-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
As reported by Bruce Schneier (A very well known cryptoanalyst),
Microsoft has added the Dual_ElipticCurve- PseudoRandomNumberGenerator to Windows Vista.
Exactly this PRNG has is suspected to have a backdoor added to it,
The Overview of Windows Vista Service Pack 1 states: "The Dual Elliptical Curve (Dual EC) PRNG from SP 800-90 is also available for customers who prefer to use it."
- - From Did NSA Put a Secret Backdoor in New Encryption Standard? By Bruce Schneier, Wired News, November 15, 2007:
In an informal presentation (.pdf) at the CRYPTO 2007 conference in August, Dan Shumow and Niels Ferguson showed that the algorithm contains a weakness that can only be described a backdoor.
This is how it works: There are a bunch of constants -- fixed numbers -- in the standard used to define the algorithm's elliptic curve. These constants are listed in Appendix A of the NIST publication, but nowhere is it explained where they came from.
What Shumow and Ferguson showed is that these numbers have a relationship with a second, secret set of numbers that can act as a kind of skeleton key. If you know the secret numbers, you can predict the output of the random-number generator after collecting just 32 bytes of its output. To put that in real terms, you only need to monitor one TLS internet encryption connection in order to crack the security of that protocol. If you know the secret numbers, you can completely break any instantiation of Dual_EC_DRBG.
The researchers don't know what the secret numbers are. But because of the way the algorithm works, the person who produced the constants might know; he had the mathematical opportunity to produce the constants and the secret numbers in tandem.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org
iD8DBQFHiyK4LAZ+Vq4hPgARAiEmAKDT3SXjRrImTxUYwheeOJl+shzsOgCeJf7j
O/5jZwEnPpMxOu7jVQ3maHo=
=DF2y
-----END PGP SIGNATURE-----
Tuesday, 18 December 2007
Combine webmail and GPG using the FireGPG-Extension for Firefox
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
So, you are using TOR to access a gmail- or other webmail-account?
You can use gpg just fine for any email-program but....with webmail there is no such email.
Enter FireGPG.
With this extension you get a context-menu where you can sign, encrypt, decrypt and verify any text you select.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org
iD8DBQFHZ6XhLAZ+Vq4hPgARApUcAKDLT8APB29NyIgK0h+vavL8faNqaACgo7H2
XJvMEAQCwnnRidzuaDZOwRk=
=LxcJ
-----END PGP SIGNATURE-----
Hash: SHA1
So, you are using TOR to access a gmail- or other webmail-account?
You can use gpg just fine for any email-program but....with webmail there is no such email.
Enter FireGPG.
With this extension you get a context-menu where you can sign, encrypt, decrypt and verify any text you select.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org
iD8DBQFHZ6XhLAZ+Vq4hPgARApUcAKDLT8APB29NyIgK0h+vavL8faNqaACgo7H2
XJvMEAQCwnnRidzuaDZOwRk=
=LxcJ
-----END PGP SIGNATURE-----
Monday, 17 December 2007
Tor and privoxy had been ported to iphone
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
from cjacker huang on or-dev:
I just ported libevent, tor-0.1.2.18 and privoxy to iphone 1.1.1 fw.
and finished a iPhone app named iTor.app.
...
It works pretty good on iphone. also I tested it with privoxy on PC
and tor on iphone.
for more infomation and source.
http://www.linux-ren.org/modules/everestblog/?p=161
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org
iD8DBQFHZ6e5LAZ+Vq4hPgARAroOAKC+wNkt1w4d7d2ZFFbo74t+Ao7n/QCfWt4J
PFJftkVmwY5w9N9MeFfbGsM=
=Ocq5
-----END PGP SIGNATURE-----
Hash: SHA1
from cjacker huang on or-dev:
I just ported libevent, tor-0.1.2.18 and privoxy to iphone 1.1.1 fw.
and finished a iPhone app named iTor.app.
...
It works pretty good on iphone. also I tested it with privoxy on PC
and tor on iphone.
for more infomation and source.
http://www.linux-ren.org/modules/everestblog/?p=161
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org
iD8DBQFHZ6e5LAZ+Vq4hPgARAroOAKC+wNkt1w4d7d2ZFFbo74t+Ao7n/QCfWt4J
PFJftkVmwY5w9N9MeFfbGsM=
=Ocq5
-----END PGP SIGNATURE-----
Saturday, 15 December 2007
european data-retention - what does it mean to you, Mr. Operator?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
(links given by an austrian informant.)
All over europe people offering anonymity-services are forced to log within the next 13 month.
A german tor-operator now published in his blog under the title ""We are fucked individually!"" the commented, relevant parts of the laws as applicable to tor-operators.
On the german tor-talk mailing-list he gave the following numbers for estimated storage-space required for logging after doing real-world experimentation of that toppic.
Server Traffic: 2.000 KB/s average
logs for 1 week: 200 GByte
logs for 1 week after removing irrelevant content: 120 GByte
after compression and encryption: 20 GByte
sum for 26 weeks (6 month): 500 GByte average
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org
iD8DBQFHZ6eyLAZ+Vq4hPgARAtgsAKCk5tQF7EJakP82MlSqG+H0TY+VvwCeOSEE
/ryHIw2Oi5y+QVCabujYKNg=
=/HZL
-----END PGP SIGNATURE-----
Hash: SHA1
(links given by an austrian informant.)
All over europe people offering anonymity-services are forced to log within the next 13 month.
A german tor-operator now published in his blog under the title ""We are fucked individually!"" the commented, relevant parts of the laws as applicable to tor-operators.
On the german tor-talk mailing-list he gave the following numbers for estimated storage-space required for logging after doing real-world experimentation of that toppic.
Server Traffic: 2.000 KB/s average
logs for 1 week: 200 GByte
logs for 1 week after removing irrelevant content: 120 GByte
after compression and encryption: 20 GByte
sum for 26 weeks (6 month): 500 GByte average
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org
iD8DBQFHZ6eyLAZ+Vq4hPgARAtgsAKCk5tQF7EJakP82MlSqG+H0TY+VvwCeOSEE
/ryHIw2Oi5y+QVCabujYKNg=
=/HZL
-----END PGP SIGNATURE-----
Wednesday, 12 December 2007
Hundreds searched illegally at Gatwick
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
from: The Guardian
Louise Radnofsky and agencies
Wednesday December 12, 2007
Guardian Unlimited
Hundreds of passengers at Gatwick airport have been subjected to illegal police "stop and searches", the Home Office admitted in a written statement today.
Sussex police made a paperwork error when they applied for special permission to stop people without "reasonable grounds" that a crime is in progress, said the security minister, Tony McNulty.
The 259 people stopped and searched by Sussex police during three weeks in September will receive apologies, McNulty said, adding that Home Office officials were reviewing the paperwork connected with stop and search tactics under the Terrorism Act 2000 to check for more mistakes.
"No arrests occurred as a result of these stop and searches," he said.
"However, Sussex police will shortly be writing to all of the individuals concerned to apologise.
"All steps have now been taken to ensure ... that such regrettable and serious omissions do not occur again."
A similar mistake was found to have happened in 2003, he said.
A Sussex police spokesman said the force accepted full responsibility for the blunder.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org
iD8DBQFHZ6esLAZ+Vq4hPgARAvGWAJ0WIcYylTq+R/vcqIfPWhDOcLaEjwCfZTo7
POA7bFBHq32STco4Gh5EJys=
=5MAS
-----END PGP SIGNATURE-----
Hash: SHA1
from: The Guardian
Louise Radnofsky and agencies
Wednesday December 12, 2007
Guardian Unlimited
Hundreds of passengers at Gatwick airport have been subjected to illegal police "stop and searches", the Home Office admitted in a written statement today.
Sussex police made a paperwork error when they applied for special permission to stop people without "reasonable grounds" that a crime is in progress, said the security minister, Tony McNulty.
The 259 people stopped and searched by Sussex police during three weeks in September will receive apologies, McNulty said, adding that Home Office officials were reviewing the paperwork connected with stop and search tactics under the Terrorism Act 2000 to check for more mistakes.
"No arrests occurred as a result of these stop and searches," he said.
"However, Sussex police will shortly be writing to all of the individuals concerned to apologise.
"All steps have now been taken to ensure ... that such regrettable and serious omissions do not occur again."
A similar mistake was found to have happened in 2003, he said.
A Sussex police spokesman said the force accepted full responsibility for the blunder.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org
iD8DBQFHZ6esLAZ+Vq4hPgARAvGWAJ0WIcYylTq+R/vcqIfPWhDOcLaEjwCfZTo7
POA7bFBHq32STco4Gh5EJys=
=5MAS
-----END PGP SIGNATURE-----
Friday, 7 December 2007
German Privacy Foundation cares for tor-admins and politicians
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Our german informant has been quite busy lately. Here is a complete article from him:
As mentioned on heise news, the newly founded Privacy Foundation is to inform police-personell, courts, tor-admins and politicians alike about privacy-techniques like tor.
This step was found to be needed because of raids on tor-admins lately by uninformed policy that did not know or believe that there where no logs to be found by such a raid.
The foundation is also to help journalists not misrepresent tor and other services to the public.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org
iD8DBQFHZ6fGLAZ+Vq4hPgARAtG0AKDLSUlAgyEgcwe4V0Ljf137r66n4ACeMXXs
xxob1qHW886KT5ekXV7ds80=
=YMPy
-----END PGP SIGNATURE-----
Hash: SHA1
Our german informant has been quite busy lately. Here is a complete article from him:
As mentioned on heise news, the newly founded Privacy Foundation is to inform police-personell, courts, tor-admins and politicians alike about privacy-techniques like tor.
This step was found to be needed because of raids on tor-admins lately by uninformed policy that did not know or believe that there where no logs to be found by such a raid.
The foundation is also to help journalists not misrepresent tor and other services to the public.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org
iD8DBQFHZ6fGLAZ+Vq4hPgARAtG0AKDLSUlAgyEgcwe4V0Ljf137r66n4ACeMXXs
xxob1qHW886KT5ekXV7ds80=
=YMPy
-----END PGP SIGNATURE-----
Sunday, 2 December 2007
Freenode forced to block tor-clients temporarily
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
As stated in the staff blog freenode was forced to block tor-clients because a company named "B & C Advanced Solutions" was violating their policies by creating and publishing chat-logs covertly by bot connecting through the tor-network.
Freenode states that they where unable to identify the boty any other way.
Access via gpg-tor is supposed to be unaffected.
other blog-posts:
irseek: open letter to IRC-operators
techcrunch: Will IRSeeK Have A Chilling Effect on IRC Chat?
IrSeek-page on vorratsdatenspeicherung.de (in english) (provided by a german informant)
geekosphere.org (provided by a german informant)
laxu (provided by a german informant)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org
iD8DBQFHZ6enLAZ+Vq4hPgARArKBAKC2O28RffvTbRG+akMzFT3hld4EMwCfbyic
e5pQbFR6Bij5uvKZ7EOMmog=
=dfqP
-----END PGP SIGNATURE-----
Hash: SHA1
As stated in the staff blog freenode was forced to block tor-clients because a company named "B & C Advanced Solutions" was violating their policies by creating and publishing chat-logs covertly by bot connecting through the tor-network.
Freenode states that they where unable to identify the boty any other way.
Access via gpg-tor is supposed to be unaffected.
other blog-posts:
irseek: open letter to IRC-operators
techcrunch: Will IRSeeK Have A Chilling Effect on IRC Chat?
IrSeek-page on vorratsdatenspeicherung.de (in english) (provided by a german informant)
geekosphere.org (provided by a german informant)
laxu (provided by a german informant)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org
iD8DBQFHZ6enLAZ+Vq4hPgARArKBAKC2O28RffvTbRG+akMzFT3hld4EMwCfbyic
e5pQbFR6Bij5uvKZ7EOMmog=
=dfqP
-----END PGP SIGNATURE-----
Subscribe to:
Posts (Atom)