gutui

Daphne Caruana Galizia's Murder and the Security of WhatsApp Daphne Caruana Galizia was a Maltese journalist whose anti-corruption investigations exposed powerful people. She was murdered in October by a car bomb. Galizia used WhatsApp to communicate securely with her sources. Now that she is dead, the Maltese police want to break into her phone or the app, and find out who those sources were. One journalist reports: Part of Daphne's destroyed smart phone was elevated from the scene. Investigators say that Caruana Galizia had not taken her laptop with her on that particular trip. If she had done so, the forensic experts would have found evidence on the ground. Her mobile phone is also being examined, as can be seen from her WhatsApp profile, which has registered activity since the murder. But it is understood that the data is safe. Sources close to the newsroom said that as part of the investigation her sim card has been cloned. This is done with the help of mobile service providers in similar cases. Asked if her WhatsApp messages or any other messages that were stored in her phone will be retrieved, the source said that since the messaging application is encrypted, the messages cannot be seen. Therefore it is unlikely that any data can be retrieved. I am less optimistic than that reporter. The FBI is providing "specific assistance." The article doesn't explain that, but I would not be surprised if they were helping crack the phone. It will be interesting to see if WhatsApp's security survives this. My guess is that it depends on how much of the phone was recovered from the bombed car. EDITED TO ADD (11/7): The court-appointed IT expert on the case has a criminal record in the UK for theft and forgery. via Bruce Schneier

intrebare, oare chiar e cine pretinde a fi ca si virsta si competente? e doar o intrebare... o analiza a vocii asociata clipurilor de pe youtube e relevanta, nu trage dom' Semaca...

oare asta traim ?

observi corespondenta dintre reactii si optiunea angajarii politice/"ordin de zi" a celor ce tin sa faca publica optiunea prin like/downvote/upvote/thanks ? intreb , caci postind aici pe acest topic, o vajnica constiinta civica, facuta la apelul bocancilor, apasata de epoleti, a simtit nevoia sa-mi adreseze primul PM, primit pe acest forum, "Ce pizda ma-tii imi dai - la postari ? suferi ? ".... ii voi da un raspuns pe care sigur nu-l va intelege

aparent off topic, The US Wants to Regulate Surveillance Software Like Weapons , caci Privacy is Becoming a Crime – Why Intel Chips May Present a Whole New Risk fiindca "Active Management Technology": The obscure remote control in some Intel hardware ridicind serioase dubii ca NSA could have planted Permanent Backdoors in Intel And AMD Chips ... incit preventiv Cisco posts kit to empty houses to dodge NSA chop shops ... iar acum, "Earlier this month, Deputy Attorney General Rod Rosenstein gave a speech warning that a world with encryption is a world without law -- or something like that. The EFF's Kurt Opsahl takes it apart pretty thoroughly. Last week, FBI Director Christopher Wray said much the same thing. This is an idea that will not die." scrie Bruce Schneier legat de FBI Increases Its Anti-Encryption Rhetoric. insa, exista o solutie de compromis , A reasonably secure operating system care "brings to your personal computer the security of the Xen hypervisor, the same software relied on by many major hosting providers to isolate websites and services from each other".

http://www.cryptophone.de/en/products/mobile/cp450/ sau http://www.cryptophone.de/en/products/mobile/cpg10i/ poate https://www.thalesgroup.com/sites/default/files/asset/document/teorem_leaflet_uk_29052008.pdf ori http://www.beaucom.de/ in lipsa de https://esdcryptophone.com/ ca sa nu amintim pe cele vehi insa bune, http://communications.sectra.com/sites/default/files/tiger_xs_folder.pdf si http://communications.sectra.nl/sites/default/files/tiger_7401_folder_3.pdf si toate aste cu gindul la https://electrospaces.blogspot.ro/2013/04/how-obamas-blackberry-got-secured.html

aici, insa am auzit ca si italienii ar fi obtinut rezultate...

http://constantdullaart.com/TOS/ si http://therevolvinginternet.com/

darius1995 oameni rai, nu-i baga in seama , ai mai jos o cale sigura de a face bani, trebuie doar ca oferta ta lucrativa, sa ajunga la client, intr-un mod in care sa devina marfa si nu prestatie gratuita.

eu nu as paria pe tor, e infiltrat de cei ce ne apara de noi insine ,

sa inteleg ca daca vei formata memoria robotului cetatean, vei suporta consecinte similare celor aplicate criminalilor? robotul cetatean va avea acces la masa de blackjack? as vrea si eu unul, daca raspunsul e da.

sa echilibram usor balanta un patent "nevinovat" si citeva file dintr-un dosar legat de :"global SIGINT surveillance and collection on analog and digital networks" macar, kaspersky pune la dispozitie codul sursa pentru fi analizat....

@spider , inteleg ca e in discutie discernamintul indiscutabil al ardelenilor din inima culturala a Transilvaniei, Cluj, Balul Bobocilor de la Colegiul Tehnic de Telecomunicații Augustin Maior insa, nu ai un fior ca in imagine apar niste copii de 15 ani, care sub obladuirea profesorilor lor, mimeaza in cadru organizat felatia? oare asta sa fie explicatia de ce Emil Boc, inca indoaie urna de vot, in Cluj? si da, mai inteleg ca in opinia ta, e vina psd-ului.... wow.... genial!!!!

va fi adoptata legea. va aduce in noul "normal", in public , practica celor din Tailored Access Operations (TAO) . nu uita ca aceste servicii sint externalizate unor contractori civili, externi. deschizind piata unor astfel de servicii catre zona civila, este si in avantajul contractorilor si scade si presiunea financiara pe agentiile guvernamentale, in plus, sub pretextul hack back, se vor putea derula black ops, oferind o perfecta "Plausible Deniability". ... aparent off topic, insa legat de actualitate, imi vine in minte scaderea entropiei "zarului electronic" ... "[...] The bizarre thing is that people did indeed adopt Dual EC in major commercial software packages. Specifically, RSA Security included it as the default generator in their popular BSAFE software library. Much worse, there’s evidence that RSA was asked to do this by NSA, and were compensated for their compliance. "

pare a fi cronica unei morti anuntate, ma gindesc la o prezentare din 2013 insa, "Reaper: Calm Before the IoT Security Storm?" , "It’s been just over a year since the world witnessed some of the world’s top online Web sites being taken down for much of the day by “Mirai,” a zombie malware strain that enslaved “Internet of Things” (IoT) devices such as wireless routers, security cameras and digital video recorders for use in large-scale online attacks. Now, experts are sounding the alarm about the emergence of what appears to be a far more powerful strain of IoT attack malware — variously named “Reaper” and “IoTroop” — that spreads via security holes in IoT software and hardware. And there are indications that over a million organizations may be affected already..." in timp ce se anuta ca "Smart meters can be hacked to cut power bills" iar perfidul GCHQ ne asigura plin de emfaza ca va apara revolutionarele izbinzi ale tehnocratiei biruitoare. si toate se petreceau in timp ce Catalin Cimpanu ne dadea de stire ca DUHK Crypto Attack Recovers Encryption Keys, Exposes VPN Connections, More ... si e ceva comun in aceste stiri, care-mi scapa pe moment caci :" The agency built in additional security measures for the UK metering system after discovering glaring loopholes in meter designs in use abroad that it believed could pose a national security risk if rolled out in Britain. The communication channel between each meter and the utilities operating them was designed to be encrypted. But the encryption key — the code used to unscramble the data each meter sends and receives — was the same for all of them." GCHQ intervenes to secure smart meters against hackers posibil sa ma insel...

Assemblyline is a malware detection and analysis tool developed by the CSE and released to the cybersecurity community in October 2017. This tool was developed within CSE’s Cyber Defence program to detect and analyse malicious files as they are received. As the Government of Canada’s centre of excellence in cybersecurity, CSE protects and defends the computer networks and electronic information of greatest importance to the Government of Canada. Our highly skilled staff works every day to protect Canada and Canadians from the most advanced cyber threats. Assemblyline is one of the tools we use. The release of Assemblyline is an opportunity for the cyber security community to take what CSE has developed and build upon it to benefit all Canadians. How It Works Assemblyline is a platform for the analysis of malicious files. It is designed to assist cyber defence teams to automate the analysis of files and to better use the time of security analysts. The tool recognizes when a large volume of files is received within the system, and can automatically rebalance its workload. Users can add their own analytics, such as antivirus products or custom-built software, in to Assemblyline. The tool is designed to be customized by the user and provides a robust interface for security analysts. Assemblyline works very much like a conveyor belt. Files arrive in the system and are triaged in a certain sequence. Assemblyline generates information about each file and assigns a unique identifier that travels with the file as it flows through the system. Users can add their own analytics, which we refer to as services, to Assemblyline. The services selected by the user in Assemblyline then analyze the files, looking for an indication of maliciousness and/or extracting features for further analysis. The system can generate alerts about a malicious file at any point during the analysis and assigns the file a score. The system can also trigger automated defensive systems to kick in. Malicious indicators generated by the system can be distributed to other defence systems. Assemblyline recognizes when a file has been previously analysed. Users can deploy their own analytics, such as antivirus products or custom-built software into Assemblyline. It is designed to be customized by the user. Assemblyline Example A financial officer receives an email from an outside sender that includes a password-protected .zip file that contains a spreadsheet and a Word document with text for an annual report. An hour later the financial officer forwards that email to three colleagues within the department and attaches a .jpeg image of a potential cover for the report. Assemblyline will start by examining the initial email. It automatically recognizes the various file formats (email, .zip file, spreadsheet, Word document) and triggers the analysis of each file. In this example, the Word document contains embedded malware, although the financial officer is unaware of this. The whole file is given a score when the analysis of each file is complete. Scores over a certain threshold trigger alerts, at which point a security analyst may manually examine the file. The malware within the Word document is neutralized due to further security measures that the organization has already implemented. When the email is forwarded, Assemblyline automatically recognizes the duplication of files and focuses on new content that may be part of the email, such as the .jpeg image. Assemblyline minimizes the number of non-malicious files that analysts have to manually inspect and allows users to focus their time and attention on the most harmful files. The Strength of Assemblyline The strength of Assemblyline is the ability of users to scale the system to their needs and the way that Assemblyline automatically rebalances its workload depending on the volume of files. It reduces the number of non-malicious files that security analysts have to inspect, and permits users to focus their time and attention on the most harmful files, allowing them to spend time researching new cyber defence techniques. Development of the Tool Assemblyline was built using public domain and open-source software; however the majority of the code was developed by CSE. It does not contain any commercial technology, but it is easily integrated in to existing cyber defence technologies. As open-source software, businesses can modify Assemblyline to suit their requirements. Releasing Assemblyline to the Cyber Defence Community Malicious files can allow threat actors to access sensitive systems, extract valuable data or corrupt vital services. Assemblyline will benefit small and large businesses by allowing them to better protect their data from theft and compromise. Most software of a similar nature is proprietary to a company and not available to the software development community. CSE is releasing Assemblyline to businesses, security researchers, industry, and academia, with no economic benefit to CSE. The release of Assemblyline benefits the country and CSE’s work to protect Canadian systems, and allows the cybersecurity community to build and evolve this valuable open-source software. The public release of Assemblyline enables malware security researchers to focus their efforts on creating new methods to detect malicious files. via: https://www.cse-cst.gc.ca/en/assemblyline

"...allow companies to access computers that don’t belong to them in the name of self-defense or, as the bill calls it, “active defense.” (Active defense, ca si eufemism, este termenul politicos de a descrie ofensiva. dorindu-se a semnifica ca tu te aperi si nu ca ai ataca pe cineva, fie si de tu in realitate ataci — din acest motiv apare utilizat atributul “active.”)" sintagma "active defense" imi aduce aminte de sintagma "active shooter" folosita in media, mereu intrebindu-ma in opozitie ce ar insemna "inactive shooter"? iar acum, in acest context, ce ar insemna "inactive defence"? interesant concept. deci, daca "infiltram" Firma X, este de presupus ca ar fi posibil ca rezultatul intors de software sa fie "nothing going on here" dupa ce a scormonit/corupt/inlocuit datele Firmei X ? ...

conform textului actului normativ, acuzatul/entitatea va trebui sa probeze ca fost victina unui “persistent unauthorized intrusion” indreptata asupa computerelor sale. toti ne aflam sub “persistent unauthorized intrusion”, atacuri initiate de contoarele de electricitate smart, frigidere smart, televizoare smart, telefoane mobile smart, ECU-ul masinii conectat prin can bus via Wi Fi, la angajatii big brother, vecini cu routere Wi Fi, ISP, site-uri de stiri, advertiseri, email-uri, guvernele si agentiile tarilor de resedinta care colecteaza indiscriminatoriu "amprenta digitala", banci, asiguratori, toti "by default". si daca incalcare unui drm va fi privita ca “persistent unauthorized intrusion” si atunci raspunsul va consta intr-un firmware/microcode update ce va va "brick-ui" echipamentul ? si daca vor aparea vigilantes sau mercenari din agentii guvernamentale? vom migra catre hardware " Trusted Computing " si virtualizare ?

da! ... defective by design si acum update-uri care aduc in "legalitate" vulnerabilitatea, fara insa a oferi solutia "backdoor free" datorita specificatiilor tehnice ale patentului... "[...] in order for the government to legislate a mechanism that would no longer meet the definition of a backdoor, they must disclose to the owner that the government can install functionality through auto-update (the third prong), or disclose that functionality that can introduce code deemed objectionable by the owner (the second prong). If the user chooses to still update their software, then this is not a backdoor because it’s been disclosed, and either its intent or its origins have been fully stated. It is, in fact, much worse than a backdoor at this point; it is a surveillance tool and should be treated as such in law. [...] In today’s legal landscape, secret court orders are a possibility. In such scenarios, we are no longer discussing disclosed actors or intent, but rather secret orders such as those going through a FISA court, such as section 702 orders or secret orders under the All Writs Act. In these cases, our hypothetical software update service could unwittingly become a backdoor if the government chose to quietly control it without any disclosure to the user. In the same way, for the manufacturer to be ordered to keep such capabilities a secret would be to turn the manufacturer into an arm of government for the express intent of creating a backdoor, and the manufacturer could be considered partially liable for the consequences of doing so. Those that control the mechanism dictate the intent, and so if the government is partially in control of the mechanism, then their intentions must become part of the overall test. In such a case, the functionality of the software would likely subvert the intent disclosed to the user. Consent would similarly become invalidated, resulting in a software update mechanism that qualifies as a backdoor by definition. " citatele sint de aici , facute intr-un context diferit, insa aplicabile topivului de fata.

Gecko ai sanse sa-ti traiesti visul The Chinese government plans to launch its Social Credit System in 2020. The aim? To judge the trustworthiness – or otherwise – of its 1.3 billion residents

opriti planeta, vreau sa cobor din acest viitor si o lectura https://www.forumforthefuture.org/sites/default/files/project/downloads/megacitiesfullreport.pdf

intrebarile din chestionar mi-au adus aminte de scena asta, avind in vedere componenta socioprofesionala a celor ce bintuim pe aici raspunsurile cit si modul euristic de alcatuire al chestionarului... mi-au confirmat ca... nu e chiar o parodie...