From coderman at gmail.com  Tue Dec  2 03:04:07 2014
From: coderman at gmail.com (coderman)
Date: Tue, 2 Dec 2014 03:04:07 -0800
Subject: request for slides and transcript: "44Con 2014: GreedyBTS - Hacking
 Adventures in GSM"
Message-ID: <CAJVRA1TjV3+2XuzgZXZeg_LTSzZ-3RbfnDnvJQkeugHP5miFxg@mail.gmail.com>

http://blog.mdsec.co.uk/2014/11/44con-2014-greedybts-hacking-adventures.html

'''
... GreedyBTS can be used to assist security researchers and analysts
performing assessments of mobile connectivity in environments, as well
as highlighting risks to organisations who may transfer potentially
sensitive information over wireless devices. An increasing number of
embedded systems have turned to GSM as a management channel, such as
alarm panels, street lighting, safety systems and more, which could
all be susceptible to man-in-the-middle and rogue BTS attacks.

The current state of baseband security means that it is difficult to
detect and determine if you or your devices are being targeted by
malicious BTS environments. The tools that do exist are aimed at power
users which makes wider adoption by business or consumers an
increasingly difficult task. By sharing information that can assist
security researchers we hope to increase the overall security of
mobile devices and cause people to re-think how they handle sensitive
information over GSM environments...
'''




From snehan.kekre612 at protonmail.ch  Tue Dec  2 05:06:51 2014
From: snehan.kekre612 at protonmail.ch (Snehan Kekre)
Date: Tue, 2 Dec 2014 08:06:51 -0500
Subject: VeraCrypt Trustworthiness?
Message-ID: <946170cf279dcee91f6c252dd6b1801f@protonmail.ch>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 219 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141202/aa60e506/attachment.txt>

From coderman at gmail.com  Tue Dec  2 09:04:36 2014
From: coderman at gmail.com (coderman)
Date: Tue, 2 Dec 2014 09:04:36 -0800
Subject: [qubes-users] First Mention of Qubes in US Court Documents
In-Reply-To: <20141202155906.GA10743@leitl.org>
References: <20141202155906.GA10743@leitl.org>
Message-ID: <CAJVRA1Sk2e-23kn3J_c7h33OOLF4G9TqTc+i8iTano_DphyOmw@mail.gmail.com>

On 12/2/14, Eugen Leitl <eugen at leitl.org> wrote:
> ...
> Just FYI, this is the first mention I've seen of Qubes in documents
> filed in any US court...


if you count HP NetTop,

as for Qubes, here is what was settled on as baseline use case for
something entirely unrelated to Court:
---cut--

### Using Qubes

# Launching Document Editor
 1. Open the Qubes Quick Launch Menu at lower left.
 2. Select "Domain: editor" for the apps available in this VM.
 3. Then click "editor: LibreOff..." to launch Document Editor (Libre Office)


# Launching File Browser
 1. Open the Qubes Quick Launch Menu at lower left.
 2. Select "Domain: editor" for the apps available in this VM.
 3. Then click "editor: Files" to launch File Browser.
 NOTE: The File Browser is also how you can see mounted USB devices
       and also where to copy files back and forth, or just explore.


# USB Storage
 1. Plug in the USB device. Ignore the message notifications at lower right.
 2. Locate "Qubes VM Manager" Window. If you close by accident, re-launch.
 3. In "Qubes VM Manager" Window Menu, select to highlight "editor" VM
as row / item.
 4. Right-click on editor for VM menu, select -> "Attach/detach block devices"
 5. In the "Attach/detach" submenu, you should see your device listed.
      for example, "Attach: dom0: sdb 1863 GiB ..."
 6. Click this option to attach storage.
 7. Launch "editor: Files" command, then select attached device at left sidebar.
      for example, "2.0 TB Volume"
 DONE!


# To Shutdown, you should always shutdown "gracefully" to avoid file
system issues.
 1. Open the Qubes Quick Launch Menu at lower left.
 2. Select "Leave" menu options, then "Shut down"
 3. Confirm the shut down prompt, or wait 30 seconds.


# Launching the "Qubes VM Manager"
 1. Usually started by default, it can be re-started if closed.
 2. Locate the System Quick Launch Menu at lower left. It is a blue Qubes icon.
 3. Open Launcher menu, then "System Tools" option.
 4. From "System Tools" menu, select -> "Qubes VM Manager"




From adi at hexapodia.org  Tue Dec  2 10:52:54 2014
From: adi at hexapodia.org (Andy Isaacson)
Date: Tue, 2 Dec 2014 10:52:54 -0800
Subject: [qubes-users] First Mention of Qubes in US Court Documents
In-Reply-To: <20141202155906.GA10743@leitl.org>
References: <20141202155906.GA10743@leitl.org>
Message-ID: <20141202185254.GD26707@hexapodia.org>

The mention of Qubes is interesting, but the rest of this document is
even more amazing!

On Tue, Dec 02, 2014 at 04:59:06PM +0100, Eugen Leitl wrote:
> ----- Forwarded message from Andrew <kyboren at riseup.net> -----
> 
> Just FYI, this is the first mention I've seen of Qubes in documents
> filed in any US court:
> http://cryptome.org/2014/12/peck-roark-affidavit.pdf (page 7; note
> that to the best of my knowledge, the context is entirely
> hypothetical).

First amazing assertion: use NLP to automatically redact classified
documents.  (page 3.)

Second amazing reference: links to a tor2web URL. (page 4, footnote 6)

-andy




From collin at averysmallbird.com  Tue Dec  2 11:23:18 2014
From: collin at averysmallbird.com (Collin Anderson)
Date: Tue, 2 Dec 2014 11:23:18 -0800
Subject: [qubes-users] First Mention of Qubes in US Court Documents
In-Reply-To: <20141202185254.GD26707@hexapodia.org>
References: <20141202155906.GA10743@leitl.org>
 <20141202185254.GD26707@hexapodia.org>
Message-ID: <CAC+VsLvcRHJHJASTJj9FXVFhd9iXx9fjDJUR2nT0XmhyT34bew@mail.gmail.com>

I'm not sure that the Chrome RECAP extension is working for me, but here is
the Motion for Partial Summary Judgment:
https://drive.google.com/file/d/0B2q69Ncu9Fp_bXNkeG42aDNsRDg/view?usp=sharing

Please let me know if there are any other documents that would be of
interest in the docket.

On Tue, Dec 2, 2014 at 10:52 AM, Andy Isaacson <adi at hexapodia.org> wrote:

> The mention of Qubes is interesting, but the rest of this document is
> even more amazing!
>
> On Tue, Dec 02, 2014 at 04:59:06PM +0100, Eugen Leitl wrote:
> > ----- Forwarded message from Andrew <kyboren at riseup.net> -----
> >
> > Just FYI, this is the first mention I've seen of Qubes in documents
> > filed in any US court:
> > http://cryptome.org/2014/12/peck-roark-affidavit.pdf (page 7; note
> > that to the best of my knowledge, the context is entirely
> > hypothetical).
>
> First amazing assertion: use NLP to automatically redact classified
> documents.  (page 3.)
>
> Second amazing reference: links to a tor2web URL. (page 4, footnote 6)
>
> -andy
>



-- 
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1950 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141202/2e444398/attachment.txt>

From list at sysfu.com  Tue Dec  2 12:15:00 2014
From: list at sysfu.com (Seth)
Date: Tue, 02 Dec 2014 12:15:00 -0800
Subject: [qubes-users] First Mention of Qubes in US Court Documents
In-Reply-To: <20141202155906.GA10743@leitl.org>
References: <20141202155906.GA10743@leitl.org>
Message-ID: <op.xp9bvay1bgbjo9@work-pc>

 From the affidavit:

EGOTISTICALSHALLOT was created in 2014 by
Tailored Access Operations as a
QUANTUMTHEORY Computer Network
Exploitation component effective against hardened
Whoonix Qubes users on the Tor Network.


Search engine results for EGOTISTICALSHALLOT are almost non-existent.

Does anyone have more info about this exploitation component?




From kyboren at riseup.net  Tue Dec  2 05:26:18 2014
From: kyboren at riseup.net (Andrew)
Date: Tue, 02 Dec 2014 14:26:18 +0100
Subject: [qubes-users] First Mention of Qubes in US Court Documents
Message-ID: <547DBDFA.3000206@riseup.net>

Just FYI, this is the first mention I've seen of Qubes in documents
filed in any US court:
http://cryptome.org/2014/12/peck-roark-affidavit.pdf (page 7; note
that to the best of my knowledge, the context is entirely
hypothetical).

Affidavit filed in support of this motion:
http://cryptome.org/2014/11/roark-087.pdf.

This case is likely familiar to many, but those who have not heard of
it are likely to find its history very interesting.  The docket is
partially available here:
http://dockets.justia.com/docket/oregon/ordce/6:2012cv01354/108333 --
those with PACER accounts are encouraged to use their $15 free credit
to upload these public-domain documents with RECAP
(https://www.recapthelaw.org/) so all may enjoy their right to public
access.

Andrew

-- 
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscribe at googlegroups.com.
To post to this group, send email to qubes-users at googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/547DBDFA.3000206%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

----- End forwarded message -----




From juan.g71 at gmail.com  Tue Dec  2 11:55:34 2014
From: juan.g71 at gmail.com (Juan)
Date: Tue, 2 Dec 2014 16:55:34 -0300
Subject: VeraCrypt Trustworthiness?
In-Reply-To: <946170cf279dcee91f6c252dd6b1801f@protonmail.ch>
References: <946170cf279dcee91f6c252dd6b1801f@protonmail.ch>
Message-ID: <547e18b9.515a8c0a.0815.4989@mx.google.com>

On Tue, 2 Dec 2014 08:06:51 -0500
Snehan Kekre <snehan.kekre612 at protonmail.ch> wrote:

> I still have no definite idea as to why TrueCrypt was dropped and
> Bitlocker was suggested! I too think that Vera looks like a fork of
> TrueCrypt. 

	It doesn't 'look like' a fork. It is a fork. And obviously it's
	not something they are hidding. So the previous comment from
	korpalski pointing out that it "looks just like a rebranded
	Truecrypt" is pretty stupid. 


	https://veracrypt.codeplex.com/wikipage?title=FAQ

	 What's the difference between TrueCrypt and VeraCrypt?

	 VeraCrypt adds enhanced security to the algorithms used for
	 system and partitions encryption making it immune to new
	 developments in brute-force attacks. It also solves many
	 vulnerabilities and security issues found in TrueCrypt.

	-----------

	Who knows if that's really true, tho.




I personally use DiskCryptor.
> 
> Regards,
> 




From eugen at leitl.org  Tue Dec  2 07:59:06 2014
From: eugen at leitl.org (Eugen Leitl)
Date: Tue, 2 Dec 2014 16:59:06 +0100
Subject: [qubes-users] First Mention of Qubes in US Court Documents
Message-ID: <20141202155906.GA10743@leitl.org>

----- Forwarded message from Andrew <kyboren at riseup.net> -----


From grarpamp at gmail.com  Tue Dec  2 19:10:01 2014
From: grarpamp at gmail.com (grarpamp)
Date: Tue, 2 Dec 2014 22:10:01 -0500
Subject: VeraCrypt Trustworthiness?
In-Reply-To: <547e18b9.515a8c0a.0815.4989@mx.google.com>
References: <946170cf279dcee91f6c252dd6b1801f@protonmail.ch>
 <547e18b9.515a8c0a.0815.4989@mx.google.com>
Message-ID: <CAD2Ti2_N_Fz_oGrXn3iw=hY52fkt6FA9U1R1WNyEWAv+VupZFA@mail.gmail.com>

On Tue, Dec 2, 2014 at 2:55 PM, Juan <juan.g71 at gmail.com> wrote:
> On Tue, 2 Dec 2014 08:06:51 -0500
> Snehan Kekre <snehan.kekre612 at protonmail.ch> wrote:
>
>> I still have no definite idea as to why TrueCrypt was dropped and
>> Bitlocker was suggested!

Because whoever suggested it trusted closed source Microsoft.
Not that anything running from or on top of that OS should ever
be considered secure.

> I too think that Vera looks like a fork of TrueCrypt.
>         https://veracrypt.codeplex.com/wikipage?title=FAQ
>
>          What's the difference between TrueCrypt and VeraCrypt?
> ...
>         Who knows if that's really true, tho.

I'd agree those are bullshit FAQ words in general.

Has any project truly surfaced as the [technical] community recognized
sucessor or comparable to TrueCrypt yet? Or are we still in fork
of the month club mode?




From kyboren at riseup.net  Tue Dec  2 14:01:11 2014
From: kyboren at riseup.net (Andrew)
Date: Tue, 02 Dec 2014 23:01:11 +0100
Subject: [qubes-users] First Mention of Qubes in US Court Documents
In-Reply-To: <op.xp9bvay1bgbjo9@work-pc>
References: <20141202155906.GA10743@leitl.org> <op.xp9bvay1bgbjo9@work-pc>
Message-ID: <547E36A7.2060802@riseup.net>

On 12/02/14 21:15, Seth wrote:
>  From the affidavit:
>
> EGOTISTICALSHALLOT was created in 2014 by
> Tailored Access Operations as a
> QUANTUMTHEORY Computer Network
> Exploitation component effective against hardened
> Whoonix Qubes users on the Tor Network.
>
>
> Search engine results for EGOTISTICALSHALLOT are almost non-existent.
>
> Does anyone have more info about this exploitation component?
>

As far as I know, this is purely hypothetical.  The relevant text from 
the previous page is:

"22. An example of a document not supported wholly by the public 
knowledge base is provided below in two parts. This fictional example is 
constructed to convey some similarities to parts of reporting in the 
public knowledge base."

Andrew

PS: Yes, there are quite a lot of interesting things in these documents 
other than the mention of Qubes and Whoonix [sic].  The use of a Tor 
hidden service with a partial name of "sunshine" is not lost on me, nor 
is it likely to be lost on Judge Aiken (though Mr. Peck would be well 
advised that Justice Brandeis actually used the word, "sunlight," and 
not, "sunshine").




From grarpamp at gmail.com  Tue Dec  2 20:43:04 2014
From: grarpamp at gmail.com (grarpamp)
Date: Tue, 2 Dec 2014 23:43:04 -0500
Subject: Microsoft Root Certificate Bundle, where?
In-Reply-To: <CAGG5nSfaUpLQcKQQSyLjJKHb-YfRF5zrzrbN2RS3tN9JzyUnKw@mail.gmail.com>
References: <CAD2Ti29rOU0JznTFikja_vHg5gG43sehSB6O1VcKfpBb_pXKfA@mail.gmail.com>
 <CAD2Ti28LUuhs80m1SX5=ZEKE_iQmFvV=A5xng+d9O2K6-FHiRQ@mail.gmail.com>
 <CAGG5nSfaUpLQcKQQSyLjJKHb-YfRF5zrzrbN2RS3tN9JzyUnKw@mail.gmail.com>
Message-ID: <CAD2Ti2-gL2GTr8G9vpBK=EidfxVMUp7_ANeDkzhF9aKWvyiGsQ@mail.gmail.com>

On Fri, Nov 28, 2014 at 6:45 PM, Nabla C0d3 <nabla.c0d3 at gmail.com> wrote:
> Yes I should probably document that in the README. I'm using this project:
> https://github.com/kirei/catt

Yes, please do.

I also asked MS for a URL to their current cert bundle, they never replied.

Though it's MS references are much older than Sep 29 2014, I'll still
look at catt.

Thanks.




From mrbits.dcf at gmail.com  Wed Dec  3 02:54:29 2014
From: mrbits.dcf at gmail.com (MrBiTs)
Date: Wed, 03 Dec 2014 08:54:29 -0200
Subject: Sony and Cyberattacks
Message-ID: <547EEBE5.8080407@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

A bit interesting: http://www.reuters.com/article/2014/12/02/us-sony-cybersecurity-malware-idUSKCN0JF3FE20141202

As Sony has her PSN, how playstation owners are vulnerable?

CheerS


- -- 
echo
920680245503158263821824753325972325831728150312428342077412537729420364909318736253880971145983128276953696631956862757408858710644955909208239222408534030331747172248238293509539472164571738870818862971439246497991147436431430964603600458631758354381402352368220521740203494788796697543569807851284795072334480481413675418412856581412376640379241258356436205061541557366641602992820546646995466P
| dc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBCAAGBQJUfuvlAAoJEG7IGPwrPKWruaMH/RXIeroxYXeK/g7chtLtxWdD
4FJiSkK+HjvQM41R+KpeTEAqAc9kyDpY2pGpb7mD734cbh8ZXUOi5R8YV+4LcUY+
iTJB81Mp67j6Q5iKcd226bS8DZc1yjSvzDSwuhUYeE7UJ9RK1jPWD9bz0BS5DdoP
LdI2pHWJ7/6N12TFGShzNrZPOE40tqQmbyChaIE3G72yo/H5iVGyY/xT3QwUU03M
P6u2PJBF3SUVOn4X+oUI12RwTBN+BaPfMGPBoxO4CzbcAK7jvtLOG9a9SyzjIpMX
xt78olEplpJjk7ziIzdAlpIIDFhGxOI8KoCMkTUwfWaVXBVnvkp2eBO1IDJ71aI=
=bHcE
-----END PGP SIGNATURE-----




From mirimir at riseup.net  Wed Dec  3 16:30:07 2014
From: mirimir at riseup.net (Mirimir)
Date: Wed, 03 Dec 2014 17:30:07 -0700
Subject: surveillance, its proponents and its opponents
In-Reply-To: <20141203132155.9F9682280E1@palinka.tinho.net>
References: <20141203132155.9F9682280E1@palinka.tinho.net>
Message-ID: <547FAB0F.7060706@riseup.net>

On 12/03/2014 06:21 AM, dan at geer.org wrote:
> Sociologically speaking, is it not interesting that Pres. Obama's
> freshest proposal for race relations is to deploy yet more surveillance
> cameras?  Body cameras for all police, an announcement made while
> arch-racist Sharpton was in the White House, is, of course, wholly
> consistent with Obama's basic intuitions whether we are talking
> drones in Asia or the data sharing requirements under Obamacare.
> 
> The immigrant amnesty groups certainly got under Obama's skin by
> calling him the "deporter in chief;" is it not time to call him
> the "voyeur in chief?"
> 
> --dan

There are trade-offs between privacy and accountability. In the interest
of social justice, there must be accountability for those who possess
authority and power. That does entail reduced privacy, but that's just a
cost of having authority and power. The degree of accountability (and
loss of privacy) should be proportionate to the authority and power
possessed.

Conversely, those without particular authority and power deserve maximal
privacy, except in areas where they are accountable. Common examples
include driving vehicles and parenting children.




From bbrewer at littledystopia.net  Wed Dec  3 14:47:10 2014
From: bbrewer at littledystopia.net (bbrewer)
Date: Wed, 3 Dec 2014 17:47:10 -0500
Subject: surveillance, its proponents and its opponents
In-Reply-To: <20141203132155.9F9682280E1@palinka.tinho.net>
References: <20141203132155.9F9682280E1@palinka.tinho.net>
Message-ID: <F4360BC9-F0FF-47BA-9C34-32BFC703B41F@littledystopia.net>


> On Dec 3, 2014, at 8:21 AM, dan at geer.org wrote:
> 
> Sociologically speaking, is it not interesting that Pres. Obama's
> freshest proposal for race relations is to deploy yet more surveillance
> cameras?  Body cameras for all police, an announcement made while
> arch-racist Sharpton was in the White House, is, of course, wholly
> consistent with Obama's basic intuitions whether we are talking
> drones in Asia or the data sharing requirements under Obamacare.

I think the idea of accountability is a grand one, really. Unfortunately, no doubt the camera will be the ‘end all be all’ of evidential proof, and as we know, footage will be able to be modified, at a cost, when the need arises. The low end of this is perhaps blaming the ‘lack’ of recording of an event as a technological failure, no doubt to be seen in the wild, if only for scapegoating and quieting the nay-sayers of footage validity — Ie. If it were not real, why would we go through the work to edit it, when instead it’d be far easier to blame on a technological issue/battery/blahblahblah.

It’s in fact not true accountability at all; it’s accountability in veil — A supporter of whatever agenda ‘they’ wish to pursue.

Speaking of “Obamacare”, I have zero intentions of playing along. I wish most felt the same way. If no one ‘subscribed’, succumbed to the threats (oh oh, sorry, ‘tax’) of not having insurance, the system wouldn’t work, wouldn’t exist. People would find a way to make enough money ‘under the table’ to cover the ‘tax’ for not having such required insurance. ‘Taxable’ incomes would drop, decently, or significantly, not only for the ‘rich’ (they do this to avoid taxes, obviously) but for the average working layman as well.

What a glorious day for society when we slowly start to starve the state.

-Benjamin




From hozer at hozed.org  Thu Dec  4 12:26:36 2014
From: hozer at hozed.org (Troy Benjegerdes)
Date: Thu, 4 Dec 2014 14:26:36 -0600
Subject: surveillance, its proponents and its opponents
In-Reply-To: <547FAB0F.7060706@riseup.net>
References: <20141203132155.9F9682280E1@palinka.tinho.net>
 <547FAB0F.7060706@riseup.net>
Message-ID: <20141204202636.GJ29130@nl.grid.coop>

On Wed, Dec 03, 2014 at 05:30:07PM -0700, Mirimir wrote:
> On 12/03/2014 06:21 AM, dan at geer.org wrote:
> > Sociologically speaking, is it not interesting that Pres. Obama's
> > freshest proposal for race relations is to deploy yet more surveillance
> > cameras?  Body cameras for all police, an announcement made while
> > arch-racist Sharpton was in the White House, is, of course, wholly
> > consistent with Obama's basic intuitions whether we are talking
> > drones in Asia or the data sharing requirements under Obamacare.
> > 
> > The immigrant amnesty groups certainly got under Obama's skin by
> > calling him the "deporter in chief;" is it not time to call him
> > the "voyeur in chief?"
> > 
> > --dan
> 
> There are trade-offs between privacy and accountability. In the interest
> of social justice, there must be accountability for those who possess
> authority and power. That does entail reduced privacy, but that's just a
> cost of having authority and power. The degree of accountability (and
> loss of privacy) should be proportionate to the authority and power
> possessed.
> 
> Conversely, those without particular authority and power deserve maximal
> privacy, except in areas where they are accountable. Common examples
> include driving vehicles and parenting children.

Accountability will be zero if the police body cams are reviewed and paid for
by the police. This is already the case as you have a case documented *on
video* which was ruled a homicide by the coroner. But police have great
protections and latitude on what they are allowed to do, which may or may not
be a mistake. Only more awareness and debate will answer that.

What happens to the police body camera footage is far more important. If it is
immediately posted via bittorrent or multicast IP on public access wireless
mesh networks, it will become a great tool for the police, for social justice,
and for accountability.

The cost, however, is a loss of privacy.

As it is now, all I need to do is buy my privacy by providing forensic data
analysis services to the police to give them whatever answer the prosecutor
or campaign contributors would like to see.

I would trade my privacy for the freedom and liberty that would come from
an open and transparent society that calls all it's members to account for
their actions, rather than only calling the lower classes to account.

What happens next depends on how many would trade in privacy for an upgraded
society.

-- 
----------------------------------------------------------------------------
Troy Benjegerdes                 'da hozer'                  hozer at hozed.org
7 elements      earth::water::air::fire::mind::spirit::soul        grid.coop

      Never pick a fight with someone who buys ink by the barrel,
         nor try buy a hacker who makes money by the megahash




From mirimir at riseup.net  Thu Dec  4 15:05:06 2014
From: mirimir at riseup.net (Mirimir)
Date: Thu, 04 Dec 2014 16:05:06 -0700
Subject: surveillance, its proponents and its opponents
In-Reply-To: <5480cccc.2f528c0a.246e.ffff92be@mx.google.com>
References: <20141203132155.9F9682280E1@palinka.tinho.net>
 <547FAB0F.7060706@riseup.net> <5480cccc.2f528c0a.246e.ffff92be@mx.google.com>
Message-ID: <5480E8A2.1090201@riseup.net>

On 12/04/2014 02:08 PM, Juan wrote:
> On Wed, 03 Dec 2014 17:30:07 -0700
> Mirimir <mirimir at riseup.net> wrote:
> 
>> On 12/03/2014 06:21 AM, dan at geer.org wrote:
>>> Sociologically speaking, is it not interesting that Pres. Obama's
>>> freshest proposal for race relations is to deploy yet more
>>> surveillance cameras?  Body cameras for all police, an announcement
>>> made while arch-racist Sharpton was in the White House, is, of
>>> course, wholly consistent with Obama's basic intuitions whether we
>>> are talking drones in Asia or the data sharing requirements under
>>> Obamacare.
>>>
>>> The immigrant amnesty groups certainly got under Obama's skin by
>>> calling him the "deporter in chief;" is it not time to call him
>>> the "voyeur in chief?"
>>>
>>> --dan
>>
>> There are trade-offs between privacy and accountability. In the
>> interest of social justice,
> 
> 
> 	what is that? 

How about <http://en.wikipedia.org/wiki/Social_justice>?

I could also have said "protecting human rights".

>> there must be accountability for those
>> who possess authority and power. That does entail reduced privacy,
>> but that's just a cost of having authority and power. The degree of
>> accountability (and loss of privacy) should be proportionate to the
>> authority and power possessed.
> 
> 
> 	that sounds good - but royally miss the point - which is to get
> 	rid of people who have authority and power. 

Even in egalitarian human societies, some will always possess
role-specific authority and power. I do agree on the need to minimize
authority and power, and to ensure that it's truly legitimate.

>> Conversely, those without particular authority and power deserve
>> maximal privacy, except in areas where they are accountable. Common
>> examples include driving vehicles and parenting children.
> 
> 	lol 
> 	
> 	it's for the children!!! 

Read _Foundations of Psychohistory_ by Lloyd DeMause.




From juan.g71 at gmail.com  Thu Dec  4 13:08:28 2014
From: juan.g71 at gmail.com (Juan)
Date: Thu, 4 Dec 2014 18:08:28 -0300
Subject: surveillance, its proponents and its opponents
In-Reply-To: <547FAB0F.7060706@riseup.net>
References: <20141203132155.9F9682280E1@palinka.tinho.net>
 <547FAB0F.7060706@riseup.net>
Message-ID: <5480cccc.2f528c0a.246e.ffff92be@mx.google.com>

On Wed, 03 Dec 2014 17:30:07 -0700
Mirimir <mirimir at riseup.net> wrote:

> On 12/03/2014 06:21 AM, dan at geer.org wrote:
> > Sociologically speaking, is it not interesting that Pres. Obama's
> > freshest proposal for race relations is to deploy yet more
> > surveillance cameras?  Body cameras for all police, an announcement
> > made while arch-racist Sharpton was in the White House, is, of
> > course, wholly consistent with Obama's basic intuitions whether we
> > are talking drones in Asia or the data sharing requirements under
> > Obamacare.
> > 
> > The immigrant amnesty groups certainly got under Obama's skin by
> > calling him the "deporter in chief;" is it not time to call him
> > the "voyeur in chief?"
> > 
> > --dan
> 
> There are trade-offs between privacy and accountability. In the
> interest of social justice,


	what is that? 

> there must be accountability for those
> who possess authority and power. That does entail reduced privacy,
> but that's just a cost of having authority and power. The degree of
> accountability (and loss of privacy) should be proportionate to the
> authority and power possessed.


	that sounds good - but royally miss the point - which is to get
	rid of people who have authority and power. 


> 
> Conversely, those without particular authority and power deserve
> maximal privacy, except in areas where they are accountable. Common
> examples include driving vehicles and parenting children.

	lol 
	
	it's for the children!!! 


	






From guninski at guninski.com  Sat Dec  6 09:23:41 2014
From: guninski at guninski.com (Georgi Guninski)
Date: Sat, 6 Dec 2014 19:23:41 +0200
Subject: Does a society of sheep deserve a government of wolves?
In-Reply-To: <5358B27C.8010903@tik.ee.ethz.ch>
References: <20140419134510.GA3833@sivokote.iziade.m$>
 <CAD2Ti2-J5PPR8Td2zmXJkF8U7LQmG+OWFkrGR_Bg+VFDyWCXiA@mail.gmail.com>
 <5358B27C.8010903@tik.ee.ethz.ch>
Message-ID: <20141206172341.GA2646@sivokote.iziade.m$>

On Thu, Apr 24, 2014 at 08:43:08AM +0200, Stephan Neuhaus wrote:
> On 2014-04-24, 00:28, grarpamp wrote:
> >> Does a society of sheep deserve a government of wolves?
> > 
> > Evolution might say that both sheep and wolf share some common
> > ancestor. One diverged docile, or even without that gene theory,
> > sheep are still eaten because they fail to fight back. Do not be dog
> > food, cast off your warm fuzzy wools and become fighters in the
> > ring.
> 
> Or, to put it more succinctly:
> 
> 	WAKE UP, SHEEPLE!
> 

Sheeple begin to wake when police kill lambs for playing
with toys:  https://en.wikipedia.org/wiki/2014_Ferguson_unrest

According to local news there are protest in several usa
cities, people block shops by laying on the ground
playing death.


> Fun,
> 
> Stephan




From grarpamp at gmail.com  Sun Dec  7 15:10:45 2014
From: grarpamp at gmail.com (grarpamp)
Date: Sun, 7 Dec 2014 18:10:45 -0500
Subject: [tor-talk] NSA TAO Exploit of Whonix Qubes - EGOTISTICALSHALLOT -
 Martin Peck
In-Reply-To: <CAJVRA1RaBkxNGLmTSSDOLSNijeTYX0EohOOeCw+LLMfeDJJ-kg@mail.gmail.com>
References: <20141207023823.15123l26w3vbay2o@www.vfemail.net>
 <CAJVRA1RaBkxNGLmTSSDOLSNijeTYX0EohOOeCw+LLMfeDJJ-kg@mail.gmail.com>
Message-ID: <CAD2Ti29rf+qCVSLSfm_EpjEranCNkfj1LXYR20ii04yGnv94GQ@mail.gmail.com>

On Sun, Dec 7, 2014 at 5:27 AM, coderman <coderman at gmail.com> wrote:
> On 12/7/14, EGOTISTICALSHALLOT <egotisticalshallot at openmail.cc> wrote:
>> https://www.whonix.org/forum/index.php/topic,805.0.html
>
>> Are you coderman the Martin R. Peck of the mentioned affidavit and
>> BigSun application?
>>
>> - http://cryptome.org/2014/12/peck-roark-affidavit.pdf
>> - http://sunshineeevvocqr.onion
>
> Patrick worked it out; i am indeed the same.

To some it was merely obscurity respected.
Nice to see this analysis project out there :)
Much needed. May there be more participants
and interesting results in the future.




From ryacko at gmail.com  Mon Dec  8 02:40:15 2014
From: ryacko at gmail.com (Ryan Carboni)
Date: Mon, 8 Dec 2014 02:40:15 -0800
Subject: Bitcoin networks surpasses 2^80 hashes per week
Message-ID: <CAO7N=i14U5NpZz2OgWGjpzMD0m5HN-TK2sDrwYqH332_2HbVFA@mail.gmail.com>

https://blockexplorer.com/q/hashestowin
log(171833398380382098659*24*60*7)/log(2)


Gives context to the obsolescence of 80-bit block ciphers (it only takes
ten million dollars of dedicated hardware to crack an 80-bit cipher). And
context to the NSA's design of Skipjack.

Naturally even a 2^64 collision attack requires implausible amounts of
storage, so properly designed hash functions should be secure for the
indefinite future.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 534 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141208/212237f9/attachment.txt>

From ryacko at gmail.com  Mon Dec  8 09:44:22 2014
From: ryacko at gmail.com (Ryan Carboni)
Date: Mon, 8 Dec 2014 09:44:22 -0800
Subject: Bitcoin networks surpasses 2^80 hashes per week
In-Reply-To: <CACaGApmfbrSUj+DCC+FETTdYzQ3+iNh3ewoFhaG9BSg=zQnggg@mail.gmail.com>
References: <CAO7N=i14U5NpZz2OgWGjpzMD0m5HN-TK2sDrwYqH332_2HbVFA@mail.gmail.com>
 <CACaGApmfbrSUj+DCC+FETTdYzQ3+iNh3ewoFhaG9BSg=zQnggg@mail.gmail.com>
Message-ID: <CAO7N=i2MVNgDm9ymyy6ZJ51QP_Xxhh_+PghaGyYtVumxiCT8eQ@mail.gmail.com>

24 = hours
60 = minutes
7 = days

so I'm only off by a factor of 2^3.3, not by a factor of 2^9.3


Cheers.

On Mon, Dec 8, 2014 at 3:23 AM, Joseph Birr-Pixton <jpixton at gmail.com>
wrote:

> On 8 December 2014 at 10:40, Ryan Carboni <ryacko at gmail.com> wrote:
> > https://blockexplorer.com/q/hashestowin
> > log(171833398380382098659*24*60*7)/log(2)
>
> I think your calculation is slightly off. hashestowin is the average
> number of hashes you need to perform to win the current block. It's
> not necessarily the case that a block is calculated each second: in
> fact one is found (on average) each 625 seconds[1].
>
> So that gives:
>
> >>> log(171833398380382098659*24*60*7/625)/log(2)
> 71.23
>
> Cheers,
> Joe
>
> [1] https://blockexplorer.com/q/interval
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1363 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141208/f5877513/attachment.txt>

From jpixton at gmail.com  Mon Dec  8 03:23:39 2014
From: jpixton at gmail.com (Joseph Birr-Pixton)
Date: Mon, 8 Dec 2014 11:23:39 +0000
Subject: Bitcoin networks surpasses 2^80 hashes per week
In-Reply-To: <CAO7N=i14U5NpZz2OgWGjpzMD0m5HN-TK2sDrwYqH332_2HbVFA@mail.gmail.com>
References: <CAO7N=i14U5NpZz2OgWGjpzMD0m5HN-TK2sDrwYqH332_2HbVFA@mail.gmail.com>
Message-ID: <CACaGApmfbrSUj+DCC+FETTdYzQ3+iNh3ewoFhaG9BSg=zQnggg@mail.gmail.com>

On 8 December 2014 at 10:40, Ryan Carboni <ryacko at gmail.com> wrote:
> https://blockexplorer.com/q/hashestowin
> log(171833398380382098659*24*60*7)/log(2)

I think your calculation is slightly off. hashestowin is the average
number of hashes you need to perform to win the current block. It's
not necessarily the case that a block is calculated each second: in
fact one is found (on average) each 625 seconds[1].

So that gives:

>>> log(171833398380382098659*24*60*7/625)/log(2)
71.23

Cheers,
Joe

[1] https://blockexplorer.com/q/interval




From grarpamp at gmail.com  Mon Dec  8 14:07:28 2014
From: grarpamp at gmail.com (grarpamp)
Date: Mon, 8 Dec 2014 17:07:28 -0500
Subject: Bitcoin networks surpasses 2^80 hashes per week
In-Reply-To: <CACaGApmfbrSUj+DCC+FETTdYzQ3+iNh3ewoFhaG9BSg=zQnggg@mail.gmail.com>
References: <CAO7N=i14U5NpZz2OgWGjpzMD0m5HN-TK2sDrwYqH332_2HbVFA@mail.gmail.com>
 <CACaGApmfbrSUj+DCC+FETTdYzQ3+iNh3ewoFhaG9BSg=zQnggg@mail.gmail.com>
Message-ID: <CAD2Ti2_yZNwADAvz2Yruj_nGo+9==+ahjsWHSUPC12-K=W13xw@mail.gmail.com>

On Mon, Dec 8, 2014 at 6:23 AM, Joseph Birr-Pixton <jpixton at gmail.com> wrote:
> On 8 December 2014 at 10:40, Ryan Carboni <ryacko at gmail.com> wrote:
>> https://blockexplorer.com/q/hashestowin
>> log(171833398380382098659*24*60*7)/log(2)
>
> I think your calculation is slightly off. hashestowin is the average
> number of hashes you need to perform to win the current block. It's
> not necessarily the case that a block is calculated each second: in
> fact one is found (on average) each 625 seconds[1].
>
> So that gives:
>
>>>> log(171833398380382098659*24*60*7/625)/log(2)
> 71.23
>
> [1] https://blockexplorer.com/q/interval

Average hashes to win something amongst your peers is one way
to think of it. Easier look at overall compute power deployed.
This graph is more telling and running at about 310 PH/s worth of
double SHA-256. (Around 2^77.x per week.)

https://blockchain.info/charts/hash-rate?showDataPoints=false&show_header=true&daysAverageString=1&timespan=all&scale=1&address=

Generalize the subject a bit further...

http://www.distributed.net/
http://boinc.berkeley.edu/
http://setiathome.ssl.berkeley.edu/
http://top500.org/
http://folding.stanford.edu/
Amazon
http://en.wikipedia.org/wiki/List_of_distributed_computing_projects

Work the sum of all those into basic compute ops, bits per sec, gates
per dollar, watts per dollar, etc. Then assume adversary can at least
duplicate it, and apply the result into a similarly customized ASIC
compute base against some crypto target of choice like RSA-1024,
SHA-1, RC4... something realworld in each of asym/hash/sym.
Or even just to disrupt Bitcoin.

What do you get?

> Naturally even a 2^64 collision attack requires implausible amounts of storage

Storage vs. time tradeoff applies as usual.




From codesinchaos at gmail.com  Mon Dec  8 10:47:47 2014
From: codesinchaos at gmail.com (CodesInChaos)
Date: Mon, 8 Dec 2014 19:47:47 +0100
Subject: Bitcoin networks surpasses 2^80 hashes per week
In-Reply-To: <CAO7N=i14U5NpZz2OgWGjpzMD0m5HN-TK2sDrwYqH332_2HbVFA@mail.gmail.com>
References: <CAO7N=i14U5NpZz2OgWGjpzMD0m5HN-TK2sDrwYqH332_2HbVFA@mail.gmail.com>
Message-ID: <CAK9dnSxCTh1ymyjnQjNSG1Nf3LWA5HbrYeedPaDiOBBo1Akhkg@mail.gmail.com>

On Mon, Dec 8, 2014 at 11:40 AM, Ryan Carboni <ryacko at gmail.com> wrote:
> Naturally even a 2^64 collision attack requires implausible amounts of
> storage, so properly designed hash functions should be secure for the
> indefinite future.
That'd only be the case for a naive collision finding attack. But
there are attacks that require little memory. Search for
"distinguished points".




From snehan.kekre612 at protonmail.ch  Tue Dec  9 05:12:03 2014
From: snehan.kekre612 at protonmail.ch (Snehan Kekre)
Date: Tue, 9 Dec 2014 08:12:03 -0500
Subject: Powerful Linux Trojan 'Turla' infected large number of victims
Message-ID: <669ef535f72e0ad7af0f570ba19ed878@protonmail.ch>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3281 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141209/d3d4b8d0/attachment.txt>

From ryacko at gmail.com  Tue Dec  9 09:08:45 2014
From: ryacko at gmail.com (Ryan Carboni)
Date: Tue, 9 Dec 2014 09:08:45 -0800
Subject: [Cryptography] Bitcoin networks surpasses 2^80 hashes per week
Message-ID: <CAO7N=i2ds2xuFTX6uos2u+Ua8TiLDaJqbh9X4QAwH1RcwsDE-w@mail.gmail.com>

>
> Storage vs. time tradeoff applies as usual.


Erm. How? To my knowledge you can't predetermine if a hash could
potentially collide.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 318 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141209/99164298/attachment.txt>

From afalex169 at gmail.com  Tue Dec  9 04:21:45 2014
From: afalex169 at gmail.com (=?UTF-8?B?INCQ0LvQtdC60YHQsNC90LTRgCA=?=)
Date: Tue, 9 Dec 2014 14:21:45 +0200
Subject: antiprism
Message-ID: <CAEm6KbL=6bX+to1kRibY+6kf9meYgo__K1wKvCqrQBKicsDGig@mail.gmail.com>

This might be interesting to the community:

http://www.antiprism.ca/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 140 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141209/672c68ef/attachment.txt>

From grarpamp at gmail.com  Tue Dec  9 11:36:51 2014
From: grarpamp at gmail.com (grarpamp)
Date: Tue, 9 Dec 2014 14:36:51 -0500
Subject: Bitcoin finna blow uuuppp bitch3z!!!
Message-ID: <CAD2Ti2_qEQLHsYW05yqjCP__4k-90v8OZCi_0NK9SrqTeve0oA@mail.gmail.com>

Famous Amos aka MrIPadChain aka Made4TVGecko talks Bitcoin.
Nuff said.

#1 Bitcoin vs Black People
https://www.youtube.com/watch?v=rAfOCqgS8gs
#2 Bitcoin Saved My Life
https://www.youtube.com/watch?v=q8cUDTWUEog




From grarpamp at gmail.com  Tue Dec  9 12:27:24 2014
From: grarpamp at gmail.com (grarpamp)
Date: Tue, 9 Dec 2014 15:27:24 -0500
Subject: [Cryptography] Toxic Combination
In-Reply-To: <54873C86.2060205@garlic.com>
References: <E1Xxw8t-0004vr-91@login01.fos.auckland.ac.nz>
 <5485C845.4090905@iang.org> <54860070.1000107@garlic.com>
 <5486BF4C.6020400@gmail.com> <54873C86.2060205@garlic.com>
Message-ID: <CAD2Ti2-_ZXAXkMYr8vEqeeGcpUo3Q3m9kQ3pXLjayXv+C6ifTw@mail.gmail.com>

On Tue, Dec 9, 2014 at 1:16 PM, Anne & Lynn Wheeler <lynn at garlic.com> wrote:
> The CA-industry had a lot of hype about supposed need for branded
> CA institution.
> ...
> records were conveyed to the
> CA, where the bits would be swizzled into a digital certificate for
> the small price of $100/account.
> ...
> We then went to some Federal LEOs and were told that investment
> bankers were like that.Many of the investment bankers involved
> in the internet bubble IPO mill (put in a few tens millions, hype
> for couple yrs, IPO for couple billion, and then fail, leaving the field
> open for the next round of IPOs), had previous walked away clean from
> the S&L mess and were predicted next to get into mortgages.

First thing I remember thinking about the whole CA cert game
way back years ago when people started thinking they needed
certs, at $100++ per year, as opposed to verified and pinned self
signed for the sites you care about, was... wtf, why?, scam!!!
Turns out, it's actually shaping up to be the greatest internet
swindle of all time. Hook, line, sinker.

Here's another old crony network being exposed and replaced...
https://www.youtube.com/watch?v=YABLAc2pEAk
http://imgur.com/50tnTli

[Sure, after all the coins are mined you have to model the
then steady state tranfee and thin client ecosystem, but still.]




From coderman at gmail.com  Tue Dec  9 17:14:05 2014
From: coderman at gmail.com (coderman)
Date: Tue, 9 Dec 2014 17:14:05 -0800
Subject: Backward compatibility bites again (like RC4 in WPA2)
Message-ID: <CAJVRA1Qn3+DTb7gMYJt4gYAJdooR8FEKF1H=JrdiLTMvRFs0jw@mail.gmail.com>

On 12/9/14, grarpamp <grarpamp at gmail.com> wrote:
> https://www.imperialviolet.org/2014/12/08/poodleagain.html
>
> Similar how continued insistence on centralized
> SMTP continues to bite.

at least they're trying.

RC4 in WPA2, and no signs anyone cares...




From grarpamp at gmail.com  Tue Dec  9 14:49:14 2014
From: grarpamp at gmail.com (grarpamp)
Date: Tue, 9 Dec 2014 17:49:14 -0500
Subject: Backward compatibility bites again
Message-ID: <CAD2Ti2_EaLt6syswBTUvM-2VmqcqRJ25hO-FZmXnFcH6mBXVMQ@mail.gmail.com>

https://www.imperialviolet.org/2014/12/08/poodleagain.html

Similar how continued insistence on centralized
SMTP continues to bite.




From grarpamp at gmail.com  Tue Dec  9 20:32:34 2014
From: grarpamp at gmail.com (grarpamp)
Date: Tue, 9 Dec 2014 23:32:34 -0500
Subject: [Cryptography] North Korea and Sony
In-Reply-To: <20141209195535.86FB422825F@palinka.tinho.net>
References: <CAMm+LwiULiUBNy85KRC+dL01fgF1UvjJhaJBBq0_yughWzOTMw@mail.gmail.com>
 <20141209195535.86FB422825F@palinka.tinho.net>
Message-ID: <CAD2Ti28Cj7Y-JPhupVbJv4SRJLqiHbPnaZ9efQJ-usaWBLHh3Q@mail.gmail.com>

On Tue, Dec 9, 2014 at 2:55 PM,  <dan at geer.org> wrote:
> "Banks Dreading Computer Hacks Call for Cyber War Council"
> Bloomberg, July 8, 2014
>
> www.bloomberg.com/news/print/2014-07-08/banks-dreading-computer-hacks-call-for-cyber-war-council.html
>
>   Wall Street's biggest trade group has proposed a government-industry
>   cyber war council to stave off terrorist attacks that could trigger
>   financial panic by temporarily wiping out account balances,
>   according to an internal document.
>
>   The proposal by the Securities Industry and Financial Markets
>   Association calls for a committee of executives and deputy-level
>   representatives from at least eight U.S. agencies including the
>   Treasury Department, the National Security Agency and the Department
>   of Homeland Security, all led by a senior White House official.
>
>   The document sketches an unusually frank and pessimistic view by
>   the industry of its readiness for attacks wielded by nation-states
>

Extending your quote for revolving context...

"The trade association also reveals in the document that Sifma has
retained former NSA director Keith Alexander to "facilitate" the
joint effort with the government. Alexander, in turn, has brought
in Michael Chertoff, the former U.S. Secretary of Homeland Security,
and his firm, Chertoff Group."
"Alexander had been pitching Sifma and other bank trade associations
to purchase his services through his new consulting firm, IronNet
Cybersecurity Inc., for as much as $1 million per month, according to
two people briefed on the talks."


The article full of other juicy things...




From grarpamp at gmail.com  Tue Dec  9 20:57:40 2014
From: grarpamp at gmail.com (grarpamp)
Date: Tue, 9 Dec 2014 23:57:40 -0500
Subject: Backward compatibility bites again (like RC4 in WPA2)
In-Reply-To: <CAJVRA1Qn3+DTb7gMYJt4gYAJdooR8FEKF1H=JrdiLTMvRFs0jw@mail.gmail.com>
References: <CAJVRA1Qn3+DTb7gMYJt4gYAJdooR8FEKF1H=JrdiLTMvRFs0jw@mail.gmail.com>
Message-ID: <CAD2Ti2_kGTytUbgnK+xwygh9ymp0AAjcdHKhWqCcg-HEr_kT6A@mail.gmail.com>

On Tue, Dec 9, 2014 at 8:14 PM, coderman <coderman at gmail.com> wrote:
> RC4 in WPA2, and no signs anyone cares...

The wifi alliance is a bunch of closed companies competing
in closed hardware, microcode, firmware and licenses with
probably no dependency on opensource other than stealing it.
ie: broadcom. And both ends of the connection are terminated
by their hardware, you're not in the loop. (Unless you're your
own AP/sniffer, in which case they don't care.)

Now with your largely opensource browser, TLS libs and apache,
even if your far end is terminating on some closed cisco hardware
at closed google, they're at least half driven by you, compatibility wise.

Though users might care, at least the 'both ends owned' vendors
will be extremely resistant to change.

Would you have better luck convincing coffee shop owners
to run openwrt so you can terminate an AES local VPN on
their hotspot and then out to the net, overlaying what's
used on the airwaves be it rc4 or cleartext?
Let me know what shop to patronize :)

(The b43 wireless project used to write some open
firmware for broadcom nics. And other brands do have
some open firmware. Thought WPA2 was in the silicon
though, I might be wrong.)




From grarpamp at gmail.com  Wed Dec 10 01:24:01 2014
From: grarpamp at gmail.com (grarpamp)
Date: Wed, 10 Dec 2014 04:24:01 -0500
Subject: PirateBay Raided
Message-ID: <CAD2Ti2-iqSE14OLy_tibNwVbdJPPYKFU2xR9C2rqa3EYr4ng=g@mail.gmail.com>

http://torrentfreak.com/swedish-police-raid-the-pirate-bay-site-offline-141209/
http://torrentfreak.com/pirate-bay-goes-worldwide-141209/
http://blog.brokep.com/2014/12/09/the-pirate-bay-down-forever/

Perhaps this time it's related to TPB carrying the Sony GOP torrents?
http://www.reddit.com/r/onions/comments/2orlji
http://lolsonynnslow5lt.onion/

The TPB onion is also down:
http://jntlesnev5o7zysa.onion/

When will filesharers move in mass onto the anonymous networks?
Or what will cause them to?


As in a reddit thread:
https://bobbiblogger.files.wordpress.com/2013/04/north-korea.jpg
http://i1.kym-cdn.com/photos/images/original/000/030/161/ha_ha.jpg




From rysiek at hackerspace.pl  Wed Dec 10 02:14:27 2014
From: rysiek at hackerspace.pl (rysiek)
Date: Wed, 10 Dec 2014 11:14:27 +0100
Subject: PirateBay Raided
In-Reply-To: <CAD2Ti2-iqSE14OLy_tibNwVbdJPPYKFU2xR9C2rqa3EYr4ng=g@mail.gmail.com>
References: <CAD2Ti2-iqSE14OLy_tibNwVbdJPPYKFU2xR9C2rqa3EYr4ng=g@mail.gmail.com>
Message-ID: <1833921.rP7kAcgbnu@lapuntu>

Dnia środa, 10 grudnia 2014 04:24:01 grarpamp pisze:
> http://torrentfreak.com/swedish-police-raid-the-pirate-bay-site-offline-1412
> 09/ http://torrentfreak.com/pirate-bay-goes-worldwide-141209/
> http://blog.brokep.com/2014/12/09/the-pirate-bay-down-forever/
> 
> Perhaps this time it's related to TPB carrying the Sony GOP torrents?
> http://www.reddit.com/r/onions/comments/2orlji
> http://lolsonynnslow5lt.onion/
> 
> The TPB onion is also down:
> http://jntlesnev5o7zysa.onion/
> 
> When will filesharers move in mass onto the anonymous networks?
> Or what will cause them to?
> 
> 
> As in a reddit thread:
> https://bobbiblogger.files.wordpress.com/2013/04/north-korea.jpg
> http://i1.kym-cdn.com/photos/images/original/000/030/161/ha_ha.jpg

Peter Sunde on the issue and on TPB in general:
http://www.anonsweden.se/?p=6588

-- 
Pozdrawiam,
Michał "rysiek" Woźniak
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 411 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141210/705e9da5/attachment.sig>

From carimachet at gmail.com  Wed Dec 10 02:55:35 2014
From: carimachet at gmail.com (Cari Machet)
Date: Wed, 10 Dec 2014 11:55:35 +0100
Subject: PirateBay Raided
In-Reply-To: <1833921.rP7kAcgbnu@lapuntu>
References: <CAD2Ti2-iqSE14OLy_tibNwVbdJPPYKFU2xR9C2rqa3EYr4ng=g@mail.gmail.com>
 <1833921.rP7kAcgbnu@lapuntu>
Message-ID: <CAGRDzQVkSt9A6kfs+VNEfRg=_CT1fw-1ZKxfLrXEYarEfWOqVQ@mail.gmail.com>

thepiratebay.cr

On Wed, Dec 10, 2014 at 11:14 AM, rysiek <rysiek at hackerspace.pl> wrote:

> Dnia środa, 10 grudnia 2014 04:24:01 grarpamp pisze:
> >
> http://torrentfreak.com/swedish-police-raid-the-pirate-bay-site-offline-1412
> > 09/ http://torrentfreak.com/pirate-bay-goes-worldwide-141209/
> > http://blog.brokep.com/2014/12/09/the-pirate-bay-down-forever/
> >
> > Perhaps this time it's related to TPB carrying the Sony GOP torrents?
> > http://www.reddit.com/r/onions/comments/2orlji
> > http://lolsonynnslow5lt.onion/
> >
> > The TPB onion is also down:
> > http://jntlesnev5o7zysa.onion/
> >
> > When will filesharers move in mass onto the anonymous networks?
> > Or what will cause them to?
> >
> >
> > As in a reddit thread:
> > https://bobbiblogger.files.wordpress.com/2013/04/north-korea.jpg
> > http://i1.kym-cdn.com/photos/images/original/000/030/161/ha_ha.jpg
>
> Peter Sunde on the issue and on TPB in general:
> http://www.anonsweden.se/?p=6588
>
> --
> Pozdrawiam,
> Michał "rysiek" Woźniak




-- 
Cari Machet
NYC 646-436-7795
carimachet at gmail.com
AIM carismachet
Syria +963-099 277 3243
Amman +962 077 636 9407
Berlin +49 152 11779219
Reykjavik +354 894 8650
Twitter: @carimachet <https://twitter.com/carimachet>

7035 690E 5E47 41D4 B0E5 B3D1 AF90 49D6 BE09 2187

Ruh-roh, this is now necessary: This email is intended only for the
addressee(s) and may contain confidential information. If you are not the
intended recipient, you are hereby notified that any use of this
information, dissemination, distribution, or copying of this email without
permission is strictly prohibited.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3522 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141210/a9613005/attachment.txt>

From list at sysfu.com  Wed Dec 10 12:54:39 2014
From: list at sysfu.com (Seth)
Date: Wed, 10 Dec 2014 12:54:39 -0800
Subject: =?utf-8?B?U25vd2RlbiByYW4gYSBtYWpvciAyIEdicHMgZXhpdCBub2RlIG5hbWVkIA==?=
 =?utf-8?B?4oCcVGhlU2lnbmFs4oCd?=
Message-ID: <op.xqn61dlfbgbjo9@work-pc.lan>

This may be old news to some but I found it quite remarkable to discover  
today that prior to fleeing what I like to call "The United State", Ed  
Snowden apparently ran a major Tor exit node named "TheSignal".  
http://pando.com/2014/07/16/tor-spooks/

Furthermore, he helped to organize and throw a freakin' Crypto Party on  
Oahu (contacting and co-ordinating via email with Runa Sandvik using his  
legal name!!) about six months prior to bailing for Hong Kong.

According to the same Pandodaily article he "was trying to get some of his  
buddies at “work” to set up additional Tor nodes…".

Not exactly a shining example of good OpSec for someone who is also  
secretly gathering a trove of classified documents to leak.




From rysiek at hackerspace.pl  Wed Dec 10 14:07:22 2014
From: rysiek at hackerspace.pl (rysiek)
Date: Wed, 10 Dec 2014 23:07:22 +0100
Subject: Snowden ran a major 2 Gbps exit node named
 =?UTF-8?B?4oCcVGhlU2lnbmFs4oCd?=
In-Reply-To: <op.xqn61dlfbgbjo9@work-pc.lan>
References: <op.xqn61dlfbgbjo9@work-pc.lan>
Message-ID: <2420498.yb3QGfsMOz@lapuntu>

Dnia środa, 10 grudnia 2014 12:54:39 Seth pisze:
> This may be old news to some but I found it quite remarkable to discover
> today that prior to fleeing what I like to call "The United State", Ed
> Snowden apparently ran a major Tor exit node named "TheSignal".
> http://pando.com/2014/07/16/tor-spooks/
> 
> Furthermore, he helped to organize and throw a freakin' Crypto Party on
> Oahu (contacting and co-ordinating via email with Runa Sandvik using his
> legal name!!) about six months prior to bailing for Hong Kong.
> 
> According to the same Pandodaily article he "was trying to get some of his
> buddies at “work” to set up additional Tor nodes…".
> 
> Not exactly a shining example of good OpSec for someone who is also
> secretly gathering a trove of classified documents to leak.

Or, maybe, quite the contrary. "Nah, that guy runs a TOR exit node, organises 
CryptoParties -- our guy would lay low". ;)

-- 
Pozdrawiam,
Michał "rysiek" Woźniak
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 411 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141210/0e7c9589/attachment.sig>

From jsalvia at gmail.com  Wed Dec 10 14:51:13 2014
From: jsalvia at gmail.com (Jordi Salvia)
Date: Wed, 10 Dec 2014 23:51:13 +0100
Subject: PirateBay Raided
In-Reply-To: <CAD2Ti2-iqSE14OLy_tibNwVbdJPPYKFU2xR9C2rqa3EYr4ng=g@mail.gmail.com>
References: <CAD2Ti2-iqSE14OLy_tibNwVbdJPPYKFU2xR9C2rqa3EYr4ng=g@mail.gmail.com>
Message-ID: <5488CE61.3040403@gmail.com>


The Pirate Bay down, forever?
http://blog.brokep.com/2014/12/09/the-pirate-bay-down-forever/
>From Peter Sunde @brokep


El 10/12/14 a les 10:24, grarpamp ha escrit:
> http://torrentfreak.com/swedish-police-raid-the-pirate-bay-site-offline-141209/
> http://torrentfreak.com/pirate-bay-goes-worldwide-141209/
> http://blog.brokep.com/2014/12/09/the-pirate-bay-down-forever/
>
> Perhaps this time it's related to TPB carrying the Sony GOP torrents?
> http://www.reddit.com/r/onions/comments/2orlji
> http://lolsonynnslow5lt.onion/
>
> The TPB onion is also down:
> http://jntlesnev5o7zysa.onion/
>
> When will filesharers move in mass onto the anonymous networks?
> Or what will cause them to?
>
>
> As in a reddit thread:
> https://bobbiblogger.files.wordpress.com/2013/04/north-korea.jpg
> http://i1.kym-cdn.com/photos/images/original/000/030/161/ha_ha.jpg




From wilfred at vt.edu  Thu Dec 11 09:23:49 2014
From: wilfred at vt.edu (Wilfred Guerin)
Date: Thu, 11 Dec 2014 07:23:49 -1000
Subject: re CIA Torture, FBI Shills, Fort Gordon's Snow
Message-ID: <CAG+6jOYX+TPSZ9HpgsC+a3x-j_EdVhXKzKh5JokoQ2aGPcbRdg@mail.gmail.com>

>
> http://www.nytimes.com/2006/07/25/washington/25protect.html?_r=0
>

http://www.nytimes.com/2006/07/25/washington/25protect.html?_r=0

Alexander W. Joel (CIA GC, ODNI CLPO) is grandson of Clarence M. Kelley
(FBI), uncle is Patrick W. Kelley (FBI OIC) whose privacy-evangelist neice
is Jill Kelley (Petraeus).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 634 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141211/8e95a735/attachment.txt>

From grarpamp at gmail.com  Thu Dec 11 04:41:05 2014
From: grarpamp at gmail.com (grarpamp)
Date: Thu, 11 Dec 2014 07:41:05 -0500
Subject: Microsoft accepts Bitcoin
Message-ID: <CAD2Ti2883sqPDyuJvUsXQwT2+e=EHxnxsdTZY7Mny57zWRvnVA@mail.gmail.com>

https://commerce.microsoft.com/PaymentHub/Help/Right?helppagename=CSV_BitcoinHowTo.htm

BTC price jumps 6%

https://www.youtube.com/watch?v=gG2vMISThpA




From grarpamp at gmail.com  Thu Dec 11 05:28:15 2014
From: grarpamp at gmail.com (grarpamp)
Date: Thu, 11 Dec 2014 08:28:15 -0500
Subject: Microsoft accepts Bitcoin
In-Reply-To: <CAD2Ti2883sqPDyuJvUsXQwT2+e=EHxnxsdTZY7Mny57zWRvnVA@mail.gmail.com>
References: <CAD2Ti2883sqPDyuJvUsXQwT2+e=EHxnxsdTZY7Mny57zWRvnVA@mail.gmail.com>
Message-ID: <CAD2Ti29-YvAujh3q9aTjF0xw3XeXPv2ryHTH=WCPa4+FGRiUJA@mail.gmail.com>

Dell buys Windows images from MS.
Microsoft buys servers from Dell.
Both buy ads from Google.
The three CEO's throw a housewares party with swag from Overstock.
All within six months... all using BTC... who's giving odds?

[Bonus: Dotcom's buy and shutter MasterCard by 2020.]




From juan.g71 at gmail.com  Thu Dec 11 13:58:41 2014
From: juan.g71 at gmail.com (Juan)
Date: Thu, 11 Dec 2014 18:58:41 -0300
Subject: Microsoft accepts Bitcoin
In-Reply-To: <CAD2Ti2883sqPDyuJvUsXQwT2+e=EHxnxsdTZY7Mny57zWRvnVA@mail.gmail.com>
References: <CAD2Ti2883sqPDyuJvUsXQwT2+e=EHxnxsdTZY7Mny57zWRvnVA@mail.gmail.com>
Message-ID: <548a1311.c733e00a.2fec.ffffe7fa@mx.google.com>

On Thu, 11 Dec 2014 07:41:05 -0500
grarpamp <grarpamp at gmail.com> wrote:

> https://commerce.microsoft.com/PaymentHub/Help/Right?helppagename=CSV_BitcoinHowTo.htm
> 
> BTC price jumps 6%

	you forgot to mention that correlation does not imply causation
	=)



> 
> https://www.youtube.com/watch?v=gG2vMISThpA




From grarpamp at gmail.com  Thu Dec 11 19:43:45 2014
From: grarpamp at gmail.com (grarpamp)
Date: Thu, 11 Dec 2014 22:43:45 -0500
Subject: Microsoft accepts Bitcoin
In-Reply-To: <CAD2Ti29-YvAujh3q9aTjF0xw3XeXPv2ryHTH=WCPa4+FGRiUJA@mail.gmail.com>
References: <CAD2Ti2883sqPDyuJvUsXQwT2+e=EHxnxsdTZY7Mny57zWRvnVA@mail.gmail.com>
 <CAD2Ti29-YvAujh3q9aTjF0xw3XeXPv2ryHTH=WCPa4+FGRiUJA@mail.gmail.com>
Message-ID: <CAD2Ti2_jz2XsfviHZhMDFRQ_y009x2BU7JQf5YmbMVzgwPkoYQ@mail.gmail.com>

http://blogs.microsoft.com/firehose/2014/12/11/now-you-can-exchange-bitcoins-to-buy-apps-games-and-more-for-windows-windows-phone-and-xbox/
http://blog.bitpay.com/2014/12/11/microsoft-chooses-bitpay-to-power-bitcoin-payments.html
http://www.coindesk.com/bitpay-microsoft-aggressive-global-vision-bitcoin/

http://imgur.com/NuSIA8O
https://www.youtube.com/watch?v=E5lf5S_zJWk
https://www.youtube.com/watch?v=fZfg1Gtcg08




From ryacko at gmail.com  Fri Dec 12 10:18:44 2014
From: ryacko at gmail.com (Ryan Carboni)
Date: Fri, 12 Dec 2014 10:18:44 -0800
Subject: Microsoft accepts Bitcoin
Message-ID: <CAO7N=i2UbJnbDV9_4T7AdK0=24qp9s2wTKkfx17iMVhGFvQnTQ@mail.gmail.com>

>
> Basically the
> future of finance is less humane (Bitcoin is hard currency) and more unfair
> (Bitcoin is unfairly distributed). It is also not, in practice,
> distributed


I suggested on the bitcoin forums and devlist that currency minting be the
square root of current block hashing power, this would be inflationary yes,
but it would stabilize the currency and incentize mining (unlike current
plans to reduce fees further).

but you know, a hundred people who first heard of bitcoin through the
cryptography mailing list either lost their bitcoins, or own combined a
large percentage of bitcoins.

inequality begets instability.

the funny thing is that after the next block subsidy cut, a 51% attack
would easily be committed.

but if there's a major war, the world's internet connections will be
disrupted, and bitcoin would probably die in areas in which mining is less
than the biggest contiguous block of miners.

Bitcoin is the worst currency to hold during WWIII, you literally cannot
spend it until the world internet is repaired.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1304 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141212/c2b66ddc/attachment.txt>

From jerry at jerryrw.com  Fri Dec 12 08:53:43 2014
From: jerry at jerryrw.com (Jerry)
Date: Fri, 12 Dec 2014 11:53:43 -0500
Subject: Verizon encryption
Message-ID: <32DADB38-36B4-422D-9C50-DC7A6407FA95@jerryrw.com>

Verizon launches new encrypted voice app; with government backdoor.

http://www.businessweek.com/articles/2014-12-11/verizons-new-encrypted-calling-app-comes-prehacked-for-the-nsa#r=lr-sr






From chgans at gna.org  Thu Dec 11 14:54:24 2014
From: chgans at gna.org (Christian Gagneraud)
Date: Fri, 12 Dec 2014 11:54:24 +1300
Subject: Microsoft accepts Bitcoin
In-Reply-To: <548a1311.c733e00a.2fec.ffffe7fa@mx.google.com>
References: <CAD2Ti2883sqPDyuJvUsXQwT2+e=EHxnxsdTZY7Mny57zWRvnVA@mail.gmail.com>
 <548a1311.c733e00a.2fec.ffffe7fa@mx.google.com>
Message-ID: <548A20A0.4030902@gna.org>

On 12/12/14 10:58, Juan wrote:
> On Thu, 11 Dec 2014 07:41:05 -0500
> grarpamp <grarpamp at gmail.com> wrote:
>
>> https://commerce.microsoft.com/PaymentHub/Help/Right?helppagename=CSV_BitcoinHowTo.htm
>>
>> BTC price jumps 6%
>
> 	you forgot to mention that correlation does not imply causation
> 	=)

Indeed: http://www.tylervigen.com/

>
>
>
>>
>> https://www.youtube.com/watch?v=gG2vMISThpA
>




From list at sysfu.com  Fri Dec 12 13:31:31 2014
From: list at sysfu.com (Seth)
Date: Fri, 12 Dec 2014 13:31:31 -0800
Subject: =?utf-8?B?U25vd2RlbiByYW4gYSBtYWpvciAyIEdicHMgZXhpdCBub2RlIG5hbWVkIA==?=
 =?utf-8?B?4oCcVGhlU2lnbmFs4oCd?=
In-Reply-To: <2420498.yb3QGfsMOz@lapuntu>
References: <op.xqn61dlfbgbjo9@work-pc.lan> <2420498.yb3QGfsMOz@lapuntu>
Message-ID: <op.xqrx2tkybgbjo9@work-pc.lan>

On Wed, 10 Dec 2014 14:07:22 -0800, rysiek <rysiek at hackerspace.pl> wrote:

> Or, maybe, quite the contrary. "Nah, that guy runs a TOR exit node,  
> organises
> CryptoParties -- our guy would lay low". ;)

I'm not sold on the reverse psychology gambit.

"As for the timing, Snowden apparently emailed Greenwald for the first  
time 11 days before the party, and was still waiting for a reply when the  
party happened..."   
https://www.techdirt.com/articles/20140521/07124327303/snowden-ran-major-tor-exit-relay-hosted-cryptoparty-hawaii-while-waiting-greenwald-to-reply.shtml

"Cryptome has uncovered a public key for cincinnatus at lavabit.com, which is  
the same alias he used to contact Glenn Greenwald — and it’s associated  
with the organizing of an event in Honolulu, Hawaii in December 2012,  
where the now-famous NSA whistleblower was then living."  
https://blog.ageispolis.net/snowden-cryptoparty/

Dare I say that it's common knowledge at this point that using Tor, much  
less being an exit node operator puts you 'on the list' for full data take  
and retention 'til the end of time, not to mention active Computer Network  
Exploitation.

-------------------------------
"But the German exposé  showed Tor providing the opposite of anonymity: it  
singled out users for total NSA surveillance, potentially sucking up and  
recording everything they did online."
http://daserste.ndr.de/panorama/aktuell/nsa230_page-1.html

"The first step of this process is finding Tor users. To accomplish this,  
the NSA relies on its vast capability to monitor large parts of the  
internet. This is done via the agency's partnership with US telecoms firms  
under programs codenamed Stormbrew, Fairview, Oakstar and Blarney.

The NSA creates "fingerprints" that detect http requests from the Tor  
network to particular servers. These fingerprints are loaded into NSA  
database systems like XKeyscore, a bespoke collection and analysis tool  
which NSA boasts allows its analysts to see "almost everything" a target  
does on the internet.

Using powerful data analysis tools with codenames such as Turbulence,  
Turmoil and Tumult, the NSA automatically sifts through the enormous  
amount of internet traffic that it sees, looking for Tor connections"   
http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity
----------------------------

Snowden *had* to have known the above, so why would he put himself at risk  
by using the same email/alias to contact Greenwald, and then establish a  
connection from that alias to his legal name by using it to organize the  
cryptoparty eleven days later?!!

Why would he not create a fresh and completely separate dedicated-use  
email account solely for the purposes of establishing contact with  
Greenwald?

On one hand we're supposed to believe that NSA are bumbling idiots that  
missed the email communication between Snowden and Greenwald using the  
same email alias he used as a CryptoParty organizer and Tor exit node(s)  
operator.

On the other hand we have malicious (probably state?) actors that are able  
to decrypt and leak a PGP encrypted email between Snowden and  
Greenwalk/Radack. http://cryptome.org/2014/04/radack-greenwald.htm  as  
well as leak Tor bugs to the developers?
http://www.nsaneforums.com/topic/227563-nsa-and-gchq-agents-leak-tor-bugs-alleges-developer/

Are you fucking kidding me?

The story we are being told is not adding up.

The tiny tiny fragments of actual source documents that has been published  
only adds to my suspicion.

The more that times goes on, the more that I can't help wonder sometimes  
if Snowden is part a gambit to frame the debate.

The fundamental question of whether the surveillance state should even be  
allowed to exist must never be asked. That is always taken as a given.




From l at odewijk.nl  Fri Dec 12 05:28:21 2014
From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=)
Date: Fri, 12 Dec 2014 14:28:21 +0100
Subject: Microsoft accepts Bitcoin
In-Reply-To: <CAD2Ti2_jz2XsfviHZhMDFRQ_y009x2BU7JQf5YmbMVzgwPkoYQ@mail.gmail.com>
References: <CAD2Ti2883sqPDyuJvUsXQwT2+e=EHxnxsdTZY7Mny57zWRvnVA@mail.gmail.com>
 <CAD2Ti29-YvAujh3q9aTjF0xw3XeXPv2ryHTH=WCPa4+FGRiUJA@mail.gmail.com>
 <CAD2Ti2_jz2XsfviHZhMDFRQ_y009x2BU7JQf5YmbMVzgwPkoYQ@mail.gmail.com>
Message-ID: <CAHWD2rJ4uv8JQ2-x22E8+nKeuLO6NLq0mOjBWn=5ptYavQ4ZWA@mail.gmail.com>

I think Bitcoin going big like this was inevitable and not actually a good
thing. The distribution of Bitcoin is horrible. Really, really, really
horrible. Its also what drives and makes inevitable the adoption of
Bitcoin: simply put, there is a marketing budget.

Sadly the alternatives lack adoptation and technical merit. Basically the
future of finance is less humane (Bitcoin is hard currency) and more unfair
(Bitcoin is unfairly distributed). It is also not, in practice,
distributed. There is far too few parties in control of the miners that
work on the blockchain, and there's no reason for that to change. Bitcoin
policy hell is also real, very little will ever be able to change in
Bitcoin world. If it does it will make business sense and not reduce "early
investor advantage".

I'd like to add that Bitcoin is not as interesting as advertised.
Blockchains are a clever hack to achieve global consensus, but in order to
achieve a security level that takes X currency units to reverse around X
currency units have to be burned. Burning currency is undesirable. Only
currency successfully burned by trusted/not-untrusted/uncollaborating
parties counts towards the security level.

So:
 * Distribution is terrible, which causes unstoppable success
 * Is less humane and more capable, causing assorted dangers but also being
more pure (in a currency sense)
 * Can be substituted very easily by something else

I don't really mind Bitcoin becoming successful even though it's imperfect;
it's still an entirely higher/better league than banks. I do mind there
being no talk of why Bitcoin sucks. Because no matter how awesome it is, it
really does suck.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1829 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141212/ea80f97b/attachment.txt>

From juan.g71 at gmail.com  Fri Dec 12 10:14:34 2014
From: juan.g71 at gmail.com (Juan)
Date: Fri, 12 Dec 2014 15:14:34 -0300
Subject: Microsoft accepts Bitcoin
In-Reply-To: <CAHWD2rJ4uv8JQ2-x22E8+nKeuLO6NLq0mOjBWn=5ptYavQ4ZWA@mail.gmail.com>
References: <CAD2Ti2883sqPDyuJvUsXQwT2+e=EHxnxsdTZY7Mny57zWRvnVA@mail.gmail.com>
 <CAD2Ti29-YvAujh3q9aTjF0xw3XeXPv2ryHTH=WCPa4+FGRiUJA@mail.gmail.com>
 <CAD2Ti2_jz2XsfviHZhMDFRQ_y009x2BU7JQf5YmbMVzgwPkoYQ@mail.gmail.com>
 <CAHWD2rJ4uv8JQ2-x22E8+nKeuLO6NLq0mOjBWn=5ptYavQ4ZWA@mail.gmail.com>
Message-ID: <548b3007.f5218c0a.423a.ffffb6c9@mx.google.com>

On Fri, 12 Dec 2014 14:28:21 +0100
Lodewijk andré de la porte <l at odewijk.nl> wrote:


> 
> So:
>  * Distribution is terrible, which causes unstoppable success

	distribution is bad because bitcoin isn't really
	free-market. It's a patch for a corrupt system - at best.


>  * Is less humane and more capable, causing assorted dangers but also
> being more pure (in a currency sense)

	
	Humane? What the hell are you talking about? The fact that
	bitcoin can't be counterfeited, at least in theory, is one of
	its main advantages. 

	But I imagine that 'humanism' for you means : the totalitarian
	government I favor should be able to print money out of thin air
	in order to fund whatever 'free' and compulsory social plan I
	like. Obey or die.


>  * Can be substituted very easily by something else
> 
> I don't really mind Bitcoin becoming successful even though it's
> imperfect; it's still an entirely higher/better league than banks.

	But apparently can't be manipulated by governments! The horror.

 
> do mind there being no talk of why Bitcoin sucks. Because no matter
> how awesome it is, it really does suck.


	Of course bitcoin pushers won't talk about why it sucks. 

	Wait. If I recally correctly, you as a pusher used to whine
	about bitcoin being used in black markets because of the bad
	press? And now you changed your tune? lol





From grarpamp at gmail.com  Fri Dec 12 13:52:52 2014
From: grarpamp at gmail.com (grarpamp)
Date: Fri, 12 Dec 2014 16:52:52 -0500
Subject: Microsoft accepts Bitcoin
In-Reply-To: <CAO7N=i2UbJnbDV9_4T7AdK0=24qp9s2wTKkfx17iMVhGFvQnTQ@mail.gmail.com>
References: <CAO7N=i2UbJnbDV9_4T7AdK0=24qp9s2wTKkfx17iMVhGFvQnTQ@mail.gmail.com>
Message-ID: <CAD2Ti2_kuscnLhdfNZXs8S-XMGWWR92P8WaSsj_OWbFHpSEm5g@mail.gmail.com>

On Fri, Dec 12, 2014 at 1:18 PM, Ryan Carboni <ryacko at gmail.com> wrote:
> but if there's a major war, the world's internet connections will be
> disrupted, and bitcoin would probably die in areas in which mining is less
> than the biggest contiguous block of miners.
>
> Bitcoin is the worst currency to hold during WWIII, you literally cannot
> spend it until the world internet is repaired.

Like fiat, you can still use BTC locally. A country/bloc at war may,
or may be subject to, sever border fiber. This is called a fork.
Thereafter, you, and miners, all residing within that fork, will have,
from your perspective, the last physical copy of the blockchain (in peactime,
the single global one, forklevel 0). After the diplomats sign to end the
war, as with all other commerce, supply chains, currencies... the parties
engage in price discovery, rebuild, reintegrate, settle out. It's maybe
impossible remerge the blockchains, but since your local fork still has
local value, you'll sell/swap it for value in whatever the global chain is at
that time. Local fiat is no different in that revaluation process. However gold
seems historically resistant, and after the border is repaired, your gold
typically gets you the value it has in the winning country, unlike local
fiat/digital which loses drastically. Still, everything is subject to natural
rebasing on market cap, forms of management/underwriting. or left to die.

There's a twist to the traditional thinking many people might write
mirroring the above... your privkey still has value in the "enemy chain"
(the one on the other side of the cut). Figure that scenario out.

War fucks shit up... don't expect that your fiat/digital/gold currency
of choice will ever come out unscathed. The old rule still applies, flee
or convert what you need to capital/real value beforehand, if you have
enough time. Good luck if it goes nuclear.




From rob at robmyers.org  Fri Dec 12 17:26:56 2014
From: rob at robmyers.org (Rob Myers)
Date: Fri, 12 Dec 2014 17:26:56 -0800
Subject: blasphemy!
In-Reply-To: <548b7de8.0ca5e00a.5877.0a0a@mx.google.com>
References: <548b7de8.0ca5e00a.5877.0a0a@mx.google.com>
Message-ID: <548B95E0.9090601@robmyers.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/12/14 03:46 PM, Juan wrote:
> 
> "Almost everyone involved in developing Tor was (or is) funded by
> the US government"

Part seven of the series "things everyone except clickbait journalists
know".

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJUi5XgAAoJECciMUAZd2dZedUIAMB5tOOS8gAq7DgLwqaCq5TE
Z80BDcI1AdXE96BcU4/FuctuodefRkBE+TtUeVyUtG4T+DjOg+gaWg4VWsFTFRcV
cpJ/7nPnpn5YYuBxYfk0GCF+QY4v26CugrpuCwp4ifTW1EkxEFTJfHsKww0UNy8h
UWPpV3Sg+PKvM1YG4sFsS0+5j0lZ2Wu+epXeewvugGVI7GAp3piaU5gPe3pF9G5r
ZAK0eZuZS9L7BrpVkrIhWjhiwX9TvJvhLdZu/GOJhmVAhaTPWOY3hmB6mtkVJnPk
BSSuU3COslYgIX0cxdQ/Q9SdDmIdV/2On1nsAhNETPBd3sZEOnHVVCi2krcXOlQ=
=gXlL
-----END PGP SIGNATURE-----




From juan.g71 at gmail.com  Fri Dec 12 12:56:22 2014
From: juan.g71 at gmail.com (Juan)
Date: Fri, 12 Dec 2014 17:56:22 -0300
Subject: Gaagle
Message-ID: <548b55f4.c135e00a.5f4c.ffffe3bb@mx.google.com>



Yes! I had misplaced this link but finally found it again. I don't
think it can get any better than this

https://www.youtube.com/watch?v=5F7SUWb9LPI


















(unintentional self-parody, that is)





From juan.g71 at gmail.com  Fri Dec 12 15:46:48 2014
From: juan.g71 at gmail.com (Juan)
Date: Fri, 12 Dec 2014 20:46:48 -0300
Subject: blasphemy!
Message-ID: <548b7de8.0ca5e00a.5877.0a0a@mx.google.com>



	As far as I can tell this hasn't been posted on the list 

	"Almost everyone involved in developing Tor was (or is) funded
	by the US government" 

	 http://pando.com/2014/07/16/tor-spooks/


	The comments from the tor fanboys are both revolting and
	amusing. These people are as mindless as jesus freaks.









	




From juan.g71 at gmail.com  Fri Dec 12 17:32:28 2014
From: juan.g71 at gmail.com (Juan)
Date: Fri, 12 Dec 2014 22:32:28 -0300
Subject: more blasphemy
Message-ID: <548b96ac.a45c8c0a.7fc1.1d50@mx.google.com>



	and more!

	pando.com/2014/11/14/tor-smear/


	"Perhaps it’s somewhat understandable that salaried Tor 
	developers like Andrea Shepard and Jacob Appelbaum went on the
	attack......Both Appelbaum and Shepard circulate in radical
	anti-police state circles, and my article pointed out that they
	earn $100,000-plus annual salaries working for a nonprofit
	federal government security contractor—a nonprofit that gets at
	least three-quarters of its annual funding from the Pentagon,
	State Department, and other federal agencies. In other words,
	Tor anti-National Security State rebels are living off the
	largesse of their NatSec State nemesis." 


	"Morgan Marquis-Boire, a former Googler who was recently
	poached by Pierre Omidyar to run security at First Look, called
	me a loony conspiracy theorist for reporting on Tor’s
	government funding—but then contradicted himself by arguing
	that this “conspiracy theory” is a matter of public record. It
	was a baffling, oxymoronic argument to make—accusing my article
	of being both a wild conspiracy theory, yet also boring old
	news that no one should bother reading—but for some reason, Tor
	defenders thought this self-contradiction made perfect logical
	sense:" 


	"As it turned out, Halpin, like the Tor developers and their
	defenders, had other reasons to try to discredit reporting on
	funding and conflicts-of-interest. Halpin is the president of
	LEAP, a small privacy/encryption outfit that gets most of its
	funding from various government sources—including more than $1
	million from Radio Free Asia’s “Open Technology Fund.” This
	fund just happens to be a major financial backer of the Tor
	Network; last year alone, the Open Technology Fund gave Tor
	$600,000. The fund also happens to be run out of the
	Broadcasters Board of Governors (BBG), an old CIA spinoff
	dedicated to waging propaganda warfare against regimes hostile
	to US interests. The BBG—which until recently was called the
	International Broadcasting Bureau—has also been one of the
	biggest backers of Tor going back to 2007." 


	"No wonder all these people are so upset by my reporting.
	They’ve branded themselves as radical activists fighting The
	Man and the corporate surveillance apparatus—while taking money
	from the US government’s military and foreign policy arms, as
	well as the biggest and worst corporate violators of our
	privacy. By branding themselves as radical activists, they
	appear to share the same interests as the grassroots they seek
	to influence; exposing their funding conflicts-of-interests
	makes it hard for them to pose as grassroots radicals. So
	instead of  explaining why getting funding from the very
	entitities that Tor is supposed to protect users from is not a
	problem, they’ve taken the low road to discredit the very idea
	of reporting on monetary conflicts-of-interests as either
	irrelevant, or worse, a sign of mental illness."


	



	




From juan.g71 at gmail.com  Fri Dec 12 18:01:21 2014
From: juan.g71 at gmail.com (Juan)
Date: Fri, 12 Dec 2014 23:01:21 -0300
Subject: tor : just keep lying
Message-ID: <548b9d71.0ca5e00a.5877.23cd@mx.google.com>



http://pando.com/2014/12/09/clearing-the-air-around-tor/


" What makes Tor different from the usual thesaurus-full of government
projects is that Tor is essentially a very elaborate math trick, using
layers of math puzzles to create a network-within-the-network. That
math is being implemented in front of a global audience of millions of
sophisticated watchers. It is likely the most examined codebase in the
world. It has been subjected to multiple public audits. The math, well
known and widely standardized, will work for everyone, or it will not,
whoever pays the bills." 


What a piece of dishonest garbage. Now it turns out that all
software is 'math' so it either 'works'  or not? All the usual
problems with government funded activities magically go away because
"it's math". Wow. The stupid is overwhelming. 


"millions of sophisticated watchers" 

LOL - I wonder how many people actually reviewed tor's source? 10? 50?
Or maybe 0?
 

The funny thing with these zealots is that they are way more brazen and
full of shit than even the tor developers. 





From grarpamp at gmail.com  Sat Dec 13 02:39:11 2014
From: grarpamp at gmail.com (grarpamp)
Date: Sat, 13 Dec 2014 05:39:11 -0500
Subject: GoldBug SF projects [was: Bittorrent Bleep]
In-Reply-To: <CAD2Ti29AKJ+4rXV8qT9xtMMsDUO-s+vRss9dOQkO5ZiFG+K-qA@mail.gmail.com>
References: <CAD2Ti2-BgskWH1LXfWVr89vGByu8b1k52VL84vrH3y4ZEWVnoA@mail.gmail.com>
 <CAD2Ti280QCEBo7maHvt_NkZuf7yt_so8dY45smr5ecV1eGdmAA@mail.gmail.com>
 <CADS43vCD_k0-wZ7skCsqG98vbW3Vn7Fnt4cUVzawTa0n1tSzOg@mail.gmail.com>
 <CAD2Ti28iDxVpbCFAO0RKiKRHv-bg9sdowzK6Y0FvD5tdWT6DZw@mail.gmail.com>
 <CAD2Ti2-pKewLHXtOEHpN_Y44h_dFgBBcbVoKzkAENKrytEBizA@mail.gmail.com>
 <CAD2Ti295eczCXS_7DxQX6K5f5=ZznBTuWfzHUfN7_GhnxPmfTw@mail.gmail.com>
 <CAOsGNSQ5EhA6mSOJpG366h7cgN9eVqwofPLQxHUfjjV9VKg_hQ@mail.gmail.com>
 <CAD2Ti2_eG8NPm5nJ3YVpwmK_totjKpaLzsw1nR3xrQ5es0QHyw@mail.gmail.com>
 <CAD2Ti29AKJ+4rXV8qT9xtMMsDUO-s+vRss9dOQkO5ZiFG+K-qA@mail.gmail.com>
Message-ID: <CAD2Ti2-zf5MoLomo1xHwH9_sCGM=zAha8hmGbqAme=dojhPgoQ@mail.gmail.com>

A new spamming shill popped up today posting to various
lists in the community. Would love to know what these idiots
and their binaries are up to and who's behind it.

"
John Winter <blogger81 at techemail.com>
Poptastic: Encrypted Chat over POP3
Hi, a first test was successful here! SMTP Ports should enable over
Poptastic encrypted chat (& email) behind every Firewall. Maybe a tool
for Thunderbird too?!
Ciao John
http://www.pro-linux.de/news/1/21822/poptastic-verschluesselter-chat-ueber-pop3.html
GoldBug / Spot-On / ...
"




From jya at pipeline.com  Sat Dec 13 04:14:57 2014
From: jya at pipeline.com (John Young)
Date: Sat, 13 Dec 2014 07:14:57 -0500
Subject: tor : just keep lying
In-Reply-To: <548b9d71.0ca5e00a.5877.23cd@mx.google.com>
References: <548b9d71.0ca5e00a.5877.23cd@mx.google.com>
Message-ID: <E1Xzlb2-0004Dy-2y@elasmtp-banded.atl.sa.earthlink.net>

To counter accusations, say black is charcoal, then charcoal
is gray, then gray is silver, then silver is gold, then gold is
platinum, then platinum is diamond. Conclusion: black diamonds
are family jewels which must be protected to sustain royals who
are enriched by them. Opposition to this holy verity is evil incarnate.
Believers in insider riggings will definitely slaughter opponents and
call it crusading patriotism, more vulgarly, national security, or more
down to earth for this list, freedom of our information not yours. We
can hide our precious stones to assure their inflated value but you
cannot hide your worthless junk opinions. Our WMD W3 sysadmins
can whip your futile insurgencies of of Tor hide and seek.


At 09:01 PM 12/12/2014, you wrote:


>http://pando.com/2014/12/09/clearing-the-air-around-tor/
>
>
>" What makes Tor different from the usual thesaurus-full of government
>projects is that Tor is essentially a very elaborate math trick, using
>layers of math puzzles to create a network-within-the-network. That
>math is being implemented in front of a global audience of millions of
>sophisticated watchers. It is likely the most examined codebase in the
>world. It has been subjected to multiple public audits. The math, well
>known and widely standardized, will work for everyone, or it will not,
>whoever pays the bills."
>
>
>What a piece of dishonest garbage. Now it turns out that all
>software is 'math' so it either 'works'  or not? All the usual
>problems with government funded activities magically go away because
>"it's math". Wow. The stupid is overwhelming.
>
>
>"millions of sophisticated watchers"
>
>LOL - I wonder how many people actually reviewed tor's source? 10? 50?
>Or maybe 0?
>
>
>The funny thing with these zealots is that they are way more brazen and
>full of shit than even the tor developers.





From hozer at hozed.org  Sat Dec 13 11:10:53 2014
From: hozer at hozed.org (Troy Benjegerdes)
Date: Sat, 13 Dec 2014 13:10:53 -0600
Subject: Snowden ran a major 2 Gbps =?utf-8?Q?e?=
 =?utf-8?B?eGl0IG5vZGUgbmFtZWQg4oCcVGhlU2lnbmFs4oCd?=
In-Reply-To: <op.xqrx2tkybgbjo9@work-pc.lan>
References: <op.xqn61dlfbgbjo9@work-pc.lan> <2420498.yb3QGfsMOz@lapuntu>
 <op.xqrx2tkybgbjo9@work-pc.lan>
Message-ID: <20141213191053.GK29130@nl.grid.coop>

On Fri, Dec 12, 2014 at 01:31:31PM -0800, Seth wrote:
> On Wed, 10 Dec 2014 14:07:22 -0800, rysiek <rysiek at hackerspace.pl> wrote:
> 
> >Or, maybe, quite the contrary. "Nah, that guy runs a TOR exit
> >node, organises
> >CryptoParties -- our guy would lay low". ;)
> 
> I'm not sold on the reverse psychology gambit.
> 
> "As for the timing, Snowden apparently emailed Greenwald for the
> first time 11 days before the party, and was still waiting for a
> reply when the party happened..."  https://www.techdirt.com/articles/20140521/07124327303/snowden-ran-major-tor-exit-relay-hosted-cryptoparty-hawaii-while-waiting-greenwald-to-reply.shtml
> 
> "Cryptome has uncovered a public key for cincinnatus at lavabit.com,
> which is the same alias he used to contact Glenn Greenwald — and
> it’s associated with the organizing of an event in Honolulu, Hawaii
> in December 2012, where the now-famous NSA whistleblower was then
> living." https://blog.ageispolis.net/snowden-cryptoparty/
> 
> Dare I say that it's common knowledge at this point that using Tor,
> much less being an exit node operator puts you 'on the list' for
> full data take and retention 'til the end of time, not to mention
> active Computer Network Exploitation.
> 
> -------------------------------
> "But the German exposé  showed Tor providing the opposite of
> anonymity: it singled out users for total NSA surveillance,
> potentially sucking up and recording everything they did online."
> http://daserste.ndr.de/panorama/aktuell/nsa230_page-1.html
> 
> "The first step of this process is finding Tor users. To accomplish
> this, the NSA relies on its vast capability to monitor large parts
> of the internet. This is done via the agency's partnership with US
> telecoms firms under programs codenamed Stormbrew, Fairview, Oakstar
> and Blarney.
> 
> The NSA creates "fingerprints" that detect http requests from the
> Tor network to particular servers. These fingerprints are loaded
> into NSA database systems like XKeyscore, a bespoke collection and
> analysis tool which NSA boasts allows its analysts to see "almost
> everything" a target does on the internet.
> 
> Using powerful data analysis tools with codenames such as
> Turbulence, Turmoil and Tumult, the NSA automatically sifts through
> the enormous amount of internet traffic that it sees, looking for
> Tor connections"  http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity
> ----------------------------
> 
> Snowden *had* to have known the above, so why would he put himself
> at risk by using the same email/alias to contact Greenwald, and then
> establish a connection from that alias to his legal name by using it
> to organize the cryptoparty eleven days later?!!
> 
> Why would he not create a fresh and completely separate
> dedicated-use email account solely for the purposes of establishing
> contact with Greenwald?
> 
> On one hand we're supposed to believe that NSA are bumbling idiots
> that missed the email communication between Snowden and Greenwald
> using the same email alias he used as a CryptoParty organizer and
> Tor exit node(s) operator.
> 
> On the other hand we have malicious (probably state?) actors that
> are able to decrypt and leak a PGP encrypted email between Snowden
> and Greenwalk/Radack.
> http://cryptome.org/2014/04/radack-greenwald.htm  as well as leak
> Tor bugs to the developers?
> http://www.nsaneforums.com/topic/227563-nsa-and-gchq-agents-leak-tor-bugs-alleges-developer/
> 
> Are you fucking kidding me?
> 
> The story we are being told is not adding up.
> 
> The tiny tiny fragments of actual source documents that has been
> published only adds to my suspicion.
> 
> The more that times goes on, the more that I can't help wonder
> sometimes if Snowden is part a gambit to frame the debate.
> 
> The fundamental question of whether the surveillance state should
> even be allowed to exist must never be asked. That is always taken
> as a given.
> 

I'd ask the same thing about anonymity. It must always be taken that
both the surveillance state, and anonymity must exist, for one cannot exist
without the other.

But back to things not adding up.. none of us is a superhuman opsec 
practictioner. We all get tired, sloppy, arrogant, including the spooks and
the surveillance state.

If I would have been in Snowden's position I probably would have promoted
tor just as he was, in the hopes it might weaken the system.

As it is, I find the best treatment for paranoia is to give up the illusion
of anonymity, and my life is more relaxing and enjoyable if I do not feel 
obligated to keep secrets.




From afalex169 at gmail.com  Sat Dec 13 03:38:43 2014
From: afalex169 at gmail.com (=?UTF-8?B?INCQ0LvQtdC60YHQsNC90LTRgCA=?=)
Date: Sat, 13 Dec 2014 13:38:43 +0200
Subject: [cryptome] Pretty Damning Stuff. Out of the Mouths of the CIA
In-Reply-To: <548C1BD9.1030302@yahoo.co.uk>
References: <548C1BD9.1030302@yahoo.co.uk>
Message-ID: <CAEm6KbJ1uoDP2QFy=H5m3v9nvEpqr9iDn1EPx_=mSW6D38jP2g@mail.gmail.com>

​​
Doug says:

"
*Is that perhaps why the USA government hasn't signed up to any
international human rights act...one wonders.  Because there is a chance
​ ​
some of their leaders
​ ​
would be prosecuted for crimes against humanity?

*So many Americans are complaining about why they are hated so much in the
world. Perhaps it could be something to do with the way they treat other
nations, races and religions and cultures?
A
​ ​
look in their own back yard to see if there is anything dirty there, and
clean it out?

*Blacks, people of colour get killed willy-nilly, even kids. The Grand Jury
sees no case to answer. Racism abounds, sexism rages, yet, those very same
leading Americans want to teach the rest of the worlds citizens lessons on
human rights and equality.

* It is indeed the highest form of hypocrisy, and a great insult to the
intelligence of most people who inhabit this planet"*
____________

*BRAVO!*

It is very encouraging to hear such words from an English-speaking person.
Because as soon as these
​ ​
words (the truth) said by some Russian / Chinese / Arab person, it is
instantly gets up in a column of "propaganda" or "enemy of the state".
​​


*BRAVO for the courage to speak the truth.*
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2055 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141213/5fbc8fcf/attachment.txt>

From list at sysfu.com  Sun Dec 14 02:35:50 2014
From: list at sysfu.com (Seth)
Date: Sun, 14 Dec 2014 02:35:50 -0800
Subject: What happened to Snowden 2.0?
In-Reply-To: <448084cba839268212a0112dc84a63ac@protonmail.ch>
References: <448084cba839268212a0112dc84a63ac@protonmail.ch>
Message-ID: <op.xqus10v5bgbjo9@work-pc.lan>

On Mon, 08 Dec 2014 18:16:31 -0800, Archivists <archivists at protonmail.ch>  
wrote:

> After the reported arrest there has been absolutely zero media activity.  
> NDA in effect?

Beats me, but I'd like to know too.

Just to confirm, are you talking about this arrest?

https://www.techdirt.com/articles/20141027/14091028955/fbi-raids-house-second-leaker-who-provided-terrorist-watchlist-documents-to-intercept.shtml




From s at ctrlc.hu  Mon Dec 15 01:00:51 2014
From: s at ctrlc.hu (stef)
Date: Mon, 15 Dec 2014 10:00:51 +0100
Subject: Snowden ran a major 2 =?utf-8?Q?Gb?=
 =?utf-8?Q?ps_exit_node_named_=E2=80=9CTheSignal=E2=80=9D?=
In-Reply-To: <op.xqrx2tkybgbjo9@work-pc.lan>
References: <op.xqn61dlfbgbjo9@work-pc.lan> <2420498.yb3QGfsMOz@lapuntu>
 <op.xqrx2tkybgbjo9@work-pc.lan>
Message-ID: <20141215090050.GD7216@ctrlc.hu>

On Fri, Dec 12, 2014 at 01:31:31PM -0800, Seth wrote:
> On Wed, 10 Dec 2014 14:07:22 -0800, rysiek <rysiek at hackerspace.pl> wrote:
> The fundamental question of whether the surveillance state should even be
> allowed to exist must never be asked. That is always taken as a given.

this is exploiting the "anchoring bias" of the individuals and thus nicely
frames the debate. yes.

https://en.wikipedia.org/wiki/Anchoring

-- 
otr fp: https://www.ctrlc.hu/~stef/otr.txt




From s at ctrlc.hu  Mon Dec 15 01:04:55 2014
From: s at ctrlc.hu (stef)
Date: Mon, 15 Dec 2014 10:04:55 +0100
Subject: [Cryptography] Toxic Combination
In-Reply-To: <1417388305.1370157.197062997.275205C6@webmail.messagingengine.com>
References: <547B9253.3060908@witmond.nl>
 <1417388305.1370157.197062997.275205C6@webmail.messagingengine.com>
Message-ID: <20141215090455.GM7216@ctrlc.hu>

On Mon, Dec 01, 2014 at 09:58:25AM +1100, Alfie John wrote:
> just look at how PGP is also the _correct solution_ for encrypting messages
> and yet has not had the uptake since 1991!

the truth of this statement depends heavily on the threat model. the-amongst
others-all-archiving kraaken is copying all pgp-cryptograms, as they are shiny
beacons of cryptographic interest. not only do they generally disclose the
recipients in plaintext metadata, but considering the ANT catalog, hacking
team, finfisher FinISP and other market offers for cheap side channel attacks
to recover key material, i would say this statement was true until a few years
ago.

-- 
otr fp: https://www.ctrlc.hu/~stef/otr.txt




From guninski at guninski.com  Wed Dec 17 07:47:02 2014
From: guninski at guninski.com (Georgi Guninski)
Date: Wed, 17 Dec 2014 17:47:02 +0200
Subject: Bitcoin networks surpasses 2^80 hashes per week
In-Reply-To: <CAO7N=i2MVNgDm9ymyy6ZJ51QP_Xxhh_+PghaGyYtVumxiCT8eQ@mail.gmail.com>
References: <CAO7N=i14U5NpZz2OgWGjpzMD0m5HN-TK2sDrwYqH332_2HbVFA@mail.gmail.com>
 <CACaGApmfbrSUj+DCC+FETTdYzQ3+iNh3ewoFhaG9BSg=zQnggg@mail.gmail.com>
 <CAO7N=i2MVNgDm9ymyy6ZJ51QP_Xxhh_+PghaGyYtVumxiCT8eQ@mail.gmail.com>
Message-ID: <20141217154702.GA2572@sivokote.iziade.m$>

On Mon, Dec 08, 2014 at 09:44:22AM -0800, Ryan Carboni wrote:
> 24 = hours
> 60 = minutes
> 7 = days
> 
> so I'm only off by a factor of 2^3.3, not by a factor of 2^9.3
> 
> 
> Cheers.
> 

Isn't this enough to find 128 bit md5 collision?

Appears to me they can do it distributed in about
2 days even with the most naive rho attack.

AFAIK it is open problem if 128 bit md5 collision exists
(though it is believed to exist).


> On Mon, Dec 8, 2014 at 3:23 AM, Joseph Birr-Pixton <jpixton at gmail.com>
> wrote:
> 
> > On 8 December 2014 at 10:40, Ryan Carboni <ryacko at gmail.com> wrote:
> > > https://blockexplorer.com/q/hashestowin
> > > log(171833398380382098659*24*60*7)/log(2)
> >
> > I think your calculation is slightly off. hashestowin is the average
> > number of hashes you need to perform to win the current block. It's
> > not necessarily the case that a block is calculated each second: in
> > fact one is found (on average) each 625 seconds[1].
> >
> > So that gives:
> >
> > >>> log(171833398380382098659*24*60*7/625)/log(2)
> > 71.23
> >
> > Cheers,
> > Joe
> >
> > [1] https://blockexplorer.com/q/interval
> >




From ryacko at gmail.com  Thu Dec 18 14:22:21 2014
From: ryacko at gmail.com (Ryan Carboni)
Date: Thu, 18 Dec 2014 14:22:21 -0800
Subject: Fwd: 78716A
In-Reply-To: <1E600E3F0039284CBA1DE5991A8BC948AD87C9DF@MSMR-GH1-UEA04.corp.nsa.gov>
References: <CAO7N=i2hkx5fOTrv8gsjq7xLLU-JZz6t5o2sF46VO_wR=Npx3Q@mail.gmail.com>
 <1E600E3F0039284CBA1DE5991A8BC948AD87C9DF@MSMR-GH1-UEA04.corp.nsa.gov>
Message-ID: <CAO7N=i2_RhjjGS3_i0xN=ALQz4Yc0v9guVNtm2tfMYLssTtB2A@mail.gmail.com>

Common Americans are no longer considered worth protecting as part of
national security.
-----------


 Mr. Carboni,
Thank you for providing the information below.  We have conducted an
initial search within the organization that is most likely to hold records.
That organization advised that the request, as worded, is overly broad.
Querying any of our organizations would likely result in the same
response.  The phrase “malware transmitted through USB firmware” is overly
broad, such that any of our internal organizations would not be able to
determine which files to search or be able to conduct a search with a
reasonable amount of effort. Terms such as “malware” or “firmware” may turn
up in any number of NSA records and most likely would not be related to
securing home networks. Furthermore, added search without a clarification
of context and specific records sought, would incur significant fees which
would be passed on to you as an “all other” requester.

  A large facet of the NSA/CSS mission is to protect National Security
(i.e. government, DoD, Industry partners) information systems.  In doing
so, this Agency provides guidance on Information Assurance security
solutions to our Industry and Government customers regarding risk,
vulnerabilities, mitigations, and threats.  While it is not part of our
mission to provide guidance on securing home networks, we may occasionally
post information on our website as you may recall from our letter. Our
Information Assurance Directorate (IAD) has provided some information to
the public that may be of interest to you.  Here are some additional links
that you may peruse:

https://www.nsa.gov/ia/mitigation_guidance/index.shtml

https://www.nsa.gov/public_info/press_room/2014/nsa_seal_scam_alert.shtml
(this is a recent article the does provides a link regarding malware)
https://www.nsa.gov/ia/index.shtml  The last paragraph provides a video
link under “IAD's Latest Security Guide Helps Customers Protect Home
Networks,” and there is also a fact sheet titled “Best Practices for
Keeping Your Home Network Secure.” Since the information you appear to be
requesting (protecting home networks) does not fall under the purview of
NSA/CSS missions, continued search of our files would not be productive.
Your request will be administratively closed as an improper FOIA.  If,
after reviewing the information on our website, you wish to submit a FOIA
request on similar topic(s), please provide enough detail to allow for an
accurate and focused search.

Regards,

Cindy B
NSA/CSS FOIA Requester Service Center

(301)688-6527
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 5354 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141218/09569c44/attachment.txt>

From afalex169 at gmail.com  Thu Dec 18 12:20:53 2014
From: afalex169 at gmail.com (=?UTF-8?B?INCQ0LvQtdC60YHQsNC90LTRgCA=?=)
Date: Thu, 18 Dec 2014 22:20:53 +0200
Subject: consent and trust? Oh... but we are ABOVE the law
Message-ID: <CAEm6KbJxU2myFqtpbMYsyp6+Ot-BnqPemL56W=1EX56yvD1YUA@mail.gmail.com>

https://www.schneier.com/blog/archives/2014/12/the_limits_of_p.html


- "The next time you call for assistance because the Internet service in
> your home is not working, the 'technician' who comes to your door may
> actually be an undercover government agent. He will have secretly
> disconnected the service, knowing that you will naturally call for help and
> -- ­when he shows up at your door, impersonating a technician­ -- let him
> in. He will walk through each room of your house, claiming to diagnose the
> problem. Actually, he will be videotaping everything (and everyone) inside.
> He will have no reason to suspect you have broken the law, much less
> probable cause to obtain a search warrant. But that makes no difference,
> because by letting him in, you will have 'consented' to an intrusive search
> of your home"
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1090 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141218/c75d2e6f/attachment.txt>

From coderman at gmail.com  Fri Dec 19 15:37:49 2014
From: coderman at gmail.com (coderman)
Date: Fri, 19 Dec 2014 15:37:49 -0800
Subject: Fwd: [tor-talk] Possible upcoming attempts to disable the Tor network
In-Reply-To: <20141219221905.GU8030@moria.seul.org>
References: <20141219221905.GU8030@moria.seul.org>
Message-ID: <CAJVRA1R2sNyEZAJhO5wnAzsQ564cEccsnV-MwGSjJng1_GCoXg@mail.gmail.com>

---------- Forwarded message ----------
From: Roger Dingledine <arma at mit.edu>
Date: Fri, 19 Dec 2014 17:19:05 -0500
Subject: [tor-talk] Possible upcoming attempts to disable the Tor network
To: tor-talk at lists.torproject.org

The Tor Project has learned that there may be an attempt to incapacitate
our network in the next few days through the seizure of specialized
servers in the network called directory authorities. (Directory
authorities help Tor clients learn the list of relays that make up the
Tor network.) We are taking steps now to ensure the safety of our users,
and our system is already built to be redundant so that users maintain
anonymity even if the network is attacked. Tor remains safe to use.

https://blog.torproject.org/blog/possible-upcoming-attempts-disable-tor-network

--Roger

-- 
tor-talk mailing list - tor-talk at lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk




From grarpamp at gmail.com  Sat Dec 20 14:10:32 2014
From: grarpamp at gmail.com (grarpamp)
Date: Sat, 20 Dec 2014 17:10:32 -0500
Subject: [Cryptography] GHCQ Penetration of Belgacom
In-Reply-To: <6872839.1419096683051.JavaMail.root@mswamui-andean.atl.sa.earthlink.net>
References: <6872839.1419096683051.JavaMail.root@mswamui-andean.atl.sa.earthlink.net>
Message-ID: <CAD2Ti29KW5QRJW0HyOgitm4Ph76_xBgB+T7JeaRZ9n6QZGoFcQ@mail.gmail.com>

On Sat, Dec 20, 2014 at 12:31 PM, hbaker1 <hbaker1 at pipeline.com> wrote:
>>From: dan at geer.org
>>
>> | I think it would be very hard to find a backdoor suggested by
>> | Norm Hardy.  Modify the CPU to detect when two specific floating
>> | point numbers are multiplied.  When they are, execute the next
>> | instruction in privileged mode.
>>
>>It's my second-hand understanding that it would take perhaps 3,000
>>gates to implement intentional sensitivity to a pre-designed kill
>>packet.  The addition of 3,000 gates to any current chipset will
>>never be found in current hardware, e.g., the iPhone 6 has two
>>billion transistors on the system chip.
>>
>>Others more knowledgeable welcome to correct my understanding.
>
> So Intel&Apple have provided PRC with netlists for their processor
> chips?
>
> Of course, PRC shouldn't believe them, unless they could also
> manufacture their own chips from the netlists.

It doesn't matter what a chipmaker provides and claims as truth today.
Anyone, spy or not, anywhere in the chain from design to fab could
insert anything, there are probably not enough internal control and
validation programs in place to find it. And if something untrustworthy
is sucessfully implanted or simply produced TOP SECRET approved,
who on the outside is going to find it? No one publicly open, external, and
disinterested is sampling these chips off the shelves and decapping them,
or exhausting all possible input data against expected output, or has eyes
in the fabs. Until the world has truly open fabs, you might as well assume
it's game over.

Similarly, we can't even get rid of default firmware passwords, baseband, bad
crypto, closed source, vPro, and all the other examples of potentially
backdoorish
things possibly against the user... including NSA style spying and corporate
datamining tagged with your name.
Can you apply enough pressure to get rid of closed fabs, and the elements
within governments and corporations that think up, perform and produce this
kind of stuff?




From list at sysfu.com  Sat Dec 20 17:41:48 2014
From: list at sysfu.com (Seth)
Date: Sat, 20 Dec 2014 17:41:48 -0800
Subject: Fwd: [tor-talk] Possible upcoming attempts to disable the Tor
 network
In-Reply-To: <CAJVRA1R2sNyEZAJhO5wnAzsQ564cEccsnV-MwGSjJng1_GCoXg@mail.gmail.com>
References: <20141219221905.GU8030@moria.seul.org>
 <CAJVRA1R2sNyEZAJhO5wnAzsQ564cEccsnV-MwGSjJng1_GCoXg@mail.gmail.com>
Message-ID: <op.xq62zyr1bgbjo9@work-pc.lan>

On Fri, 19 Dec 2014 15:37:49 -0800, coderman <coderman at gmail.com> wrote:

> https://blog.torproject.org/blog/possible-upcoming-attempts-disable-tor-network

HN and Reddit discussions

https://news.ycombinator.com/item?id=8774833
https://www.reddit.com/r/news/comments/2ptxws/the_tor_project_has_learned_that_there_may_be_an/




From gfoster at entersection.org  Sat Dec 20 20:58:34 2014
From: gfoster at entersection.org (Gregory Foster)
Date: Sat, 20 Dec 2014 22:58:34 -0600
Subject: Fwd: [tor-talk] Possible upcoming attempts to disable the Tor
 network
In-Reply-To: <op.xq62zyr1bgbjo9@work-pc.lan>
References: <20141219221905.GU8030@moria.seul.org>
 <CAJVRA1R2sNyEZAJhO5wnAzsQ564cEccsnV-MwGSjJng1_GCoXg@mail.gmail.com>
 <op.xq62zyr1bgbjo9@work-pc.lan>
Message-ID: <5496537A.2030709@entersection.org>

On Fri, 19 Dec 2014 15:37:49 -0800, coderman <coderman at gmail.com> wrote:
>
https://blog.torproject.org/blog/possible-upcoming-attempts-disable-tor-network

On 12/20/14 7:41 PM, Seth wrote:
> HN and Reddit discussions
> 
> https://news.ycombinator.com/item?id=8774833
> https://www.reddit.com/r/news/comments/2ptxws/the_tor_project_has_learned_that_there_may_be_an/


Tor Atlas search for "flag:Authority"; click through for details, graphs
on each directory authority:
https://atlas.torproject.org/#search/flag:Authority

gf

-- 
Gregory Foster || gfoster at entersection.org
@gregoryfoster <> http://entersection.com/




From komachi at openmailbox.org  Sun Dec 21 03:09:36 2014
From: komachi at openmailbox.org (Anton Nesterov)
Date: Sun, 21 Dec 2014 11:09:36 +0000
Subject: Latest Belarusian censorship law & censorship actions
Message-ID: <5496AA70.1080905@openmailbox.org>

Today President of Belarus signed a law which provides heavy regulation
to freedom of speech. Basically, it makes any website media and forbids
"information aimed at the propaganda of the war, extremist activities,
or the calls for such activities, pornography, violence, cruelty, and
any other informations which distribution can harm national interest of
the Republic of Belarus, or forbidden by this law, or by any other
legislative act of the Republic of Belarus". It also force owners of
websites to moderate user-generated content. Any website which violate
this will be blocked. Also the law forbids any media with more than 20%
of foreign investors.

The law was passed really fast, only on 17st it came info parliament,
and today, 21st, it's already signed by president. Nobody ever heard
that such law are coming, even in the rumors.

The law will came into force on 1st January.

Yesterday domain name onliner.by, which hosted Belarusian media portal,
was seized. They moved to onliner.ru.

Media portal 21.by was also blocked.

Two days ago some media was blocked, including charter97.org (they was
already blocked for years for some users), belaruspartisan.org,
gazetaby.com, zautra.by, udf.by, naviny.by, belapan.com, belapan.by.

Minister of Information Liliya Ananich asked media to use only official
sources and write articles in the national interest of the country.

Besides media censorship, there is some financial problems because of
Russian financial crisis. So the govt blocked 13 online markets which
posted prices in US dollars, also 3 websites (deal.by, migom.by,
kufar.by) was warned as they had ads on goods with price in $.

prokopovi.ch, p2p currency exchange, was also blocked.

http://www.pravo.by/main.aspx?guid=12551&p0=H11400213&p1=1 — text of the
law (Russian)
http://www.belaruspartisan.org/politic/289548/ (Russian)
http://belapan.by/archive/2014/12/21/748603/ (Russian)
http://www.belaruspartisan.org/politic/289548/ (Russian)
http://www.belaruspartisan.org/politic/290031/ (Russian)

-- 
https://nesterov.pw
GPG key: 0CE8 65F1 9043 2B11 25A5 74A7 1187 6869 67AA 56E4
https://keybase.io/komachi/key.asc




From list at sysfu.com  Sun Dec 21 13:49:34 2014
From: list at sysfu.com (Seth)
Date: Sun, 21 Dec 2014 13:49:34 -0800
Subject: Latest Belarusian censorship law & censorship actions
In-Reply-To: <5496AA70.1080905@openmailbox.org>
References: <5496AA70.1080905@openmailbox.org>
Message-ID: <op.xq8mwwjkbgbjo9@work-pc.lan>


On Sun, 21 Dec 2014 03:09:36 -0800, Anton Nesterov  
<komachi at openmailbox.org> wrote:

> Today President of Belarus signed a law which provides heavy regulation
> to freedom of speech. Basically, it makes any website media and forbids
> "information aimed at the propaganda of the war, extremist activities,
> or the calls for such activities, pornography, violence, cruelty, and
> any other informations which distribution can harm national interest of
> the Republic of Belarus, or forbidden by this law, or by any other
> legislative act of the Republic of Belarus". It also force owners of
> websites to moderate user-generated content. Any website which violate
> this will be blocked. Also the law forbids any media with more than 20%
> of foreign investors.

These days I actually celebrate each and every nation state attack on  
Internet freedom. The logic being that these attacks drive mass adoption  
of decentralized encryption better than anything else.

The RIAA Succeeds Where the Cypherpunks Failed by Clay Shirky  
http://www.shirky.com/writings/riaa_encryption.html




From list at sysfu.com  Sun Dec 21 13:51:59 2014
From: list at sysfu.com (Seth)
Date: Sun, 21 Dec 2014 13:51:59 -0800
Subject: Fwd: [tor-talk] Possible upcoming attempts to disable the Tor
 network
In-Reply-To: <1419196380.3535006.205497893.017334E9@webmail.messagingengine.com>
References: <20141219221905.GU8030@moria.seul.org>
 <CAJVRA1R2sNyEZAJhO5wnAzsQ564cEccsnV-MwGSjJng1_GCoXg@mail.gmail.com>
 <op.xq62zyr1bgbjo9@work-pc.lan> <5496537A.2030709@entersection.org>
 <1419196380.3535006.205497893.017334E9@webmail.messagingengine.com>
Message-ID: <op.xq8m0xg4bgbjo9@work-pc.lan>

On Sun, 21 Dec 2014 13:13:00 -0800, Alfie John <alfiej at fastmail.fm> wrote:
> Related:
>
>   http://article.gmane.org/gmane.network.tor.user/34619

Holy crap, great find, looks like it's game on.




From list at sysfu.com  Sun Dec 21 14:16:58 2014
From: list at sysfu.com (Seth)
Date: Sun, 21 Dec 2014 14:16:58 -0800
Subject: Fwd: [tor-talk] Possible upcoming attempts to disable the Tor
 network
In-Reply-To: <1419199510.3544900.205508581.3DFEB77D@webmail.messagingengine.com>
References: <20141219221905.GU8030@moria.seul.org>
 <CAJVRA1R2sNyEZAJhO5wnAzsQ564cEccsnV-MwGSjJng1_GCoXg@mail.gmail.com>
 <op.xq62zyr1bgbjo9@work-pc.lan> <5496537A.2030709@entersection.org>
 <1419196380.3535006.205497893.017334E9@webmail.messagingengine.com>
 <op.xq8m0xg4bgbjo9@work-pc.lan>
 <1419199510.3544900.205508581.3DFEB77D@webmail.messagingengine.com>
Message-ID: <op.xq8n6kcpbgbjo9@work-pc.lan>

On Sun, 21 Dec 2014 14:05:10 -0800, Alfie John <alfiej at fastmail.fm> wrote:
> I'll repeat my comments from HackerNews - Why carry out the raids if
> everyone in the Tor community knew that an imminent raid was to be
> carried out?

Because the Tor community is a very small subset of the population at  
large and they are not primary target of the PsyOp MSM propaganda campaign  
that will doubtless accompany such an attack?




From l at odewijk.nl  Sun Dec 21 05:57:46 2014
From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=)
Date: Sun, 21 Dec 2014 14:57:46 +0100
Subject: Latest Belarusian censorship law & censorship actions
In-Reply-To: <5496AA70.1080905@openmailbox.org>
References: <5496AA70.1080905@openmailbox.org>
Message-ID: <CAHWD2rKwNNNu8_ZzUDzY-Zbsw-hO_-vivZNDVavuXPESecDMRQ@mail.gmail.com>

Footnote: could happen almost anywhere. Even here in NL such a law could
pass on the virtue of balancing safety and order with basic human rights in
a fair manner.

Footnote2: censorship being possible and even easy makes censorship happen.
Defend or die must be part of the tech warrior's creed (sharing Mutual
Equal Assured Destruction is a potential exception).

I suppose Belarus works differently for things to pass so fast and so
clearly in violation of international human rights laws.

Good luck out there.
On Dec 21, 2014 12:26 PM, "Anton Nesterov" <komachi at openmailbox.org> wrote:

> Today President of Belarus signed a law which provides heavy regulation
> to freedom of speech. Basically, it makes any website media and forbids
> "information aimed at the propaganda of the war, extremist activities,
> or the calls for such activities, pornography, violence, cruelty, and
> any other informations which distribution can harm national interest of
> the Republic of Belarus, or forbidden by this law, or by any other
> legislative act of the Republic of Belarus". It also force owners of
> websites to moderate user-generated content. Any website which violate
> this will be blocked. Also the law forbids any media with more than 20%
> of foreign investors.
>
> The law was passed really fast, only on 17st it came info parliament,
> and today, 21st, it's already signed by president. Nobody ever heard
> that such law are coming, even in the rumors.
>
> The law will came into force on 1st January.
>
> Yesterday domain name onliner.by, which hosted Belarusian media portal,
> was seized. They moved to onliner.ru.
>
> Media portal 21.by was also blocked.
>
> Two days ago some media was blocked, including charter97.org (they was
> already blocked for years for some users), belaruspartisan.org,
> gazetaby.com, zautra.by, udf.by, naviny.by, belapan.com, belapan.by.
>
> Minister of Information Liliya Ananich asked media to use only official
> sources and write articles in the national interest of the country.
>
> Besides media censorship, there is some financial problems because of
> Russian financial crisis. So the govt blocked 13 online markets which
> posted prices in US dollars, also 3 websites (deal.by, migom.by,
> kufar.by) was warned as they had ads on goods with price in $.
>
> prokopovi.ch, p2p currency exchange, was also blocked.
>
> http://www.pravo.by/main.aspx?guid=12551&p0=H11400213&p1=1 — text of the
> law (Russian)
> http://www.belaruspartisan.org/politic/289548/ (Russian)
> http://belapan.by/archive/2014/12/21/748603/ (Russian)
> http://www.belaruspartisan.org/politic/289548/ (Russian)
> http://www.belaruspartisan.org/politic/290031/ (Russian)
>
> --
> https://nesterov.pw
> GPG key: 0CE8 65F1 9043 2B11 25A5 74A7 1187 6869 67AA 56E4
> https://keybase.io/komachi/key.asc
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 4486 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141221/7ee484ac/attachment.txt>

From fw at deneb.enyo.de  Sun Dec 21 09:53:20 2014
From: fw at deneb.enyo.de (Florian Weimer)
Date: Sun, 21 Dec 2014 18:53:20 +0100
Subject: consent and trust? Oh... but we are ABOVE the law
In-Reply-To: <CAEm6KbJxU2myFqtpbMYsyp6+Ot-BnqPemL56W=1EX56yvD1YUA@mail.gmail.com>
 (=?utf-8?B?ItCQ0LvQtdC60YHQsNC90LTRgCIncw==?= message of "Thu, 18 Dec 2014
 22:20:53 +0200")
References: <CAEm6KbJxU2myFqtpbMYsyp6+Ot-BnqPemL56W=1EX56yvD1YUA@mail.gmail.com>
Message-ID: <8761d4opnz.fsf@mid.deneb.enyo.de>

* Александр:

> https://www.schneier.com/blog/archives/2014/12/the_limits_of_p.html
>
>
> - "The next time you call for assistance because the Internet service in
>> your home is not working, the 'technician' who comes to your door may
>> actually be an undercover government agent. He will have secretly
>> disconnected the service, knowing that you will naturally call for help and
>> -- ­when he shows up at your door, impersonating a technician­ -- let him
>> in. He will walk through each room of your house, claiming to diagnose the
>> problem. Actually, he will be videotaping everything (and everyone) inside.
>> He will have no reason to suspect you have broken the law, much less
>> probable cause to obtain a search warrant. But that makes no difference,
>> because by letting him in, you will have 'consented' to an intrusive search
>> of your home"

Isn't the only legally controversial aspect that they couldn't get a
warrant *before* they started their covert operation?  If they had a
warrant, everything would be fine from a legal point of view, right?




From collin at averysmallbird.com  Sun Dec 21 19:13:49 2014
From: collin at averysmallbird.com (Collin Anderson)
Date: Sun, 21 Dec 2014 22:13:49 -0500
Subject: Latest Belarusian censorship law & censorship actions
In-Reply-To: <1719389.gVvRupMU9B@lapuntu>
References: <5496AA70.1080905@openmailbox.org> <1719389.gVvRupMU9B@lapuntu>
Message-ID: <CAC+VsLsvvMq=6yOpFftv2wWz6=nwkX_hVT7mFdCPMze6r8XnSw@mail.gmail.com>

On Sun, Dec 21, 2014 at 7:11 PM, rysiek <rysiek at hackerspace.pl> wrote:

> So, my question is: how exactly are they going about blocking the
> websites? Is
> it a DNS-based block? DPI and content-based one? Anything else? Any info on
> it?
>

DNS resolution appears fine, based on traceroutes it does not appear to be
more sophisticated than address blocking at the international frontier by
the few gateway, in the case of Beltelecom near the border routers at
93.85.80.0/24.

-- 
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1212 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141221/32a42305/attachment.txt>

From rysiek at hackerspace.pl  Sun Dec 21 16:11:04 2014
From: rysiek at hackerspace.pl (rysiek)
Date: Mon, 22 Dec 2014 01:11:04 +0100
Subject: Latest Belarusian censorship law & censorship actions
In-Reply-To: <5496AA70.1080905@openmailbox.org>
References: <5496AA70.1080905@openmailbox.org>
Message-ID: <1719389.gVvRupMU9B@lapuntu>

Dnia niedziela, 21 grudnia 2014 11:09:36 Anton Nesterov pisze:
> Today President of Belarus signed a law which provides heavy regulation
> to freedom of speech. Basically, it makes any website media and forbids
> "information aimed at the propaganda of the war, extremist activities,
> or the calls for such activities, pornography, violence, cruelty, and
> any other informations which distribution can harm national interest of
> the Republic of Belarus, or forbidden by this law, or by any other
> legislative act of the Republic of Belarus". It also force owners of
> websites to moderate user-generated content. Any website which violate
> this will be blocked. Also the law forbids any media with more than 20%
> of foreign investors.

So, my question is: how exactly are they going about blocking the websites? Is 
it a DNS-based block? DPI and content-based one? Anything else? Any info on 
it?

-- 
Pozdrawiam,
Michał "rysiek" Woźniak
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 411 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141222/01f662ad/attachment.sig>

From alfiej at fastmail.fm  Sun Dec 21 13:13:00 2014
From: alfiej at fastmail.fm (Alfie John)
Date: Mon, 22 Dec 2014 08:13:00 +1100
Subject: Fwd: [tor-talk] Possible upcoming attempts to disable the Tor
 network
In-Reply-To: <5496537A.2030709@entersection.org>
References: <20141219221905.GU8030@moria.seul.org>
 <CAJVRA1R2sNyEZAJhO5wnAzsQ564cEccsnV-MwGSjJng1_GCoXg@mail.gmail.com>
 <op.xq62zyr1bgbjo9@work-pc.lan> <5496537A.2030709@entersection.org>
Message-ID: <1419196380.3535006.205497893.017334E9@webmail.messagingengine.com>

On Sun, Dec 21, 2014, at 03:58 PM, Gregory Foster wrote:
> On Fri, 19 Dec 2014 15:37:49 -0800, coderman <coderman at gmail.com> wrote:
> >
> https://blog.torproject.org/blog/possible-upcoming-attempts-disable-tor-network
> 
> On 12/20/14 7:41 PM, Seth wrote:
> > HN and Reddit discussions
> > 
> > https://news.ycombinator.com/item?id=8774833
> > https://www.reddit.com/r/news/comments/2ptxws/the_tor_project_has_learned_that_there_may_be_an/

Related:

  http://article.gmane.org/gmane.network.tor.user/34619

Alfie

-- 
  Alfie John
  alfiej at fastmail.fm




From alfiej at fastmail.fm  Sun Dec 21 14:05:10 2014
From: alfiej at fastmail.fm (Alfie John)
Date: Mon, 22 Dec 2014 09:05:10 +1100
Subject: Fwd: [tor-talk] Possible upcoming attempts to disable the Tor
 network
In-Reply-To: <op.xq8m0xg4bgbjo9@work-pc.lan>
References: <20141219221905.GU8030@moria.seul.org>
 <CAJVRA1R2sNyEZAJhO5wnAzsQ564cEccsnV-MwGSjJng1_GCoXg@mail.gmail.com>
 <op.xq62zyr1bgbjo9@work-pc.lan> <5496537A.2030709@entersection.org>
 <1419196380.3535006.205497893.017334E9@webmail.messagingengine.com>
 <op.xq8m0xg4bgbjo9@work-pc.lan>
Message-ID: <1419199510.3544900.205508581.3DFEB77D@webmail.messagingengine.com>

On Mon, Dec 22, 2014, at 08:51 AM, Seth wrote:
> On Sun, 21 Dec 2014 13:13:00 -0800, Alfie John <alfiej at fastmail.fm>
> wrote:
> > Related:
> >
> >   http://article.gmane.org/gmane.network.tor.user/34619
>
> Holy crap, great find, looks like it's game on.

I'll repeat my comments from HackerNews - Why carry out the raids if
everyone in the Tor community knew that an imminent raid was to be
carried out? Smells to me more of fear mongering from the TLAs with the
aim to discredit anonymity within the network rather than evidence
gathering etc.

Alfie

-- 
  Alfie John
  alfiej at fastmail.fm




From odinn.cyberguerrilla at riseup.net  Mon Dec 22 02:02:01 2014
From: odinn.cyberguerrilla at riseup.net (odinn)
Date: Mon, 22 Dec 2014 10:02:01 +0000
Subject: Latest Belarusian censorship law & censorship actions
In-Reply-To: <op.xq8mwwjkbgbjo9@work-pc.lan>
References: <5496AA70.1080905@openmailbox.org> <op.xq8mwwjkbgbjo9@work-pc.lan>
Message-ID: <5497EC19.20300@riseup.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I'm going to ask that the lists begin discussing in a different
thread, revised guidelines for use of GPG. If for no other reason than
that things that taking donations of different (now hundreds) of
cryptocurrencies, and that breathing or farting or feeding your pigs
is now illegal, I think that we need to at least make some kind of
halfhearted attempt to discuss when and in what circumstances GPG (ok,
if you like I am tired, and you can say PGP too) key exchange is best
for whole list and not just for betweent two persons.

Dasvedanya, etc.

- -O

Seth:
> 
> On Sun, 21 Dec 2014 03:09:36 -0800, Anton Nesterov 
> <komachi at openmailbox.org> wrote:
> 
>> Today President of Belarus signed a law which provides heavy
>> regulation to freedom of speech. Basically, it makes any website
>> media and forbids "information aimed at the propaganda of the
>> war, extremist activities, or the calls for such activities,
>> pornography, violence, cruelty, and any other informations which
>> distribution can harm national interest of the Republic of
>> Belarus, or forbidden by this law, or by any other legislative
>> act of the Republic of Belarus". It also force owners of websites
>> to moderate user-generated content. Any website which violate 
>> this will be blocked. Also the law forbids any media with more
>> than 20% of foreign investors.
> 
> These days I actually celebrate each and every nation state attack
> on Internet freedom. The logic being that these attacks drive mass
> adoption of decentralized encryption better than anything else.
> 
> The RIAA Succeeds Where the Cypherpunks Failed by Clay Shirky 
> http://www.shirky.com/writings/riaa_encryption.html
> 

- -- 
http://abis.io ~
"a protocol concept to enable decentralization
and expansion of a giving economy, and a new social good"
https://keybase.io/odinn
-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJUl+wRAAoJEGxwq/inSG8CHiYH/3d4rmd4IM3BabaYLbTLLlKc
FF86XYPfeuby/Khbwmi7pHxEYYOE+60pSjLvv6C/W688W8US8Hx8mwASeKXG59/m
he2Q+8YhZLgPUUnrVsBVMpA1G7j4lzB33fWa3uTNZEAs7pnGr0Y6FO/esIR35kqF
Hnix7nB6lk85xsCUVBaDDYIhF8HJIsdrS/mIFETzyp1Uum2E7Y+N1KKW3pTRJFr2
DxqXtsBfAlBRcOSKbSTAj2ylWpLRpzJ0e3kmrNnP0GWx2NNRKWdusyCtZBJDaw0t
Vg935LbDVNQD5Cc3sRGFHO4rzVF+BQMeWhDmriP/u0zBOrEmAjmynIU2fjDFlfE=
=8p8h
-----END PGP SIGNATURE-----




From l at odewijk.nl  Mon Dec 22 01:59:43 2014
From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=)
Date: Mon, 22 Dec 2014 10:59:43 +0100
Subject: [Cryptography] Fwd: 78716A
In-Reply-To: <4869bf54e1f8d30b047594daea138596.squirrel@www.deadhat.com>
References: <CAO7N=i2hkx5fOTrv8gsjq7xLLU-JZz6t5o2sF46VO_wR=Npx3Q@mail.gmail.com>
 <1E600E3F0039284CBA1DE5991A8BC948AD87C9DF@MSMR-GH1-UEA04.corp.nsa.gov>
 <CAO7N=i2_RhjjGS3_i0xN=ALQz4Yc0v9guVNtm2tfMYLssTtB2A@mail.gmail.com>
 <4869bf54e1f8d30b047594daea138596.squirrel@www.deadhat.com>
Message-ID: <CAHWD2rKzKh301ed7Hk-+Mj=3maka0UUsx1JFSwMsqjQfOO2PKQ@mail.gmail.com>

On Dec 19, 2014 1:03 AM, <dj at deadhat.com> wrote:
>
> > That organization advised that the request, as worded, is overly broad.
>
> 'Overly broad' is not the limiting factor.
>
> I made an FOIA request that they tell me where I've traveled (I don't have
> records, but I know the government does and they want me to fill in where
> I've been on a form).
>
> It couldn't be less broad.
>
> I'm still waiting for a response 6 months later.

Good request though.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 649 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141222/24fc79ce/attachment.txt>

From odinn.cyberguerrilla at riseup.net  Mon Dec 22 03:20:05 2014
From: odinn.cyberguerrilla at riseup.net (odinn)
Date: Mon, 22 Dec 2014 11:20:05 +0000
Subject: SpaceX Will Announce Micro-Satellites For Low Cost Internet Within
 Three Months
In-Reply-To: <20141111122846.GP10467@leitl.org>
References: <20141111122846.GP10467@leitl.org>
Message-ID: <5497FE65.2020707@riseup.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Can I jump from one?

Are the space suits provided?

Is there free wifi and peanuts?

Etc

Eugen Leitl:
> 
> http://techcrunch.com/2014/11/10/spacex-will-announce-micro-satellites-for-low-cost-internet-within-three-months/
>
> 
- -- 
http://abis.io ~
"a protocol concept to enable decentralization
and expansion of a giving economy, and a new social good"
https://keybase.io/odinn
-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJUl/5lAAoJEGxwq/inSG8CGMcH/3/j+6rBJbQOr5Ocm5BCQ88K
0Y0xcXl8ELiLZt4BMJGIDWVBkzYu4QSr9eiwYNXPNjASRRxERnuxLZ7a7quPoB7i
eLYfeqNuf5yNhCh9J1NJVOA8OY7UpN51QazvZxQNEWHj3Ea/uiMMG5ikRpl6XpCS
KTghQF3j7INVoCUBV2yy/GR5u2sDkFIH66Uu2ddgApmtE6r2ai7mOQzz5kVWb4d2
DHHkXApiefoR4u72eQ6T8eosIQGIwais/58lj1jXJQ5F9ZK4TG9xmpFtBq2zl1AT
j6dTkNV2Rmi7QbuTedaPu2ZY1FVk41nCivykQHct0EF/j2dmCcbd7mWvqHx2YsI=
=IekN
-----END PGP SIGNATURE-----




From ryacko at gmail.com  Mon Dec 22 17:14:03 2014
From: ryacko at gmail.com (Ryan Carboni)
Date: Mon, 22 Dec 2014 17:14:03 -0800
Subject: [Cryptography] 78716A
In-Reply-To: <04BE1FBA-4CC5-418E-9DE2-9B997CAA506D@lrw.com>
References: <CAO7N=i2hkx5fOTrv8gsjq7xLLU-JZz6t5o2sF46VO_wR=Npx3Q@mail.gmail.com>
 <1E600E3F0039284CBA1DE5991A8BC948AD87C9DF@MSMR-GH1-UEA04.corp.nsa.gov>
 <CAO7N=i2_RhjjGS3_i0xN=ALQz4Yc0v9guVNtm2tfMYLssTtB2A@mail.gmail.com>
 <04BE1FBA-4CC5-418E-9DE2-9B997CAA506D@lrw.com>
Message-ID: <CAO7N=i3ubd36DTcOSCuOhvMsM8N2PXBem_Litzjp4pezf+OfSw@mail.gmail.com>

That's true. But they do in fact do research into malware, and it is infact
my right to request information for "personal noncommercial use" which
includes attempting to secure my computer.

If the government produced records on how to best design a tree house, I am
still allowed to request records on how to build a tree house. I cannot
force them to create new records, but for records they have already
produced, they have the duty and obligation to make a reasonable search.

On Mon, Dec 22, 2014 at 10:48 AM, Jerry Leichter <leichter at lrw.com> wrote:

> On Dec 18, 2014, at 5:22 PM, Ryan Carboni <ryacko at gmail.com> wrote:
> > Common Americans are no longer considered worth protecting as part of
> national security.
> That's a silly conclusion.  I would not have expected it ever to be part
> of the NSA's mission to protect your home network.  It's about like
> expecting the Army to provide you with guidance and tools to protect your
> home from foreign invaders.
>
> Let's get real here.  There are levels of attack and protection.  The Army
> is supposed to protect *American society as a whole* against foreign
> attacks.  The NSA is supposed to primarily protect the communications of
> the US government, and secondarily the communications of the Americans in
> the aggregate.  They haven't been doing much of a job at that - too busy
> listening in on everyone - but that at least is arguably their mission.
> Protecting you, personally ... no.  (And frankly, would you real *want*
> them to have that responsibility?  With responsibility necessarily comes
> power.)
>
> Hell, it's been confirmed by the courts that municipalities and their
> police forces don't even have any specific duty to protect individuals:  If
> you call the cops to say someone is breaking in to your house but they
> don't get there in time to protect you - well, it's sad, but they have no
> *particularized* responsibility to protect *you*, and you have no recourse.
>
>                                                         -- Jerry
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2555 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141222/c6a237fe/attachment.txt>

From rysiek at hackerspace.pl  Tue Dec 23 07:57:46 2014
From: rysiek at hackerspace.pl (rysiek)
Date: Tue, 23 Dec 2014 16:57:46 +0100
Subject: consent and trust? Oh... but we are ABOVE the law
In-Reply-To: <8761d4opnz.fsf@mid.deneb.enyo.de>
References: <CAEm6KbJxU2myFqtpbMYsyp6+Ot-BnqPemL56W=1EX56yvD1YUA@mail.gmail.com>
 <8761d4opnz.fsf@mid.deneb.enyo.de>
Message-ID: <1853820.izOuAs2Vgz@lapuntu>

Dnia niedziela, 21 grudnia 2014 18:53:20 Florian Weimer pisze:
> * Александр:
> > https://www.schneier.com/blog/archives/2014/12/the_limits_of_p.html
> > 
> > 
> > - "The next time you call for assistance because the Internet service in
> > 
> >> your home is not working, the 'technician' who comes to your door may
> >> actually be an undercover government agent. He will have secretly
> >> disconnected the service, knowing that you will naturally call for help
> >> and
> >> -- ­when he shows up at your door, impersonating a technician­ -- let him
> >> in. He will walk through each room of your house, claiming to diagnose
> >> the
> >> problem. Actually, he will be videotaping everything (and everyone)
> >> inside.
> >> He will have no reason to suspect you have broken the law, much less
> >> probable cause to obtain a search warrant. But that makes no difference,
> >> because by letting him in, you will have 'consented' to an intrusive
> >> search
> >> of your home"
> 
> Isn't the only legally controversial aspect that they couldn't get a
> warrant *before* they started their covert operation?  If they had a
> warrant, everything would be fine from a legal point of view, right?

Yes, and whatever Juan and others will start blabbering about in a few 
moments, it makes a world of practical difference, too.

Even when law enforcement works closely with other branches of the state, and 
even if they tend to cooperate rather than do the "checks and balances" dance 
properly, it *still* requires *several people* to sign something *on paper*.

And secondly, it's a simple matter of resources. If a LEA officer can do this 
at their whim on any given day and on any given house, they're going to do 
this *a lot*. But filling out paperwork, even if it's gonna be rubber-stamped 
by a friendly judge, still adds quite a bit of work to the process. Here, the 
thinking is along the lines of "make it ever more costly, in terms of time, 
work and money, and they will use it less".

-- 
Pozdrawiam,
Michał "rysiek" Woźniak
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 411 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141223/301d9487/attachment.sig>

From l at odewijk.nl  Tue Dec 23 22:44:41 2014
From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=)
Date: Wed, 24 Dec 2014 07:44:41 +0100
Subject: consent and trust? Oh... but we are ABOVE the law
In-Reply-To: <1853820.izOuAs2Vgz@lapuntu>
References: <CAEm6KbJxU2myFqtpbMYsyp6+Ot-BnqPemL56W=1EX56yvD1YUA@mail.gmail.com>
 <8761d4opnz.fsf@mid.deneb.enyo.de> <1853820.izOuAs2Vgz@lapuntu>
Message-ID: <CAHWD2rJK_x=04OMcKiGjTg9X9D=khBAxjK7hsgvWerH_QzAztw@mail.gmail.com>

On Dec 23, 2014 5:16 PM, "rysiek" <rysiek at hackerspace.pl> wrote:
>
> And secondly, it's a simple matter of resources. If a LEA officer can do
this
> at their whim on any given day and on any given house, they're going to do
> this *a lot*. But filling out paperwork, even if it's gonna be
rubber-stamped
> by a friendly judge, still adds quite a bit of work to the process. Here,
the
> thinking is along the lines of "make it ever more costly, in terms of
time,
> work and money, and they will use it less".

This is far from good defence. It might make a difference in the low value
target spread, until form letters make it possible to obtain permission on
a larger scale. Form letters make it into an "all you can eat" model.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 902 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141224/e6558c77/attachment.txt>

From s at ctrlc.hu  Wed Dec 24 02:31:46 2014
From: s at ctrlc.hu (stef)
Date: Wed, 24 Dec 2014 11:31:46 +0100
Subject: little gift
Message-ID: <20141224103146.GE8447@ctrlc.hu>

https://www.ctrlc.hu/~stef/cognitive_biases_-_layer8_security_advisories.epub
happy festivus.

-- 
otr fp: https://www.ctrlc.hu/~stef/otr.txt




From ryacko at gmail.com  Wed Dec 24 14:22:44 2014
From: ryacko at gmail.com (Ryan Carboni)
Date: Wed, 24 Dec 2014 14:22:44 -0800
Subject: Tribler also means you're an exit node?
Message-ID: <CAO7N=i1GDurdTEgpLc3f9ro3ihnWX6ERsWPnXTkRVS3DBoUXhA@mail.gmail.com>

Tribler also means you're an exit node?

http://forum.tribler.org/viewtopic.php?f=2&t=6906

To quote:

I received two copyright notices from Comcast while letting Tribler idle.
> This is the first and only time I have received these notices.
>
> 1) I have not downloaded anything at all. Nothing. The test file popped up
> to idle. Otherwise, not a movie of any variety, not even a linux ISO to
> test. I had subscribed to a few channels.
>
> 2) These only came up after I installed Tribler and have left it idling.
>
> 3) I was not seeding anything.
>
> Infringing Work: The Newsroom
> Filename: The.Newsroom.2012.S03E06.HDTV.x264-KILLERS[ettv]
> Infringement Date: 2014-12-19
> Infringement Type: BitTorrent
> Infringement Method: BitTorrent
> IP Address:
> Reporting Party: copyright at ip-echelon.com
>
> Infringing Work: Teachers
> Filename: Teachers
> Infringement Date: 2014-12-19
> Infringement Type: Movie
> Infringement Method: P2P
> IP Address:
> Reporting Party: support at cegtek.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1374 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141224/b2b5d8cc/attachment.txt>

From cryptography at patrickmylund.com  Wed Dec 24 15:01:47 2014
From: cryptography at patrickmylund.com (Patrick Mylund Nielsen)
Date: Wed, 24 Dec 2014 18:01:47 -0500
Subject: Tribler also means you're an exit node?
In-Reply-To: <CAO7N=i1GDurdTEgpLc3f9ro3ihnWX6ERsWPnXTkRVS3DBoUXhA@mail.gmail.com>
References: <CAO7N=i1GDurdTEgpLc3f9ro3ihnWX6ERsWPnXTkRVS3DBoUXhA@mail.gmail.com>
Message-ID: <CAEw2jfyq+wJNfD=WKOv6yTnhG=nxRZKMWAnX_iRkfca+yO4=eQ@mail.gmail.com>

On Wed, Dec 24, 2014 at 5:22 PM, Ryan Carboni <ryacko at gmail.com> wrote:

> Tribler also means you're an exit node?
>
> http://forum.tribler.org/viewtopic.php?f=2&t=6906
>
>
Why torrent files the normal way when you can become anonymous by
torrenting small chunks of huge numbers of files instead? I'm sure ISPs and
prosecutors will understand!

Even if they start mentioning this little detail, their implementation
would still be horribly broken: ECB mode without authentication, no RSA
padding, poor random numbers, and code like this:

    try:
        raise ImportError()
        from Crypto.Random.random import StrongRandom
    except ImportError:
        from random import Random as StrongRandom

The list goes on:
https://lists.torproject.org/pipermail/tor-dev/2014-December/007999.html

Tribler is the Telegram of torrent clients. Stay far away from it.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1622 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141224/ebf18be2/attachment.txt>

From cathalgarvey at cathalgarvey.me  Wed Dec 24 15:54:55 2014
From: cathalgarvey at cathalgarvey.me (Cathal Garvey)
Date: Wed, 24 Dec 2014 23:54:55 +0000
Subject: Tribler also means you're an exit node?
In-Reply-To: <CAEw2jfyq+wJNfD=WKOv6yTnhG=nxRZKMWAnX_iRkfca+yO4=eQ@mail.gmail.com>
References: <CAO7N=i1GDurdTEgpLc3f9ro3ihnWX6ERsWPnXTkRVS3DBoUXhA@mail.gmail.com>
 <CAEw2jfyq+wJNfD=WKOv6yTnhG=nxRZKMWAnX_iRkfca+yO4=eQ@mail.gmail.com>
Message-ID: <549B524F.8090807@cathalgarvey.me>

It is also chock-full of child-porn torrents, based on my limited 
testing. So not only are you exposing yourself to copyright infringement 
suits..

I filed a "bug" before I heard just how terrible their crypto was, 
simply to say that I should be able to add a block-list or filter to the 
kinds of things I'll be an exit for. I haven't heard back since. 
Relaying, sure; I don't know what I'm relaying, and I'm willing to agree 
that the importance of freedom of speech and privacy is critical enough 
to accept some risk of relaying stuff I consider inhuman. But exiting, 
when I have every ability to choose to block that shit? That's a blatant 
missing feature, right there.

Then I saw the code, and cried a little. The unpadded RSA, the mess of 
optional dependecies and woeful fallbacks, import soup.. there is a dark 
side to the kind of coding freedom Python allows you, and this is deep 
dark-side magic right here.

Do not want. apt-get purge.

On 24/12/14 23:01, Patrick Mylund Nielsen wrote:
> On Wed, Dec 24, 2014 at 5:22 PM, Ryan Carboni <ryacko at gmail.com
> <mailto:ryacko at gmail.com>> wrote:
>
>     Tribler also means you're an exit node?
>
>     http://forum.tribler.org/viewtopic.php?f=2&t=6906
>
>
> Why torrent files the normal way when you can become anonymous by
> torrenting small chunks of huge numbers of files instead? I'm sure ISPs
> and prosecutors will understand!
>
> Even if they start mentioning this little detail, their implementation
> would still be horribly broken: ECB mode without authentication, no RSA
> padding, poor random numbers, and code like this:
>
>      try:
>          raise ImportError()
>          from Crypto.Random.random import StrongRandom
>      except ImportError:
>          from random import Random as StrongRandom
>
> The list goes on:
> https://lists.torproject.org/pipermail/tor-dev/2014-December/007999.html
>
> Tribler is the Telegram of torrent clients. Stay far away from it.




From ryacko at gmail.com  Thu Dec 25 21:08:47 2014
From: ryacko at gmail.com (Ryan Carboni)
Date: Thu, 25 Dec 2014 21:08:47 -0800
Subject: Tribler also means you're an exit node?
Message-ID: <CAO7N=i2bVBW6zJe+u3nT=cY2cgEnW5H+9HFEhDT+BxSgX2+P2g@mail.gmail.com>

>
> It is also chock-full of child-porn torrents, based on my limited
> testing. So not only are you exposing yourself to copyright infringement
> suits..
>

downloading "crypto" anything when it is being hyped is a bad idea

only because news reporters need to receive training from their sources to
do crypto anything.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 522 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141225/99ba44d9/attachment.txt>

From cyberkiller8 at gmail.com  Sat Dec 27 01:40:00 2014
From: cyberkiller8 at gmail.com (=?UTF-8?B?xYF1a2FzeiAnQ3liZXIgS2lsbGVyJyBLb3JwYWxza2k=?=)
Date: Sat, 27 Dec 2014 10:40:00 +0100
Subject: Tribler also means you're an exit node?
In-Reply-To: <CAEw2jfyq+wJNfD=WKOv6yTnhG=nxRZKMWAnX_iRkfca+yO4=eQ@mail.gmail.com>
References: <CAO7N=i1GDurdTEgpLc3f9ro3ihnWX6ERsWPnXTkRVS3DBoUXhA@mail.gmail.com>
 <CAEw2jfyq+wJNfD=WKOv6yTnhG=nxRZKMWAnX_iRkfca+yO4=eQ@mail.gmail.com>
Message-ID: <549E7E70.4070108@gmail.com>

W dniu 25.12.2014 o 00:01, Patrick Mylund Nielsen pisze:
> On Wed, Dec 24, 2014 at 5:22 PM, Ryan Carboni <ryacko at gmail.com
> <mailto:ryacko at gmail.com>> wrote:
> 
>     Tribler also means you're an exit node?
> 
>     http://forum.tribler.org/viewtopic.php?f=2&t=6906
> 
> 
> Why torrent files the normal way when you can become anonymous by
> torrenting small chunks of huge numbers of files instead? I'm sure ISPs
> and prosecutors will understand!
> 

Even despite the quality of the crypto code in Tribler, it's a generally
common problem for all "anonymizers" (including TOR) - the connection to
clearnet. It's a double edged sword though - without it they are a lot
less likely to be a target, but also a lot less likely to become popular.

-- 
Łukasz "Cyber Killer" Korpalski

mail: cyberkiller8 at gmail.com
xmpp: cyber_killer at jabster.pl
site: http://website.cybkil.cu.cc
gpgkey: 0x72511999 @ hkp://keys.gnupg.net

//When replying to my e-mail, kindly please
//write your message below the quoted text.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141227/51cfcae3/attachment.sig>

From komachi at openmailbox.org  Sat Dec 27 03:40:41 2014
From: komachi at openmailbox.org (Anton Nesterov)
Date: Sat, 27 Dec 2014 11:40:41 +0000
Subject: UPD2: negative reaction from Ministry of Econ Development UPD: draft
 is available Re: Russia want completely ban Bitcoin and other
 cryptocurrencies
In-Reply-To: <542E9E87.9080002@openmailbox.org>
References: <53DBF44F.2070905@openmailbox.org>
 <542E9E87.9080002@openmailbox.org>
Message-ID: <549E9AB9.3060509@openmailbox.org>

So Ministry of Economic Development reacts negatively on that draft,
says definition of "money surrogate" is too broad, in current redaction
that can lead to ban on almost everything (gift cards, loyalty programs,
etc.).

It's not like they vote for Bitcoin, as RT says in title, seems like
they just want more realistic definition.

> According to regulations, the Ministry of Finance can either re-submit
the revised bill to the Ministry of Economic Development, or submit it
to the government without changes, enclosing a table of differences on
the project.

http://rt.com/news/218019-bill-ban-bitcoin-russia/ (English)
http://top.rbc.ru/technology_and_media/26/12/2014/549d7fe89a7947847db1c19b
(Russian)

Anton Nesterov:
> Anton Nesterov wrote:
>> Ministry of Finance of Russia drafted a bill to ban cryptocurrencies
>> with administrative or criminal penalty for mining and other operation.
>> Also they want to censor bitcoin-related websites.
>>
>> This will come into force in 2015.
>>
>> http://top.rbc.ru/economics/01/08/2014/940521.shtml (in Russian)
>>
> 
> OK, draft is available now:
> http://regulation.gov.ru/project/17205.html?point=view_project&stage=2&stage_id=13089
> 
> Draft bans surrogate money and defines this as currency, including the
> electronic, used for payments or/and exchange, beside the ones described
> in federal law (definitely this includes bitcoins).
> 
> Emission, creating and distribution software for emission of money
> surrogates, distribution of information which can be used to emission
> money surrogates and/or operation with them, operation with money
> surrogates: 30-50k rubles ($750-1.25k) for citizens, 60-100k
> ($1.5k-2.5k) for govt officials, 500k-1m ($12.5k-25k) for legal entities.
> 
> Also it gives power to the Bank of Russia to censor websites related to
> the emission and operations with money surrogates.
> 
> If any Russians read this: you can add proxy=127.0.0.1:9050 to your
> bitcoin.conf/litecoin.conf/dogecoin.conf/etc., and this will proxy all
> your connection via Tor network (of course you need also to run Tor for
> that).
> 


-- 
https://nesterov.pw
GPG key: 0CE8 65F1 9043 2B11 25A5 74A7 1187 6869 67AA 56E4
https://keybase.io/komachi/key.asc




From coderman at gmail.com  Sat Dec 27 14:26:25 2014
From: coderman at gmail.com (coderman)
Date: Sat, 27 Dec 2014 14:26:25 -0800
Subject: crypto from the trenches - #31c3
Message-ID: <CAJVRA1Rwi2s6XJyFO0iCfTSUrRqfCu23d-FJgWNRV36-A2jpog@mail.gmail.com>

"I don't have a revocation key or a subkey" - admission of guilt?

this is sane practice compared to lesser alternatives of:
 - using revocations keys or subkeys improperly, leading to
vulnerability or loss of access (denial of service)
 - not using crypto at all, out of frustration.
 - using non-end-to-end encryption, out of frustration.

and in fact, if you have good operational controls and understanding,
with defense in depth, this is a reasonable solution.


---


one minute ago i mention my contempt for email in general, and my
special contempt for encryption over email. (see list archives and
threads by others :)

VLC works best on SD streams:
 rtmp://rtmp.stream.c3voc.de:1935/stream/s1_native_sd ,
            rtmp://rtmp.stream.c3voc.de:1935/stream/s2_native_sd ,
            rtmp://rtmp.stream.c3voc.de:1935/stream/s4_native_sd ,
            rtmp://rtmp.stream.c3voc.de:1935/stream/s3_native_sd

 web view is:
  http://streaming.media.ccc.de/saal1
  http://streaming.media.ccc.de/saal2
  http://streaming.media.ccc.de/saal6
  http://streaming.media.ccc.de/saalg

 i watched watching http://ecchacks.cr.yp.to/ on
 rtmp://rtmp.stream.c3voc.de:1935/stream/s1_native_sd and it was
flawless. this stream also flawless so far, on continuous feed over 3G
on Android VLC.


---

in addition to their report of hour for GPG over Email,

i see 15-20 min for Tor Browser and Of-the-Record plugin to Onion XMPP
on average.

also 20min for Qubes minspec setup:



### Custom CoreBoot Qubes FDE boot:

### Boot command, at grub> prompt, type:

  configfile (ahci0,msdos1)/grub2/grub.cfg


### At disk passphrase prompt, type:

aMiosowahcieFo2aLiewaibidoor4lie wae7ugaiFua5Yeushah3ahV6goowooyo


### When the graphical desktop starts, the user account password is:

  sunlight

### You will also need this password to unlock the screensaver if idle too long.


DONE.
 You will now be in the Qubes R2 Desktop Environment!

---

# Launching Document Editor
 1. Open the Qubes Quick Launch Menu at lower left.
 2. Select "Domain: editor" for the apps available in this VM.
 3. Then click "editor: LibreOff..." to launch Document Editor (Libre Office)


# Launching File Browser
 1. Open the Qubes Quick Launch Menu at lower left.
 2. Select "Domain: editor" for the apps available in this VM.
 3. Then click "editor: Files" to launch File Browser.
 NOTE: The File Browser is also how you can see mounted USB devices
       and also where to copy files back and forth, or just explore.

# USB Storage
 1. Plug in the USB device. Ignore the message notifications at lower right.
 2. Locate "Qubes VM Manager" Window. If you close by accident, re-launch.
 3. In "Qubes VM Manager" Window Menu, select to highlight "editor" VM
as row / item.
 4. Right-click on editor for VM menu, select -> "Attach/detach block devices"
 5. In the "Attach/detach" submenu, you should see your device listed.
      for example, "Attach: dom0: sdb 1863 GiB ST20000LM003_HN..."
 6. Click this option to attach storage.
 7. Launch "editor: Files" command, then select attached device at left sidebar.
      for example, "2.0 TB Volume"
 DONE!


# To Shutdown, you should always shutdown "gracefully" to avoid file
system issues.
 1. Open the Qubes Quick Launch Menu at lower left.
 2. Select "Leave" menu options, then "Shut down"
 3. Confirm the shut down prompt, or wait 30 seconds.


# Launching the "Qubes VM Manager"
 1. Usually started by default, it can be re-started if closed.
 2. Locate the System Quick Launch Menu at lower left. It is a blue Qubes icon.
 3. Open Launcher menu, then "System Tools" option.
 4. From "System Tools" menu, select -> "Qubes VM Manager"




From ryacko at gmail.com  Sun Dec 28 15:24:56 2014
From: ryacko at gmail.com (Ryan Carboni)
Date: Sun, 28 Dec 2014 15:24:56 -0800
Subject: [cryptography] NSA Attacks on VPN, SSL, TLS, SSH, Tor
In-Reply-To: <E1Y5N0C-0004yU-O8@elasmtp-dupuy.atl.sa.earthlink.net>
References: <E1Y5N0C-0004yU-O8@elasmtp-dupuy.atl.sa.earthlink.net>
Message-ID: <CAO7N=i32fsemAqUJjZ2jc3aL2J2KGfTtX3kB8_CKDPdjv5=T9g@mail.gmail.com>

On Sun, Dec 28, 2014 at 3:14 PM, John Young <jya at pipeline.com> wrote:

> Der Spiegel released largest single day number of Snowden docs today,
> 666 pages, on NSA Attacks on VPN, SSL, TLS, SSH, Tor.
>
>
> http://www.spiegel.de/international/world/nsa-documents-attacks-on-vpn-ssl-tls-ssh-tor-a-1010525.html
>
> We offer a RAR of the 44 docs:
>
> http://cryptome.org/2014/12/nsa-spiegel-14-1228.rar (197MB)
>
>
my browser says it's 188 MB... am I being man in the middled?



-Ryan C.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1045 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141228/e88ae61b/attachment.txt>

From list at sysfu.com  Sun Dec 28 16:51:44 2014
From: list at sysfu.com (Seth)
Date: Sun, 28 Dec 2014 16:51:44 -0800
Subject: NSA Attacks on VPN, SSL, TLS, SSH, Tor
In-Reply-To: <E1Y5N0C-0004yU-O8@elasmtp-dupuy.atl.sa.earthlink.net>
References: <E1Y5N0C-0004yU-O8@elasmtp-dupuy.atl.sa.earthlink.net>
Message-ID: <op.xrlt0ilkbgbjo9@work-pc.lan>

Related Spiegel article (hat tip to cryptoparty.is mailing list):  
http://www.spiegel.de/international/germany/inside-the-nsa-s-war-on-internet-security-a-1010361.html

The money quote:

"Things become "catastrophic" for the NSA at level five - when, for  
example, a subject uses a combination of Tor, another anonymization  
service, the instant messaging system CSpace and a system for Internet  
telephony (voice over IP) called ZRTP. This type of combination results in  
a "near-total loss/lack of insight to target communications, presence,"  
the NSA document states.

Would like to own an IP hard phone with built-in ZRTP support. So far Snom  
370s with TLS enabled firmware have been the next best thing.

Never even heard of IM system 'CSpace' before, no mention of in the cpunk  
archives either.

Might be standing up a MixMinion node after watching Tom Ritters talk at  
Defcon 21 'De-Anonymizing Alt.Anonymous.Messages'  
http://www.youtube.com/watch?v=_Tj6c2Ikq_E




From ryacko at gmail.com  Sun Dec 28 20:07:42 2014
From: ryacko at gmail.com (Ryan Carboni)
Date: Sun, 28 Dec 2014 20:07:42 -0800
Subject: [cryptography] [cryptome] Re: NSA Attacks on VPN, SSL, TLS, SSH,
 Tor
In-Reply-To: <E1Y5ONg-0007vK-TO@elasmtp-dupuy.atl.sa.earthlink.net>
References: <E1Y5N0C-0004yU-O8@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i32fsemAqUJjZ2jc3aL2J2KGfTtX3kB8_CKDPdjv5=T9g@mail.gmail.com>
 <CANAJOb5rmke1xhBM1iBE2DZLH_DiAvS52Bc2s-TuKQcRiVUuAA@mail.gmail.com>
 <E1Y5ONg-0007vK-TO@elasmtp-dupuy.atl.sa.earthlink.net>
Message-ID: <CAO7N=i2xWrm-c3MUYxV7mRAWtphXQ76GfAJLGTebapKZrCbNwQ@mail.gmail.com>

CRC failed in 'media-35515.pdf' file is broken

7zip says this.

I guess this is why John never promised anonymity to his sources, he can't
get zip files right.

On Sun, Dec 28, 2014 at 4:43 PM, John Young <jya at pipeline.com> wrote:

> File size varies with programs. A screen shot of the RAR tally
>
> http://cryptome.org/nsa-spiegel-rar.jpg
>
>
>
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1152 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141228/d22513e0/attachment.txt>

From gfoster at entersection.org  Sun Dec 28 20:50:14 2014
From: gfoster at entersection.org (Gregory Foster)
Date: Sun, 28 Dec 2014 22:50:14 -0600
Subject: [cryptography] [cryptome] Re: NSA Attacks on VPN, SSL, TLS, SSH, 
 Tor
In-Reply-To: <CAO7N=i2xWrm-c3MUYxV7mRAWtphXQ76GfAJLGTebapKZrCbNwQ@mail.gmail.com>
References: <E1Y5N0C-0004yU-O8@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i32fsemAqUJjZ2jc3aL2J2KGfTtX3kB8_CKDPdjv5=T9g@mail.gmail.com>
 <CANAJOb5rmke1xhBM1iBE2DZLH_DiAvS52Bc2s-TuKQcRiVUuAA@mail.gmail.com>
 <E1Y5ONg-0007vK-TO@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i2xWrm-c3MUYxV7mRAWtphXQ76GfAJLGTebapKZrCbNwQ@mail.gmail.com>
Message-ID: <54A0DD86.60805@entersection.org>

On 12/28/14 10:07 PM, Ryan Carboni wrote:
> CRC failed in 'media-35515.pdf' file is broken

http://www.spiegel.de/media/media-35515.pdf

> I guess this is why John never promised anonymity to his sources, he
> can't get zip files right.

Zip worked for me.  Thanks, John.

gf

-- 
Gregory Foster || gfoster at entersection.org
@gregoryfoster <> http://entersection.com/




From juan.g71 at gmail.com  Sun Dec 28 20:40:05 2014
From: juan.g71 at gmail.com (Juan)
Date: Mon, 29 Dec 2014 01:40:05 -0300
Subject: [cryptography] [cryptome] Re: NSA Attacks on VPN, SSL, TLS,
 SSH, Tor
In-Reply-To: <CAO7N=i2xWrm-c3MUYxV7mRAWtphXQ76GfAJLGTebapKZrCbNwQ@mail.gmail.com>
References: <E1Y5N0C-0004yU-O8@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i32fsemAqUJjZ2jc3aL2J2KGfTtX3kB8_CKDPdjv5=T9g@mail.gmail.com>
 <CANAJOb5rmke1xhBM1iBE2DZLH_DiAvS52Bc2s-TuKQcRiVUuAA@mail.gmail.com>
 <E1Y5ONg-0007vK-TO@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i2xWrm-c3MUYxV7mRAWtphXQ76GfAJLGTebapKZrCbNwQ@mail.gmail.com>
Message-ID: <54a0da99.67288c0a.4493.ffffd2cc@mx.google.com>

On Sun, 28 Dec 2014 20:07:42 -0800
Ryan Carboni <ryacko at gmail.com> wrote:

> CRC failed in 'media-35515.pdf' file is broken
> 
> 7zip says this.
> 
> I guess this is why John never promised anonymity to his sources, he
> can't get zip files right.



	I got the .rar and and decompressed it no problem.


	So...

	


> 
> On Sun, Dec 28, 2014 at 4:43 PM, John Young <jya at pipeline.com> wrote:
> 
> > File size varies with programs. A screen shot of the RAR tally
> >
> > http://cryptome.org/nsa-spiegel-rar.jpg
> >
> >
> >
> > _______________________________________________
> > cryptography mailing list
> > cryptography at randombit.net
> > http://lists.randombit.net/mailman/listinfo/cryptography
> >




From cathalgarvey at cathalgarvey.me  Mon Dec 29 00:02:04 2014
From: cathalgarvey at cathalgarvey.me (Cathal Garvey)
Date: Mon, 29 Dec 2014 08:02:04 +0000
Subject: [cryptography] [cryptome] Re: NSA Attacks on VPN, SSL, TLS, SSH, 
 Tor
In-Reply-To: <54A0F5A8.5050708@metaverse.org>
References: <E1Y5N0C-0004yU-O8@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i32fsemAqUJjZ2jc3aL2J2KGfTtX3kB8_CKDPdjv5=T9g@mail.gmail.com>
 <CANAJOb5rmke1xhBM1iBE2DZLH_DiAvS52Bc2s-TuKQcRiVUuAA@mail.gmail.com>
 <E1Y5ONg-0007vK-TO@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i2xWrm-c3MUYxV7mRAWtphXQ76GfAJLGTebapKZrCbNwQ@mail.gmail.com>
 <54A0DD86.60805@entersection.org> <54A0F5A8.5050708@metaverse.org>
Message-ID: <54A10A7C.20106@cathalgarvey.me>

Suggestion: Anyone with a correct version, post sha512 hashes to list. 
Those with hashes matching John: Do *NOT* change filename, make a 
single-file torrent, and start seeding. Should have same info-hash, so 
should simultaneously seed from same DHT node. John can post a magnet 
link here (or the torrent file on cryptome?) and we can get a verifiable 
version through P2P.

On 29/12/14 06:33, Peter Tonoli wrote:
> On 29/12/2014 3:50 pm, Gregory Foster wrote:
>> On 12/28/14 10:07 PM, Ryan Carboni wrote:
>>> CRC failed in 'media-35515.pdf' file is broken
>> http://www.spiegel.de/media/media-35515.pdf
>>
>>> I guess this is why John never promised anonymity to his sources, he
>>> can't get zip files right.
>> Zip worked for me.  Thanks, John.
>>
> Failed for me, using both UnArchiver and UnRarX :(




From jya at pipeline.com  Mon Dec 29 05:20:32 2014
From: jya at pipeline.com (John Young)
Date: Mon, 29 Dec 2014 08:20:32 -0500
Subject: NSA Attacks on VPN, SSL, TLS, SSH,  Tor
In-Reply-To: <54A10A7C.20106@cathalgarvey.me>
References: <E1Y5N0C-0004yU-O8@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i32fsemAqUJjZ2jc3aL2J2KGfTtX3kB8_CKDPdjv5=T9g@mail.gmail.com>
 <CANAJOb5rmke1xhBM1iBE2DZLH_DiAvS52Bc2s-TuKQcRiVUuAA@mail.gmail.com>
 <E1Y5ONg-0007vK-TO@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i2xWrm-c3MUYxV7mRAWtphXQ76GfAJLGTebapKZrCbNwQ@mail.gmail.com>
 <54A0DD86.60805@entersection.org> <54A0F5A8.5050708@metaverse.org>
 <54A10A7C.20106@cathalgarvey.me>
Message-ID: <E1Y5aCI-0006r7-L6@elasmtp-banded.atl.sa.earthlink.net>

 From discussion on these lists and elsewhere tampering with
data can, does, occur at every software and hardware hand-off,
with each self-serving iteration having hidden and vulnerable hardware
and software undisclosed malignity, no matter the security ostentatiously
applied: reputation, credibility, impeccability, highly trusted, crypto,
hashes, fail by ruses of unexamined modules and inevitable, unavoidable
deceptions of too little skill, too little time, too little 
suspicion, driven by
need to pay alimony, debts, IRS, loutish family's begging.

Selected hand-offs of innumerable:

Multiple devious inventors, manufacturers and handlers inside and outside NSA
Devious NSA leaking like a sieve to madly grabbing everything devious Snowden
Snowden madly shoveling everything to multiple exceptionally devious 
media persons
Multiple media persons to hyper devious lawyers, publishing staff, 
tech experts, govs consulted
Devious selections of data to publish, then revised, then corrected
DEvious posting on outlet web sites and shoveling to cohort journos
Devious "authenticating" of docs (the prime deception)

Deviously orchestrated subsequently:

Downloads of docs
Sharing of docs
Archiving of docs
Dropboxing, torrenting of docs
Biased analysis and cherrypicking of docs
Multiple tagging and piggybacking and implanting of docs
Shading, smearing, vaunting, lying about docs
Accusing and defending about docs
Writing, lecturing, TEDing about docs
Dismissing of docs, the threat, the countermeasures

Then deviously shipping, shopping fools to take blame
by signature-bold leaders of pro and con opportunities
or to a prize ceremony for valorizing the criminal prize-funder
and bestowing generous tax avoidances.

These vulns and subterfuges and braggardies are as old as
comsec, hyperbolized by the digital era for rep building,
monetizing, and political ideology. These lists survive on
ingesting these toxic fumes and expel multiple recyclings
of them for jingle-jangle of gullible consumers, here as in
in the spy agencies working the yokels.

"NSA" or some monstrous threat -- God, Google, Cisco, MS --
is inside our skulls and peripherals, left brain in mortal combat
with the right brain, digital vs analog. Or so we imagine the two
halves pretending opposition like officials and anarchists to
outfox deviously malign genitalia orchestrating brain to slave at
getting food, air and water -- rigging the mind game to lose
after 60-70 years of wanking the slot handle obsessively.

Hash this motherfucker, said math to germ.

At 03:02 AM 12/29/2014, you wrote:
>Suggestion: Anyone with a correct version, post sha512 hashes to 
>list. Those with hashes matching John: Do *NOT* change filename, 
>make a single-file torrent, and start seeding. Should have same 
>info-hash, so should simultaneously seed from same DHT node. John 
>can post a magnet link here (or the torrent file on cryptome?) and 
>we can get a verifiable version through P2P.
>
>On 29/12/14 06:33, Peter Tonoli wrote:
>>On 29/12/2014 3:50 pm, Gregory Foster wrote:
>>>On 12/28/14 10:07 PM, Ryan Carboni wrote:
>>>>CRC failed in 'media-35515.pdf' file is broken
>>>http://www.spiegel.de/media/media-35515.pdf
>>>
>>>>I guess this is why John never promised anonymity to his sources, he
>>>>can't get zip files right.
>>>Zip worked for me.  Thanks, John.
>>Failed for me, using both UnArchiver and UnRarX :(





From cypher at cpunk.us  Mon Dec 29 07:11:20 2014
From: cypher at cpunk.us (Cypher)
Date: Mon, 29 Dec 2014 09:11:20 -0600
Subject: Question about something said about Tor in the Der Spiegel data dump
Message-ID: <54A16F18.5020307@cpunk.us>

First, let me say I'm sorry if this is posted twice. My mail client gave
me an error and, since I still haven't seen it hit either list, I'm
sending it again. My apologies if this is a duplicate.

So I'm looking through the Der Spiegel data dump and noticed the
following statement on document 35543:

"The client must not be running a Tor router of their own..."

That made me thing of a few questions but I'm specifically wondering
what they mean here.

1. Do they mean that it is confusing to them if I am connecting to the
Tor network from a computer that also runs a relay but I do not have my
client configured to use my relay

or

2. Do they mean that it is confusing to them if I am connecting to the
Tor network through a relay running on my own machine?

Perhaps I'm not even asking this question correctly as it 'feels' like
the wrong way. But I'm curious. What are your thoughts?

Cypher




From jens at kubieziel.de  Mon Dec 29 01:29:33 2014
From: jens at kubieziel.de (Jens Kubieziel)
Date: Mon, 29 Dec 2014 10:29:33 +0100
Subject: [cryptography] [cryptome] Re: NSA Attacks on VPN, SSL, TLS, SSH, 
 Tor
In-Reply-To: <CAO7N=i2xWrm-c3MUYxV7mRAWtphXQ76GfAJLGTebapKZrCbNwQ@mail.gmail.com>
References: <E1Y5N0C-0004yU-O8@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i32fsemAqUJjZ2jc3aL2J2KGfTtX3kB8_CKDPdjv5=T9g@mail.gmail.com>
 <CANAJOb5rmke1xhBM1iBE2DZLH_DiAvS52Bc2s-TuKQcRiVUuAA@mail.gmail.com>
 <E1Y5ONg-0007vK-TO@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i2xWrm-c3MUYxV7mRAWtphXQ76GfAJLGTebapKZrCbNwQ@mail.gmail.com>
Message-ID: <20141229092933.GQ10260@kubieziel.de>

* Ryan Carboni schrieb am 2014-12-29 um 05:07 Uhr:
> CRC failed in 'media-35515.pdf' file is broken

You can also find a copy here:
ftp://151.217.170.35/uploads/NSA-DerSpiegel-31C3-Leak.tar.gz

-- 
Jens Kubieziel                                   http://www.kubieziel.de
"Das Reisen in die Vergangenheit nie möglich sein werden, beweist die
Tatsache, dass wir heute keine Besucher aus der Zukunft haben"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141229/1399a7ed/attachment.sig>

From marksteward at gmail.com  Mon Dec 29 02:50:31 2014
From: marksteward at gmail.com (Mark Steward)
Date: Mon, 29 Dec 2014 10:50:31 +0000
Subject: [cryptome] Re: [cryptography] NSA Attacks on VPN, SSL, TLS, SSH,
 Tor
In-Reply-To: <E1Y5ONg-0007vK-TO@elasmtp-dupuy.atl.sa.earthlink.net>
References: <E1Y5N0C-0004yU-O8@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i32fsemAqUJjZ2jc3aL2J2KGfTtX3kB8_CKDPdjv5=T9g@mail.gmail.com>
 <CANAJOb5rmke1xhBM1iBE2DZLH_DiAvS52Bc2s-TuKQcRiVUuAA@mail.gmail.com>
 <E1Y5ONg-0007vK-TO@elasmtp-dupuy.atl.sa.earthlink.net>
Message-ID: <CAPyX2nfoWy5YPET_GuNRhfrCKu1HJc9KAH25aSe5GN+bQRKvXw@mail.gmail.com>

On Mon, Dec 29, 2014 at 12:43 AM, John Young <jya at pipeline.com> wrote:

> File size varies with programs.
>
>
Do you have a sideline as a hard disk manufacturer?

File size is 196984634 bytes (188 MB). sha1sum
73d7437dba404d4cbe6eea3f2063d6b421f73cc9, md5sum
cee258814d24b1966e7bcf680b0b5e26.


Mark
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 687 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141229/eac8c958/attachment.txt>

From juan.g71 at gmail.com  Mon Dec 29 11:46:21 2014
From: juan.g71 at gmail.com (Juan)
Date: Mon, 29 Dec 2014 16:46:21 -0300
Subject: NSA Attacks on VPN, SSL, TLS, SSH,  Tor
In-Reply-To: <54A1897A.3060103@cathalgarvey.me>
References: <E1Y5N0C-0004yU-O8@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i32fsemAqUJjZ2jc3aL2J2KGfTtX3kB8_CKDPdjv5=T9g@mail.gmail.com>
 <CANAJOb5rmke1xhBM1iBE2DZLH_DiAvS52Bc2s-TuKQcRiVUuAA@mail.gmail.com>
 <E1Y5ONg-0007vK-TO@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i2xWrm-c3MUYxV7mRAWtphXQ76GfAJLGTebapKZrCbNwQ@mail.gmail.com>
 <54A0DD86.60805@entersection.org> <54A0F5A8.5050708@metaverse.org>
 <54A10A7C.20106@cathalgarvey.me>
 <E1Y5aCI-0006r7-L6@elasmtp-banded.atl.sa.earthlink.net>
 <54A1897A.3060103@cathalgarvey.me>
Message-ID: <54a1aefd.4380e00a.4f08.ffffc3d8@mx.google.com>




	I browsed something like 3/4 of the docs John linked and didn't
	find anything really interesting. A couple of them seem to have
	more substance than the typical slides-for-retards - Ill take a
	better look at those later.

	Anyway, I'm getting the impression that all the Snowden stuff
	that gets 'leaked'  to the public has been somehow approved by
	the US govt? 

	For instance, the 35539 doc about tor hidden services - less
	than zero 'secret' content? 




From cathalgarvey at cathalgarvey.me  Mon Dec 29 09:03:54 2014
From: cathalgarvey at cathalgarvey.me (Cathal Garvey)
Date: Mon, 29 Dec 2014 17:03:54 +0000
Subject: NSA Attacks on VPN, SSL, TLS, SSH,  Tor
In-Reply-To: <E1Y5aCI-0006r7-L6@elasmtp-banded.atl.sa.earthlink.net>
References: <E1Y5N0C-0004yU-O8@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i32fsemAqUJjZ2jc3aL2J2KGfTtX3kB8_CKDPdjv5=T9g@mail.gmail.com>
 <CANAJOb5rmke1xhBM1iBE2DZLH_DiAvS52Bc2s-TuKQcRiVUuAA@mail.gmail.com>
 <E1Y5ONg-0007vK-TO@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i2xWrm-c3MUYxV7mRAWtphXQ76GfAJLGTebapKZrCbNwQ@mail.gmail.com>
 <54A0DD86.60805@entersection.org> <54A0F5A8.5050708@metaverse.org>
 <54A10A7C.20106@cathalgarvey.me>
 <E1Y5aCI-0006r7-L6@elasmtp-banded.atl.sa.earthlink.net>
Message-ID: <54A1897A.3060103@cathalgarvey.me>

I'll just take that as "no, I won't post a hash", then.

29/12/14 13:20, John Young wrote:
>  From discussion on these lists and elsewhere tampering with
> data can, does, occur at every software and hardware hand-off,
> with each self-serving iteration having hidden and vulnerable hardware
> and software undisclosed malignity, no matter the security ostentatiously
> applied: reputation, credibility, impeccability, highly trusted, crypto,
> hashes, fail by ruses of unexamined modules and inevitable, unavoidable
> deceptions of too little skill, too little time, too little suspicion,
> driven by
> need to pay alimony, debts, IRS, loutish family's begging.
>
> Selected hand-offs of innumerable:
>
> Multiple devious inventors, manufacturers and handlers inside and
> outside NSA
> Devious NSA leaking like a sieve to madly grabbing everything devious
> Snowden
> Snowden madly shoveling everything to multiple exceptionally devious
> media persons
> Multiple media persons to hyper devious lawyers, publishing staff, tech
> experts, govs consulted
> Devious selections of data to publish, then revised, then corrected
> DEvious posting on outlet web sites and shoveling to cohort journos
> Devious "authenticating" of docs (the prime deception)
>
> Deviously orchestrated subsequently:
>
> Downloads of docs
> Sharing of docs
> Archiving of docs
> Dropboxing, torrenting of docs
> Biased analysis and cherrypicking of docs
> Multiple tagging and piggybacking and implanting of docs
> Shading, smearing, vaunting, lying about docs
> Accusing and defending about docs
> Writing, lecturing, TEDing about docs
> Dismissing of docs, the threat, the countermeasures
>
> Then deviously shipping, shopping fools to take blame
> by signature-bold leaders of pro and con opportunities
> or to a prize ceremony for valorizing the criminal prize-funder
> and bestowing generous tax avoidances.
>
> These vulns and subterfuges and braggardies are as old as
> comsec, hyperbolized by the digital era for rep building,
> monetizing, and political ideology. These lists survive on
> ingesting these toxic fumes and expel multiple recyclings
> of them for jingle-jangle of gullible consumers, here as in
> in the spy agencies working the yokels.
>
> "NSA" or some monstrous threat -- God, Google, Cisco, MS --
> is inside our skulls and peripherals, left brain in mortal combat
> with the right brain, digital vs analog. Or so we imagine the two
> halves pretending opposition like officials and anarchists to
> outfox deviously malign genitalia orchestrating brain to slave at
> getting food, air and water -- rigging the mind game to lose
> after 60-70 years of wanking the slot handle obsessively.
>
> Hash this motherfucker, said math to germ.
>
> At 03:02 AM 12/29/2014, you wrote:
>> Suggestion: Anyone with a correct version, post sha512 hashes to list.
>> Those with hashes matching John: Do *NOT* change filename, make a
>> single-file torrent, and start seeding. Should have same info-hash, so
>> should simultaneously seed from same DHT node. John can post a magnet
>> link here (or the torrent file on cryptome?) and we can get a
>> verifiable version through P2P.
>>
>> On 29/12/14 06:33, Peter Tonoli wrote:
>>> On 29/12/2014 3:50 pm, Gregory Foster wrote:
>>>> On 12/28/14 10:07 PM, Ryan Carboni wrote:
>>>>> CRC failed in 'media-35515.pdf' file is broken
>>>> http://www.spiegel.de/media/media-35515.pdf
>>>>
>>>>> I guess this is why John never promised anonymity to his sources, he
>>>>> can't get zip files right.
>>>> Zip worked for me.  Thanks, John.
>>> Failed for me, using both UnArchiver and UnRarX :(
>
>




From anarchie+cpunks at metaverse.org  Sun Dec 28 22:33:12 2014
From: anarchie+cpunks at metaverse.org (Peter Tonoli)
Date: Mon, 29 Dec 2014 17:33:12 +1100
Subject: [cryptography] [cryptome] Re: NSA Attacks on VPN, SSL, TLS, SSH, 
 Tor
In-Reply-To: <54A0DD86.60805@entersection.org>
References: <E1Y5N0C-0004yU-O8@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i32fsemAqUJjZ2jc3aL2J2KGfTtX3kB8_CKDPdjv5=T9g@mail.gmail.com>
 <CANAJOb5rmke1xhBM1iBE2DZLH_DiAvS52Bc2s-TuKQcRiVUuAA@mail.gmail.com>
 <E1Y5ONg-0007vK-TO@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i2xWrm-c3MUYxV7mRAWtphXQ76GfAJLGTebapKZrCbNwQ@mail.gmail.com>
 <54A0DD86.60805@entersection.org>
Message-ID: <54A0F5A8.5050708@metaverse.org>

On 29/12/2014 3:50 pm, Gregory Foster wrote:
> On 12/28/14 10:07 PM, Ryan Carboni wrote:
>> CRC failed in 'media-35515.pdf' file is broken
> http://www.spiegel.de/media/media-35515.pdf
>
>> I guess this is why John never promised anonymity to his sources, he
>> can't get zip files right.
> Zip worked for me.  Thanks, John.
>
Failed for me, using both UnArchiver and UnRarX :(




From gfoster at entersection.org  Mon Dec 29 15:46:54 2014
From: gfoster at entersection.org (Gregory Foster)
Date: Mon, 29 Dec 2014 17:46:54 -0600
Subject: Fwd: 78716A
In-Reply-To: <2554732e74a98a434b547e3c7bb27f7e@openmailbox.org>
References: <CAO7N=i2hkx5fOTrv8gsjq7xLLU-JZz6t5o2sF46VO_wR=Npx3Q@mail.gmail.com>
 <1E600E3F0039284CBA1DE5991A8BC948AD87C9DF@MSMR-GH1-UEA04.corp.nsa.gov>
 <CAO7N=i2_RhjjGS3_i0xN=ALQz4Yc0v9guVNtm2tfMYLssTtB2A@mail.gmail.com>
 <2554732e74a98a434b547e3c7bb27f7e@openmailbox.org>
Message-ID: <54A1E7EE.3050604@entersection.org>

On 12/29/14 5:10 PM, bluelotus at openmailbox.org wrote:
> Could you please post your FOIA and the address you mailed it to? I am
> interested in filing a FOIA on NSA. Thanks.

Consider using MuckRock to file your FOIA request, track the response
schedule, and automatically post responsive documents publicly:
https://www.muckrock.com/agency/united-states-of-america-10/national-security-agency-17/

You can review successful requests to the NSA to discern ways to
encourage timely responses, or use them as templates.  The MuckRock
folks are doing important work to provide an environment for FOIA
requestors to avoid duplicative efforts, automate the tedium, and create
a powerful new community.  You can follow interesting requests to be
notified when there are status changes and get the docs immediately.

gf

-- 
Gregory Foster || gfoster at entersection.org
@gregoryfoster <> http://entersection.com/




From bluelotus at openmailbox.org  Mon Dec 29 15:10:40 2014
From: bluelotus at openmailbox.org (bluelotus at openmailbox.org)
Date: Mon, 29 Dec 2014 18:10:40 -0500
Subject: Fwd: 78716A
In-Reply-To: <CAO7N=i2_RhjjGS3_i0xN=ALQz4Yc0v9guVNtm2tfMYLssTtB2A@mail.gmail.com>
References: <CAO7N=i2hkx5fOTrv8gsjq7xLLU-JZz6t5o2sF46VO_wR=Npx3Q@mail.gmail.com>
 <1E600E3F0039284CBA1DE5991A8BC948AD87C9DF@MSMR-GH1-UEA04.corp.nsa.gov>
 <CAO7N=i2_RhjjGS3_i0xN=ALQz4Yc0v9guVNtm2tfMYLssTtB2A@mail.gmail.com>
Message-ID: <2554732e74a98a434b547e3c7bb27f7e@openmailbox.org>

Could you please post your FOIA and the address you mailed it to? I am 
interested in filing a FOIA on NSA. Thanks.

On 12/18/2014 5:22 pm, Ryan Carboni wrote:
> Common Americans are no longer considered worth protecting as part of
> national security.
> -----------
> 
> 
>  Mr. Carboni,
> Thank you for providing the information below.  We have conducted an
> initial search within the organization that is most likely to hold 
> records.
> That organization advised that the request, as worded, is overly broad.
> Querying any of our organizations would likely result in the same
> response.  The phrase “malware transmitted through USB firmware” is 
> overly
> broad, such that any of our internal organizations would not be able to
> determine which files to search or be able to conduct a search with a
> reasonable amount of effort. Terms such as “malware” or “firmware” may 
> turn
> up in any number of NSA records and most likely would not be related to
> securing home networks. Furthermore, added search without a 
> clarification
> of context and specific records sought, would incur significant fees 
> which
> would be passed on to you as an “all other” requester.
> 
>   A large facet of the NSA/CSS mission is to protect National Security
> (i.e. government, DoD, Industry partners) information systems.  In 
> doing
> so, this Agency provides guidance on Information Assurance security
> solutions to our Industry and Government customers regarding risk,
> vulnerabilities, mitigations, and threats.  While it is not part of our
> mission to provide guidance on securing home networks, we may 
> occasionally
> post information on our website as you may recall from our letter. Our
> Information Assurance Directorate (IAD) has provided some information 
> to
> the public that may be of interest to you.  Here are some additional 
> links
> that you may peruse:
> 
> https://www.nsa.gov/ia/mitigation_guidance/index.shtml
> 
> https://www.nsa.gov/public_info/press_room/2014/nsa_seal_scam_alert.shtml
> (this is a recent article the does provides a link regarding malware)
> https://www.nsa.gov/ia/index.shtml  The last paragraph provides a video
> link under “IAD's Latest Security Guide Helps Customers Protect Home
> Networks,” and there is also a fact sheet titled “Best Practices for
> Keeping Your Home Network Secure.” Since the information you appear to 
> be
> requesting (protecting home networks) does not fall under the purview 
> of
> NSA/CSS missions, continued search of our files would not be 
> productive.
> Your request will be administratively closed as an improper FOIA.  If,
> after reviewing the information on our website, you wish to submit a 
> FOIA
> request on similar topic(s), please provide enough detail to allow for 
> an
> accurate and focused search.
> 
> Regards,
> 
> Cindy B
> NSA/CSS FOIA Requester Service Center
> 
> (301)688-6527




From afalex169 at gmail.com  Mon Dec 29 10:13:08 2014
From: afalex169 at gmail.com (=?UTF-8?B?INCQ0LvQtdC60YHQsNC90LTRgCA=?=)
Date: Mon, 29 Dec 2014 20:13:08 +0200
Subject: What the hell can be done with this trinity?
Message-ID: <CAEm6Kb+=OVtaqGWvUXuGw0qFCD=whb8-vs9=H7cpwMhZU=STSA@mail.gmail.com>

>From the "Spiegel" article

If all else fails, the NSA and its allies resort to brute force:
> 1. They hack their target's computers/
> 2.
> ​​
> They hack Internet routers to get to the secret encryption/
> 3. T
> ​​
> hey intercept computers on the way to their targets, open them and insert
> spy gear before they even reach their destination.


Ok. Nothing new.
​
But what the hell can be done with this trinity?
​​
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1458 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141229/361f6df1/attachment.txt>

From l at odewijk.nl  Mon Dec 29 11:59:15 2014
From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=)
Date: Mon, 29 Dec 2014 20:59:15 +0100
Subject: What the hell can be done with this trinity?
In-Reply-To: <CAEm6Kb+=OVtaqGWvUXuGw0qFCD=whb8-vs9=H7cpwMhZU=STSA@mail.gmail.com>
References: <CAEm6Kb+=OVtaqGWvUXuGw0qFCD=whb8-vs9=H7cpwMhZU=STSA@mail.gmail.com>
Message-ID: <CAHWD2r+-nfmP1qjxsHx7Oows+3_-yX4TN8+=bEdxQACHAND0ug@mail.gmail.com>

TL;DR below

2014-12-29 19:13 GMT+01:00 Александр <afalex169 at gmail.com>:

> If all else fails, the NSA and its allies resort to brute force:
>> 1. They hack their target's computers/
>>
>
Hardly brute force the way they do it.

The trick is (imho) small (ie: little complexity/code) validated (ie: using
good tricks) attack surfaces. Attack surface being (for every (sub-)system)
that which is able to receive potentially exploitative info.

So, again, make the security-sensitive code as obviously and undeniably
correct as possible.

And don't run any code that doesn't follow the guidelines. (That includes
every consumer-oriented OS ever, I guess)


> 2.
>> ​​
>> They hack Internet routers to get to the secret encryption.
>>
>
Ehh? Don't trust your network, it's silly to do so anyway. Or is this the
in-house routers? I think it kind of comes back to the first point. Maybe
"LANs don't have fences" is a thing to live by. Internet protocols have
never been that secure; everything about ARP spoofing still makes me cringe
a little, and having all those weak wifi-encryption schemes is also very
silly.


> 3. T
>> ​​
>> hey intercept computers on the way to their targets, open them and insert
>> spy gear before they even reach their destination.
>
>
This one is the one to *really* worry about. In fact, you should worry they
didn't already produce the hardware with exploits build in (*COUgh* Intel
Remote Administration *COUGH*) . I've yet to find a way for a rational
entity of any kind to objectively confirm it's own execution without a
trusted third party (although I could of course not be sure that I didn't
already find a way, because how could I trust myself to understand trust?)
and my personal favorite horror scenario is waking up in a world where all
my computers are little espionage boxes and I end up incapable of fixing it
because, well, everything anyone ever works with is a little NSA
observatory.

Most of the NSA's stuff had FETs for creating a radar-observable readout.
Radiation shielding your device is probably not very effective, but it's a
start. Jamming is probably more effective, and also probably not very
effective. Thing is, real life things are finicky. Perhaps a little more
noise makes it unworkable, who knows?

You *could* use "mirror neurons" for computers, simply replicate some of
the OPs from another person and voila, the NSA doesn't really know whom
they're spying on. Plausible deniability. A fake (recorded/streamed) USB
session, some webbrowsing, etc. This is a pretty silly idea, not really
worth it in 99.99% of the cases.

Tamper evident SOCs designed/produced under supervision of trusted
authority (a consortium of properly incentive-ed trustworthish parties, or
something like that) could mitigate this problem too. This strikes me as
surprisingly realistic; it seems fair to pay twice the usual
cost-per-performance to obtain a trustable die. If one also makes it open
source it'd be a god amongst SOCs. But remember, in the land of the blind
the one eyed man's king. This isn't my field though, so I'll pass on this
challenge.

TL;DR (To recap:)
Hacks? Don't be hackable (it's reasonably possible)
Router hacks? Irrelavant; don't trust your network (you don't need to)
Physical tempering? Apply lotion to ease the pain (am software guy)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 5336 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141229/18905674/attachment.txt>

From ryacko at gmail.com  Mon Dec 29 22:48:19 2014
From: ryacko at gmail.com (Ryan Carboni)
Date: Mon, 29 Dec 2014 22:48:19 -0800
Subject: Fwd: 78716A
In-Reply-To: <2554732e74a98a434b547e3c7bb27f7e@openmailbox.org>
References: <CAO7N=i2hkx5fOTrv8gsjq7xLLU-JZz6t5o2sF46VO_wR=Npx3Q@mail.gmail.com>
 <1E600E3F0039284CBA1DE5991A8BC948AD87C9DF@MSMR-GH1-UEA04.corp.nsa.gov>
 <CAO7N=i2_RhjjGS3_i0xN=ALQz4Yc0v9guVNtm2tfMYLssTtB2A@mail.gmail.com>
 <2554732e74a98a434b547e3c7bb27f7e@openmailbox.org>
Message-ID: <CAO7N=i3ZWguqdhFxw24Pe+j8uJggG7CZm-UGvOtXBnQFYQd5KA@mail.gmail.com>

http://www.nsa.gov/public_info/foia/submit_foia_request/foia_request_form.cfm

Records Requested: I request any information the NSA has on malware
transmitted through USB firmware.

I request this for personal, noncommercial purposes, particularly for
securing my own personal computer.

I authorize fees up to $20.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 515 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141229/52e11e85/attachment.txt>

From grarpamp at gmail.com  Mon Dec 29 22:32:44 2014
From: grarpamp at gmail.com (grarpamp)
Date: Tue, 30 Dec 2014 01:32:44 -0500
Subject: NSA Attacks on VPN, SSL, TLS, SSH, Tor
In-Reply-To: <54a1aefd.4380e00a.4f08.ffffc3d8@mx.google.com>
References: <E1Y5N0C-0004yU-O8@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i32fsemAqUJjZ2jc3aL2J2KGfTtX3kB8_CKDPdjv5=T9g@mail.gmail.com>
 <CANAJOb5rmke1xhBM1iBE2DZLH_DiAvS52Bc2s-TuKQcRiVUuAA@mail.gmail.com>
 <E1Y5ONg-0007vK-TO@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i2xWrm-c3MUYxV7mRAWtphXQ76GfAJLGTebapKZrCbNwQ@mail.gmail.com>
 <54A0DD86.60805@entersection.org> <54A0F5A8.5050708@metaverse.org>
 <54A10A7C.20106@cathalgarvey.me>
 <E1Y5aCI-0006r7-L6@elasmtp-banded.atl.sa.earthlink.net>
 <54A1897A.3060103@cathalgarvey.me>
 <54a1aefd.4380e00a.4f08.ffffc3d8@mx.google.com>
Message-ID: <CAD2Ti2_pWGRiv4brk+UnBdVPchsEmPc7a0_87dH-OY4hWcjZJg@mail.gmail.com>

On Mon, Dec 29, 2014 at 2:46 PM, Juan <juan.g71 at gmail.com> wrote:
>         Anyway, I'm getting the impression that all the Snowden stuff
>         that gets 'leaked'  to the public has been somehow approved by
>         the US govt?

It's well known that media seeks confirmation and approval from govts
before publishing anything. Bunch of fucking spineless sheep they are.
And these days any leaker who seeks an outlet instead of selfpublishing
both via and into the anonspace... is a media and govt dependant retard.
Ignore the traditional, revolutionize the process.




From grarpamp at gmail.com  Mon Dec 29 22:38:52 2014
From: grarpamp at gmail.com (grarpamp)
Date: Tue, 30 Dec 2014 01:38:52 -0500
Subject: [cryptography] NSA Attacks on VPN, SSL, TLS, SSH, Tor
In-Reply-To: <E1Y5aCI-0006r7-L6@elasmtp-banded.atl.sa.earthlink.net>
References: <E1Y5N0C-0004yU-O8@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i32fsemAqUJjZ2jc3aL2J2KGfTtX3kB8_CKDPdjv5=T9g@mail.gmail.com>
 <CANAJOb5rmke1xhBM1iBE2DZLH_DiAvS52Bc2s-TuKQcRiVUuAA@mail.gmail.com>
 <E1Y5ONg-0007vK-TO@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i2xWrm-c3MUYxV7mRAWtphXQ76GfAJLGTebapKZrCbNwQ@mail.gmail.com>
 <54A0DD86.60805@entersection.org> <54A0F5A8.5050708@metaverse.org>
 <54A10A7C.20106@cathalgarvey.me>
 <E1Y5aCI-0006r7-L6@elasmtp-banded.atl.sa.earthlink.net>
Message-ID: <CAD2Ti29FuSwuM8qZ3MsuyiPLEV7LJ4Lprx98crR7Ho1umCUfeQ@mail.gmail.com>

On Mon, Dec 29, 2014 at 8:20 AM, John Young <jya at pipeline.com> wrote:
> Hash this motherfucker, said math to germ.

JYA, you, as the original publisher of various and valued datasets...
the responsibility to calculate, sign, and publish said hashes rests with
you alone. Please consult with any trusted parties should you need
assistance in such matters. A future of archivers, disseminators, and
analysts will thank you.




From grarpamp at gmail.com  Mon Dec 29 23:28:56 2014
From: grarpamp at gmail.com (grarpamp)
Date: Tue, 30 Dec 2014 02:28:56 -0500
Subject: [tor-dev] Hidden service policies
In-Reply-To: <CANEZrP2Pw7+8_svm7sJ20efE0=szXCzZ4DgYvPsX=jRTt6B=XA@mail.gmail.com>
References: <CANEZrP2jriLF-mXYTg=B5kjJ2_PPOzNOZVrnRXc_T1gH7pA1MQ@mail.gmail.com>
 <CA+cU71kfSDj=o6Xtfk2rdx6vDDLNGvcND3Udr6BpVZQrqr9TaQ@mail.gmail.com>
 <CANEZrP24oxT+YDgLFe9AasgJDPGWMV9HL33=d0tHSf4WgaOpVg@mail.gmail.com>
 <1405962135.31346.17.camel@anglachel>
 <CANEZrP3NMgzYVUm8HVMr_V+WNXedqRbQiT2R-DQ5-qNtP9wvRA@mail.gmail.com>
 <1406063168.7012.21.camel@anglachel>
 <CANEZrP2Pw7+8_svm7sJ20efE0=szXCzZ4DgYvPsX=jRTt6B=XA@mail.gmail.com>
Message-ID: <CAD2Ti29S8pSzsMUKkOKNOVWPKjGKv3OhZAjhZjC-eG0rMTB3SQ@mail.gmail.com>

I've blocked Mike's known nodes from my configs
as I simply do not agree with his apparent ethos
in this regard. That being themes of censorship, policing, etc.
It's better individuals decide for themselves, or upon
peer input, than upon hard forms of tracking prevail. There
is a lot of oppurtunity and in fact effecting the desired
outcomes in permitting such freedoms. But only
misunderstanding and debilitating hatred and lack of
progress of society in such proposed controls as Mike
hints at from time to time. In example via forum, the power
of interpretation is upon the consumer, and is received
by the publisher. There is feedback there such that the
Mike's of the world need not be entertained.




From grarpamp at gmail.com  Tue Dec 30 00:54:58 2014
From: grarpamp at gmail.com (grarpamp)
Date: Tue, 30 Dec 2014 03:54:58 -0500
Subject: List Administrivia
Message-ID: <CAD2Ti287Si8G2sSKbe4hCNYvD8MgDh+bfXq283vydSG=V8E2GQ@mail.gmail.com>

I believe google may be offering to transmit a better
combination than RC4-SHA. Please check configs on
your receive end.

Received:
from antiproton.jfet.org (antiproton.jfet.org. [209.141.47.85])
by mx.google.com with ESMTPS id bar
(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128)
30 Dec 2014

Received:
from google.com (google.com [a.b.c.d])
by antiproton.jfet.org (8.14.4/8.14.4/Debian-4.1) with ESMTP id foo
(version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT)
for <cypherpunks at cpunks.org>
30 Dec 2014




From mirimir at riseup.net  Tue Dec 30 04:08:23 2014
From: mirimir at riseup.net (Mirimir)
Date: Tue, 30 Dec 2014 05:08:23 -0700
Subject: NSA Attacks on VPN, SSL, TLS, SSH, Tor
In-Reply-To: <trinity-6b6220f1-c992-4577-87b3-bb328e7cf142-1419936429506@3capp-mailcom-bs11>
References: <E1Y5N0C-0004yU-O8@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i32fsemAqUJjZ2jc3aL2J2KGfTtX3kB8_CKDPdjv5=T9g@mail.gmail.com>
 <CANAJOb5rmke1xhBM1iBE2DZLH_DiAvS52Bc2s-TuKQcRiVUuAA@mail.gmail.com>
 <E1Y5ONg-0007vK-TO@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i2xWrm-c3MUYxV7mRAWtphXQ76GfAJLGTebapKZrCbNwQ@mail.gmail.com>
 <54A0DD86.60805@entersection.org> <54A0F5A8.5050708@metaverse.org>
 <54A10A7C.20106@cathalgarvey.me>
 <E1Y5aCI-0006r7-L6@elasmtp-banded.atl.sa.earthlink.net>
 <54A1897A.3060103@cathalgarvey.me>
 <54a1aefd.4380e00a.4f08.ffffc3d8@mx.google.com>,
 <CAD2Ti2_pWGRiv4brk+UnBdVPchsEmPc7a0_87dH-OY4hWcjZJg@mail.gmail.com>
 <trinity-6b6220f1-c992-4577-87b3-bb328e7cf142-1419936429506@3capp-mailcom-bs11>
Message-ID: <54A295B7.3050801@riseup.net>

On 12/30/2014 03:47 AM, Jason Richards wrote:
> On Tue, 30 Dec 2014 01:32:44 -0500 grarpamp <grarpamp at gmail.com> wrote:
>> On Mon, Dec 29, 2014 at 2:46 PM, Juan <juan.g71 at gmail.com> wrote:
>>>         Anyway, I'm getting the impression that all the Snowden
>>>         stuff that gets 'leaked'  to the public has been somehow
>>>         approved by the US govt?
>>
>> It's well known that media seeks confirmation and approval from govts
>> before publishing anything.
> 
> OK, I'll bite: why? What benefit does the US govt get from the
> information leaked by Snowden?
> 
> J

Benefit? Who knows? But media asks for comment, and government gets the
chance to argue against release, and for redaction.




From jya at pipeline.com  Tue Dec 30 04:17:16 2014
From: jya at pipeline.com (John Young)
Date: Tue, 30 Dec 2014 07:17:16 -0500
Subject: [cryptography] NSA Attacks on VPN, SSL, TLS, SSH, Tor
In-Reply-To: <CAGRDzQX=ZfNcm91XiBYXpPvmg8_wMGhVFAP22rFkkwC2uXULLQ@mail.g
 mail.com>
References: <E1Y5N0C-0004yU-O8@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i32fsemAqUJjZ2jc3aL2J2KGfTtX3kB8_CKDPdjv5=T9g@mail.gmail.com>
 <CANAJOb5rmke1xhBM1iBE2DZLH_DiAvS52Bc2s-TuKQcRiVUuAA@mail.gmail.com>
 <E1Y5ONg-0007vK-TO@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i2xWrm-c3MUYxV7mRAWtphXQ76GfAJLGTebapKZrCbNwQ@mail.gmail.com>
 <54A0DD86.60805@entersection.org> <54A0F5A8.5050708@metaverse.org>
 <54A10A7C.20106@cathalgarvey.me>
 <E1Y5aCI-0006r7-L6@elasmtp-banded.atl.sa.earthlink.net>
 <CAD2Ti29FuSwuM8qZ3MsuyiPLEV7LJ4Lprx98crR7Ho1umCUfeQ@mail.gmail.com>
 <CAGRDzQX=ZfNcm91XiBYXpPvmg8_wMGhVFAP22rFkkwC2uXULLQ@mail.gmail.com>
Message-ID: <E1Y5vg3-0003vO-Hy@elasmtp-banded.atl.sa.earthlink.net>

Cryptome does not pretend to provide illusory security, that is security.
It is a vile, rotten, corrupt endeavor, like life. Chuckle.

Visitors, readers, consumers must be skeptical of security, and not rely
upon security promoters, their followers and investors who exploit
dependency by fear uncertainty and doubt.

Skepticism of security claims and methods is one of the purposes of
these lists. Perhaps the main purpose, although it is commonplace for
these lists to be used for soliciting befuddled consumers to hop aboard
the gravy train. Now and then skeptcism of the security arises but is usually
suppressed during times of crisis when incentive is rich to promote poor
products and services. Governments, commerce, orgs, experts cooperate
to foster crises under guise of opposition.

This applies to all forms of security, safety, protection, defense, hygienic
pharma.

Still, Cryptome endorses the continuing struggle to improve citizen
protection, not only as a job, career, industry, but as citizens' obligation
to bear responsibility for the commonweal against its inside and outside
enemies, if you will, common math against the deadly germs.

One way to do that is to not oversell it, tone down the threats, reduce
drumbeating, avoid hyperbole for and against, forego advertising,
gang-bang hectoring, circle jerk conferencing, TEDing, prize bestowing,
to quietly invent, improve, critique, test, apply, re-test often, expect to
be deceived by colleagues witting or unwitting, especially by sales,
politicians, authoritarians -- the persistent germs.




At 02:50 AM 12/30/2014, you wrote:
>john likes to be poetic as a wall - dear john please listen to the 
>smart people and have a small bit of humility - it will make you 
>better at your job and we need EVERYONE to step up and be better at their jobs
>
>On Tue, Dec 30, 2014 at 7:38 AM, grarpamp 
><<mailto:grarpamp at gmail.com>grarpamp at gmail.com> wrote:
>On Mon, Dec 29, 2014 at 8:20 AM, John Young 
><<mailto:jya at pipeline.com>jya at pipeline.com> wrote:
> > Hash this motherfucker, said math to germ.
>
>JYA, you, as the original publisher of various and valued datasets...
>the responsibility to calculate, sign, and publish said hashes rests with
>you alone. Please consult with any trusted parties should you need
>assistance in such matters. A future of archivers, disseminators, and
>analysts will thank you.
>
>
>
>
>--
>Cari Machet
>NYC 646-436-7795
><mailto:carimachet at gmail.com>carimachet at gmail.com
>AIM carismachet
>Syria +963-099 277 3243
>Amman +962 077 636 9407
>Berlin +49 152 11779219
>Reykjavik +354 894 8650
>Twitter: @carimachet 
><<https://twitter.com/carimachet>https://twitter.com/carimachet>
>
>7035 690E 5E47 41D4 B0E5 B3D1 AF90 49D6 BE09 2187
>
>Ruh-roh, this is now necessary: This email is intended only for the
>addressee(s) and may contain confidential information. If you are not the
>intended recipient, you are hereby notified that any use of this
>information, dissemination, distribution, or copying of this email without
>permission is strictly prohibited.
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3491 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141230/1e567829/attachment.txt>

From afalex169 at gmail.com  Mon Dec 29 22:31:44 2014
From: afalex169 at gmail.com (=?UTF-8?B?INCQ0LvQtdC60YHQsNC90LTRgCA=?=)
Date: Tue, 30 Dec 2014 08:31:44 +0200
Subject: [cryptome] Re: What the hell can be done with this trinity?
In-Reply-To: <CAEm6Kb+LBNwDrSV3X+KXidpZBxVimMsxkiHW_rpB+G_s8OL-2Q@mail.gmail.com>
References: <CAEm6Kb+=OVtaqGWvUXuGw0qFCD=whb8-vs9=H7cpwMhZU=STSA@mail.gmail.com>
 <54A1AB5E.6040204@gmail.com>
 <CAEm6Kb+LBNwDrSV3X+KXidpZBxVimMsxkiHW_rpB+G_s8OL-2Q@mail.gmail.com>
Message-ID: <CAEm6Kb+nHiBY1t9j_O9DVT6Hkh+HNJkpT6TQed7i38DUAFmTXw@mail.gmail.com>

Lodewijk,
Thank you very much for your broad answer.
Food for thought and action.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 394 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141230/e9d77e22/attachment.txt>

From carimachet at gmail.com  Mon Dec 29 23:50:40 2014
From: carimachet at gmail.com (Cari Machet)
Date: Tue, 30 Dec 2014 08:50:40 +0100
Subject: [cryptography] NSA Attacks on VPN, SSL, TLS, SSH, Tor
In-Reply-To: <CAD2Ti29FuSwuM8qZ3MsuyiPLEV7LJ4Lprx98crR7Ho1umCUfeQ@mail.gmail.com>
References: <E1Y5N0C-0004yU-O8@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i32fsemAqUJjZ2jc3aL2J2KGfTtX3kB8_CKDPdjv5=T9g@mail.gmail.com>
 <CANAJOb5rmke1xhBM1iBE2DZLH_DiAvS52Bc2s-TuKQcRiVUuAA@mail.gmail.com>
 <E1Y5ONg-0007vK-TO@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i2xWrm-c3MUYxV7mRAWtphXQ76GfAJLGTebapKZrCbNwQ@mail.gmail.com>
 <54A0DD86.60805@entersection.org> <54A0F5A8.5050708@metaverse.org>
 <54A10A7C.20106@cathalgarvey.me>
 <E1Y5aCI-0006r7-L6@elasmtp-banded.atl.sa.earthlink.net>
 <CAD2Ti29FuSwuM8qZ3MsuyiPLEV7LJ4Lprx98crR7Ho1umCUfeQ@mail.gmail.com>
Message-ID: <CAGRDzQX=ZfNcm91XiBYXpPvmg8_wMGhVFAP22rFkkwC2uXULLQ@mail.gmail.com>

john likes to be poetic as a wall - dear john please listen to the smart
people and have a small bit of humility - it will make you better at your
job and we need EVERYONE to step up and be better at their jobs

On Tue, Dec 30, 2014 at 7:38 AM, grarpamp <grarpamp at gmail.com> wrote:

> On Mon, Dec 29, 2014 at 8:20 AM, John Young <jya at pipeline.com> wrote:
> > Hash this motherfucker, said math to germ.
>
> JYA, you, as the original publisher of various and valued datasets...
> the responsibility to calculate, sign, and publish said hashes rests with
> you alone. Please consult with any trusted parties should you need
> assistance in such matters. A future of archivers, disseminators, and
> analysts will thank you.
>



-- 
Cari Machet
NYC 646-436-7795
carimachet at gmail.com
AIM carismachet
Syria +963-099 277 3243
Amman +962 077 636 9407
Berlin +49 152 11779219
Reykjavik +354 894 8650
Twitter: @carimachet <https://twitter.com/carimachet>

7035 690E 5E47 41D4 B0E5 B3D1 AF90 49D6 BE09 2187

Ruh-roh, this is now necessary: This email is intended only for the
addressee(s) and may contain confidential information. If you are not the
intended recipient, you are hereby notified that any use of this
information, dissemination, distribution, or copying of this email without
permission is strictly prohibited.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1983 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141230/1f2dd709/attachment.txt>

From carimachet at gmail.com  Tue Dec 30 00:06:45 2014
From: carimachet at gmail.com (Cari Machet)
Date: Tue, 30 Dec 2014 09:06:45 +0100
Subject: [cryptography] NSA Attacks on VPN, SSL, TLS, SSH, Tor
In-Reply-To: <CAGRDzQX=ZfNcm91XiBYXpPvmg8_wMGhVFAP22rFkkwC2uXULLQ@mail.gmail.com>
References: <E1Y5N0C-0004yU-O8@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i32fsemAqUJjZ2jc3aL2J2KGfTtX3kB8_CKDPdjv5=T9g@mail.gmail.com>
 <CANAJOb5rmke1xhBM1iBE2DZLH_DiAvS52Bc2s-TuKQcRiVUuAA@mail.gmail.com>
 <E1Y5ONg-0007vK-TO@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i2xWrm-c3MUYxV7mRAWtphXQ76GfAJLGTebapKZrCbNwQ@mail.gmail.com>
 <54A0DD86.60805@entersection.org> <54A0F5A8.5050708@metaverse.org>
 <54A10A7C.20106@cathalgarvey.me>
 <E1Y5aCI-0006r7-L6@elasmtp-banded.atl.sa.earthlink.net>
 <CAD2Ti29FuSwuM8qZ3MsuyiPLEV7LJ4Lprx98crR7Ho1umCUfeQ@mail.gmail.com>
 <CAGRDzQX=ZfNcm91XiBYXpPvmg8_wMGhVFAP22rFkkwC2uXULLQ@mail.gmail.com>
Message-ID: <CAGRDzQXXJCh+Rw=V-bt1nQSgR4nih0U4ot1+M1yn=QxrjQ2u3A@mail.gmail.com>

juan it is common knowledge that the snowden so called fucking leaks are
given to the US gov before publication

always remember and never forget gg was fully behind the war in iraq and
why was he fully behind it ? revenge ... that tells you the mind that is
working on the so called leaks

also laura she was an embed journo in iraq - something an activist journo
wouldnt even think about doing lets not even fully talk about that she
blindly backs the assange wikileaks 'merger' into one entity

and jeremy scahill did a selfie (among other ethical violations against
woman) in samalia with a dead body in a morgue for his little movie, again
something journalists dont do - even pond scum journalists dont get their
picture took with dead bodies for camera - these are the ethical parameters
of the people working with the info

On Tue, Dec 30, 2014 at 8:50 AM, Cari Machet <carimachet at gmail.com> wrote:

> john likes to be poetic as a wall - dear john please listen to the smart
> people and have a small bit of humility - it will make you better at your
> job and we need EVERYONE to step up and be better at their jobs
>
> On Tue, Dec 30, 2014 at 7:38 AM, grarpamp <grarpamp at gmail.com> wrote:
>
>> On Mon, Dec 29, 2014 at 8:20 AM, John Young <jya at pipeline.com> wrote:
>> > Hash this motherfucker, said math to germ.
>>
>> JYA, you, as the original publisher of various and valued datasets...
>> the responsibility to calculate, sign, and publish said hashes rests with
>> you alone. Please consult with any trusted parties should you need
>> assistance in such matters. A future of archivers, disseminators, and
>> analysts will thank you.
>>
>
>
>
> --
> Cari Machet
> NYC 646-436-7795
> carimachet at gmail.com
> AIM carismachet
> Syria +963-099 277 3243
> Amman +962 077 636 9407
> Berlin +49 152 11779219
> Reykjavik +354 894 8650
> Twitter: @carimachet <https://twitter.com/carimachet>
>
> 7035 690E 5E47 41D4 B0E5 B3D1 AF90 49D6 BE09 2187
>
> Ruh-roh, this is now necessary: This email is intended only for the
> addressee(s) and may contain confidential information. If you are not the
> intended recipient, you are hereby notified that any use of this
> information, dissemination, distribution, or copying of this email without
> permission is strictly prohibited.
>
>
>


-- 
Cari Machet
NYC 646-436-7795
carimachet at gmail.com
AIM carismachet
Syria +963-099 277 3243
Amman +962 077 636 9407
Berlin +49 152 11779219
Reykjavik +354 894 8650
Twitter: @carimachet <https://twitter.com/carimachet>

7035 690E 5E47 41D4 B0E5 B3D1 AF90 49D6 BE09 2187

Ruh-roh, this is now necessary: This email is intended only for the
addressee(s) and may contain confidential information. If you are not the
intended recipient, you are hereby notified that any use of this
information, dissemination, distribution, or copying of this email without
permission is strictly prohibited.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 4369 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141230/57c06f3d/attachment.txt>

From hozer at hozed.org  Tue Dec 30 07:09:08 2014
From: hozer at hozed.org (Troy Benjegerdes)
Date: Tue, 30 Dec 2014 09:09:08 -0600
Subject: NSA Attacks on VPN, SSL, TLS, SSH, Tor
In-Reply-To: <CAGRDzQW+4QaM9YpzC46pabWzi2iw5y7ZiFZex3_Kdx5h0z+3=A@mail.gmail.com>
References: <54A0DD86.60805@entersection.org> <54A0F5A8.5050708@metaverse.org>
 <54A10A7C.20106@cathalgarvey.me>
 <E1Y5aCI-0006r7-L6@elasmtp-banded.atl.sa.earthlink.net>
 <54A1897A.3060103@cathalgarvey.me>
 <54a1aefd.4380e00a.4f08.ffffc3d8@mx.google.com>
 <CAD2Ti2_pWGRiv4brk+UnBdVPchsEmPc7a0_87dH-OY4hWcjZJg@mail.gmail.com>
 <trinity-6b6220f1-c992-4577-87b3-bb328e7cf142-1419936429506@3capp-mailcom-bs11>
 <54A295B7.3050801@riseup.net>
 <CAGRDzQW+4QaM9YpzC46pabWzi2iw5y7ZiFZex3_Kdx5h0z+3=A@mail.gmail.com>
Message-ID: <20141230150908.GY29130@nl.grid.coop>

The US government benefits greatly from dissidents in North Korea, 
China, Russia, Japan, and Germany being able to effectively use Tor
to exfiltrate business intelligence and leak it to the people that
run this country, the campaign contributors.

The ability to use Tor to anonymously gather information about what
multinational companies are planning to do is very valuable to said
multinational companies. What's amusing about this is it's good for
the CEOs, security officers, security agencies, and sentient high
frequency trading AI's, but not very good for most investors.

The US government is not a single entity, it is full of people who
have biases, turf battles, and mixed loyalties. So there are parts
that fund tor, for ideological reasons, and parts that hate it, and
they are playing very long-term battles with each other, in addition
to the perceived 'battle' between the noble cypherpunks and the
despotic good for nothing government

On Tue, Dec 30, 2014 at 02:41:57PM +0100, Cari Machet wrote:
> ask yourself what does the US government benefit from the mere existence of
> tor let alone the use?
> 
> why would they fund tor?
> 
> is it really not obvious?
> 
> bait and switch tactics - 'they' are 'us' - infiltration - knowledge....
> fucking us
> 
> to see where we are blah blah blah tech wise and head wise to be able to
> take out kim dot coms etc .... where are all the bad anti-capitalist
> children playing? .... how would they know?
> 
> i would argue they dont care if people know about snowden shit cause what
> they have in line for the future is beyond all of what snowden knew what he
> used - they dont think in terms of this generation like the people are
> taught to do - they think incredibly long term
> 
> the system is not stupid in this way but in other ways yes
> 
> it is performative - political theater .... keep those brats busy... its
> like a false flag
> 
> also the media does not have to abide by these shit rules but intercourse
> online magazine chooses to align while everyone bows down to laura poitras
> like she is fucking god and they do all kinds of sucking at gg - its
> disgusting.... isnt it john?
> 
> On Tue, Dec 30, 2014 at 1:08 PM, Mirimir <mirimir at riseup.net> wrote:
> 
> > On 12/30/2014 03:47 AM, Jason Richards wrote:
> > > On Tue, 30 Dec 2014 01:32:44 -0500 grarpamp <grarpamp at gmail.com> wrote:
> > >> On Mon, Dec 29, 2014 at 2:46 PM, Juan <juan.g71 at gmail.com> wrote:
> > >>>         Anyway, I'm getting the impression that all the Snowden
> > >>>         stuff that gets 'leaked'  to the public has been somehow
> > >>>         approved by the US govt?
> > >>
> > >> It's well known that media seeks confirmation and approval from govts
> > >> before publishing anything.
> > >
> > > OK, I'll bite: why? What benefit does the US govt get from the
> > > information leaked by Snowden?
> > >
> > > J
> >
> > Benefit? Who knows? But media asks for comment, and government gets the
> > chance to argue against release, and for redaction.
> >
> 
> 
> 
> -- 
> Cari Machet
> NYC 646-436-7795
> carimachet at gmail.com
> AIM carismachet
> Syria +963-099 277 3243
> Amman +962 077 636 9407
> Berlin +49 152 11779219
> Reykjavik +354 894 8650
> Twitter: @carimachet <https://twitter.com/carimachet>
> 
> 7035 690E 5E47 41D4 B0E5 B3D1 AF90 49D6 BE09 2187
> 
> Ruh-roh, this is now necessary: This email is intended only for the
> addressee(s) and may contain confidential information. If you are not the
> intended recipient, you are hereby notified that any use of this
> information, dissemination, distribution, or copying of this email without
> permission is strictly prohibited.

-- 
----------------------------------------------------------------------------
Troy Benjegerdes                 'da hozer'                  hozer at hozed.org
7 elements      earth::water::air::fire::mind::spirit::soul        grid.coop

      Never pick a fight with someone who buys ink by the barrel,
         nor try buy a hacker who makes money by the megahash




From william at tuffbizz.com  Tue Dec 30 07:18:05 2014
From: william at tuffbizz.com (William Woodruff)
Date: Tue, 30 Dec 2014 10:18:05 -0500
Subject: NSA Attacks on VPN, SSL, TLS, SSH, Tor
In-Reply-To: <CAGRDzQW+4QaM9YpzC46pabWzi2iw5y7ZiFZex3_Kdx5h0z+3=A@mail.gmail.com>
References: <E1Y5N0C-0004yU-O8@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i32fsemAqUJjZ2jc3aL2J2KGfTtX3kB8_CKDPdjv5=T9g@mail.gmail.com>
 <CANAJOb5rmke1xhBM1iBE2DZLH_DiAvS52Bc2s-TuKQcRiVUuAA@mail.gmail.com>
 <E1Y5ONg-0007vK-TO@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i2xWrm-c3MUYxV7mRAWtphXQ76GfAJLGTebapKZrCbNwQ@mail.gmail.com>
 <54A0DD86.60805@entersection.org> <54A0F5A8.5050708@metaverse.org>
 <54A10A7C.20106@cathalgarvey.me>
 <E1Y5aCI-0006r7-L6@elasmtp-banded.atl.sa.earthlink.net>
 <54A1897A.3060103@cathalgarvey.me>
 <54a1aefd.4380e00a.4f08.ffffc3d8@mx.google.com>
 <CAD2Ti2_pWGRiv4brk+UnBdVPchsEmPc7a0_87dH-OY4hWcjZJg@mail.gmail.com>
 <trinity-6b6220f1-c992-4577-87b3-bb328e7cf142-1419936429506@3capp-mailcom-bs11>
 <54A295B7.3050801@riseup.net>
 <CAGRDzQW+4QaM9YpzC46pabWzi2iw5y7ZiFZex3_Kdx5h0z+3=A@mail.gmail.com>
Message-ID: <54A2C22D.7090404@tuffbizz.com>

Well, for one, the military has plenty of uses for Tor. Anonymous
networks protect wartime informants, and spies in other countries.

The US gov't also funded the Internet, via ARPA's research into
packet-switching.

I don't think it's an elaborate plan - just irony.

William

On 12/30/2014 08:41 AM, Cari Machet wrote:
> ask yourself what does the US government benefit from the mere existence
> of tor let alone the use?
> 
> why would they fund tor?
> 
> is it really not obvious?
> 
> bait and switch tactics - 'they' are 'us' - infiltration - knowledge....
> fucking us
> 
> to see where we are blah blah blah tech wise and head wise to be able to
> take out kim dot coms etc .... where are all the bad anti-capitalist
> children playing? .... how would they know?
> 
> i would argue they dont care if people know about snowden shit cause
> what they have in line for the future is beyond all of what snowden knew
> what he used - they dont think in terms of this generation like the
> people are taught to do - they think incredibly long term
> 
> the system is not stupid in this way but in other ways yes
> 
> it is performative - political theater .... keep those brats busy... its
> like a false flag
> 
> also the media does not have to abide by these shit rules but
> intercourse online magazine chooses to align while everyone bows down to
> laura poitras like she is fucking god and they do all kinds of sucking
> at gg - its disgusting.... isnt it john?
> 
> On Tue, Dec 30, 2014 at 1:08 PM, Mirimir <mirimir at riseup.net
> <mailto:mirimir at riseup.net>> wrote:
> 
>     On 12/30/2014 03:47 AM, Jason Richards wrote:
>     > On Tue, 30 Dec 2014 01:32:44 -0500 grarpamp <grarpamp at gmail.com
>     <mailto:grarpamp at gmail.com>> wrote:
>     >> On Mon, Dec 29, 2014 at 2:46 PM, Juan <juan.g71 at gmail.com
>     <mailto:juan.g71 at gmail.com>> wrote:
>     >>>         Anyway, I'm getting the impression that all the Snowden
>     >>>         stuff that gets 'leaked'  to the public has been somehow
>     >>>         approved by the US govt?
>     >>
>     >> It's well known that media seeks confirmation and approval from govts
>     >> before publishing anything.
>     >
>     > OK, I'll bite: why? What benefit does the US govt get from the
>     > information leaked by Snowden?
>     >
>     > J
> 
>     Benefit? Who knows? But media asks for comment, and government gets the
>     chance to argue against release, and for redaction.
> 
> 
> 
> 
> -- 
> Cari Machet
> NYC 646-436-7795
> carimachet at gmail.com <mailto:carimachet at gmail.com>
> AIM carismachet
> Syria +963-099 277 3243
> Amman +962 077 636 9407
> Berlin +49 152 11779219
> Reykjavik +354 894 8650
> Twitter: @carimachet <https://twitter.com/carimachet>
> 
> 7035 690E 5E47 41D4 B0E5 B3D1 AF90 49D6 BE09 2187
> 
> Ruh-roh, this is now necessary: This email is intended only for the
> addressee(s) and may contain confidential information. If you are not the
> intended recipient, you are hereby notified that any use of this
> information, dissemination, distribution, or copying of this email without
> permission is strictly prohibited.
> 
> 




From jjr2 at gmx.com  Tue Dec 30 02:47:09 2014
From: jjr2 at gmx.com (Jason Richards)
Date: Tue, 30 Dec 2014 11:47:09 +0100
Subject: NSA Attacks on VPN, SSL, TLS, SSH, Tor
In-Reply-To: <CAD2Ti2_pWGRiv4brk+UnBdVPchsEmPc7a0_87dH-OY4hWcjZJg@mail.gmail.com>
References: <E1Y5N0C-0004yU-O8@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i32fsemAqUJjZ2jc3aL2J2KGfTtX3kB8_CKDPdjv5=T9g@mail.gmail.com>
 <CANAJOb5rmke1xhBM1iBE2DZLH_DiAvS52Bc2s-TuKQcRiVUuAA@mail.gmail.com>
 <E1Y5ONg-0007vK-TO@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i2xWrm-c3MUYxV7mRAWtphXQ76GfAJLGTebapKZrCbNwQ@mail.gmail.com>
 <54A0DD86.60805@entersection.org> <54A0F5A8.5050708@metaverse.org>
 <54A10A7C.20106@cathalgarvey.me>
 <E1Y5aCI-0006r7-L6@elasmtp-banded.atl.sa.earthlink.net>
 <54A1897A.3060103@cathalgarvey.me>
 <54a1aefd.4380e00a.4f08.ffffc3d8@mx.google.com>,
 <CAD2Ti2_pWGRiv4brk+UnBdVPchsEmPc7a0_87dH-OY4hWcjZJg@mail.gmail.com>
Message-ID: <trinity-6b6220f1-c992-4577-87b3-bb328e7cf142-1419936429506@3capp-mailcom-bs11>

On Tue, 30 Dec 2014 01:32:44 -0500 grarpamp <grarpamp at gmail.com> wrote:
> On Mon, Dec 29, 2014 at 2:46 PM, Juan <juan.g71 at gmail.com> wrote:
>>         Anyway, I'm getting the impression that all the Snowden
>>         stuff that gets 'leaked'  to the public has been somehow
>>         approved by the US govt?
> 
> It's well known that media seeks confirmation and approval from govts
> before publishing anything.

OK, I'll bite: why? What benefit does the US govt get from the
information leaked by Snowden?

J




From badbiosvictim at ruggedinbox.com  Tue Dec 30 10:03:14 2014
From: badbiosvictim at ruggedinbox.com (Badbiosvictim)
Date: Tue, 30 Dec 2014 13:03:14 -0500
Subject: What the hell can be done with this trinity?
In-Reply-To: <7a737a23-0e22-405a-9d06-4d3e10847eba@email.android.com>
References: <CAEm6Kb+=OVtaqGWvUXuGw0qFCD=whb8-vs9=H7cpwMhZU=STSA@mail.gmail.com>
 <7a737a23-0e22-405a-9d06-4d3e10847eba@email.android.com>
Message-ID: <a068fc84-4c58-4c0f-861f-1f7bcd5e68e7@email.android.com>

USPS interdiction of routers, computers, packages and mail has little over sight. USPS attempted to censor report of failure to follow safeguards.

https://politico.com/story/2014/06/snail-mail-snopping-safeguards-not-followed-108056.html



>From: " Александр " <afalex169 at gmail.com>

>From the "Spiegel" article
>
>If all else fails, the NSA and its allies resort to brute force:
>> 1. They hack their target's computers/
>> 2.
>> ​​
>> They hack Internet routers to get to the secret encryption/
>> 3. T
>> ​​
>> hey intercept computers on the way to their targets, open them and
>insert
>> spy gear before they even reach their destination.
>
>
>Ok. Nothing new.
>​
>But what the hell can be done with this trinity?
>​​




From coderman at gmail.com  Tue Dec 30 13:31:30 2014
From: coderman at gmail.com (coderman)
Date: Tue, 30 Dec 2014 13:31:30 -0800
Subject: <JYA> Hash this motherfucker, said math to germ.
Message-ID: <CAJVRA1R6oxrDajuUoLwc0=qbcb+pWbZ2xJtOuf1uH_Zc37uttw@mail.gmail.com>

On 12/29/14, John Young <jya at pipeline.com> wrote:
>  From discussion on these lists and elsewhere tampering with
> data can, does, occur at every software and hardware hand-off,
> with each self-serving iteration having hidden and vulnerable hardware
> and software undisclosed malignity, no matter the security ostentatiously
> applied


said another way:
 there are risks known, and known unknown, and unknown unknown,
  in such a calculated cache - digital and present harm alike and unto the
   soul-deep sickness a dragon Smaug, imbued as dark greed,
    unto sea of coin and wealth unseen in any other age...

the risk visible, or not. fathomable, or not. but risk all the same.

---

 "This is a trap, witting and unwitting.
  Do not use it or use at own risk.
  Source and this host is out to pwon and phuck you in complicity
   with global Internet authorities.

  Signed Batshit Cryptome and Host,
  9 July 2014, 12:16ET."
   - https://cpunks.org//pipermail/cypherpunks/2014-July/005020.html

still true, as always!

 ... as practical matter, content in such an archive is more
actionable in a criminal or civil sense, in some locales, simply by
nature of the contention around the content. or loaded with malware.
or honeytoken to the void, or ruse of attention sink, or misleading
intentionally compartment of confusion, or generator markov awry, or
...

---

FY2014 corpora is coming, like cryptome-jul2014

reply to receive early distribution.

- cryptome, web, other selected volumes
- sha256 short sums, selected signatures
- annotated search-able formats, where available
- coder's annotations and subsets [to explain later]
- Xapian stores by domain for custom aggregation or scope




From carimachet at gmail.com  Tue Dec 30 05:41:57 2014
From: carimachet at gmail.com (Cari Machet)
Date: Tue, 30 Dec 2014 14:41:57 +0100
Subject: NSA Attacks on VPN, SSL, TLS, SSH, Tor
In-Reply-To: <54A295B7.3050801@riseup.net>
References: <E1Y5N0C-0004yU-O8@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i32fsemAqUJjZ2jc3aL2J2KGfTtX3kB8_CKDPdjv5=T9g@mail.gmail.com>
 <CANAJOb5rmke1xhBM1iBE2DZLH_DiAvS52Bc2s-TuKQcRiVUuAA@mail.gmail.com>
 <E1Y5ONg-0007vK-TO@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i2xWrm-c3MUYxV7mRAWtphXQ76GfAJLGTebapKZrCbNwQ@mail.gmail.com>
 <54A0DD86.60805@entersection.org> <54A0F5A8.5050708@metaverse.org>
 <54A10A7C.20106@cathalgarvey.me>
 <E1Y5aCI-0006r7-L6@elasmtp-banded.atl.sa.earthlink.net>
 <54A1897A.3060103@cathalgarvey.me>
 <54a1aefd.4380e00a.4f08.ffffc3d8@mx.google.com>
 <CAD2Ti2_pWGRiv4brk+UnBdVPchsEmPc7a0_87dH-OY4hWcjZJg@mail.gmail.com>
 <trinity-6b6220f1-c992-4577-87b3-bb328e7cf142-1419936429506@3capp-mailcom-bs11>
 <54A295B7.3050801@riseup.net>
Message-ID: <CAGRDzQW+4QaM9YpzC46pabWzi2iw5y7ZiFZex3_Kdx5h0z+3=A@mail.gmail.com>

ask yourself what does the US government benefit from the mere existence of
tor let alone the use?

why would they fund tor?

is it really not obvious?

bait and switch tactics - 'they' are 'us' - infiltration - knowledge....
fucking us

to see where we are blah blah blah tech wise and head wise to be able to
take out kim dot coms etc .... where are all the bad anti-capitalist
children playing? .... how would they know?

i would argue they dont care if people know about snowden shit cause what
they have in line for the future is beyond all of what snowden knew what he
used - they dont think in terms of this generation like the people are
taught to do - they think incredibly long term

the system is not stupid in this way but in other ways yes

it is performative - political theater .... keep those brats busy... its
like a false flag

also the media does not have to abide by these shit rules but intercourse
online magazine chooses to align while everyone bows down to laura poitras
like she is fucking god and they do all kinds of sucking at gg - its
disgusting.... isnt it john?

On Tue, Dec 30, 2014 at 1:08 PM, Mirimir <mirimir at riseup.net> wrote:

> On 12/30/2014 03:47 AM, Jason Richards wrote:
> > On Tue, 30 Dec 2014 01:32:44 -0500 grarpamp <grarpamp at gmail.com> wrote:
> >> On Mon, Dec 29, 2014 at 2:46 PM, Juan <juan.g71 at gmail.com> wrote:
> >>>         Anyway, I'm getting the impression that all the Snowden
> >>>         stuff that gets 'leaked'  to the public has been somehow
> >>>         approved by the US govt?
> >>
> >> It's well known that media seeks confirmation and approval from govts
> >> before publishing anything.
> >
> > OK, I'll bite: why? What benefit does the US govt get from the
> > information leaked by Snowden?
> >
> > J
>
> Benefit? Who knows? But media asks for comment, and government gets the
> chance to argue against release, and for redaction.
>



-- 
Cari Machet
NYC 646-436-7795
carimachet at gmail.com
AIM carismachet
Syria +963-099 277 3243
Amman +962 077 636 9407
Berlin +49 152 11779219
Reykjavik +354 894 8650
Twitter: @carimachet <https://twitter.com/carimachet>

7035 690E 5E47 41D4 B0E5 B3D1 AF90 49D6 BE09 2187

Ruh-roh, this is now necessary: This email is intended only for the
addressee(s) and may contain confidential information. If you are not the
intended recipient, you are hereby notified that any use of this
information, dissemination, distribution, or copying of this email without
permission is strictly prohibited.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3504 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141230/53c41c9b/attachment.txt>

From rsw at jfet.org  Tue Dec 30 11:43:47 2014
From: rsw at jfet.org (Riad S. Wahby)
Date: Tue, 30 Dec 2014 14:43:47 -0500
Subject: List Administrivia
In-Reply-To: <CAD2Ti287Si8G2sSKbe4hCNYvD8MgDh+bfXq283vydSG=V8E2GQ@mail.gmail.com>
References: <CAD2Ti287Si8G2sSKbe4hCNYvD8MgDh+bfXq283vydSG=V8E2GQ@mail.gmail.com>
Message-ID: <20141230194347.GA28081@antiproton.jfet.org>

grarpamp <grarpamp at gmail.com> wrote:
> I believe google may be offering to transmit a better
> combination than RC4-SHA. Please check configs on
> your receive end.

Good catch. Should be fixed now.

-=rsw




From StealthMonger at nym.mixmin.net  Tue Dec 30 07:48:58 2014
From: StealthMonger at nym.mixmin.net (StealthMonger)
Date: Tue, 30 Dec 2014 15:48:58 +0000 (GMT)
Subject: [cryptography] NSA Attacks on VPN, SSL, TLS, SSH, Tor
In-Reply-To: <E1Y5vg3-0003vO-Hy@elasmtp-banded.atl.sa.earthlink.net> (John
 Young's message of "Tue, 30 Dec 2014 07:17:16 -0500")
References: <E1Y5N0C-0004yU-O8@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i32fsemAqUJjZ2jc3aL2J2KGfTtX3kB8_CKDPdjv5=T9g@mail.gmail.com>
 <CANAJOb5rmke1xhBM1iBE2DZLH_DiAvS52Bc2s-TuKQcRiVUuAA@mail.gmail.com>
 <E1Y5ONg-0007vK-TO@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i2xWrm-c3MUYxV7mRAWtphXQ76GfAJLGTebapKZrCbNwQ@mail.gmail.com>
 <54A0DD86.60805@entersection.org> <54A0F5A8.5050708@metaverse.org>
 <54A10A7C.20106@cathalgarvey.me>
 <E1Y5aCI-0006r7-L6@elasmtp-banded.atl.sa.earthlink.net>
 <CAD2Ti29FuSwuM8qZ3MsuyiPLEV7LJ4Lprx98crR7Ho1umCUfeQ@mail.gmail.com>
 <CAGRDzQX=ZfNcm91XiBYXpPvmg8_wMGhVFAP22rFkkwC2uXULLQ@mail.gmail.com>
 <E1Y5vg3-0003vO-Hy@elasmtp-banded.atl.sa.earthlink.net>
Message-ID: <20141230154858.B8B5BEAA03@snorky.mixmin.net>

John Young <jya at pipeline.com> writes:
> At 02:50 AM 12/30/2014, you wrote:
>>On Tue, Dec 30, 2014 at 7:38 AM, grarpamp 
>><<mailto:grarpamp at gmail.com>grarpamp at gmail.com> wrote:
>>On Mon, Dec 29, 2014 at 8:20 AM, John Young 
>><<mailto:jya at pipeline.com>jya at pipeline.com> wrote:

>> > Hash this motherfucker, said math to germ.

>>JYA, you, as the original publisher of various and valued datasets...
>>the responsibility to calculate, sign, and publish said hashes rests
>>with you alone.

>>john likes to be poetic as a wall - dear john please listen to the
>>smart people and have a small bit of humility - it will make you
>>better at your job and we need EVERYONE to step up and be better at
>>their jobs

> Visitors, readers, consumers must be skeptical of security ...

Advocacy of skepticism is rendered ineffective if that advocacy extends
to skepticism of logic and mathematics.


-- 


 -- StealthMonger
    Long, random latency is part of the price of Internet anonymity.

Key: mailto:stealthsuite<youknowwhatgoeshere>nym.mixmin.net?subject=send%20stealthmonger-key

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141230/cee46796/attachment.sig>

From cathalgarvey at cathalgarvey.me  Tue Dec 30 08:03:03 2014
From: cathalgarvey at cathalgarvey.me (Cathal (Phone))
Date: Tue, 30 Dec 2014 16:03:03 +0000
Subject: [cryptography] NSA Attacks on VPN, SSL, TLS, SSH, Tor
In-Reply-To: <E1Y5vg3-0003vO-Hy@elasmtp-banded.atl.sa.earthlink.net>
References: <E1Y5N0C-0004yU-O8@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i32fsemAqUJjZ2jc3aL2J2KGfTtX3kB8_CKDPdjv5=T9g@mail.gmail.com>
 <CANAJOb5rmke1xhBM1iBE2DZLH_DiAvS52Bc2s-TuKQcRiVUuAA@mail.gmail.com>
 <E1Y5ONg-0007vK-TO@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i2xWrm-c3MUYxV7mRAWtphXQ76GfAJLGTebapKZrCbNwQ@mail.gmail.com>
 <54A0DD86.60805@entersection.org> <54A0F5A8.5050708@metaverse.org>
 <54A10A7C.20106@cathalgarvey.me>
 <E1Y5aCI-0006r7-L6@elasmtp-banded.atl.sa.earthlink.net>
 <CAD2Ti29FuSwuM8qZ3MsuyiPLEV7LJ4Lprx98crR7Ho1umCUfeQ@mail.gmail.com>
 <CAGRDzQX=ZfNcm91XiBYXpPvmg8_wMGhVFAP22rFkkwC2uXULLQ@mail.gmail.com>
 <E1Y5vg3-0003vO-Hy@elasmtp-banded.atl.sa.earthlink.net>
Message-ID: <D6AF4EDC-C1D8-45B6-9718-94CCCBBDBBA1@cathalgarvey.me>

Cool story bro.

Anyone else who downloaded it care to share/compare hashes? If hashes differ, can then check diffs?

On 30 December 2014 12:17:16 GMT+00:00, John Young <jya at pipeline.com> wrote:
>Cryptome does not pretend to provide illusory security, that is
>security.
>It is a vile, rotten, corrupt endeavor, like life. Chuckle.
>
>Visitors, readers, consumers must be skeptical of security, and not
>rely
>upon security promoters, their followers and investors who exploit
>dependency by fear uncertainty and doubt.
>
>Skepticism of security claims and methods is one of the purposes of
>these lists. Perhaps the main purpose, although it is commonplace for
>these lists to be used for soliciting befuddled consumers to hop aboard
>the gravy train. Now and then skeptcism of the security arises but is
>usually
>suppressed during times of crisis when incentive is rich to promote
>poor
>products and services. Governments, commerce, orgs, experts cooperate
>to foster crises under guise of opposition.
>
>This applies to all forms of security, safety, protection, defense,
>hygienic
>pharma.
>
>Still, Cryptome endorses the continuing struggle to improve citizen
>protection, not only as a job, career, industry, but as citizens'
>obligation
>to bear responsibility for the commonweal against its inside and
>outside
>enemies, if you will, common math against the deadly germs.
>
>One way to do that is to not oversell it, tone down the threats, reduce
>drumbeating, avoid hyperbole for and against, forego advertising,
>gang-bang hectoring, circle jerk conferencing, TEDing, prize bestowing,
>to quietly invent, improve, critique, test, apply, re-test often,
>expect to
>be deceived by colleagues witting or unwitting, especially by sales,
>politicians, authoritarians -- the persistent germs.
>
>
>
>
>At 02:50 AM 12/30/2014, you wrote:
>>john likes to be poetic as a wall - dear john please listen to the 
>>smart people and have a small bit of humility - it will make you 
>>better at your job and we need EVERYONE to step up and be better at
>their jobs
>>
>>On Tue, Dec 30, 2014 at 7:38 AM, grarpamp 
>><<mailto:grarpamp at gmail.com>grarpamp at gmail.com> wrote:
>>On Mon, Dec 29, 2014 at 8:20 AM, John Young 
>><<mailto:jya at pipeline.com>jya at pipeline.com> wrote:
>> > Hash this motherfucker, said math to germ.
>>
>>JYA, you, as the original publisher of various and valued datasets...
>>the responsibility to calculate, sign, and publish said hashes rests
>with
>>you alone. Please consult with any trusted parties should you need
>>assistance in such matters. A future of archivers, disseminators, and
>>analysts will thank you.
>>
>>
>>
>>
>>--
>>Cari Machet
>>NYC 646-436-7795
>><mailto:carimachet at gmail.com>carimachet at gmail.com
>>AIM carismachet
>>Syria +963-099 277 3243
>>Amman +962 077 636 9407
>>Berlin +49 152 11779219
>>Reykjavik +354 894 8650
>>Twitter: @carimachet 
>><<https://twitter.com/carimachet>https://twitter.com/carimachet>
>>
>>7035 690E 5E47 41D4 B0E5 B3D1 AF90 49D6 BE09 2187
>>
>>Ruh-roh, this is now necessary: This email is intended only for the
>>addressee(s) and may contain confidential information. If you are not
>the
>>intended recipient, you are hereby notified that any use of this
>>information, dissemination, distribution, or copying of this email
>without
>>permission is strictly prohibited.
>>

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 4148 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141230/e79ea2ae/attachment.txt>

From badbiosvictim at ruggedinbox.com  Tue Dec 30 14:16:35 2014
From: badbiosvictim at ruggedinbox.com (Badbiosvictim)
Date: Tue, 30 Dec 2014 17:16:35 -0500
Subject: 78716A
In-Reply-To: <cd724f4f-3aee-4586-a5da-24b0e1551333@email.android.com>
References: <54A1E7EE.3050604@entersection.org>
 <cd724f4f-3aee-4586-a5da-24b0e1551333@email.android.com>
Message-ID: <07157895-8a80-4425-8883-efad37eb46c2@email.android.com>



Glad to hear there is legal assistance and a database without being charged attorney hourly fees. I will sign up with MuckRock.

>From: Gregory Foster <gfoster at entersection.org>

>Consider using MuckRock to file your FOIA request, track the response
>schedule, and automatically post responsive documents publicly:
>https://www.muckrock.com/agency/united-states-of-america-10/national-security-agency-17/
>
>You can review successful requests to the NSA to discern ways to
>encourage timely responses, or use them as templates.  The MuckRock
>folks are doing important work to provide an environment for FOIA
>requestors to avoid duplicative efforts, automate the tedium, and
>create
>a powerful new community.  You can follow interesting requests to be
>notified when there are status changes and get the docs immediately.
>
>gf




From carimachet at gmail.com  Tue Dec 30 08:18:11 2014
From: carimachet at gmail.com (Cari Machet)
Date: Tue, 30 Dec 2014 17:18:11 +0100
Subject: [cryptography] NSA Attacks on VPN, SSL, TLS, SSH, Tor
In-Reply-To: <20141230154858.B8B5BEAA03@snorky.mixmin.net>
References: <E1Y5N0C-0004yU-O8@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i32fsemAqUJjZ2jc3aL2J2KGfTtX3kB8_CKDPdjv5=T9g@mail.gmail.com>
 <CANAJOb5rmke1xhBM1iBE2DZLH_DiAvS52Bc2s-TuKQcRiVUuAA@mail.gmail.com>
 <E1Y5ONg-0007vK-TO@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i2xWrm-c3MUYxV7mRAWtphXQ76GfAJLGTebapKZrCbNwQ@mail.gmail.com>
 <54A0DD86.60805@entersection.org> <54A0F5A8.5050708@metaverse.org>
 <54A10A7C.20106@cathalgarvey.me>
 <E1Y5aCI-0006r7-L6@elasmtp-banded.atl.sa.earthlink.net>
 <CAD2Ti29FuSwuM8qZ3MsuyiPLEV7LJ4Lprx98crR7Ho1umCUfeQ@mail.gmail.com>
 <CAGRDzQX=ZfNcm91XiBYXpPvmg8_wMGhVFAP22rFkkwC2uXULLQ@mail.gmail.com>
 <E1Y5vg3-0003vO-Hy@elasmtp-banded.atl.sa.earthlink.net>
 <20141230154858.B8B5BEAA03@snorky.mixmin.net>
Message-ID: <CAGRDzQVQP0zT3aU4Ga09va8b0zvGdpnaTZMpjqvw+XQDSuTjaQ@mail.gmail.com>

you know what nietzsche said about the skeptics - stranglers of life force

On Tue, Dec 30, 2014 at 4:48 PM, StealthMonger <StealthMonger at nym.mixmin.net
> wrote:

> John Young <jya at pipeline.com> writes:
> > At 02:50 AM 12/30/2014, you wrote:
> >>On Tue, Dec 30, 2014 at 7:38 AM, grarpamp
> >><<mailto:grarpamp at gmail.com>grarpamp at gmail.com> wrote:
> >>On Mon, Dec 29, 2014 at 8:20 AM, John Young
> >><<mailto:jya at pipeline.com>jya at pipeline.com> wrote:
>
> >> > Hash this motherfucker, said math to germ.
>
> >>JYA, you, as the original publisher of various and valued datasets...
> >>the responsibility to calculate, sign, and publish said hashes rests
> >>with you alone.
>
> >>john likes to be poetic as a wall - dear john please listen to the
> >>smart people and have a small bit of humility - it will make you
> >>better at your job and we need EVERYONE to step up and be better at
> >>their jobs
>
> > Visitors, readers, consumers must be skeptical of security ...
>
> Advocacy of skepticism is rendered ineffective if that advocacy extends
> to skepticism of logic and mathematics.
>
>
> --
>
>
>  -- StealthMonger
>     Long, random latency is part of the price of Internet anonymity.
>
> Key: mailto:stealthsuite<youknowwhatgoeshere>
> nym.mixmin.net?subject=send%20stealthmonger-key
>
>


-- 
Cari Machet
NYC 646-436-7795
carimachet at gmail.com
AIM carismachet
Syria +963-099 277 3243
Amman +962 077 636 9407
Berlin +49 152 11779219
Reykjavik +354 894 8650
Twitter: @carimachet <https://twitter.com/carimachet>

7035 690E 5E47 41D4 B0E5 B3D1 AF90 49D6 BE09 2187

Ruh-roh, this is now necessary: This email is intended only for the
addressee(s) and may contain confidential information. If you are not the
intended recipient, you are hereby notified that any use of this
information, dissemination, distribution, or copying of this email without
permission is strictly prohibited.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3147 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141230/0fd095fb/attachment.txt>

From guninski at guninski.com  Tue Dec 30 08:46:10 2014
From: guninski at guninski.com (Georgi Guninski)
Date: Tue, 30 Dec 2014 18:46:10 +0200
Subject: NSA Attacks on VPN, SSL, TLS, SSH, Tor
In-Reply-To: <20141230150908.GY29130@nl.grid.coop>
References: <54A0F5A8.5050708@metaverse.org> <54A10A7C.20106@cathalgarvey.me>
 <E1Y5aCI-0006r7-L6@elasmtp-banded.atl.sa.earthlink.net>
 <54A1897A.3060103@cathalgarvey.me>
 <54a1aefd.4380e00a.4f08.ffffc3d8@mx.google.com>
 <CAD2Ti2_pWGRiv4brk+UnBdVPchsEmPc7a0_87dH-OY4hWcjZJg@mail.gmail.com>
 <trinity-6b6220f1-c992-4577-87b3-bb328e7cf142-1419936429506@3capp-mailcom-bs11>
 <54A295B7.3050801@riseup.net>
 <CAGRDzQW+4QaM9YpzC46pabWzi2iw5y7ZiFZex3_Kdx5h0z+3=A@mail.gmail.com>
 <20141230150908.GY29130@nl.grid.coop>
Message-ID: <20141230164610.GB2519@sivokote.iziade.m$>

On Tue, Dec 30, 2014 at 09:09:08AM -0600, Troy Benjegerdes wrote:
> The US government benefits greatly from dissidents in North Korea, 
> China, Russia, Japan, and Germany being able to effectively use Tor
> to exfiltrate business intelligence and leak it to the people that
> run this country, the campaign contributors.
>

Sorry, but I don't believe this.

I agree with juan that tor has many bugs and quite likely is
 _heavily_ backdoored, the bugs we see are probably just the top of
the iceberg.

I suppose sufficiently many people got busted because of trusting tor
naively.

The usa profits more from sniffing tor traffic than your alleged
dissidents IMHO.

Also some of the Snowden docs suggest "NSA can monitor tor, but
don't want to scare _all_ tor users" (almost literally quoted).






From badbiosvictim at ruggedinbox.com  Tue Dec 30 16:06:04 2014
From: badbiosvictim at ruggedinbox.com (Badbiosvictim)
Date: Tue, 30 Dec 2014 19:06:04 -0500
Subject: What the hell can be done with this trinity?
In-Reply-To: <E1Y66hN-0000LV-4e@login01.fos.auckland.ac.nz>
References: <E1Y66hN-0000LV-4e@login01.fos.auckland.ac.nz>
Message-ID: <f6a0cf58-efc4-4135-a6e6-43875506e9c1@email.android.com>

Could you email me your past posts on FIPS 140 and the NSA rule? I would like to include them in a future post on /r/badBIOS on reddit.com. Thanks.

On December 30, 2014 6:59:37 PM EST, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
>Badbiosvictim <badbiosvictim at ruggedinbox.com> writes:
>
>>USPS interdiction of routers, computers, packages and mail has little
>over
>>sight. USPS attempted to censor report of failure to follow
>safeguards.
>
>There's actually a security standard that's supposed to deal with this
>sort of
>thing, FIPS 140 (people who have seen my previous posts about what a
>waste
>of... well, everything FIPS 140 is should see what's coming here :-). 
>If you
>recall the Snowden-provided NSA photos of their people intercepting
>Cisco gear
>in transit and adding supplementary functionality to it:
>
>* The physical seals are applied after it reaches its destination.  You
>order
>a special "FIPS kit" consisting of (allegedly) tamper-evident stickers
>that
>  you apply to the gear after the NSA has tampered with it.
>
>* Since your $40,000 router doesn't come with the stickers that you
>need for
>FIPS 140 compliance, you have to order them specially.  No-one bothers
>(the
>description I got was "in the n years I've been involved with this, I
>can
>count the number of customers who've done it on the fingers of one
>hand").
>
>* No-one who works with the gear has any idea what a tampered sticker
>would
>  look like, but in any case they're never checked once applied.
>
>Still, at least there's a government standard for it.
>
>Peter.




From komachi at openmailbox.org  Tue Dec 30 11:21:08 2014
From: komachi at openmailbox.org (Anton Nesterov)
Date: Tue, 30 Dec 2014 19:21:08 +0000
Subject: Firechat's Amazon S3 instance got blocked in Russia
Message-ID: <54A2FB24.3080502@openmailbox.org>

So firechat.s3.amazonaws.com with IPs 54.231.13.81, 54.231.13.89,
54.231.2.105, 54.231.32.137, 54.231.8.89, 54.231.9.17, 54.231.96.161 was
blocked in Russia by order 27-27-2014/Ид4349-14 of General Prosecutor.

That instance was used by Firechat to over-the-internet chats.

Firechat became very popular in Russia in last days (it's got to the top
of Apple's App Store) because of it's mesh-chat function and because of
planned rallies in support of Alexei Navalny. Rally was planned on 15
Jan, but as court yesterday decide to move the date of sentence to 30
Dec, it happened today. Alexei Navalny got 3.5 years of suspended
sentence, and his brother, Oleg, was jailed for 3.5 years.

This is the first time when some service got blocked that way, before
that there was only websites. It's not a big deal because of mesh chat.
Both firech.at & opengarden.com/firechat wasn't blocked and still works,
downloads from App Store & Google Play are fine too.

Due to how ISPs block things (IP blocking mainly), Russian users also
got a problems with many services which use S3.

https://meduza.io/news/2014/12/30/tehnicheskiy-domen-messendzhera-firechat-vnesli-v-reestr-zapreschennyh-saytov
(Russian)
http://www.theguardian.com/world/2014/dec/30/kremlin-critic-navalny-given-suspended-sentence-brother-jailed
(English)

-- 
https://nesterov.pw
GPG key: 0CE8 65F1 9043 2B11 25A5 74A7 1187 6869 67AA 56E4
https://keybase.io/komachi/key.asc




From grarpamp at gmail.com  Tue Dec 30 19:53:20 2014
From: grarpamp at gmail.com (grarpamp)
Date: Tue, 30 Dec 2014 22:53:20 -0500
Subject: [cryptography] <JYA> Hash this motherfucker, said math to germ.
In-Reply-To: <CAJVRA1R6oxrDajuUoLwc0=qbcb+pWbZ2xJtOuf1uH_Zc37uttw@mail.gmail.com>
References: <CAJVRA1R6oxrDajuUoLwc0=qbcb+pWbZ2xJtOuf1uH_Zc37uttw@mail.gmail.com>
Message-ID: <CAD2Ti2-Tt99aQ0J8_5HBRB69uH6V28vpFhEgOYo8p6zWRNFT=g@mail.gmail.com>

> K scriben:
> I would like to get back to serious crypto conversations now.  Thank you.

You mean the quarterly circle jerk about random numbers, PKI,
standards, committees, and whatever else gets routinely hashed
to death?

I'd consider models of hashing and signing distributed materials
as a serious and necessary applied crypto conversation. Not
least of why because many of the people on these lists have no
idea how to actually do such things, let alone well.

Being said, there are good crypto talks, code/design reviews,
etc here too.




From jjr2 at gmx.com  Tue Dec 30 14:16:21 2014
From: jjr2 at gmx.com (Jason Richards)
Date: Tue, 30 Dec 2014 23:16:21 +0100
Subject: NSA Attacks on VPN, SSL, TLS, SSH, Tor
In-Reply-To: <54A295B7.3050801@riseup.net>
References: <E1Y5N0C-0004yU-O8@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i32fsemAqUJjZ2jc3aL2J2KGfTtX3kB8_CKDPdjv5=T9g@mail.gmail.com>
 <CANAJOb5rmke1xhBM1iBE2DZLH_DiAvS52Bc2s-TuKQcRiVUuAA@mail.gmail.com>
 <E1Y5ONg-0007vK-TO@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i2xWrm-c3MUYxV7mRAWtphXQ76GfAJLGTebapKZrCbNwQ@mail.gmail.com>
 <54A0DD86.60805@entersection.org> <54A0F5A8.5050708@metaverse.org>
 <54A10A7C.20106@cathalgarvey.me>
 <E1Y5aCI-0006r7-L6@elasmtp-banded.atl.sa.earthlink.net>
 <54A1897A.3060103@cathalgarvey.me>
 <54a1aefd.4380e00a.4f08.ffffc3d8@mx.google.com>,
 <CAD2Ti2_pWGRiv4brk+UnBdVPchsEmPc7a0_87dH-OY4hWcjZJg@mail.gmail.com>
 <trinity-6b6220f1-c992-4577-87b3-bb328e7cf142-1419936429506@3capp-mailcom-bs11>,
 <54A295B7.3050801@riseup.net>
Message-ID: <trinity-e050be57-469c-40b1-bfdc-f8a8da60f8e5-1419977781572@3capp-mailcom-bs16>

>>>>         Anyway, I'm getting the impression that all the Snowden
>>>>         stuff that gets 'leaked'  to the public has been somehow
>>>>         approved by the US govt?
>>>
>>> It's well known that media seeks confirmation and approval from
>>> govts before publishing anything.
>> 
>> OK, I'll bite: why? What benefit does the US govt get from the
>> information leaked by Snowden?
> 
> Benefit? Who knows? But media asks for comment, and government gets
> the chance to argue against release, and for redaction.

Cari, Troy and Georgi have covered why Tor is valuable to the US
government, but I still don't understand how the Snowden docs provide
benefit. These documents have confirmed what many members of lists like
this suspected, and has brought that information to the mind of the
wider public. Essentially: the tinfoil hat wearers were proven correct.

The five eyes nations' governments have been shown to monitor their
citizens and share that information, in ways that are either illegal or
not supported by their citizens. Crypto standards and implementations
have been influenced for the benefit of those governments.

What value does releasing this information provide to those
governments? This information is pushing people towards encryption by
default, and also pushing service providers towards encryption by
default, not just on their front ends but also on their back end links.

There also appears to be some clear messages:

1. The math is sound. So if we use well-tested and heavily analyzed
crypto products then we are reasonably secure. (OpenSSL and GNUTLS
appear to be clear exceptions, although closed source SSL/TLS
implementation suffered here this year too.)

2. Open source software is harder to crack than closed source.

So the US government seems to have said "we do things you don't want us
to, but if you use proven, open source crypto you're reasonably
secure." The only benefit I can see would be if they could break that
crypto and wanted people to have a false sense of security by using
that easily broken crypto.

My tinfoil hat isn't that thick. I don't buy it. So what are the other
benefits?

J




From grarpamp at gmail.com  Tue Dec 30 20:22:26 2014
From: grarpamp at gmail.com (grarpamp)
Date: Tue, 30 Dec 2014 23:22:26 -0500
Subject: [cryptography] NSA Attacks on VPN, SSL, TLS, SSH, Tor
In-Reply-To: <E1Y5vg3-0003vO-Hy@elasmtp-banded.atl.sa.earthlink.net>
References: <E1Y5N0C-0004yU-O8@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i32fsemAqUJjZ2jc3aL2J2KGfTtX3kB8_CKDPdjv5=T9g@mail.gmail.com>
 <CANAJOb5rmke1xhBM1iBE2DZLH_DiAvS52Bc2s-TuKQcRiVUuAA@mail.gmail.com>
 <E1Y5ONg-0007vK-TO@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i2xWrm-c3MUYxV7mRAWtphXQ76GfAJLGTebapKZrCbNwQ@mail.gmail.com>
 <54A0DD86.60805@entersection.org> <54A0F5A8.5050708@metaverse.org>
 <54A10A7C.20106@cathalgarvey.me>
 <E1Y5aCI-0006r7-L6@elasmtp-banded.atl.sa.earthlink.net>
 <CAD2Ti29FuSwuM8qZ3MsuyiPLEV7LJ4Lprx98crR7Ho1umCUfeQ@mail.gmail.com>
 <CAGRDzQX=ZfNcm91XiBYXpPvmg8_wMGhVFAP22rFkkwC2uXULLQ@mail.gmail.com>
 <E1Y5vg3-0003vO-Hy@elasmtp-banded.atl.sa.earthlink.net>
Message-ID: <CAD2Ti2_zUnS=c1KJeQU-Du9xLKTXoRDfy+09P26s9n+_jstr-Q@mail.gmail.com>

On Tue, Dec 30, 2014 at 7:17 AM, John Young <jya at pipeline.com> wrote:
> Cryptome does not pretend to provide illusory security, that is security.
> It is a vile, rotten, corrupt endeavor, like life. Chuckle.
> Visitors, readers, consumers must be skeptical of security, and not rely
> [...]

All due respect to Cryptome, and points well made and taken.
Yet this isn't really an effective response to the issue at hand.
While we should and must be skeptical... until contrary proof
exists we should be taking advantage of all means available
regarding distribution integrity and even provenance and secret
comms if desired. That's hard, it involves some work, and homework.
Yet until such proof, it's probably better than going bare assed to
the Sun.

> Still, Cryptome endorses the continuing struggle to improve citizen
> ...
> common math against the deadly germs.

Indeed.

> One way to do that is to not oversell it, tone down the threats, reduce

Interestingly true in some regards. Yet in the context herein, it's
probably not the place to make a stand. Especially considering
the stand itself is in one's very existance all so long. Is it not?
Oh were there but more of this kind, be they true or not :)




From jsalvia at gmail.com  Tue Dec 30 16:04:24 2014
From: jsalvia at gmail.com (Jordi Salvia)
Date: Wed, 31 Dec 2014 01:04:24 +0100
Subject: Over 80 Percent of Dark-Web Visits Relate to Pedophilia, Study Finds
Message-ID: <CAJq4_GJT8SbpH1_Nji_7WuxCMXjcWaWaYeRzTydYdLF5wue7ug@mail.gmail.com>

http://www.wired.com/2014/12/80-percent-dark-web-visits-relate-pedophilia-study-finds/

*---Jordi Salvia Cuadras*
Vilafranca del Penedès

*XMPP: *jsalvia at jabber.ccc.de <jsalvia at riseup.net>
*PGP Key:* 0xBF9E5208
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1645 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141231/6dae9f59/attachment.txt>

From comzeradd at fsfe.org  Wed Dec 31 00:07:43 2014
From: comzeradd at fsfe.org (Nikos Roussos)
Date: Wed, 31 Dec 2014 08:07:43 +0000
Subject: Over 80 Percent of Dark-Web Visits Relate to Pedophilia,
 Study Finds
In-Reply-To: <CAJq4_GJT8SbpH1_Nji_7WuxCMXjcWaWaYeRzTydYdLF5wue7ug@mail.gmail.com>
References: <CAJq4_GJT8SbpH1_Nji_7WuxCMXjcWaWaYeRzTydYdLF5wue7ug@mail.gmail.com>
Message-ID: <2B19C055-51E0-4415-97DA-B6DF90921419@fsfe.org>



On December 31, 2014 1:04:24 AM CET, Jordi Salvia <jsalvia at gmail.com> wrote:
>http://www.wired.com/2014/12/80-percent-dark-web-visits-relate-pedophilia-study-finds/

"Tor hidden service traffic, which Dr. Gareth Owen discussed in his talk this afternooon, is only 1.5% of all Tor traffic."
https://blog.torproject.org/blog/tor-80-percent-percent-1-2-percent-abusive
and
https://blog.torproject.org/blog/some-thoughts-hidden-services




From z9wahqvh at gmail.com  Wed Dec 31 07:03:06 2014
From: z9wahqvh at gmail.com (z9wahqvh)
Date: Wed, 31 Dec 2014 10:03:06 -0500
Subject: NSA Attacks on VPN, SSL, TLS, SSH, Tor
In-Reply-To: <op.xrrlarckbgbjo9@work-pc.lan>
References: <E1Y5N0C-0004yU-O8@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i32fsemAqUJjZ2jc3aL2J2KGfTtX3kB8_CKDPdjv5=T9g@mail.gmail.com>
 <CANAJOb5rmke1xhBM1iBE2DZLH_DiAvS52Bc2s-TuKQcRiVUuAA@mail.gmail.com>
 <E1Y5ONg-0007vK-TO@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i2xWrm-c3MUYxV7mRAWtphXQ76GfAJLGTebapKZrCbNwQ@mail.gmail.com>
 <54A0DD86.60805@entersection.org> <54A0F5A8.5050708@metaverse.org>
 <54A10A7C.20106@cathalgarvey.me>
 <E1Y5aCI-0006r7-L6@elasmtp-banded.atl.sa.earthlink.net>
 <54A1897A.3060103@cathalgarvey.me>
 <54a1aefd.4380e00a.4f08.ffffc3d8@mx.google.com>
 <CAD2Ti2_pWGRiv4brk+UnBdVPchsEmPc7a0_87dH-OY4hWcjZJg@mail.gmail.com>
 <trinity-6b6220f1-c992-4577-87b3-bb328e7cf142-1419936429506@3capp-mailcom-bs11>
 <54A295B7.3050801@riseup.net>
 <trinity-e050be57-469c-40b1-bfdc-f8a8da60f8e5-1419977781572@3capp-mailcom-bs16>
 <op.xrrlarckbgbjo9@work-pc.lan>
Message-ID: <CAJoS0DVP0Aa36ECx-q=D_PsJt=zaFRn2Q6u2HE-pVsv_n9sn7w@mail.gmail.com>

as long as we have our tinfoil hats on, one data point to keep in mind here
is to remember that USGov, despite having many uniform policies, is also
shot through with warring fiefdoms and turfs.

Snowden and Michael Hayden both have the odd career path CIA - NSA. To say
that is unusual is to make an enormous understatement. we are usually told,
"once CIA, always CIA." you can't "quit." and there are hundreds of stories
over 50+ years of history to suggest this.

CIA and NSA have often been thought not to be on the same page, largely
because NSA is military and CIA is civilian (or whatever special/uber
designation it has at this point). CIA sees itself as entitled to operate
much *more* lawlessly than NSA.

it is not hard to imagine scenarios where CIA might want to weaken NSA
capabilities in part via public embarrassment. and one involved in the plot
could even go public with his statements about how damaging the leaks are.
convenient!

our noble leaker(s) would not even necessarily need to know how it was
possible to grab so much information without being stopped/noticed.


On Wed, Dec 31, 2014 at 10:29 PM, Seth <list at sysfu.com> wrote:

> On Tue, 30 Dec 2014 14:16:21 -0800, Jason Richards <jjr2 at gmx.com> wrote:
>
>> OK, I'll bite: why? What benefit does the US govt get from the
>>>> information leaked by Snowden?
>>>>
>>>
> The way this question is worded frames the debate to an extent. To me,
> using the phrase 'the US Govt' implies a monolithic entity with coherent
> motives.
>
> It does not leave room for explanations involving fedgov internecine
> info-warfare for example.
>
>  So the US government seems to have said "we do things you don't want us
>> to, but if you use proven, open source crypto you're reasonably
>> secure." The only benefit I can see would be if they could break that
>> crypto and wanted people to have a false sense of security by using
>> that easily broken crypto.
>>
>> My tinfoil hat isn't that thick. I don't buy it. So what are the other
>> benefits?
>>
>
> Just throwing some ideas out:
>
> * Terrorize disenfranchised members of the population into the cyber-fetal
> position. Self-censor accordingly and don't get too uppity, submitizen!
>
> * Make it clear for any potential rivals to deep state power who 'didn't
> get the memo' that their every move is being watched, cataloged, recorded
> and stored in perpetuity.
>
> * Frame the debate. Never ask the fundamental question of whether the
> surveillance state should exist or not. Keep the discussion focused on 'how
> much' surveillance.
>
> * Throw up a fog of dis-information consisting of yesterdays obsolete
> capabilities, which by themselves are enough to stun even the tinfoil hat
> brigade. Mobilize interesting targets into adopting defenses against the
> obsolete attacks, until they think they are safe and can let their hair
> down again. Immediately begin harvesting juicy new intel via unrevealed
> nextgen attacks.
>
> * Inflict political pain on rival agencies and political enemies
>
> Anyone else?
>
> Let the paranoia flow...
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 4127 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141231/571b7502/attachment.txt>

From carimachet at gmail.com  Wed Dec 31 01:20:44 2014
From: carimachet at gmail.com (Cari Machet)
Date: Wed, 31 Dec 2014 10:20:44 +0100
Subject: [cryptography] NSA Attacks on VPN, SSL, TLS, SSH, Tor
In-Reply-To: <CAD2Ti2_zUnS=c1KJeQU-Du9xLKTXoRDfy+09P26s9n+_jstr-Q@mail.gmail.com>
References: <E1Y5N0C-0004yU-O8@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i32fsemAqUJjZ2jc3aL2J2KGfTtX3kB8_CKDPdjv5=T9g@mail.gmail.com>
 <CANAJOb5rmke1xhBM1iBE2DZLH_DiAvS52Bc2s-TuKQcRiVUuAA@mail.gmail.com>
 <E1Y5ONg-0007vK-TO@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i2xWrm-c3MUYxV7mRAWtphXQ76GfAJLGTebapKZrCbNwQ@mail.gmail.com>
 <54A0DD86.60805@entersection.org> <54A0F5A8.5050708@metaverse.org>
 <54A10A7C.20106@cathalgarvey.me>
 <E1Y5aCI-0006r7-L6@elasmtp-banded.atl.sa.earthlink.net>
 <CAD2Ti29FuSwuM8qZ3MsuyiPLEV7LJ4Lprx98crR7Ho1umCUfeQ@mail.gmail.com>
 <CAGRDzQX=ZfNcm91XiBYXpPvmg8_wMGhVFAP22rFkkwC2uXULLQ@mail.gmail.com>
 <E1Y5vg3-0003vO-Hy@elasmtp-banded.atl.sa.earthlink.net>
 <CAD2Ti2_zUnS=c1KJeQU-Du9xLKTXoRDfy+09P26s9n+_jstr-Q@mail.gmail.com>
Message-ID: <CAGRDzQXM=DTok7YquBXt0=xkR2QxHC+_vkK4cWpp+zhsSBM13Q@mail.gmail.com>

dan are you the fucker that doxed me on this list?

#boring

seth oh yes agreed monolith is inaccurate frames but i think the security
state - that has the job of protecting the system no matter what the system
looks like or does - is pretty homogenous

On Wed, Dec 31, 2014 at 5:22 AM, grarpamp <grarpamp at gmail.com> wrote:

> On Tue, Dec 30, 2014 at 7:17 AM, John Young <jya at pipeline.com> wrote:
> > Cryptome does not pretend to provide illusory security, that is security.
> > It is a vile, rotten, corrupt endeavor, like life. Chuckle.
> > Visitors, readers, consumers must be skeptical of security, and not rely
> > [...]
>
> All due respect to Cryptome, and points well made and taken.
> Yet this isn't really an effective response to the issue at hand.
> While we should and must be skeptical... until contrary proof
> exists we should be taking advantage of all means available
> regarding distribution integrity and even provenance and secret
> comms if desired. That's hard, it involves some work, and homework.
> Yet until such proof, it's probably better than going bare assed to
> the Sun.
>
> > Still, Cryptome endorses the continuing struggle to improve citizen
> > ...
> > common math against the deadly germs.
>
> Indeed.
>
> > One way to do that is to not oversell it, tone down the threats, reduce
>
> Interestingly true in some regards. Yet in the context herein, it's
> probably not the place to make a stand. Especially considering
> the stand itself is in one's very existance all so long. Is it not?
> Oh were there but more of this kind, be they true or not :)
>



-- 
Cari Machet
NYC 646-436-7795
carimachet at gmail.com
AIM carismachet
Syria +963-099 277 3243
Amman +962 077 636 9407
Berlin +49 152 11779219
Reykjavik +354 894 8650
Twitter: @carimachet <https://twitter.com/carimachet>

7035 690E 5E47 41D4 B0E5 B3D1 AF90 49D6 BE09 2187

Ruh-roh, this is now necessary: This email is intended only for the
addressee(s) and may contain confidential information. If you are not the
intended recipient, you are hereby notified that any use of this
information, dissemination, distribution, or copying of this email without
permission is strictly prohibited.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3030 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141231/f1f7d4a8/attachment.txt>

From coderman at gmail.com  Wed Dec 31 12:00:18 2014
From: coderman at gmail.com (coderman)
Date: Wed, 31 Dec 2014 12:00:18 -0800
Subject: NSA Attacks on VPN, SSL, TLS, SSH, Tor
In-Reply-To: <CAJoS0DVP0Aa36ECx-q=D_PsJt=zaFRn2Q6u2HE-pVsv_n9sn7w@mail.gmail.com>
References: <E1Y5N0C-0004yU-O8@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i32fsemAqUJjZ2jc3aL2J2KGfTtX3kB8_CKDPdjv5=T9g@mail.gmail.com>
 <CANAJOb5rmke1xhBM1iBE2DZLH_DiAvS52Bc2s-TuKQcRiVUuAA@mail.gmail.com>
 <E1Y5ONg-0007vK-TO@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i2xWrm-c3MUYxV7mRAWtphXQ76GfAJLGTebapKZrCbNwQ@mail.gmail.com>
 <54A0DD86.60805@entersection.org> <54A0F5A8.5050708@metaverse.org>
 <54A10A7C.20106@cathalgarvey.me>
 <E1Y5aCI-0006r7-L6@elasmtp-banded.atl.sa.earthlink.net>
 <54A1897A.3060103@cathalgarvey.me>
 <54a1aefd.4380e00a.4f08.ffffc3d8@mx.google.com>
 <CAD2Ti2_pWGRiv4brk+UnBdVPchsEmPc7a0_87dH-OY4hWcjZJg@mail.gmail.com>
 <trinity-6b6220f1-c992-4577-87b3-bb328e7cf142-1419936429506@3capp-mailcom-bs11>
 <54A295B7.3050801@riseup.net>
 <trinity-e050be57-469c-40b1-bfdc-f8a8da60f8e5-1419977781572@3capp-mailcom-bs16>
 <op.xrrlarckbgbjo9@work-pc.lan>
 <CAJoS0DVP0Aa36ECx-q=D_PsJt=zaFRn2Q6u2HE-pVsv_n9sn7w@mail.gmail.com>
Message-ID: <CAJVRA1RwFE-GypqB-k0TZoy-oWzV5UOq8HHhbf4yxC=5mXp1og@mail.gmail.com>

On 12/31/14, z9wahqvh <z9wahqvh at gmail.com> wrote:
> ... we are usually told,
> "once CIA, always CIA." you can't "quit." and there are hundreds of stories
> over 50+ years of history to suggest this.

i didn't see "no spooks" on the secure drop posting, [0]
 but perhaps they save that for the interview / second date.

;)


0. "Skills and Experience... Required:... Would be great:"
  https://freedom.press/jobs/job-opening-devops-engineer-securedrop




From pgut001 at cs.auckland.ac.nz  Tue Dec 30 15:59:37 2014
From: pgut001 at cs.auckland.ac.nz (Peter Gutmann)
Date: Wed, 31 Dec 2014 12:59:37 +1300
Subject: What the hell can be done with this trinity?
In-Reply-To: <a068fc84-4c58-4c0f-861f-1f7bcd5e68e7@email.android.com>
Message-ID: <E1Y66hN-0000LV-4e@login01.fos.auckland.ac.nz>

Badbiosvictim <badbiosvictim at ruggedinbox.com> writes:

>USPS interdiction of routers, computers, packages and mail has little over
>sight. USPS attempted to censor report of failure to follow safeguards.

There's actually a security standard that's supposed to deal with this sort of
thing, FIPS 140 (people who have seen my previous posts about what a waste
of... well, everything FIPS 140 is should see what's coming here :-).  If you
recall the Snowden-provided NSA photos of their people intercepting Cisco gear
in transit and adding supplementary functionality to it:

* The physical seals are applied after it reaches its destination.  You order
  a special "FIPS kit" consisting of (allegedly) tamper-evident stickers that
  you apply to the gear after the NSA has tampered with it.

* Since your $40,000 router doesn't come with the stickers that you need for
  FIPS 140 compliance, you have to order them specially.  No-one bothers (the
  description I got was "in the n years I've been involved with this, I can
  count the number of customers who've done it on the fingers of one hand").

* No-one who works with the gear has any idea what a tampered sticker would
  look like, but in any case they're never checked once applied.

Still, at least there's a government standard for it.

Peter.




From ryacko at gmail.com  Wed Dec 31 13:39:34 2014
From: ryacko at gmail.com (Ryan Carboni)
Date: Wed, 31 Dec 2014 13:39:34 -0800
Subject: [cryptography] Snowden docs show none are originals of spies
In-Reply-To: <E1Y6LIR-000372-81@elasmtp-curtail.atl.sa.earthlink.net>
References: <E1Y6LIR-000372-81@elasmtp-curtail.atl.sa.earthlink.net>
Message-ID: <CAO7N=i3faXH9oPZPN7hBGqX+5Vp_MESDMseboUNdOPigQtVaaA@mail.gmail.com>

Makes it easier to launder documents stolen by other spies and given to
Snowden.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 106 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141231/8c68dbf1/attachment.txt>

From carimachet at gmail.com  Wed Dec 31 06:13:36 2014
From: carimachet at gmail.com (Cari Machet)
Date: Wed, 31 Dec 2014 15:13:36 +0100
Subject: Snowden Paywalled
In-Reply-To: <E1Y6IqU-0003un-5x@elasmtp-junco.atl.sa.earthlink.net>
References: <E1Y6IqU-0003un-5x@elasmtp-junco.atl.sa.earthlink.net>
Message-ID: <CAGRDzQWUwaPbS1oFQh=Gas+hYUF_-La8ChUwmPhZhmcoV0L+Hg@mail.gmail.com>

WHAT????????

FUCK YOU LAURA POITRAS YOU FUCKING CAPITALIST

On Wed, Dec 31, 2014 at 2:01 PM, John Young <jya at pipeline.com> wrote:

> Free: 577,131 documents (millions of pages) informing public debate:
> https://www.documentcloud.org/public/search/
>
> Paywalled: Snowden: 3,361 pp of 58K-1.7M files:
> http://cryptome.org/2013/11/snowden-tally.htm
>
>
>


-- 
Cari Machet
NYC 646-436-7795
carimachet at gmail.com
AIM carismachet
Syria +963-099 277 3243
Amman +962 077 636 9407
Berlin +49 152 11779219
Reykjavik +354 894 8650
Twitter: @carimachet <https://twitter.com/carimachet>

7035 690E 5E47 41D4 B0E5 B3D1 AF90 49D6 BE09 2187

Ruh-roh, this is now necessary: This email is intended only for the
addressee(s) and may contain confidential information. If you are not the
intended recipient, you are hereby notified that any use of this
information, dissemination, distribution, or copying of this email without
permission is strictly prohibited.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1724 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141231/300454e6/attachment.txt>

From carimachet at gmail.com  Wed Dec 31 06:20:34 2014
From: carimachet at gmail.com (Cari Machet)
Date: Wed, 31 Dec 2014 15:20:34 +0100
Subject: [cryptography] NSA Attacks on VPN, SSL, TLS, SSH, Tor
In-Reply-To: <CAGRDzQXM=DTok7YquBXt0=xkR2QxHC+_vkK4cWpp+zhsSBM13Q@mail.gmail.com>
References: <E1Y5N0C-0004yU-O8@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i32fsemAqUJjZ2jc3aL2J2KGfTtX3kB8_CKDPdjv5=T9g@mail.gmail.com>
 <CANAJOb5rmke1xhBM1iBE2DZLH_DiAvS52Bc2s-TuKQcRiVUuAA@mail.gmail.com>
 <E1Y5ONg-0007vK-TO@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i2xWrm-c3MUYxV7mRAWtphXQ76GfAJLGTebapKZrCbNwQ@mail.gmail.com>
 <54A0DD86.60805@entersection.org> <54A0F5A8.5050708@metaverse.org>
 <54A10A7C.20106@cathalgarvey.me>
 <E1Y5aCI-0006r7-L6@elasmtp-banded.atl.sa.earthlink.net>
 <CAD2Ti29FuSwuM8qZ3MsuyiPLEV7LJ4Lprx98crR7Ho1umCUfeQ@mail.gmail.com>
 <CAGRDzQX=ZfNcm91XiBYXpPvmg8_wMGhVFAP22rFkkwC2uXULLQ@mail.gmail.com>
 <E1Y5vg3-0003vO-Hy@elasmtp-banded.atl.sa.earthlink.net>
 <CAD2Ti2_zUnS=c1KJeQU-Du9xLKTXoRDfy+09P26s9n+_jstr-Q@mail.gmail.com>
 <CAGRDzQXM=DTok7YquBXt0=xkR2QxHC+_vkK4cWpp+zhsSBM13Q@mail.gmail.com>
Message-ID: <CAGRDzQV509hShJJ_Yhs5+RqAsdf6OGmdqgsRnM5qvU1G2dFv=g@mail.gmail.com>

ahhhh also seth it appears that dark web is 80 % estimated to be used for
child porn so the government appears to be into kiddie porn - that is a big
factor i would say in light of the estimation percentage and the fact that
molesters in the US are rarely given heavy sentences that is when they
prosecute them...

On Wed, Dec 31, 2014 at 10:20 AM, Cari Machet <carimachet at gmail.com> wrote:

> dan are you the fucker that doxed me on this list?
>
> #boring
>
> seth oh yes agreed monolith is inaccurate frames but i think the security
> state - that has the job of protecting the system no matter what the system
> looks like or does - is pretty homogenous
>
> On Wed, Dec 31, 2014 at 5:22 AM, grarpamp <grarpamp at gmail.com> wrote:
>
>> On Tue, Dec 30, 2014 at 7:17 AM, John Young <jya at pipeline.com> wrote:
>> > Cryptome does not pretend to provide illusory security, that is
>> security.
>> > It is a vile, rotten, corrupt endeavor, like life. Chuckle.
>> > Visitors, readers, consumers must be skeptical of security, and not rely
>> > [...]
>>
>> All due respect to Cryptome, and points well made and taken.
>> Yet this isn't really an effective response to the issue at hand.
>> While we should and must be skeptical... until contrary proof
>> exists we should be taking advantage of all means available
>> regarding distribution integrity and even provenance and secret
>> comms if desired. That's hard, it involves some work, and homework.
>> Yet until such proof, it's probably better than going bare assed to
>> the Sun.
>>
>> > Still, Cryptome endorses the continuing struggle to improve citizen
>> > ...
>> > common math against the deadly germs.
>>
>> Indeed.
>>
>> > One way to do that is to not oversell it, tone down the threats, reduce
>>
>> Interestingly true in some regards. Yet in the context herein, it's
>> probably not the place to make a stand. Especially considering
>> the stand itself is in one's very existance all so long. Is it not?
>> Oh were there but more of this kind, be they true or not :)
>>
>
>
>
> --
> Cari Machet
> NYC 646-436-7795
> carimachet at gmail.com
> AIM carismachet
> Syria +963-099 277 3243
> Amman +962 077 636 9407
> Berlin +49 152 11779219
> Reykjavik +354 894 8650
> Twitter: @carimachet <https://twitter.com/carimachet>
>
> 7035 690E 5E47 41D4 B0E5 B3D1 AF90 49D6 BE09 2187
>
> Ruh-roh, this is now necessary: This email is intended only for the
> addressee(s) and may contain confidential information. If you are not the
> intended recipient, you are hereby notified that any use of this
> information, dissemination, distribution, or copying of this email without
> permission is strictly prohibited.
>
>
>


-- 
Cari Machet
NYC 646-436-7795
carimachet at gmail.com
AIM carismachet
Syria +963-099 277 3243
Amman +962 077 636 9407
Berlin +49 152 11779219
Reykjavik +354 894 8650
Twitter: @carimachet <https://twitter.com/carimachet>

7035 690E 5E47 41D4 B0E5 B3D1 AF90 49D6 BE09 2187

Ruh-roh, this is now necessary: This email is intended only for the
addressee(s) and may contain confidential information. If you are not the
intended recipient, you are hereby notified that any use of this
information, dissemination, distribution, or copying of this email without
permission is strictly prohibited.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 4833 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141231/c34917a4/attachment.txt>

From grarpamp at gmail.com  Wed Dec 31 12:26:24 2014
From: grarpamp at gmail.com (grarpamp)
Date: Wed, 31 Dec 2014 15:26:24 -0500
Subject: [cryptography] John Gilmore: Cryptography list is censoring my
 emails
In-Reply-To: <E1Y6I8p-0004za-UN@elasmtp-dupuy.atl.sa.earthlink.net>
References: <E1Y6I8p-0004za-UN@elasmtp-dupuy.atl.sa.earthlink.net>
Message-ID: <CAD2Ti2-e0JSbZggx6jg0QG0Usvh6fCegRhUbcKxTNzs+U9kvjQ@mail.gmail.com>

On Wed, Dec 31, 2014 at 7:16 AM, John Young <jya at pipeline.com> wrote:
> http://cryptome.org/2014/12/gilmore-crypto-censored.htm

John(Gnu):

Likely Trilight Zone is not an app (like cspace), it's a service
(like other/similar services they claim to be concerned about
in media-35535.pdf). Best used in the noted conjunction '+' chains.

https://www.trilightzone.org/


CSpace looks like a single hop p2p transport net, with
some API'd apps included.

http://www.anonymous-p2p.org/cspace.html
http://en.wikipedia.org/wiki/Draft:CSpace
https://groups.google.com/d/forum/cspace-users
http://www.mail-archive.com/cspace-users at tachyon.in/
http://board.planetpeer.de/index.php?topic=1852.0
http://board.planetpeer.de/index.php?action=profile;u=41
http://board.planetpeer.de/index.php?action=profile;u=41;sa=showPosts




From carimachet at gmail.com  Wed Dec 31 09:07:48 2014
From: carimachet at gmail.com (Cari Machet)
Date: Wed, 31 Dec 2014 18:07:48 +0100
Subject: NSA Attacks on VPN, SSL, TLS, SSH, Tor
In-Reply-To: <CAJoS0DVP0Aa36ECx-q=D_PsJt=zaFRn2Q6u2HE-pVsv_n9sn7w@mail.gmail.com>
References: <E1Y5N0C-0004yU-O8@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i32fsemAqUJjZ2jc3aL2J2KGfTtX3kB8_CKDPdjv5=T9g@mail.gmail.com>
 <CANAJOb5rmke1xhBM1iBE2DZLH_DiAvS52Bc2s-TuKQcRiVUuAA@mail.gmail.com>
 <E1Y5ONg-0007vK-TO@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i2xWrm-c3MUYxV7mRAWtphXQ76GfAJLGTebapKZrCbNwQ@mail.gmail.com>
 <54A0DD86.60805@entersection.org> <54A0F5A8.5050708@metaverse.org>
 <54A10A7C.20106@cathalgarvey.me>
 <E1Y5aCI-0006r7-L6@elasmtp-banded.atl.sa.earthlink.net>
 <54A1897A.3060103@cathalgarvey.me>
 <54a1aefd.4380e00a.4f08.ffffc3d8@mx.google.com>
 <CAD2Ti2_pWGRiv4brk+UnBdVPchsEmPc7a0_87dH-OY4hWcjZJg@mail.gmail.com>
 <trinity-6b6220f1-c992-4577-87b3-bb328e7cf142-1419936429506@3capp-mailcom-bs11>
 <54A295B7.3050801@riseup.net>
 <trinity-e050be57-469c-40b1-bfdc-f8a8da60f8e5-1419977781572@3capp-mailcom-bs16>
 <op.xrrlarckbgbjo9@work-pc.lan>
 <CAJoS0DVP0Aa36ECx-q=D_PsJt=zaFRn2Q6u2HE-pVsv_n9sn7w@mail.gmail.com>
Message-ID: <CAGRDzQUaPOtXJ+CBmCdvA2m+wksdGuenhQHhU7QsF--+Pt-bnA@mail.gmail.com>

I THINK WE UNDERSTAND TURF WARS WITHIN THE US GOV
RUDIMENTARY

do you understand the privitization of the security state?

do you know who the fuck barrett brown is - waht about jeremy hammond?




On Wed, Dec 31, 2014 at 4:03 PM, z9wahqvh <z9wahqvh at gmail.com> wrote:

> as long as we have our tinfoil hats on, one data point to keep in mind
> here is to remember that USGov, despite having many uniform policies, is
> also shot through with warring fiefdoms and turfs.
>
> Snowden and Michael Hayden both have the odd career path CIA - NSA. To say
> that is unusual is to make an enormous understatement. we are usually told,
> "once CIA, always CIA." you can't "quit." and there are hundreds of stories
> over 50+ years of history to suggest this.
>
> CIA and NSA have often been thought not to be on the same page, largely
> because NSA is military and CIA is civilian (or whatever special/uber
> designation it has at this point). CIA sees itself as entitled to operate
> much *more* lawlessly than NSA.
>
> it is not hard to imagine scenarios where CIA might want to weaken NSA
> capabilities in part via public embarrassment. and one involved in the plot
> could even go public with his statements about how damaging the leaks are.
> convenient!
>
> our noble leaker(s) would not even necessarily need to know how it was
> possible to grab so much information without being stopped/noticed.
>
>
> On Wed, Dec 31, 2014 at 10:29 PM, Seth <list at sysfu.com> wrote:
>
>> On Tue, 30 Dec 2014 14:16:21 -0800, Jason Richards <jjr2 at gmx.com> wrote:
>>
>>> OK, I'll bite: why? What benefit does the US govt get from the
>>>>> information leaked by Snowden?
>>>>>
>>>>
>> The way this question is worded frames the debate to an extent. To me,
>> using the phrase 'the US Govt' implies a monolithic entity with coherent
>> motives.
>>
>> It does not leave room for explanations involving fedgov internecine
>> info-warfare for example.
>>
>>  So the US government seems to have said "we do things you don't want us
>>> to, but if you use proven, open source crypto you're reasonably
>>> secure." The only benefit I can see would be if they could break that
>>> crypto and wanted people to have a false sense of security by using
>>> that easily broken crypto.
>>>
>>> My tinfoil hat isn't that thick. I don't buy it. So what are the other
>>> benefits?
>>>
>>
>> Just throwing some ideas out:
>>
>> * Terrorize disenfranchised members of the population into the
>> cyber-fetal position. Self-censor accordingly and don't get too uppity,
>> submitizen!
>>
>> * Make it clear for any potential rivals to deep state power who 'didn't
>> get the memo' that their every move is being watched, cataloged, recorded
>> and stored in perpetuity.
>>
>> * Frame the debate. Never ask the fundamental question of whether the
>> surveillance state should exist or not. Keep the discussion focused on 'how
>> much' surveillance.
>>
>> * Throw up a fog of dis-information consisting of yesterdays obsolete
>> capabilities, which by themselves are enough to stun even the tinfoil hat
>> brigade. Mobilize interesting targets into adopting defenses against the
>> obsolete attacks, until they think they are safe and can let their hair
>> down again. Immediately begin harvesting juicy new intel via unrevealed
>> nextgen attacks.
>>
>> * Inflict political pain on rival agencies and political enemies
>>
>> Anyone else?
>>
>> Let the paranoia flow...
>>
>
>


-- 
Cari Machet
NYC 646-436-7795
carimachet at gmail.com
AIM carismachet
Syria +963-099 277 3243
Amman +962 077 636 9407
Berlin +49 152 11779219
Reykjavik +354 894 8650
Twitter: @carimachet <https://twitter.com/carimachet>

7035 690E 5E47 41D4 B0E5 B3D1 AF90 49D6 BE09 2187

Ruh-roh, this is now necessary: This email is intended only for the
addressee(s) and may contain confidential information. If you are not the
intended recipient, you are hereby notified that any use of this
information, dissemination, distribution, or copying of this email without
permission is strictly prohibited.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 5692 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141231/f2ab0f33/attachment.txt>

From guninski at guninski.com  Wed Dec 31 09:32:54 2014
From: guninski at guninski.com (Georgi Guninski)
Date: Wed, 31 Dec 2014 19:32:54 +0200
Subject: [cryptography] NSA Attacks on VPN, SSL, TLS, SSH, Tor
In-Reply-To: <20141231041744.04A2322827A@palinka.tinho.net>
References: <CAGRDzQVQP0zT3aU4Ga09va8b0zvGdpnaTZMpjqvw+XQDSuTjaQ@mail.gmail.com>
 <20141231041744.04A2322827A@palinka.tinho.net>
Message-ID: <20141231173254.GA3832@sivokote.iziade.m$>

On Tue, Dec 30, 2014 at 11:17:43PM -0500, dan at geer.org wrote:
> And now that we have reached the dueling quotes stage,
> it is time to move on to something productive.
> 
> --dan

Indeed... I am celebrating New Year's Eve, having beer, cheers :)

All the best in 2015!

-- 
[0] Whenever people agree with me I always feel I must be wrong
 -- Oscar Wilde
[1] (mainly for atheists, just few bits late) 
Merry Christmas and all the best in 2015!
Jesus loves atheists too ;-)
 -- unknown




From juan.g71 at gmail.com  Wed Dec 31 17:13:45 2014
From: juan.g71 at gmail.com (Juan)
Date: Wed, 31 Dec 2014 22:13:45 -0300
Subject: NSA Attacks on VPN, SSL, TLS, SSH, Tor
In-Reply-To: <CAJoS0DVP0Aa36ECx-q=D_PsJt=zaFRn2Q6u2HE-pVsv_n9sn7w@mail.gmail.com>
References: <E1Y5N0C-0004yU-O8@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i32fsemAqUJjZ2jc3aL2J2KGfTtX3kB8_CKDPdjv5=T9g@mail.gmail.com>
 <CANAJOb5rmke1xhBM1iBE2DZLH_DiAvS52Bc2s-TuKQcRiVUuAA@mail.gmail.com>
 <E1Y5ONg-0007vK-TO@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i2xWrm-c3MUYxV7mRAWtphXQ76GfAJLGTebapKZrCbNwQ@mail.gmail.com>
 <54A0DD86.60805@entersection.org> <54A0F5A8.5050708@metaverse.org>
 <54A10A7C.20106@cathalgarvey.me>
 <E1Y5aCI-0006r7-L6@elasmtp-banded.atl.sa.earthlink.net>
 <54A1897A.3060103@cathalgarvey.me>
 <54a1aefd.4380e00a.4f08.ffffc3d8@mx.google.com>
 <CAD2Ti2_pWGRiv4brk+UnBdVPchsEmPc7a0_87dH-OY4hWcjZJg@mail.gmail.com>
 <trinity-6b6220f1-c992-4577-87b3-bb328e7cf142-1419936429506@3capp-mailcom-bs11>
 <54A295B7.3050801@riseup.net>
 <trinity-e050be57-469c-40b1-bfdc-f8a8da60f8e5-1419977781572@3capp-mailcom-bs16>
 <op.xrrlarckbgbjo9@work-pc.lan>
 <CAJoS0DVP0Aa36ECx-q=D_PsJt=zaFRn2Q6u2HE-pVsv_n9sn7w@mail.gmail.com>
Message-ID: <54a49eb9.4540e00a.1bee.19b8@mx.google.com>

On Wed, 31 Dec 2014 10:03:06 -0500
z9wahqvh <z9wahqvh at gmail.com> wrote:

> as long as we have our tinfoil hats on, one data point to keep in
> mind here is to remember that USGov, despite having many uniform
> policies, is also shot through with warring fiefdoms and turfs.


	To the people who say that governments are not 'monolithic',
	something that entry-level tor apologists and the like 
	mindlessly parrot. 


	An entity like the us govt is, for all intents and purposes,
	indeed 'monolithic'  

	The fact that in a criminal organization like the US government
	different factions may sometimes quarrel doesnt change the
	big picture at all. Virtually all people who work for the
	government share a basic 'philosophy', otherwise they wouldn't
	work for the government...I imagine people are familiar with
	the "good cop bad cop" routine...


	How many millions of employees does the US govt have? How many
	have betrayed it? Off the top of my head I can think of TWO.
	Snowden, exiled in Russia (wha ha ha*) and Manning, in jail. 


	See how un-monolithic and 'diverse'  the US govt really is?





*loling at all the fucktards who like to think that the US is a 'free'
society while the ruskies are the bad totalitarian guys



	

	




From jason.mcvetta at gmail.com  Wed Dec 31 14:36:42 2014
From: jason.mcvetta at gmail.com (Jason McVetta)
Date: Wed, 31 Dec 2014 22:36:42 +0000
Subject: Cspace and Trilight software
References: <E1Y5N0C-0004yU-O8@elasmtp-dupuy.atl.sa.earthlink.net>
 <op.xrlt0ilkbgbjo9@work-pc.lan> <op.xrq1p1ktbgbjo9@work-pc.lan>
Message-ID: <CAN9H=iJZsEDFzmPznDkRb1mrRCBKdqvPZuKkSDvgPH44+m3kYQ@mail.gmail.com>

Posted the CSpace source, downloaded from the aabdalla.com site, to Github
for easy browsing:

http://github.com/jmcvetta/cspace



On Wed Dec 31 2014 at 12:39:59 PM Seth <list at sysfu.com> wrote:

> On Sun, 28 Dec 2014 16:51:44 -0800, Seth <list at sysfu.com> wrote:
> > "Things become "catastrophic" for the NSA at level five - when, for
> > example, a subject uses a combination of Tor, another anonymization
> > service, the instant messaging system CSpace and a system for Internet
> > telephony (voice over IP) called ZRTP. This type of combination results
> > in a "near-total loss/lack of insight to target communications,
> > presence," the NSA document states.
>
> John Gilmore dug up the Cspace software (see below), and I believe this is
> the Trilight software/service mentioned in the NSA docs:
> https://www.trilightzone.org/
>
> Return-Path: <gnu[at]new.toad.com>
> Received: from new.toad.com (localhost.localdomain [127.0.0.1])
>          by new.toad.com (8.12.9/8.12.9) with ESMTP id sBV5oaCl013715;
>          Tue, 30 Dec 2014 21:50:36 -0800
> Message-Id: <201412310550.sBV5oaCl013715[at]new.toad.com>
> To: cryptography[at]metzdowd.com, gnu[at]toad.com
> Subject: "Catastrophic" for NSA: Tor+ Trilight Zone + Cspace + ZRTP on
> Linux
> Date: Tue, 30 Dec 2014 21:50:36 -0800
> From: John Gilmore <gnu[at]new.toad.com>
>
> Nice to hear that there's some software that makes NSA go deaf, dumb
> and blind.  Here is the Snowden release that mentions it (page 20):
>
>    "Presentation from the SIGDEV Conference 2012 explaining which
> encryption protocols and techniques can be attacked and which not"
>    http://www.spiegel.de/media/media-35535.pdf
>
> I found cspace (http://cspace.aabdalla.com/), which was a bit obscure
> and hasn't seen any maintenance since 2009 or so.  Its dependency
> ncrypt-0.6.4's source code is at Pypi and ncrypt-0.6.4 is in current
> Ubuntu distros.
>
> But I haven't yet found Trilight Zone.  Any clues?
>
> And I haven't found a reliable, usable, simple, free software VoIP
> client for Linux, let alone one that uses ZRTP.  Though I admit I gave
> up on looking about a year ago when I couldn't get anything to
> actually work.
>
>          John
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3335 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20141231/ceebf14d/attachment.txt>

From jjr2 at gmx.com  Wed Dec 31 20:16:16 2014
From: jjr2 at gmx.com (Jason Richards)
Date: Thu, 1 Jan 2015 05:16:16 +0100
Subject: NSA Attacks on VPN, SSL, TLS, SSH, Tor
In-Reply-To: <CAJoS0DVP0Aa36ECx-q=D_PsJt=zaFRn2Q6u2HE-pVsv_n9sn7w@mail.gmail.com>
References: <E1Y5N0C-0004yU-O8@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i32fsemAqUJjZ2jc3aL2J2KGfTtX3kB8_CKDPdjv5=T9g@mail.gmail.com>
 <CANAJOb5rmke1xhBM1iBE2DZLH_DiAvS52Bc2s-TuKQcRiVUuAA@mail.gmail.com>
 <E1Y5ONg-0007vK-TO@elasmtp-dupuy.atl.sa.earthlink.net>
 <CAO7N=i2xWrm-c3MUYxV7mRAWtphXQ76GfAJLGTebapKZrCbNwQ@mail.gmail.com>
 <54A0DD86.60805@entersection.org> <54A0F5A8.5050708@metaverse.org>
 <54A10A7C.20106@cathalgarvey.me>
 <E1Y5aCI-0006r7-L6@elasmtp-banded.atl.sa.earthlink.net>
 <54A1897A.3060103@cathalgarvey.me>
 <54a1aefd.4380e00a.4f08.ffffc3d8@mx.google.com>
 <CAD2Ti2_pWGRiv4brk+UnBdVPchsEmPc7a0_87dH-OY4hWcjZJg@mail.gmail.com>
 <trinity-6b6220f1-c992-4577-87b3-bb328e7cf142-1419936429506@3capp-mailcom-bs11>
 <54A295B7.3050801@riseup.net>
 <trinity-e050be57-469c-40b1-bfdc-f8a8da60f8e5-1419977781572@3capp-mailcom-bs16>
 <op.xrrlarckbgbjo9@work-pc.lan>,
 <CAJoS0DVP0Aa36ECx-q=D_PsJt=zaFRn2Q6u2HE-pVsv_n9sn7w@mail.gmail.com>
Message-ID: <trinity-285e8eff-69aa-425f-be29-d8d360744cc8-1420085776045@3capp-mailcom-bs14>

On Wed, 31 Dec 2014 10:03:06 -0500 z9wahqvh <z9wahqvh at gmail.com> wrote:
> as long as we have our tinfoil hats on, one data point to keep in
> mind here is to remember that USGov, despite having many uniform
> policies, is also shot through with warring fiefdoms and turfs.
> 
> ...
> 
> CIA and NSA have often been thought not to be on the same page,
> largely because NSA is military and CIA is civilian (or whatever
> special/uber designation it has at this point). CIA sees itself as
> entitled to operate much *more* lawlessly than NSA.
> 
> it is not hard to imagine scenarios where CIA might want to weaken NSA
> capabilities in part via public embarrassment. and one involved in
> the plot could even go public with his statements about how damaging
> the leaks are. convenient!

Agreed.

In my defense, I was replying to "I'm getting the impression that all
the Snowden stuff that gets 'leaked' to the public has been somehow
approved by the US govt?"

:-)

On Wed, Dec 31, 2014 at 10:29 PM, Seth <list at sysfu.com> wrote:
> On Tue, 30 Dec 2014 14:16:21 -0800, Jason Richards <jjr2 at gmx.com>
> wrote:
>> OK, I'll bite: why? What benefit does the US govt get from the
>> information leaked by Snowden?
> 
> The way this question is worded frames the debate to an extent. To
> me, using the phrase 'the US Govt' implies a monolithic entity with
> coherent motives.
> 
> It does not leave room for explanations involving fedgov internecine
> info-warfare for example.

Agreed, as per above.

>> So the US government seems to have said "we do things you don't
>> want us to, but if you use proven, open source crypto you're
>> reasonably secure." The only benefit I can see would be if they
>> could break that crypto and wanted people to have a false sense of
>> security by using that easily broken crypto.
>> 
>> My tinfoil hat isn't that thick. I don't buy it. So what are the
>> other benefits?
> 
> Just throwing some ideas out:
> 
> * Terrorize disenfranchised members of the population into the
> cyber-fetal position. Self-censor accordingly and don't get too
> uppity, submitizen!
> 
> * Make it clear for any potential rivals to deep state power who
> 'didn't get the memo' that their every move is being watched,
> cataloged, recorded and stored in perpetuity.
> 
> * Frame the debate. Never ask the fundamental question of whether
> the surveillance state should exist or not. Keep the discussion
> focused on 'how much' surveillance.

These do indeed seem like good outcomes for a totalitarian government.
It also unfortunately reinforces and brings about the predictions of
people like Orwell, Huxley and Zamyatin.

I still can't see that the cost is acceptable, unless:

> * Throw up a fog of dis-information consisting of yesterdays
> obsolete capabilities, which by themselves are enough to stun even
> the tinfoil hat brigade. Mobilize interesting targets into adopting
> defenses against the obsolete attacks, until they think they are
> safe and can let their hair down again. Immediately begin
> harvesting juicy new intel via unrevealed nextgen attacks.

This is my fear. They've outflanked us by making us think that there is
only one (or a small number of) effective solution(s). We just don't
know yet that it/they isn't/aren't secure.

> * Inflict political pain on rival agencies and political enemies

Again, I'd think that the cost of this one is too high, but I don't
know enough of the internal politics. It does seem to be a very high
price to pay.

I hope that your fourth point above is not correct.

J




From afalex169 at gmail.com  Wed Dec 31 22:26:54 2014
From: afalex169 at gmail.com (=?UTF-8?B?INCQ0LvQtdC60YHQsNC90LTRgCA=?=)
Date: Thu, 1 Jan 2015 08:26:54 +0200
Subject: Cspace and Trilight software
In-Reply-To: <CAN9H=iJZsEDFzmPznDkRb1mrRCBKdqvPZuKkSDvgPH44+m3kYQ@mail.gmail.com>
References: <E1Y5N0C-0004yU-O8@elasmtp-dupuy.atl.sa.earthlink.net>
 <op.xrlt0ilkbgbjo9@work-pc.lan> <op.xrq1p1ktbgbjo9@work-pc.lan>
 <CAN9H=iJZsEDFzmPznDkRb1mrRCBKdqvPZuKkSDvgPH44+m3kYQ@mail.gmail.com>
Message-ID: <CAEm6Kb+w_n_qV8wmZY=k7nVkGxCZ1H5ZeOZmd6DBwTyeeGuujg@mail.gmail.com>

Seth

I haven't found a reliable, usable, simple, free software VoIP
client for Linux


This is the best I see. For most of the platforms.
https://jitsi.org/Main/Download
https://github.com/jitsi/jitsi

>From their page:

Encrypted password storage
> Password protection with a master password
> Encrypted Instant Messaging with Off-the-Record Messaging (OTRv4)
> Chat authentication with the Socialist Millionaire Protocol over *OTR*
> Call encryption with SRTP and *ZRTP* for XMPP and SIP
> Call encryption with SRTP and SDES for XMPP and SIP
> DNSSEC support
>
> TLS support and certificate-based client authentication for SIP and XMPP
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 970 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/testlist/attachments/20150101/7aef0d88/attachment.txt>