User Name
Password

Go Back   Planetarion Forums > Non Planetarion Discussions > General Discussions

Reply
Thread Tools Display Modes
Unread 6 Dec 2004, 20:20   #1
meglamaniac
Born Sinful
 
meglamaniac's Avatar
 
Join Date: Nov 2000
Location: Loughborough, UK
Posts: 4,059
meglamaniac has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.meglamaniac has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.meglamaniac has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.meglamaniac has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.meglamaniac has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.meglamaniac has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.meglamaniac has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.meglamaniac has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.meglamaniac has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.meglamaniac has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.meglamaniac has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.
Terrorism and computers

In a realistic sense, can anything really be done to catch 'terrorists' (read: individuals the government currently dislike) using the internet?
To what extent is all this cyber-security stuff the government bandies about utter crap?

Answering my own questions:
Very little and 99%.

Take this as an example (sorry if this is a bit techy but wtf, we're talking computers...):
IRC server runs on a machine listening only for connecions on loopback.
SSH server also runs on the machine.
Client logs in to the server with an SSH client (using either an account or a key) with the appropriate port forwards enabled.
Client connects to the forwarded port with an IRC client.
Result: Secure IRC where you can talk about whatever you like in the knowledge its using better encryption than the US military does.

Those of you who are "tech savvy" will know all I've described is an SSH tunnel, which takes very little time to set up and can provide much greater security than online shopping sites etc if desired.
To further obscure things, it's the work of seconds to reconfigure the SSH server to run on a non-standard port, in the upper "general use" range - 48,329 or something random like that.
How the hell does any enforcement agency stand a chance of flagging that without prior knowledge?

It's all big brother I tells ya, and thus I make my case for Blunket to be be burnt at the stake.
__________________
Worth dying for. Worth killing for. Worth going to hell for. Amen.
meglamaniac is offline   Reply With Quote
Unread 6 Dec 2004, 20:30   #2
JammyJim
Godfather
 
JammyJim's Avatar
 
Join Date: May 2000
Location: England
Posts: 5,185
JammyJim has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.JammyJim has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.JammyJim has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.JammyJim has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.JammyJim has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.JammyJim has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.JammyJim has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.JammyJim has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.JammyJim has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.JammyJim has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.JammyJim has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.
Re: Terrorism and computers

your basing this on the assumption that the people who created these encryption methods didnt install backdoors very carefully hidden and then told groups such as the NSA etc about them.

i doubt anything is truly secure in any true sense of the word. especially not from the government.
__________________
Forum Administrator
Mail : [email protected] // IRC : #forums
__________________
It's not personal, it's just business.
JammyJim is offline   Reply With Quote
Unread 6 Dec 2004, 20:31   #3
skiddy
wild one
 
skiddy's Avatar
 
Join Date: Feb 2001
Location: River Edge, NJ
Posts: 3,312
skiddy contributes so much and asks for so littleskiddy contributes so much and asks for so littleskiddy contributes so much and asks for so littleskiddy contributes so much and asks for so littleskiddy contributes so much and asks for so littleskiddy contributes so much and asks for so littleskiddy contributes so much and asks for so littleskiddy contributes so much and asks for so littleskiddy contributes so much and asks for so littleskiddy contributes so much and asks for so littleskiddy contributes so much and asks for so little
Re: Terrorism and computers

nmap will expose the port.
skiddy is offline   Reply With Quote
Unread 6 Dec 2004, 20:32   #4
NEWSBOT3
NEWSBOT
 
Join Date: Dec 2000
Location: The enby cave!
Posts: 4,872
NEWSBOT3 needs a job and a girlfriendNEWSBOT3 needs a job and a girlfriendNEWSBOT3 needs a job and a girlfriendNEWSBOT3 needs a job and a girlfriendNEWSBOT3 needs a job and a girlfriendNEWSBOT3 needs a job and a girlfriendNEWSBOT3 needs a job and a girlfriendNEWSBOT3 needs a job and a girlfriendNEWSBOT3 needs a job and a girlfriendNEWSBOT3 needs a job and a girlfriendNEWSBOT3 needs a job and a girlfriend
Re: Terrorism and computers

nmap is just a port scanner.
__________________
[20:27:47] <nodrog-aawy> **** i think my housemate just caught me masturbating
[11:25:32] <idimmu> you are a little piggy arent you
[13:17:00] <KaneED> i'm so closet i'm like narnia
__________________
Pretty parks and funky scrap metal things here
NEWSBOT3 is offline   Reply With Quote
Unread 6 Dec 2004, 20:43   #5
skiddy
wild one
 
skiddy's Avatar
 
Join Date: Feb 2001
Location: River Edge, NJ
Posts: 3,312
skiddy contributes so much and asks for so littleskiddy contributes so much and asks for so littleskiddy contributes so much and asks for so littleskiddy contributes so much and asks for so littleskiddy contributes so much and asks for so littleskiddy contributes so much and asks for so littleskiddy contributes so much and asks for so littleskiddy contributes so much and asks for so littleskiddy contributes so much and asks for so littleskiddy contributes so much and asks for so littleskiddy contributes so much and asks for so little
Re: Terrorism and computers

I know, but it'll tell you that port xxxxx is open and what's using it.

Hence exposing the port.

You could also try fingerprinting and getting the OS, then SSH into the port to get the version number, then find an exploit in that version and get into the system, thus giving you (the government authority who have the nerds who know how to do all this) access to the terminal logs etc.
skiddy is offline   Reply With Quote
Unread 6 Dec 2004, 22:54   #6
wu_trax
Registered User
 
Join Date: Jan 2003
Posts: 4,290
wu_trax is a pillar of this Internet societywu_trax is a pillar of this Internet societywu_trax is a pillar of this Internet societywu_trax is a pillar of this Internet societywu_trax is a pillar of this Internet societywu_trax is a pillar of this Internet societywu_trax is a pillar of this Internet societywu_trax is a pillar of this Internet societywu_trax is a pillar of this Internet societywu_trax is a pillar of this Internet societywu_trax is a pillar of this Internet society
Re: Terrorism and computers

Quote:
Originally Posted by JammyJim
your basing this on the assumption that the people who created these encryption methods didnt install backdoors very carefully hidden and then told groups such as the NSA etc about them.

i doubt anything is truly secure in any true sense of the word. especially not from the government.
sure you can crack / hack / whatever almost everything if only you have enough resources, but look at how much traffic there is every day. its completly impossible to check all that.
__________________
im not tolerant, i just dont care.
wu_trax is offline   Reply With Quote
Unread 6 Dec 2004, 23:04   #7
JammyJim
Godfather
 
JammyJim's Avatar
 
Join Date: May 2000
Location: England
Posts: 5,185
JammyJim has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.JammyJim has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.JammyJim has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.JammyJim has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.JammyJim has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.JammyJim has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.JammyJim has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.JammyJim has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.JammyJim has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.JammyJim has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.JammyJim has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.
Re: Terrorism and computers

i doubt its impossible tbh. it may be impossible for humans to check and qualify whether things are 'bad' or 'good' but a computer can be programmed to look for things. and if these things are found it flags it for human checking.


i dont believe for one minute that a country like the United States with its vast vast pool of wealth, talent and resources does not have the capability to check up on most things if it so desired.
__________________
Forum Administrator
Mail : [email protected] // IRC : #forums
__________________
It's not personal, it's just business.
JammyJim is offline   Reply With Quote
Unread 6 Dec 2004, 23:38   #8
Belgarath The Sorcerer
First Disciple of Aldur
 
Belgarath The Sorcerer's Avatar
 
Join Date: Jul 2000
Location: The Vale of Aldur
Posts: 1,470
Belgarath The Sorcerer has much to be proud ofBelgarath The Sorcerer has much to be proud ofBelgarath The Sorcerer has much to be proud ofBelgarath The Sorcerer has much to be proud ofBelgarath The Sorcerer has much to be proud ofBelgarath The Sorcerer has much to be proud ofBelgarath The Sorcerer has much to be proud ofBelgarath The Sorcerer has much to be proud ofBelgarath The Sorcerer has much to be proud of
Re: Terrorism and computers

Quote:
Originally Posted by JammyJim
your basing this on the assumption that the people who created these encryption methods didnt install backdoors very carefully hidden and then told groups such as the NSA etc about them.

i doubt anything is truly secure in any true sense of the word. especially not from the government.
Except these are mathmatically proven algorithims that would take all the computing power available on the planet today the age of the universe to crack.
__________________
Yeah.
Belgarath The Sorcerer is offline   Reply With Quote
Unread 7 Dec 2004, 00:00   #9
meglamaniac
Born Sinful
 
meglamaniac's Avatar
 
Join Date: Nov 2000
Location: Loughborough, UK
Posts: 4,059
meglamaniac has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.meglamaniac has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.meglamaniac has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.meglamaniac has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.meglamaniac has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.meglamaniac has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.meglamaniac has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.meglamaniac has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.meglamaniac has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.meglamaniac has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.meglamaniac has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.
Re: Terrorism and computers

And you forget that there is a simple way to avoid backdoors and so on.
Linux.

There are open source versions of all of these utilities, so not only are there not going to be back doors in there because reviews would have flagged them, but you can check for yourself.
OpenSSH provides sshd (the SSH server), and there are plenty of ircd's available to do the chat end of things (unreal, ngircd, dancer...).
__________________
Worth dying for. Worth killing for. Worth going to hell for. Amen.
meglamaniac is offline   Reply With Quote
Unread 7 Dec 2004, 00:49   #10
queball
Ball
 
queball's Avatar
 
Join Date: Oct 2001
Posts: 4,410
queball contributes so much and asks for so littlequeball contributes so much and asks for so littlequeball contributes so much and asks for so littlequeball contributes so much and asks for so littlequeball contributes so much and asks for so littlequeball contributes so much and asks for so littlequeball contributes so much and asks for so littlequeball contributes so much and asks for so littlequeball contributes so much and asks for so littlequeball contributes so much and asks for so littlequeball contributes so much and asks for so little
Re: Terrorism and computers

Traffic monitoring would make it obvious that there's a server, and also very obvious that it's a chat server. Just using ssh tunnels, further traffic analysis would reveal who talks to who just based on packet timing. The spy would have everyone's IP, and could intimidate any number of them into helping him monitor the server. Or the server could be taken over physically, through legal or illegal coercion.

The internet is monitored by government and private institutions. No-one really cares if you set up anonymous chat with a few friends; after all, you could just go and talk to them in person if you wanted to. But once you start interacting with the outside world, with other underground organisations, you have a weak link, and the whole structure can come down at any time.

Cyberterrorism refers to using the internet itself to attack people, abusing security at a technical level, from destroying others' use of the internet to more insidious cracking. Setting up a private IRC server is perfectly legit and does not threaten security.

Last edited by queball; 7 Dec 2004 at 00:54.
queball is offline   Reply With Quote
Unread 7 Dec 2004, 01:53   #11
NEWSBOT3
NEWSBOT
 
Join Date: Dec 2000
Location: The enby cave!
Posts: 4,872
NEWSBOT3 needs a job and a girlfriendNEWSBOT3 needs a job and a girlfriendNEWSBOT3 needs a job and a girlfriendNEWSBOT3 needs a job and a girlfriendNEWSBOT3 needs a job and a girlfriendNEWSBOT3 needs a job and a girlfriendNEWSBOT3 needs a job and a girlfriendNEWSBOT3 needs a job and a girlfriendNEWSBOT3 needs a job and a girlfriendNEWSBOT3 needs a job and a girlfriendNEWSBOT3 needs a job and a girlfriend
Re: Terrorism and computers

Quote:
Originally Posted by meglamaniac
And you forget that there is a simple way to avoid backdoors and so on.
Linux.
megla, you do the linux 'cause', more harm than good by spreading false statements like that.

I know every major linux distro has holes - because i get a nice little email with information about them all in once a week, and have done for the last 4 months. And because i'm a good little systems administrator, i make sure i patch/upgrade parts of my servers that I feel might be a problem.

From the last statistics i saw (which was prob from the register), whilst windows systems get many more automatic attacks, linux systems are the target of most non-automatic malicious activity.

When you tell people 'linux' as a blanket statement, the only effect you get, if any, is them pre-installing some distro , usually overbloated with crap they don't need, and running servers and services they don't want, which increases their risk.

Security, in terms of computer systems, is not about particular software, its about having the right approach and processes for protecting systems.

Provided that you implement this correctly, the actual operating systems and hardware you use are largely irrelevant, because its about having the right mentality, and taking the appropriate action.

hell, i could get two servers, one windows , and one linux, stick them both behind a hardware firewall, keep up on my patches with both, and never have any problems with either machine.
I'd even stick a mac one there too for fun.

oh, I actually do do that, that'd be how i know it works then.
__________________
[20:27:47] <nodrog-aawy> **** i think my housemate just caught me masturbating
[11:25:32] <idimmu> you are a little piggy arent you
[13:17:00] <KaneED> i'm so closet i'm like narnia
__________________
Pretty parks and funky scrap metal things here
NEWSBOT3 is offline   Reply With Quote
Unread 7 Dec 2004, 04:44   #12
mist
Jolt's best friend
 
mist's Avatar
 
Join Date: Feb 2003
Posts: 2,101
mist is a name known to allmist is a name known to allmist is a name known to allmist is a name known to allmist is a name known to allmist is a name known to all
Re: Terrorism and computers

assuming for a moment that you could make a box digitally secure, making it physically secure is more problematic.

http://www.theregister.co.uk/2004/10...dymedia_raids/

is probably a fair example.
at the end of the day, there's not even really a guarentee that your packets are going to the box you think they are - the feds could have cloned it.
__________________
<Karmulian> subtle as a kick in the nuts as always
mist is offline   Reply With Quote
Unread 7 Dec 2004, 10:26   #13
meglamaniac
Born Sinful
 
meglamaniac's Avatar
 
Join Date: Nov 2000
Location: Loughborough, UK
Posts: 4,059
meglamaniac has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.meglamaniac has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.meglamaniac has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.meglamaniac has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.meglamaniac has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.meglamaniac has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.meglamaniac has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.meglamaniac has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.meglamaniac has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.meglamaniac has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.meglamaniac has ascended to a higher existance and no longer needs rep points to prove the size of his e-penis.
Re: Terrorism and computers

Quote:
Originally Posted by NEWSBOT3
megla, you do the linux 'cause', more harm than good by spreading false statements like that.
As do you by failing to read the thread properly.

Quote:
Originally Posted by NEWSBOT3
I know every major linux distro has holes - because i get a nice little email with information about them all in once a week, and have done for the last 4 months. And because i'm a good little systems administrator, i make sure i patch/upgrade parts of my servers that I feel might be a problem.
If you go back and read what I said carefully, you'll notice I said backdoors - security holes placed there intentionally. I'm not stupid, I'm well aware linux is far from exempt from security vulnerabilities including "that" SSH vuln in the not so distant past (as 'featured' in Matrix Reloaded).
Why was I talking about backdoors in particular?
Quote:
Originally Posted by JammyJim
your basing this on the assumption that the people who created these encryption methods didnt install backdoors very carefully hidden and then told groups such as the NSA etc about them
That's why.

So to sum up:
* I never claimed Linux is safe from security flaws
* You should be more careful before attacking posts you haven't read
* Anyone who supports the linux 'cause' is a lemming at best and in most cases just stupid
* Software should be evaluated on how well it serves its purpose not on ideology*
* If you want to be particularly pedantic then yes maybe I should have said "open source" rather than linux in particular.

However, I was trying to keep this thread somewhere in the realms of normal discussion without it deteriorating into technical nitpicking. Congratulations on defeating my aims.


Oh and yo Mist, the premis of this was all the US-style cybersecurity methods rather than raids based on "intelligence", such as the attempts by american security services to have wiretap backdoors built into VOIP (a request they're well on the way to getting) because then it allows them to catch the nasty terrororists dontchaknow, whilst neglecting to indicate how they intend to find out what IP addresses said terrorists happen to be using. Add to that the fact that even the dumbest terrorist ought to be using encrypted VOIP thus making such backdoors useless, it's just another way for the FBI to keep tabs on the public in general.
BTW, the Indymedia fiasco seems to have been based more on the americans caving to an italian request that should never have been authorised in the first place because they had no evidence what they were after existed


*in this case OSS would be prefered as its security can be verified
__________________
Worth dying for. Worth killing for. Worth going to hell for. Amen.

Last edited by meglamaniac; 7 Dec 2004 at 10:40. Reason: spelling :)
meglamaniac is offline   Reply With Quote
Unread 7 Dec 2004, 16:00   #14
mist
Jolt's best friend
 
mist's Avatar
 
Join Date: Feb 2003
Posts: 2,101
mist is a name known to allmist is a name known to allmist is a name known to allmist is a name known to allmist is a name known to allmist is a name known to all
Re: Terrorism and computers

assuming they've got to use a digital method of interception and assuming that your chat server never has any form of weakness discovered for it (same for your computer you use to connect to it) and assuming that they don't guess anyone's password, then yes i'd say that you're fairly secure. however these are fairly large assumptions

-mist
__________________
<Karmulian> subtle as a kick in the nuts as always
mist is offline   Reply With Quote
Reply


Thread Tools
Display Modes

Forum Jump


All times are GMT +1. The time now is 23:51.


Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2018