“The Patriot Act provides for secret warrants to spy on ISPs' customers. These "Section 215" warrants come with gag orders that mean that the company can't disclose their existence. This lack of transparency is ripe for abuse and is bad for ISPs' business. Apple is fighting back with a "warrant canary": they've published a transparency report (PDF) that states "Apple has never received an order under Section 215 of the USA Patriot Act. We would expect to challenge an order if served on us." If they are served with a 215 order in future, their next transparency report will drop this language, omitting any mention of 215, and keen-eyed watchers will know that they've been subjected to a secret order.” • #прозрачное_общество - #крипта - × × ×
This approach was adopted by many other companies, but all of them are *way* smaller than Apple. - 9000
“Our Mission — To bring the world our unique end-to-end encrypted protocol and architecture that is the 'next-generation' of private and secure email. As founding partners of The Dark Mail Alliance, both Silent Circle and Lavabit will work to bring other members into the alliance, assist them in implementing the new protocol and jointly work to proliferate the worlds first end-to-end encrypted 'Email 3.0' throughout the world's email providers. Our goal is to open source the protocol and architecture and help others implement this new technology to address privacy concerns against surveillance and back door threats of any kind.” • #электропочта - #крипта - × × ×
"With immediate effect as of this notice, CryptoSeal Privacy, our consumer VPN service, is terminated. All cryptographic keys used in the operation of the service have been zerofilled, and while no logs were produced (by design) during operation of the service, all records created incidental to the operation of the service have been deleted to the best of our ability." • #крипта - × × ×
“To our affected users: we are sincerely sorry for any inconvenience. For any users with positive account balances at the time of this action, we will provide 1 year subscriptions to a non-US VPN service of mutual selection, as well as a refund of your service balance, and free service for 1 year if/when we relaunch a consumer privacy VPN service. Thank you for your support, and we hope this will ease the inconvenience of our service terminating.” - × × ×
Вот чего: “For anyone operating a VPN, mail, or other communications provider in the US, we believe it would be prudent to evaluate whether a pen register order could be used to compel you to divulge SSL keys protecting message contents, and if so, to take appropriate action.” - × × ×
(like здесь — не лайк, а закладка obviousely) - earlyadopter
"[В] соответствии с указом Минкомсвязи с 1 июля 2014 года все интернет-провайдеры страны будут обязаны установить на свои сети оборудование для записи и хранения информации об интернет-трафике. Записи будут содержать, в частности, такие данные, как телефонные номера, IP-адреса, имена учетных записей и адреса электронной почты пользователей социальных сетей. Сведения должны храниться не менее 12 часов и будут передаваться спецслужбам." • #крипта - × × ×
«Активисты «арабской весны» договаривались о встречах и координировали свои действия через мобильные Facebook и Twitter. Участники волнений в Англии в августе 2011 года использовали для связи BlackBerry Messenger. Демонстранты из «Захвати Уолл-стрит» пишут собственные программы для обмена информацией. «Лента.ру» предлагает обзор мобильных приложений, участвовавших в уличных акциях протеста.» • #крипта - × × ×
"In late 2011 Hezbollah rolled up a CIA spy ring in Lebanon. This provides an interesting lesson in CIA tradecraft and real world counterintelligence. Close examination of the techniques used to track down the agents will reveal some serious problems with many systems designed to provide security for anti-government groups. ¶ This post is partially in a response to Matt Green’s post about encryption apps. The secrecy provided by encryption applications, primarily privacy of communication content, is not sufficient to protect against even minimal monitoring. Any anti-government activity in a modern environment, e.g. one involving mobile phones and the internet, needs to include anonymity first and foremost." • #radical_transparency - #крипта - × × ×
“Occupy.here began two years ago as an experiment for the encampment at Zuccotti Park. It was a wifi router hacked to run OpenWrt Linux (an operating system mostly used for computer networking) and a small "captive portal" website. When users joined the wifi network and attempted to load any URL, they were redirected to http://occupy.here. The web software offered up a simple BBS-style message board providing its users with a space to share messages and files.” • #крипта - × × ×
“Since then Occupy.here has become my zen garden, a tiny self-contained internet I've been developing slowly and methodically.” - × × ×
“In this second, decentralized phase, I've seen a modest volume of use by internet standards, perhaps a handful of posts per week. There are patterns in how it gets used according to where the router is situated. The Zuccotti Park router was a popular venue for middle-aged men to upload selfies. Another one, hidden in the lobby of the Museum of Modern Art (installed without permission), mostly receives multi-lingual variations on "hello world" or "why doesn't the wifi work?" A handful of users have written more substantially, but it amounts to a message in a bottle, floating in the 2.4 Ghz spectrum.” - × × ×
Судя по фотке, в этой прошивке нужно два wifi интерфейса. Недавно как раз почитал проект радиолюбительского меша (http://hsmm-mesh.org/) состоящего из стандартных рутеров. Радиолюбительский он потому, что каналы 1-6 wifi находятся внутри разрешенной радиолюбителям полосы частот, а радиолюбители могут излучать в десятки раз большей мощностью, чем потребительские рутеры. Это драматически увеличивает покрытие меша при том же количестве нод. - Что-то равно чему-то.
Edward Snowden's E-Mail Provider Defied FBI Demands to Turn Over Crypto Keys, Documents Show | Threat Level | Wired.com - http://www.wired.com/threatl...
“In an interesting work-around, Levison complied the next day by turning over the private SSL keys as an 11 page printout in 4-point type. The government, not unreasonably, called the printout “illegible.” ¶ “To make use of these keys, the FBI would have to manually input all 2,560 characters, and one incorrect keystroke in this laborious process would render the FBI collection system incapable of collecting decrypted data,” prosecutors wrote. ¶ The court ordered Levison to provide a more useful electronic copy. By August 5, Lavabit was still resisting the order, and the judge ordered that Levison would be fined $5,000 a day beginning August 6 until he handed over electronic copies of the keys.” • #крипта - × × ×
"Mr. O’Connor, 27, bought some plastic boxes and stuffed them with a $25, credit-card size Raspberry Pi Model A computer and a few over-the-counter sensors, including Wi-Fi adapters. He connected each of those boxes to a command and control system, and he built a data visualization system to monitor what the sensors picked up: all the wireless traffic emitted by every nearby wireless device, including smartphones." • #крипта - × × ×
“It eliminates the idea of ‘blending into a crowd,’” is how he put it. “If you have a wireless device (phone, iPad, etc.), even if you’re not connected to a network, CreepyDOL will see you, track your movements, and report home.” ¶
Can individual consumers guard against such a prospect? Not really, he concluded. Applications leak more information than they should. And those who care about security and use things like VPN have to connect to their tunneling software after connecting to a Wi-Fi hub, meaning that at least for a few seconds, their Web traffic is known to anyone who cares to know, and VPN does nothing to mask your device identifier.” - × × ×
люди открывают для себя увлекательный мир электромагнитных излучений - Michael Bravo
"Yeongjin Jang, a PhD student at Georgia Institute of Technology, took on the task of explaining the details. It turns out that any device you connect with an iOS via the USB port can obtain your device's Universal Device ID (UDID), as long as the device isn't passcode-locked. It just takes a second, so if you plug in your device while it's unlocked, or unlock it while plugged in, or just don't have a passcode, Mactans can attack. ¶ Using the UDID, it effectively claims your device as a test device using the team's Apple developer ID. "The iOS device must pair with any USB host that claims it," said Jang. "Any USB host that initiates contact, they cannot reject it. It doesn't ask the user's permission and gives no visual indication. The only way to prevent a Mactans attack is to lock your device before charging it and keep it locked for the entire time." Once accomplished, the pairing is permanent." • #крипта - × × ×
“What we did was out in the open. It was against a live vehicle, a vessel—an $80 million superyacht, controlling it with a $2,000 box,” he told Ars. “This is unprecedented. This has never been shown in this kind of demonstration. That’s what's so sinister about the attack that we did. There were no alarms on the bridge. The GPS receiver showed a strong signal the whole time. You just need to have approximate line of sight visibility. Let’s say you had an unmanned drone. You could do it from 20 to 30 kilometers away, or on the ocean you could do two to three kilometers.” • #крипта - × × ×
"Some of the government orders demand not only a user's password but also the encryption algorithm and the so-called salt, according to a person familiar with the requests. A salt is a random string of letters or numbers used to make it more difficult to reverse the encryption process and determine the original password. Other orders demand the secret question codes often associated with user accounts." • #крипта - × × ×
Как писали недавно на HN, "I consider my Gmail public communication". - 9000
Соль, между прочим, не является секретом, она просто делает бесполезными радужные таблицы. А вообще, украли бы всю базу с хэшами и солью, как все ребята. - eugenio
^ И не украли, а прямо списали бы, предъявив national security letter или что там. - 9000