Hard Light Productions Forums
Off-Topic Discussion => General Discussion => Topic started by: jr2 on November 18, 2013, 02:22:28 pm
-
Yeah, pretty much what I thought when I learned about it.
this is on the angle of security, instead of just privacy/rights
http://arstechnica.com/tech-policy/2013/11/schneier-tells-washington-nsa-broke-internets-security-for-everyone/
-
The chances of any government listening to experts like Schneier - who should absolutely be listened to - are slim and none.
-
NSA probably has decent security itself (we can't be sure, but we better hope it's so...), but those backdoors are worrying. I'm more or less OK with NSA gathering various data, but if some dirty hacker got his hands on it (or even just messed with a related system), bad things would happen.
-
if you didn't already know, i'm a government employee. now i'm no computer security expert myself, but i feel like i know enough to generally recognize if other people know what the hell they are doing. and the answer that i've seen is generally no. our IT departments aren't staffed with experts or even trained IT people. they are very often promoted/transferred in from other departments and given the quick and dirty government-grade on the job training. this includes the people that manage the classified networks. the whole system reeks of bureaucratic nonsense that may have at one time been proposed by an expert (or 'expert'), but has had to go through 17 levels of approval by people who haven't got a ****ing clue who go "gee, this method SOUNDS awfully impressive and techy and secure" or "MOAR asinine password requirements!!!!"
one would hope a higher-tier organization like the NSA might be a little better off, but....
-
I think they are rather happy with my country's government officials. You see, they happily talk about all their dirty deeds on the phone, and other easily tracked medias even if they are aware someone else is listening.
-
if you didn't already know, i'm a government employee. now i'm no computer security expert myself, but i feel like i know enough to generally recognize if other people know what the hell they are doing. and the answer that i've seen is generally no. our IT departments aren't staffed with experts or even trained IT people. they are very often promoted/transferred in from other departments and given the quick and dirty government-grade on the job training. this includes the people that manage the classified networks. the whole system reeks of bureaucratic nonsense that may have at one time been proposed by an expert (or 'expert'), but has had to go through 17 levels of approval by people who haven't got a ****ing clue who go "gee, this method SOUNDS awfully impressive and techy and secure" or "MOAR asinine password requirements!!!!"
one would hope a higher-tier organization like the NSA might be a little better off, but....
A post government employee. Most of the tests that are required to be taken by all government workers are bull****. A sub idiot couldn't pass them. Makes me curious about the that people devise them. In most likely cases, either tests or beurocracy are devised by idiots, or are lead by them. Most likely lead by them. I stopped taking them a year into having my job, and still had a job. I recently quit for wanting to have a better life and get out of this ****ty stepping stone to achievement.
The nsa breaking internet security isn't exactly anything new. Making sure to partner with businesses to have backdoors in products for total take over. One good example are companies that manufacture routers. That, and the nsa going ahead and breaking into routers if no backdoor is available. There's an alternative, running opensource firmware is your router is compatible. Then make sure the setup is secure, and hope that said opensource firmware isn't in leagues with the nsa i guess. Doing something in this case doesn't always equivocate to pointlessness. Doing something of a proprietary software means could greatly be pointless.
-
NSA probably has decent security itself (we can't be sure, but we better hope it's so...), but those backdoors are worrying. I'm more or less OK with NSA gathering various data, but if some dirty hacker got his hands on it (or even just messed with a related system), bad things would happen.
NSA employs people ... leaving them wide open to the whole "employee with a grudge", "bored idiot employee" or "intelligent criminal employee" angle.
I don't think it's a matter of when it will be abused, but rather of how often it already has been abused.
-
And let's not forget "employee with a conscience", like that bastard Snowden.
-
Well, they also have painted a huge target on themselves, cause all criminal hackers now know that they basically have the back door keys to pretty much everything interesting / worthwhile. So unless their security is truly legendary, they will probably be compromised. Also, foreign governments would love to get their hands on all of that. So, yeah, pretty much all internet security now depends on the security of the NSA. Awesome.
-
And let's not forget "employee with a conscience", like that bastard Snowden.
Remember, he was actually quite careful about what to reveal. Nothing he exposed really endangered anyone, nor threatened the security. I'd be more concerned about guys with actual malicious intent, or simply dumber.
Now, while I would expect NSA to have such "legendary" security, it does indeed employ people. People who set passwords to "0000" or "swordfish", people who forget to log out or, perhaps, people who are interested in stealing data themselves. Heck, even simply nice, polite people who, upon being told that "Hey, I'm new here, could you let me in? Some bastard stole my access card on the bus." would simply open the door instead of calling security. While they probably are aware of possibility of all that happening, this is still putting all our eggs in one basket.
-
Let's not forget the danger of possible components built into the hardware they might be using. Like hardware keyloggers?
-
Let's not forget the danger of possible components built into the hardware they might be using. Like hardware keyloggers?
You mean someone playing their own game better than they are?
This asks for another question:
The NSA had their Snowden. How many companies/agencies/organizations pulled off the same stuff, but got away with it because nobody spoke up?
Those super cyber attacks as seen on Live Free or Die Hard or National Geographic's American Blackout, might actually be waiting to happen. If the whole internet has holes in it, that would include power plants, traffic control systems and everything else computerized and networked.
-
The claims of hardware backdoors certainly throw all the reports about Huawei (http://www.bloomberg.com/news/2011-11-30/obama-invokes-cold-war-security-powers-to-unmask-chinese-telecom-spyware.html) into a new light.
Is it possible that Huawei products do have backdoors allowing the Chinese security agencies access to your data, yes, definitely. But I'd consider it equally possible that they don't have any backdoors and that the story was made up precisely because they couldn't be used in that way. Especially when you consider the source.
“This is beyond vague suspicions,” said Richard Falkenrath, a senior fellow in the Council on Foreign Relations Cyberconflict and Cybersecurity Initiative. “Congress is now looking at this as well, and they’re doing so based on very specific material provided them in a classified setting” by the National Security Agency, he said.
-
And let's not forget "employee with a conscience", like that bastard Snowden.
Remember, he was actually quite careful about what to reveal. Nothing he exposed really endangered anyone, nor threatened the security. I'd be more concerned about guys with actual malicious intent, or simply dumber.
"bastard" was sarcasm
-
I know. My point was that guys like Snowden aren't really a threat to internet security. A whistleblower who isn't a complete idiot will take such precautions, if only so that people actually take his side and not be furious at him for releasing sensitive data to general public, which includes hackers and criminals. He ensured that his revelations only hit the NSA, not people monitored by them.
-
That's what I really like about Snowden. Unlike Assange, who just dumped the files on his server with only his team's sight on what is correct and what isn't, Snowden works with experienced reporters all over the world. The whole process is extremely professional.
-
Yeah. He's so professional that some accused him of working for the Government the entire time, and the whole thing to be staged by NSA/CIA/FBI/Illuminati/Your conspiracy of choice. :) But either way, it's certain that he knows what he's doing.
-
Unlike Assange, who just dumped the files on his server
BS
with only his team's sight on what is correct and what isn't
Not sure what that's supposed to mean but I'm going to assume it's also BS
-
I have little sympathy for those who shelter themselves in Russian territory or russian media, as if the Putin guy is this freedom-of-speech go-to-guy.
It's as if they don't give a **** about the innumerous reporters that were put to death by the russian regime the past 15 years by now.
Or take the first three words of that sentence out, probably more true.
-
Where should he have gone then? Russia (and China for that matter) are countries that wouldn't give a stuff about American pressure to give him back.
Ironically pretty much any country you would say has a good record on freedom of speech would have arrested him within seconds of him landing.
-
Yeah, that is pretty ironic. Pretty pathetic, too, show a spine. :ick:
-
The problem is that, currently, if any EU country would host some of these men, the US would simply economically sanction these countries to death. However, both Russia and China are either too important to try and economically sanction, or are already economically sanctioned, or are not affected by them nearly as much as, say, The Netherlands is.
-
Well, the only other options would be US-unfriendly Arab countries (risky idea for a non-Arab, though they'd probably love to screw with US), North Korea (bad idea, regardless of ethnicity or religion) or complete wilderness (quite useless for a whistleblower, when you think of it). Really, considering the other countries he could've gone to, Russia comes out as pretty good regarding free speech.
-
I have little sympathy for those who shelter themselves in Russian territory or russian media, as if the Putin guy is this freedom-of-speech go-to-guy.
It's as if they don't give a **** about the innumerous reporters that were put to death by the russian regime the past 15 years by now.
Or take the first three words of that sentence out, probably more true.
http://www.theguardian.com/commentisfree/2013/jul/13/reuters-article-dead-man-s-switch
The US government has acted with wild irrationality. The current criticism of Snowden is that he's in Russia. But the reason he's in Russia isn't that he chose to be there. It's because the US blocked him from leaving: first by revoking his passport (with no due process or trial), then by pressuring its allies to deny airspace rights to any plane they thought might be carrying him to asylum (even one carrying the democratically elected president of a sovereign state), then by bullying small countries out of letting him land for re-fueling.
-
http://www.usatoday.com/story/news/nation/2013/11/27/nsa-spied-porn-habits/3765279/
basically THE thing that people have been worried about. collecting porn habits to use as blackmail against people they don't like.
-
And we're back to Rule 34... :) In all seriousness though, this is a bit of a concern. Though I don't think there's anything wrong with watching porn online, but many people do, and it's not usually spoken about openly. Especially in highly religious communities, this could be a lot of trouble. Also, why is NSA messing with foreign citizens' data? Isn't that CIA's job?
I imagine this could be put to good use, though. Pedophiles could probably be found using similar methods.
-
i used to think like that, then i caught my mom watching german lesbian porn. so ive come to the conclusion that everyone watches porn.
-
this is awesome
http://hackaday.com/2013/11/28/scaremail-tries-to-disrupt-nsa-email-surveillance/
troll the nsa!
-
Yay Bobboau for posting that story :D And not delayed many months like some of the discussions on these forums (e.g. this thread... people elsewhere were talking about "NSA ruined the Internet" months ago!) The jokes-to-seriousness ratio of the commentary I've seen about this is infuriating :mad:
This is the hard counter to the "if you have nothing to hide you have nothing to fear" argument:
- It's legal
- You're not hurting anybody
- It's actually good for you
- You still don't want other people to know about it
. . .
:sigh: I spent an hour writing stuff between the above list and this bit, but then I got this feeling like I'm creating and disassembling an army of straw men, and the only people who disagree with me are the ones who aren't in the room.
@Dragon: The consumers of child pornography are not your enemy. Having porn available means they will keep it in their pants, in their homes.
-
Note, looking at child porn alone shouldn't be taken as an evidence for immediate arrest. However, it should be a cue for closer monitoring and making sure the actually keep it in their pants. As long as there's nothing besides looking at child porn, no worries. But think about it, some people have to make child porn and upload it. And those should be dealt with accordingly. Also, I think that interest in child porn would be a really good basis to deny someone a job that involves extensive contact with children. In matters like that, you can't take chances.
i used to think like that, then i caught my mom watching german lesbian porn. so ive come to the conclusion that everyone watches porn.
Yes, everybody does. Yet, a lot of people seems to be against it, including the same ones railing about the evils of pornography. It'd be nice if they all just stopped trying to fool themselves and other people, but religious communities seems to have a big problem with that.
-
Let's not forget the danger of possible components built into the hardware they might be using. Like hardware keyloggers?
You mean someone playing their own game better than they are?
This asks for another question:
The NSA had their Snowden. How many companies/agencies/organizations pulled off the same stuff, but got away with it because nobody spoke up?
Those super cyber attacks as seen on Live Free or Die Hard or National Geographic's American Blackout, might actually be waiting to happen. If the whole internet has holes in it, that would include power plants, traffic control systems and everything else computerized and networked.
Kinda ironic ... and also the last fig leaf the NSA had left: They can't even say anymore they are doing what they are doing to protect us from the evil terrorists (TM) - the contrary if any of this is true.
-
http://www.usatoday.com/story/news/nation/2013/11/27/nsa-spied-porn-habits/3765279/
basically THE thing that people have been worried about. collecting porn habits to use as blackmail against people they don't like.
If we assume it's only the NSA that managed to drill a hole in the internet, there's the possibility of rogue/corrupted NSA employees, or even of rogue/corrupt politicians who tell the NSA what to do to get secret stuff published.
If someone pays enough they might be able to blackmail their competition/rivals/enemies/ex-wife, knowing what sort of porn sites the person visits.
It's possible the US might one day become the opposite of what it was founded to be.
If the government figures it's cool to have a dictatorship, it could discredit all opponents by publishing the porn sites they visit...
Not to mention millions of hackers who are probably trying to find these exploits for $#!+s and giggles.
If one of them finds and publishes them, and a single person who wants to watch the world burn learns of them, we're in deep $#!+. What happens when Obama's porn habits are exposed?
P.S. What if they are not the only people who hacked the whole internet? What if the others figured out the passwords to power grid or major some bank's admin and maintenance accounts?
-
What people need to do is to get over the fact people watch porn. Why do I care what are Obama's preferences? I have my own. :) Nothing wrong with watching porn as long as there are no children in it. When you think of it, that the fact of watching porn has anything to do with one's credibility is pretty stupid, unless that person stated to have something against porn.
-
It's possible the US might one day become the opposite of what it was founded to be.
one day
I've got some bad news for you.
-
@redsniper: Yeah I was gonna say that, but my first draft looked more like a flame than a useful post...
-
What people need to do is to get over the fact people watch porn. Why do I care what are Obama's preferences? I have my own. :) Nothing wrong with watching porn as long as there are no children in it. When you think of it, that the fact of watching porn has anything to do with one's credibility is pretty stupid, unless that person stated to have something against porn.
Replace "porn" with "bank account access", "Iran invasion plans", "nuclear launch codes", "the stuff about stealth tech that China really wants to know about" or whatever else that might be transferred on the internet, on purpose or due to a screw up.
Replace "NSA" with "Anyone who might access this info exploiting the NSA's security holes and use it for personal gain".
I used porn, because it's already published that the NSA is doing it.
I wrote NSA, because so far they're the only people who (officially) know about how exactly their back doors to the internet work.
-
Again, if you have nothing to hide, what's the big deal? Just bend the **** over, let us rape your privacy and we promise that it will take just a minute or so.
It's not as if we'll ever use it nefariously, come on. Don't you know history? What was the last time any security force ever abused people anyway?