Thursday, December 5, 2013

Security Smorgasboard

The NSA has weaponized the Internet:
According to revelations about the QUANTUM program, the NSA can “shoot” (their words) an exploit at any target it desires as his or her traffic passes across the backbone. It appears that the NSA and GCHQ were the first to turn the internet backbone into a weapon; absent Snowdens of their own, other countries may do the same and then say, “It wasn’t us. And even if it was, you started it.”

If the NSA can hack Petrobras, the Russians can justify attacking Exxon/Mobil. If GCHQ can hack Belgacom to enable covert wiretaps, France can do the same to AT&T.

Securely deleting cache, cookies, and sensitive data:
BleachBit quickly frees disk space and tirelessly guards your privacy. Free cache, delete cookies, clear Internet history, shred temporary files, delete logs, and discard junk you didn't know was there. Designed for Linux and Windows systems, it wipes clean a thousand applications including Firefox, Internet Explorer, Adobe Flash, Google Chrome, Opera, Safari,and more. Beyond simply deleting files, BleachBit includes advanced features such as shredding files to prevent recovery, wiping free disk space to hide traces of files deleted by other applications, and vacuuming Firefox to make it faster. Better than free, BleachBit is open source.
Seems like quite a good idea, even if you don't lean towards the tin foil hat side of the spectrum.

A live OS from USB that lets you browse anonymously via TOR:
Tails is a live operating system, that you can start on almost any computer from a DVD, USB stick, or SD card. It aims at preserving your privacy and anonymity, and helps you to:
  • use the Internet anonymously and circumvent censorship;
    all connections to the Internet are forced to go through the Tor network;
  • leave no trace on the computer you are using unless you ask it explicitly;
  • use state-of-the-art cryptographic tools to encrypt your files, emails and instant messaging.
This also seems like an interesting idea.

Private Instant Messaging:

Off-the-Record (OTR) Messaging allows you to have private conversations over instant messaging by providing:
No one else can read your instant messages.
You are assured the correspondent is who you think it is.
The messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he sees are authentic and unmodified.
Perfect forward secrecy
If you lose control of your private keys, no previous conversation is compromised.
Boy, the NSA sure has inspired the security guru community.  Way to go, NSA!

Oh, and the TSA is completely useless:
Back in 2006, I -- and others -- explained how to print your own boarding pass and evade the photo-ID check, a trick that still seems to work. In 2008, I demonstrated carrying two large bottles of liquid through airport security. Here's a paper about stabbing people with stuff you can take through airport security. And here's a German video of someone building a bomb out of components he snuck through a full-body scanner. There's lots more if you start poking around the Internet.

So, what's the moral here? It's not like the terrorists don't know about these tricks. They're no surprise to the TSA, either. If airport security is so porous, why aren't there more terrorist attacks? Why aren't the terrorists using these, and other, techniques to attack planes every month?

I think the answer is simple: airplane terrorism isn't a big risk. There are very few actual terrorists, and plots are much more difficult to execute than the tactics of the attack itself.
But hey, those citizens won't grope themselves.  Mission Accomplished, G-Man!


Peter said...

BleachBit is extremely impressive. I hadn't heard of it until you mentioned it, and after reading more about it, I downloaded and ran it. It freed up 3.7GB on my hard drive, compared to CCleaner's usual harvest of a few MB when I run it weekly! I had no idea that much crap was floating around my system. So far, everything's stable.


GunRacer said...

Thanks a ton for the links... I'll be sure to put them on my bootable thumbdrives.

Meryl said...

I think another reason we don't see so many terrorist attacks on aircraft is that the other passengers are not about to sit by and die without bringing down a world of hurt on someone trying to kill them.