omnibus PRISM/NSA/free Edward Snowden/encryption tutorial thread

rly, do they ever stfu?

nobody with snowden opinions is ever going to stfu about snowden

i liked it so much better when "snowden's secret" was that people are sausage containers

what if putin kicks out snowden so he can take a job w/ the trump administration

employing a guy you've suggested should be executed is uncharted waters even for Yam*

*you dipshit

that particular example is maybe uncharted but he has flipped on very dramatic policy decisions already and appears to have no coherent perspective at all. also it was a joke.

lol yeah I thought that was just a variation on the "Trump appoints blatantly unqualified/antagonistic people to head x agency" joeks

my opinion about the snowden offer is that it's a poisoned chalice - another issue that will split the american public and create an upsetting national controversy that trump is ill-equipped to navigate. but maybe i'm overestimating the national public and americans would just be impressed that trump was able to procure snowden from putin to punish when obama couldn't.

2-year throwback:

@NSAGov
Every move they make, every step they take. We’ll be watching our foreign adversaries. #HappyValentinesDay from the #NSA #vday2015

nice job keepin' the Story of the Day about yr fave agency quiet so far, guys!

anyhoo

https://twitter.com/Snowden/status/839168025517522944

Fuck wikileaks and Assange, that Trump-supporting rapist.

That tweet seems really misleading. It sounds like the NSA bought the exploit from the company that discovered it. It's not new information that the intelligence community/law enforcement do this. They didn't pay Apple to put the vulnerability or backdoor in iOS. I haven't found or heard of any intentional backdoors in the leak so far, just exploits.

The leak sheds some limited light on the CIA’s sources of those exploits, too. While some of the attacks are attributed to public releases by iOS researchers, and the Chinese hacker Pangu, who’s developed techniques to “jailbreak” the iPhone to allow the installation of unauthorized apps, others are attributed to partner agencies or contractors under codenames. The remote iOS exploit is listed as “Purchased by NSA” and “Shared with CIA.” The CIA apparently purchased two other iOS tools from a contractor listed as “Baitshop,” while the Android tools are attributed to sellers codenamed Fangtooth and Anglerfish.

In a tweet, NSA leaker Edward Snowden pointed to those references as “the first public evidence [the US government] is paying to keep US software unsafe.”

https://www.wired.com/2017/03/cia-can-hack-phone-pc-tv-says-wikileaks/

He worked in both agencies, at some point you'd think he would understand what their mission is

that seems pretty disingenuous to me. the only way that argument works is if you believe that the knowledge of exploits makes software unsafe as opposed to the existence of vulnerabilities. but the vulnerabilities exist whether or not the CIA is paying for the information. and the CIA paying for the information doesn't create the vulnerabilities since they're error on the part of the companies designing the hardware/software.

snowden's argument that is. disingenuous, sacre bleu, i know

If you assume "USG" is one big monolith, where all the FEMA folks and park rangers and yours truly get CC'd on the email where Agent Hax0rZ agrees to move 72/89ths of a bitcoin for the remote admin 0day in iOS, then his argument almost makes sense: Government, instead of keeping us safe, is keeping us UNSAFE, by not disclosing or fixing the problems in iOS etc. that it spends our taxes to find out about.

But different agencies do different things to keep us safe. We argue amongst ourselves about how to do that. It's not a monolith.

where all the FEMA folks and park rangers and yours truly get CC'd on the email where Agent Hax0rZ agrees to move 72/89ths of a bitcoin

yes i'm sure this is EXACTLY what Snowden means.

"USG" is shorthand for 'them who works for us'

This concerns me, though: https://wikileaks.org/ciav7p1/cms/page_17760284.html

CIA emoji stash
https://wikileaks.org/ciav7p1/cms/page_17760284.html

Lol, didn't see you posted that, sorry

¬_¬

Hey Morbs do you care to explain what YOU think Ed means in more than a dozen words?

Do you believe in foreign policy and "statecraft?" Is espionage a thing in your world? I guess not, since the Russian stuff really seems to turn you off on the US politics threads.

There are no spies! Only Obamafactured excuses for jacking phones and sending drones. Is that it?

Does it ever feel a tad pompous, presumptuous, or maybe even nationalistic, (!) to assume our own intelligence services are so ruthless, rich and competent that they're the REAL threat to peace and democracy, while other countries with similar designs on geopolitical power have these spy agencies that don't deserve respect unless they get caught red-handed stealing an election?

morbs you don't even have a portable telephone

i try to be as much of a nonperson as I can. Gotten harder when i have to pay for even my cancer drips with a credit card.

From history I have learned that our intel services are pretty much Murder Inc, only sometimes more competent. (lol good job on that Fidel assassination)

There are nothin BUT spies and suckers, buddy

anyway Michael Hayden showed up on Colbert last night to propagandize the "trust us" angle, so all's well.

Karl Sharro‏
@KarlreMarks
.@CIA hey guys, I want to buy a smart TV, do you recommend a particular brand?

I thought it's polite to ask them because we will both be watching it together.

Hurr hurr hurr

Edward Snowden’s Hong Kong barrister authenticates hotel records, debunking mystery gap claim

http://www.charliesavage.com/?p=1543

if you're in the US, given today's news (https://arstechnica.com/tech-policy/2017/03/for-sale-your-private-browsing-history/)

- if you're on macos/ios use https://www.getcloak.com/
- if you need windows/android support use https://www.tunnelbear.com/
- if you're a collosal nerd use https://github.com/trailofbits/algo

i'm just not gonna use the internet

That's what I've been doing for years

i'm on my second internet-free day it's going great

It should be stressed that many, many VPN services are awful and/or scams. Your VPN provider has the same ability to see or modify your traffic as your ISP would otherwise have, so it's easy to make it worse for yourself by picking
a bad service. Caek's recommendations are all good, and Freedome has a 50% off sale going on and should also be fine (coupon is MARCH50). Using a free service will probably end badly, unfortunately.

Oh, and if you decide to roll your own with Algo or something, Amazon AWS has a free tier that will get you a server to run it on for a year. That's what I've been doing.

those nsa hackers have given up on their bitcoin ransom and put out the password for the rest of the equation group exploits

https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1

obv this coming right in the aftermatch of the syria strikes is totally coincidental

probably should take a look at my work email

it sounds from twitter like it's all like exploits for sendmail in redhat 7 or whatever rather than partic up to date stuff

[not the angle you're looking at i realise tombot]

well I assume that the stuff that can be readily identified and analyzed within a couple of hours is going to be stuff people are already familiar with
wouldn't be surprised if it adheres to sturgeon's law, but it's going to be the 2-3 things that aren't immediately obvious that we should be worried about

what's not totally coincidental is this coming at the same moment that mark s lost his temper with frederik b

deeper state from before the dawn of time

Oh right, Deep State Magic.

the auction was never really about bitcoins

The ShadowBrokers, an entity previously confirmed by The Intercept to have leaked authentic malware used by the NSA to attack computers around the world, today released another cache of what appears to be extremely potent (and previously unknown) software capable of breaking into systems running Windows. The software could give nearly anyone with sufficient technical knowledge the ability to wreak havoc on millions of Microsoft users....

According to security researcher and hacker Matthew Hickey, co-founder of Hacker House, the significance of what’s now publicly available, including “zero day” attacks on previously undisclosed vulnerabilities, cannot be overstated: “I don’t think I have ever seen so much exploits and 0day [exploits] released at one time in my entire life,” he told The Intercept via Twitter DM, “and I have been involved in computer hacking and security for 20 years.” Affected computers will remain vulnerable until Microsoft releases patches for the zero-day vulnerabilities and, more crucially, until their owners then apply those patches.

“This is as big as it gets,” Hickey said. “Nation-state attack tools are now in the hands of anyone who cares to download them…it’s literally a cyberweapon for hacking into computers…people will be using these attacks for years to come.”

https://theintercept.com/2017/04/14/leaked-nsa-malware-threatens-windows-users-around-the-world/

https://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-and-evaluating-risk/

Most of the exploits that were disclosed fall into vulnerabilities that are already patched in our supported products. Below is a list of exploits that are confirmed as already addressed by an update. We encourage customers to ensure their computers are up-to-date.

Code Name Solution
“EternalBlue” Addressed by MS17-010
“EmeraldThread” Addressed by MS10-061
“EternalChampion” Addressed by CVE-2017-0146 & CVE-2017-0147
“ErraticGopher” Addressed prior to the release of Windows Vista
“EsikmoRoll” Addressed by MS14-068
“EternalRomance” Addressed by MS17-010
“EducatedScholar” Addressed by MS09-050
“EternalSynergy” Addressed by MS17-010
“EclipsedWing” Addressed by MS08-067

Of the three remaining exploits, “EnglishmanDentist”, “EsteemAudit”, and “ExplodingCan”, none reproduces on supported platforms, which means that customers running Windows 7 and more recent versions of Windows or Exchange 2010 and newer versions of Exchange are not at risk. Customers still running prior versions of these products are encouraged to upgrade to a supported offering.

EnglishmanDentist

U.S. intelligence agencies conducted illegal surveillance on American citizens over a five-year period, a practice that earned them a sharp rebuke from a secret court that called the matter a “very serious” constitutional issue.

The criticism is in a lengthy secret ruling that lays bare some of the frictions between the Foreign Intelligence Surveillance Court and U.S. intelligence agencies obligated to obtain the court’s approval for surveillance activities.

The ruling, dated April 26 and bearing the label “top secret,” was obtained and published Thursday by the news site Circa....

The document, signed by Judge Rosemary M. Collyer, said the court had learned in a notice filed Oct. 26, 2016, that National Security Agency analysts had been conducting prohibited queries of databases “with much greater frequency than had previously been disclosed to the court.”

It said a judge chastised the NSA’s inspector general and Office of Compliance for Operations for an “institutional ‘lack of candor’ ” for failing to inform the court. It described the matter as “a very serious Fourth Amendment issue.”

http://www.mcclatchydc.com/news/nation-world/national/national-security/article152947909.html