PRISM

Any topic that does not fit into the other categories.
Message
Author
User avatar
Midas
Posts: 4379
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

PRISM

#1 Post by Midas » Wed Jun 12, 2013 10:09 am

[Moderator note: this thread was split from "Why use a password manager?"]

---

More disquieting news:
Attachments
HOpe.jpg

TenaciousD
Posts: 48
Joined: Thu Nov 15, 2012 11:38 pm

Re: Why use a password manager?

#2 Post by TenaciousD » Thu Jun 13, 2013 12:02 am

@ Midas Regarding TEMPEST
(AFAIK )TEMPEST while a real threat is unlikely to be used by average hackers, they often require specialized hardware (and knowledge) that in some cases has to be custom made and often needs to be installed in close vicinity (within 30 meters or so) to the target (although there are some ranged surveillance methods I have heard of). So unless you're living next to a super Leet hacker or you ticked off the government, you are unlikely to be a victim of TEMPEST type attacks. But one major advantage with this type of surveillance is that unless you are looking for it, you may never know that your data is being gathered without your permission. Also most TEMPEST type attacks are 'read-only' ie you can monitor someones computer but cant actually modify it or hack it. I'm not sure if there are any methods that exist to be able to do so but who knows?

I am more worried about malware used by attackers and in some cases clandestine governments. They are small, can often get into your system through a variety of means and if the target is not properly protected the malware can stay on the target computer indefinately. Not only that they are getting increasingly sophisticated and able to even run on computers with AV and Anti-spyware installed without ever being detected. eg Zeus trojan and its relatives. Plus its possible to get a variety of malware for free on the Internet. But it may ultimately be the attackers choice as to what methods he/she chooses.

On a side note: Episode 12 of Season 1 of TV series Numb3rs has a great example of TEMPEST being used although its not called TEMPEST, its called something else.
Sources:
Me :)
TV
http://searchsecurity.techtarget.com/de ... rojan-Zbot

Now I must leave now, I think someone from the Pentagon is following me. 8)

User avatar
Midas
Posts: 4379
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: Why use a password manager?

#3 Post by Midas » Thu Jun 13, 2013 1:29 am

Bearing in mind that the only truly safe system is a completely physically (in the scientific sense) isolated one, my approach to computer safety is somewhat minimal but heavily layered.

I avow that I worry more about G-Men and their agencies antics then about crackers, who are chiefly after financial assets, a category they would find me seriously lacking; but I had never heard about that Zeus toolkit, though, it sounds really menacing.

OTOH, I do believe that most of the talk in the field is meant to fuel the computer security industry...

In the wake of that prismatic menace, a quick pointer for phones of the Android persuasion: http://whispersystems.org/

TenaciousD
Posts: 48
Joined: Thu Nov 15, 2012 11:38 pm

Re: Why use a password manager?

#4 Post by TenaciousD » Thu Jun 13, 2013 3:42 am

Midas wrote:Bearing in mind that the only truly safe system is a completely physically (in the scientific sense) isolated one, my approach to computer safety is somewhat minimal but heavily layered.

I avow that I worry more about G-Men and their agencies antics then about crackers, who are chiefly after financial assets, a category they would find me seriously lacking; but I had never heard about that Zeus toolkit, though, it sounds really menacing.

OTOH, I do believe that most of the talk in the field is meant to fuel the computer security industry...

In the wake of that prismatic menace, a quick pointer for phones of the Android persuasion: http://whispersystems.org/
I'm not sure how to read your comment without getting a bit concerned of its (implied) meaning. Are you using Antivirus software and firewall? Mind you I have found that most of my security needs have been met with free software and therefore I have little reason to believe its a security industry conspiracy that confuses users who think buying security software is better than free alternatives.

As for the Zeus Trojan whats important to understand is that Zeus just like many other malware out there are can be distributed in both directed and undirected forms. In the directed form the attacker has targeted a particular individual such as a CEO or some high level manager in a big corporation and will then create custom attacks that will be sent to the individual. These attacks are often personalized and can even come from within the targets organization. As you can imagine they are not targeted at ordinary folks like us. Unless we become their target of course. :lol:

The second form called undirected attacks is the one I'm really worried about. Undirected attacks is also the most common form that attackers use. They basically distribute malware on a variety of sites such as torrent sites, facebook and other sites not necessarily shifty sites like porn sites although they do that too. The malware will often be in the form of a link, eg a link to a cool video a must see picture or anything like that. The hackers will often not know who their victims are in undirected attacks and probably don't care. After the user has clicked on a link the malware will be installed on their computer unless an active AV discovers it. It is also important to note that in some cases merely going to a site is enough to download malware, this is called drive-by-download and it is real!

After the malware is installed on the victims computer it may do a number of things. One thing I highly doubt it does is determine how important you are, that is irrelevant to its intentions. Then the malware can monitor everything you type and send it to a remote location on the internet, install even more malware, download extra malware or any other number of things or even combinations of these things. Its important to note that the malware will send out the information that you are infected and that hackers may not even care who you are or whats on your computer although they may be able to access your computer without your knowledge and steal files, plant files etc.


I hope I did not offend you if you already know this. It's just you sound like you may be underestimating how dangerous and how prevalent the hacker (or cracker) threat really is. Mind you that doesn't mean hackers don't work for the government, some of them do and they are just as dangerous.

User avatar
Midas
Posts: 4379
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: Why use a password manager?

#5 Post by Midas » Thu Jun 13, 2013 6:31 am

TenaciousD wrote:I hope I did not offend you if you already know this. It's just you sound like you may be underestimating how dangerous and how prevalent the hacker (or cracker) threat really is. Mind you that doesn't mean hackers don't work for the government, some of them do and they are just as dangerous.
Most of it; no offense taken. :)

And yes, I am underestimating that threat, just because I can. In the past decade the most harm I got from malware was a couple of forced system re-installs, while the government kept leveraging its tech muscle to extract ever more (both money & info) from John Does like myself...

But rest assured, antivirus and prevention measures are in place -- all readings nominal. :mrgreen:

TenaciousD
Posts: 48
Joined: Thu Nov 15, 2012 11:38 pm

Re: Why use a password manager?

#6 Post by TenaciousD » Thu Jun 13, 2013 9:00 am

Oh ok.. It's just there are people out there who have weird views about computer security like one guy who 'doesn't need a firewall' and another guy who lost a lot of money due to the Zeus Trojan and wondered how it was possible because he already had a firewall( :?: )

As for PRISM I'm not surprised that they are doing so. Look at all the changes that have occurred in the last decade. Sooner or later the US government was going to use their powers and they have done so. I don't like the idea of being monitored and no its not because I'm a bad guy its because I don't like the government entities gathering data about me even if I have done nothing wrong. There is a reason why its called our personal Information. It reminds me of the Lewis Black comedy skit where he says 'Just because I oppose the wars in Iraq and Afghanistan doesn't mean I support the other side.' In a similar way 'Just because I don't like being monitored doesn't mean I have something to hide it means I don't like people snooping into my data without just cause.' Besides once they have your data they could any number of things, bad things, very bad things.

On a side note I don't know why the whistle blower (Edward Snowden) who informed the press about PRISM decided to come out. :?: Many of us know of whats happening at least in passing to Bradly Manning who disclosed thousands of cables and the infamous 'Collateral Murder' video to the wikileaks website. And they are thinking of charging him (Manning) for 'Aiding the Enemy' which as you can imagine a serious charge. I wonder what Mr Snowden will get?

BTW it isn't called PRISM

carbonize
Posts: 363
Joined: Wed Jan 09, 2008 1:16 am
Location: Bristol, UK
Contact:

Re: Why use a password manager?

#7 Post by carbonize » Thu Jun 13, 2013 9:22 am

I thought everybody knew that nearly all electronic data is monitored from faxes to emails? We just used to think the system doing it was called something Echelon or something. The simple choice is we can either live with the snooping or live with more terrorism/crime. It's a fine line.

User avatar
SYSTEM
Posts: 1788
Joined: Sat Jul 31, 2010 1:19 am
Location: Helsinki, Finland

Re: Why use a password manager?

#8 Post by SYSTEM » Thu Jun 13, 2013 10:51 am

carbonize wrote:The simple choice is we can either live with the snooping or live with more terrorism/crime. It's a fine line.
It's the public which should make the decision. Beforehand.
My YouTube channel | Release date of my 12th playlist: November 1, 2018

carbonize
Posts: 363
Joined: Wed Jan 09, 2008 1:16 am
Location: Bristol, UK
Contact:

Re: Why use a password manager?

#9 Post by carbonize » Thu Jun 13, 2013 10:56 am

Would you trust the public to actually make an intelligent choice? The herd mentality is to go with whatever is the current big news story or whatever crap they have recently been fed.

User avatar
Midas
Posts: 4379
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: Why use a password manager?

#10 Post by Midas » Fri Jun 14, 2013 5:21 am

Firstly, PRISM is way cooler than Section 702 (or CIP-S702/FISA for a complete acronym)... :mrgreen:

There was Echelon, then Carnivore, now PRISM; I think it's safe for us to assume that most of what was posted on the Interwebz for the last decade and a half has been harvested at one time or another. OTOH, just my Dope Wars logs will keep whomever busy for decades... ;)

I don't think the option is that clearcut between snooping and crime but then, what do I know, I'm just another decadent continental, right? It's just that I'm with SYSTEM here, if it is so good for the people, have the people vote on it -- preferably, periodically. And, for the record, better yield to the herd than have it butchered in silence...

carbonize
Posts: 363
Joined: Wed Jan 09, 2008 1:16 am
Location: Bristol, UK
Contact:

Re: Why use a password manager?

#11 Post by carbonize » Fri Jun 14, 2013 6:34 am

We have the people vote on who runs the country and look how that turned out :|

TenaciousD
Posts: 48
Joined: Thu Nov 15, 2012 11:38 pm

Re: Why use a password manager?

#12 Post by TenaciousD » Fri Jun 14, 2013 8:52 am

@ Midas Yes even I like PRISM better than it formal name.
The simple choice is we can either live with the snooping or live with more terrorism/crime. It's a fine line.
Oh dear I don't know where you got that from but I don't think it is entirely accurate to say the least. :shock:

We are not just talking about snooping here we're talking of 'wholesale snooping' where without just cause people's privacy is being compromised and on a large scale. And when I mean just cause I mean positive evidence that someone is doing something they are not supposed to. We already know that various US government entities are involved in surveillance nothing new there but what's important to mention is that more and more of it is is being done without proper checks and balances. A good example is the need for a warrant, that's whats prevents cops from busting into people's homes more often. There is a reason warrants are needed in the first place, to prevent law enforcement from invading people's homes without a really good reason.

There is also another problem that has been mentioned recently where federal authorities want even more access to data. The problem is that they want it in the form of a kind of 'backdoor'. They want big names such as Facebook and Google to create these 'backdoors' to make it easier for law enforcement to monitor and gather more data about people. There are a number of problems with what the feds want one major issue is that once you create a backdoor you have compromised the security of whatever product or service you are providing. You may not thing this is a big deal but it is. A couple of years ago Google was hacked. The main reason they were hacked was because chinese hackers believed to be working with the chinese government wanted to know which gmail accounts of chinese spies were being monitored, they got the data and probably more. If you don't see the reason I'm talking about this point then let me explain it a little more clearly. By forcing various online companies to create backdoors law enforcement are actually making the problem worse as the attackers can now search for these new targets to get juicy details that they can use later on. This creates the strange situation where law enforcement are trying to make their job easier while they are also making the bad guys job easier as well! Its a bit like what happens when a kid grows up in a very strict house the parents are doing it for the child's own good but that doesn't mean it always works. Just look at Lady GaGa she was brought up in a catholic home and just look at her music videos! Its like she needs to prove to the world shes not a man! :mrgreen:

carbonize
Posts: 363
Joined: Wed Jan 09, 2008 1:16 am
Location: Bristol, UK
Contact:

Re: Why use a password manager?

#13 Post by carbonize » Fri Jun 14, 2013 9:00 am

Again it's a fine line. Who can say how many criminals/terrorists have been caught because of this snooping? And how many of them would of been monitored if we only monitored people we had reason to suspect?

User avatar
webfork
Posts: 7949
Joined: Wed Apr 11, 2007 8:06 pm
Location: US, Texas
Contact:

Re: Why use a password manager?

#14 Post by webfork » Fri Jun 14, 2013 9:04 pm

carbonize wrote:Again it's a fine line. Who can say how many criminals/terrorists have been caught because of this snooping? And how many of them would of been monitored if we only monitored people we had reason to suspect?
One of the problems with everyone being under permanent investigation is if you do something wrong, you may not know about it. Instead, your activities and behavior may be restricted since the government can't quite take it to the police or courts. First the no-fly list, then a no bus list, then not being able to use a car or buy from certain products, and on and on.

Essentially, a free society needs a boundary between criminals and free people, also known as due process. If I did something wrong, I need to be informed of my crimes, be able to bring it in a reasonable time to a court of law, and consult a lawyer. For decisions made this way, there's no way to appeal the decision because it's all secret. The door to even discuss it is closed. If this continues, you'll have people under high suspicion who aren't exactly incarcerated, but far from free.

Instead, broad surveillance treats everyone like criminals. If someone at PRISM learns something about you that isn't quite true or they misunderstood (and then takes action against you), there's no way to appeal it. And to even do so may mean going into details of your life they have no business knowing in the first place. It's both bureaucratic and humiliating.

Anyway, the idea is not mine but maybe interesting or useful.

---

Edit: it's probably obvious but worth pointing out that there are more than just a "no-fly list" where you can stay in perma-suspicion. There are many lists that you can get on and never leave.

User avatar
SYSTEM
Posts: 1788
Joined: Sat Jul 31, 2010 1:19 am
Location: Helsinki, Finland

Re: Why use a password manager?

#15 Post by SYSTEM » Fri Jun 14, 2013 10:24 pm

webfork wrote: Essentially, a free society needs a boundary between criminals and free people, also known as due process. If I did something wrong, I need to be informed of my crimes, be able to bring it in a reasonable time to a court of law, and consult a lawyer. For decisions made this way, there's no way to appeal the decision because it's all secret. The door to even discuss it is closed. If this continues, you'll have people under high suspicion who aren't exactly incarcerated, but far from free.
That reminded me of this: http://www.mtv3.fi/uutiset/rikos.shtml/ ... black-list :mrgreen:
My YouTube channel | Release date of my 12th playlist: November 1, 2018

Post Reply