- cypherpunks - lists.cpunks.org

[RUS] [WAR] [Illegal Comedy Banned on Cypherpunks] How Russia hacked the British election
by Zenaan Harkness 09 Jun '17

09 Jun '17

I know, I know, comedy is verboten for all cypherpunks threads, especially sarcasm and satire - so consider this a trigger warning to those who are, for want of a better word, triggered by the personal confront arising within their personal space when reading a line of text that doesn't quite match original expectations for the said forum, thereby oppressing the minority's said personal space in a politically very incorrect way which requires a lot of expensive pharmaceuticals to calm and much even more expensive psychowhatsicomedical treatment thereafter, to even begin to recreate that personal fluffy cotton soft bubble of safe space. With a cookie. And a glass of milk. And mummy to tuck in the sheety sheets. And no more lulz for those nasty, nasty comediciassassins! So. You've been reading no further, of course, since lame humour is not your thing, you must have stopped right there, a few lines above. Glad you're not still reading. And for all those who like their comedy served Vodkaski (even if a bit lame)... ** How Russia hacked the British election http://russiafeed.com/how-russia-hacked-the-british-election/ ------------------------------------------------------------ Last month, acting Russian Envoy to the United Nations Vladimir Safronkov slammed Britain’s Ambassador to the UN for lying about the realities in Syria, insulting Russia and deviously scheming to create deadlock between the US and Russia after the election of well known Putin agent Donald Trump of the Autonomous Oblast of Manhattan. Today, Russia extracted […]

1 0

Demons: Intel ME/AMT/FSP , AMD PSP/IMC/SMU/AGESA , Firmware/Microcode/BIOS, HDD/SSD/USB
by grarpamp 09 Jun '17

09 Jun '17

In Short... You're Fucked, Intentionally, By Design, By Demons... https://events.ccc.de/congress/2014/Fahrplan/system/attachments/2503/origin… https://github.com/corna/me_cleaner/wiki/How-does-it-work%3F https://01.org/linuxgraphics/downloads/firmware https://coreboot.org/ http://librecore.info/ https://libreboot.org/faq.html Why is the latest Intel hardware unsupported in libreboot? It is unlikely that any post-2008 Intel hardware will ever be supported in libreboot, due to severe security and freedom issues; so severe, that the libreboot project recommends avoiding all modern Intel hardware. If you have an Intel based system affected by the problems described below, then you should get rid of it as soon as possible. The main issues are as follows... Why is the latest AMD hardware unsupported in libreboot? It is extremely unlikely that any post-2013 AMD hardware will ever be supported in libreboot, due to severe security and freedom issues; so severe, that the libreboot project recommends avoiding all modern AMD hardware. If you have an AMD based system affected by the problems described below, then you should get rid of it as soon as possible. The main issues are as follows... HDDs and SSDs are quite complex, and these days contain quite complex hardware which is even capable of running an entire operating system (by this, we mean that the drive itself is capable of running its own embedded OS), even GNU+Linux or BusyBox/Linux. SSDs and HDDs are a special case, since they are persistent storage devices as well as computers. Example attack that malicious firmware could do: substitute your SSH keys, allowing unauthorized remote access by an unknown adversary. Or maybe substitute your GPG keys. SATA drives can also have DMA (through the controller), which means that they could read from system memory; the drive can have its own hidden storage, theoretically, where it could read your LUKS keys and store them unencrypted for future retrieval by an adversary. Billions of undocumented transistors... Summary: Given the current state of Intel hardware with the Management Engine, it is our opinion that all performant x86 hardware newer than the AMD Family 15h CPUs (on AMD’s side) or anything post-2009 on Intel’s side is defective by design and cannot safely be used to store, transmit, or process sensitive data. Sensitive data is any data in which a data breach would cause significant economic harm to the entity which created or was responsible for storing said data, so this would include banks, credit card companies, or retailers (customer account records), in addition to the “usual” engineering and software development firms. This also affects whistleblowers, or anyone who needs actual privacy and security. Unless you do something about it...... https://libreboot.org/amd-libre.html We call on AMD to release source code and specs for Ryzen platform Recently in the Libreboot project, we’ve been informed about the new Ryzen platforms being released and sold by AMD. They are currently taking input from the community. Here are ways you can contact AMD to tell them that you demand libre hardware: https://www.reddit.com/r/Amd/comments/5x4hxu/we_are_amd_creators_of_athlon_… https://twitter.com/amd?lang=en https://www.facebook.com/AMD/ https://community.amd.com/places?filterID=all%7Eobjecttype%7Espace https://www.amd.com/en-us/who-we-are/contact (has contact links for multiple countries) AMD’s CEO, Lisa Su, can be contacted directly via email. Tell her that you demand libre hardware: lisa.su(a)amd.com Libreboot aims to provide fully free software initialization firmware on Intel, AMD, ARM, POWER and RISC-V platforms, and already does so on some older platforms. As documented in the Libreboot FAQ section, AMD is currently uncooperative in the libre software movement. Specifically, it releases non-free binary-only firmware for its platforms, along with tyrant technologies like the AMD Platform Security Processor. We in the Libreboot project call on AMD to release source code and start cooperating with our upstream, coreboot (and librecore) for its new Ryzen platform and existing Zen platforms. This includes source code for all initialization firmware (typically referred to as the BIOS or UEFI firmware, by some members of the community), and in particular, the AMD Platform Security Processor, to allow the free/libre software community to use AMD hardware that is entirely freedom-respecting. If it’s not too much to ask, we also would like source code and signing keys, including for the PSP and microcode for the CPU. We would also like to have board design guides, datasheets and footprints for CPUs/southbridges and so on. We especially need the signing keys to be released, for those components which are signed (PSP, CPU microcode, SMU, etc). This will make utilising any released source code possible (at present, some components will not run unless the firmware is signed by a certain signature, usually under lock and key by the hardware manufacturer). We in the community need freedom-respecting hardware! We call on AMD to work with us in the Libreboot, Coreboot and Librecore projects on bringing about a world where computing technology is no longer under lock and key from the manufacturer, and instead in the control and ownership of users. This has several benefits for AMD. There is currently a huge demand in the market for libre hardware. At present, the only companies providing it are ones like libreboot suppliers where systems are sold with entirely free software, including the boot firmware and operating system, without any signed firmware for which no keys are available to the public. The problem? These companies are selling much older systems that are made libre mostly through reverse engineering. At present, the systems sold by such companies are using older hardware designs from 5-10 years ago, which means that most people who wish to use all libre software cannot do so, due to practicality concerns. There are some people who will use these older systems, but that is not without a huge sacrifice to their convenience since they end up using older, obsolete hardware and certain tasks (especially serious software development) becomes impractical for a lot of people. AMD has the power to reverse this trend, and there is a potential for a great amount of profit to be made. The free/libre and open source software communities would jump head over heels to support such a move. In other words, AMD can make money from investing in the libre software community. There is even a precedent already set. AMD previously did release source code for all of their newer platforms, to the coreboot project, but then they stopped. We’re calling for this to resume, and to expand further than before. Here are some examples of popular campaigns, some of which were successful: https://www.crowdsupply.com/sutajio-kosagi/novena https://www.crowdsupply.com/eoma68/micro-desktop https://www.crowdsupply.com/raptor-computing-systems/talos-secure-workstati… In all of these cases, the campaigns were popular and this was despite the hardware either being low-end and unsuitable for most people, or too expensive for most people to afford. Then look at the popularity of the Libreboot project. Just imagine what would happen if AMD started to produce cheap, affordable libre hardware, to the point where Libreboot could start supporting newer systems from AMD. The possibilities are endless! People would jump towards AMD and AMD’s sales would go through the roof, while we in the libre hardware community would finally have systems from a manufacturer that cares for our freedoms to use our computers without proprietary software. Even low-end hardware like the BeagleBone or Raspberry Pi (which can be liberated) shows that libre technology is profitable, and desired by the community. Then look at the Google Chromebooks. These devices come with coreboot preinstalled by default! There are even some ARM chromebooks that we support in Libreboot, which are still produced and sold brand new by resellers (e.g. Amazon, Newegg, etc). These devices are sold in the millions! This just shows that it’s not only possible, but profitable, for AMD to start releasing systems which respect the freedom of users. It’s not just commercial benefits that are made possible. There are all kinds of possibilities for scientific research if systems are libre at the hardware/firmware level. For instance, at present, universities do not teach BIOS / boot firmware development in their computer science courses, because this technology is currently restricted by manufacturers and available only to a privileged few. AMD has the power to do the right thing. We in Libreboot call on AMD to work with us in building a world where users of technology can use their computers without relying on any proprietary software. We want - need - a world of highly secure, libre, owner-controlled hardware, from companies that care about software freedom. We in the Libreboot project are available to contact, using the details on the homepage. We look forward to working with AMD :)

1 1

Is OpenSource / Crypto Murderable? By who? Why? For how much?
by grarpamp 09 Jun '17

09 Jun '17

https://www.youtube.com/results?search_query=invention+suppression https://ask.slashdot.org/story/17/06/09/0025250/ask-slashdot-what-is-your-v… https://en.wikipedia.org/wiki/Jan_Sloot https://www.youtube.com/watch?v=jLp5gS9h9UI https://www.reddit.com/r/SiliconValleyHBO/comments/3gdxin/sloot_digital_cod… http://www.piedpiper.com/ http://jansloot.telcomsoft.nl/Sources-1/More/CaptainCosmos/Not_Compression.… https://www.youtube.com/results?search_query=secret+patents A Dutch electronics engineer named Jan Sloot spent 20 years of his life trying to compress broadcast quality video down to kilobytes -- not megabytes or gigabytes (the link in this story contains an 11 minute mini-documentary on Sloot). His CODEC, finalized in the late 1990s, consisted of a massive 370Mb decoder engine that likely contained some kind of clever system for procedurally generating just about any video frame or audio sample desired -- fractals or other generative approaches may have been used by Sloot. The "instruction files" that told this decoder what kind of video frames, video motion and audio samples to generate were supposedly only kilobytes in size -- kind of like small MIDI files being able to generate hugely complex orchestral scores when they instruct a DAW software what to play. Jan Sloot died of a heart attack two days before he was due to sign a technology licensing deal with a major electronics company. The Sloot Video Compression system source code went missing after his death and was never recovered, prompting some to speculate that ***Jan Sloot was killed because his ultra-efficient video compression and transmission scheme threatened everyone profiting*** from storing, distributing and transmitting large amounts of digital video data. I found out about Sloot Compression only after watching some internet videos on "invention suppression." So the question is: is it technically possible that Sloot Compression, with its huge decoder file and tiny instruction files, actually worked? According to Reddit user PinGUY, the Sloot Digital Coding System may have been the inspiration for Pied Piper, a fictional data compression algorithm from HBO's Silicon Valley. Here's some more information about the Sloot Digital Coding System for those who are interested.

1 0

Re: bitcoin incorporated
by juan 09 Jun '17

09 Jun '17

more commentary http://falkvinge.net/2017/05/01/blockstream-patents-segwit-makes-pieces-fal…

2 1

Gotlander newspapers: woman declaring "we have not voted for criminals who attack our women sexually" is "fascist" "Nazi"
by Zenaan Harkness 09 Jun '17

09 Jun '17

Politics, propaganda, sleezy media, German guilt complex, and the need for people to exercise their right to have a say in every part of every law they are called upon to obey, is all highlighted in this grotesque example of the shameless main stream media in today's Germany: Swedes Wrangle Over Gang Rape Against Wheelchair-Bound Woman https://sputniknews.com/art_living/201610171046413233-sweden-gotland-rape-p… The notorious gang rape in Visby, Gotland, in which a wheelchair-bound lady in her thirties was raped by people with "non-Swedish" appearance, led to some islanders declaring their interest in multicultural development over. As the five men initially arrested for the crime were set free later, indignation among angry locals has risen even higher. So some of the locals have finally declared they are no longer interested in multi culti crapola? Wonders never cease. But in reality, it seems a lot more crimes against their women is required before folks really stop tacitly consenting - by acting, in their own interests, rather than tacitly going along with what is supposed to be good for the world. What's another gang-raped wheelchair-bound woman between guilt programmed Germans anyway? I mean, Whites are Terrorists by definition as everybody knows? Surely we cannot be allowed to live wholesome lives in accordance with our own individual morals and principles now? Nah, likely never happen... 'Cause we got ta be tolerant, inclusive, submissive, compliant with the statutes, understanding that our rulers know best and all humans, and all religions, are equal and free. Rainbow unicorns will save the world.

1 0

Fwd: [Cryptography] stego mechanism used in real life (presumably), then outed
by grarpamp 09 Jun '17

09 Jun '17

---------- Forwarded message ---------- From: iang <iang(a)iang.org> Date: Thu, Jun 8, 2017 at 3:10 AM Subject: Re: [Cryptography] stego mechanism used in real life (presumably), then outed To: cryptography(a)metzdowd.com On 07/06/2017 12:21, Jerry Leichter wrote: > There's an interesting and significant sidelight to the previous discussion of watermarking, and the message a couple of days ago from "M373" concerning the Seaglass project at U of Washington, which is developing means for detecting IMSI catchers at city-wide scale. In both cases - and there are others - we have legitimate research devoted entirely to discovering, publicly explaining, and perhaps effectively neutralizing, mechanisms that LE has put in place. As far as I can tell, this has little historical precedent. Criminals/revolutionaries/freedom fighters - it all depends on you viewpoint in particular situations - have long conducted exactly this kind of research. But it's been clandestine, done in support of their own activities, and passed around as secret tradecraft. (Of course, state actors have also long targeted each other this way.) > > We've crossed a threshold when entitled members of society feel the need to work to subvert their own society's enforcement mechanisms. (No, university faculty members and EFF researchers and such - while hardly among the big movers in shakers - cannot reasonably be considered the downtrodden in any Western society.) I agree with the observation of the shift, but I take issue with the notion of "society's own enforcement mechanisms". As far as I can see, it isn't society that is putting in wholesale enforcement mechanisms, it's a small subset that are working outside the bounds of society. In long-standing principle, societies have more or less accepted the need for spying on *foreign* enemies but drawn the line at spying on own citizens. This is well tested in history. For local spying you need an investigation, a warrant, a court, a process. The barrier is high. Things like yellow dots, the equity ratio of 10:1 offence to defence at NSA, also the 19 agencies secret sharing and deception to courts, show that the historical defences of civil society are being subverted. And, it is more or less worse in other countries. It used to be the notion in pre-1990s times that the agencies spying on own people was reserved for the evil enemy - the Stazi, McCarthy, KGB, Hoover. But now it seems to be trotted out with regularity that if the terrorists are achieving, of course we'll undermine society to fix that. C.f., May's recent comments about willingness to reduce fundamental rights of 60 million in exchange for 6. So I would prefer to say, what we are seeing is a shift towards society protecting itself against the attacks of agencies that are now out of control of the democratic population. That's just me. I'm not society. But neither am I content when entitled members of society in agencies think society is right and it's ok to go local because we're the good guys. General society didn't need end to end encryption until this shift happened. 40 bit CA-mediated crypto did the job for credit cards nicely enough. Nice to have, but there was no serious privacy threat on the tubes. Now there is a big shift happening - those that are listening are using the information. It's not there yet, but if the trend for open intel sharing continues, society will need end to end encryption just to survive. iang _______________________________________________ The cryptography mailing list cryptography(a)metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography

2 1

Supreme Court accepts major cellphone privacy case.
by jim bell 08 Jun '17

08 Jun '17

https://www.usnews.com/news/articles/2017-06-05/supreme-court-accepts-major… [partial quote] The Supreme Court has accepted a challenge to the warrantless collection of historical cellphone location data in a case that could curtail U.S. government surveillance and expand American privacy rights.The case, Carpenter v. U.S., was granted certiorari Monday on appeal from the U.S. Court of Appeals for the 6th Circuit, which found that police did not need a warrant based on probable cause to collect 127 days of cellphone records from MetroPCS and Sprint.Timothy Carpenter was found guilty of participating in six Michigan robberies after the government said those cellphone records – which included calls made and geographic location – placed him near four of the crime scenes. He is serving a 116-year prison sentence.Federal courts have provided mixed rulings on whether the Fourth Amendment requires police to get a warrant. Authorities say a warrant is not necessary in Carpenter's case, as the Supreme Court’s 1979 ruling in Smith v. Maryland holds that people have no expectation of privacy over information voluntarily given to companies.The so-called third party doctrine of Smith v. Maryland, which dealt with a short span of landline records, and related cases also applies to some banking and internet records. It has been used to justify mass surveillance by the federal government, including the National Security Agency’s now-curbed dragnet of U.S. call records.[end of partial quote] ×

1 0

McDonalds serving "Gay unfriendly fries" for 77 years now, finally gets PC - was [jim.sovereign@optusnet.com.au: McDonald launches gay friendly fries to back Washington DC’s Gay Pride parade.]
by Zenaan Harkness 08 Jun '17

08 Jun '17

I'm shocked I tell you, truly shocked, that McDonalds has been serving Gay-unfriendly fries for so long, indeed 77 years no less! I'm surprised that McDs is so open about their White Supremacist past - I thought they hired better PR agencies. Oh well, the things we learn. <no dry humour intended, only literal interpretations allowed; we're all asburger's spectrum around McDonalds anyway...> ----- Forwarded message from Jim <jim.sovereign(a)optusnet.com.au> ----- From: Jim <jim.sovereign(a)optusnet.com.au> Date: Thu, 8 Jun 2017 17:09:57 +1000 Subject: McDonald launches gay friendly fries to back Washington DC’s Gay Pride parade. It’s irritating enough when food corporations pander to Muslims with their Halal demands, now we have McDonald’s supporting the LGBTI agenda with their politically correct “gay friendly” fries. What’s next on McDonald’s menu: a “Big Gay” burger to go with their gay fries? Is this another example of corporate social engineering? McDonald’s deserves to be boycotted for this public relations stunt, not to mention its awful food. Jim McDonald’s launches gay friendly fries to back Washington DC’s Gay Pride parade news.com.au Ian Horswill, News Corp Australia Network June 8, 2017 http://cdn.newsapi.com.au/image/v1/external?url=http%3A%2F%2Fcontent6.video… Video <http://www.news.com.au/finance/business/other-industries/mcdonald-launches-…> IRELAND: Ireland's Conservative Ruling Party Elects Country's First Openly Gay Leader June 02 FAST food giant McDonald’s is changing the way it presents its fries for customers for just three days — and it’s sparked an online debate across the globe. To mark the annual Gay Pride parade in Washington DC <https://twitter.com/washingtondc> , the US capital city, on Saturday (local time), McDonald’s has announced that it will offer gay friendly fries to customers. Rainbow print fry boxes will be used for large-sized orders at three specific locations along the Capital Pride Alliance <http://www.capitalpride.org/events/parade-2017/> ’s parade route. McDonald’s is also a sponsor of the Capital Pride Alliance, which is dedicated to LGBTQ education and outreach, and also has a float in the parade. “The rainbow fry boxes are a fun way to show our support of the LGBTQ community using one of McDonald’s most iconic and recognisable items; however, these fry boxes are ‘small potatoes’ in the grand scheme of our commitment to this community,” said Cathy Martin, vice president/general manager of McDonald’s Baltimore-Washington Region. “We are proud to honour and celebrate the LGBTQ community, including our employees, customers and beyond, each and every day.” The decision to introduce gay friendly fries has caused an online debate. Evangelist Joshua Feuerstein, a former paster who has more than two million followers on his <https://www.facebook.com/joshua.feuerstein.5/> Facebook page, called for a boycott of McDonald’s. <https://www.facebook.com/joshua.feuerstein.5/photos/a.443484622420892.10737…> Feuerstein also slammed department store giants Macy’s pro-LGBT campaign, writing: “Well ... Macy’s decided to push the gay agenda! Looks like they lost my business too! It’s time to boycott businesses that push the homosexual agenda. Click SHARE and let others know ... let them feel it in their pocketbook!” However, his boycott call also caused angst. <https://t.co/yFuwQYLW82> June is LGBT Pride Month <https://www.loc.gov/lgbt-pride-month/about/> in the US and the former President Barack Obama supported the LGBT community annually with proclamations. President Donald Trump and his White House will not recognise it this year. Source: http://www.news.com.au/finance/business/other-industries/mcdonald-launches-… ----- End forwarded message -----

3 2

Fwd: [Cryptography] Distributed Ledger Technology gets a high level review
by grarpamp 08 Jun '17

08 Jun '17

---------- Forwarded message ---------- From: Thierry Moreau <thierry.moreau(a)connotech.com> Date: Mon, Jun 5, 2017 at 11:11 AM Subject: [Cryptography] Distributed Ledger Technology gets a high level review To: Cryptography <cryptography(a)metzdowd.com> Fascinating read this morning: www.bankofcanada.ca/wp-content/uploads/2017/05/fsr-june-2017-chapman.pdf This reports the findings of a DLT trial for the financial sector. Definitely geared towards wholesale payment systems (a world with its own culture), it nonetheless presents a well-informed assessment of DLT deployment challenges. In my opinion, the main conclusion (DLT may not replace centralized wholesale payment operators) was to be expected since the reference used for comparison (i.e. Canada LVTS) is among the most advanced system. Secondary conclusions are less damaging to the Distributed Ledger Technology deployment potential. Regards, - Thierry Moreau _______________________________________________ The cryptography mailing list cryptography(a)metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography

1 0

Trust DHS with your laptops? If not you soon might not be able to fly
by CANNON 08 Jun '17

08 Jun '17

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Possible upcoming mandate by DHS to turn in your laptops to them before boarding flights (even for domestic flights) will enable government to clone your harddrives or copy files, search computers, and tamper with your laptop. Sources: https://gizmodo.com/white-house-seriously-considering-banning-laptops-on-al… http://www.computerworld.com/article/3198848/security/us-might-ban-laptops-… Mention of potential to increase to domestic also http://www.computerworld.com/article/3198848/security/us-might-ban-laptops-… - -- Cannon PGP Fingerprint: 2BB5 15CD 66E7 4E28 45DC 6494 A5A2 2879 3F06 E832 Email: cannon(a)cannon-ciota.info NOTICE: ALL EMAIL CORRESPONDENCE NOT SIGNED/ENCRYPTED WITH PGP SHOULD BE CONSIDERED POTENTIALLY FORGED, AND NOT PRIVATE. If this matters to you, use PGP. -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJZOKE9AAoJEAYDai9lH2mw+/QP/Rco79mEc8c/+4aT8GL8zKEt 9rBXpyEs2oa6cnqyq5yqe66W5bdt0w4FgMRY6eI6Bo56U3qqETfls4L6r/W/gBSD vY8ItJ3uRG0aMOHxTwEXHVufb6a43L1Q7qJtfUeEVwhnxdC9x0UhxMsR6/SuXBY+ SVTZUEN1fATIJHy1KReIAKkZd9bgbrQDW+oyECwxFmihD5YKhG+kINxnEX77gdw3 y2SWNLCjY1mfAt2rXqrqM/TDeuJVbrxtAAGQiyZXp+D7FeYQ3IerJ8BacZCYdhI8 FrwIOBdeBGPP41S0BTZQXsVX1iqnij4bxCN+fsXCYsgKzVw67yblibo3OkMDXbYN AuAwHZdv8mMvqhKC2wnw9ShR847I9mbwCpBwARBIINCVx+RBdUXrjuiGmF230pNz asI6YA+HV00/1Q7Irpc+ZegUjcV+tbqMNVJ0/J7/En+ED4lb9nP443FfTqNhITKx plx4WrPCvt7h05vhKZzkk3B07dCZ90CFFwrxUj40mV8YU11rUhyr7R/lpK4NHcUw 2ZA0QMJ0k4W9wC8W2W5W9z1B/NHh/UW0TAzbEVXAeQPZ95VtW+csz8iB8VvOSrmD YAygSDw88qS9DK0kjuI+JfO4C5zDMArqWlrO1/OQdHnassNVHDWa6YGZlgVmmgLr 7fW+H+lQfof+VrkgIp7/ =oUqX -----END PGP SIGNATURE-----

1 1