• úvod
  • témata
  • události
  • tržiště
  • diskuze
  • nástěnka
  • přihlásit
    registrace
    ztracené heslo?
    LITTLEBOYAnonymita na internetu :: TOR - FREENET - FREEPROXY - ...
    ZAPPO
    ZAPPO --- ---
    OVERDRIVE: Problém Anons je to, že jsou to hacktivisti - čili jejich cílem je publicita, šíření myšlenek a crowdsourcing aktivit. Což je, přesně jak říkáš, dlouhodobě neudržitelný OpSec. O čem jsem mluvil já je, že i kdyby neměli tenhle problém navíc, tak opakovanou aktivitou se zvýrazňují stopy a je snazší/možné lidi identifikovat.
    OVERDRIVE
    OVERDRIVE --- ---
    Cryptome Global Archives by John Young and Deborah Natsios — Kickstarter
    https://www.kickstarter.com/projects/1874173687/cryptome-global-archives
    NAVARA
    NAVARA --- ---
    OVERDRIVE: Já se zas tak nemaskuju, ale sám jsem zvědav... [ D O X X - hledáme Navaru ] , přístup hledajícím na požádání. Ale i takovýmu Femurovi, který si po sobě důkladně uklízel, jsem během chvilky předložil jeho CV, takže souhlasím že nejspíš každý půjde najít :)
    LIBORO
    LIBORO --- ---
    OVERDRIVE: Jojo, wokna. Nedošlo mi, že předposlední verze je ok.
    OVERDRIVE
    OVERDRIVE --- ---
    LIBORO: proc chces nahrazovat TrueCrypt, porad je k dispozici...
    jaky pouzivas OS, podle toho jak pises predpokladam, ze wokna asi, ze?


    ZAPPO: jasne, ale kdyz jsem cet na cem dojeli, tak to bylo hlavne na potrebe komunikovat a koordinovat a to nezname lidi.
    problem je, ze pokud shanis nekoho, kdo pro tebe udela neco nelegalniho, co sam neumis, tak musis rozhodit site a do tech siti se pak chytaj i nebezpecne ryby.
    z dlouhodobe perspektivy nemuzes nikdy byt dost paranoidni.

    stejne me porad laka ta moznost nekoho vy doxxovat jen tak z legrace. kdysi jsem to tady vypsal jako soutez ale asi to nihoho nezaujalo a chtelo by to nejakou cenu.
    tehdy jsem rek, ze to neni dobre delat na me, pac mam umyslne velkou virtualni stopu, ale klidne to zkuste, co se o me da najit, udelejte mi doxx GoTo... spis bych byl ale pro nekoho jineho... rekneme treba Navaru? jen tak z prdele? kdo co najde?

    [sorr Navara, jen Tvoje id zrovna vidim kdyz tohle pisu]

    Je to cviceni, ktere ma ukazat, ze pri dlouhodobem uzivani site se daji proste ruzne spojit ruzne nitky... nepomaha ani to, kdyz si clovek dela ruzne id, protoze hodne lidi, treba Sabu, maji tendenci z nejake ip neco napsat o sobe, pak tu ip pouzit i pro jine id a tak podobne.
    kdyz ma clovek pristup k velkym zdrojum primarnich dat [tedy nejen google] muze takova jedna chyba vest k odhaleni identity.

    jedno id me tady na nyxu dost pobavilo, kdyz jsem si pohledem na jeho profil jasne doplnil proc a co, a po zadani toho id do google s tema zajma, ktere ma tady, tak jsem dohledal kdo je, a uz bylo jasno. sice ne dukaz, ale asi by ten clovek zmeknul, kdybych na nej zatlacil ve stylu fizlarny.

    dalsi vec je, ze HACKERI jsou casto obcansky a osobne sraci, kteri a] chodej do skol, b] maj rodiny, c] nemaj prachy... takze kdyz si na ne poldove doslapnou, nemaj pravnika, kteremu by hned volali, nikdy na vyslechu nebyli, maji pribuzne, pres ktere na ne jde tlacit a tak...
    takze ani na nic nemusis mit dukazy, staci ti, kdyz vis kam si pro toho cloveka prijit a on uz zmekne...
    OVERDRIVE
    OVERDRIVE --- ---
    Mam prosbu, potreboval bych docasne Americkou IP, staci mi tak na hodinu dve, nevite kde vzit?
    PEPAK
    PEPAK --- ---
    LIBORO: TrueCrypt, BestCrypt Volume Encryption, DriveCrypt Plus Pack, Diskcryptor...
    LIBORO
    LIBORO --- ---
    PEPAK: Které prosím například?
    Obrazně myšleno, mám tam volný prostor.
    Díky.
    LIBORO
    LIBORO --- ---
    NAVARA: mluvíš o truecryptu?
    PEPAK
    PEPAK --- ---
    LIBORO: Umí to spousta nástrojů, s jistými omezeními i TrueCrypt (jen pro systémové disky).

    "Mám disk plný dat" - jak jsi připraven na situaci, kdy ti ten disk zkolabuje?
    NAVARA
    NAVARA --- ---
    LIBORO: umí online zašifrovat systémový disk, už si nevzpomínám jak jsem šifroval ten datový, ale připojuje se mi automaticky se systémovým ("favorite")
    LIBORO
    LIBORO --- ---
    Měl bych ještě jednu lama otázku. Existuje nějaký způsob, jak zašifrovat data, která jsou už na disku uložena? TrueCrypt, pokud se nepletu, nejdříve vytváří prázdný šifrovaný soubor/prostor, do kterého se data posléze nahrají. Jde mi o situaci, kdy mám disk plný dat a chci ho celý zašifrovat.
    NAVARA
    NAVARA --- ---
    LIBORO: co je špatnýho na verzi 7.1a?
    LIBORO
    LIBORO --- ---
    jakou nahradu za truecrypt byste doporucili?
    ZAPPO
    ZAPPO --- ---
    OVERDRIVE: Tam je hlavní rozdíl, z hlediska vyšetřování, jestli uděláš jednorázovou velkou ránu nebo jedeš opakovaný akce - ty umožňujou vysledovat vzorec a výrazně zvyšujou šanci na tvoji identifikaci. Takže si nemyslím, že to prohráli jen na skillu (byť souhlas, že se státníma možnostma se těžko konkuruje), ale i na tomhle faktoru
    OVERDRIVE
    OVERDRIVE --- ---
    “It’s extremely hard to … interact with people closely and have to hide yourself,” says Gabriella Coleman, a McGill University anthropologist who is one of the leading experts on Anonymous and whose book Hacker, Hoaxer, Whistleblower, Spy: The Story of Anonymous publishes later this year.

    Is Anonymous Dead, or Just Preparing to Rise Again? | Threat Level | WIRED
    http://www.wired.com/2014/06/anonymous-sabu

    tohle je pro me zasadni konstatovani, samozrejma ta holka ma pravdu. mmchodem cet jsem nejake drafty te knizky a docela dost rozkryvacek a vysetrovacek anonymous a krom toho, ze to fakt byla banda idealistickejch decek, coz jako konecne budou hackeri na rustovem hormonu a s geek mind vzdycky... kazdopadne to vysetrovani bylo dost sofistikovane a zaroven je problem, ze proste hackeri na to nemeli, proti profikum, ktery se da zaplatit o nekolik vrstev vejs nebo niz na sitove i analyticke bazi... podle me je tahani velych hracu s hromadou penez proste nedatelne, jako kradez milionu .... hodne ti muze projit, ale nakonec te sestreli, protoze pokud nehrajes na urovni "nevysetruje se" proste neprecislis penize a lepsi znalosti profiku za prachy...
    dobry ale bylo, jak se tech deti celej it svet bal, aspon podle medii...
    OVERDRIVE
    OVERDRIVE --- ---
    Blog | Access
    https://www.accessnow.org/...2014/06/04/the-impact-of-forced-data-localisation-on-fundamental-rights

    tohle je zajimave, nejak jsem nezaznamenal nejake tlaceni na to, ze data musi zustat v zemi, kde funguje ten, kdo s nimi naklada, zas je to VELMI sirkone, a hrozne nesmyslne, protoze k tomu neni zadny technicky duvod, ba naopak, ale kazdopadne je to VELMI neprijemne a to nejen pro ty, kdo prechovavaji destkou pornografii v Africe.
    Tyhle legalni sracky se dost vazne meni v sracky... kdyz si predstavim, ze delam ve firme, ktera dela nadstavbu nad contentem po celem svete a zakaznik se semnou odmitne bavit, protoze ja zpracovavam data, ktera ale on nebude moct mit u sebe, kvuli tomu, ze ja jsem z jakesi pochybne CR.... to je banda idiotu ti pravnici, to snad neni mozny
    OVERDRIVE
    OVERDRIVE --- ---
    Google in quandary over how to uphold EU privacy ruling| Reuters
    http://www.reuters.com/article/2014/05/30/us-google-eu-quandary-idUSKBN0EA1ZT20140530

    presne co jsem cekal, ze proste neexistuje rozumna pravni norma a bezna praxe pro to, aby se nekdo moh nechat odnekud vymazat.
    to co rozhod EU soud je proste prilis siroka blbost, ktera prenasi zodpovednost soudu na google nebo kohokoliv postizeneho. jak je mozny rozhodnout, jestli ten jedinec ma na vymaz pravo a jestli je nejaka hloubka vymazu uz dost a co se stane, pokud se to nekdo pokusi obejit...
    to je typicky blbe navrzena situace ustici v DDOS utok na vsech moznych rovinach.

    mili zakonodarci a soudci, spatne. co tak treba chvili fungovat na internetech a precist si neco o cloudech, botech, web crawlerech a malvolentnich jedincich ;]
    OVERDRIVE
    OVERDRIVE --- ---
    sorr za formatovani, je to copy and paste emailu, jsou tam i nejaka zajimava klicova slova imho
    OVERDRIVE
    OVERDRIVE --- ---
    http://www.nytimes.com/...ction=Fashion%20%26%20Style®ion=FixedCenter&action=click&pgtype=article

    MOUNTAIN VIEW, Calif. — Just down the road from Google’s main campus here, engineers for the company are accelerating what has become the newest arms race in modern technology: They are making it far more difficult — and far more expensive — for the National Security Agency and the intelligence arms of other governments around the world to pierce their systems.
    As fast as it can, Google is sealing up cracks in its systems that Edward J. Snowden revealed the N.S.A. had brilliantly exploited. It is encrypting more data as it moves among its servers and helping customers encode their own emails. Facebook, Microsoft and Yahoo are taking similar steps.
    After years of cooperating with the government, the immediate goal now is to thwart Washington — as well as Beijing and Moscow. The strategy is also intended to preserve business overseas in places like Brazil and Germany that have threatened to entrust data only to local providers.
    Google, for example, is laying its own fiber optic cable under the world’s oceans, a project that began as an effort to cut costs and extend its influence, but now has an added purpose: to assure that the company will have more control over the movement of its customer data.
    But governments are fighting back, harder than ever. The cellphone giant Vodafone reported on Friday that a “small number” of governments around the world have demanded the ability to tap directly into its communication networks, a level of surveillance that elicited outrage from privacy advocates.A year after Mr. Snowden’s revelations, the era of quiet cooperation is over. Telecommunications companies say they are denying requests to volunteer data not covered by existing law. A.T.&T., Verizon and others say that compared with a year ago, they are far more reluctant to cooperate with the United States government in “gray areas” where there is no explicit requirement for a legal warrant.
    Vodafone refused to name the nations on Friday for fear of putting its business and employees at risk there. But in an accounting of the number of legal demands for information that it receives from 14 companies, it noted that some countries did not issue warrants to obtain phone, email or web-searching traffic, because “the relevant agencies and authorities already have permanent access to customer communications via their own direct link.”
    The company also said it had to acquiesce to some governments’ requests for data to comply with national laws. Otherwise, it said, it faced losing its license to operate in certain countries.
    Eric Grosse, Google’s security chief, suggested in an interview that the N.S.A.’s own behavior invited the new arms race.
    “I am willing to help on the purely defensive side of things,” he said, referring to Washington’s efforts to enlist Silicon Valley in cybersecurity efforts. “But signals intercept is totally off the table,” he said, referring to national intelligence gathering.
    “No hard feelings, but my job is to make their job hard,” he added.
    In Washington, officials acknowledge that covert programs are now far harder to execute because American technology companies, fearful of losing international business, are hardening their networks and saying no to requests for the kind of help they once quietly provided.
    Robert S. Litt, the general counsel of the Office of the Director of National Intelligence, which oversees all 17 American spy agencies, said on Wednesday that it was “an unquestionable loss for our nation that companies are losing the willingness to cooperate legally and voluntarily” with American spy agencies.
    “Just as there are technological gaps, there are legal gaps,” he said, speaking at the Wilson Center in Washington, “that leave a lot of gray area” governing what companies could turn over.
    In the past, he said, “we have been very successful” in getting that data. But he acknowledged that for now, those days are over, and he predicted that “sooner or later there will be some intelligence failure and people will wonder why the intelligence agencies were not able to protect the nation.”
    Companies respond that if that happens, it is the government’s own fault and that intelligence agencies, in their quest for broad data collection, have undermined web security for all.
    Many point to an episode in 2012, when Russian security researchers uncovered a state espionage tool, Flame, on Iranian computers. Flame, like the Stuxnet worm, is believed to have been produced at least in part by American intelligence agencies. It was created by exploiting a previously unknown flaw in Microsoft’s operating systems. Companies argue that others could have later taken advantage of this defect.
    Worried that such an episode undercuts confidence in its wares, Microsoft is now fully encrypting all its products, including Hotmail and Outlook.com, by the end of this year with 2,048-bit encryption, a stronger protection that would take a government far longer to crack. The software is protected by encryption both when it is in data centers and when data is being sent over the Internet, said Bradford L. Smith, the company’s general counsel.
    Mr. Smith also said the company was setting up “transparency centers” abroad so that technical experts of foreign governments could come in and inspect Microsoft’s proprietary source code. That will allow foreign governments to check to make sure there are no “back doors” that would permit snooping by United States intelligence agencies. The first such center is being set up in Brussels.
    Microsoft has also pushed back harder in court. In a Seattle case, the government issued a “national security letter” to compel Microsoft to turn over data about a customer, along with a gag order to prevent Microsoft from telling the customer it had been compelled to provide its communications to government officials. Microsoft challenged the gag order as violating the First Amendment. The government backed down.
    Hardware firms like Cisco, which makes routers and switches, have found their products a frequent subject of Mr. Snowden’s disclosures, and theirbusiness has declined steadily in countries like Asia, Brazil and Europe over the last year. The company is still struggling to convince foreign customers that their networks are safe from hackers — and free of “back doors” installed by the N.S.A. The frustration, companies here say, is that it is nearly impossible to prove that their systems are N.S.A.-proof.

    In one slide from the disclosures, N.S.A. analysts pointed to a sweet spot inside Google’s data centers, where they could catch traffic in unencrypted form. Next to a quickly drawn smiley face, an N.S.A. analyst, referring to an acronym for a common layer of protection, had noted, “SSL added and removed here!”Most American companies said they never knowingly let the N.S.A. weaken their systems, or install back doors. But Mr. Snowden’s documents showed how the agency found a way.


    Google was already suspicious that its internal traffic could be read, and had started a program to encrypt the links among its internal data centers, “the last chink in our armor,” Mr. Grosse said. But the slide gave the company proof that it was a regular target of the N.S.A. “It was useful to have proof, in terms of accelerating a project already underway,” he said.
    Facebook and Yahoo have also been encrypting traffic among their internal servers. And Facebook, Google and Microsoft have been moving to more strongly encrypt consumer traffic with so-called Perfect Forward Secrecy, specifically devised to make it more labor intensive for the N.S.A. or anyone to read stored encrypted communications.
    One of the biggest indirect consequences from the Snowden revelations, technology executives say, has been the surge in demands from foreign governments that saw what kind of access to user information the N.S.A. received — voluntarily or surreptitiously. Now they want the same.
    At Facebook, Joe Sullivan, the company’s chief security officer, said it had been fending off those demands and heightened expectations.
    Until last year, technology companies were forbidden from acknowledging demands from the United States government under the Foreign Intelligence Surveillance Act. But in January, Google, Facebook, Yahoo and Microsoft brokered a deal with the Obama administration to disclose the number of such orders they receive in increments of 1,000.
    As part of the agreement, the companies agreed to dismiss their lawsuits before the Foreign Intelligence Surveillance Court
    “WE’RE NOT RUNNING AND HIDING,” MR. SULLIVAN SAID. “WE THINK IT SHOULD BE A TRANSPARENT PROCESS SO THAT PEOPLE CAN JUDGE THE APPROPRIATE WAYS TO HANDLE THESE KINDS OF THINGS.”
    The latest move in the war between intelligence agencies and technology companies arrived this week, in the form of a new Google encryption tool. The company released a user-friendly, email encryption method to replace the clunky and often mistake-prone encryption schemes the N.S.A. has readily exploited.
    But the best part of the tool was buried in Google’s code, which included a jab at the N.S.A.’s smiley-face slide. The code included the phrase: “ssl-added-and-removed-here-; - )”
    Kliknutím sem můžete změnit nastavení reklam