|
tdubz



Registered: 02/26/12
Posts: 5,586
|
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: Alan Rockefeller]
#23382494 - 06/25/16 10:53 PM (7 years, 7 months ago) |
|
|
I want to correct a little of what I said I don't think Tor started out this way. I could (maybe) believe Tor was a genuine effort to circumvent censorship. But it has certainly now become a trap to catch criminals since most of the content on the dark web revolves around illicit activity. Rather than allow the Judicial system to establish law regarding the incident with Play Pen the FBI decided to use the blanket of "National Security" that's what I meant by it's actions lacking public accountability. And the NSA does this to a much greater extent along with the CIA. The FBI is not the NSA or CIA though an should not have the same leeway wartime powers that those agencies have.
|
Konyap

Registered: 06/30/07
Posts: 33,945
Loc: Planet Piss
Last seen: 4 years, 2 months
|
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: tdubz]
#23382754 - 06/26/16 01:32 AM (7 years, 7 months ago) |
|
|
if someone is posting gore pictures it definitely could be a case "but I got it from someone?"
Oh you!
Edited by Konyap (06/26/16 01:33 AM)
|
tdubz



Registered: 02/26/12
Posts: 5,586
|
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: Konyap]
#23385652 - 06/26/16 08:54 PM (7 years, 7 months ago) |
|
|
We are lucky the Senate by 2 votes blocked the FBIs surveillance program (although the NSA already does this anyway so it does not matter) but if you think allowing the FBI to access our emails and browser history without a warrant is a good idea you must be stupid. More Americans should be more concerned with whats happening in Congress instead of watching reality TV. And btw I have personally emailed congressmen voting on this issue to thank them of their support for this gross injustice whether they read them or not I don't know but as a drug user community forum I would be very concerned about this.
Edited by tdubz (06/26/16 09:02 PM)
|
Alan Rockefeller
Mycologist

Registered: 03/10/07
Posts: 48,276
Last seen: 8 hours, 31 minutes
|
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: tdubz]
#23385775 - 06/26/16 09:28 PM (7 years, 7 months ago) |
|
|
How would the FBI access emails and browser history without a warrant?
Email and most websites use strong encryption now.
|
tdubz



Registered: 02/26/12
Posts: 5,586
|
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: Alan Rockefeller]
#23385896 - 06/26/16 10:03 PM (7 years, 7 months ago) |
|
|
Prime example of someone who does not know whats happening in congress.
https://theintercept.com/2016/06/22/senate-narrowly-rejects-controversial-fbi-surveillance-expansion-for-now/
Quote:
A controversial amendment that would expand the FBI’s surveillance power was narrowly defeated in the Senate Wednesday.
The final tally was 58 to 38, two votes shy of the 60 needed for the amendment to move forward. The issue will likely surface again soon, however, as Majority Leader Senator Mitch McConnell, R-Ky., immediately filed for a motion to reconsider the amendment.
The amendment — lumped on last-minute to a criminal justice funding bill — would have expanded the scope of information the FBI can collect by sending technology and Internet companies what’s known as a national security letter—without getting any kind of court approval first.
The FBI would be able to access information about suspects’ online behavior including what websites someone visits and for how long, IP address, social media activity, email headers, and more.
Companies can’t talk about the requests because they come with a gag order. Only a handful of national security letters have been made public in the decades since the FBI started issuing them.
Privacy advocates and technology companies have protested the amendment as an intrusion on Fourth Amendment protections on sensitive personal information.
“The country wants policies that promote safety and liberty,” said Sen. Ron Wyden, D-Ore., on Wednesday. “Increasingly we’re getting policies that don’t do much of either.”
He pointed out that the USA Freedom Act, in a section he authored, would allow the FBI to get the records it seeks in an emergency immediately and seek judicial approval afterwards.
Advocates like Sen. John McCain, R-Ariz., the amendment’s sponsor, insist the FBI needs more power to combat “radicalization” on the Internet. “Every law enforcement agency in American supports this,” he insisted.
The vote comes shortly after Republican senators rallied around the recent tragedy at a night club in Orlando to push for expanded surveillance powers. Though the Chairman of the Intelligence Committee, Sen. Richard Burr, R-N.C., admitted on the floor before the vote that the amendment would not have prevented the mass shooting in Orlando, or the attacks in San Bernardino in December of last year.
Burr repeated FBI Director James Comey’s assertion that the expansion being discussed is really just fixing a “typo” in the law—because the FBI used to regularly seek those records before one company, whose identify remains unknown, “bucked the system” as Burr put it, and refused to hand them over because the language of the law was confusing.
In fact, the FBI has been trying to expand the power of its national security letters since 2008, when the George W. Bush Department of Justice interpreted those powers more narrowly than the FBI liked.
The FBI has also continued to ask for additional records until at least 2013 despite the DOJ’s advice, exceeding its authorities, as The Intercept reported.
It was attempted to be slipped in right along with the gun votes an everything else last minute trying to go right over the heads of lawmakers and the public.
Edited by tdubz (06/26/16 10:12 PM)
|
Alan Rockefeller
Mycologist

Registered: 03/10/07
Posts: 48,276
Last seen: 8 hours, 31 minutes
|
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: tdubz]
#23386350 - 06/27/16 01:50 AM (7 years, 7 months ago) |
|
|
Quote:
tdubz said: Prime example of someone who does not know whats happening in congress.
I have been following what is happening in congress. The problem is that you don't understand the technology.
This is about sending National Security Letters to ISP's.
ISP's don't have your browsing history - that is kept on your computer. The only thing your ISP can do is capture your web data as it passes through their network. If you visit a https site, all they can see is the IP address that you went to - they can't see the URL's you visited or what you did, as this is protected by strong encryption. They can't even see the host name unless there is only one website on that IP address, though they could infer it based on which DNS lookups you are doing.
They might have your emails if you use your ISP's mail servers, but for people who use web based email, your ISP doesn't have your email to turn over. They could send a separate NSL to your mail host, which is why it's a good idea to use encryption on top of email.
There is no one person that they could send a NSL to who has your browsing history, except for non-SSL encrypted sites. They would only see stuff like cnn.com - most sites use SSL now.
|
tdubz



Registered: 02/26/12
Posts: 5,586
|
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: Alan Rockefeller]
#23386411 - 06/27/16 02:27 AM (7 years, 7 months ago) |
|
|
Are you kidding me? I don't understand the technology? I'm currently studying for a BS in Computer Information and I have a BA in Political Science. I understand how Tor works. It's weaker than ever before an has been cracked for a long time. I had to post this out of my way so that you could see the Congressional vote, you did not know this until I posted it. There are multiple vulnerabilities to both tor, https, and ssl encryption the reason you do not hear about them are because they are classified particularly the latter.
https://www.hackread.com/tor-teams-againt-fbi-hacking-exploit/
Quote:
TOR TEAM HAS BEEN WORKING HARD TO STOP FBI FROM HACKING THE ONION BROWSER AND TRACK USERS — THE TEAM IS NOW GEARING UP TO CREATE A HARDENED VERSION OF THE BROWSER! There has been a fair share of work done to decrypt the Tor browser and any of its users who might be connected to illegal activities. The FBI has been largely involved in most of the acts over the past few years. The Tor browser network is widely lauded as the safest tool when it comes to online privacy, but in recent court cases that have been presented to the public, there seems to be a viable government malware that is capable of exploiting existing bugs in the Firefox browser. The exploit, it turns out was provided to the government back in 2015 by the researchers over at the Carnegie Mellon University.
Must Read: 7 Online Activities That Can Get You Arrested
However, a new paper shows that concerned security researchers determined to create an impenetrable browser, are now working in conjunction with the Tor Project developers to create a hardened version of the Browser. In this new and improved Tor Browser, they are aiming to create; they want to include nee anti-hacking techniques which would drastically improve the anonymity and security of users and also in a way frustrate attempts by the government to decrypt information.
One of the techniques that the security researchers are specifically researching is the Selfrando technique. The technique was made to protect against any browser exploits such as the one that has been shown to be done by the FBI.
The code would be used to counteract what the security researchers call the ‘code reuse’ exploits. In this case, attackers usually exploit the memory leak in reusing the code libraries instead of injecting new malicious codes in the network. They use libraries that are already inside the browser and therefore building malware by rearranging the things contained in the application’s memory.
Must Read: Tor Anonymity: Things NOT To Do While Using Tor
tor-browser-exploit Fig. 1. Building and running applications without (a) and with selfrando (b) enabled / Fig. 2. Workflow of selfrando. Must Read: Facebook Integrates TOR into its Android App For Better Privacy
Attackers in such cases need to know where all the certain functions they are aiming for are located within the application memory space. However, the current security mechanisms in the browsers only randomize locations of the code libraries and not the individual functions as expected. This is where the Selfrando technique comes into play, and therefore creates an internal code which will be very hard to exploit.
In the paper (Pdf) that they wrote, the researchers said that their solution would significantly improve the security over the standard address space layout randomization. These are the techniques which are currently employed by the Firefox browser and many mainstream browsers. Thy plans to present the plan to their findings at the Privacy Enhancing Technologies Symposium in Darmstadt, Germany in July. They also wrote that the Tor Project had accepted to include their technique into the hardened releases of the new Tor Browser.
Must Read: Mouse movements are enough to track down Tor users
So with this news, it means that the law enforcement agencies are going to have a tough time hacking into any of the information that will be in the browser. Agencies such as the FBI already complain that they don’t have enough resources to take down terrorists and criminals on the browser are about to get another thing coming their way.
The move by the researchers shows that some people in the security field are still intent on getting the general public some privacy no matter who it affects.
It's all a circle jerk if you will. They create stronger encryption and the FBI then "at their own pace decides when to decrypt it an make it public or it eventually leaks out" a cat an mouse game, always has been and always will be. Security on the internet is an illusion albeit a carefully constructed one. The NSA is on a whole nother level than the FBI though so this is small ball compared to what a 50 billion dollar budget can do spent on specifically penetrating networks.
Edited by tdubz (06/27/16 02:42 AM)
|
Alan Rockefeller
Mycologist

Registered: 03/10/07
Posts: 48,276
Last seen: 8 hours, 31 minutes
|
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: tdubz]
#23386435 - 06/27/16 02:41 AM (7 years, 7 months ago) |
|
|
There are no publicly known vulnerabilities in tor, https or ssl.
What makes you think that tor has been cracked?
What makes you think SSL has been cracked?
Do you have some inside information, or are you just making up paranoid stuff?
|
tdubz



Registered: 02/26/12
Posts: 5,586
|
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: Alan Rockefeller]
#23386439 - 06/27/16 02:45 AM (7 years, 7 months ago) |
|
|
No I am not making stuff up everything I have posted is fact. I can only inform the consensus half way if people want to learn more for themselves then it's up to them.
https://www.ics.uci.edu/~perl/pets16_selfrando.pdf - Securing the Tor Browser against De-anonymization Exploits
Edited by tdubz (06/27/16 02:57 AM)
|
Alan Rockefeller
Mycologist

Registered: 03/10/07
Posts: 48,276
Last seen: 8 hours, 31 minutes
|
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: tdubz]
#23386475 - 06/27/16 03:20 AM (7 years, 7 months ago) |
|
|
Quote:
tdubz said: No I am not making stuff up everything I have posted is fact.
You posted that SSL and HTTPS have been cracked, and that's not true.
The paper on tor you posted is both good and recent, but nowhere in that paper does it say that tor has been cracked. It has always been the case that if you run vulnerable web browser software, the websites that you connect to can hack you. There are lots of ways to mitigate this.
For example if you run your tor browser in a chroot or VM which does not have access to the rest of your files, nor access to make outbound connections, even if the FBI does hack you, it would be impossible for them to learn where you are or who you are.
|
tdubz



Registered: 02/26/12
Posts: 5,586
|
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: Alan Rockefeller]
#23386486 - 06/27/16 03:28 AM (7 years, 7 months ago) |
|
|
http://thehackernews.com/2015/10/nsa-crack-encryption.html
Quote:
Yes, it seems like the mystery has been solved. We are aware of the United States National Security Agency (NSA) powers to break almost unbreakable encryption used on the Internet and intercept nearly Trillions of Internet connections – thanks to the revelations made by whistleblower Edward Snowden in 2013. However, what we are not aware of is exactly how did the NSA apparently intercept VPN connections, and decrypt SSH and HTTPS, allowing the agency to read hundreds of Millions of personal, private emails from persons around the globe.
Now, computer scientists Alex Halderman and Nadia Heninger have presented a paper at the ACM Conference on Computer and Communications Security that advances the most plausible theory as to how the NSA broke some of the most widespread encryption used on the Internet. According to the paper, the NSA has exploited common implementations of the Diffie-Hellman key exchange algorithm – a common means of exchanging cryptographic keys over untrusted channels – to decrypt a large number of HTTPS, SSH, and VPN connections.
Diffie-Hellman – the encryption used for HTTPS, SSH, and VPNs – helps users communicate by swapping cryptographic keys and running them through an algorithm that nobody else knows except the sender and receiver. Also Read: NSA will not stop spying on us, next move Quantum computer to break strongest Encryption It is described as secure against surveillance from the NSA and other state-sponsored spies, as it would take hundreds or thousands of years and by them and a nearly unimaginable amount of money to decrypt directly.
However, a serious vulnerability in the way the Diffie-Hellman key exchange is implemented is allowing the intelligence agencies and spies to break and eavesdrop on trillions of encrypted connections. To crack just one of the extremely large prime numbers of a Diffie-Hellman in the most commonly used 1024-bit Diffie-Hellman keys would take about a year and cost a few hundred Million dollars.
However, according to researchers, only a few prime numbers are commonly used that might have fit well within the agency's $11 Billion-per-year budget dedicated to "groundbreaking cryptanalytic capabilities." "Since a handful of primes are so widely reused, the payoff, in terms of connections they could decrypt, would be enormous," said Alex Halderman and Nadia Heninger in a blog post published Wednesday. "Breaking a single, 1024-bit prime would allow the NSA to passively decrypt connections to two-thirds of VPNs and a quarter of all SSH servers globally. Breaking a second 1024-bit prime would allow passive eavesdropping on connections to nearly 20% of the top million HTTPS websites. In other words, a one-time investment in massive computation would make it possible to eavesdrop on trillions of encrypted connections."
Around 92% of the top 1 Million Alexa HTTPS domains make use of the same two primes for Diffie-Hellman, possibly enabling the agency to pre-compute a crack on those two prime numbers and read nearly all Internet traffic through those servers.
https://weakdh.org/imperfect-forward-secrecy-ccs15.pdf - On cracking HTTPs, VPNs, SSH
|
Amanita86
OTD Keymaster


Registered: 09/26/12
Posts: 89,464
Loc: hades
|
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: Alan Rockefeller]
#23386574 - 06/27/16 04:58 AM (7 years, 7 months ago) |
|
|
Quote:
Alan Rockefeller said: There are no publicly known vulnerabilities in tor, https or ssl.
What makes you think that tor has been cracked?
What makes you think SSL has been cracked?
Do you have some inside information, or are you just making up paranoid stuff?
I think it's safe to say, just from an air force perspective, anything "publicly known" is equatable to Lincoln Logs. You're going to tell me that what is "publicly known" is as far as it goes? Come on man..
In this day and age, internet is ground zero. Believe people have done the math. It's just a matter of what's important enough to act on.
--------------------
Orange clock, pencil "They threw me off the hay truck about noon..."
*Mark 15:34  Gam zeh ya’avor...
|
Alan Rockefeller
Mycologist

Registered: 03/10/07
Posts: 48,276
Last seen: 8 hours, 31 minutes
|
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: Amanita86]
#23386739 - 06/27/16 06:37 AM (7 years, 7 months ago) |
|
|
Quote:
Amanita86 said: I think it's safe to say, just from an air force perspective, anything "publicly known" is equatable to Lincoln Logs. You're going to tell me that what is "publicly known" is as far as it goes? Come on man..
In this day and age, internet is ground zero. Believe people have done the math. It's just a matter of what's important enough to act on.
Even if your paranoid fantasy that this is true was correct, which it probably is, it wouldn't matter much because they can't use the information they get from cracking it very much at all because then people would figure out that it was broken and switch to something else that is much more secure.
|
Apostle
Philanthropist



Registered: 12/12/09
Posts: 31,501
Loc: FL
Last seen: 1 year, 24 days
|
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: tdubz]
#23386813 - 06/27/16 07:18 AM (7 years, 7 months ago) |
|
|
Quote:
tdubz said: I've said it before an I will again Tor was a social experiment to trick people into falling for bait. Some people got busted some people didn't but I'm sure if you raised enough attention on the dark net you got a visit.
How does that make it any different than the real world?
at what rates did people get busted on Tor compared to offline/street dealing?
If the whole thing was "bait" why did they catch so few dealers and why are people still using the dn?
I'm not saying the government isn't involved in some way with Tor i just don't think it was designed as bait. I'd even wager that Seized drugs have been sold on the DN.
|
durian_2008
Cornucopian Eating an Elephant


Registered: 04/02/08
Posts: 16,693
Loc: Raccoon City
|
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: Alan Rockefeller]
#23387312 - 06/27/16 10:38 AM (7 years, 7 months ago) |
|
|
Quote:
...then people would figure out that it was broken and switch to something else that is much more secure.
With all due respect --
How are you supposed to figure things like that out, if you can't believe in people's self-reported experiences.
Is there some test.
It's not a rhetorical question.
|
Repertoire89
Cat



Registered: 11/15/12
Posts: 21,773
|
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: tdubz]
#23388418 - 06/27/16 05:20 PM (7 years, 7 months ago) |
|
|
Quote:
tdubz said: I've said it before an I will again Tor was a social experiment to trick people into falling for bait. Some people got busted some people didn't but I'm sure if you raised enough attention on the dark net you got a visit. Security on the internet is an illusion when you have the NSA sucking data right out of the ISP backbone.
Paranoid delusion of as great a magnitude as lizard people.
|
Alan Rockefeller
Mycologist

Registered: 03/10/07
Posts: 48,276
Last seen: 8 hours, 31 minutes
|
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: durian_2008]
#23388576 - 06/27/16 06:09 PM (7 years, 7 months ago) |
|
|
Quote:
durian_2008 said: How are you supposed to figure things like that out, if you can't believe in people's self-reported experiences.
If the government uses information that they got from cracking a secure thing against people, they will eventually realize.
|
tdubz



Registered: 02/26/12
Posts: 5,586
|
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: Apostle]
#23388678 - 06/27/16 06:38 PM (7 years, 7 months ago) |
|
|
It's impossible to know how many got busted by Tor directly through it or indirectly by it. The point is that it is insecure that does not mean your going to get busted every time you order a small quantity of drugs. But who knows maybe later when you visit your friend down the street an get busted you'll think it will be a surprise or something but maybe it won't be.
Edited by tdubz (06/27/16 07:06 PM)
|
Hobbyist
Citizen


Registered: 08/15/10
Posts: 805
|
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: tdubz]
#23394887 - 06/29/16 04:52 PM (7 years, 6 months ago) |
|
|
Quote:
tdubz said: I want to correct a little of what I said I don't think Tor started out this way. I could (maybe) believe Tor was a genuine effort to circumvent censorship.
TOR was developed initially by the Navy for their own use...
Quote:
tdubz said: Are you kidding me? I don't understand the technology? I'm currently studying for a BS in Computer Information and I have a BA in Political Science. I understand how Tor works. It's weaker than ever before an has been cracked for a long time.
How can you be so knowledgeable about it and not know some very basic things about it?
-------------------- Everything i say is completely hypothetical...
|
tdubz



Registered: 02/26/12
Posts: 5,586
|
Re: The FBI Is Classifying Its Tor Browser Exploit Because 'National Security' [Re: Hobbyist]
#23395834 - 06/29/16 10:36 PM (7 years, 6 months ago) |
|
|
I know Tor was developed by the navy. What makes you think I did not know that? Read the research papers I posted that will show you the level of Tor knowledge I have, these are higher education research papers and one may in fact be regarding one of the FBI's secret exploit techniques being used right now.
|
|