|
 |
New links are added to the top of the list.
- JR Raphael, PC World: The Google-NSA Alliance: Questions and Answers
- Tighter oversight on border laptop searches
"The procedures also allowed border agents to retain documents and devices for 'a reasonable period of time' to perform a thorough search 'on-site or at an off-site location.' "
So if you enter the U.S. with a laptop you can expect federal agents to look through your personal files and maybe even take your laptop away for a few hours or days and perhaps even copy the entire hard drive. Better to stay far away.
- New Spy Software Coming On-Line: "Surveillance in a Box" Makes its Debut
- An Illustrated Guide to the Kaminsky DNS Vulnerability
"This paper covers how DNS works: first at a high level, then by picking apart an individual packet exchange field by field. Next, we'll use this knowledge to see how weaknesses in common implementations can lead to cache poisoning."
- Former AT&T worker details federal Internet spying in S.F.
"In an interview Tuesday [2007-11-06], he [Mark Klein] said the NSA set up a system that vacuumed up Internet and phone-call data from ordinary Americans with the cooperation of AT&T. Contrary to the government's depiction of its surveillance program as aimed at overseas terrorists, Klein said, much of the data sent through AT&T to the NSA was purely domestic."
- How to surf anonymously without a trace
Several ways to protect yourself from the feds and others - Proxy.org is the pragmatic Web surfer's guide to online privacy and anonymous web surfing.
- Schneier on Security: Hackers Clone RFID Passports
- A Cost Analysis of Windows Vista Content Protection
- Wayne Madsen: Crypto AG: The NSA's Trojan Whore?
- Joris Evers and Declan McCullagh: Security risks of e-passports exposed
"Radio tags used in everything from building access cards to highway toll cards to passports are surprisingly easy to copy and pose a grave security risk, researchers said this week.
"At security conferences researchers demonstrated that passports equipped with radio frequency identification (RFID) tags can be cloned with a laptop equipped with a $200 RFID reader and a similarly inexpensive smart card writer. In addition, they suggested that RFID tags embedded in travel documents could identify US passports from a distance, possibly letting terrorists use them as a trigger for explosives."
- Ingrid Melander: EU court rules airline data deal with U.S. illegal
- Ryan Singel: Whistle-Blower Outs NSA Spy Room (Also here and here.)
"AT&T provided National Security Agency eavesdroppers with full access to its customers' phone calls, and shunted its customers' internet traffic to data-mining equipment installed in a secret room in its San Francisco switching center, according to a former AT&T worker cooperating in the Electronic Frontier Foundation's lawsuit against the company."
- Eric Weiner: Wiretapping, European-Style
"Think Bush's warrantless NSA surveillance is bad? Wait till you hear what the British government does."
- EFF's Class-Action Lawsuit Against AT&T for Collaboration with Illegal Domestic Spying Program
- William M. Arkin: NSA Expands, Centralizes Domestic Spying
- StopBadware.org
"The Stop Badware Coalition will seek to spotlight companies that make millions of dollars by tricking Web users into putting spyware, adware or other deceptive software on their machines ..."
- Bruce Schneier on Project Shamrock
- How to Make an RFID Blocking Wallet
- The media must learn the difference between a wiretap and "Echelon" (What's Echelon?)
- Pam Dixon: Your Net Health: Why Some Cookies Can Be Hazardous, and How to Say No
- Cookie Central is a good source of information about cookies and has download links to software for protecting yourself against cookie intrusions.
"Cookies are based on a two-stage process. First the cookie is stored in the user's computer without their consent or knowledge. ... This happens without any notification or user consent. As a result, personal information ... is formatted by the Web server, transmitted, and saved by the user's computer.
During the second stage, the cookie is clandestinely and automatically transferred from the user's machine to a Web server. Whenever a user directs her Web browser to display a certain Web page from the server, the browser will, without the user's knowledge, transmit the cookie containing personal information to the Web server."
- Doug Thompson: An enemy of the state
- Steve Jones: GCHQ — Government Communications HeadQuarters (Also here.)
Europe's most powerful intelligence gathering agency - John Perry Barlow: Decrypting the Puzzle Palace
- Chapter 8, Chapter 9 and Chapter 10 of James Bamford's The Puzzle Palace: A Report on America's Most Secret Agency
- Techi Warehouse's :: Security :: page.
- Handbook for bloggers and cyber-dissidents
Practical advice and technical tips to help bloggers stay anonymous and to help web surfers circumvent censorship.
- Electronic Frontier Foundation decodes printer tracking dots
- Want to check your e-mail in Italy? Bring your passport.
"An antiterror law makes Internet cafe managers check their clients' IDs and track the websites they visit."
- 4th Amendment & The People Under the Eaves — Echelon, Carnivore, CODIS and Privacy
- Andrew Kalukin: Automating Camera Surveillance
"Recent developments in computer vision, robotics, and pattern matching increase the possibility of drastic social transformations. The dictatorship of Big Brother had one small limitation of power: it depended on the obedience and vigilance of subordinates to enforce control. The application of data mining methods to massive video data sets enables a sufficiently organized power to outmatch humans in carrying out surveillance."
- Zip File Password Cracking
- How Companies Can Track Your Movements on the Intenet
- John Dillon: Are the Feds Sniffing Your Re-Mail?
- Smile for the US Secret Service
- Jonathan Wheeler: US adopts National ID: Homeland Security Now In charge of Regulations for all US States Drivers Licenses and Birth Certificates
- J. Orlin Grabbe: In Praise of Hawala
- Privacy.net
- Privacy International
- Internet Explorer security warnings [link expired]
"To summarise: absence or presence of digital signature in downloaded program DOES NOT indicate if downloaded program is safe or not. Vast majority of programs available on the net is useful, safe and NOT digitally signed."
- Charles Arthur: Microsoft's browser dominance at risk as experts warn of security holes
"Last week researchers at the Internet Storm Centre discovered a malicious program that used a flaw in the [Internet Explorer] software to install itself on the user's PC when a particular pop-up ad appeared. It would then monitor the user's typing when they visited any of 50 bank sites, including Barclays Bank, Citibank and Deutsche Bank."
- Accenture's 'Virtual Border' Project
"Accenture and its partners will need to link the vast amounts of data that biometric devices capture with legacy databases of immigration, customs, law-enforcement, and intelligence agencies. ... it also will need to analyze data to spot suspicious activities."
- James Lewis: RFID: Big Brother Gets Small (86 Kb PDF file)
"To help counteract counterfeiting of the new currency, the EU is hoping to have a new RFID [radio frequency identification] tagging system in place by 2005. Each piece of currency will have a tag with a unique code which should be irreproducible by counterfeiters. ... [T]his also means that the governments would also be able to track the money when it is not being used in illegal transactions. This would mean that any money you had in your possession could be used to track you, no matter which EU country that you were in."
- Declan McCullagh: Howard Dean's 'smart ID' plan
"[Dean] called for state drivers' licenses to be transformed into a kind of standardized national ID card for Americans. ... Dean also suggested that computer makers such as Apple Computer, Dell, Gateway and Sony should be required to include an ID card reader in PCs — and Americans would have to insert their uniform IDs into the reader before they could log on."
- Infiltration of files seen as extensive — Senate panel's GOP staff pried on Democrats
"Republican staff members of the US Senate Judiciary Commitee infiltrated opposition computer files for a year, monitoring secret strategy memos and periodically passing on copies to the media ..."
- Reuters: U.S. Says Deal Reached with EU on Air Passengers [link expired and article not available by search]
"Washington has requested non-U.S. airlines to hand over up to 39 pieces of data for each passenger, including credit card details, home address and phone number."
- Europe approves air passenger data transfers to US
"The key comment in Mr Bolkestein's statement is that the Commission has made its 'political judgement' in favour of transfer in the hope that any privacy problem will be in the meantime resolved. In short, the statement should be seen as a mechanism to boot the privacy problems into the long grass whilst allowing the US authorities access to the data they want."
- Statewatch — monitoring the state and civil liberties in the European Union
- EFF's Privacy, Security, Crypto & Surveillance
- Netsurfer Focus on Cryptography and Privacy
- Adam Back's Crypto Pages
- Declan McCullagh's Politech
- Raymond Ker: The New McCarthyism
- Drug Enforcement Takes Control of Domain Names, Threatens Privacy
- Mark Ward: The hidden dangers of documents
"Your Microsoft Word document can give readers more information about you than you might think."
If concerned, open your MS Word document with a text editor such as Notepad, which shows everything.
- Chapter 8, Signals Intelligence, from Jeffrey T. Richelson's The U.S. Intelligence Community
"Another reconnaissance project involving submarines ... involved implanting a device to intercept the signals transmitted along a Soviet underwater cable in the Sea of Okhotsk, between the Kamchatka Peninsula and the eastern Soviet coastline. A combined Navy-NSA team, operating from a submarine, installed a miniaturized waterproof eavesdropping device — a large tape pod that fit over the Soviet cable, through which key Soviet military and other communications flowed. The pod had a wraparound attachment that intercepted the cable traffic by "induction" ... The Sea of Okhotsk operation continued until 1981, when former NSA employee Ronald Pelton sold the Soviets information about the operation."
- Carl Ellison's website includes Attempt versus Succeed —
a discussion of the right of a US citizen to attempt to keep secrets, even from the government.
- Towards A European Framework for Digital Signatures And Encryption, a report on encryption policy released in 1997 by the European Commission (a Word/Wordpad document).
- Brian J. Bocketti: United States Encryption Export Policy: Turning the Corner
- Eckpunkte der deutschen Kryptopolitik (Bonn, 1999-06-02)
English translation: Key Elements of Germany's Encryption Policy - Cryptography World
A website "designed to help you understand the basics of cryptography ... [and to provide] access to a series of resources to help you apply, and implement, cryptographic solutions."
- Tom White: Head for the Hills, the End Is Nigh
- The Beginning of the End of Freedom on the Internet
- Nat Hentoff: We'll All Be Under Surveillance
"Without any official public notice, and without any congressional hearings, the Bush administration — with an initial appropriation of $200 million — is constructing the Total Information Awareness System. It will extensively mine government and commercial data banks, enabling the FBI, the CIA, and other intelligence agencies to collect information that will allow the government ... 'to essentially reconstruct the movements of citizens.' This will be done without warrants from courts, thereby making individual privacy as obsolete as the sauropods of the Mesozoic era."
- Identity-based Internet idea shelved [webpage (re)moved]
"[A] Pentagon research agency ... considered but rejected ... tagging Internet data with unique personal markers to prevent anonymous use of some parts of the Internet. ... The plan, known as eDNA ... would have divided the Internet into secure 'public network highways' where a user would need to be identified, and 'private network alleyways' which do not require identification. ... [The proposal] read in part: 'We envisage that all network and client resources will maintain traces of user eDNA so that the user can be uniquely identified as having visited a Web site, having started a process or having sent a packet. 'This way, the resources and those who use them form a virtual 'crime scene' that contains evidence about the identity of the users, much the same way as a real crime scene contains DNA traces of people.'"
So it seems that, for the authors of this proposal, accessing a website, or using the internet for any purpose at all, makes one a virtual criminal. What will they think of next?
- CNN: Crypto expert: Microsoft products leave door open to NSA
But it's even worse ... there's a "third key" ...
- Duncan Campbell: How NSA access was built into Windows
- Windows XP vulnerable to 'serious' attacks [webpage (re)moved]
"Microsoft's newest version of Windows, billed as the most secure ever, contains several serious flaws that allow hackers to steal or destroy a victim's data files across the Internet or implant rogue computer software."
- Microsoft issues patch for "serious" XP hole
"Microsoft may have touted Windows XP as the most secure operating system it has made, but the company on Thursday released a bug fix for a security hole that could leave some people's systems open to malicious attack."
- FBI wants access to worm's pilfered data
"The FBI is asking for access to a massive database that contains the private communications and passwords of the victims of the Badtrans Internet worm. Badtrans spreads through security flaws in Microsoft mail software and transmits everything the victim types. ... [T]he worm replicates by sending copies of itself to all other email addresses found on the host's machine, and installs a keystroke-logger capable of stealing passwords ... The FBI wants indiscriminant access to the illegally extracted passwords and keystrokes of over two million people without so much as a warrant."
- Judge Demands Documents on FBI Computer Spy System [webpage (re)moved]
"A federal judge on Friday [2001-09-07] ordered prosecutors to show him documents next week describing how a classified FBI computer spying system works, saying their argument the system should be kept secret from defense attorneys was "gobbledygook." ... During its 1999 investigation [of Nicodemo Scarfo], the FBI obtained a search warrant to secretly install a "key logger device" on the computer ... The government is resisting the disclosure, claiming the system is classified and that revealing it would endanger national security. But when prosecutors presented an affidavit on Friday from a high-level Justice Department official exhorting the system's classified status, U.S. District Court Judge Nicholas Politan said it was gibberish. ... " It says the guides (that define classified material) are even secret. ..." he said."
- The story about Crypto AG — with many annotated links.
- Researchers fault independent review of Carnivore
"Carnivore is a software program that monitors packets of data passing through an Internet service provider's network. Officials at the FBI and the DOJ have said the surveillance system can only be legally deployed to monitor alleged criminal activity under a court order, but privacy advocates are worried that the software could lead to widespread and random surveillance of e-mail messages."
- Carnivore review confirms extended abilities of FBI sniffing software
"The concern for privacy advocates ... is the potential for broad-sweeping data collection if the software isn't configured properly. ... According to the report, Carnivore will collect all e-mails in a packet delivered to an Internet service provider if its filters aren't set properly."
- UK Internet 'spy' plan condemned
"In a report to the British government, spy agencies MI5 and MI6 and the police jointly request new legislation requiring communication service providers (CSPs) to log their traffic and keep the details for seven years. The proposals, drawn up by the National Criminal Intelligence Service (NCIS), suggest that the log would help the fight against cybercrime, paedophile rings, terrorism and drug trafficking."
- U.K. e-mail snooping bill passed
"The surveillance bill granting the U.K. government sweeping powers to access e-mail and other encrypted Internet communications passed its final vote in the House of Commons on Wednesday and is set to become law on October 5 [2000]."
- The Wiretapping of Executives From Multinational Companies [webpage (re)moved]
"S46 of the [UK Regulation of Investigatory Powers] Bill simply authorises 'any person by means of the exercise of a statutory power' to demand the key which will unlock the encryption." — A reason for multinationals to go elsewhere?
- AntiOnline
"Hackers know the weaknesses in your system. Shouldn't you?"
- SORM — Russian Internet Wiretapping Project
"Russian FSB (Federal Security Service, successor to KGB) is preparing regulations and technical requirements to facilitate field operative work in computer networks. SORM ... is a set of regulations and technological equipment facilitating access of FSB to all computer communications and internal documents of telecom providers (including phone and internet companies)."
"The project still seems a far cry from Echelon, a high-tech spying network which ... involves 'routine and indiscriminate' monitoring of electronic communications around the world." — CNN [webpage (re)moved], 2000-02-22
- Surveillance bill under fire
"The critics say the legislation, if passed, could lead to innocent people being sent to jail simply because they have lost their data encryption codes."
- Cryptography's Role in Securing the Information Society
- Crypt Newsletter
- Fed's Encryption Standard Cracked in Record Time [webpage (re)moved]
"Researchers using a supercomputer built for $250,000 have broken the government's data encryption standard (DES) in less than three days to drive home the point that the current standard is hopelessly insufficient."
- Center for Democracy and Technology: Encryption Issues
- Wired: Germany Endorses Strong Crypto
- Duncan Campbell: Coded Message
(For more articles of interest see Duncan Campbell's web site.) - The University of Arizona has the following crypto web pages:
- Cryptography and Liberty 1999: An International Survey of Encryption Policy
- CNN: Business manager linked to prostitute through Hotmail hole
- Export-a-cryptosystem .sig [webpage (re)moved]
A perl program which implements RSA encryption and decryption, and is small enough to use as a signature file:
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj $/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1 lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/) - Encryption Policy Resource Page
"This web site is dedicted to educating Internet users, policy makers, and the public about the need to reform US encryption policy. On this site you will find a report by leading cryptographers and computer scientists which says that the U.S. Government encryption plan is risky and impractical."
- The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption.
The authors of this report conclude: "Key recovery systems are inherently less secure, more costly, and more difficult to use than similar systems without a recovery feature. The massive deployment of key-recovery-based infrastructures to meet law enforcement's specifications will require significant sacrifices in security and convenience and substantially increased costs to all users of encryption. Furthermore, building the secure infrastructure of the breathtaking scale and complexity that would be required for such a scheme is beyond the experience and current competency of the field, and may well introduce ultimately unacceptable risks and costs".
- Mondex's Pilot System Broken
A leaked memorandum which describes "a security review of the Mondex 3101 chip undertaken by Australia's Commonwealth Bank ... the memo outlined the vulnerablity of the 3101 to micro-probing."
- Global Internet Liberty Campaign
- Simson Garfinkel and Gene Spafford: Who Do You Trust?
Chapter 27 of Practical UNIX and Internet Security. - Telopolis (articles in German)
- Peter Gutmann: Security and Encryption-related Resources and Links
- Quadralay's Cryptography Archive
- David Wagner has a web page of cryptographic links: Link farms, Documents, Groups and communities, Tools and systems.
- Cryptome This is an archive site.
- Cryptography, Encryption and Stenography Many links.
| Easy Email Encryption Lite | |
| Cryptosystem ME6 | Hermetic Stego |
| Cryptography | Hermetic Systems Home Page |