If they can unravel long keychains, the protocol specifics won't matter. Thats the real threat, if they can break 256 bit encryption on a 2048 bit key in any useful amount of time then the specifics of HOW something is encrypted become less important.
All despotic organizations have this mentality, and it stems from protection of their own position, not even of the organization. No one would refuse a hire (realistically) because someone too smart will bring your organization down. That's a ridiculous assertion (even if true in this case). No, they will prevent brilliance from coming in because it puts their own cushy job at risk (what if this brilliant guy actually wants to be doing what i do. He'll get it. So ill say no now).
If you think that black on black crime is a function of race, and not a function of geography then you are a racist. When you ghettoize a community, you ensure that they will be the victims of all crime that they commit.
Poor black people live nearby other poor black people, and when they get desperate enough to commit a crime, they commit it close by. This is the same reason most crime in mainland China is Chinese-on-Chinese crime.
If you want an interesting real-world example of the NSA sticking their nose into private cryptography, read the story of Heimdall Kerberos (forked from MIT Kerberos way back when). Its a great example of even when they REALLY put their feet down on security technology it has a way of getting away from them (sometimes printed and carried over borders).
Likely its more certificates spoofed To create a man in the middle attack on the system, and cracking it involved getting the network running to capture that data without interference.
Hey, I've read a few of your post now, and I have a general comment to you. There's nothing wrong with liking apple, they are a cool company, but you are making arguments that are based on a misunderstanding of history and some bent timelines. For example: the kindle fire didn't exist in 2010, and the iPad was only a year old with precious few competitors. Apple's payment system was considerably better than Googles at the time, a fact fixed in 2011.
Your history below is also fairly inaccurate and seems a bit based on bio movies, and all this ties together to give you a bit of a fanboyish zeal and makes your arguments easily dismissed. Which is too bad because even if I disagree they are well articulated.
The quote is identical, and its a logical fallacy to deliberately setup a system that has the capability to outpace its requirements, and then claim that any outpacing the requirements was an accident. Just because the ANALYST was not 'willfully breaking the law', his managers were when they gave him access to do so. Thats how delegated privilege works.
Was this a leak? The guardian article suggested it came from the declassified judgement. And honestly, i think maybe the companies should have to pay for this crap themselves, we've basically turned handing us over to the feds a billable project...
I don't think you're wrong, I just think that while the media talks about "defacing websites" they forget what it means to control a domain that is in the trusted sites list of government employees and what it could potentially mean for IT security. This time anonymous is really claiming to have stolen the motherload, which is not new for them, but they are describing a plausible situation where they may have actually done it.
Biggest problem is that it doesn't take a lot for script kiddies to get truly powerful information as long as someone who knows what to look for is directing them.
They would have full admin to any machine that connects to that website and allows a java applet run. Which would be all of them, since its likely in the Trusted Sites list of DOJ machines. With admin access they would setup a key logger or just pull the outlook .ost. The severity of that Java 0 day cannot be understated, combine that with the amount of Java the public sector uses (standard install on all government machines, and web app platform of choice), unless they are totally making it up they have everything from most DOJ employees. Potentially much much more.
I think they are taking advantage of the panic over that java bug, but if not then this will be very interesting as they make everything electronic from all the judges and prosecutors in the US public.
Basically they aren't taking down websites, but using compromised sites to steal documents and emails. And if they used the Java 0 day then they likely have succeeded.
Sorry Tim, normally you are spot on, but this time you have fundamentally misunderstood what Anonymous has claimed to do. They are claiming that they installed browser exploits and stole secrets from the DOJ employees that visited those sites, likely all of them as that website hosts the current version of the Minimum Sentencing Guidelines, which all prosecutors use. If their claims are correct, then they likely have completely compromised both the professional and personal accounts of all visitors to the site.
The theory currently being discussed by real security pros (like me) is that the reason that Homeland Security asked all government employees to remove the JavaVM is that they caught them in the act, but due to the nature off the exploit could not stop it. This is the first time ever that Anonymous may have actually gotten real incriminating info.
OR you could just map a drive over the internet and present it as local storage to your OS... this really isn't an issue from a technological perspective...
On the post: Intelligence Black Budget Reveals Major Focus By NSA On Cracking Encryption
Re:
On the post: Intelligence Black Budget Reveals Major Focus By NSA On Cracking Encryption
On the post: Former US Official: Edward Snowden Was Too Brilliant To Work For The NSA
On the post: Mayor Bloomberg Vetoes Veto-Proof Stop And Frisk Bills Because He's Mayor Bloomberg
Re:
Poor black people live nearby other poor black people, and when they get desperate enough to commit a crime, they commit it close by. This is the same reason most crime in mainland China is Chinese-on-Chinese crime.
On the post: Gun Runner Uses Instagram Account To Sabotage Own Criminal Enterprise, And Bloomberg Still Thinks It's A Win For Stop And Frisk
On the post: Thirty Years Of NSA 'Oversight' And The Only Change Is Better Snooping Technology
On the post: NSA Tapping UN Isn't A Huge Surprise -- But Ability To Crack Video Conferencing Encryption Raises Questions
On the post: Steve Jobs' Email Shows Apple Changed In-App Purchasing Rules Specifically To Retaliate Against Amazon
Re: Wait..
Your history below is also fairly inaccurate and seems a bit based on bio movies, and all this ties together to give you a bit of a fanboyish zeal and makes your arguments easily dismissed. Which is too bad because even if I disagree they are well articulated.
On the post: Steve Jobs' Email Shows Apple Changed In-App Purchasing Rules Specifically To Retaliate Against Amazon
On the post: More Confirmation: NSA Analysts Willfully Abused Surveillance Powers
On the post: Yes, Of Course The NSA Pays Tech Companies For Surveillance Efforts
Re: Re: Leak?
On the post: Yes, Of Course The NSA Pays Tech Companies For Surveillance Efforts
Leak?
On the post: Anonymous Hacks US Sentencing Commission Website, Grabs Sensitive Files And Demands Legal Reform
Re: Re: Re:
On the post: Anonymous Hacks US Sentencing Commission Website, Grabs Sensitive Files And Demands Legal Reform
Re:
On the post: Anonymous Hacks US Sentencing Commission Website, Grabs Sensitive Files And Demands Legal Reform
Re: Re: Re:
I think they are taking advantage of the panic over that java bug, but if not then this will be very interesting as they make everything electronic from all the judges and prosecutors in the US public.
On the post: Anonymous Hacks US Sentencing Commission Website, Grabs Sensitive Files And Demands Legal Reform
Re:
On the post: Anonymous Hacks US Sentencing Commission Website, Grabs Sensitive Files And Demands Legal Reform
The theory currently being discussed by real security pros (like me) is that the reason that Homeland Security asked all government employees to remove the JavaVM is that they caught them in the act, but due to the nature off the exploit could not stop it. This is the first time ever that Anonymous may have actually gotten real incriminating info.
On the post: GEMA Feels It Isn't Killing German Nightclubs Fast Enough, Moves Towards Charging DJs Per MP3 On Their Laptops
Re:
On the post: GEMA Feels It Isn't Killing German Nightclubs Fast Enough, Moves Towards Charging DJs Per MP3 On Their Laptops
Also shows how ridiculous the idea of charging people for bringing in supposedly legal tools in order to do their job.
Its like a union somewhere charging me for every script i take to a client site that i might possibly run.
On the post: Obama's Tech Team Was Firing On All Cylinders While Romney's Was Still In Beta
I'm also not sure why a regular BI system couldnt easily handle this problem.
Next >>