Insurgency Mod Scum: cheaters, hackers, wallhackers, aimbotters, griefers, teamkillers, micspammers, spawncampers, exitcampers, and everything else Insurgency.
Blogger.com policy on personal information: Personal and confidential information: It's not ok to publish another person's personal and confidential information. For example, don't post someone else's credit card numbers, Social Security numbers, unlisted phone numbers, and driver's license numbers. Also, please keep in mind that in most cases, information that is already available elsewhere on the Internet or in public records is not considered to be private or confidential under our policies.
All information posted on Insurgency Mod Scum is publicly available.

Quotes: Beating the NSA

2014-03-01

Posted by insurgencymodscum2 at Saturday, March 01, 2014 Labels: , , , ,
http://it.slashdot.org/comments.pl?sid=6579519&cid=48701589

Your choice of OS, if you have something worth encrypting and hiding, is the least of your worries.

If you have any brains at all, all key generation is done offline on a clean machine and then that machine destroyed. Only a specific, purpose-built target on YOU would stop that working as intended without informing the NSA, and then they may as well just listen in to the room anyway.

What you are falling into is the "movie hackers" fallacy - "Gosh, everything hackable therefore everything is hacked all the time". If you have a clean, from-disk OS, and keep it off the net, and sign your messages with your pre-generated private key on a device that goes NOWHERE and only gets turned on when you need to use it - fuck 'em. Quite what power do you think they have over that?

Don't get me wrong, if you're targeted by the NSA, I'm sure they can get to you somehow. But I can assure you they were targeting Bin Laden and he survived, what, a decade with the whole world looking for him? He was found to be couriering USB keys down to the local Internet cafe.

Targeted malware only works if you're stupid enough to expose the machine to the net, or run programs that aren't verifying content. It's all Hollywood tripe.

If there's a terrorist with a brain out there, and they are trying to avoid the NSA's glare, I'd be quite annoyed at their stupidity if they aren't using read-only boot media, a bunch of random devices bought in shops, PKE, and programs that aren't mainstream enough to have exploits written for them.

If you're targeted, malware is the fucking least of your worries, and easily countered by not allowing your PC to come into contact with it. Even that stuff about some malware making computers "talk" over audio channels to cross air-gaps only works when computers are infected in the first place.

We even have double-compilation-verification built operating systems, and you can boot some old shit off a floppy image from pre-Windows days if you're really paranoid.

The problem is not that - it's not encrypting, generating, or securing your message. It's how do you get your message to the wider net from there, and that identifies your location quite quickly.

It lacks in imagination to think that the NSA, or indeed any intelligence agency, is really as good as you think they are. I'm a massive fan of GCHQ history, for instance, and I quite believe that today's GCHQ is a shadow of it's former self forced to resort to asking Facebook for copies of its data. Given that they invented this type of stuff to prevent EXACTLY what they are trying to do now, it's hilarious that it's backfired to the point where they are having to convince you they really can listen to everything, everywhere, always.
If they could do that, you would never hear of it. Because, you see, they'd know about all the leaks and be able to stop them in their tracks - legally or illegally.

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)