On October 1, 2015 3:01:55 PM Steve Kinney wrote:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On 09/30/2015 04:02 PM, stef wrote:

...

and they host all the juicy bits on documents on documentcloud, requiring anyone interested to expose themselves. it is not possible to download the dumps anonymously in a simple zip file, you really have to use goddamn javascript.

this is totally unacceptable. when approached on this, you get very irritated answers, if at all. to say "this stinks" is an understatement. it's a goddamn trap.

I am not inclined to believe that a "simple zip file" can be downloaded anonymously, without employing extraordinary OpSec procedures that would incidentally render javascript useless for tracking purposes. Not if the adversaries in your threat model include any official agency of any of the FVEYE countries, or any of the major private contractors working with them.

The network itself is the trap, with or without javascript, with or without obfuscation via TOR or etc. I would be much more concerned with the handling of those downloaded files on the local machine - if a trap is suspected, zero day exploits hidden in the files should be assumed.

:o)

-----BEGIN PGP SIGNATURE-----

[Snip] Agree with both sentiments, but - who the hell opens documents of dubious origin on a networked machine? Even on an airgapped machine, I still use a VM... -S

2015-10-02 10:58 GMT+02:00 Georgi Guninski :

On Thu, Oct 01, 2015 at 03:09:40PM -0700, Shelley wrote:

...

Agree with both sentiments, but - who the hell opens documents of dubious origin on a networked machine? Even on an airgapped machine, I still use a VM...

Agree about VM, it adds another layer of protection.

VMs have bugs too, as history shows.

btw, does rowhammer escape VM? (appears to me yes).

You know, a webpage is supposed to be in a VM too. With HTML growing so big and so fast it's very hard to know it's secure. But I see little reason as to why Javascript is the baddest boy on the block. iPhones Got wrecked by a png rendering library. Interpreting a programming language is not *that* different from interpreting an image. Even less different from interpreting HTML/CSS. If you would care for a secure instead of a fast Javascript interpreter, well, too bad because nobody's making a secure one. Hah. Which relates as to why I lost a lot of personal photo's; I didn't use the cloud backup feature. Now nobody has my pictures, except maybe whomever stole my phone* =( Using one of those file hosting sites provides a greater level of convenience. Perhaps so much greater that without that level of convenience it would hardly be possible at all. The consumers don't care to invest in security very much, in fact, hardly at all. Especially when all you're securing against sounds like more paranoia - which is what an invisible-seems-like-its-not-even-there organization will always seem like. (remember, the NSA lacks the field agents to even be anywhere, and I never see GCHQ agents either) * full disk crypto is not a thing in androidland ;( tl;dr: javascript could be fine if we'd have secure software - as it is HTML/CSS/images/videos/etc are all also dangerous. Top level security seems (and often is) useless - therefore we don't really have it (even when we'd like it so very much) unless we keep ourselves from essential features.

On Fri, Oct 02, 2015 at 04:28:23PM +0200, Lodewijk andré de la porte wrote:

* full disk crypto is not a thing in androidland ;(

it is weird to troll android from a gmail.com account, according to headers. are you using windoze phone on gmail? are you outsourcing dDos to google instead of hotmail.com?

2015-10-03 0:01 GMT+02:00 Shelley :

Using one of those file hosting sites provides a greater level of

...

convenience. Perhaps so much greater that without that level of convenience it would hardly be possible at all.

I'm surprised to hear that come from you. I've never used a cloud backup and the most I've ever lost is a day or two's worth of data/ media. I have redundant backups. It's not difficult (it truly isn't, I'm not trying to be snotty.)

*possible at all *for them* I'm trying to argue we need more convenient + secure services/applications/workflows/etc. because apparently security wasn't worth it for the reporters. I'm also aware of the exceedingly detrimental effect copyright law has had on general filesharing. Somehow information controls, huge dangers to freedom of speech, are permissible because ideas aren't free but instead licensable at owner's whims. Reg backups - I think you have a far better way of managing things than I do. It was actually on my mind to fix within the week (earlier if I'd have found a client-side-crypto-cloud-backup-thing). There's no excuse really - I just kept delaying it because I never /actually/ lost data before (I always had a backup somewhere). I've never been very systematic about it and it feels totally off that it isn't already automated in our operating systems. (/vent... losing data hurts)

The consumers don't care to invest in

...

security very much, in fact, hardly at all.

Do you mean the same lusers who broadcast the fact that they're on vacation all over Failbook, post photos with GPS enabled and are then surprised when their home is burglarized?

I mean so many of them that we do not have much security now. (btw: geotagging is cool, it's bad for security, but so are all pictures)

* full disk crypto is not a thing in androidland ;(

...

Sadly, it's not a "thing" anywhere right now. Not when EC has been intentionally weakened, etc. Hell, even if crApple did have true full disc encryption, I wouldn't use their closed source crapware.

I actually lost (a test server's) data before because I crypted it and locked it up - and forgot the horrendously complicated extra-long passkeys. Since then I opt for something easier to remember/derive, because everything else is detrimental to security. Making physical notes means "import sec.physical" which is a foolhardy proposition.

tl;dr: javascript could be fine if we'd have secure software - as it is

...

HTML/CSS/images/videos/etc are all also dangerous. Top level security seems (and often is) useless - therefore we don't really have it (even when we'd like it so very much) unless we keep ourselves from essential features.

"Essential" is very much a subjective term. I don't mind most of my web browsing experience looking like plaintext (in fact, I much prefer it.) However, I understand most people do not want to use the web in that way. We all make concessions we consider acceptable, sacrificing privacy/security for convenience. I'm guilty of it, too. Anyone with a smartphone and a credit/debit card is as well.

It makes you slower. Incompatibility makes you slower. Slowness makes you irrelevant. Slowness equals failure. (depending on how much slower you'll be, of course) I say this because it sometimes seems strategically so.

I actually lost (a test server's) data before because I crypted it and locked it up - and forgot the horrendously complicated extra-long passkeys. Since then I opt for something easier to remember/derive, because everything else is detrimental to security. Making physical notes means "import sec.physical" which is a foolhardy proposition.

How hard is it really to, upon boot of a physical local storage server, to remember to concatenate 12'th line of the 12'th page of the first 12 books on your bookshelf? Or to at least write the fucker down so that phrase remains airgapped (though obviously final key still present in core)?

2015-10-04 5:36 GMT+02:00 grarpamp :

Perfection is "hard", and must be a "lifestyle" of minimization and excercises and engineering, both in real life and in the mind.

But this is exactly the problem! Most people are not at (info)war. Most people are trying to live another kind of lifestyle entirely, and see not how invisible orgs can abuse them. All that care about infosec can only say "stop having fun, stop using features, start putting effort into something that you can hardly even imagine". I think the best "for the public" angle is sovereignty, control and actionable freedom. Politicians whose internal memo's and private lives are not secure will function much worse; even when not blackmailed their adversaries have a strong upper hand - affecting sovereignty. The same applies to companies. Control over your life and how you behave, no silly timewasting DRM, no involuntary updates or changes, no "accept all" or misleading "opt-in", no aggressive tie-in strategies, options other than voting-with-your-feet/wallet. And wrt actionable freedom - privacy isn't just for nefarious business, it's also just for keeping people out of your hair. If you like long showers you might prefer not tweeting it, lest your eco-buddies will look at you with little frowns. Maybe you really dig that groovy lavalamp - doesn't mean everyone should know it. And perhaps you'd rather not scribble your teen-girl-pop-rock-addiction? Best not speak of heavy subjects - people prefer lightweight, fun, enthusiastic, positive talks. In that vein, I have determined Android smartphones to be something I do want to have. It has been getting worse and worse for years on end. iOS is worse still, but now seemingly only marginally so. Having just lost my personal pictures (which are really not that useful for anyone but me) is painful, and I wish I just accepted the cloud backup feature. I did not see why it should not be encrypted locally, but the applications for doing so manually did not inspire trust, and seemed like a big hassle besides (was still gonna). Basically, I recommend using automatic cloud backups for images, and remembering that GOOG/TLA's are watching (which they are anyway, on your Android smartphone). How hard is it really to, upon boot of a physical local storage server,

to remember to concatenate 12'th line of the 12'th page of the first 12 books on your bookshelf? Or to at least write the fucker down so that phrase remains airgapped (though obviously final key still present in core)?

I'd first need a stable bookshelf. Housing has been in flux somewhat - for a while now. I may have written something down. Somewhere. Also, I thought I would remember, and did, until I did not use the password for some months (it was running smoothly and needed no reboots). So, harder than it seemed. I have also used grids and patterns to hide passwords, so not every onlooker would immediately see them - but it's possible to brute force them so there's no real comfort. Sorry for always being so verbose. Brevity kills clarity.

On Fri, Oct 2, 2015 at 10:28 AM, Lodewijk andré de la porte wrote:

2015-10-02 10:58 GMT+02:00 Georgi Guninski :

...

btw, does rowhammer escape VM? (appears to me yes).

To affect your own instance, probably. In others, at least those (or under VMM's) that wipe wipe malloc before use, probably not.

* full disk crypto is not a thing in androidland ;(

Are not the Linux and FreeBSD slowly approaching (with droid/hardware blob compatibility shims) the ability to run natively on certain hardware such that FDE is theirs and not droid's (baseband, and open chip fabs, excepting)? http://www.freebsd.org/platforms/arm.html https://wiki.freebsd.org/201506DevSummit/ARMv8 https://www.google.nl/search?q=linux+qualcomm+snapdragon