Equipped To Survive Equipped To Survive® Presents
The Survival Forum
Where do you want to go on ETS?

Page 1 of 4 1 2 3 4 >
Topic Options
#261807 - 07/12/13 03:53 PM Why you don't use large vendors computerencryption
haertig Offline
Pooh-Bah

Registered: 03/13/05
Posts: 1953
Loc: Colorado
Quote:
SAN FRANCISCO Microsoft Corp. worked closely with U.S. intelligence services to help them intercept users' communications, including letting the National Security Agency circumvent e-mail encryption, the Guardian reported Thursday.


http://www.denverpost.com/nationworld/ci...uardian-reports

You can't "allow encryption to be circumvented". What that really means is that Microsoft either intentionally put back doors in their encryption scheme, or intentionally created default keys for decryption that they then kept for themselves (then shared them with the government), etc. This is Microsoft intentionally leaving themselves a way into your supposedly private data, no matter how they try to spin it. This is not someone discovering a flaw in an encryption algorithm and then exploiting it. This is intentional.

I'm sure Microsoft is not the only big-player doing this. And it illustrates why you should never trust any "black box" encryption and take the vendors word for it that it is secure. You need to use open source encryption software. "Open source" allows anybody to read the source code and compile the code themselves to verify it truly is secure. While most here would not have the expertise to review encryption code, you can bet that other more advanced computer users are doing exactly that. So use what they use, and have reviewed. Which is open source encryption.

Basically, if you have to pay for what you're using for encryption, then it should be considered suspect and you should do your due diligence in researching it before using it. And if the encryption "came for free with the product", as this Microsoft offering no doubt did - red flag!

Top
#261808 - 07/12/13 04:03 PM Re: Why you don't use large vendors computerencryption [Re: haertig]
Bingley Offline
Veteran

Registered: 02/27/08
Posts: 1366
An alternative to encryption software:

http://www.guardian.co.uk/world/2013/jul/11/russia-reverts-paper-nsa-leaks

From now on I'll type out all my ETS posts on my antique typewriter and keep them in a drawer, under lock and key!

Top
#261810 - 07/12/13 04:08 PM Re: Why you don't use large vendors computerencryption [Re: Bingley]
haertig Offline
Pooh-Bah

Registered: 03/13/05
Posts: 1953
Loc: Colorado
Another article, with more details:

Quote:
How Microsoft handed the NSA access to encrypted messages

Secret files show scale of Silicon Valley co-operation on Prism
Outlook.com encryption unlocked even before official launch
Skype worked to enable Prism collection of video calls
Company says it is legally compelled to comply


http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data

Top
#261811 - 07/12/13 04:23 PM Re: Why you don't use large vendors computerencryption [Re: haertig]
RNewcomb Offline
Member

Registered: 04/19/12
Posts: 170
Loc: Iowa
This is why I like open-source encryption products. The source code is posted, it is peer reviewed, and you can compile it yourself from source if you have any doubts.

I have a pretty good trust in TrueCrypt and PGP, but even with Truecrypt, you will want to make sure the files you want to protect are NOT on automatically mounted on boot as there are forensic kits out there that can scan the computers memory on boot through a firewire exploit to glean the keys from memory.

In fact, one of the safest methods in my opinion is to TrueCrypt a drive, then create a second virtual drive inside of that one, hide the encrypted file way down in the operating system somewhere and give it a .DLL or similar system extension. By doing this, you are effectively obscuring the obscured.

If you have a drive that is encrypted, then they know you are hiding something. If they want in bad enough, they will get in. However, if you have somehthing you want to hide, and you hide IT inside of something that is hidden, you at least can give yourself plausable deniability.

One more comment on all of this, apparently the Android OS Pattern Lock security is very secure as well, per this story -

http://news.yahoo.com/blogs/technology-b...-192617057.html

And finally.... it really all comes down to what I call the "The Principal Rule of all Thievery is covetry. something. You cannot steal what you do now know exists."

Top
#261813 - 07/12/13 04:29 PM Re: Why you don't use large vendors computerencryption [Re: haertig]
Jeanette_Isabelle Offline
Pooh-Bah

Registered: 11/13/06
Posts: 1634
Loc: Ocala, FL
I use Mac and I followed Apple's security guidebook to make it more secure. Is there a reason for me to be concerned?

Jeanette Isabelle
_________________________
"A grain of wheat must fall to the ground before it can do any good. New life springs from fallen grain." -- Fleda Claes Johansson

Top
#261817 - 07/12/13 04:56 PM Re: Why you don't use large vendors computerencryption [Re: haertig]
Arney Offline
Pooh-Bah

Registered: 09/15/05
Posts: 2485
Loc: California
Originally Posted By: haertig
I'm sure Microsoft is not the only big-player doing this.

Unfortunately, as much as they want to do damage control, these companies are legally gagged from really talking about it. Redacted

Although suspected for a long time, these recent revelations confirm that you should assume that all emails, chats, telephone calls, SMS text messages, Facebook posts, Tweets, even Skype videochats, are being logged and stored. Doesn't really matter if you're using services from Microsoft, Google, Yahoo, Facebook, Verizon, AT&T, Vonage, etc. The NSA claims that they have procedures in place to avoid collecting the information of Americans because NSA is prohibited by law from domestic operations and "spying" on Americans, but c'mon, who are they kidding? It's only been about decade since this kind of information collection was considered totally unacceptable by these same agencies.

We're all familiar with the housing bubble and the tech bubble, etc., but we totally miss the intelligence gathering bubble that has grown since 9/11. Government agencies have swelled and hundreds of private companies have sprung up in the name of gathering "intelligence". Granted, much of it is directed towards overseas threats, but so much of it is putting friends and family under the microscope, too.

I'm particularly disappointed that the government has forced Microsoft to build some sort of "back door" into Skype. When it originally came out, it's automatic use of strong encryption and the decentralized peer-to-peer nature of its routing made it an attractive alternative for communication.

Even good old postal mail is not immune. Largely due to the anthrax attacks, the information on the outside of every piece of mail is scanned and recorded now by the USPS and the information stored forever.

I think we'll have to go back to Cold War tactics to communicate with friends and family now. I'll have to start scouting out "dead drop" locations to pass secret messages. Now where did I pack away that trench coat and Fedora hat...


Edited by chaosmagnet (07/16/13 09:53 PM)
Edit Reason: Inappropriate political commentary

Top
#261818 - 07/12/13 05:02 PM Re: Why you don't use large vendors computerencryption [Re: Bingley]
Arney Offline
Pooh-Bah

Registered: 09/15/05
Posts: 2485
Loc: California
Originally Posted By: Bingley
From now on I'll type out all my ETS posts on my antique typewriter and keep them in a drawer, under lock and key!

Speaking of typewriters, although the purchase decision was made a year ago, it just recently was reported in the news that the Russian Federal Guard Service (protects high ranking officials, sort of like the US Secret Service, I think) has purchased a couple dozen specialized typewriters from Germany. Each has its own slightly different typeface, so leaked documents can be traced back to the originating typewriter.

Top
#261819 - 07/12/13 05:08 PM Re: Why you don't use large vendors computerencryption [Re: Bingley]
Am_Fear_Liath_Mor Offline
Carpal Tunnel

Registered: 08/03/07
Posts: 3077
Quote:
In the wake of the US surveillance scandal revealed by the US whistleblower Edward Snowden, Russia is planning to adopt a foolproof means of avoiding global electronic snooping: by reverting to paper.

The Federal Guard Service (FSO), a powerful body tasked with protecting Russia's highest-ranking officials, has recently put in an order for 20 Triumph Adler typewriters, the Izvestiya newspaper reported.

Each typewriter creates a unique "handwriting", allowing its source to be traced, the report said.


Looks like the NSA are to going have to get their hands dirty once more. frown

They may have to begin rummaging through latrines in Eastern Europe to collect typewritten documents due to a shortage of lavatory paper back in the 1980s once more. laugh

Sending secure encrypted email using burst radio transmissions might be handy in an emergency

http://www.youtube.com/watch?v=5nBqKGKSLe0

I already have PGP installed on Thunderbird.

https://support.mozillamessaging.com/en-US/kb/digitally-signing-and-encrypting-messages

The problem is that recipients have trouble reading the email messages if they haven't installed the Thunderbird PGP plugin.




Edited by Am_Fear_Liath_Mor (07/12/13 05:09 PM)

Top
#261820 - 07/12/13 05:13 PM Re: Why you don't use large vendors computerencryption [Re: Jeanette_Isabelle]
haertig Offline
Pooh-Bah

Registered: 03/13/05
Posts: 1953
Loc: Colorado
Originally Posted By: Jeanette_Isabelle
I use Mac and I followed Apple's security guidebook to make it more secure. Is there a reason for me to be concerned?

Securing your computer from attacks and break-ins is one thing. And you need to do that, as you have already done. However, if someone DOES manage to get your data despite those security precautions, that is where encryption comes in. At that point they have your data, but they can't read it because it's encrypted.

Do most people have data that needs to be encrypted? That depends. I would personally recommend encrypting things like tax returns, financial data (e.g., your user data files from a program like "Quicken"), etc. If you have a list of username/passwords that you keep in a file on your computer then IMHO that should be encrypted too. I also feel the need for encryption is much higher for a laptop than a desktop computer. Laptops are stolen all the time. Desktops, not so much, unless they happen to be stolen alongside a bunch of other stuff in a house break-in.

If you store files on one of the online backup "cloud" services, I think that needs to be encrypted too. But not using the storage-providers encryption. This thread illustrates just how little you can trust the providers of that service. Do they have backdoors into their encryption schemes? Well, Microsoft certainly does. 'nuff said. That was my point in starting this thread. To make people aware. Encrypt your data separatedly yourself, using open source encryption, before it gets uploaded.

Personally, I like and trust Truecrypt and PGP. Somebody else already mentioned these two. They are open source, free, and well vetted.

Top
#261821 - 07/12/13 05:21 PM Re: Why you don't use large vendors computerencryption [Re: Arney]
Am_Fear_Liath_Mor Offline
Carpal Tunnel

Registered: 08/03/07
Posts: 3077
Quote:
Each has its own slightly different typeface, so leaked documents can be traced back to the originating typewriter.


Are we allowed to mention No, we're not


Edited by chaosmagnet (07/16/13 09:53 PM)
Edit Reason: Inappropriate political commentary

Top
Page 1 of 4 1 2 3 4 >



Moderator:  Alan_Romania, Blast, chaosmagnet, cliff 
April
Su M Tu W Th F Sa
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30
Who's Online
1 registered (KenK), 222 Guests and 5 Spiders online.
Key: Admin, Global Mod, Mod
Newest Members
Ak47Lover, Nari, Begaye, JDanny, Just
5246 Registered Users
Newest Posts
Developing Survival Skills in SAR
by hikermor
Yesterday at 12:46 PM
Swiss Tech
by quick_joey_small
Yesterday at 06:16 AM
Camping is love
by TomP
Yesterday at 04:52 AM
Canada to finally get a national celluar alert sys
by dougwalkabout
Yesterday at 02:27 AM
Hospital Evacuation
by Jeanette_Isabelle
04/19/18 03:28 PM
DefCon Checklist
by hikermor
04/19/18 12:51 PM
Whole Lot of Shakin" Goin" On
by hikermor
04/18/18 10:05 PM
Bandaids That Don't Stick (Rant)
by Bingley
04/18/18 05:56 AM
Newest Images
Tiny knife / wrench
Handmade knives
2"x2" Glass Signal Mirror, Retroreflective Mesh
Trade School Tool Kit
My Pocket Kit
Glossary
Test

WARNING & DISCLAIMER: SELECT AND USE OUTDOORS AND SURVIVAL EQUIPMENT, SUPPLIES AND TECHNIQUES AT YOUR OWN RISK. Information posted on this forum is not reviewed for accuracy and may not be reliable, use at your own risk. Please review the full WARNING & DISCLAIMER about information on this site.