Month: April 2010

U.N. Proving Once Again That They’re Worthless

Everybody’s favorite organization is proving once again there are no people they’re not willing to fuck over hard. Here’s a video found via Dvorak Uncensored that shows what the U.N. is really doing in Haiti:

[youtube=http://www.youtube.com/watch?v=PbieX5s-jHM]

Yup instead building shelters in convenient locations they’re kicking the Haitian population to the boonies while they drop down some nice air conditioned trailers in primo locations for themselves. Your donations at work ladies and gentlemen.

Buy a Gun Day

Remember today is a special day. Not only is it the day you file your forced government wealth removal forms but it’s also Buy a Gun Day. I’m going to forgo this holiday though because the tax protest at the state capital sounds more interesting. Also I did buy that Generation 4 Glock 17 pretty recently so that probably counts towards the holiday.

End the Mandate Act

Since most people I know oppose the Mandated Health Insurance Act this should be interesting. Ron Paul has introduced the End the Mandate Act which would repeal the section of the Health Insurance Enrichment Through Government Abuse Act forcing Americans to purchase government mandated health insurance.

Whether you love him or hate him you had to admit he’s consistent and has a point.

California Assemblywoman Trying to Ban Open Carry

Well the pants shitting hysteria is upon us. Apparently Assemblywoman Lori Saldana (there’s supposed to be some goofy mark above the ‘n’ in Saldana but if it isn’t in the ASCII table I ain’t fucking with it) thinks the open display of unloaded handguns is evil and needs to be stopped. And of course she is citing that incident where 20 people were murdered by open-carry protesters… oh wait that never happened so she’s using this as her justification:

Saldaña cited an open-carry event in Pacific Beach last year as alerting her to the need for a ban on displaying guns, even unloaded, in public. There, with thousands of people at the beach on a Saturday, about 60 members of the movement walked along the boardwalk.

The gall of those people to peaceably demonstrate in a public area! My God somebody could get ideas that we should respect peoples’ rights! This must be stomped down immediately. But there’s more:

“Guns are an intimidating presence,” Saldaña said. “The average citizen can’t tell the good guys from the bad guys.”

Let me run this quick multiple choice question past you that should help the average citizen identify friend from foe.

You see a man walking down the street openly carrying a handgun. Is he:
A) Shooting at you?
B) Not shooting at you?

If you answered ‘A’ he’s a bad guy, if you answered ‘B’ he’s a good guy (as far as you’re concerned of course, if he’s not shooting at you he’s not a concern of yours).

Anyways the bill is Assembly Bill 1934. 1934? That number sounds familiars. Oh yeah it’s the year the National Firearms Act was enacted. A coincidence but a funny one regardless. Those of you in California need to stomp this law and a few others worming their way through your legislation down, HARD. I know your representatives don’t listen to you but make it damned clear if they pass anti-gun bills they won’t be getting another term. And follow that by actively working against them to ensure they don’t get another term.

Oh to close this we have a quote from a police officers:

Said Emeryville Chief James, “We view open carry as an officer safety issue. Officers are taught from Day One at the academy that guns are a threat. … We teach tactically how to respond to that threat.”

Holy shit how do the police deal with the guns other cops are carrying? After all the police are all openly carrying their firearms therefore all of your officers must treat each other as a threat. We know you can’t trust the uniform since people impersonate police officers quite often.

How It’s Done

Apparently some anti-gunner tried to claim most gun owners weren’t law abiding citizens by pointing out the fact that criminals who use guns are technically gun owners. Robb Allen pulls out the facts and does that math thing to show even considering criminals who use guns most gun owners are still law abiding citizens.

Aren’t facts a bitch? Logic truly is the anti-gunner’s worst nightmare.

In Security the Key Phrase is Trust No One

Last month I posted a story about an interesting Windows security issue dealing with how the operating system handles SSL root certificates. After reading the linked research paper I’ve started scrounging the sourced information within and I must say the phrase trust no one is made very apparently. The paper cites several stories dealing with government entities coercing private companies into allowing bypassing in place security measures to allow surveillance. Lets look at a few of these stories.

The first one relates to an online e-mail service called Hushmail. According to Hushmail’s own site:

Every day, people around the world send billions of emails. The vast majority of these are transmitted without using any form of encryption. When you send an email without encryption, it can be monitored, logged, analyzed and stored by your employer, your internet service provider, or worse – a hacker
….
Hushmail keeps your emails private by encoding each message using encryption. Encryption is a way of transforming a message so that it is unreadable to anyone but the sender and its recipients. Hushmail makes encryption seamless and transparent – we encrypt your message automatically before it is sent, and then restore it back to its original form when the recipient reads it.

And from another section on their site:

In some countries, government sponsored projects have been set up to collect massive amounts of data from the Internet, including emails, and store them away for future analysis. This data collection is done without any search warrant, court order, or subpoena. One example of such a program was the FBI’s Carnivore project. By using Hushmail, you can be assured that your data will be protected from that kind of broad government surveillance.

You’ll notice they chose their wording very carefully. They imply their service will prohibit government surveillance but only so long as it’s warrantless. That page also describe in detail the fact that they will surrender information upon lawful request. Of course there is a reason they disclose this information now:

Zimmermann, who sits on Hushmail’s advisory board, spoke to THREAT LEVEL after we published a piece contrasting the site’s promises that it had no access to the contents of customers’ encrypted emails stored on their servers with a court case showing that the Canadian company turned over 12 CDs of readable emails to U.S. authorities.

At one point Hushmail advertised itself as not being able to access user’s e-mails. Of course they eventually turned over 12 CDs worth of customer e-mails and then backtracked. Mr. Zimmermann makes a very good point that everybody should realize:

“If your threat model includes the government coming in with all of force of the government and compelling service provider to do things it wants them to do, then there are ways to obtain the plaintext of an email ,” Zimmermann said in a phone interview. “Just because encryption is involved, that doesn’t give you a talisman against a prosecutor. They can compel a service provider to cooperate.”

It should go without saying that if the company can get access to the plain text of the e-mails stored on its servers then somebody else can as well. Needless to say even if an online service proclaims they securely store your data and it can not be accessed that is not usually true. The only secure option is to encrypt the data while it’s still on your machine and then send it out. For instance I backup much of my data to an online store service. Before the data leaves my system it’s put into a TrueCrypt partition. Only I have the key to decrypt the partition so even if a government entity forced my storage provider to hand over my data there is no way for that provider nor the government to decrypt it (obviously I mean before I die, they could brute force the key but it would take practically a century and I doubt I’ll still be alive when they find out my encrypted partition contained nothing important nor incriminating).

So that’s one example that was cited in the paper. The next one is even more insidious in my opinion but has a happier ending. I’m sure everybody who is reading this is at least familiar with OnStar. It’s an in vehicle service provided with Government General Motors produced vehicles. It allows such services as calling somebody via the press of a button or getting help in an emergency. It also allows law enforcement personnel to track and find the vehicle should it get stolen. To do it’s services there are two things that it needs: The ability to output vocal data which is provided by the car’s stereo system, and a microphone so you can communicated with OnStar employees.

People buying GM cars see this services as a convenience but government sees it as something else, a mechanism of spying on the citizenry:

The court did not reveal which brand of remote-assistance product was being used but did say it involved “luxury cars” and, in a footnote, mentioned Cadillac, which sells General Motors’ OnStar technology in all current models. After learning that the unnamed system could be remotely activated to eavesdrop on conversations after a car was reported stolen, the FBI realized it would be useful for “bugging” a vehicle, Judges Marsha Berzon and John Noonan said.

Yes the FBI decided OnStar was a great service. You simply flip on the microphone remotely and you can monitor conversations taking place inside the vehicle. Great! Fortunately after doing this the courts decided it was a no-no:

In a split 2-1 rulingthe majority wrote that “the company could not assist the FBI without disabling the system in the monitored car” and said a district judge was wrong to have granted the FBI its request for surreptitious monitoring.

But not for the reasons you’re thinking:

David Sobel, general counsel at the Electronic Privacy Information Center, called the court’s decision “a pyrrhic victory” for privacy.

“The problem (the court had) with the surveillance was not based on privacy grounds at all,” Sobel said. “It was more interfering with the contractual relationship between the service provider and the customer, to the point that the service was being interrupted. If the surveillance was done in a way that was seamless and undetectable, the court would have no problem with it.”

See in order to activate the microphone remotely without the vehicle occupants knowing OnStar’s recovery mode had to be disabled. This presented a violation of the service agreement between OnStar and the vehicle owner:

Under current law, the court said, companies may only be ordered to comply with wiretaps when the order would cause a “minimum of interference.” After the system’s spy capabilities were activated, “pressing the emergency button and activation of the car’s airbags, instead of automatically contacting the company, would simply emit a tone over the already open phone line,” the majority said, concluding that a wiretap would create substantial interference.

Personally I don’t trust any system in my vehicle that can be remotely activated and for good reason. Having a remotely activated microphone in your vehicle is just asking to be eavesdropped on. This also includes cellular phones but Tam pointed out a simple solution for that.

The final cited source I’m going to bring up from that paper (seriously go read it [PDF]) deals with RIM’s Blackberry phones. In this case the problem wasn’t related to RIM but a cellular phone carrier who cells their devices. I know the United Arab Emirates aren’t known for their love of basic human rights but when you get carriers to install spyware on phones to monitor all users of Blackberry devices that’s simply shitting all over privacy.

Details on the spyware application itself can be found here. Although the spyware did appear to be actively monitoring peoples’ communications by default it was capable of being remotely activated at any time. Of course the expected activation would be done by law enforcement personnel but anything they can activate a resourceful malicious hacker can activate. Now I do want to make it clear RIM didn’t have any knowledge of this and did release the following public statement:

In the statement, RIM told customers that “Etisalat appears to have distributed a telecommunications surveillance application… independent sources have concluded that it is possible that the installed software could then enable unauthorised access to private or confidential information stored on the user’s smartphone”.

It adds that “independent sources have concluded that the Etisalat update is not designed to improve performance of your BlackBerry Handheld, but rather to send received messages back to a central server”.

This was a case of the UAE government getting a local carrier, Etisalat, to cooperate and install the spyware. The scariest thing here is the software wouldn’t have even been noticed if it wasn’t for the fact it was poorly coded and causing phone instabilities. Needless to say the phrase trust no one is very relevant everywhere in the world.

These stories exemplify that security is something you need to take into your own hands. You can’t expect other people to do it nor can you expect your government to do it. Nobody is going to protect your life, property, or privacy except you. This requires you obtain pertinent knowledge on the technology you use. Take time to understand the technology and devices you use in your everyday life and try to come up with ways those things can be used against you. Once you realize how those things can be used you can develop countermeasures.

The Red Star Strikes Again

Well unfortunately for you, my readers, (probably more of a fortunate thing for you really) I got tied up in a side protect and didn’t get much blogging done. But I do have one post for you tonight directly from the local newspaper I like to call The Red Star. They seem to believe Minnesota needs to become a police state. This is a nice little piece I pulled from today’s story about DWIs:

Nearly 40 states allow police to set up sobriety checkpoints, often cited as one of the best tactics to keep roads safe. Minnesota started using checkpoints in 1990 but stopped four years later when the state Supreme Court ruled the tactic unconstitutional. There has been no major effort to change the law through a constitutional amendment. Police now rely largely on saturation patrols, which are less effective, to discourage drunken driving.

Minnesota also doesn’t impose enhanced penalties for extreme drunken driving unless offenders register a blood-alcohol level of 0.20 percent. Most states that impose extra penalties do so at lower levels.

Yes this state decided that assuming guilt was not constitutional. Good job! Of course The Red Star doesn’t agree and believes you need to subjugate the people of this state into proving their innocence without any evidence brought forth to accuse us of guilt.

Sobriety check points are a fancy say of saying, “We assume all people are criminals and therefore driving drunk.” You are in essence being pulled over (stopped at a check point) by police whom you must prove your innocence to before you’re allowed to drive on. That’s the definition of guilty until proven innocent. That is also one of the very ingredients for a police state.

Cripes I hate that paper.

John Browning

A very good quick overview of John Browning’s inventions can be found over at The Truth About Guns (not to be mistaken for the Truth About Guns podcast):

When Browning passed away on November 26, 1926, he had 128 gun patents to his credit. Despite his extraordinary accomplishments, his legacy sometimes flies below the radar since Winchester, Colt, Remington (Models 8 and 24 semi-automatic rifles and Model 11 / Sportsman shotguns), Savage (Model 720 shotgun), and FN brand names appear on most of the guns he designed, not to mention the millions of military arms manufactured that bore no brand name whatsoever.

Needless to say Mr. Browning knew his shit.