Police Encourages to Hack
Discussion
http://news.bbc.co.uk/1/hi/technology/7812480.stm
Is it just me or is that pretty much like wakling into your house warrant-less and having a good dig?
Is it just me or is that pretty much like wakling into your house warrant-less and having a good dig?
It just becomes more important to setup your network properly.
I wish more people used PGP for emails, if everyone encrypted and signed every email they sent, no matter how inconsequential the data within them, there would be no suspicion arising when encrypted email conversations are found.
Similarly with secure file shredding utilities.
If you use wireless access to your router and you are using a strong WPA key they have no chance. Modern crypto are so mathematically secure that our best attacks against it are brute force. This takes an unfeasibly long, long, time, you have to exhaust the keyspace.
I guess the way they would try to find an in is very much like conventional hackers and scammers. They would likely use some sort of social engineering to trick you into running a malicious executable. unfortunately, this would probably work on most people. Especially when most people don't run their default account on their OS as a limited user.
I wish more people used PGP for emails, if everyone encrypted and signed every email they sent, no matter how inconsequential the data within them, there would be no suspicion arising when encrypted email conversations are found.
Similarly with secure file shredding utilities.
If you use wireless access to your router and you are using a strong WPA key they have no chance. Modern crypto are so mathematically secure that our best attacks against it are brute force. This takes an unfeasibly long, long, time, you have to exhaust the keyspace.
I guess the way they would try to find an in is very much like conventional hackers and scammers. They would likely use some sort of social engineering to trick you into running a malicious executable. unfortunately, this would probably work on most people. Especially when most people don't run their default account on their OS as a limited user.
Edited by him_over_there on Thursday 5th March 12:42
scorp said:
him_over_there said:
It just becomes more important to setup your network properly.
Once these tools proliferate they will be outlawed, "won't someone think of the children", etcEdited by him_over_there on Thursday 5th March 12:57
him_over_there said:
scorp said:
him_over_there said:
It just becomes more important to setup your network properly.
Once these tools proliferate they will be outlawed, "won't someone think of the children", etcBut it's really rather funny to give them a 2048bit encrypted file and then tell them to stuff it.
Silent1 said:
The US tried to stop PGP being exported and failed, it's now too widely used for them to try.
But it's really rather funny to give them a 2048bit encrypted file and then tell them to stuff it.
Ermm.. The UK govt is rather adept at banning things, plus its straight to prison if you dont give them decryption keys upon request.But it's really rather funny to give them a 2048bit encrypted file and then tell them to stuff it.
scorp said:
Silent1 said:
The US tried to stop PGP being exported and failed, it's now too widely used for them to try.
But it's really rather funny to give them a 2048bit encrypted file and then tell them to stuff it.
Ermm.. The UK govt is rather adept at banning things, plus its straight to prison if you dont give them decryption keys upon request.But it's really rather funny to give them a 2048bit encrypted file and then tell them to stuff it.
Silent1 said:
scorp said:
Silent1 said:
The US tried to stop PGP being exported and failed, it's now too widely used for them to try.
But it's really rather funny to give them a 2048bit encrypted file and then tell them to stuff it.
Ermm.. The UK govt is rather adept at banning things, plus its straight to prison if you dont give them decryption keys upon request.But it's really rather funny to give them a 2048bit encrypted file and then tell them to stuff it.
Not only do you have to give them your keys if they ask, but you cannot tell anyone else they have your key.
Although the obviously way around this is to revoke your key....
Silent1 said:
But it's really rather funny to give them a 2048bit encrypted file and then tell them to stuff it.
Not anymore,http://www.schneier.com/blog/archives/2007/10/uk_p...
him_over_there said:
Silent1 said:
scorp said:
Silent1 said:
The US tried to stop PGP being exported and failed, it's now too widely used for them to try.
But it's really rather funny to give them a 2048bit encrypted file and then tell them to stuff it.
Ermm.. The UK govt is rather adept at banning things, plus its straight to prison if you dont give them decryption keys upon request.But it's really rather funny to give them a 2048bit encrypted file and then tell them to stuff it.
Not only do you have to give them your keys if they ask, but you cannot tell anyone else they have your key.
Although the obviously way around this is to revoke your key....
Oh really, because SWIM didn't give them the key because he forgot.
3 years later they gave up.
On a similar note..
http://www.guardian.co.uk/uk/2009/feb/25/personal-...
http://www.guardian.co.uk/uk/2009/feb/25/personal-...
guardian said:
Privacy rights of innocent people will have to be sacrificed to give the security services access to a sweeping range of personal data, one of the architects of the government's national security strategy has warned.
Sir David Omand, the former Whitehall security and intelligence co-ordinator, sets out a blueprint for the way the state will mine data - including travel information, phone records and emails - held by public and private bodies and admits: "Finding out other people's secrets is going to involve breaking everyday moral rules."
But they will do it anyway..Sir David Omand, the former Whitehall security and intelligence co-ordinator, sets out a blueprint for the way the state will mine data - including travel information, phone records and emails - held by public and private bodies and admits: "Finding out other people's secrets is going to involve breaking everyday moral rules."
Edited by him_over_there on Thursday 5th March 13:49
Rawwr said:
Despite RIPA, there are plenty of ways to carry plausible deniability.
How so ?I have seen some of the deniable filesystems using software with TrueCrypt but it has been shown to be ineffective. Especially when the OS that is running it is windows, there is always information leakage that can lead to the 'hidden' deniable filesystem ?
him_over_there said:
Rawwr said:
Despite RIPA, there are plenty of ways to carry plausible deniability.
How so ?I have seen some of the deniable filesystems using software with TrueCrypt but it has been shown to be ineffective. Especially when the OS that is running it is windows, there is always information leakage that can lead to the 'hidden' deniable filesystem ?
Gassing Station | The Pie & Piston Archive | Top of Page | What's New | My Stuff