
2013-04-04 05:07:14 PM

Lt. Cheese Weasel: There's a better way.  Just start talking in Navajo with your friends.  Hey, it worked before...


It worked out great for the Navajo Indians!
 
2013-04-04 05:07:29 PM

Mitch Taylor's Bro: Lt. Cheese Weasel: There's a better way.  Just start talking in Navajo with your friends.  Hey, it worked before...

Yeah, right. Like Rosetta Stone doesn't have a backdoor.


The Japs made Rosetta Stone?  Has anyone informed the military yet?  We're screwed!  Oh, wait,...we won that one.  Nevermind.
 
2013-04-04 05:07:51 PM

mrmopar5287: WhoopAssWayne: It's long been rumored that Microsoft has placed backdoors in Windows for government surveillance.

Rumored?  I think that's pretty much confirmed.  And not just surveillance: you can expect that Microsoft has NSA affiliated programmers hired into staff to put backdoors and zero day exploits into the code of every version of Windows.

You remember how that huge anti-trust case just disappeared?  It probably went something like this: NSA and other government people approached Bill Gates and flat-out told him that if MS agreed to hire X number of programmers into the core Windows team, they would make the anti-trust stuff go away.  Not that the G-men were going to do anything like steal trade secrets, but just to have them there for "emergencies" or other issues of National Security.  Like, oh, I don't know, maybe the day that they need to code a worm that can destroy some Iranian uranium centrifuges.

THAT is the way that Windows now works for out government to take advantage of when they need it.  Heck, for all we know the people in the Clinton Administration saw the future of cyber warfare, tried the pretty-please approach to get their people on the inside of MS, got turned down by Bill Gates, and the anti-trust case was blackmail to hammer Bill Gates into saying YES.


You don't happen to have any evidence of this, do you?
 
2013-04-04 05:14:01 PM

nocturnal001: namatad: why wasnt DEA funding cut by 100%?
absolutely NOTHING would have changed and all that money would have been saved.

I guess that is a question for the small government people.
WHY does the DEA exist?

Because pot makes you do things that Jebus doesn't like.


Giggle, nap, and eat lovely banana bread?
 
2013-04-04 05:14:20 PM

WhoopAssWayne: dittybopper: It's provably so.

Can it stand up to Rubber Hose Cryptanalysis?


This, If "any code can be cracked" then governments wouldn't pass laws to force YOU to give up your passwords: they would simply crack the encryption on your device without involving you at all. If the government wants your password, the only thing that's going to get cracked is your skull.

(Distributed.net use to run cracking contests. It took 10,000 computers nearly 3 months to brute-force a 56-bit key. 128 bit keys are the current minimum standard for Internet banking and programs like truCrypt can encrypt with 4096 bit keys. )
 
2013-04-04 05:15:38 PM
I am sure the article is meant to see Apple in shining armor to all the hipsters chatting about PBR

Govt just has to ask for it for security reasons and Apple coughs everything up.
 
2013-04-04 05:16:31 PM

nocturnal001: namatad: why wasnt DEA funding cut by 100%?
absolutely NOTHING would have changed and all that money would have been saved.

I guess that is a question for the small government people. 
WHY does the DEA exist?

Because pot makes you do things that Jebus doesn't like.


like help poor people?
 
2013-04-04 05:17:12 PM

Lt. Cheese Weasel: Mitch Taylor's Bro: Lt. Cheese Weasel: There's a better way.  Just start talking in Navajo with your friends.  Hey, it worked before...

Yeah, right. Like Rosetta Stone doesn't have a backdoor.

The Japs made Rosetta Stone?  Has anyone informed the military yet?  We're screwed!  Oh, wait,...we won that one.  Nevermind.


No, they were too busy stormin' the beach at Normandy.

/ he's on a roll
 
GBB
2013-04-04 05:20:43 PM
Or, it's super easy to crack and the DEA is trying to get more people to use it for nefarious reasons so they can be spied on.
 
2013-04-04 05:25:55 PM

Random Anonymous Blackmail: I am sure the article is meant to see Apple in shining armor to all the hipsters chatting about PBR

Govt just has to ask for it for security reasons and Apple coughs everything up.


I didn't care about personal privacy or the 4th amendment before it was cool to not care about it.
 
2013-04-04 05:28:48 PM

Infernalist: FizixJunkee: mrmopar5287: WhoopAssWayne: It's long been rumored that Microsoft has placed backdoors in Windows for government surveillance.

Rumored?  I think that's pretty much confirmed.  And not just surveillance: you can expect that Microsoft has NSA affiliated programmers hired into staff to put backdoors and zero day exploits into the code of every version of Windows.

You remember how that huge anti-trust case just disappeared?  It probably went something like this: NSA and other government people approached Bill Gates and flat-out told him that if MS agreed to hire X number of programmers into the core Windows team, they would make the anti-trust stuff go away.  Not that the G-men were going to do anything like steal trade secrets, but just to have them there for "emergencies" or other issues of National Security.  Like, oh, I don't know, maybe the day that they need to code a worm that can destroy some Iranian uranium centrifuges.

Perhaps my tinfoil hat is on too tightly, but I actually buy this post.

Because it makes sense on a number of fundamental levels.


Obviously you skipped a few posts that make even more sense. People who believe there are secret Government-accesible backdoors in Microsoft products usually don't understand 1) how software works 2) how two-way network communications work and 3) the unbelievable level of culpability on Microsoft's part should something like that be compromised, allowing unfettered access to hundreds of millions of computers worldwide.

There is no "backdoor" in Windows. There just isn't. Period. There are, however, a bajillion different ways to create backdoors into Windows, many of which probably are only known to the people that use them. That is a very different thing, however.

Not only does the idea not make sense on a fundamental level, it literally flies in the face of reason.
 
2013-04-04 05:33:45 PM
I communicate only with emoji, break that code boys!
 
2013-04-04 05:36:40 PM

UnspokenVoice: mrmopar5287: WhoopAssWayne: It's long been rumored that Microsoft has placed backdoors in Windows for government surveillance.

Rumored?  I think that's pretty much confirmed.  And not just surveillance: you can expect that Microsoft has NSA affiliated programmers hired into staff to put backdoors and zero day exploits into the code of every version of Windows.

You remember how that huge anti-trust case just disappeared?  It probably went something like this: NSA and other government people approached Bill Gates and flat-out told him that if MS agreed to hire X number of programmers into the core Windows team, they would make the anti-trust stuff go away.  Not that the G-men were going to do anything like steal trade secrets, but just to have them there for "emergencies" or other issues of National Security.  Like, oh, I don't know, maybe the day that they need to code a worm that can destroy some Iranian uranium centrifuges.

THAT is the way that Windows now works for out government to take advantage of when they need it.  Heck, for all we know the people in the Clinton Administration saw the future of cyber warfare, tried the pretty-please approach to get their people on the inside of MS, got turned down by Bill Gates, and the anti-trust case was blackmail to hammer Bill Gates into saying YES.

You don't happen to have any evidence of this, do you?


http://en.m.wikipedia.org/wiki/Windows_Metafile_vulnerability#section_ 6
 
2013-04-04 05:39:29 PM

dittybopper: HR MSG NR 1 GR 9 BT
05231 05231 90079 02269 13953  55743 44189 77571 89058
AR


ladybaseballopinions.files.wordpress.com
cdn.gunaxin.com
 
2013-04-04 05:46:10 PM

dittybopper: Meh.  I can do better with paper and pencil, something not even the NSA can crack.  Ever.


And that's just your regular handwriting!


/understands
 
2013-04-04 05:46:14 PM

libranoelrose: UnspokenVoice: mrmopar5287: WhoopAssWayne: It's long been rumored that Microsoft has placed backdoors in Windows for government surveillance.

Rumored?  I think that's pretty much confirmed.  And not just surveillance: you can expect that Microsoft has NSA affiliated programmers hired into staff to put backdoors and zero day exploits into the code of every version of Windows.

You remember how that huge anti-trust case just disappeared?  It probably went something like this: NSA and other government people approached Bill Gates and flat-out told him that if MS agreed to hire X number of programmers into the core Windows team, they would make the anti-trust stuff go away.  Not that the G-men were going to do anything like steal trade secrets, but just to have them there for "emergencies" or other issues of National Security.  Like, oh, I don't know, maybe the day that they need to code a worm that can destroy some Iranian uranium centrifuges.

THAT is the way that Windows now works for out government to take advantage of when they need it.  Heck, for all we know the people in the Clinton Administration saw the future of cyber warfare, tried the pretty-please approach to get their people on the inside of MS, got turned down by Bill Gates, and the anti-trust case was blackmail to hammer Bill Gates into saying YES.

You don't happen to have any evidence of this, do you?

http://en.m.wikipedia.org/wiki/Windows_Metafile_vulnerability#section _ 6


Do you know what you are linking?  Did you read past the second paragraph?  Do you understand the difference between exploiting a bug and  intentionallycoding in a back door?

From the second paragraph : The vulnerability is located in gdi32.dll and exists in all versions of Microsoft Windows from Windows 3.0 to Windows Server 2003 R2. However, attack vectors only exist in NT-based versions of Windows (Windows NT, Windows 2000, Windows XP and Windows Server 2003). Exploits taking advantage of the vulnerability on Windows NT-based systems facilitated the propagation of various types of malware, typically through drive-by downloads.

From the "Accusations" sub section :An independent examination of the vulnerability by Steve Gibson of Gibson Research had suggested that the peculiar nature of the 'bug' was an indication that the vulnerability was actually a backdoor engineered consciously into the system.[10] Some sources have questioned this conclusion.[11][12][13] Steve Gibson has since clarified[4] that his use of the term backdoor was never intended to imply anything done by malicious intent. He still maintains that the backdoor was intentional, though not necessarily intended by Microsoft (e.g. an employee may have put it in without Microsoft's knowledge).
 
2013-04-04 05:47:43 PM

ceebeecates4: Do you know what you are linking? Did you read past the second paragraph? Do you understand the difference between exploiting a bug and intentionallycoding in a back door?


Yes I understand all of that. That's why I linked directly to section 6.

It's been done before, why couldn't it be done again?
 
2013-04-04 05:59:03 PM

UnspokenVoice: You don't happen to have any evidence of this, do you?


All I do is look back to when I thought "A telecom company would NEVER just hand over their internet traffic to the government.  They have respect for privacy in the responsibility they have when carrying private communications."

And we all know how that turned out.  So why would you expect Microsoft to have unimpeachable morals?
 
2013-04-04 06:00:58 PM
besuretodrinkyourovaltine
 
2013-04-04 06:02:39 PM
besuretorefreshbeforeposting
 
2013-04-04 06:12:50 PM

ringersol: Or they're about to make (yet another) play to regulate government backdoors in all encrypted communication and need to pretend like they can't do their job or stop so much as the corner dope dealer without it. Which is more likely. Because, again, criminals use burners.


That's disturbingly likely, actually, considering the anti-hacking and computer security bills they're "just now preparing" for the north korean situation..
 
2013-04-04 06:14:29 PM
The thing about backdoors is...it's all plaintext when it hits the CPU tubes.
 
2013-04-04 06:14:30 PM

WhoopAssWayne: dittybopper: Meh. I can do better with paper and pencil, something not even the NSA can crack. Ever.

Dilettantes have been telling themselves that for millennia.

It's long been rumored that Microsoft has placed backdoors in Windows for government surveillance. They've never denied this as far as I know. Given the kind of pressure the US government can exert, I don't think anyone would be surprised if they did the same to Apple. This could just be a clever false flag operation. Convince drug dealers and other criminals to use something they know to be cracked wide open, like say iMessage, versus using a service with strong, open source encryption.


They repeatedly deny such conspiracy theories.

http://borepatch.blogspot.com/2009/11/microsoft-no-nsa-back-door-in-w i ndows-7.html?m=1
 
2013-04-04 06:16:10 PM
Jury nullification is all you need to know.
 
2013-04-04 06:17:49 PM

mrmopar5287: UnspokenVoice: You don't happen to have any evidence of this, do you?

All I do is look back to when I thought "A telecom company would NEVER just hand over their internet traffic to the government.  They have respect for privacy in the responsibility they have when carrying private communications."

And we all know how that turned out.  So why would you expect Microsoft to have unimpeachable morals?


Your examples bear no similarity and this has nothing to do with morals. A telco handing data to the government is no more surprising than an ISP doing the same, and we all know they do so. Microsoft would cooperate in the same manner if they possessed user data on file that the government desired, of that I have no doubt. Intentionally building a point of entry into an operating system? Hell no. It would entirely obviate any attempts at security from that point forward. Also, do you think the US government would be using operating systems on it's own computers (some containing extremely sensitive data) that has a backdoor they know exists? Why do we have to develop malware like Flame or Gauss if we already have theoretical access to every computer running Windows worldwide? We could crack open Iran and China like a pistachio in a hardware shredder. By that same token, they could do the same to us and I promise you the US Government would be having NONE of that.

As I mentioned in an earlier post, there are a multitude of zero-day exploits out there that can be used to accomplish anything a built-in backdoor would. If you want to say that there are exploits that MS is aware of and that they have not patched at the behest of the US government, I could maybe find some credulity for you but there is just no way there is a functional backdoor in any version of Windows that was placed there specifically at the request of the government.

Sorry, ain't buying it.
 
2013-04-04 06:21:21 PM
Is there any software that an Android user can purchase to block the DEA or anyone from listening in on your device?
 
2013-04-04 06:21:52 PM
Hm.

Very very good to know.
 
2013-04-04 06:26:35 PM

namatad: why wasnt DEA funding cut by 100%?
absolutely NOTHING would have changed and all that money would have been saved.

I guess that is a question for the small government people. 
WHY does the DEA exist?


To keep private prisons at capacity.
 
2013-04-04 06:26:51 PM

A Shambling Mound: Also, do you think the US government would be using operating systems on it's own computers (some containing extremely sensitive data) that has a backdoor they know exists?
Sorry, ain't buying it.


The government has their own custom distribution of Windows for their computers.  Something about the Air Force office of information technology does their own patching of exploits and has their own distributions that are rolled out onto government computers.  The US government has access to take the exploits out of their own computers (but leave it into the retail distributions sold to everyone else).

Why do we have to develop malware like Flame or Gauss if we already have theoretical access to every computer running Windows worldwide? We could crack open Iran and China like a pistachio in a hardware shredder.

You use malware like that for the petty stuff that you know will leak into the news, or be easily discovered.  That's plausible deniability stuff that can be jettisoned overboard when you need a disposable excuse to put on the news.  You save the deep, built-in exploits for serious spying: emergencies and other stuff that is so clandestine that it will NEVER be discussed outside the high-level people at the top.
 
2013-04-04 06:29:15 PM
IF THEY'D ONLY GO AHEAD AND LEGALIZE APPLE ONLY THE DIRTY SINNERS WOULD DO IT.
 
2013-04-04 06:31:13 PM

dittybopper: Rare is the person you wish to communicate with that you never meet.


there is strong medicine in your wampum
 
2013-04-04 06:40:55 PM
Meh, I just load all my messages with hot words in my signature....words like:

nuclear
jihad
9-11
assassination
happy birthday
soon
obama
iraq
drones
sharia
babylon
destroy
ashes
vengance
allah
ruby ridge
virgins
martyr
bin laden

You know, just to clog up a few cycles at the NSA

/welcome to the watchlist, everyone in this thread
 
2013-04-04 06:56:15 PM

mrmopar5287: A Shambling Mound: Also, do you think the US government would be using operating systems on it's own computers (some containing extremely sensitive data) that has a backdoor they know exists?
Sorry, ain't buying it.

The government has their own custom distribution of Windows for their computers.  Something about the Air Force office of information technology does their own patching of exploits and has their own distributions that are rolled out onto government computers.  The US government has access to take the exploits out of their own computers (but leave it into the retail distributions sold to everyone else).

Why do we have to develop malware like Flame or Gauss if we already have theoretical access to every computer running Windows worldwide? We could crack open Iran and China like a pistachio in a hardware shredder.

You use malware like that for the petty stuff that you know will leak into the news, or be easily discovered.  That's plausible deniability stuff that can be jettisoned overboard when you need a disposable excuse to put on the news.  You save the deep, built-in exploits for serious spying: emergencies and other stuff that is so clandestine that it will NEVER be discussed outside the high-level people at the top.


Wow, okay, I give up.  I will simply re-iterate one last time because I almost feel like it's just bouncing off - there is no government sponsored backdoor built into Windows. It is simply not there. It does not exist. It is a non-thing.

Also, I do not wish to sign up for your newsletter.
 
2013-04-04 07:13:26 PM
Straight talk phones at Walmart are like 20$, they take no information other than a zip code to start up, use them for a month or two, only turn them on when you need to use them, and sell your drugs in peace.
 
2013-04-04 07:26:01 PM

90supraT: Straight talk phones at Walmart are like 20$, they take no information other than a zip code to start up, use them for a month or two, only turn them on when you need to use them, and sell your drugs in peace.


www.american-buddha.com
 
2013-04-04 07:27:51 PM

JohnnyRebel88: Is there any software that an Android user can purchase to block the DEA or anyone from listening in on your device?


In what sense?

If you're calling or getting calls from the standard telephone network, they're decrypted and turned into standard, unencrypted, 8kHz telephone audio somewhere along the line.  Which is tappable.

If you had two Android devices with the same end-to-end encryption software on them (which is out there), then it's as good as that encryption is against how good the listeners are, same as any other end-to-end-encryption.
 
2013-04-04 07:30:39 PM

drjekel_mrhyde: I thought the #2 mobile OS was better, with all the anti virus programs you can download from Google play.
/Grabs popcorn and holds tight to my lumia 920


I'm so sorry that you bought a shiat phone.

/Not that I've ever tried one, but adverts, segments of TV paid for to put your product in its best light,  make the Lumia look shiat.
//Zune 2.0?
 
2013-04-04 08:01:13 PM

Big_Fat_Liar: Uzzah: dittybopper: DanZero:
[imgs.xkcd.com image 448x274]

Assuming this is pointed at me, you can't be expected to remember a long string of random numbers that you destroyed immediately after use.

Makes it a lot harder for you to decrypt if you neither have nor can remember the key, though.

And sure, here's a block of text from a famous historical document encrypted according to my own uncrackable cipher:

1

Just try to crack that one, guys.

Done:

 Since, moveover, for God and the amendment of our kingdom and for the better allaying of the quarrel that has arisen between us and our barons, we have granted all these concessions, desirous that they should enjoy them in complete and firm endurance forever, we give and grant to them the underwritten security, namely, that the barons choose five and twenty barons of the kingdom, whomsoever they will, who shall be bound with all their might, to observe and hold, and cause to be observed, the peace and liberties we have granted and confirmed to them by this our present Charter, so that if we, or our justiciar, or our bailiffs or any one of our officers, shall in anything be at fault towards anyone, or shall have broken any one of the articles of this peace or of this security, and the offense be notified to four barons of the foresaid five and twenty, the said four barons shall repair to us (or our justiciar, if we are out of the realm) and, laying the transgression before us, petition to have that transgression redressed without delay. And if we shall not have corrected the transgression (or, in the event of our being out of the realm, if our justiciar shall not have corrected it) within forty days, reckoning from the time it has been intimated to us (or to our justiciar, if we should be out of the realm), the four barons aforesaid shall refer that matter to the rest of the five and twenty barons, and those five and twenty barons shall, together with the community of the whole realm, distrain and distress us in al ...


What?  Goddammit, I screwed up the math, forgot to carry the one and ended up with ten pages of Lorem Ipsum.

It's always the little things that screw up my code breaking attempts.
 
2013-04-04 08:08:23 PM

vudukungfu: dittybopper: Meh.  I can do better with paper and pencil, something not even the NSA can crack.  Ever.

Just write it in Cherokee, then translate to Sandia man hieroglyph, then back into Navaho.


Then into WingDings.
 
2013-04-04 09:19:03 PM

dittybopper: Meh.  I can do better with paper and pencil, something not even the NSA can crack.  Ever.


Have you been watching The Americans on FX? I love the old school spycraft in the show. The showrunner is ex-CIA officer, so I would expect it to be pretty accurate in terms of the spy stuff, aside from some artistic license and stuff that is changed for the sake of not revealing "trade secrets" that are still classified.
 
2013-04-04 09:48:04 PM
what the hell am I doing wrong?

05231 05231 90079 02269 13953 55743 44189 77571 89058 (encrypted)
      05231 88254 83402 02029 48286 92288 75235 74209 (key)
            12825 29867 11934 17567 52901 02346 15859 (diff)
             des  ureto  crin  k yo  ura  bsint  he / (lookup from checkerboard table)
             bes  ureto  drin  k yo  uro  valti  ne / (presumed known correct output)
 
2013-04-04 09:54:17 PM
The chair is against the wall.
The brown dog is wet.
The bell rings six times at night.

Break THAT code b*tches.
 
2013-04-04 09:58:07 PM
posted while thinking too analytically - ok, I get the absinthe part, but still not sure why I get "de" instead of "be", and "crink" instead of "drink".
 
2013-04-04 10:10:27 PM
I'm all for encrypting the whole Internet and anything on it or stored. If should be illegal to not encrypt any form of communications.
 
2013-04-04 10:15:34 PM

mrmopar5287: UnspokenVoice: You don't happen to have any evidence of this, do you?

All I do is look back to when I thought "A telecom company would NEVER just hand over their internet traffic to the government.  They have respect for privacy in the responsibility they have when carrying private communications."

And we all know how that turned out.  So why would you expect Microsoft to have unimpeachable morals?


There were other large Telecom companies that were approached who did not participate with the government in that effort.  They weren't forced to participate because there weren't any legitimate warrants or subpoenas for this traffic.  If there were (legitimate) warrants, then everyone that was asked, would have been forced to participate and the backlash would have been strictly on the government and not on the carriers who succumbed to the pressure to cooperate.  My personal opinion is that gobs of money paying the best lawyers is what kept Microsoft from getting terribly damaged by all of the lawsuits the government has put on them over the years and not some form of quid pro quo.  There entire business would be shot to hell if it was ever found (and it would be eventually found) that back doors for the government were installed.  I don't think Microsoft has unimpeachable morals either.  I just think even they are not that stupid such that they would willingly participate in that kind of request.
 
2013-04-04 11:28:52 PM
I guess just going to a judge, getting warrants and asking for Apple to send them transcripts just goes against the DEA's moral code or something.
 
2013-04-05 01:36:41 AM

dittybopper: HR MSG NR 1 GR 9 BT
05231 05231 90079 02269 13953  55743 44189 77571 89058
AR


"Don't forget to drink your Ovaltine."

-Lawrence Pritchard Waterhouse
 
2013-04-05 01:51:19 AM
Goddammit Tax Boy! I even "Ctrl-F"ed to make sure I wasn't stepping on toes. And you go hand encrypt your message in a jpg.

/-shakes tiny fist
 
2013-04-05 04:23:35 AM

libranoelrose: UnspokenVoice: mrmopar5287: WhoopAssWayne: It's long been rumored that Microsoft has placed backdoors in Windows for government surveillance.

Rumored?  I think that's pretty much confirmed.  And not just surveillance: you can expect that Microsoft has NSA affiliated programmers hired into staff to put backdoors and zero day exploits into the code of every version of Windows.

You remember how that huge anti-trust case just disappeared?  It probably went something like this: NSA and other government people approached Bill Gates and flat-out told him that if MS agreed to hire X number of programmers into the core Windows team, they would make the anti-trust stuff go away.  Not that the G-men were going to do anything like steal trade secrets, but just to have them there for "emergencies" or other issues of National Security.  Like, oh, I don't know, maybe the day that they need to code a worm that can destroy some Iranian uranium centrifuges.

THAT is the way that Windows now works for out government to take advantage of when they need it.  Heck, for all we know the people in the Clinton Administration saw the future of cyber warfare, tried the pretty-please approach to get their people on the inside of MS, got turned down by Bill Gates, and the anti-trust case was blackmail to hammer Bill Gates into saying YES.

You don't happen to have any evidence of this, do you?

http://en.m.wikipedia.org/wiki/Windows_Metafile_vulnerability#section _ 6


LOL! That's, umm, some strange evidence.
 
2013-04-05 04:26:16 AM

mrmopar5287: UnspokenVoice: You don't happen to have any evidence of this, do you?

All I do is look back to when I thought "A telecom company would NEVER just hand over their internet traffic to the government.  They have respect for privacy in the responsibility they have when carrying private communications."

And we all know how that turned out.  So why would you expect Microsoft to have unimpeachable morals?


See, no. I never thought that. I expected they'd hand data and access to the government because they're a shiatty company. Maybe I'm old and jaded but I wasn't the least bit surprised.
 
2013-04-05 04:29:10 AM

A Shambling Mound: As I mentioned in an earlier post, there are a multitude of zero-day exploits out there that can be used to accomplish anything a built-in backdoor would. If you want to say that there are exploits that MS is aware of and that they have not patched at the behest of the US government, I could maybe find some credulity for you but there is just no way there is a functional backdoor in any version of Windows that was placed there specifically at the request of the government.


I could see MS denying a 0-day and not patching it back when they were much more lax but I can't see them keeping it unpatched at the behest of a governing body nor could I imagine a government body requesting such a thing for fear that they'd be liable to the same intrusion technique.
 
2013-04-05 07:36:29 AM

WhoopAssWayne: dittybopper: It's provably so.

Can it stand up to Rubber Hose Cryptanalysis?


Absolutely.  Because you can't remember hundreds or thousands of random numbers you only saw once or twice, then destroyed.

No amount of beating is going to make you remember something you aren't capable of remembering.  That's one of the major features of a one-time pad:  Employed correctly, it's absolutely immune to all forms of cryptanalysis, including the kinetic forms.
 
2013-04-05 07:43:31 AM

whither_apophis: Don't forget to burn the ribbon.


For well-worn fabric ribbons, you don't have to.  The palimpsest is too deep to extract useful information.  But if you want to be ultra-paranoid, well, typewriter ribbons are cheap, so go ahead.
 
2013-04-05 07:53:34 AM

NutWrench: WhoopAssWayne: dittybopper: It's provably so.

Can it stand up to Rubber Hose Cryptanalysis?

This, If "any code can be cracked" then governments wouldn't pass laws to force YOU to give up your passwords: they would simply crack the encryption on your device without involving you at all. If the government wants your password, the only thing that's going to get cracked is your skull.

(Distributed.net use to run cracking contests. It took 10,000 computers nearly 3 months to brute-force a 56-bit key. 128 bit keys are the current minimum standard for Internet banking and programs like truCrypt can encrypt with 4096 bit keys. )


Consider this:  One-time pads use a key the same length as the sum total of the lengths of all the messages added together, and the key is completely random so no amount of analysis can ever be used to divine a pattern because there is none.

If you try to brute-force a solution, all you will do is generate every possible solution of the same length.  Was the message "Kill Bill", "Kiss Kate", or "Flew away", or any other possible combination that length?  No way to tell.  Ever.
 
2013-04-05 08:01:02 AM

i squared: what the hell am I doing wrong?

05231 05231 90079 02269 13953 55743 44189 77571 89058 (encrypted)
      05231 88254 83402 02029 48286 92288 75235 74209 (key)
            12825 29867 11934 17567 52901 02346 15859 (diff)
             des  ureto  crin  k yo  ura  bsint  he / (lookup from checkerboard table)
             bes  ureto  drin  k yo  uro  valti  ne / (presumed known correct output)


This is a case of your presumptions getting in the way of your solution.  Look up the part I bolded on Wikipedia.

Also, I appeared to make a couple of mistakes.  I was rushing.
 
2013-04-05 08:02:38 AM

Mad_Radhu: dittybopper: Meh.  I can do better with paper and pencil, something not even the NSA can crack.  Ever.

Have you been watching The Americans on FX? I love the old school spycraft in the show. The showrunner is ex-CIA officer, so I would expect it to be pretty accurate in terms of the spy stuff, aside from some artistic license and stuff that is changed for the sake of not revealing "trade secrets" that are still classified.


Don't watch it.  Don't really need to, actually.  I'm an ex-SIGINT weenie (google the term "ditty bopper").

/Don't have cable, either.
 
2013-04-05 08:10:35 AM

i squared: posted while thinking too analytically - ok, I get the absinthe part, but still not sure why I get "de" instead of "be", and "crink" instead of "drink".


Mistakes on my part.  I was doing it quickly, while working on other, less cool tasks.  I destroyed the worksheet (actually, an instance of notepad that I didn't save), so I can't say whether my mistake was in the math, or whether it was a mistake in looking up the equivalents in the straddling checkerboard, or both.

In real life, though, mistakes like that often happen in communications.  Go ahead and look at the e-mails and texts you've received lately.  I'm betting there are some typos in there.
 
2013-04-05 08:15:32 AM

vudukungfu: dittybopper: Rare is the person you wish to communicate with that you never meet.

there is strong medicine in your wampum


That's what she said.
 
2013-04-05 02:42:16 PM

UnspokenVoice: A Shambling Mound: As I mentioned in an earlier post, there are a multitude of zero-day exploits out there that can be used to accomplish anything a built-in backdoor would. If you want to say that there are exploits that MS is aware of and that they have not patched at the behest of the US government, I could maybe find some credulity for you but there is just no way there is a functional backdoor in any version of Windows that was placed there specifically at the request of the government.

I could see MS denying a 0-day and not patching it back when they were much more lax but I can't see them keeping it unpatched at the behest of a governing body nor could I imagine a government body requesting such a thing for fear that they'd be liable to the same intrusion technique.


The reality is that I agree with you entirely. If the Gov't came to MS and said "Hey, there's this exploit we like, can you keep it?" I would fully expect MS to say "Hey, thanks for letting us know. No."

I was just trying to give the tinfoil-hatterati a little slack.
 
2013-04-06 05:23:41 AM

A Shambling Mound: UnspokenVoice: A Shambling Mound: As I mentioned in an earlier post, there are a multitude of zero-day exploits out there that can be used to accomplish anything a built-in backdoor would. If you want to say that there are exploits that MS is aware of and that they have not patched at the behest of the US government, I could maybe find some credulity for you but there is just no way there is a functional backdoor in any version of Windows that was placed there specifically at the request of the government.

I could see MS denying a 0-day and not patching it back when they were much more lax but I can't see them keeping it unpatched at the behest of a governing body nor could I imagine a government body requesting such a thing for fear that they'd be liable to the same intrusion technique.

The reality is that I agree with you entirely. If the Gov't came to MS and said "Hey, there's this exploit we like, can you keep it?" I would fully expect MS to say "Hey, thanks for letting us know. No."

I was just trying to give the tinfoil-hatterati a little slack.


I get it. It appeared that you were indicating that they'd leave it open for the government and that just seems way too unlikely to me.
 
Displayed 140 of 140 comments

View Voting Results: Smartest and Funniest


This thread is archived, and closed to new comments.

Continue Farking
Submit a Link »






Report