TOKYO MASTER BANNER

MINISTRY OF TOKYO
US-ANGLO CAPITALISMEU-NATO IMPERIALISM
Illegitimate Transfer of Inalienable European Rights via Convention(s) & Supranational Bodies
Establishment of Sovereignty-Usurping Supranational Body Dictatorships
Enduring Program of DEMOGRAPHICS WAR on Europeans
Enduring Program of PSYCHOLOGICAL WAR on Europeans
Enduring Program of European Displacement, Dismemberment, Dispossession, & Dissolution
No wars or conditions abroad (& no domestic or global economic pretexts) justify government policy facilitating the invasion of ancestral European homelands, the rape of European women, the destruction of European societies, & the genocide of Europeans.
U.S. RULING OLIGARCHY WAGES HYBRID WAR TO SALVAGE HEGEMONY
[LINK | Article]

*U.S. OLIGARCHY WAGES HYBRID WAR* | U.S. Empire's Casino Unsustainable | Destabilised U.S. Monetary & Financial System | U.S. Defaults Twice A Year | Causes for Global Financial Crisis of 2008 Remain | Financial Pyramids Composed of Derivatives & National Debt Are Growing | *U.S. OLIGARCHY WAGES HYBRID WAR* | U.S. Empire's Casino Unsustainable | Destabilised U.S. Monetary & Financial System | U.S. Defaults Twice A Year | Causes for Global Financial Crisis of 2008 Remain | Financial Pyramids Composed of Derivatives & National Debt Are Growing | *U.S. OLIGARCHY WAGES HYBRID WAR*

Who's preaching world democracy, democracy, democracy? —Who wants to make free people free?
[info from Craig Murray video appearance, follows]  US-Anglo Alliance DELIBERATELY STOKING ANTI-RUSSIAN FEELING & RAMPING UP TENSION BETWEEN EASTERN EUROPE & RUSSIA.  British military/government feeding media PROPAGANDA.  Media choosing to PUBLISH government PROPAGANDA.  US naval aggression against Russia:  Baltic Sea — US naval aggression against China:  South China Sea.  Continued NATO pressure on Russia:  US missile systems moving into Eastern Europe.     [info from John Pilger interview follows]  War Hawk:  Hillary Clinton — embodiment of seamless aggressive American imperialist post-WWII system.  USA in frenzy of preparation for a conflict.  Greatest US-led build-up of forces since WWII gathered in Eastern Europe and in Baltic states.  US expansion & military preparation HAS NOT BEEN REPORTED IN THE WEST.  Since US paid for & controlled US coup, UKRAINE has become an American preserve and CIA Theme Park, on Russia's borderland, through which Germans invaded in the 1940s, costing 27 million Russian lives.  Imagine equivalent occurring on US borders in Canada or Mexico.  US military preparations against RUSSIA and against CHINA have NOT been reported by MEDIA.  US has sent guided missile ships to diputed zone in South China Sea.  DANGER OF US PRE-EMPTIVE NUCLEAR STRIKES.  China is on HIGH NUCLEAR ALERT.  US spy plane intercepted by Chinese fighter jets.  Public is primed to accept so-called 'aggressive' moves by China, when these are in fact defensive moves:  US 400 major bases encircling China; Okinawa has 32 American military installations; Japan has 130 American military bases in all.  WARNING PENTAGON MILITARY THINKING DOMINATES WASHINGTON. ⟴  
Showing posts with label Tor. Show all posts
Showing posts with label Tor. Show all posts

September 15, 2015

Latest CyberSec News & Related

Article
SOURCE
as indicated





Universal Music
abusing the DMCA
ie #Copyright Act
rightsholders MUST consider FAIR USE
prior take-down issues
http://boingboing.net/2015/09/14/eff-scores-a-giant-victory-for.html


#India IT security
1.2 billion in 2016
http://www.consultancy.uk/news/2591/indian-IT-security-market-reaches-12-billion-next-year

#Microsoft
signs landmark agreement with #NATO
re govt #cybersecurity
/ solidification relationship
http://www.neowin.net/news/microsoft-signs-agreement-with-nato-to-bolster-government-cybersecurity

Intel in #cybersecurity - auto-mobiles
auto security board set up:
Automotive Security Review Board (ASRB)
Intel Security (formerly McAfee)
published a whitepaper
re automotive security best practices
http://forexreportdaily.com/2015/09/14/6873-intel-in-cyber-security-driving-seat-sets-up-connected-auto-security-board/


NSA Recruiting / Scholarships
USA Colleges
vie to entice w. NSA cyber program
scholarship stipulation
= NSA job on degree
http://fedscoop.com/colleges-vie-to-entice-students-with-nsa-cyber-program


USA + China
meet re #cybersecurity - White House
Kerry, Rice + Homeland Sec. Jeh Johnson
> comm. competition blocks

USA whining that the following
 stop US competing on level playing field in China:
  • fines
  • opaque regulatory system
http://www.lidtime.com/u-s-chinese-officials-meet-on-cyber-security-issues-white-house-5652/

University of Texas at San Antonio
grant puts city on centre #cybersecurity stage
emerging cybersecurity + tech hub
/ expressnews (subscipt)


#cybersecurity #hacker
Millennial Gen / Gen Y
born post 1980
social media over-sharing / lax security
http://www.afr.com/technology/a-third-of-millennials-warned-by-employers-over-social-media-posts-norton-20150914-gjlw1h

Cybersecurity Bill  |  CISA   |  USA
Cybersecurity Information Sharing Act (CISA)
Light on Security
legal immunity for sharing cyber-intel with govt
PRIVACY implications
/ poised to pass

http://foreignpolicy.com/2015/09/14/a-cybersecurity-bill-light-on-security-heavy-on-corporate-

Jeb Bush
wants USA Internet gov.
against transfer of  ICANN oversight to multistakeholders

Following Presidential candidates also get a mention re cybersec:
  • Rubio - Marco Rubio
  • Fiorina - Carly Fiorina
http://fedscoop.com/jeb-bush-unveils-cybersecurity-plan


Clinton appears to be 
the CYBERSEC & MILLENNIAL candidate

#Clinton2016
'Best Choice' Cybercrime
Wakefield Research poll - 42%
over half millennials Dems better
http://www.inc.com/will-yakowicz/poll-hillary-clinton-most-qualified-presidential-candidate-for-cyberattack.html


Hackers hit the Kremlin  #Russia
target: election commission website
sounds like DDoS
http://thehill.com/policy/cybersecurity/253609-hackers-hit-the-kremlin


#cybersecurity #banking #cloud
x4 US banks
agreement w/ regulators
re 'guaranteed data deletion' issues

Symphony
= service created thru consortium
of 14 financial instutions
  1. Goldman Sachs
  2. Deutsche Bank
  3. Credit Suisse
  4. Bank of New York Mellon
= guaranteed data deletion
/ hinder regulators + prosecutors to investigate misconduct?
Does use of Symphony re communications
= regulators avoidance?
[ I'm not clear on that]

http://www.stockhouse.com/news/newswire/2015/09/14/four-us-banks-reach-agreement-with-regulators-on-guaranteed-data-deletion-issues

#Russia
Yuri Ushakov
fmr career diplomat
fmr deputy Foreign Minister
PhD:  history
2008 appointment Putin deputy chief staff
foreign-policy + international economics
[various sources - incl. Foreign Policy]

#cybersecurity
DECEPTION SOFTWARE 
/ HONEYPOT SOFTWARE

Deception to Catch #hacker
fake network component, server or database
to study their behaviour

DECEPTION cybersecurity aims:
1. ID intruders / share info
2. drains hacker resources until aware duped
3. study hackers
Deception
has long been part of the art of war
WWII, USA & British armies
set up fake camps
to dupe Germans
/ Penny Crosman {cybersec}

Honeypot software
= fake system
= sits on network
= exposes fake or real services to the attacker

new gen. honeypot software
= called 'deception software'
centrally managed, integrated w/ other security software

deception software
popular with:  financial services

x4 layers  (ie "deception stack"):
  1. network
  2. endpoint
  3. application
  4. data

each layer of x4 deception software
= has deception capabilities

deception layers:
eg. fake credentials in browser caches
of decoy workstations, phony files & data sets.

deception layers:
eg. endpoint set up to look like it runs eg Windows,
when is a Linux machine.

deception layers:
eg. fake OS = deceive malware into attacking
vulnerabilities OS does not have.

deception strategy:
once intruder detected
/ continue to 'entertain'
*find out what intruder knows re system

decoy documents
eg fake 'new product designs'
= embedded w/ tracking element
= knowing when & where opened
deception software
hidden tech in documents
= beacon calling 'home'
= info re intruder

DECEPTION software providers:
  • Attivo Networks
  • TrapX Security
  • Allure Security Technology
  • CyberTrap
  • Cymmetria
  • ForeScout
  • GuardiCore
  • Hexis Cyber Solutions
  • LogRhythm
  • Percipient Networks
  • Rapid7
  • Shape Security
  • Specter
  • TopSpin Security

DECEPTION software LIMITATIONS
If the hacker:
1) obtained correct credentials re system
2) knows where to look
ie ... if not rummaging, knows where to go & where to get it, deception software ineffective
Deception software
= not foolproof
= but significantly raises odds of detection & lowers false positives

http://www.americanbanker.com/news/bank-technology/deception-may-be-the-best-way-to-catch-cybercriminals-1076667-1.html

#cybersecurity
US Dept Commerce
rethinking proposed rule controlling 
EXPORT of hacking TOOLS / intrusion software
b/c stifles research
source (subscription)
http://www.law360.com/articles/702478/commerce-to-revise-cyber-rule-said-to-hamper-research

#cybersecurity #hacker
Cisco routers vulnerable to new attack
attacks replace OS used in network Cisco equip.

Cisco router attacks
= x14 instances of router implants found in:
  • India
  • Mexico
  • Philippines
  • Ukraine
http://www.reuters.com/article/2015/09/15/us-cybersecurity-routers-cisco-systems-idUSKCN0RF0N420150915


Malvertising
#cybersecurity #hacker

Malvertising Campaign Rages Undetected For 3 Weeks
/ manipulate ad networks' chain of trust
Malvertising
= number of new tactics to make attackers harder to track down
eg use domain names registered years ago w/ BBB

#Hacker
= look like legit bus. using real-time bidding
= ads clean
= ads redirected to point for download malicious code

ads  thru
encrypted HTTPS channel
= lets third party directly serve up content
+ encrypt comm.
/ no inspect.

Malvertising
attackers used Google URL shortener in redirects
Malwarebytes + Google working to solve

Malvertising hits, incl: http://ebay.co.uk  http://drudgereport.com  http://answers.com

Malvertising
compromised various small ad networks
+ major ad networks, incl DoubleClick, AppNexus + ExoClick

Malvertising hits, adult, incl:
nuvid.com
upornia.com
eroprofile.com

very low-cost intro packages
= attacker opportunity for short campaigns w/ small investments
http://www.darkreading.com/attacks-breaches/malvertising-campaign-rages-undetected-for-3-weeks/d/d-id/1322169

#cybersecurity
National Cyber Security Hall of Fame
2015 INDUCTEES
Thu 29th Sept
x5 - listed
http://news.sys-con.com/node/3456101

#cybersecurity - REPORT - Insurance
PWC
Insurance 2020 & beyond: Reaping the dividends of cyber resilience
http://www.pwc.com/gx/en/industries/financial-services/insurance/publications/insurance-2020-cyber.html

#cybersecurity #insurance
market to reach $7.5 billion annual premiums by end 2020
& min.  $5 billion by 2018
insurance co's may MITIGATE risks by
partnering w/ technology co's
+ data sharing b/w insurance co's

Insurer mitigation also by:
conditional regular risk assessments
of client ops & required remedies re reviews
http://www.pymnts.com/in-depth/2015/cyber-insurance-market-to-thrive-triple-by-2020/

#military
DOD - Overhaul of Military Ground Systems
in favour of single UNIFIED system for satellite networks

Satellite networks
multiple siloed ground systems
aka “stove-piped”
=  inhibits security, resiliency, agility & affordability

stovepiped / single ununified systems
=  op systems each functioning w/ unique proprietary software from contractors

#military ground systems
- USG wants to move away from reliance original contractor
/ own tech baseline
/ free up competition

DOD overhaul aim:
  • *control interfaces + standards
  • *no limits interface / proprietary s/w
  • *no contractor control architecture

DOD overhaul of military ground systems goals
 *agility
 *automation
 *security
 *resilience
 Cost savings = inherent result

cybersecurity
= too many interfaces + incongruous software:
*multiple cyber attack surfaces
*must be defended individually
Enterprise Ground System (EGS)
/ DOD interested in using #cloud tech for EGS
/ type undecided
/ Airforce favours private (b/c physically reside w/in operation centres)
http://www.satellitetoday.com/regional/2015/09/14/dod-prepares-for-overhaul-of-military-ground-systems/


NYSE
STUDY by Veracode
2015 Survey
#cybersecurity in the Boardroom - 8pg PDF
https://www.veracode.com/sites/default/files/Resources/Whitepapers/cybersecurity-in-the-boardroom-whitepaper.pdf

Associated article:
Boardrooms and cyber security http://thetandd.com/news/boardrooms-and-cyber-security/article_5edccb5b-aed1-5e88-b2e4-0dd396d5540d.html


Twitter
hired a trio of firms
/ first outside lobbyists to work DC
spent $160K / first-half
http://www.odwyerpr.com/story/public/5332/2015-09-14/twitter-enters-dc-lobbying-fray.html


quantum encryption
quantum random number 
generator | Entropy Engine
/ 200 million random Nos.
http://www.santafenewmexican.com/news/health_and_science/science-on-the-hill-for-cybersecurity-in-quantum-encryption-we/article_2ce4c8bb-78fa-5dbc-826f-ffdd33501ae3.html

WEBINAR - cybersecurity
Former NSA Tech. Dir.
Jim Penrose
cyber ops expert
subtle traces compromise detection
http://www.bankinfosecurity.com/webinars/view-from-inside-intelligence-driven-approaches-to-cyber-detection-w-764

#Germany #cybersecurity
new IT Security Law
July 24, 2015
foresees admin fines
4-yr evaluation
*overview & links
http://www.natlawreview.com/article/what-you-need-to-know-about-germany-s-cybersecurity-law

#cybersecurity #hacker
9 FBI Warnings
/ risks posed by Internet of Things ('IoT')
x10 device examples
http://www.defenseone.com/threats/2015/09/fbi-department-homeland-security-warnings-internet-connected-everyday-objects/120905/

IronNet
fmr  NSA Director Keith Alexander
raised $7.5 million in equity
re IronNet #Cybersecurity
pt  $25-m Trident Capital financing

IronNet Cybersecurity
funds to go to:
*cybersecurity products
*building the company’s workforce
http://www.bizjournals.com/baltimore/blog/cyberbizblog/2015/09/keith-alexander-led-ironnet-cybersecurity-raises-7.html

#cybersecurity
digital tax fraud 
skyrocketed over last year
/ data breaches
PROPOSED bill re notices ID theft

almost half USA states
= reported spikes in electronic filing fraud
= Minnesota stopped accepting some electronic returns

http://thehill.com/policy/cybersecurity/253542-senate-committee-will-mark-up-digital-tax-fraud-bill


#cybersecurity
new chip developed by Xerox
= self-destruct on command
Gorilla Glass / shattering chip

Potential use:   storage device for encryption keys

https://www.siliconrepublic.com/enterprise/2015/09/14/self-destructing-chip-xerox

Korean-based SK Telecom
+ Greenville USA co.
to develop vehicle cybersecurity
/  Quantum Cryptography

... securely distributes a secret key to legitimate parties. Here, a key is a table of random numbers shared by legitimate users in such a way that the information is known only to them, and secure means secure against any possible eavesdropping, which is the highest level of security. The system is expected to enhance security of critical network infrastructure.

Currently, most systems, including the connected vehicle ecosystems, use software-based pseudo-random number generators for encryption, meaning that they can fall vulnerable to hackers who decrypt the sequence of digits. Once developed for commercial use, SK Telecom’s technology will eliminate such concerns for security as it generates true random numbers based on hardware.
http://gsabusiness.com/news/55654-greenville-center-korean-firm-to-develop-vehicle-cybersecurity

#cybersecurity
E-ZPass
vulnerable to hackers, ID thieves + govt spying
/ not using encryption
E‑ZPass
= electronic toll-collection system
=  tolled roads, bridges, & tunnels USA
http://www.whdh.com/story/30022568/report-e-zpass-vulnerable-to-hackers-identify-thieves

#SouthAfrica #law
proposed bill too broad
consequences beyond remit
/ state cyberwarfare
/ warrantless seizure

#SouthAfrica
/  penalties - to 25 years in prison
/  has until Nov 30 to submit comment on proposed bill.

http://www.zdnet.com/article/south-africa-gets-first-look-at-cybercrime-bill-that-comes-with-25-year-jail-terms/

#Tor
.onion domain
= formal recognition granted
security certificates available to site admins
http://www.cbronline.com/news/cybersecurity/business/regulators-give-tors-onion-domain-name-special-use-status-4669709

USA Dept Energy
DOE REPORT linked
US #Energy Tech
Exports
= cybersecurity risks - b/c rely on digital tech
http://www.theepochtimes.com/n3/1751096-global-energy-growth-could-disrupt-americas-grid-security-doe-report-says/

---------------------- ꕤ ----------------------
COMMENT

Bunch of random stuff I looked at.

It all seemed very exciting ... at the time.  Now, I'm not so sure.  lol

The onion domain news and the self-destructing chip is exciting, I guess.

I'm no techie, so the 'internet of things' doesn't bother me.  I like everything manual, if I can help it.  lol

Twitter hiring Washington lobbyists is kind of exciting.  Wonder why?

The US military proposed overhaul of ground satellite communications (if I understand correctly), is pretty cool.

Surprise that it has taken them until 2015 to come up with those ideas, when they're in the business and should know what they're doing when it comes to multiple contracts and software applications etc.

It doesn't sound too efficient at the DOD.

Digital tax fraud sounds boring.  I don't even know what the point of it is.  lol  People pretend to be someone else ... but then what?

Oh, the best news it the Ninth Circuit Court ruling regarding copyright!

Take that, Universal Music a#@!@#s!


August 04, 2015

HORNET Onion Routing - Tor Rival?




http://searchsecurity.techtarget.com/news/4500250948/Tor-anonymity-called-into-question-as-alternative-browser-surfaces

HORNET -- a Tor alternative?

In other Tor news, researchers from the Swiss Federal Institute of Technology and University College London introduced an alternative onion network dubbed HORNET. Short for high-speed onion routing at the network layer, it offers the same promise of anonymous browsing but with better scaling, stronger privacy and higher speed -- researchers claimed it can process anonymous traffic at over 93 Gbps. Researchers also said each HORNET node can process anonymous traffic for "a practically unlimited number of sources."

Like Tor, HORNET uses a group of relay nodes to mix and encrypt traffic -- and hide users' locations and IP addresses -- in layers to ensure anonymity. However, researchers say it is not plagued with the decreased speed that Tor and other anonymity networks regularly experience.

The low-latency onion routing system "uses only symmetric cryptography for data forwarding yet requires no per-flow state on intermediate nodes," researchers wrote.

"Unlike other onion routing implementations, HORNET routers do not keep overflow state or perform computationally expensive operations for data forwarding, allowing the system to scale as new clients are added.

"It is designed to be highly efficient; instead of keeping state at each relay, connection state (such as onion layer decryption keys) is carried within packet headers, allowing intermediate nodes to quickly forward traffic for large numbers of clients."

Because the system does not store per-session states, it also providers "stronger security guarantees" than other onion network options.

The researchers also claimed it is less vulnerable to identity-revealing attacks such as session linkage and packet correlation. However, it is not completely immune to attack; confirmation attacks leveraging flow analysis, timing analysis and packet tagging can potentially be successfully executed to determine identity. "However," researchers wrote, "HORNET raises the bar of deploying such attacks for secretive mass surveillance: the adversary must be capable of controlling a significant percentage of ISPs often residing in multiple geopolitical boundaries, not to mention keeping such massive activity confidential."

Users should not jump on the bandwagon yet, however; HORNET has not yet been peer-reviewed.

http://searchsecurity.techtarget.com/news/4500250948/Tor-anonymity-called-into-question-as-alternative-browser-surfaces


MORE


Tor Browser Challenger:
HORNET stands for High-speed Onion Routing at the NETwork layer
http://cointelegraph.com/news/115001/hornet-high-speed-protocol-for-a-fully-encrypted-anonymous-internet


Researchers claim they’ve developed a better, faster Tor

HORNET, a high-speed onion routing network, could be deployed on routers as part of the Internet.

http://arstechnica.com/information-technology/2015/07/researchers-claim-theyve-developed-a-better-faster-tor/

---------------------
COMMENT


Potential vulnerability points mean nothing to me.

I just think it's cool something new is out.

Wonder who gets to review Hornet and if there's any built-in backdoors? LOL


Tor anonymity network - here.


July 31, 2015

Tor Vulnerability - Traffic Analysis Identifies Guard Servers



Vulnerability could make Tor, the anonymous network, less anonymous

    by  Barb Darrow
    @gigabarb
July 29, 2015, 5:27 PM EDT

The bad news; MIT and QCRI researchers found a vulnerability in the Tor network. The good news: they also found a fix.
The Tor network—used by activists, journalists, law enforcement, and yes, criminals—is famous for cloaking web surfers’ identities and locations. And, apparently, it contains a vulnerability that poses a risk to all that protective anonymity, according to researchers at MIT and the Qatar Computing Research Institute (QCRI).
The good (or bad) news—depending on how you view Tor— is they say they’ve also come up with a fix to the problem that they will demonstrate at the Usenix Security Symposium next month, according to an MIT News story “Shoring up Tor.”
An estimated 2.5 million people—including journalists, political activists, terrorists or just consumers who don’t want to share their browsing histories with Facebook or other commercial entities—use Tor daily. And that is why the network is of keen interest not only to “repressive” regimes like Russia and Iran but to governments a lot closer to home, including our own. Not to put too fine a point on this, but one person’s activist could be another person’s terrorist, but I digress.
DigitalTrends has a good description of the Tor basics:
    Tor works by anonymizing the transport of your data. Like an onion, Tor encrypts the data you send through the web in multiple layers. Your data is then “relayed” through other computers. Each relay sheds one layer then finally arrives at the source in full form. The software bounces users around a network of open connections run by volunteers all over the globe. This prevents people from spying on your Internet connection and discovering sites you visit. Tor scrambles information that could pinpoint your exact physical location.
By using a Tor-configured browser, the user enters her request, and it is automatically swaddled in those encryption layers and is sent it to the next, randomly chosen machine that runs Tor. This machine, called “the guard,” peels off the first encryption layer and forwards the still-masked request on until it finally reaches a randomly chosen “exit” machine that strips off the final layer encryption to reveal the destination.
Only the guard machine knows the sender and only the exit machine knows the requested site; no single computer knows both.
The network also offers “hidden services” that enable an activist to aggregate sensitive news reports and make them available to select users, but not the world at large. That is, the archive is not searchable or available on the public Internet.
The creation of those collection points, which involves the building of what Tor calls a “circuit” of machines, offered the researchers a way to snoop on Tor. By connecting a ton of their own machines to the network and then analyzing traffic, they were able to identify likely guard machines.
From the MIT report:
    The researchers showed that simply by looking for patterns in the number of packets passing in each direction through a guard, machine-learning algorithms could, with 99 percent accuracy, determine whether the circuit was an ordinary Web-browsing circuit, an introduction-point circuit, or a rendezvous-point circuit. Breaking Tor’s encryption wasn’t necessary.
    Furthermore, by using a Tor-enabled computer to connect to a range of different hidden services, they showed that a similar analysis of traffic patterns could identify those services with 88 percent accuracy. That means that an adversary who lucked into the position of guard for a computer hosting a hidden service, could, with 88 percent certainty, identify it as the service’s host.
The researchers, including Albert Kwon, an MIT graduate student in electrical engineering and computer science, and Mashael AlSabah, assistant professor of computer science at Qatar University, and a QCRI researcher, said the fix lies in obscuring data traffic patterns to and from the guard machines in a way that renders such “traffic fingerprinting” ineffective.
If the network sends around enough dummy packets so that all the data sequences look the same to prying eyes, problem solved, and anonymity remains safe.
SOURCE
http://fusion.net/story/175068/sorry-the-way-you-type-is-exposing-your-identity-online-even-if-youre-browsing-anonymously/
---------------------
COMMENT

Tor anonymity browser:
  • search/request via Tor browser, wrapped in encryption layers
  • first server = random 'guard' server (knows where request came from)
  • next server = does not know location of request or request
  • final server = random 'exit' server knows the request
  • no single server knows both location & search/request
  • runs data via network of open connections / servers run by volunteers all over globe 
So:
  • scrambles info that could pinpoint your physical location
  • anonymises the transport of your data
  • encrypts the data you send (& relays through the web in multiple layers)
  • each relay sheds one layer
  • relay finally arrives at source in full form
Thought this was interesting. 
Imagine the Tor people are adapting to the fake packet fix, whatever that is.  
My reference to 'server' should probably read 'node' in the Tor network, I would think. 

------- ------- -------
Data transferred by computer is sent via 'packets'.  Due to size constraints, data sent out is broken up and reassembled at the destination.
TCP / IP
  • TCP/IP protocols guide how data is sent
  • TCP = Transmission Control Protocol (reliability of data / checks data for errors & resends if required)
  •  IP = Internet Protocol (more direct 'step closer' transmission of data)
TCP/IP = two separate protocol - used together
Most common TCP/IP protocols:

  • HTTP  - b/w client (ie browser) & server / non-secure data transmissions
  • HTTPS - b/w client & server / SECURE data transmissions - eg. credit card transaction data or other private data
  •   FTP - b/w two or more computers:  one computer sends data to (or receives data from) another computer DIRECTLY.
  • web client =  browser
  • web server = receives client/browser requests & relays data back to web client/browser
These are just notes for my benefit.  Hoping I have the info. straight.  LOL
  

---------------------
MORE

MIT researchers figure out how to break Tor anonymity without cracking encryption
http://www.extremetech.com/extreme/211169-mit-researchers-figure-out-how-to-break-tor-anonymity-without-cracking-encryption

Researchers mount successful attacks against Tor network—and show how to prevent them
http://phys.org/news/2015-07-mount-successful-tor-networkand.html



April 01, 2015

Don't Get Angry: Encrypt








AUSTRALIAN DIGITAL RAPE BY BRADIS & CO

REMEDY

Gnu Privacy Guard 

(GnuPG aka GPG)

 Encryption   https://www.gnupg.org/ 
http://en.wikipedia.org/wiki/GNU_Privacy_Guard
Werner Koch caught my eye the other day, so I thought GnuPG (aka GPG) might be potential go-to encryption software.
German, Werner Koch has authored this software based on open source GNU operating system software (by an MIT guy, Richard Stallman).  Being open source software is supposed to be a positive because it allows outsiders to spot vulnerabilities in code (I think).

Werner Koch previously received grants from the German government (but they expired some time ago).  Koch is still kicking on, single-handedly patching the GnuPG program, but short on funding.

TOR

Anonymising  https://www.torproject.org/
Tor - Explained
 ..........................................................................

Tor originated with the US Navy and has received US govt funding.  
Gee, even as I'm keying this in, Russian software is looking more and more appealing because I'm wondering if there's German backdoors in the encryption software and anticipating some NSA trick when it comes to the Tor anonymising software (see Silk Road FBI busts).

I don't know enough to assess the merits of GnuPG or Tor (and wouldn't have a clue where to find Russian software), so this is pretty much it for the options (I think) ... except that you can use PGP (Pretty Good Privacy) instead of the GnuPG.
Nope.  It looks like Philip Zimmerman has sold up, so GnuPG it is ... unless you're prepared to trust a US company:  Symantec.
........................................................................... 

Photo: Alex Ellinghausen
COPYRIGHT DISCLAIMER
Copyright Disclaimer under section 107 of the Copyright Act 1976, allowance is made for “fair use” for purposes such as criticism, comment, news reporting, teaching, scholarship, education and research.
Regarding the SMH article, 'rape by Bradis & Co' is my take rather than SMH's ... just so there's no confusion.  ;)

That's pretty much what it is when everybody has been placed under state surveillance.

State surveillance without cause or consent is an abuse of power.  To be the subject of such an abuse of power is to live in a prison state.
The snail-mail version of this would have been going on back in the 50s and 60s, when the Australian govt was in full surveillance and political suppression and sabotage mode, to blot out the 'evil' of communism.
But it isn't Russians and communists looking evil now; it's the totalitarian West.
Instead of getting angry but then just accepting the inevitable prison population living conditions:
a) use technology to secure privacy; &

b) vote for non-mainstream politicians, rather than the corporate and US lackeys who have spent years spying on their own citizens (and nations abroad).
Did a bit of a summary on encryption basics the other day ... but I think I've forgotten it already, so I'm going to have to start all over. 
Intend to keep at it until I get some kind of feel and overview for privacy tech basics, from a consumer perspective.  Only I'm rather lazy ...

The above links are just a starter and I don't really know what I'm on about, so it's best to do your own research.

Discovered that free Russian e-mail services bypass the intrusions of freebie Western e-mail services.  English log-in is available.

VIDEO




January 06, 2015

Online Privacy






Privacy Shielding against Mass Surveillance
 



..............................................................................



The above article describes various means of avoiding online surveillance, for anyone that's interested.  

Looks uncomplicated & worth checking out.




September 20, 2014

Hacker, Cybersecurity, Internet, Surveillance, Cryptography

CYBER-SECURITY




#Hacker - TOR users become FBI's No.1 hacking target after legal power grab - goo.gl/uaE0ac - Rule 41. Fed Rules Crim Procedure

FBI snitch Hector Xavier “Sabu” Monsegur >> cyber-attacks against foreign governments while under FBI control goo.gl/uaE0ac

----------------------------------------

Follow this Twitter if interested in cryptography twitter.com/matthew_d_green >> computers & cryptography @ Johns Hopkins University - #hacker

#USA #Surveillance #cybersecurity - proposed Fed Rule 41 Crim Procedures - info - goo.gl/tiXgQ7 >>> FBI overseas hacking

>> Note: "Board of Editors include individuals with significant government experience ..." >> How independent is info?

#Hacker #surveillance - QUANTUM networks spread goo.gl/U41C95 - QKD - photons in partic. quantum states 2 gen. secure crypto key

#hacker / standard cryptography relies on hard mathematical probs > can theoretically be cracked given enough computing power. /newscientist

Battelle n-f-p science r/sch / plans 2 use use existing fibre-optic network 2 test larger quantum network to link Ohio to WA / newscientist

#China wide-area QKD network experiment done / QKD b/w Beijing & Shanghai is due completion by 2016

Perform/ decrease w/ dist. b/w nodes /req. trusted node b/w 2 parties 2 establish link w/ each of them /+ need quant/ repeater

#IT #Cryptography - Research shows that it is possible to hack QKD systems (due to flaws in hardware)!! - 2 address prob. / newscientist

#Cryptography - QKD can't hide that you are talking to someone - but can 2 send a SMALL amt data w/out notice IF disguise MSG inherent noise



----------------------------------------  
COMMENT


The 'cryptography' isn't strictly cryptography; I think it is something to do with quantum engineering instead.

Interesting stuff.  

The New Scientist article (link above) is very well written because it's so easy to read.  

Check this stuff out, it's really cool.







Julian Assange - Political Prisoner on Google / Assange Media Distortion


ASSANGE



GOOGLE & NSA
Spying and storing: Assange says 'Google works like NSA' >>on.rt.com/k0icvc >>> #FreeAssangeNow >> 'a privatized version of the NSA'

/Google defense industrial base since 2009 /engaged w/ Prism system /info collected by Google available to NSA!! #surveillance

POLITICAL PRISONER

#UK over £3 MILLION surveillance outside Ecuador embassy - POLITICAL PRISONER - #FreeAssangeNow [src BBC video] - #ukPolitics #auspol
#UK tax payer money WASTED govwaste.co.uk - US POLITICAL PRISONER - £7,398,105.00+ !! - #DavidCameron #ukPolitics #FreeAssangeNow
#UK passed modifications to ban extradition without charge / Yet #Assange held WITHOUT CHARGE! -- POLITICAL PRISONER -- #ukPolitics

MEDIA DISTORTION -  BBC
@BBCNews

This article is NOT correct: http://www.bbc.com/news/uk-29258834
Assange did NOT seek Ecuador embassy refuge 'to avoid extradition to Sweden to face questioning over alleged sexual offences.'
#Assange sought & was granted POLITICAL ASYLUM by Ecuador, on the basis of #USA pursuit of #Assange over #WikiLeaks publications.
Assange has been held WITHOUT CHARGE for 4 years by #UK.
Assange remains a political prisoner at a high cost to #UK. #FreeAssangeNow
#UKpolitics #Auspol #NZpol #svpol

----------------------------------------

COMMENT

The above is self-explanatory:  Assange is a political prisoner. 
Check out what they're spending to deny him the political asylum he's been granted.  That's confirmation for you.

Took exception to the BBC article because it seems to convey that he's done some dodgy number to avoid being questioned. 
That isn't the case at all and the public should be made aware that Assange has been granted POLITICAL ASYLUM by Ecuador.

The Google stuff, I don't know what to make of.  

Unless you use anonymity services like Tor and inhabit the 'deep web' (or whatever it is), is there an alternative to Google?


Wikipedia on Tor - here.



September 05, 2014

Holes in NATO’s Cyber Defense Pledge



The Holes in NATO’s Cyber Defense Pledge


by William A. Blunden / September 4th, 2014

NATO members are currently meeting in Wales to consider a joint defense agreement which stipulates that a cyberattack on one member would represent an attack on all of them.1 Though the concept of international teamwork may seem appealing at the outset there are at least a couple of issues that officials are [intentionally] neglecting.

High-End Anti-Forensics

For instance, how can countries mobilize to fend off a cyberattack when they can’t even tell who launched it? Deception is an age-old instrument of spy tradecraft and the Pentagon has been actively working on developing Internet stealth technology for decades.
[ ...]
Folks, it’s anarchy. Until we mobilize and get our political leaders to outlaw covert ops the government and corporate spies show no sign of letting up. In all probability, as things progress the whole clandestine scene is just going to get worse. This past April Obama openly bragged to China’s leadership that the U.S would be devoting $26 billion to the Pentagon’s cyber trough and expanding the U.S. force to 6,000 so-called “cyberwarriors”.15 Guess where all of that funding goes to?
The moral of the story is this: when high-level Pentagon types and think tank pundits start yammering about cyberattacks from Russia or China keep in mind that our security services are neck deep in deception ops directed against their alleged allies. History shows that the American Deep State is constantly in search of new enemies, even if it has to fabricate them,16 and our corporate rulers have no scruples about launching attacks that kill untold thousands of innocent people so that they can boost quarterly profits.

[... EXTRACT - FULL @ SOURCE ]

http://dissidentvoice.org/2014/09/the-holes-in-natos-cyber-defense-pledge/



This article is a wealth of information.  Everyone gets a mention:

Tor, Ntrepid, WikiLeaks, TAO, GCHQ

Check it out.



August 07, 2014

USA - NATIONAL SECURITY AGENCY - Leaker #2

http://goo.gl/l9SCsG


Another NSA leaker.

Snowden was first. This is Leaker #2.

#2 Leaker is allegedly passing information to journalists.

Bloomberg View (link above) reports:
The blogger Cory Doctorow was the first to suggest there's a second NSA leaker. Last month, one of his sources told him that a story on the German site Tagesschau was not based on documents from Snowden's trove. The article dealt with the NSA's spying on the anonymous Tor network, the backbone of the "Dark Web" that intrigues the intelligence services of many countries.  

Hey, Tor gets a mention.

Was going to use Tor the other day when I couldn't access Twitter for some reason ... but I couldn't even get Tor up.  Kinda odd.  Is Tor blacklisted these days?


Anyway, this is a bit of interesting news on the NSA front.  I've not followed the links but anyone who wants more info can.