Nicholas Weaver 's Techdirt Comments

Latest Comments (47) comment rss

  • Belgian Prosecutor Looking Into Reports That NSA/GCHQ Hacked Well-Known Belgian Cryptographer

    icon
    Nicholas Weaver ( profile ), 04 Feb, 2014 @ 08:18am

    Please correct, this is likely NOT the NSA...

    A far better report is from TechWeek Europe.

    Two very important points:

    The initial attack was phishing based. The NSA doesn't need to phish, instead they just use direct packet injection instead.

    The malcode appears to be a MiniDuke variant.

    We don't know who is operating MiniDuke (namely, is it the Russians or is it the Chinese?), but the targeting history suggests that it is not the US/UK, as a significant number of the targets of MiniDuke have been US/UK computers (Think tanks, research institutions), while NSA/GCHQ is largely outward facing.

    Thus the headline is WRONG: Quisquater was probably attacked by a nation-state level adversary, but that adversary is probably NOT the NSA/GCHQ.

  • FBI Agent: Connection Logs Show Suspect's MAC Address, So Look For Apple Hardware

    icon
    Nicholas Weaver ( profile ), 20 Dec, 2013 @ 01:09pm

    Also...

    Any sysadmin worth his salt with an unknown MAC address is going to throw it at Wireshark or a similar database, so "Look for a Mac with this MAC" is quite expected.

  • FBI Agent: Connection Logs Show Suspect's MAC Address, So Look For Apple Hardware

    icon
    Nicholas Weaver ( profile ), 20 Dec, 2013 @ 01:01pm

    Actually, a MAC can indicate a Mac...

    The upper 24 bits of the MAC address indicate the manufacturer, and can be even finer:

    http://anonsvn.wireshark.org/wireshark/trunk/manuf

    is Wireshark's list.

  • GCHQ Used Fake Slashdot Page To Install Malware To Hack Internet Exchange

    icon
    Nicholas Weaver ( profile ), 11 Nov, 2013 @ 10:11am

    Not FAKE slashdot, but packet injection...

    QUANTUM is not a fake slashdot page. Rather it is packet injection (which I speculated about months ago here: https://medium.com/surveillance-state/1b5ab05ac74e )

    How it worked is they saw their victim visit LinkedIn or Slashdot, identified them based on their account, and then shot an exploit at them using packet injection. So there was no "fake" slashdot page, just an injected exploit packet.

  • Former DHS/NSA Official Attacks Bruce Schneier With Bizarre, Factually Incorrect, Non-sensical Rant

    icon
    Nicholas Weaver ( profile ), 05 Nov, 2013 @ 05:37pm

    As a great bonus...

    Not only are these two hawking snake-oil, but their "Whitenoise" stream cypher thats the center of their snake-oil (calling it a "One Time Pad" is a lie) is actually already known-broken!

    http://eprint.iacr.org/2003/250

  • NSA Officials Livid That White House Is Pretending It Didn't Know About Spying On Foreign Leaders

    icon
    Nicholas Weaver ( profile ), 29 Oct, 2013 @ 11:45am

    The real frustrating thing is this is exactly who the NSA is supposed to be spying on. Foreign leadership is specifically in-scope.

    The problem I have is the methods: if its anything like how Belgicom was hacked (using "QUANTUM", namely, packet injection to exploit a tech's computer and then using the 'lawfull' intercept capability built into the phone switches), this would be something that the US would clearly call a criminal act, and possibly call an act-of-war.

    If France, say, hacked AT&T using these techniques to monitor cellphones in Washington DC, "ballistic" wouldn't even begin to describe the US response.

  • Educational Exercises Aimed At School Shootings, Drug Abuse Result In Terrorized Students And K-9 Attacks

    icon
    Nicholas Weaver ( profile ), 29 Oct, 2013 @ 08:43am

    Texas...

    I hope they don't try it in Texas, they might end up with an armed teacher who shoots the simulated shooter...

  • FBI's Case Against Silk Road Boss Is A Fascinating Read

    icon
    Nicholas Weaver ( profile ), 02 Oct, 2013 @ 12:02pm

    Parallel construction...

    I doubt the fake ID bust was parallel construction. If they were on to DPR, they would have handled the fake IDs far differently, since this could easily have caused DPR to panic and flee the country.

    The interesting question not answered in the complaint is how they discovered Silk Road's server to get an image of it in July.

  • Former NSA Boss: Mass Surveillance Is Very Important, But Perhaps NSA Should Stop Lying About It

    icon
    Nicholas Weaver ( profile ), 03 Sep, 2013 @ 05:43am

    He IS right on private surveilance...

    The private company surveillance is out of control. Facebook and Google record almost every web page you visit (Yes, Facebook LIKEs your taste in porn) thanks to those ubiquitous trackers and advertisers. Data brokers collect information, resell it, repackage it, data mine it, and do all sorts of other skivvy things with it.

    The private spying is ALMOST as out of control as what the NSA is doing, and also needs to stop.

  • Yes, Of Course The NSA Pays Tech Companies For Surveillance Efforts

    icon
    Nicholas Weaver ( profile ), 23 Aug, 2013 @ 09:04am

    Except for that whole "reputational damage" thing...

    Having the companies modify their infrastructure for the benefit of the NSA means although it may be "legal" to tap foreign communications, it means that the US companies are now complicit in attacking their own customers (just not the US customers).

    The reputational and economic damage that the NSA is causing dwarfs the few million dollars the companies are gaining. US/UK technology companies now must be considered to be hostile if you are outside of the US/UK.

  • No, There Hasn't Been A Big Shift Away From US Datacenters… Yet

    icon
    Nicholas Weaver ( profile ), 23 Aug, 2013 @ 05:27am

    Where to go? Insource...

    Web hosting is generally public, providing public facing information. The data of real note is email, internal documents, and other such critical systems. It is that data which should flee the cloud.

    And where should the data run? Why inhouse: businesses which need confidentiality (Law firms, and any business with significant international competition) should forget about outsourcing to the cloud at all.

  • Suddenly The Terms And Conditions Of Your 'Cloud' Service Provider Matter A Lot More

    icon
    Nicholas Weaver ( profile ), 22 Aug, 2013 @ 08:01am

    Re: Cloud computing security

    Actual link: http://www.icsi.berkeley.edu/~nweaver/cloud.pdf

  • Suddenly The Terms And Conditions Of Your 'Cloud' Service Provider Matter A Lot More

    icon
    Nicholas Weaver ( profile ), 22 Aug, 2013 @ 08:00am

    Cloud computing security

    The problems with cloud computing security can be summed up in four words: "Lawyers, Guns, and Money" (with apologies to Warren Zevon, my short talk with that title).

    And remember, rule #1 of Cloud Computing Operational Security if you actually have confidential information you need to protect: don't use cloud computing.

  • Yes, The NSA Has Always Hated Encryption

    icon
    Nicholas Weaver ( profile ), 31 Jul, 2013 @ 07:41am

    The strange thing is, DES was NOT weakened by the NSA!

    A strange coda to the story however. DES was NOT weakened by the NSA. The design's subtle tweaks by the NSA ended up being used to counter differential cryptanalysis, and although the key length was somewhat short, it was still uncrackable at the time of development (now its crackable in a day or less).

  • Actually, Nintendo Wanted Smash Bros. Out Of EVO Tourney Entirely, Which Is Really Stupid

    icon
    Nicholas Weaver ( profile ), 12 Jul, 2013 @ 05:48am

    This from the geniuses....

    This move from the "geniuses" that brought us "The Wizard"

    Wow, times have changed.

  • Latest Leak Showing US Spying On EU Embassies Not That Surprising

    icon
    Nicholas Weaver ( profile ), 01 Jul, 2013 @ 05:03am

    Actually, this is a VERY big deal...

    Because to someone like me, DROPMIRE sounds like a lifecycle attack: building in a backdoor into the commercial product itself at the factory.

    If the NSA is using lifecycle attacks, or even if there are just credible rumors of the NSA using lifecycle attacks, US network hardware and security companies are now in the same position that Huawei is in.

  • Defense Department Blocks All Web Access To The Guardian In Response To NSA Leaks

    icon
    Nicholas Weaver ( profile ), 28 Jun, 2013 @ 05:27am

    Its necessary for them to do...

    The US government has no notion of "its already out there": If a document is classified Top Secret, having it discovered on an unclassified computer is bad, VERY BAD. The easiest cleanup procedure usually is "wipe the whole computer".


    It doesn't matter if copies of the document are on the front page of every newspaper in the country, scattered across a hundred flyers, and sent a thousand times to every general, colonel, and corporal in the army, its still classified.

  • Clapper: I Gave 'The Least Untruthful Answer' To Wyden's 'Beating Your Wife' Question On Data Surveillance

    icon
    Nicholas Weaver ( profile ), 10 Jun, 2013 @ 01:22pm

    Remeber, the NSA uses a different definition...

    The NSA defines "collection" as when they actually use the data and get some result from it, with the probable unstated admission that it is only "collected" if they use the data, get some result, and ADMIT that they used the data and got the result.

    Its the same linguistic BS that allows Obama to say with a straight face that he only launches robot flying assassins against Americans who are an "imminent" threat, with "imminent" being defined in his lexicon as "well, perhaps, kinda sorta, and its too much of a pain to try to capture or do anything like that so lets just send in the robot flying assassins and be done with it"

  • Prenda's Former Porn Client Comes Forward About His Fears Of Working With Prenda

    icon
    Nicholas Weaver ( profile ), 31 May, 2013 @ 11:58am

    I suspect its 50% AFTER "expenses"

    I'd suspect also that it was 50% AFTER "expenses" which Prenda padded mercilessly. If Mike can get in touch with Mr Pilcher, it might be worth asking about that, since with all the other difficulties, I wouldn't put hollywood-level accounting past the Prendarists.

  • Stop & Frisk Accomplishments: Barely Any Illegal Weapons Recovered, But Tons Of Weed Smokers Jailed

    icon
    Nicholas Weaver ( profile ), 30 May, 2013 @ 07:22am

    Worse, the pot busts are largely SYNTHETIC!

    It is a crime to DISPLAY any quantity of Marijuana, but it is NOT a misdemeanor in NYC to possess very small quantities, just a infraction.

    But once they frisk the victim, and remove the pot from the pocket (EVEN THOUGH its clearly too small to be a weapon) it becomes a misdemeanor because now the victim is displaying the pot!

    So for most of the 26,000 arrested for pot, their only arrestable crime was a direct result of BEING FRISKED!

    More details at the New York Times.

Next >>