Encryption

NSA dictates OS development
The seemingly irrational Linux decisions and Windows decisions were orchestrated by the NSA so that a huge attack vector of API's, Nvidia binary blobs and entropy weakened hardware encryption could be created. BSD developers couldn't understand what was going on with the Linux developers with commit rights to the Linux kernel tree, now we know: they were paid by the NSA.

i2p
https://www.encrypteverything.ca/index.php?title=Installing_and_using_I2P

https://www.youtube.com/user/i2ptutorials

Digitizing files
https://www.encrypteverything.ca/index.php?title=Uploading_photos_privately_%28removing_EXIF_data%29......When you take a picture with your cell phone or a digital camera information called EXIF data is stored inside it. EXIF data can contain information that reveals personal details about you (e.g. GPS location, camera type, etc.). .....

Uploading a book with Book liberator tech is done with a digital camera bought cash far away from your residence, place the camera inside a box painted with copper on the inside FaradayCage.

Links
\=
 * https://www.schneier.com/blog/archives/2009/10/evil_maid_attac.html Evil maid attack.
 * Freenet
 * http://fiddler2.com/, http://www.wireshark.org/download.html , http://www.snort.org/start/download

The traffic is coming from inside the target's machine. Thus, you would have to have complete logs, like through Fiddler or equivalent, and cross-reference that to a Snort or Wireshark session running on another machine. When you see traffic that doesn't match normal system or user traffic, then you have a suspect.

Since this is based on two things: (1) a BIOS component, and (2) a hardware transmitter component, working together.... one way to defeat it is to wipe out the BIOS and upgrade it to your own compiled fully free and open source variant, like http://www.coreboot.org/. This could possibly disable the attack even if the hardware transmitter were hard to spot and physically remained.

https://www.schneier.com/blog/archives/2013/09/new_nsa_leak_sh.html

Note how tor must be config on vm, win7 can be bypassed

http://www.loper-os.org/?p=1299

Obfuscated C-code

 * http://cm.bell-labs.com/who/ken/trust.html The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect.

http://www.peereboom.us/assl/assl/html/openssl.html  openssl deliberately made unreadable by NSA agents part of the core coding team. See http://web.archive.org/web/20140414023227/https://www.peereboom.us/assl/assl/html/openssl.html as peereboom.us warns on fake certificates. Before the the Snowden release, read somewhere that the NSA has its agents as core openbsd,freebsd,linux etc. kernel coders with commit rights to the source tree. I thought this was just to conspiratorial, after Snowden computing from inside a faraday cage should be standard. Using obfuscated C-code the NSA can hack any linux, ssl system at will.

NSA antics
http://www.truecrypt.org is NSA software that uses Intel hardware encryption chipsets which the NSA agents with the complicity of Intel(according to various news outlets) has compromised so that the random key generator is not truly entropic and can be decrypted with specialized custom made ASIC chipsets. The max allowable password length is only 32 chars long, because not even the NSA can decrypt a 100 character password. They are not so stupid as to place any software backdoors in truecrypt itself, this would eventually be detected with a software audit, they did something that nobody even thought about: designed their very own chipset and then forced Intel to adopt it. All Truecrypt encrypted code is decrypted by the NSA when uploaded anywhere unto the Internet. The NSA can track down any person uploading to http://thepiratebay.org by comparing the file on piratebay with their cached copy of the same file that had to traverse an NSA controlled router, gateway, ISP etc. somewhere in this world. The NSA caches the entire Internet in realtime and especially homes in on encrypted files. Only by encrypting(not using truecrypt) a file before uploading to a torrent sharing site is some measure of protection provided. And even then this must start with i2p -> Tor -> clearnet. It seem that there aren't any file uploading sites that allows for encrypted upload or that allows for Tor based uploads. Tor itself is compromised, begin with i2p and then hop unto Tor.

Fact is - the US authorities were confronted with the following situation:

1. It proved politically impossible to force all creators/distributors of encryption software to implement a backdoor in their products (via law).

See a good overview about the history here:

http://www.newyorker.com/online/blogs/elements/2013/08/hard-to-crack-the-governments-encryption-conundrum.html

2. However, government and/or government agencies were absolutely convinced that the only way to guarantee security is for the authorities to be able to read the content of encrypted communications. See the document from the US Department of Justice from 1998 quoted above:

https://web.archive.org/web/20040529211445/http://www.justice.gov/criminal/cybercrime/cryptfaq.htm

Note the conclusion:

"At bottom, it is important to recognize that society has an important choice to make. On the one hand, it can promote the use of unrecoverable encryption, and give a powerful tool to the most dangerous elements of our global society. On the other hand, it can promote the use of recoverable encryption and other techniques, achieve all of the benefits, and help protect society from these criminals. Faced with this choice, there is only one responsible solution."

So what were the US authorities supposed to do? Just do nothing and watch how "Open Source" encryption programs "take over" the market, because they are free and trustworthy, and where it won't be possible to force the creators to install backdoors like they exist in "Bitlocker"? (yes, Bitlocker is backdoored, which is well know in the law enforcement community)

Well, one possible and perfectly reasonable solution for the authorities could be: Take part in the "open source" community, offer the best program, and then dominate the market! Make a program which will be used all over the world, and which includes a very well concealed backdoor. And that's exactly what they did. They used a cover which was barely credible, as it had the elements of an international, well funded organization with considerable funds, personnel, lawyers etc., but it worked for about 10 years. In the future, we all should just be more careful, and, as I said before, should not ignore the obvious warning signs.

Basically it should be clear that privacy does not exist anymore. i2p uses java, how many NSA agents have commit rights to the i2p source tree?

Chat sessions are not encrypted; Pigeon, Aim, Skype etc. You need to encrypt all text with a custom Microcontroller attached to an RS-232 port with a diode that blocks the read signal. The NSA cannot defy the physics of a diode. This encrypted text is then inserted into the skype session, the person at the other end must have a decrypting Microcontroller attached and the read the text from the LCD display of the micro. Anything in software on a pc is compromised.

Torvalds and NSA
http://cryptome.org/2013/07/intel-bed-nsa.htm ....n 2013-07-13 12:20 AM, Eugen Leitl [forwarding Matt Mackall ] wrote: It's worth noting that the maintainer of record (me) for the Linux RNG quit the project about two years ago precisely because Linus decided to include a patch from Intel to allow their unauditable RdRand to bypass the entropy pool over my strenuous objections. Is there a plausible rationale for bypassing the entropy pool? How unauditable is RdRand? Is RdRand unauditable because it uses magic instructions that do unknowable things? Is it designed to actively resist audit? Has Intel gone out of its way to prevent you from knowing how good their true random generation is?

The naïveté of bean-counters and bureaucrats may be excusable; that of seasoned academics and engineers isn’t. Mr. Torvalds eagerly hitched the security of the Linux kernel to Intel’s Trojaned wagon. http://www.loper-os.org/?p=1299

FreeBSD10 has reverted recent commits to their source on using Intel compromised chip sets back to random key generation in software only. All Lenovo motherboards have chip sets implanted that "phones home" to China. NSA has so compromised the Android system that no bitcoin wallet is safe on it. Plastic rocks, thrown over the wall, embedded with electronic signal sniffing equipment that can detect keyboard presses, this was how the Iranian nuclear computer systems were penetrated. Faraday cages, lined with tin-foil is posb. solution to this.

Password footprint
https://www.schneier.com/blog/archives/2007/01/choosing_secure.html What's happening is that the Windows operating system's memory management leaves data all over the place in the normal course of operations. You'll type your password into a program, and it gets stored in memory somewhere. Windows swaps the page out to disk, and it becomes the tail end of some file. It gets moved to some far out portion of your hard drive, and there it'll sit forever. Linux and Mac OS aren't any better in this regard.

Thus the encrypted file must be streamed over ethernet to another pc and the the home pc wiped. This entails configuring a pc and making a ghost backup.

https://www.schneier.com/blog/archives/2007/01/choosing_secure.html .....Even so, none of this might actually matter. AccessData sells another program, Forensic Toolkit, that, among other things, scans a hard drive for every printable character string. It looks in documents, in the Registry, in e-mail, in swap files, in deleted space on the hard drive ... everywhere. And it creates a dictionary from that, and feeds it into PRTK. 50% success rate cracking password.

Qubes linux
http://theinvisiblethings.blogspot.com/2012/09/how-is-qubes-os-different-from.html Second, all mainstream desktop OSes, such as Windows, Linux, BSD, even OSX, are all based on a monolithic kernels, which present a significant security problem. This is because a typical monolithic kernel of a contemporary desktop OS contains tens of millions of lines of code, and to make it worse, most of this code is reachable from (untrusted) applications via all sorts of APIs, making the attack surface on the kernel huge. And it requires just one successful kernel exploit to own the whole system, bypassing any security mechanisms that might have been built on top of it, such as SELinux, LXC, etc.

In other words all US citizens can be forced to become NSA agents, the agency will find some means of blackmail such as failed tax return etc. Everything, cloud etc. from the USA and US citizens are compromised. Using Dropbox? Might as well publish your password on pastebin. http://www.mega.co.nz loads javascript locally to prevent man in the middle server impersonation. http://www.ghacks.net/2013/07/20/megas-chrome-app-improves-security-by-loading-javascript-locally/ Loads javascript locally.

NSA password software
http://keepass.info/download.html Attempts to make TCP/IP connections the whole time. All downloads are probably a man in the middle attack, nobody is really connecting to sourceforge, but to an NSA proxy server. The .exe sourceforge file is obviously NSA compromised. Even compiling the code from source won't reveal the hidden obfuscation http://cm.bell-labs.com/who/ken/trust.html

Links
http://www.keepassx.org/screenshots/   http://underhanded.xcott.com/
 * http://blog.thinkst.com/p/if-nsa-has-been-hacking-everything-how.html ....Case in point: why did they use "=" instead of "^=" when they added the FIPS PRNG to GPG? Infiltration is staring everyone in the face, and people do shout about it... Nobody notices or cares though. They've been trained to think everyone who points this stuff out is a hysterical conspiracist, and ignore.........  https://www.gnupg.org/
 * https://nex.sx/blog/2015-01-27-everything-we-know-of-nsa-and-five-eyes-malware.html
 * https://www.comodo.com/  Geekbuddy allows the NSA to take remote control of you pc