If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Gawker)   Even your encrypted communications are being read by the NSA   (gawker.com) divider line 173
    More: Followup, NSA, online banking, private networks  
•       •       •

6653 clicks; posted to Main » on 05 Sep 2013 at 8:44 PM (32 weeks ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



173 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

First | « | 1 | 2 | 3 | 4 | » | Last | Show all
 
2013-09-05 11:24:25 PM

Ivo Shandor: saturn badger: Er, they caught him.

Only when his brother turned him in.


Still got caught. Doesn't really matter how.,
 
2013-09-05 11:31:05 PM

TheOnion: Until someone figures out how to quickly factor large prime numbers, modern public key encryption is effectively unbreakable.  It's possible that the NSA has that kind of technology, but if they are withholding it they are holding back an incredibly important advancement in both mathematics and humanity.  Which is probably the kind of thing they'd do

Just read this, was great http://www.amazon.com/The-Code-Book-Break-Crack/dp/0385729138/ref=sr_ 1 _4?ie=UTF8&qid=1378428556&sr=8-4&keywords=the+code+book


NSA is the largest private employer of mathematics PhD's in the country. They have their own engineers to build their supercomputers since no one makes the technology they need. Rumor has it that it took less than 30 minutes for them to break the internet 128 bit encryption just by using brute force.
 
2013-09-05 11:33:19 PM

dittybopper: Well, not *MINE*.  Not when I use these:

[img.fark.net image 320x240]

Manually generated and used one time pads.

/Keep your plaintext and keys off of electronic devices.
//Pencil and paper FTW.


Yeah, about that.  Unless you're using code words as well it'll still read it.   And it could read it wrong in a worse way too.
 
2013-09-05 11:33:26 PM
I was already laughing at the people getting those programs to "encrypt" and "protect" their data. I was thinking this story would've taken at least two weeks to appear, but even so I'm sure those companies already made a hell of a profit saying they could hide you.
 
2013-09-05 11:46:11 PM
BullBearMS:  "Everybody's a target; everybody with communication is a target."

The documents excerpted in the Guardian version actually talk about the cryptanalytic efforts as being directed at "civilians and other adversaries".  It's a war on you and your privacy.  And as if to drive the point home, the US and UK agencies each named their version of the operation after a civil war battle from the histories of their respective countries.
 
2013-09-05 11:50:40 PM

Kahabut: dittybopper: NutWrench: FUD article.

If "any code can be broken," then the the government wouldn't spend so much time trying to legally force you to incriminate yourself by making you hand over your passwords and encryption keys. They would simply decrypt your files without even bothering to contact you.

This is a much more detailed article:

http://www.propublica.org/article/the-nsas-secret-campaign-to-crack- un dermine-internet-encryption

They've taken a multi-pronged approach:

1. Working behind the scenes to keep the public encryption standards just weak enough that they can break them if they want to.
2. Building back-doors into a lot of popular software.
3. Working on things like keyloggers and other ways to pull the data off targeted devices without having to break the encryption.
4. Working tirelessly on new decryption algorithms, and specialized supercomputers to run them effectively.

Yes and even with all that, it gives them your CC number.

Were there people stupid enough to think that SSL HTTPS was a secure standard?  Despite the numerous times it's been shown to be either completely broken, or partially broken?  Or the fact that you can simply MitM the server?  SSL was designed to be secure against casual snooping, it was never designed to be secure for more than a few hours in any case.

There is an old thought process about encryption.  It goes roughly like this... How valuable is the material?  How time sensitive is it?  Now pick an algorithm that exceeds both those values.

Because the bottom line has always been that nearly any encryption can be broken, you just need it to hold long enough to get past the useful time frame of the information.  It's long been thought that SSL was good enough for it's use because criminal elements don't have the computer power required to crack it quickly (or at all), but that is utter fantasy land bullshiat.  Distributed systems like botnets can crack through SSL like a hot knife through butter, and SETI and oth ...


Not to mention that servers almost never change their keys so once you crack it you're good to go forever.
 
2013-09-05 11:50:45 PM

NutWrench: FUD article.

If "any code can be broken," then the the government wouldn't spend so much time trying to legally force you to incriminate yourself by making you hand over your passwords and encryption keys. They would simply decrypt your files without even bothering to contact you.


Because the NSA doesn't care about the run of the mill pedo or small time meth dealer and they aren't going to show what they can do just so John Law can look good in the local papers
 
2013-09-06 12:00:14 AM

smerfnablin: Can you imagine how many peda bytes of porn the NSA collects daily?!

The only thing I have ever seen consistently encrypted had been things guys don't want their girlfriends to know about...


The NSA probably does have one of the largest databases of porn files in the world.

Though it is probably orders of magnitude smaller than the amount of porn in the internets.

When the NSA comes across a big encrypted file maybe it IS ultra-top-secret plans for the new KeyHole-666 spy satellite or maybe it's just another porn file. If they automatically decrypt it and can match it against the porn DB then it is no big deal and goes into their records as just evidence that a particular citizen likes porn. If they can't match it against something known then it requires further attention - maybe using some secret heuristic classifier or having an actual human look at it.

Having enormous DBs of porn, music, movies, and other things that copies of commonly float around the internets is an easy way of weeding out things that don't need attention.
 
2013-09-06 12:00:23 AM

saturn badger: Ivo Shandor: saturn badger: Er, they caught him.

Only when his brother turned him in.

Still got caught. Doesn't really matter how.,


Sure it does. Did they catch him because of de-crypted emails, reams of documents, sekrit files full of phone messages and all kinds of other stuff people are worried about? No. They caught him the hard way, by releasing his "manifesto" which is brother happened to see, and recognized the style. Which led to his remote cabin that was full of other, usable evidence--bomb making materials similar to other bombs the Unabomber had sent, the typewriter used to type the "manifesto" and other things that would have convinced a jury (if he had gone to trial) in no uncertain terms, that this was the guy who'd been blowing people up for the past 25 years.

Which is the other issue: In a country that still nominally runs by rule of law, you get a fair trial. All this crap the NSA is sekritly compiling to theoretically make you look bad if someday they need to scapegoat you because for some reason or other--assuming they did, you still go to trial in open court, unless you're being court-martialed. And juries are still oddly reluctant to convict based on strange evidence they don't really understand, gotten in ways they can't comprehend by agencies they don't particularly like--which is why OJ and Casey Anthony got away with it. (DNA? What's DNA? how does that work? Why can't they just talk about how Nicole was murdered?)

Unless by now you're so paranoid you think you're going to be tried in secret by a rigged jury and not given your choice of attorney--in which case why does the evidence against you matter anyway?--then this fear of what the NSA is doing is misplaced. The fears should not be what they're doing, but how to prevent use of whatever they're getting from being used once they've got it; because they're going to get it regardless.
 
2013-09-06 12:02:39 AM

Smeggy Smurf: StopLurkListen: At first I *snip*

Jesus farking christ goddamnit this is supposed to be a safe for work site.  Good god man I'll never get that out of my mind.  Holy shiat that was horrific and I've seen some shiat.


Guys like you and me, we need a "I survived Gorgor" badge or something.
 
2013-09-06 12:04:33 AM

vsavatar: Wake me up when they figure out how to crack PGP.


This
 
2013-09-06 12:14:16 AM
Zoiuvwbu uim gomg:

VO! VO! W'a fsorwbu mcif saowzg!
 
2013-09-06 12:36:08 AM
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized

1. Reasonable to search everything for everybody?
2. What is the probable cause for searching everything?
3. What is the target of the warrant to search?
 
2013-09-06 12:50:55 AM

AltheaToldMe: vsavatar: Wake me up when they figure out how to crack PGP.

This


Bless your heart.
 
2013-09-06 12:50:56 AM
Can I just say I don't care any more. I have been suicidal for days and just don't care.
 
2013-09-06 12:56:07 AM
I don't worry, my data is well-encrypted, and stored in a safe server in the Sultanate of Kinakuta.
 
2013-09-06 01:10:42 AM
Seriously? Seriously, tell me you are the least bit surprised by any of this. Tell me you are surprised that the gummint, with billions of our money behind them, has the capability to monitor your communications. Tell me that given the capacity to listen and watch anything they please that you think for a second the career spies are foregoing the opportunity out of a sense of decency or because there might be one or another puny law standing in their way? In a few years they will be able to read our very thoughts, never mind our Internet ramblings. Hell, hobbyists can buy camera-equipped remote-control drones right now! Even Santa Claus just buys his naught and nice list from the gummint nowadays. Yes, indeed, the days of private lives are a thing of the past. Who needs black helicopters when the alien technology that used to be at Area 51 is now disseminated to Homeland Security? Do you think the RFID chips for your pets are just a slightly-creepy way of getting your lost dog back? It is to soften us up for universal implantation, Yes, just like mandatory fingerprinting, it will begin with prisoners, to "protect" us from bad people, then kids to "protect the children", then mandatory universal GPS implants! The gummint will soon be able to enhance their "revenue" by issuing speeding tickets by computer, documented by your GPS implant! The gummint will soon be sending goon squads to snatch you off of the street for smoking dope, detected by how often you blink! Trespass on gummint property? You bet that's a takedown by the SWAT team, and off you go in the unmarked black van. Sneak out of work early? That's a failure to contribute to corporate profitability, and off you go! Skip church on Sunday? You're a Godless Democrat, and a threat to what's left of "society"! Smoke a Cuban cigar in the US of A? You're an evil smoker! Off you go! Ranting on Fark.com? Are you kidding?
 
2013-09-06 01:17:37 AM
Was the obvious tag out behind the dumpster getting slapped around with a rubber hose until it pledged loyalty to the fourth reich?
 
2013-09-06 01:18:36 AM
Kahabut

Were there people stupid enough to think that SSL HTTPS was a secure standard? Despite the numerous times it's been shown to be either completely broken, or partially broken? Or the fact that you can simply MitM the server? SSL was designed to be secure against casual snooping, it was never designed to be secure for more than a few hours in any case.

That is simply untrue. Whoever told you it was only supposed to be good for a few hours lied to you.

Distributed systems like botnets can crack through SSL like a hot knife through butter, and SETI and other similar programs proved that ages ago.

Once again, wtf are you on about? "SSL" is basically just a wrapper/glue protocol around other cryptographic primitives. What in particular are you suggesting can be "sliced through."

This isn't theoretical, this is shiat I've dealt with in the real world. There is commercially available software that will break SSL by brute-force if you have a large enough botnet/system/MPP, and there are commercially available software for all of that too.

Such as . . .

Current internet communications aren't secure, they never were, but for some reason a lot of people seem to think they are now, and that's just plain wrong.

The sad thing is you're not entirely wrong here, but not for any of the reasons you stated.
 
2013-09-06 01:21:33 AM
I have a theory.  My theory states that all data has a big security hole.  Gigantic.  Ready?  IT'S ALL JUST A  BUNCH OF F*UCKING ONES AND ZEROS JUMPING THROUGH HOOPS MAKING SIMULACRA OF ACTUAL THINGS.  Math.  Very, very narrow number set math.  All of it.  Ha ha.
 
2013-09-06 01:31:52 AM

alice_600: Can I just say I don't care any more. I have been suicidal for days and just don't care.


You know the NSA won't read this for 20 years, so they won't send anyone to stop you until it's too late.

/also don't be suicidal, whatever's wrong will pass, just give it time.
 
2013-09-06 01:33:44 AM
alice_600

Can I just say I don't care any more. I have been suicidal for days and just don't care.

For you. Apply liberally.
 
2013-09-06 01:38:48 AM
Whats actually bad about this, is that they cannot admit or use evidence from hacking, or they would be exposing their methods and capabilities. So what can they do? Generate false evidence? Use blackmail and extortion? Or in the case of outside the country, simply wack someone? There is a good reason why star chambers are forbidden in most countries.
 
2013-09-06 01:42:17 AM

Your Average Witty Fark User: I think it's cute how subtard thinks there is someone sitting at a workstation, reading their email.

No I don't. I think subtard is farking stupid, like most of America.

NO ONE IS READING YOUR FARKING EMAIL

/gfy


You're right. No human is. But we allow machines to do so. I hope you never piss off your town alderman.
 
2013-09-06 01:45:10 AM

Pointy Tail of Satan: Whats actually bad about this, is that they cannot admit or use evidence from hacking, or they would be exposing their methods and capabilities. So what can they do? Generate false evidence? Use blackmail and extortion? Or in the case of outside the country, simply wack someone? There is a good reason why star chambers are forbidden in most countries.


They don't have to admit or use the evidence themselves, but they can tip off lower level authorities to say, generate a "random" traffic stop in order to leap to a larger crime.
 
2013-09-06 01:49:17 AM

Your Average Witty Fark User: I think it's cute how subtard thinks there is someone sitting at a workstation, reading their email.

No I don't. I think subtard is farking stupid, like most of America.

NO ONE IS READING YOUR FARKING EMAIL

/gfy


well, *I* am reading my email.  and my wife probably reads it because there are so many women after me and she assumes i'm cheating.

/ so you trust that people with access would never abuse it?  you are a fool.
 
2013-09-06 01:50:17 AM

machoprogrammer: Your Average Witty Fark User: I think it's cute how subtard thinks there is someone sitting at a workstation, reading their email.

No I don't. I think subtard is farking stupid, like most of America.

NO ONE IS READING YOUR FARKING EMAIL

/gfy

If you are doing nothing wrong, you have nothing to fear!!!

I bet you were outraged when Bush did it, right?


If the NSA is doing nothing wrong, they have nothing to fear by Snowden.  but they seem to be afraid.
 
2013-09-06 01:51:43 AM
I sound fat:
If the NSA is doing nothing wrong, they have nothing to fear by Snowden.  but they seem to be afraid.

ZING
 
2013-09-06 02:02:39 AM

pedobearapproved: alice_600: Can I just say I don't care any more. I have been suicidal for days and just don't care.

You know the NSA won't read this for 20 years, so they won't send anyone to stop you until it's too late.

/also don't be suicidal, whatever's wrong will pass, just give it time.


This
 
2013-09-06 02:10:41 AM

relaxitsjustme: NutWrench: FUD article.

If "any code can be broken," then the the government wouldn't spend so much time trying to legally force you to incriminate yourself by making you hand over your passwords and encryption keys. They would simply decrypt your files without even bothering to contact you.

Because the NSA doesn't care about the run of the mill pedo or small time meth dealer and they aren't going to show what they can do just so John Law can look good in the local papers


Yeah, about that...

http://www.washingtonpost.com/blogs/the-switch/wp/2013/08/05/the-nsa -i s-giving-your-phone-records-to-the-dea-and-the-dea-is-covering-it-up/
 
2013-09-06 02:19:44 AM

bunner: Was the obvious tag out behind the dumpster getting slapped around with a rubber hose until it pledged loyalty to the fourth reich?


[gallops up with a loud burble and headbonks bunner]

Pardon the foolishness, bunner, but I missed you.
 
2013-09-06 02:27:31 AM

Your Average Witty Fark User: I think it's cute how subtard thinks there is someone sitting at a workstation, reading their email.

No I don't. I think subtard is farking stupid, like most of America.

NO ONE IS READING YOUR FARKING EMAIL

/gfy


I don't think anyone is reading it... I think they are storing it... and I think that storage presents a huge risk for abuse. Aside from that, the court has ruled that unauthorized copying of electronic data, to include communications, not just intellectual property, constitutes "taking" and theft in a criminal sense, given that it is law enforcement doing the taking, it falls under the auspices of "seizure," which is lawful only when done with a duly issued warrant. Given that the fourth amendment to the constitution is explicitly clear about the need for specificity("particularly describing the place to be searched, and the persons or things to be seized") , I cannot fathom how a warrant could be duly issued such that it particularly describes every person from whom email is being seized, and establishes anything resembling probable cause to suspect said persons.

That said, I don't believe them. If they were that good at decrypting things with any efficiency, they wouldn't be before the courts in GB saying that Greenwald's partner had those thousands and thousands of documents, but they couldn't tell what they were. Ceteris Paribus, and given their tenuous history with the truth, I would chalk this bit of "news" up to counter-intelligence more than I would a leak or serious issue with security of well-encrypted communications.

As a security side note, encrypting your communications does not mean sending email via some service that claims to be secure or encrypted. Securing your communications means encrypting it your darned self, using key(s) (defined to include typed, photographic, biometric, and other keys) that only you and the recipient will have access to. In a more ideal world, direct transfers via physical mediums are superior. Though your email is of dubious status with regards to the need for a specific warrant for you, your mail is not... if someone wants to open an actual article or package sent through the mail, they'll still be able to do it, but they'll need to go to an actual judge (not just one of the FISA rubber stamps), and articulate a reason for going through your stuff.  If the information you are sending is *so* sensitive that you're actually worried about emailing it, that'd probably be the way to go.

/it's gonna be a clusterfark when someone cracks the NSAs database and pretty much everyone's personal stuff is all of a sudden very very public, beyond the clear potential for massive fraud/identity theft, there is no such thing as a perfectly secure system, and our government has not demonstrated anywhere near the level of competence necessary for me to believe that they could adequately hold and secure that information in perpetuity.
 
2013-09-06 02:31:20 AM

Kittypie070: bunner: Was the obvious tag out behind the dumpster getting slapped around with a rubber hose until it pledged loyalty to the fourth reich?

[gallops up with a loud burble and headbonks bunner]

Pardon the foolishness, bunner, but I missed you.


*bonk*

:  )

ouch

Hey, kitty
 
2013-09-06 02:47:08 AM

Your Average Witty Fark User: AverageAmericanGuy: Your Average Witty Fark User: AverageAmericanGuy: Your Average Witty Fark User: I think it's cute how subtard thinks there is someone sitting at a workstation, reading their email.

No I don't. I think subtard is farking stupid, like most of America.

NO ONE IS READING YOUR FARKING EMAIL

/gfy

No, but a computer program is and is flagging some for further scrutiny.

Kind of like how the East German Stasi would open letters passing through the mail to flag people for reeducation.

Your Average Witty American isn't having ANY of their correspondence "flagged for further scrutiny".

Everyone is up in arms over NOTHING. Wah. Cry me a river.

Well, the content would have to be interesting to be flagged, so I can see where you're coming from.

That's exactly my point. If you're emailing grandma to thank her for that swell sweater she got you for your birthday, no one is going to read it. If you're setting up a tryst with your 19 year old college cheerleader girlfriend behind you're wife's back, no one is going to read it. If you're texting your buddy "hey bro u me n a 6pack 4 NFL 2nite?" no one is going to read it. You have to really go out of your way to be a slimy sack of homeland security threatening shiat to get your email or text messages read. I highly, HIGHLY doubt any of us is sending emails/texts that would get flagged for further review. It's common sense for most people. Other people like to get worked up over nothing.


email: "Honey, the pressure cooker died today.  Could you pick one up on your way home from work.  Oh, and little Cindy needs a new backpack for school.  Just drop by Target."
 
2013-09-06 02:53:03 AM
vrax:
email: "Honey, the pressure cooker died today.  Could you pick one up on your way home from work.  Oh, and little Cindy needs a new backpack for school.  Just drop by Target."

"pressure cooker"

Some emails are stored.  Yours just got read.
 
2013-09-06 02:55:13 AM

WayToBlue: alice_600

Can I just say I don't care any more. I have been suicidal for days and just don't care.

For you. Apply liberally.


Yeah, enough about the depressing state of affairs reported by TFA.  Alice, you probably should not kill yourself.  I say probably only because I have no way of knowing whether you have six kidnapped people chained up in the basement as sex slaves.  In any case, you have no right to deprive the rest of Farkdom of your future posts.

800 273 8255 is a number you can call if you want to find someone to help talk you through.
 
2013-09-06 03:09:20 AM
Alice?

Don't check out early.

You already paid for the room.

Wait for the front desk to call.  Several times.
 
2013-09-06 03:42:41 AM
Most of the time, your likely being watched if your up to no good.

/meth
//drugs
///weapons
 
2013-09-06 03:48:13 AM
firefly212:

the court has ruled that unauthorized copying of electronic data, to include communications, not just intellectual property, constitutes "taking" and theft in a criminal sense, given that it is law enforcement doing the taking, it falls under the auspices of "seizure," which is lawful only when done with a duly issued warrant.

Ah, the firefly is here to light up the night.

It's a seizure for 4th Amendment purposes, but whether it is a taking is doubtful.  Here we are talking about the seizure of files, so intellectual  property: copyrights, patents, trademarks and trade secrets.  A taking means the G must pay you compensation.  It's only a taking if they seize the entirety of the property or do something else, like enact a regulation, that destroys the value of the property.  Does that happen here?  Not for patents (copying a document is not using the invention, so no infringement, no taking).  Not for trademarks (same, no use as a mark, no infringement).  Probably not for copyrighted works (keeping a single copy in the secret archives does not materially impair the value of the copyrighted work).  Maybe for trade secrets.  In Ruckelshaus v Monsanto, the Supremes said a regulation that would have resulted in the disclosure of trade secrets to competitors was a regulatory taking.  But it is not clear the result would be the same if no competitor could learn the secret from the agencies.

 I would chalk this bit of "news" up to counter-intelligence more than I would a leak or serious issue with security of well-encrypted communications.

By counterintelligence did you mean to say disinformation?  I get that you agree with the people saying "they can't crack everything" but this is real news, based on newly released documents from the Snowden files.  The news outlets redacted the documents somewhat this time, but it is clear enough from the redacted documents that the agencies did what the article said.
 
2013-09-06 04:44:17 AM

alice_600: Can I just say I don't care any more. I have been suicidal for days and just don't care.


everyone always thinks suicide is the easy way out.  It isn't.  You emotionally scar the person who finds you.  You burn the memories of the people who loved you.  Your parents have to bury a child.  If that doesn't kill one of them from a broken heart, they will be seriously debilitated for the rest of their lives.  A part of their world will be missing.  Someone they can never get back.

You miss out on all the good stuff in life.  That is why it is called life: the good stuff: sex.  We like sex.  Most of us at some point have had some, and we keep going for more of it, despite all the pointy knee comments and such.  That high after an awesome run.  The smell of O3 just before it rains or after a lightning storm.  The Caturday pictures everyone throws together, and tries to kill the server with.  The smile of a newborn; after about 1 month, they're all chubby cherubs, smiling, giggling, laughing.  Best part of that is that when they start to cry, you can just hand the munchkin back to their mother/father, and move on, having gotten your cuteness fix for the day.

If you don't think anyone cares for you, stop while walking to the coffee pot or the lunch area tomorrow.  That geek looking away just as you turn your head.  Yeah, him.  Dave, from the tech department.  He's been trying to put together the courage to ask you out for the last 3 months.  He's been worried about your reaction so much he's been memorizing counter arguments to your turning him down for a date.  Yes, he has a slight stutter, but he's about as sweet a guy as you'll ever know.  He'll treat you like a queen, and a little TLC is all he needs every now and again.  Hell, just smile in his general direction and he'll be happy all week.  Maybe you should ask him out.  Don't wait for some other girl to figure out what a sweety he is and snatch him away, take charge and take him out of circulation yourself.

For, what else is life for?

/and there's all the blood and brains and bone to clean up...
//maybe that's just guys who go for the violent endings
 
2013-09-06 04:48:23 AM
HairBolus:

The NSA probably does have one of the largest databases of porn files in the world.

Wouldn't it stand to assume, that some of that is also illegal? What happens if, for the lulz, someone reports them to the FBI or that other internet crimes agency?

Also, the real fun will start when the NSA begins sharing these databases with the IRS and DEA.
 
2013-09-06 04:58:07 AM
Trance354:
everyone always thinks suicide is the easy way out.  It isn't.  You emotionally scar the person who finds you.  You burn the memories of the people who loved you.  Your parents have to bury a child.  If that doesn't kill one of them from a broken heart, they will be seriously debilitated for the rest of their lives.  A part of their world will be missing.  Someone they can never get back.

You miss out on all the good stuff in life.  That is why it is called life: the good stuff: sex.  We like sex.  Most of us at some point have had some, and we keep going for more of it, despite all the pointy knee comments and such.  That high after an awesome run.  The smell of O3 just before it rains or after a lightning storm.  The Caturday pictures everyone throws together, and tries to kill the server with.  The smile of a newborn; after about 1 month, they're all chubby cherubs, smiling, giggling, laughing.  Best part of that is that when they start to cry, you can just hand the munchkin back to their mother/father, and move on, having gotten your cuteness fix for the day.

If you don't think anyone cares for you, stop while walking to the coffee pot or the lunch area tomorrow.  That geek looking away just as you turn your head.  Yeah, him.  Dave, from the tech department.  He's been trying to put together the courage to ask you out for the last 3 months.  He's been worried about your reaction so much he's been memorizing counter arguments to your turning him down for a date.  Yes, he has a slight stutter, but he's about as sweet a guy as you'll ever know.  He'll treat you like a queen, and a little TLC is all he needs every now and again.  Hell, just smile in his general direction and he'll be happy all week.  Maybe you should ask him out.  Don't wait for some other girl to figure out what a sweety he is and snatch him away, take charge and take him out of circulation yourse ...


+1 for sheer epicness!
 
2013-09-06 05:23:50 AM

Evil High Priest: That right there. If you ever become worthy of destroying, they can easily do that.


I can think of some ways they can put that power to good use, starting with

baltimorepostexaminer.com
 
2013-09-06 05:40:04 AM

Ivo Shandor: Your Average Witty Fark User: NO ONE IS READING YOUR FARKING EMAIL


[i.imgur.com image 380x380]
Whether it's the NSA or your local cheeto-stained sysadmin, someone is reading your email.


It's true, someone, or at least something, is pretty much always reading your e-mail.  Even if it's just an anti-spam gateway.

It even happens by accident.  Many years ago, we were having a training session on a new bit of network kit.

The output was all up on a projected screen in front of the whole IT department, the network flow chosen, purely at random, happened to be a webmail site.  And that's how the entire department found out that one of the senior managers was having an affair.

dforkus: Breaking the modern public key algorithm by a brute force man in the middle attack is, ultimately, a losing proposition.

So you have the most badass computer in the world, ok, I'll just double the length of my key. Now you'll need hundreds of millions of those computers, working for decades, to decode a simple message.

Unless they're decades ahead of the world in quantum computing, or have figured out an efficent prime number factoring equation, something that's eluded Mathmaticians for centuries


From my understanding of the article, most of what they are doing is obtaining private keys through methods other than cracking them,  If you have the legitimate private key, then the rest is easy sauce.

Getting someones private key is sometimes trivial.  I've worked with companies that have shelled out for FIPS complaint hardware but send the private key via e-mail.  Or just leaving it lying around on the network in a publicly accessible share for any yahoo to take a copy of.

The thing that amuses me is that MitM is so trivial that most proxy servers are capable of doing it.  In most corporate environments, if you actually check out the information behind that little padlock in your supposed secure session, you'll see that it's probably signed by the company you work for.

I also remember reading a while back that there has been at least one incident of a major CA producing a root-certificate re-signer appliance for a 3rd party.So they could MitM any device on their network without having to install their own CA certificate on the devices.  You can bet that other such devices have been produced and are out in the wild .
 
2013-09-06 06:55:03 AM

Twilight Farkle: I'm okay with #3 and #4; that's in line with their mandate.


Wrong.  Their actual mandate is to monitor *FOREIGN* communications.  That is what they were founded to do.

I would have zero problem with 1 through 4 provided they stuck to that mandate, but as we are all aware, they haven't done that.
 
2013-09-06 07:00:28 AM
 
2013-09-06 07:06:00 AM

Pointy Tail of Satan: Whats actually bad about this, is that they cannot admit or use evidence from hacking, or they would be exposing their methods and capabilities. So what can they do? Generate false evidence? Use blackmail and extortion? Or in the case of outside the country, simply wack someone? There is a good reason why star chambers are forbidden in most countries.


Actually, what they do is they have a special law enforcement unit of the DEA called the "Special Operations Division" that takes that information from agencies like the NSA and feeds it to law enforcement.  It's like an "anonymous tip", but not really, because the ultimate source of the tip is an unconstitutional search:

The unit of the DEA that distributes the information is called the Special Operations Division, or SOD. Two dozen partner agencies comprise the unit, including the FBI, CIA, NSA, Internal Revenue Service and the Department of Homeland Security. It was created in 1994 to combat Latin American drug cartels and has grown from several dozen employees to several hundred.

Today, much of the SOD's work is classified, and officials asked that its precise location in Virginia not be revealed. The documents reviewed by Reuters are marked "Law Enforcement Sensitive," a government categorization that is meant to keep them confidential.

"Remember that the utilization of SOD cannot be revealed or discussed in any investigative function," a document presented to agents reads. The document specifically directs agents to omit the SOD's involvement from investigative reports, affidavits, discussions with prosecutors and courtroom testimony. Agents are instructed to then use "normal investigative techniques to recreate the information provided by SOD."

A spokesman with the Department of Justice, which oversees the DEA, declined to comment.

But two senior DEA officials defended the program, and said trying to "recreate" an investigative trail is not only legal but a technique that is used almost daily.

A former federal agent in the northeastern United States who received such tips from SOD described the process. "You'd be told only, 'Be at a certain truck stop at a certain time and look for a certain vehicle.' And so we'd alert the state police to find an excuse to stop that vehicle, and then have a drug dog search it," the agent said.
 
2013-09-06 07:20:40 AM

dittybopper: Well, not *MINE*.  Not when I use these:



Manually generated and used one time pads.

/Keep your plaintext and keys off of electronic devices.
//Pencil and paper FTW.


And the one other person that you speak to is very happy that your messages are encrypted.
 
2013-09-06 07:24:35 AM

vsavatar: Wake me up when they figure out how to crack PGP.


They don't have to.  They can side-step that by putting a keylogger on your machine, and read what you type before it's encrypted.
 
2013-09-06 07:59:17 AM

kim jong-un: dittybopper: Well, not *MINE*.  Not when I use these:

Manually generated and used one time pads.

/Keep your plaintext and keys off of electronic devices.
//Pencil and paper FTW.

And the one other person that you speak to is very happy that your messages are encrypted.


Well, think about that for a minute:  How many people do you actually talk important stuff with?

Right now, I have probably 2 to 4 at most:  My wife, my father, and perhaps a couple of other people.  I generally talk about stuff in person with the distaffbopper, so there is no need to encrypt there.  Same with my father.

I'd have to generate pads for each, which for a low number of correspondents isn't that big a deal, and it has the advantage/disadvantage that what I say to Bob isn't readable by Charlie.

But if I had a larger number of correspondents, I'd generate a fairly limited number of one time pads, and I would use them to transmit the strip alphabets and keying orders for strip ciphers.

A strip cipher, similar to this one I made a while back:

img31.imageshack.us

is very secure if you use a fraction of large number of strips (say, 90 total strips, and you only use 30 on any given day) and you keep the amount of traffic fairly low.  The Germans were able to break the US M-138 strip cipher occasionally during WWII, but that was due to the very large amount of traffic being sent in it, and the longevity of the strip alphabets.

Strip ciphers are especially secure because you never need to write down the plaintext, not during encryption or decryption, unless you want to.

You would generate the strip alphabets by pulling scrabble tiles out of a bag (bag contains 1 of each letter).  You number the strips 01 to 99, and to generate the keying document for a month, you roll 2 10-sided dice to generate the strip order, obviously skipping repeats.  So a simplified version for a single day, using only 20 strips, would look something like this:

SEPT 06:  01 23 67 92 43 87 22 59 11 07 69 57 88 04 55 15 66 22 86 13

It took me all of 2 minutes to generate that key, using 2 dice, and it would be good for an entire day, or, if your traffic is pretty light, maybe you could stretch that to a week.

Any particular set of strips would only be good for a limited amount of time, say, a month, or perhaps, at most, 6 months if you rarely communicate.

When you generate a new set of strips and new keying documents, you encrypt them in the one time pads, and then transmit them to your correspondents, or, if possible, simply transfer them physically to cut down on the amount you transmit.

It's not unbreakable, of course, but nothing short of properly implemented one time pads are unbreakable, and given large numbers of strips, of which only a fraction are used for any given key period, and a short strip life, I would be surprised if it could be broken cryptanalytically without physical access to the strips.
 
Displayed 50 of 173 comments

First | « | 1 | 2 | 3 | 4 | » | Last | Show all

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »






Report