End to end encryption under threat

Mynight · 3 Nov 2015 at 16:35

http://www.telegraph.co.uk/news/ukn...t-of-reach-communications-under-new-laws.html

Quality. They want to backdoor these services under the guise of stopping paedofiles and terrorists again.

What do you think should there be a limit to what encryption is offered to the public?

Personally I think people with something to hide wouldn't even be using these services in the first place and the ones that do would just be pushed further underground by creating such a law.

Mynight · 3 Nov 2015 at 16:42

I could be wrong but I think its a different law.

If it is just a continuation my apologies

.

Mynight · 3 Nov 2015 at 17:45

scorza said:
I don't have a problem with it as long as there is a proper authority e.g. a judge, to authorise the use of the backdoor. It shouldn't be any different to a phone tap (used to catch fly-tippers) or a hidden camera in someone's home (used to catch Stephen Lawrence's killers).

I agree. Although the powers that be have repeatedly overstepped their authority before. As such I don't trust it to be a warrant issue only.

I just hate the way it is recently if you stand against any recent Internet proposal from the UK it must be because you're a terrorist or paedofile. There's no allocation for the people that (maybe paranoid) but realise it's just another step into your private lives. The majority of the public probably don't understand nor care past the emotive tag line "omgz pedos and terroritz".

I'm sure everyone has done something questionable in their lives whether it's actually illegal or just something you wouldn't like being public doesn't matter as worst case scenario if the government can get in so can someone else. Let's be honest anyone who denies it is either a liar or deluding themselves.

Mynight · 3 Nov 2015 at 18:20

scorza said:
And I hate the way there's a hysterical backlash if you want any sort of law that would actually help the authorities combat crime, including terrorism. People are unwittingly calling for anarchy where there are no laws, and the rule of law is one of the main things that separates us from the third world.

Touche. However is there any proof any of the extra surveillance has decreased said crimes? We only have their word to go on.

I'm all for laws but there's got to be a limit. I hate to bring up the slippery slope fallacy but we're quite literally experiencing it.

Was my post hysterical? Everything I said is plausible and based on history.

Mynight · 3 Nov 2015 at 18:37

scorza said:
What sort of proof do you want? There have certainly been convictions obtained for conspiracy to commit crimes thanks to various forms of surveillance. The problem is that that innovations in crime have meant the authorities are playing catch up, quite often it's impossible for there to be any evidence of a justice initiative working because it's new, so if you're waiting for evidence then you're paralysed and can't do anything. As long a our human rights (and I mean real human rights, not the nonsense in the ECHR) aren't impinged then what's the problem.

You say we're on a slippery slope but imo we've never had as much liberty as we do now - less censorship in the media, social freedoms, cheap global travel, financial freedom e.g. access to credit, fast transactions. These are all generally good things but we need to make sure that people are protected from criminals who would exploit that liberty for their own gain.

Wont lie I dont have an counter against what you've just said. You're right annoyingly

.

Guess my lack of rebuttal means I was basing my view on hysteria to an extent. I see reports like this and all I can think of is how less invasive powers have been abused in the past. Completely pessimistic I know.

Mynight · 4 Nov 2015 at 18:03

scorza said:
Well yeah, which is why Manning and Snowden have so much blood on their hands. Nothing to do with the UK government though.

Hacking into TalkTalk (with an SQL injection vector ffs) is one thing, hacking into GCHQ is a rather different prospect.

It's doubtful the data collection will be stored by GCHQ it's more likely to be the ISPs (they were whinging about the added costs) as such it could easily be another talk talk affair.

Mynight · 4 Nov 2015 at 18:23

scorza said:
One imagines that the capability to decrypt these messages would be managed out of GCHQ though.

O you'd hope wouldn't you

.

Mynight · 20 Dec 2015 at 08:20

****e juniper is used by a fair few big corps.

Wonder who authorised it and how long it's been "unauthorised" for.

Mynight · 20 Dec 2015 at 08:46

Got to give them credit for owning up. I imagine a few companies would have just patched it and kept quiet.

Mynight · 20 Dec 2015 at 11:28

peterwalkley said:
On the Juniper code, a lot would depend on what kind of code reviews, testing and checks were in place at the time. There would be some kind of source code control system pointing to a developer id that checked the code in, but was it a stolen or borrowed login id. Given the FBI involvement, we'll likely never know unless someone gets prosecuted for it.

Agree that Juniper did the right thing by owning up. The extra free publicity would also help get the patches applied a lot more quickly.

I think in this case it could be an exemption to any publicity is good publicity. A company that sells security to others has been breached leaving others open to attack(ish).

I'd be rather intrigued to know how an employee could gain from it. unless Cisco are running a if you can't beat them discredit them initiative.

Open source ftw!

Mynight · 20 Dec 2015 at 12:30

That is a very fair and valid point.

Mynight · 20 Dec 2015 at 21:44

To be honest we don't know for what reason it was placed. Could be part of the dragnet.

I wonder if anyone else found it before they did. I'm sure someone was working on them.

We don't know exactly what sort of backdoor was in place whether it merely required a key or was open to a certain kind of attack.

Heck even if I saw the source code of it it's probably well beyond my abilities to even recognise it.

Mynight · 20 Dec 2015 at 22:04

Ignorance and wishful thinking.

Then again there's a lot more to what's involved and possible than I know so maybe it's my ignorance to fall in the camp that believes your quoted phrase to be true.

Mynight · 20 Dec 2015 at 22:31

Caged said:
This is a decent overview:

https://www.imperialviolet.org/2015/12/19/juniper.html

The SSH vulnerability isn't a huge deal (your management interfaces won't be in-band ideally) and could be some debug code that got left behind. The VPN issue seems to come down to random numbers not being as random as they should be.

Cheers I'll have a look tomorrow after some sleep. Cursory glance merely tells me that I'm too tired to even attempt to comprehend that

.

Mynight · 21 Dec 2015 at 15:06

scorza said:
I believe there is - any British Standard lock manufacturer will make master keys available to privileged people. I don't exactly know how the system works (for obvious reasons people don't like talking about it) but it's what I've been led to believe.

The very basis of a lock prevents such a thing as a masterkey unless the lock is designed to accept one.

Picking a lock really isnt that hard depending on the lock but theres no way a one size fits all is plausible. Unless its a form of bumping the lock but thats far removed from being a master key.

Work on the basis if such a weakness does truely exist. Whats to stop some enterprising criminal from getting ahold of such a key? How do you then stop the criminal from using it?

Mynight · 21 Dec 2015 at 15:11

scorza said:
Exactly - the British Standards ensure that the lock is designed to accept one.

Got a link to this?

Mynight · 21 Dec 2015 at 17:36

I do have lots to hide but nothing illegal afaik, would most likly bankrupt me if it all gets out.

I'm sure everyone has something to hide.

Mynight · 18 Feb 2016 at 11:41

The register for a change have actually done a pretty poor write up.

If Apple sign such a update then there's little to prevent the "unique ID" from being changed to whatever phone they want in future.

"O you did it last time"

Anyone under the impression it's a one shot affair is unfortunately mistaken.

It's better to feign an inability to do so to prevent future requests.

Assuming we've all read Tim cooks open letter then the reasoning is there.

Going to be rather interesting to see who really has the power these days corporations vs governments I suspect the former.

( o and as for the bankruptcy post of mine in previous page. It's to do with personal data and various source code nothing dodgy by any means but would potentially land me with several lawsuits I couldn't afford to either fight(not that I could fight it) or pay up)

Mynight · 18 Feb 2016 at 11:47

scorza said:
Doesn't sound like a massive cost to me, especially against potentially saving many lives.

Unless they work out a way to pre install such an iOS fork on every device physically it's not going to prevent anything. It's a purely after the fact affair.

If it becomes known that Apple devices are easy to read then the people committing such atrocities will merely move to communications that are secure. The ones we probably should worry about are the ones who wouldn't even be using corporate controlled devices.

Mynight · 18 Feb 2016 at 11:54

scorza said:
You don't think that knowing who Farook had been talking to could potentially yield some useful leads?

It could but just as likely it will lead to the persecution of innocent people.

But this isn't just farok. If such a thing is created anyone and everyone can be targeted.