Kelsenellenelvian Posted April 3, 2014 Share Posted April 3, 2014 (edited) Not quite the original scope of this thread but this really caught my eye especially with all the NSA crap going on: Edited April 3, 2014 by Kelsenellenelvian Link to comment Share on other sites More sharing options...
jaclaz Posted April 3, 2014 Share Posted April 3, 2014 On other news, besides the re-known Dual Elliptic Curve issue, it seems like http://www.reuters.com/article/2014/03/31/us-usa-security-nsa-rsa-idUSBREA2U0TY20140331the "Extended Random" extension to it is an added insecurity. http://dualec.org/jaclaz Link to comment Share on other sites More sharing options...
Tripredacus Posted April 3, 2014 Share Posted April 3, 2014 It appears that at least half start menu is returning. Now I would like to know following things: it is possible disable titles in start menu and it is possible to set locations ( computer, control panel etc.) to side of start menu? I was wondering the same thing. For me, it isn't a deal breaker. What is, however, is the fact the entire Start Menu was removed. So my entire life of using an OS would have suddenly been interrupted by trying to go to the wrong place to launch my programs. I, fortunately, did not update to Windows 8... however those who have I've heard multiple times people being angry of accidently opening IE. Link to comment Share on other sites More sharing options...
bpalone Posted April 3, 2014 Share Posted April 3, 2014 Remember that I mentioned defection from Windows by Governments? Well here is one or should I say two from England. Barking and Dagenham switches from Windows XP to Google Chromebooks, saves around £400,000Though, it doesn't mention security as reason, it does make a point on the high cost of Microsoft product usage. It also appears that we, as a whole, are making a retreat to the old ways and days of doing things.One key difference from the previous Windows XP setup at the council is that the Chrome devices will require a constant wireless connection for staff to be able to use them due to the Citrix remote desktop system in place. However, Lucock said Barking and Dagenham has invested in its wireless infrastructure to support this, and also wants its staff to take the opportunity to work remotely using home broadband or other connectivity.The article is an interesting read and can be read here: http://www.v3.co.uk/v3-uk/news/2337542/barking-and-dagenham-switches-from-windows-xp-to-google-chromebooks-saves-around-gbp400-000May make for some entertaining reading as they work through this. Oh my, we can't check your bill status as our wireless connection has been hacked and it is now directing us to the xxxx.xxx p0rn site.bpalone Link to comment Share on other sites More sharing options...
jaclaz Posted April 3, 2014 Share Posted April 3, 2014 Oh my, we can't check your bill status as our wireless connection has been hacked and it is now directing us to the xxxx.xxx p0rn site.... and we like it .jaclaz Link to comment Share on other sites More sharing options...
JorgeA Posted April 3, 2014 Author Share Posted April 3, 2014 A Windows bigwig expands on Microsoft's decision to take out, and then put back, the Start Button:Microsoft's Chaitanya Sareen gets candid on the evolution of Windows 8[...] with Windows 8, Microsoft made a series of radical changes. Perhaps the biggest? In Windows 8, the desktop isn't really a desktop at all. "We thought of the desktop as an app," says Sareen. "What if there was a tile that said 'Desktop' and your machine was actually designed to work well with it, you would really get the best of both worlds. That really was the vision." This vision goes a long way toward explaining why the Win 8 desktop can feel so disjointed compared to the rest of the OS: it simply wasn't intended to be a key part of the experience for most users. Unfortunately, nobody told them. [...][emphasis added]--JorgeA Link to comment Share on other sites More sharing options...
JorgeA Posted April 3, 2014 Author Share Posted April 3, 2014 Not quite the original scope of this thread but this really caught my eye especially with all the NSA crap going on: Cute video with the board-game theme. It did provide some insight into the process for me, thanks.But the narrator could have added: "And if investigators want everything about everyone who might ever become a suspect, they'll just bypass all of these procedures and ask the NSA for it."--JorgeA Link to comment Share on other sites More sharing options...
jaclaz Posted April 3, 2014 Share Posted April 3, 2014 (edited) "What if there was a tile that said 'Desktop' and your machine was actually designed to work well with it, you would really get the best of both worlds.In Italian (Tuscany) there is a (not particularly polite ) saying used in these cases that goes like:[italian]... e se il mi nonno aveva tre palle era un flipper[/italian]that would be roughly in English:... and if my grandpa had three balls he was a pinballjaclaz Edited April 3, 2014 by jaclaz Link to comment Share on other sites More sharing options...
CharlotteTheHarlot Posted April 3, 2014 Share Posted April 3, 2014 On other news, besides the re-known Dual Elliptic Curve issue, it seems like http://www.reuters.com/article/2014/03/31/us-usa-security-nsa-rsa-idUSBREA2U0TY20140331the "Extended Random" extension to it is an added insecurity. http://dualec.org/Important find, and detailed article. Let's put the title on the record here ...Exclusive: NSA infiltrated RSA security more deeply than thought - study ( Reuters 2014-03-31 )And someone involved with Firefox won't like this ...In a Pentagon-funded paper in 2008, the Extended Random protocol was touted as a way to boost the randomness of the numbers generated by the Dual Elliptic Curve.[...]The NSA played a significant role in the origins of Extended Random. The authors of the 2008 paper on the protocol were Margaret Salter, technical director of the NSA's defensive Information Assurance Directorate, and an outside expert named Eric Rescorla.Rescorla, who has advocated greater encryption of all Web traffic, works for Mozilla, maker of the Firefox web browser. He and Mozilla declined to comment. Salter did not respond to requests for comment.I'll bet Rescorla is not a big fan of Snowden or Bruce Schneier or any other of the critics. I have my own theory often stated here that these types of government sponsored backdoors were intended for general consumption, to be picked up by many or most software developers. However it would be beyond stupid for us to now believe this is the only egg in their basket. I am starting to wonder if these are part of an elaborate plan to be the mostly visible portion, their thinking being 'hey, if we get this in, then great, but let's work real hard on the deep stuff'. So these are expendable things, they can be written off and discarded.So why would they really want backdoors in Windows ( and all software, but in this specific case Windows ) in the first place? The answer to that means we must first dodge all the strawmen distractions of spying on users. They already had that ability as the CALEA stuff showed long before 9/11, and even before that they have routinely used the courts and sympathetic judges and grand juries to revoke those pesky Fourth and Fifth Amendments at will. And they always have the local cops available to knock down doors and confiscate anything they want, they can even trump up popularly approved charges of drug running or child porn or whatever suits them.No, I believe this is really about getting access to NTFS encryption ( and other OS flavors ). This connection has yet to be made in all the security revelations. Wikipedia: NTFS encryption ...RecoveryFiles encrypted with EFS can only be decrypted by using the RSA private key(s) matching the previously used public key(s). The stored copy of the user's private key is ultimately protected by the user's logon password. Accessing encrypted files from outside Windows with other operating systems (Linux, for example) is not possible — not least of which because there is currently no third party EFS component driver. Further, using special tools to reset the user's login password will render it impossible to decrypt the user's private key and thus useless for gaining access to the user's encrypted files. The significance of this is occasionally lost on users, resulting in data loss if a user forgets his or her password, or fails to back up the encryption key. This led to coining of the term "delayed recycle bin", to describe the seeming inevitability of data loss if an inexperienced user encrypts his or her files.I do not believe that statement any longer: "Accessing encrypted files from outside Windows with other operating systems (Linux, for example) is not possible",. I believe that it has all been about this very thing since the beginning. The timeline suggests to me that in the 1990's they got most of what they wanted as mentioned above, but probably hit the roadblock of encrypted private computers taken from suspects and terrorists ( in fact one of the 9/11 almost hijackers had an encrypted disk IIRC ). I think it all will become clear if we ever find out the post-9/11 post-WinXP to Vista+ transition story. PRISM falls right into this calendar, as well as ballooning defense and black budgets, numerous legislation, and exposed black-bag jobs.The absence of speculation about this is starting to look suspicious IMHO. Sure, the RSA guys are catching some flak, and some little amount of criticism has been directed at Microsoft and others, but still not enough to overcome the chorus of enablers out there. I'm looking forward to this specific area being exposed. Of course there will be nothing to celebrate aside from the fact that journalists and sycophants are proved wrong again and are so easily misled and distracted. It will mean ( and already does IMHO ) that there is absolutely no privacy or security to be found anywhere. It will mean that Orwell was thinking small and his fictitious Little Brother can't hold a candle to our very real Big Brother. Link to comment Share on other sites More sharing options...
jaclaz Posted April 4, 2014 Share Posted April 4, 2014 @CharlotteI believe you are reading this:Accessing encrypted files from outside Windows with other operating systems (Linux, for example) is not possible — not least of which because there is currently no third party EFS component driver. the "wrong" way (actually it is written the "wrong" way).IMHO it should have been:Since no EFS drivers or decrypting components have been developed or published (at the moment of this writing) for other operating systems (Linux for example) it is not possible to access encrypted files from outside Windows.Layman example:Changing the battery of an iPhone outside an authorized Apple store (like in your basement) is not possible -- not least of which because there are currently no third party spare part batteries available.Of course as soon as the third party thingy became avaialable everyone was able to change the battery at home.BTW the cited sentence is also not technically accurate, as there is not really need of a "component driver", a tool can be alright a parser for a filesystem or filesystem image, without having (and not being) any "component driver".jaclaz Link to comment Share on other sites More sharing options...
JorgeA Posted April 4, 2014 Author Share Posted April 4, 2014 @Charlotte:Uh-oh, check out this graphic and hover over the "SOMBERKNAVE" balloon in the lower right for the description of that program:Software for remote control of Windows XPI'll look into this further when I get the chance to. Maybe someone else will do it before me.--JorgeA Link to comment Share on other sites More sharing options...
bphlpt Posted April 4, 2014 Share Posted April 4, 2014 https://www.schneier.com/blog/archives/2014/02/somberknave_nsa.htmlhttp://leaksource.files.wordpress.com/2013/12/nsa-ant-somberknave.jpgSOMBERKNAVE(TS//SI//REL) SOMBERKNAVE is Windows XP wireless software implant that provides covert internet connectivity for isolated targets.(TS//SI//REL) SOMBEKNAVE is a software implant that surreptitiously routes TCP traffic from a designated process to a secondary network via an unused embedded 802.11 network device. If an Internet-connected wireless Access Point is present, SOMBERKNAVE can be used to allow OLYMPUS or VALIDATOR to "call home" via 802.11 from an air-gapped target computer. If the 802.11 interface is in use by the target, SOMBERKNAVE will not attempt to transmit.(TS//SI//REL) Operationally, VALIDATOR initiates a call home. SOMBERKNAVE triggers from the named event and tries to associate with an access point. If connection is successful, data is sent over 802.11 to the ROC. VALIDATOR receives instructions, downloads OLYMPUS, then disassociates and gives up control of the 802.11 hardware. OLYMPUS will then be able to communicate with the ROC via SOMBERKNAVE, as long as there is an available access point.Status: Available -- Fall 2008Unit Cost: $50K\So doesn't appear to be anything new.Cheers and Regards Link to comment Share on other sites More sharing options...
ricktendo Posted April 4, 2014 Share Posted April 4, 2014 (edited) Xbox password flaw exposed by five-year-old boyThis kid is going to make a great hacker some day Edited April 4, 2014 by ricktendo Link to comment Share on other sites More sharing options...
jaclaz Posted April 5, 2014 Share Posted April 5, 2014 Xbox password flaw exposed by five-year-old boyThis kid is going to make a great hacker some day Well, with all due respect for the nice kid : it has to be said how the flaw:The boy worked out that entering the wrong password into the log-in screen would bring up a second password verification screen.Kristoffer discovered that if he simply pressed the space bar to fill up the password field, the system would let him in to his dad's account.is actually a flaw that even a 5 year old boy could find.I mean, what do the good guys at MS that designed that login mechanism have inside their skulls? Popcorn, polystyrene foam or just vacuum? jaclaz Link to comment Share on other sites More sharing options...
JorgeA Posted April 5, 2014 Author Share Posted April 5, 2014 https://www.schneier.com/blog/archives/2014/02/somberknave_nsa.htmlhttp://leaksource.files.wordpress.com/2013/12/nsa-ant-somberknave.jpgSOMBERKNAVE(TS//SI//REL) SOMBERKNAVE is Windows XP wireless software implant that provides covert internet connectivity for isolated targets.(TS//SI//REL) SOMBEKNAVE is a software implant that surreptitiously routes TCP traffic from a designated process to a secondary network via an unused embedded 802.11 network device. If an Internet-connected wireless Access Point is present, SOMBERKNAVE can be used to allow OLYMPUS or VALIDATOR to "call home" via 802.11 from an air-gapped target computer. If the 802.11 interface is in use by the target, SOMBERKNAVE will not attempt to transmit.(TS//SI//REL) Operationally, VALIDATOR initiates a call home. SOMBERKNAVE triggers from the named event and tries to associate with an access point. If connection is successful, data is sent over 802.11 to the ROC. VALIDATOR receives instructions, downloads OLYMPUS, then disassociates and gives up control of the 802.11 hardware. OLYMPUS will then be able to communicate with the ROC via SOMBERKNAVE, as long as there is an available access point.Status: Available -- Fall 2008Unit Cost: $50K\So doesn't appear to be anything new.Cheers and RegardsThanks for looking it up, bphlpt.It's not new, but it was news to me. When I first read the description on the Business Week page, the fear was that they'd devised something special to perform breaking-and-entering into XP systems en masse (thus casting doubt on the idea that XP was "more" secure from NSA snooping than Vista or 7 which may have backdoors built into them), but this SOMBERKNAVE sounds like a pinpoint-type approach to get into specific targets.--JorgeA Link to comment Share on other sites More sharing options...
Recommended Posts