anonymity-blog.tk: 2007

Tuesday, 18 December 2007

possibly backdoored random-number-generator added with Vista-SP1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

As reported by Bruce Schneier (A very well known cryptoanalyst),
Microsoft has added the Dual_ElipticCurve- PseudoRandomNumberGenerator to Windows Vista.

Exactly this PRNG has is suspected to have a backdoor added to it,

The Overview of Windows Vista Service Pack 1 states: "The Dual Elliptical Curve (Dual EC) PRNG from SP 800-90 is also available for customers who prefer to use it."

- - From Did NSA Put a Secret Backdoor in New Encryption Standard? By Bruce Schneier, Wired News, November 15, 2007:

In an informal presentation (.pdf) at the CRYPTO 2007 conference in August, Dan Shumow and Niels Ferguson showed that the algorithm contains a weakness that can only be described a backdoor.

This is how it works: There are a bunch of constants -- fixed numbers -- in the standard used to define the algorithm's elliptic curve. These constants are listed in Appendix A of the NIST publication, but nowhere is it explained where they came from.

What Shumow and Ferguson showed is that these numbers have a relationship with a second, secret set of numbers that can act as a kind of skeleton key. If you know the secret numbers, you can predict the output of the random-number generator after collecting just 32 bytes of its output. To put that in real terms, you only need to monitor one TLS internet encryption connection in order to crack the security of that protocol. If you know the secret numbers, you can completely break any instantiation of Dual_EC_DRBG.

The researchers don't know what the secret numbers are. But because of the way the algorithm works, the person who produced the constants might know; he had the mathematical opportunity to produce the constants and the secret numbers in tandem.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHiyK4LAZ+Vq4hPgARAiEmAKDT3SXjRrImTxUYwheeOJl+shzsOgCeJf7j
O/5jZwEnPpMxOu7jVQ3maHo=
=DF2y
-----END PGP SIGNATURE-----

Combine webmail and GPG using the FireGPG-Extension for Firefox

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So, you are using TOR to access a gmail- or other webmail-account?

You can use gpg just fine for any email-program but....with webmail there is no such email.

Enter FireGPG.

With this extension you get a context-menu where you can sign, encrypt, decrypt and verify any text you select.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6XhLAZ+Vq4hPgARApUcAKDLT8APB29NyIgK0h+vavL8faNqaACgo7H2
XJvMEAQCwnnRidzuaDZOwRk=
=LxcJ
-----END PGP SIGNATURE-----

Monday, 17 December 2007

Tor and privoxy had been ported to iphone

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

from cjacker huang on or-dev:

I just ported libevent, tor-0.1.2.18 and privoxy to iphone 1.1.1 fw.
and finished a iPhone app named iTor.app.
...
It works pretty good on iphone. also I tested it with privoxy on PC
and tor on iphone.

for more infomation and source.
http://www.linux-ren.org/modules/everestblog/?p=161

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6e5LAZ+Vq4hPgARAroOAKC+wNkt1w4d7d2ZFFbo74t+Ao7n/QCfWt4J
PFJftkVmwY5w9N9MeFfbGsM=
=Ocq5
-----END PGP SIGNATURE-----

Saturday, 15 December 2007

european data-retention - what does it mean to you, Mr. Operator?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

(links given by an austrian informant.)

All over europe people offering anonymity-services are forced to log within the next 13 month.

A german tor-operator now published in his blog under the title ""We are fucked individually!"" the commented, relevant parts of the laws as applicable to tor-operators.

On the german tor-talk mailing-list he gave the following numbers for estimated storage-space required for logging after doing real-world experimentation of that toppic.

Server Traffic: 2.000 KB/s average
logs for 1 week: 200 GByte
logs for 1 week after removing irrelevant content: 120 GByte
after compression and encryption: 20 GByte
sum for 26 weeks (6 month): 500 GByte average
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6eyLAZ+Vq4hPgARAtgsAKCk5tQF7EJakP82MlSqG+H0TY+VvwCeOSEE
/ryHIw2Oi5y+QVCabujYKNg=
=/HZL
-----END PGP SIGNATURE-----

Wednesday, 12 December 2007

Hundreds searched illegally at Gatwick

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

from: The Guardian

Louise Radnofsky and agencies
Wednesday December 12, 2007
Guardian Unlimited

Hundreds of passengers at Gatwick airport have been subjected to illegal police "stop and searches", the Home Office admitted in a written statement today.

Sussex police made a paperwork error when they applied for special permission to stop people without "reasonable grounds" that a crime is in progress, said the security minister, Tony McNulty.

The 259 people stopped and searched by Sussex police during three weeks in September will receive apologies, McNulty said, adding that Home Office officials were reviewing the paperwork connected with stop and search tactics under the Terrorism Act 2000 to check for more mistakes.

"No arrests occurred as a result of these stop and searches," he said.

"However, Sussex police will shortly be writing to all of the individuals concerned to apologise.

"All steps have now been taken to ensure ... that such regrettable and serious omissions do not occur again."

A similar mistake was found to have happened in 2003, he said.

A Sussex police spokesman said the force accepted full responsibility for the blunder.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6esLAZ+Vq4hPgARAvGWAJ0WIcYylTq+R/vcqIfPWhDOcLaEjwCfZTo7
POA7bFBHq32STco4Gh5EJys=
=5MAS
-----END PGP SIGNATURE-----

Friday, 7 December 2007

German Privacy Foundation cares for tor-admins and politicians

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Our german informant has been quite busy lately. Here is a complete article from him:

As mentioned on heise news, the newly founded Privacy Foundation is to inform police-personell, courts, tor-admins and politicians alike about privacy-techniques like tor.
This step was found to be needed because of raids on tor-admins lately by uninformed policy that did not know or believe that there where no logs to be found by such a raid.
The foundation is also to help journalists not misrepresent tor and other services to the public.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6fGLAZ+Vq4hPgARAtG0AKDLSUlAgyEgcwe4V0Ljf137r66n4ACeMXXs
xxob1qHW886KT5ekXV7ds80=
=YMPy
-----END PGP SIGNATURE-----

Sunday, 2 December 2007

Freenode forced to block tor-clients temporarily

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

As stated in the staff blog freenode was forced to block tor-clients because a company named "B & C Advanced Solutions" was violating their policies by creating and publishing chat-logs covertly by bot connecting through the tor-network.
Freenode states that they where unable to identify the boty any other way.

Access via gpg-tor is supposed to be unaffected.

other blog-posts:
irseek: open letter to IRC-operators

techcrunch: Will IRSeeK Have A Chilling Effect on IRC Chat?

IrSeek-page on vorratsdatenspeicherung.de (in english) (provided by a german informant)

geekosphere.org (provided by a german informant)

laxu (provided by a german informant)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6enLAZ+Vq4hPgARArKBAKC2O28RffvTbRG+akMzFT3hld4EMwCfbyic
e5pQbFR6Bij5uvKZ7EOMmog=
=dfqP
-----END PGP SIGNATURE-----

Friday, 30 November 2007

Jury Trial, Jury Nullification

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There is an ongoing discussion on the OnionRouter-Talk mailing list that may be of interest to readers familar with the jury-system in the United Stated of (northern) America.

Apperently there was a 1996-case in the US where a jury-member got a sentence because of informing the other jury-members of (truthfully) a right they had. Also interesting to this topic may be the Fija-organisation.

Note that we did not check the facts presented here to be true. Thus don't trust a site just because "it's written" and don't trust us for that matter.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6ebLAZ+Vq4hPgARAkbGAKDLd4KDVvYykW/JIIxodXB1qy7WQgCfRCbF
tAN58vYa98vIpU4Bvvid4Cg=
=QsrD
-----END PGP SIGNATURE-----

Thursday, 29 November 2007

password need not be produced in USofA-court

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

the source(pdf)

A US-District-Court issued a ruling that a canadian need not release the password for his pgp-drive because that is a thought and he has the right to remain silent about his thoughts.
Formerly a password was often seen as a key by the accusers that could be forced to be produced.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6eVLAZ+Vq4hPgARAmbZAKCLC9tuRWuNC5cfGk+RgCC7g4mhPwCbBR9H
KL76qxeXZ0AfpVi3rvirCIM=
=6ewt
-----END PGP SIGNATURE-----

Wednesday, 28 November 2007

setting up your own search-enging for torland

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

We stumbled over YaCy as a distributed search-enging. It's quite a nice thing
but being distributed unless changed it just starts connecting to it's non-tor-peers
and index the web.
But...you can configure it to be part of the network of CaCy-Servers on tor and help
index torland. As a side-effect you get a local search-index that is allways reachable
without lag.

Parts needed:

Java 1.4.x
some free ram and disk
some free bandwidth

english setup-instructions

german setup-instructions

short YaCy+ot howto on the hidden wiki

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6eJLAZ+Vq4hPgARAmxVAJ9tfw+DWJ2Vo+rx1uDf6LxJGo7jPgCfalQV
BhKl2PEIR9n/PgspJxuFdA0=
=Ir1d
-----END PGP SIGNATURE-----

newsflash: Google hands over IP address of anonymous blogger

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

from: globes.co.il:

(shortened)


In an unprecedented move, Google has agreed to supply the IP address of an Israeli blogger who 
used "Google Blogger" for a blog in which he slandered Shaarei Tikva council members running for 
reelection...

The council members asked Google for the blogger's name.
They reached a settlement with the company on the basis of an Israeli ruling on the subject.
The settlement stipulates that 72 hours before a hearing ...the council members would leave the 
blogger a message on his blog summoning him to the hearing, or else his IP address would be 
handed over. The notice would invite the blogger to disclose his identity, participate in the 
hearing, or oppose the disclosure of his identity by filing a motion as "anonymous".
...
Google initially said that disclosing the blogger's identity violated rulings on the balance 
between freedom of expression and a person's right to his reputation.

However, in a pre-ruling, Judge Oren Schwartz said that the blog's content raised suspicions of 
criminal conduct, and Google took the hint. 
...
In line with Judge Schwartz's ruling, Google and the councilmen reached a settlement in their 
dispute. Following the 72 hour period, Google was ordered to hand over the IP address to the 
court....

note: this is not about us. "anonymous" is a fairly...common name nowadays. ;)

We have been given the following links with good articles about the case in major german online-publications.
coverage on lawblog and coverage on heise.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6eBLAZ+Vq4hPgARAkYyAJ9e8yC/ibAkBe638Dk/zkxJll6ifgCgmj5W
j16gdMwdUnGf2jRar/I/GJg=
=8KO8
-----END PGP SIGNATURE-----

providing ssh as a tor-hidden-service

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

step 1: create the service

create the service-directory


mkdir /var/lib/tor/hidden_service
mkdir /var/lib/tor/hidden_service/ssh
chown tor /var/lib/tor/hidden_service/ssh   (may be "debian-tor" for debian-users)

now add to your /etc/tor/torrc


HiddenServiceDir /var/lib/tor/hidden_service/ssh
HiddenServicePort 22 127.0.0.1:22

step 1a: reload tor and check that it works


/etc/init.d/tor reload
tail /var/log/tor/log

now


cat  /var/lib/tor/hidden_service/ssh/hostname

will give you the .onion-address to use

step 2: configure the client

first, download connect.c from latency.net to allo ssh to connect to a socks-proxy.
compile it with


gcc connect.c -o /etc/ssh/connect

and in /etc/ssh/ssh_config
add the following configuration for all .onion-addresses



# use /etc/ssh/connect to use tor to connect to ssh in torland
Host *.onion
  ProxyCommand /etc/ssh/connect -S localhost:9050 %h %p

done. Now you can do a "ssh fox@XYZ.onion" every time your local tor-server is running.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6d7LAZ+Vq4hPgARAiDUAJ4zj99ZM8vwwNnEhi6UeR9WbUNTEACgtSgb
Br17oxsyxfwoTwLxL+rr2zg=
=rQE0
-----END PGP SIGNATURE-----

"anonymous living"-blog

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

We just discovered the anonymous living -blog.
You may want to have a look there. It looks quite good and lively!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6dxLAZ+Vq4hPgARAiUrAJ9TQwPz1cgYqPLVloK6pxwjxoHExACdGOE+
LeFIIZHSM68H8b+dMI+n2q4=
=NWhE
-----END PGP SIGNATURE-----

Tuesday, 27 November 2007

Tor 0.2.0.12-alpha fixes

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Today Tor 0.2.0.12-alpha was released, fixing among other things "a giant memory-leak".
Here is the Freshmeat announcement.


This release fixes some build problems with the previous snapshot. It also includes a more 
secure-by-default exit policy for relays, fixes an enormous memory leak for exit relays, and fixes 
another bug where servers were falling out of the directory list.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6dfLAZ+Vq4hPgARApnLAJ4r8HWmehEyrQGISTkkdooJI1llKACdH0cB
YDoEyRbiXy4x1cv65qD65is=
=U0Uj
-----END PGP SIGNATURE-----

masked.name

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

We recently discovered a nice service we wanted you to know about:
masked.name

You can register here(using tor) and then use a mail, im, irc, ftp in torland and have a public (as in outside torland and on the normal internet) blog on NAME.masked.name.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6dHLAZ+Vq4hPgARAk8lAJ47fJuUCo1LbyCN2ZiZGOYOJKbViQCfYl37
VHqEsP6AopDM9r9ZleHak4w=
=gG+3
-----END PGP SIGNATURE-----

Saturday, 24 November 2007

small personal fight in torland

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It looks like a small fight has started in torland.
Matt and Jamon are fighting over "who provides the best hidden services".

Well, we are allways pro-competition so let us see how much improvement in quality and quantity of hidden services we will end up with.

Matt is operating

the hidden hosting

The Hidden Wiki-IRC

Hidden messaging

and of cause the famous Hidden Wiki

Jamon operates

the core.onion -directory

masked.name (including an irc-server)

jamon.name

whocalled.us

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6ckLAZ+Vq4hPgARAu44AJ9Zt46BW5l59y4YjrtbbRbvtxI/QgCfdq0D
cch04g3ri3/GTx3vLYZcbak=
=HIw8
-----END PGP SIGNATURE-----

Tuesday, 20 November 2007

transocks - transparently torify all tcp connections on the router

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

transocks from Mike Fisk looks pretty cool.

usage:


#!/bin/sh

# start transocks
/usr/local/sbin/transocks  -p 1211

LOCAL_NET=192.168.0.0/16

# create a new chain 'SOCKSIFY' for it to simplify management
iptables -t nat -X SOCKSIFY
iptables -t nat -N SOCKSIFY

# exceptions that are not to be run through tor
iptables -t nat -A SOCKSIFY -o lo -j RETURN
iptables -t nat -A SOCKSIFY --dst 127.0.0.1 -j RETURN
iptables -t nat -A SOCKSIFY --dst $LOCAL_NET -j RETURN

# avoid feedback loops
iptables -t nat -A SOCKSIFY -m owner --cmd-owner transocks -j RETURN

# log every new connection in the SOCKSIFY-chain
iptables -t nat -A SOCKSIFY -j LOG -p tcp --syn --log-level info \
- --log-prefix "SOCKSify "

# send tcp-connections in the SOCKSIFY-chain to transocks
iptables -t nat -A SOCKSIFY -p tcp -j REDIRECT --to-port 1211

# Socksify traffic leaving this host:
iptables -t nat -A OUTPUT -p tcp --syn -j SOCKSIFY

# Socksify traffic routing through this host:
iptables -t nat -A PREROUTING -p tcp -s $LOCAL_NET --syn -j SOCKSIFY

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6cdLAZ+Vq4hPgARAjDTAKCRkUEB5+nz54xId38XWi2RXKckeQCffJ8i
qKTGU+Fk/w56t+UwiGFd1CQ=
=tq8N
-----END PGP SIGNATURE-----

Sunday, 18 November 2007

Potential Firefox Leak


Potential Firefox Leak (18 November 2007)
I have discovered a potential leak with any version of firefox (current version as of writing is 2.0.0.9).
The Problem:
Every time you switch tabs, firefox will automatically load the favicon.ico for web sites that did not have one the first time it tried retrieving it (if it's not there the first time, why would it be there later?). If you have multiple tabs open -- some initially loaded with tor enabled (torbutton) and some loaded with tor disabled -- every time you alt+tab or click on a different tab with Tor disabled, firefox is automatically (and without your knowledge) connecting to each site that did NOT have an icon on its initial load. This means that you are revealing your IP address to anyone when you have tor disabled, even when you don't reload any tabs or visit any web sites. Additionally, if you do the inverse (tor enabled with a few non-tor tabs open) you will be revealing that you use tor to any web sites you normally have tor off for.

This problem is not a bug in torbutton, but a bug in firefox that was probably there at one point as a "feature," but is effectively useless.

Workaround:
Close all tabs before toggling torbutton!

Mozilla developers: You can remove that stupid and pointless repeated favicon.ico loading. If it wasn't there 30 seconds ago, why the hell would it be there now? Load it only when the web site is initially loaded and when the tab is refreshed.

- --Matt

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD4DBQFHZ6cSLAZ+Vq4hPgARAoRRAKDc9YKJntY2doXyAoMM3O1nmLIpBACVFxXf
OHgxnM3ja9bGS1R0RD5bGg==
=9L31
-----END PGP SIGNATURE-----

Sunday, 16 September 2007

Mixminion 0.0.8alpha3 releases

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Today version 0.0.8alpha3 of the Mixminion type III remailer was released.

A few bugs that could crash your server where fixed.

- From the announcement:


NEW IN VERSION 0.0.8alpha3:
   - Create .mixminion directory even when we try to lock before accessing
     it: This prevents "update-servers" from crashing when run without
     a .mixminion directory.
   - Don't die when gzip compression on a downloaded directory is corrupt.
   - Don't die when an incoming connection closes before we can get its
     address.
   - Do not believe any path specifier that results in an impossibly short
     path.
   - Bump preferred openssl version to 0.9.8e.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6bnLAZ+Vq4hPgARAmmvAKC8XCDGrA3NJGLqCYr4YDew/4DDgQCfalj1
HqloLpkcNSzcXG/3+xXRzd4=
=crc2
-----END PGP SIGNATURE-----

Thursday, 19 July 2007

new Frost-Release

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A new release of Frost, the anonymous message-board and file-sharing via the Freenet-Project has been released today.

The website states "This release introduces new features and many fixes. You really should update."...so you should do so. ;)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6bbLAZ+Vq4hPgARAs54AJ0Z/6imTJ2zlXKm/77QpHeFWC5glACfe6Pp
/L5+nsKJ+u1kDzeim5W5c5g=
=oMDZ
-----END PGP SIGNATURE-----

Wednesday, 13 June 2007

Hawala - anonymous money transmission

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

We/I would like to draw your attention to the following articles
as they address the often discussed topic of anonymous money-transmission.

Advantages:
usually anonymous
better exchange-rates
lower fees
sometimes faster
sometimes more reliable
(compared to traditional banks)

Names to look for:
Hawala

Synonym:
Hundi
havala

Alternatives:
Asia: chop
Asia: chit
Asia: flying money
Kolumbia: The columbian system

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6bPLAZ+Vq4hPgARAnDwAKCu4n2uHn7IrX4yRAcp6Ne69OdZ1QCfTY52
Od1eGUAeXoEpL9exuGBq3I0=
=lO0P
-----END PGP SIGNATURE-----

Monday, 11 June 2007

eyeOS

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A few days ago we found a very nice service allowing us to use
desktop-like application in a browser anonymously.
It works a bit faster then google and you don't have to have
a google-account with cookies and everything.

You can use it on your own php-webspace if you find
one of the many small free-hosters or use the hosted
eyeOS on the developers page.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6atLAZ+Vq4hPgARAquMAKCdj2/Q2EyTbLB4hxo9jG2jVhfEvQCg3ru5
aHkd90igEl6OolhGjDdEvCI=
=KMyq
-----END PGP SIGNATURE-----

trying for php+mysql-hosting

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

To see if we/I can offer anonymous php- and database-backed services
I/we are currently trying to register at 110mb.com .
Registration is only open at random times to limit the number of registrations.
Same with uttx.net.
Thus we will have to wait....

..stay tuned.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6acLAZ+Vq4hPgARAgt4AJ9VG7FVO3cGFxFkLSIUVljnqTaB6QCfRays
6ubZA7hsFGNid8t4uhFaFGY=
=n26D
-----END PGP SIGNATURE-----

Friday, 1 June 2007

german election-computers unsafe

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The Chaos Computer Club germany just published a paper (in german) about how the german version of the nedap election-computer could be hacked, how ineffective the security of the elections was and that the last elections can very well be completely manipulated and we have no way to know.

Sorry, german only.

the full report (local copy)

the report (on the ccc-site)

Here are the final words of the report:

11. Fazit
Die Analyse der NEDAP-Wahlcomputer hat zu einer Widerlegung der Behauptungen des Herstellers, des BMI und der PTB über die Sicherheit des Systems geführt. Im Rahmen der Untersuchungen wurden mehrere sehr unterschiedliche Angriffsklasse
n gefunden und implementiert, die jede für sich genommen schon zur Rücknahme der Bauartzulassung hätte führen müssen.

Die Untersuchung hat gezeigt, daß: · die Software der Wahlcomputer problemlos manipulierbar ist, · Manipulationen an
der Hardware einfach möglich sind,

· die Programmier- und Auswertesoftware in einfacher Weise angreifbar ist,

· die Zulassungs- und Prüfverfahren ungeeignet sind, Manipulationen aufzudecken,

· die Annahmen des BMI und der PTB über mögliche Wahlfälscher unrealistisch sind,

· die aus diesen Annahmen resultierenden Anforderungen und Maßnahmen (,,geschützte Umgebungen") unwirksam sind,

· Versiegelungen und Plomben keinen wirksamen Schutz bieten,

· dem Wähler eine effektive Kontrolle und Verifikation der Wahl nicht mehr möglich ist,

· neue Risiken und Angriffsmethoden fortlaufend entstehen,

· im internationalen Vergleich eher die Abschaffung als die Einführung von Wahlcomputern als sinnvoll erachtet wird und

· eine Manipulation der Wahlcomputer zur Bundestagswahl 2005 nicht mit Sicherheit ausgeschlossen werden kann.

Die Untersuchung zeigt exemplarisch die prinzipiellen Schwierigkeiten bei der Verwendung von Wahlcomputern, unabhängi
g von der Bauart. Keines der Probleme ist auf technischem Wege mit ausreichender Zuverlässigkeit lösbar, da mehr technische Sicherheitsmaßnahmen zwangsläufig zu komplexeren Systemen führen, die von noch weniger Menschen verifiziert wer
den können. Wenn der geringe Nutzen und die erheblichen Risiken objektiv gegenübergestellt werden, erscheint es sinnvoll, von der Nutzung von Wahlcomputern zukünftig abzusehen und beim nachvollziehbaren und bewährten Wahlverfahren mit
Papier und Stift zu bleiben.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6aRLAZ+Vq4hPgARAk6FAKCt3dYxH67hkOa4evlR8rRwoc62OgCfar+M
zO9OFXwhxD/ZLolFr0dB5oY=
=pZpZ
-----END PGP SIGNATURE-----

Sunday, 27 May 2007

keeping a second browser

while your everyday-firefox is running execute "firefox -ProfileManager"
create a new profile "anonymous" in another directory
Create yourself a link "firefox -P anonymous" to start your anon-firefox in parallel to your normal firefox
configure it for privoxy, cookie-deletion, not remembering everything,...

Here are a few notes on what we found out...

* google-calendar does not work with mozilla or konqueror, only firefox and co.
* google-analytics does not work with mozilla or konqueror, only firefox and co.
* google-spreadsheets does not work with mozilla
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6aJLAZ+Vq4hPgARAmaRAJ0XsDUaJGB0F0QukIO7gIeXdjcFTQCfY/+A
VnAWG3J5iKsXK7D9e6/E+gQ=
=0aYN
-----END PGP SIGNATURE-----

Adding a calendar

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Next we want to add a calendar, showing the major privacy-related
events of the year in the homepage we created.

status: We ARE having some trouble doing this with either mozilla or konqueror (no firefox yet).
status We got it to run by using Firefox with TOR and Privoxy. You can access it here.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6Z4LAZ+Vq4hPgARAmO4AJ9inRPWyjSnMAQ2snbJG3d+79FLUACfeMgQ
mUw7OjfIHXof3/R0Nt6Gu+w=
=rqJh
-----END PGP SIGNATURE-----

Google Analytics

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So, as we want to know just how many
people are really reading this and what they
are reading we are trying to add google-analytics.

status: we could add the code to the google-pages-site but have trouble with the analytics-page and with the blogger-template-editing while using privoxy+tor.
We will keep you posted.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6ZOLAZ+Vq4hPgARAjyUAJ4mmu1wQI4JyA4GQsxlcPBka9q/KACfQzw8
8JOsfYHCXd8M+5q0yI8yvXk=
=dprn
-----END PGP SIGNATURE-----

Our own domain-names

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So... what did we do?
Since most public services on the net require an email-address,
we started with creating a gmail-account.
Thus we also have this blog and a site on pages.google.de .

As a next step we are trying to register the domains:
anonymity-blog.tk and

anonymity.tk/.
This way we want to get rid of the ".pages.google.com" and ".blogger.com"
in the URLs for our first 2 sites at the expense of a bit of advertisement.

status: The confirmation-emails have not arrived yet. Maybe gmail is blocked there or it simply takes a while. We will come back to this later.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6ZILAZ+Vq4hPgARArY5AJ9VihN2G+IHwLjP5ISWt28aw3dNlwCcCb84
TsqE+/nyFU+tQ3StR2tMCZ0=
=5Zpv
-----END PGP SIGNATURE-----

Wednesday, 28 March 2007

interesting lectures from the 22nd CCCongress

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Finally the final recordings of the 22nd CCCongress are online.
Some of the lectures should be very interesting for the anonmous-crowd.

english

Know Your Citizens
State Authorities' Access to Sensitive Information
Privacy, Identity, and Anonymity in Web 2.0
Transparency and Privacy
The 7 Laws of Identity and the Identity Metasystem
A Probabilistic Trust Model for GnuPG
Data Retention Update
News and Perspectives on Implementation and Opposition
Tor and China
Design of a blocking-resistant anonymity system
Mobile phone call encryption
Encrypting (GSM) mobile phone calls over VPN with an Asterisk PBX
An Introduction to Traffic Analysis
Attacks, Defences and Public Policy Issues...

german

4+2+1 Jahre BigBrotherAwards Deutschland
Warum wir uns so gerne überwachen lassen…
Erhellendes aus Philosophie und Soziologie zur Klärung des Phänomens steigender Kontrolle und Überwachung
Elektronische Reisedokumente
Neue Entwicklungen beim ePass
Überwachungsdruck - einige Experimente
Wie wirkt Überwachung?

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6Y4LAZ+Vq4hPgARAoyhAJ4iIzUfPm6+6NrY3bGW7+xqqKD9zQCeN4H1
5swp+gA6FCqBPACglCdEQ8U=
=Lp8V
-----END PGP SIGNATURE-----

Monday, 12 March 2007

summer of code: 6 students to work on freenet-project

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In the Google Summer of Code 6 students are to be working on Freenet-Project.

Swati Goyal will be working on improving searching in Freenet.

Frédéric Rechtenstein will be building us a blogging plugin.

Alberto Bacchelli will be building a test framework and many unit tests.

Vilhelm Verendel will be working on simulating the growth of the network.

Srivatsan will be working on improving Freenet's connection encryption and possibly on darknet introductions.

Mladen Kolar will be building a definitive C/C++ library for the Freenet Client Protocol.

See: The Freenet-Project
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6YuLAZ+Vq4hPgARAjPBAKCLv7Pu/uovLQRNqA0F1pNLrN51vQCguLNc
qtyys0j+c+NTduH2cuKeF4A=
=Gf48
-----END PGP SIGNATURE-----