Friday, 1 June 2007

german election-computers unsafe

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The Chaos Computer Club germany just published a paper (in german) about how the german version of the nedap election-computer could be hacked, how ineffective the security of the elections was and that the last elections can very well be completely manipulated and we have no way to know.

Sorry, german only.




Here are the final words of the report:

11. Fazit
Die Analyse der NEDAP-Wahlcomputer hat zu einer Widerlegung der Behauptungen des Herstellers, des BMI und der PTB über die Sicherheit des Systems geführt. Im Rahmen der Untersuchungen wurden mehrere sehr unterschiedliche Angriffsklasse
n gefunden und implementiert, die jede für sich genommen schon zur Rücknahme der Bauartzulassung hätte führen müssen.


  • Die Untersuchung hat gezeigt, daß: · die Software der Wahlcomputer problemlos manipulierbar ist, · Manipulationen an
    der Hardware einfach möglich sind,

  • · die Programmier- und Auswertesoftware in einfacher Weise angreifbar ist,

  • · die Zulassungs- und Prüfverfahren ungeeignet sind, Manipulationen aufzudecken,

  • · die Annahmen des BMI und der PTB über mögliche Wahlfälscher unrealistisch sind,

  • · die aus diesen Annahmen resultierenden Anforderungen und Maßnahmen (,,geschützte Umgebungen") unwirksam sind,

  • · Versiegelungen und Plomben keinen wirksamen Schutz bieten,

  • · dem Wähler eine effektive Kontrolle und Verifikation der Wahl nicht mehr möglich ist,

  • · neue Risiken und Angriffsmethoden fortlaufend entstehen,

  • · im internationalen Vergleich eher die Abschaffung als die Einführung von Wahlcomputern als sinnvoll erachtet wird und

  • · eine Manipulation der Wahlcomputer zur Bundestagswahl 2005 nicht mit Sicherheit ausgeschlossen werden kann.



Die Untersuchung zeigt exemplarisch die prinzipiellen Schwierigkeiten bei der Verwendung von Wahlcomputern, unabhängi
g von der Bauart. Keines der Probleme ist auf technischem Wege mit ausreichender Zuverlässigkeit lösbar, da mehr technische Sicherheitsmaßnahmen zwangsläufig zu komplexeren Systemen führen, die von noch weniger Menschen verifiziert wer
den können. Wenn der geringe Nutzen und die erheblichen Risiken objektiv gegenübergestellt werden, erscheint es sinnvoll, von der Nutzung von Wahlcomputern zukünftig abzusehen und beim nachvollziehbaren und bewährten Wahlverfahren mit
Papier und Stift zu bleiben.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6aRLAZ+Vq4hPgARAk6FAKCt3dYxH67hkOa4evlR8rRwoc62OgCfar+M
zO9OFXwhxD/ZLolFr0dB5oY=
=pZpZ
-----END PGP SIGNATURE-----
Posted by at No comments:
Labels:

Sunday, 27 May 2007

keeping a second browser

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Keeping a second browser that does not contain all the cookies and settings that
your everyday-browser has but the proxy-settings for privoxy/tor that you don't want
in your normal browser is a good idea.
The problems begin when you realize that you cannot simply open another firefox-window
with a different profile.

This is what you should do for firefox:
  • while your everyday-firefox is running execute "firefox -ProfileManager"
  • create a new profile "anonymous" in another directory
  • Create yourself a link "firefox -P anonymous" to start your anon-firefox in parallel to your normal firefox
  • configure it for privoxy, cookie-deletion, not remembering everything,...

Here are a few notes on what we found out...

* google-calendar does not work with mozilla or konqueror, only firefox and co.
* google-analytics does not work with mozilla or konqueror, only firefox and co.
* google-spreadsheets does not work with mozilla
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6aJLAZ+Vq4hPgARAmaRAJ0XsDUaJGB0F0QukIO7gIeXdjcFTQCfY/+A
VnAWG3J5iKsXK7D9e6/E+gQ=
=0aYN
-----END PGP SIGNATURE-----
Posted by at No comments:
Labels:

Adding a calendar

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Next we want to add a calendar, showing the major privacy-related
events of the year in the homepage we created.

status: We ARE having some trouble doing this with either mozilla or konqueror (no firefox yet).
status We got it to run by using Firefox with TOR and Privoxy. You can access it here.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6Z4LAZ+Vq4hPgARAmO4AJ9inRPWyjSnMAQ2snbJG3d+79FLUACfeMgQ
mUw7OjfIHXof3/R0Nt6Gu+w=
=rqJh
-----END PGP SIGNATURE-----
Posted by at No comments:
Labels:

Google Analytics

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So, as we want to know just how many
people are really reading this and what they
are reading we are trying to add google-analytics.

status: we could add the code to the google-pages-site but have trouble with the analytics-page and with the blogger-template-editing while using privoxy+tor.
We will keep you posted.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6ZOLAZ+Vq4hPgARAjyUAJ4mmu1wQI4JyA4GQsxlcPBka9q/KACfQzw8
8JOsfYHCXd8M+5q0yI8yvXk=
=dprn
-----END PGP SIGNATURE-----
Posted by at No comments:
Labels:

Our own domain-names

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So... what did we do?
Since most public services on the net require an email-address,
we started with creating a gmail-account.
Thus we also have this blog and a site on pages.google.de .

As a next step we are trying to register the domains:
anonymity-blog.tk and

anonymity.tk/.
This way we want to get rid of the ".pages.google.com" and ".blogger.com"
in the URLs for our first 2 sites at the expense of a bit of advertisement.

status: The confirmation-emails have not arrived yet. Maybe gmail is blocked there or it simply takes a while. We will come back to this later.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6ZILAZ+Vq4hPgARArY5AJ9VihN2G+IHwLjP5ISWt28aw3dNlwCcCb84
TsqE+/nyFU+tQ3StR2tMCZ0=
=5Zpv
-----END PGP SIGNATURE-----
Posted by at No comments:
Labels:

Wednesday, 28 March 2007

interesting lectures from the 22nd CCCongress

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Finally the final recordings of the 22nd CCCongress are online.
Some of the lectures should be very interesting for the anonmous-crowd.


english

german


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6Y4LAZ+Vq4hPgARAoyhAJ4iIzUfPm6+6NrY3bGW7+xqqKD9zQCeN4H1
5swp+gA6FCqBPACglCdEQ8U=
=Lp8V
-----END PGP SIGNATURE-----
Posted by at No comments:
Labels:

Monday, 12 March 2007

summer of code: 6 students to work on freenet-project

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In the Google Summer of Code 6 students are to be working on Freenet-Project.

Swati Goyal will be working on improving searching in Freenet.

Frédéric Rechtenstein will be building us a blogging plugin.

Alberto Bacchelli will be building a test framework and many unit tests.

Vilhelm Verendel will be working on simulating the growth of the network.

Srivatsan will be working on improving Freenet's connection encryption and possibly on darknet introductions.

Mladen Kolar will be building a definitive C/C++ library for the Freenet Client Protocol.


See: The Freenet-Project
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHZ6YuLAZ+Vq4hPgARAjPBAKCLv7Pu/uovLQRNqA0F1pNLrN51vQCguLNc
qtyys0j+c+NTduH2cuKeF4A=
=Gf48
-----END PGP SIGNATURE-----
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)