News WikiLeaks reveals sites critical to US security

[CAC1001]

CAC1001: You're entitled to your religious beliefs. Wait, wrong response, but it applies pretty well.

I would say it is a "religious belief" among the people who claim President Bush lied the nation into war.

 

[jobyts]

When it comes to sound encryption you run into problems of factoring large prime numbers

Factoring large prime numbers? I'm sure you will run into problems. I tried even smaller ones, but didn't succeed.

 

[Proton Soup]

Proton,

Got a link for this ?

Rhody...

sure, not exactly a 1/1000-th mind you, but same order of magnitude.

http://cryptome.org/0003/wikileaks-lash.htm

To: John Young <jya[a t]pipeline.com>
From: Wikileaks <wikileaks[a t]wikileaks.org>
Subject: martha stuart pgp
Date: Sun, 7 Jan 2007 12:20:25 -0500

-----BEGIN PGP MESSAGE-----
Version: None

J. We are going to **** them all. Chinese mostly, but not entirely a feint. Invention
abounds. Lies, twists and distorts everywhere needed for protection. Hackers monitor
chinese and other intel as they burrow into their targets, when they pull, so do we.
Inxhaustible supply of material. Near 100,000 documents/emails a day. We're going to
crack the world open and let it flower into something new. If fleecing the CIA will
assist us, then fleece we will. We have pullbacks from NED, CFR, Freedomhouse and
other CIA teats. We have all of pre 2005 afghanistan. Almost all of India fed. Half
a dozen foreign ministries. Dozens of political parties and consulates, worldbank,
apec, UN sections, trade groups, tibet and fulan dafa associations and... russian
phishing mafia who pull data everywhere. We're drowing. We don't even know a tenth
of what we have or who it belongs to. We stopped storing it at 1Tb.

 

[WhoWee]

sure, not exactly a 1/1000-th mind you, but same order of magnitude.

http://cryptome.org/0003/wikileaks-lash.htm

These WikiLeaks people sound like little kids sitting in an upstairs closet, planning to sneak down the stairs to listen to an adult conversation taking place around a card table (a 1950's or 1960's retro example). Then once they hear something they run back to the closet and giggle, then maybe tell their friends about it the next day.

The difference is that while a story including Bob's dad said a bad word, and Matt's dad had gas, and Bill's mom wanted another drink might have been entertaining, it didn't really injure anyone.

If your link is real, maybe the hackers should start to worry about ALL of the players. Everyone will not be restricted by the rules applicable to the US. Personally, I'll find it ironic and even humorous if the unintended consequences of this leak is the retaliation onto the hackers themselves - by their "info hosts".

Bragging often gets people into more trouble than the act itself - IMO.

 

[Proton Soup]

These WikiLeaks people sound like little kids sitting in an upstairs closet, planning to sneak down the stairs to listen to an adult conversation taking place around a card table (a 1950's or 1960's retro example). Then once they hear something they run back to the closet and giggle, then maybe tell their friends about it the next day.

The difference is that while a story including Bob's dad said a bad word, and Matt's dad had gas, and Bill's mom wanted another drink might have been entertaining, it didn't really injure anyone.

If your link is real, maybe the hackers should start to worry about ALL of the players. Everyone will not be restricted by the rules applicable to the US. Personally, I'll find it ironic and even humorous if the unintended consequences of this leak is the retaliation onto the hackers themselves - by their "info hosts".

Bragging often gets people into more trouble than the act itself - IMO.

wikileaks isn't even the story. the real story is that you've got a hacker mafia in russia breaking in everywhere getting dirt on everyone off public networks. and i guess chinese too. and nobody cares about that, or dealing with it. the only thing anyone cares about is the appearance, the public relations aspect. Assange is a convenient scapegoat that you can publicly flay while conveniently ignoring that the barn door is wide open.

 

[nismaratwork]

This isn't hacking... it's script-kiddy bull****. They're just saying they watch the activity of people who DO have the talent to enter databases, and then packet sniff them! Our security is SO BAD, that it just takes a bunch of script kiddies being supported by a handful of talented and generally anonymous black-hats.

 

[nismaratwork]

wikileaks isn't even the story. the real story is that you've got a hacker mafia in russia breaking in everywhere getting dirt on everyone off public networks. and i guess chinese too. and nobody cares about that, or dealing with it. the only thing anyone cares about is the appearance, the public relations aspect. Assange is a convenient scapegoat that you can publicly flay while conveniently ignoring that the barn door is wide open.

Proton, we have the NSA and Echelon, and more... we do the same thing. This isn't hacking, as I mentioned previously, just another form of semi-active sigint. The issue isn't that this is being done, but that we're sucking at it.

 

[Proton Soup]

This isn't hacking... it's script-kiddy bull****. They're just saying they watch the activity of people who DO have the talent to enter databases, and then packet sniff them! Our security is SO BAD, that it just takes a bunch of script kiddies being supported by a handful of talented and generally anonymous black-hats.

i'm not sure whether you're saying our security is good or bad.

 

[rhody]

This isn't hacking... it's script-kiddy bull****. They're just saying they watch the activity of people who DO have the talent to enter databases, and then packet sniff them! Our security is SO BAD, that it just takes a bunch of script kiddies being supported by a handful of talented and generally anonymous black-hats.

misnara,

Since Proton did not address my original question in Post https://www.physicsforums.com/showpost.php?p=3032729&postcount=242" I will pose the question to you, to separate fact from fiction, isn't that what PF is supposedly all about ?

whatever is in "insurance" is only 1.5GB, which is only a 1/1000-th of the total volume they claimed to have collected a few years ago before they even went public.

there is apparently a lot more over at Cryptome that John Young is releasing (is he trying to cover his own *** so he isn't next?) from the internal private wikileaks mailing list, but I'm not sure how much time i'd want to invest in that.

Proton, errr. Misnara,

Got a link for this ?

I respect your opinion and insight hopefully backed by multiple, verifiable sources...

Thanks in advance...

Rhody...

P.S. BTW from the information I have been able to obtain even if they were to crack thehttp://www.popsci.com/technology/article/2010-12/how-secure-julian-assanges-thermonuclear-insurance-file" , and text is scrambled and would be of no use anyway.

see text from the link:

There are three variants of AES, which differ in the size of their keys (128, 192, or 256 bits), though they all use the same 128-bit block size. The size of the key has other implications within the algorithm itself (and slightly increases the encoding time), but mostly, it increases the amount of time needed to break it with what's called a "brute force attack" (more on that in a bit). The three variants also carry different numbers of "rounds" protecting their keys. Each round is sort of like a layer of further obscurity, making the original data all the more disguised. AES-128 has ten rounds, AES-192 has twelve, and AES-256 has fourteen.

Those rounds make it effectively impossible to compare the ciphered data with its key and divine any sort of pattern, since the data has been so thoroughly mangled by, in this case, 14 rounds of highly sophisticated manipulation that it's unrecognizable. The rounds make an already secure algorithm that much more secure.

 

[Proton Soup]

Proton, we have the NSA and Echelon, and more... we do the same thing. This isn't hacking, as I mentioned previously, just another form of semi-active sigint. The issue isn't that this is being done, but that we're sucking at it.

that's the same thing

 

[nismaratwork]

i'm not sure whether you're saying our security is good or bad.

Our security is wretchedly bad.

I think you need to check what 'hacking' originally meant, came to mean, and really means in practice; there's no way that someone using someone else's programs to scan ports or sniff packets is a hacker... they are a script-kiddy. Hacking is actively creating your own code, and entering where you're not welcome... not managing botnets, not packet-sniffing, and not even massive signal intercepts. It may be that this is a semantic issue, I'm not sure.

 

[nismaratwork]

misnara,

Since Proton did not address my original question in Post https://www.physicsforums.com/showpost.php?p=3032729&postcount=242" I will pose the question to you, to separate fact from fiction, isn't that what PF is supposedly all about ?



I respect your opinion and insight hopefully backed by multiple, verifiable sources...

Thanks in advance...

Rhody...

P.S. BTW from the information I have been able to obtain even if they were to crack thehttp://www.popsci.com/technology/article/2010-12/how-secure-julian-assanges-thermonuclear-insurance-file" , and text is scrambled and would be of no use anyway.

see text from the link:

Well that's a tough question, although it strikes me as a bad idea to torture such a (newly) public figure for a passcode. Anyway, on the technical side AES256 is extremely secure, and if you're saying that beyond that he may have used PGP encryption or more hash functions on the cleartext...

...The bottom line is that as I said, that file is only going to be opened if:
1.) There's a flaw found in the encryption scheme used (collision errors, doubtful)
2.) Computers or methods advance beyond current expectations allowing for a means to bypass the protection.
3.) Luck on an astronomical scale.

Personally I think the major flaw here is that I'm not clear that Assange or anyone else knows what's in that file. If it's meaningless crap, then what a waste, right? On the other hand, if it's terribly sensitive and clearly gets people killed... whoops. No, this isn't something the US is looking to open, it's a fail-deadly device for Assange to use in a manner he's yet to make clear.

 

[Proton Soup]

I think you need to check what 'hacking' originally meant, came to mean, and really means in practice; there's no way that someone using someone else's programs to scan ports or sniff packets is a hacker... they are a script-kiddy. Hacking is actively creating your own code, and entering where you're not welcome... not managing botnets, not packet-sniffing, and not even massive signal intercepts. It may be that this is a semantic issue, I'm not sure.

yeah, not really interested in that debate. and as i understand it, hacking originally had to do with hardware reverse engineering. and wasn't even a negative term i think until people started building phone "blueboxes" or whatever kind of boxen they were called. blah blah blah 2600 blah...

 

[nismaratwork]

yeah, not really interested in that debate. and as i understand it, hacking originally had to do with hardware reverse engineering. and wasn't even a negative term i think until people started building phone "blueboxes" or whatever kind of boxen they were called. blah blah blah 2600 blah...

Yes... exactly...

*goes off to cry nerd-tears alone*

 

[CAC1001]

From my understanding of it, hacking is refers to people who like to solve problems and build and create things, and applies to people who have an obsession with learning everything about something. So a person may learn to program in all the major languages, they will read technical manuals, they will learn electronics to an advanced level, they'll learn the telephone and Internet infrastructure, they'll load individual operating systems up onto their computer and read the manuals to each operating system and study them to find the holes, etc...a hacker is not interested in doing anything malicious or destructive (unless maybe defending their country by doing bad things to foreign countries trying to do the same to their country).

"Hacking" got a negative connotation when people started using these skills for destructive and criminal purposes however. From what I have read, the term for such malicious hackers is/was actually "crackers."

However, outside of the hacker culture, the general term used by the media and so forth is "hacker" and also cracker is known as being a racist term to others, so one can see how people would be reluctant to use it. Today it seems more the terms are White Hat hacker and Black Hat hacker (white hat is good, black hat is bad).

Although referring to technology, the hacker philosophy can really apply to any art or science. If you study music and learn everything you can about music, all the instruments, all the major works, etc...then you are applying the hacker philosophy to music. Or if you learn everything there is to know about automobiles, you're applying it to autos. If you are obsessed with economics and learn everything there is to know about how economies work, you're basically applying it to economics as well. Hacking is about figuring out how things work.

Script kiddies are just people who download software that has already been written by others and use these tools to perform malicious activities. But a script kiddie has no real knowledge of how to actually program or how things actually work. The really dangerous "hacker" is the kind who knows in-depth all about the technology, and has no qualms about doing bad things.

 

[nismaratwork]

From my understanding of it, hacking is refers to people who like to solve problems and build and create things, and applies to people who have an obsession with learning everything about something. So a person may learn to program in all the major languages, they will read technical manuals, they will learn electronics to an advanced level, they'll learn the telephone and Internet infrastructure, they'll load individual operating systems up onto their computer and read the manuals to each operating system and study them to find the holes, etc...a hacker is not interested in doing anything malicious or destructive (unless maybe defending their country by doing bad things to foreign countries trying to do the same to their country).

"Hacking" got a negative connotation when people started using these skills for destructive and criminal purposes however. From what I have read, the term for such malicious hackers is/was actually "crackers."

However, outside of the hacker culture, the general term used by the media and so forth is "hacker" and also cracker is known as being a racist term to others, so one can see how people would be reluctant to use it. Today it seems more the terms are White Hat hacker and Black Hat hacker (white hat is good, black hat is bad).

Although referring to technology, the hacker philosophy can really apply to any art or science. If you study music and learn everything you can about music, all the instruments, all the major works, etc...then you are applying the hacker philosophy to music. Or if you learn everything there is to know about automobiles, you're applying it to autos. If you are obsessed with economics and learn everything there is to know about how economies work, you're basically applying it to economics as well. hacking is about figuring out how things work.

Script kiddies are just people who download software that had already been written by others and use these tools to perform malicious activities. But a script kiddie has no real knowledge of how to actually program or how things actually work. The really dangerous "hacker" is the kind who knows in-depth all about the technology, and has no qualms about doing bad things.

I could hug you if your conservative ideology didn't irk me so much. Oh what the hell, let's hug it out you big galoot!

edit: "And my orders are to weed out all non-hackers who do not pack the gear to serve in my beloved Corps!" (R. Lee Ermy as Drill Sgt. Hartman, 'Full Metal Jacket')

 

[rhody]

I offer you: http://www.schneier.com/blog/archives/2009/09/real-world_acce.html"
"[URL
Schneier on Security[/URL]

I used to get his Crypto-Gram Newsletter forwarded by a friend at work and this month has started again.
Interesting, and I might add very credible expert on security issues:

From the link above:

http://mba.tuck.dartmouth.edu/digital/Research/ResearchProjects/DataFinancial.pdf"

A sample of credible research, with background, assessment, and risks, clearly laid out, which for me is critical in separating fact from speculation or fiction.

I will keep my eye open for insight, information missed or overlooked by mainstream media and toss it over the fence for review and discussion.
Fox News talking heads Oreilly et al frequently quote information cited in the News Letter, but that is about all the attention it gets in mainstream media. IMHO Schneier is worth following, and frequently is weeks and in some cases months ahead of developing security issues and trends.

Rhody...

 

[Proton Soup]

Schneiner is great. I've got his 1st ed. Applied Cyptography laying around someplace.

that RBAC stuff sounds like they're trying to make things as complicated as possible. and yes, it's a lot of work and costs a lot of money. and no, nobody wants to pay for it.

 

[Galteeth]

Personally I think the major flaw here is that I'm not clear that Assange or anyone else knows what's in that file. If it's meaningless crap, then what a waste, right? On the other hand, if it's terribly sensitive and clearly gets people killed... whoops. No, this isn't something the US is looking to open, it's a fail-deadly device for Assange to use in a manner he's yet to make clear.

What would lead to you to believe Assange doesn't know what's in the file? The purpose to me seems pretty clear. He said he would only release the password if he were killed or imprisoned for life. It's leverage against that happening. The file could be pictures of cats for all we know. The point is, that if people believe it could be something that might damage them (which is why you don't say what's in it, because you're not sure who might want to jail or kill you) it might dissaude them from jailing or killing Assange.

 

[nismaratwork]

What would lead to you to believe Assange doesn't know what's in the file? The purpose to me seems pretty clear. He said he would only release the password if he were killed or imprisoned for life. It's leverage against that happening. The file could be pictures of cats for all we know. The point is, that if people believe it could be something that might damage them (which is why you don't say what's in it, because you're not sure who might want to jail or kill you) it might dissaude them from jailing or killing Assange.

You expect me to believe that beyond this overview, Assange has read the vast number of documents described as being in this file? You can't go around assuming that every gun isn't loaded, so the 'cats' concept is probably wishful thinking. Here is what is claimed to be in the file, at least:

The military papers on Guantanamo Bay, yet to be published, believed to have been supplied by Bradley Manning, who was arrested in May. Other documents that Assange is confirmed to possesses include an aerial video of a US airstrike in Afghanistan that killed civilians, BP files and Bank of America documents.

I'm sure he watched the video and read some of it, but unless he's smuggling HD movies in the original 720-1080 he could have a LOT of pictures of cats in a compressed file of that size.

 

[Galteeth]

You expect me to believe that beyond this overview, Assange has read the vast number of documents described as being in this file? You can't go around assuming that every gun isn't loaded, so the 'cats' concept is probably wishful thinking. Here is what is claimed to be in the file, at least:

The military papers on Guantanamo Bay, yet to be published, believed to have been supplied by Bradley Manning, who was arrested in May. Other documents that Assange is confirmed to possesses include an aerial video of a US airstrike in Afghanistan that killed civilians, BP files and Bank of America documents.

I'm sure he watched the video and read some of it, but unless he's smuggling HD movies in the original 720-1080 he could have a LOT of pictures of cats in a compressed file of that size.

No, that is stuff that he has either already released or is planning to release. The insurance file wouldn't be that.

 

[nismaratwork]

No, that is stuff that he has either already released or is planning to release. The insurance file wouldn't be that.

That was a quote from the NY Post, and represents the only CONFIRMED files that he has. Given however that he hasn't bluffed yet I'm shocked that you feel you can predict his behaviour so confidently.

 

[Galteeth]

That was a quote from the NY Post, and represents the only CONFIRMED files that he has. Given however that he hasn't bluffed yet I'm shocked that you feel you can predict his behaviour so confidently.

I'm not saying he's bluffing. I think you misunderstood my post. People were asking what the point of the insurance file was. It probably is something damaging. I was explaining why he hasn't explicitly stated what's in it. The video of the civilian deaths has already been released, and the other stuff the NY post mentioned wikileaks has said they are going to release. It wouldn't make sense for the insurance file to contain stuff he already released or was planning on releasing (unless it was a bluff).
The idea of an insurance file is you don't know who might be after you. It could be a government of some country or a corporation or criminal organization who thinks you have info they don't want to get out. If they think killing you may cause a release of that info, it is disincentive to kill you. Hence insurance. I wasn't seriously suggesting it was a bluff. The point is, as you accurately realized, people can't assume he's bluffing, so the threat of an "insurance file" seems to serve its purpose.
Pointing out that it could be a bluff was only to illustrate the psychology behind its purpose.

 

[nismaratwork]

I'm not saying he's bluffing. I think you misunderstood my post. People were asking what the point of the insurance file was. It probably is something damaging. I was explaining why he hasn't explicitly stated what's in it. The video of the civilian deaths has already been released, and the other stuff the NY post mentioned wikileaks has said they are going to release. It wouldn't make sense for the insurance file to contain stuff he already released or was planning on releasing (unless it was a bluff).
The idea of an insurance file is you don't know who might be after you. It could be a government of some country or a corporation or criminal organization who thinks you have info they don't want to get out. If they think killing you may cause a release of that info, it is disincentive to kill you. Hence insurance. I wasn't seriously suggesting it was a bluff. The point is, as you accurately realized, people can't assume he's bluffing, so the threat of an "insurance file" seems to serve its purpose.
Pointing out that it could be a bluff was only to illustrate the psychology behind its purpose.

Yes, that's exactly why I initially referred to this file as a 'fail-deadly device', which it is! Whether it's Semtex or soap, if a guy claiming to be wearing a bomb has a dead-man's switch, it's a very difficult situation.

There is a flaw here however, which is that Assange seems very intent upon maintaining a particular image in the media, an that one doesn't fit with such a blatant threat. He can claim self-defense, but he also wants to release the truth right? If there is something in that file that 'the world needs to know' under the Wikileaks philosophy, then using it as a fail-deadly is counter to that philosophy. Really, this only works if they're UNEDITED versions of documents already released, or if he just took a chunk of what he believed to be meaty material, compressed and encrypted it without ever having the time to look through it.

A bluff or not, the people who love him and this site (who are now the keepers of this file!) are going to want to know what's in it, don't you think? How is it going to look for Assange's crusade when he uses secrets that important as a means of blackmail to save his rear, and that such secrets could die with him! No, I think he just took a chunk of unfiltered or edited cables that would be damaging, but not necessarily interesting or "criminal" in the way he feels the air-strike was. Anything else, and he'll have no friends left at all, and file or not he'll be a dead man.

 

[WhoWee]

I'm not saying he's bluffing. I think you misunderstood my post. People were asking what the point of the insurance file was. It probably is something damaging. I was explaining why he hasn't explicitly stated what's in it. The video of the civilian deaths has already been released, and the other stuff the NY post mentioned wikileaks has said they are going to release. It wouldn't make sense for the insurance file to contain stuff he already released or was planning on releasing (unless it was a bluff).
The idea of an insurance file is you don't know who might be after you. It could be a government of some country or a corporation or criminal organization who thinks you have info they don't want to get out. If they think killing you may cause a release of that info, it is disincentive to kill you. Hence insurance. I wasn't seriously suggesting it was a bluff. The point is, as you accurately realized, people can't assume he's bluffing, so the threat of an "insurance file" seems to serve its purpose.
Pointing out that it could be a bluff was only to illustrate the psychology behind its purpose.

On the other hand, an enemy of someone he holds "insurance" against might kill him to trigger the release. Wouldn't that be ironic?

 

[nismaratwork]

On the other hand, an enemy of someone he holds "insurance" against might kill him to trigger the release. Wouldn't that be ironic?

You know, I hadn't considered that? Hmmmm... I could see someone obsessed by curiosity alone doing at some point in this whole mess, never mind something international!

 

[Galteeth]

Yes, that's exactly why I initially referred to this file as a 'fail-deadly device', which it is! Whether it's Semtex or soap, if a guy claiming to be wearing a bomb has a dead-man's switch, it's a very difficult situation.

There is a flaw here however, which is that Assange seems very intent upon maintaining a particular image in the media, an that one doesn't fit with such a blatant threat. He can claim self-defense, but he also wants to release the truth right? If there is something in that file that 'the world needs to know' under the Wikileaks philosophy, then using it as a fail-deadly is counter to that philosophy. Really, this only works if they're UNEDITED versions of documents already released, or if he just took a chunk of what he believed to be meaty material, compressed and encrypted it without ever having the time to look through it.

A bluff or not, the people who love him and this site (who are now the keepers of this file!) are going to want to know what's in it, don't you think? How is it going to look for Assange's crusade when he uses secrets that important as a means of blackmail to save his rear, and that such secrets could die with him! No, I think he just took a chunk of unfiltered or edited cables that would be damaging, but not necessarily interesting or "criminal" in the way he feels the air-strike was. Anything else, and he'll have no friends left at all, and file or not he'll be a dead man.

The secrets don't "die with him," the encryption key is released (a few of his wikileaks people have it) if he dies. It's pretty speculative to say what will happen to the data eventually. He seems to think of himself as a historian, so at this point it would seem like he would make some plan for its eventual release, but who knows what the years will bring?


'Anything else, and he'll have no friends left at all, and file or not he'll be a dead man" I'm still bit confused here by what you're saying. If the file is decrypted, he's already dead.(or maybe in jail for life with no possibility of parole)

 

[nismaratwork]

The secrets don't "die with him," the encryption key is released (a few of his wikileaks people have it) if he dies. It's pretty speculative to say what will happen to the data eventually. He seems to think of himself as a historian, so at this point it would seem like he would make some plan for its eventual release, but who knows what the years will bring?


'Anything else, and he'll have no friends left at all, and file or not he'll be a dead man" I'm still bit confused here by what you're saying. If the file is decrypted, he's already dead.(or maybe in jail for life with no possibility of parole)

My point is that he's in a bind... he has to have something amazingly damaging in that file, is making a HUGE bluff, or it's just a dump for random files. If it's the first then the element of blackmail using stolen material is fairly obviously criminal. No government is going to accept this kind of threat and set such a precedent, and it's pretty likely that he's going to end in a prison, if not for life then a very long time.

In the meantime, what of the file? He's likely to be in prison, not dead, so how does a site dedicated to disseminating 'truth' justify using something so potent as a secret for leverage? I'm saying that as WhoWee has pointed out, he's really screwed no matter what he does at this point, and having created and spread the file it's only a matter of time before the very people who support him demand to know what's in the file.

This file has made him LESS safe, but more notorious... that's all. Given what he's said about his love of attention I suspect that he cares more for fame than safety.

 

[Proton Soup]

if it's a bluff, i think it would never be released.

otherwise, whatever is in there would likely be released at some future date no matter what happens. that is the whole purpose of wikileaks, after all.

 

[nismaratwork]

if it's a bluff, i think it would never be released.

otherwise, whatever is in there would likely be released at some future date no matter what happens. that is the whole purpose of wikileaks, after all.

If it's going to be released anyway, how is it a deterrent? Wikileaks isn't about waiting 50 years for declassification, and neither are their followers. If this is bound to be released, why make a locked file at all, and if it isn't... how DO they square that with their purpose?

 

[Proton Soup]

If it's going to be released anyway, how is it a deterrent? Wikileaks isn't about waiting 50 years for declassification, and neither are their followers. If this is bound to be released, why make a locked file at all, and if it isn't... how DO they square that with their purpose?

i think it's about long-term survival.

not to mention it's great marketing for the brand. it's certainly interesting when people who are in IT security are themselves seeding torrents for the files.

 

[nismaratwork]

i think it's about long-term survival.

not to mention it's great marketing for the brand. it's certainly interesting when people who are in IT security are themselves seeding torrents for the files.

You may be right in the first... maybe this was the best he felt he could do? For the rest, I completely agree, although I'm not sure why IT security folks would be less suspect... in my experience (including time in that field many suns and moons ago) we were by far the most crooked to begin with.

Beyond that, if you enjoy/are good at monitoring large amounts of network traffic, drive sectors and more, then you're probably not dumb, and if this file is ever unlocked you want to be there to see what's inside.

 

[Phrak]

yeah, not really interested in that debate. and as i understand it, hacking originally had to do with hardware reverse engineering. and wasn't even a negative term i think until people started building phone "blueboxes" or whatever kind of boxen they were called. blah blah blah 2600 blah...

You're right about the term's negativity in usage today where it wasn't so before. There were a bunch of MIT AI (artificial intelligence) pin heads I worked with in the mid 80's. To them a 'hack' was the word for a clever or quickly constructed piece of code. 'Hacking' described pounding away at the keyboard.

 

[nismaratwork]

You're right about the term's negativity in usage today where it wasn't so before. There were a bunch of MIT AI (artificial intelligence) pin heads I worked with in the mid 80's. To them a 'hack' was the word for a clever or quickly constructed piece of code. 'Hacking' described pounding away at the keyboard.

Exactly... someone who could take disparate elements no matter what and get the job done. Hacking and a kludge went hand in hand... then phreaking hit, and eventually morphed into computer hacking. The road started with people just writing code though, making their own way through a pretty wild-west period, but not breaking and entering.

Now you have good or bad hackers, but mostly just curious ones. The people who do damage are generally:

"black hat" computer Hackers: People who code viruses or create and distribute scanning tools and bot-kits. In my experience, often a function of youth... younger, darker, older, kinder.

Crackers: Referring to people specializing in the removal or disruption of DRM, or in general any protective measure.

(no longer, but once) Phreakers: People who originally used something as simple as audible tones to make free long-distance calls. Evolved into something more as computers emerged, then become essentially obsolete.

Script-Kiddies: A wide term referring to the pre-written programs they tend to run, and their usual age or competence. These people may do a ton of damage, but they aren't necessarily bright... they just need some basic tools made by the real deal, scan for vulnerabilities across a wide range of IP addresses, create a bot-net and begin to run scams, spam, distribute pirated material, launch DDOS attacks, and of course... scan for more computers to add to your bot-net. This isn't new anymore, but it emerged relatively late in the game when a generation of people used to GUI's finally got their wish in tools made ostensibly to test IT security.

 

[Phrak]

Exactly... someone who could take disparate elements no matter what and get the job done. Hacking and a kludge went hand in hand... then phreaking hit, and eventually morphed into computer hacking. The road started with people just writing code though, making their own way through a pretty wild-west period, but not breaking and entering.

Now you have good or bad hackers, but mostly just curious ones. The people who do damage are generally:

"black hat" computer Hackers: People who code viruses or create and distribute scanning tools and bot-kits. In my experience, often a function of youth... younger, darker, older, kinder.

Crackers: Referring to people specializing in the removal or disruption of DRM, or in general any protective measure.

(no longer, but once) Phreakers: People who originally used something as simple as audible tones to make free long-distance calls. Evolved into something more as computers emerged, then become essentially obsolete.

Script-Kiddies: A wide term referring to the pre-written programs they tend to run, and their usual age or competence. These people may do a ton of damage, but they aren't necessarily bright... they just need some basic tools made by the real deal, scan for vulnerabilities across a wide range of IP addresses, create a bot-net and begin to run scams, spam, distribute pirated material, launch DDOS attacks, and of course... scan for more computers to add to your bot-net. This isn't new anymore, but it emerged relatively late in the game when a generation of people used to GUI's finally got their wish in tools made ostensibly to test IT security.

Good grief. I've abandoned the software world for a long time. Good riddance. Given the means and opportunity, we are sure to screw each other with it. I don't even want to know, or understand, what sort of predation people perpetuate on other peoplein this venue. I understood less than half of what you said.

 

[nismaratwork]

Good grief. I've abandoned the software world for a long time. Good riddance. Given the means and opportunity, we are sure to screw each other with it. I don't even want to know, or understand, what sort of predation people perpetuate on other peoplein this venue. I understood less than half of what you said.

I don't blame you, and if you want to hear the depressing part... this is current as of: 8 years ago or so. That's the last contact I had with anyone who could reliably inform me about these matters, or that I was in any way involved. I'm sure that in the intervening near-decade the screwing has become truly startling. It was that move from curious snooping to mass abuse that drove me away from everything related to software for years.

 

[Evo]

Mathnomalous pointed out an unsupported assumption that was about as plausible as the unsupported assumption Evo gave. I don't think there's any reason to feel suspense; I doubt either Evo or Mathnomalous intends to support the assumption they proffered.

And you were wrong.

Is it known that wikileaks helped him steal the info? I imagine if the government had enough evidence for that, there wouldn't be any trouble getting a warrant for his arrest.

Looks like they do.

A contradiction emerged today over WikiLeaks' relationship with one of its suspected sources, a dispute that could influence whether Julian Assange ultimately faces conspiracy charges in the United States.

The WikiLeaks editor who was released from a London prison yesterday denied knowing Bradley Manning, the Army private who is behind held in a military brig in Quantico, Va., on charges that include leaking classified material.

"I had never heard of the name Bradley Manning before it was published in the press," Assange told ABC News today.

That contradicts a chat log that appears to show Manning's conversations before his arrest--and before his name ever appeared in the media--in which he described having a close relationship with Assange as a confidential source.

Manning reportedly told ex-hacker Adrian Lamo that he had "developed a relationship with Assange" over many months, according to transcripts posted by BoingBoing and Wired.com over the summer. Lamo told CNET that the transcripts were accurate, but that he doesn't have the computer equipment on which it was saved because the FBI had taken it.

The details are crucial. Federal prosecutors are reportedly exploring filing conspiracy charges against Assange on the theory that he collaborated with Manning on transferring secret documents obtained from the Army's internal computer network.

continued...

http://news.cnet.com/8301-31921_3-20026074-281.html?tag=mncol;txt

 

[Proton Soup]

if "chat" refers to things like IRC chat, then people tend to communicate using pseudonyms.

nobody knows you're a dog, you know.

 

[Evo]

if "chat" refers to things like IRC chat, then people tend to communicate using pseudonyms.

nobody knows you're a dog, you know.

What? Oh, you think it's a chat room. No, these where private conversations between Manning and Lamo. Lamo is the hacker contacted by Manning that turned Manning in.

Do you know who Lamo is?

 

[nismaratwork]

if "chat" refers to things like IRC chat, then people tend to communicate using pseudonyms.

nobody knows you're a dog, you know.

IRC is NOT a secure means by which any hacker would communicate unless they were using a number of bouncers and proxies to shield themselves. Even then, better to use a SSL with a third party (read hacked box) computer. Adrian was just doing what he thought was right, which is exactly what it means to be grey in the first place. It's one thing to peek, it's another to betray your country and disseminate.

I would add however, that tracing someone on IRC is not exactly impossible unless they're extremely careful. You can follow packets and do the drudge work to follow proxies, which you or I would never do, but the government and other hackers sure as hell would. IRC was only a big deal when it worked to disseminate material from USEnet... now it's just people SAYING they're dogs... and then trying to cybersex yah. YECH.

 

[Proton Soup]

What? Oh, you think it's a chat room. No, these where private conversations between Manning and Lamo. Lamo is the hacker contacted by Manning that turned Manning in.

Do you know who Lamo is?

apparently, he's the ex-hacker that http://www.nytimes.com/2010/06/08/world/08leaks.html" video decryption, but wikileaks at least doesn't reveal who is on that team.

and there is nothing in the cnet link that indicates assange knew the identity of manning, only that manning knew the identity of assange.

 

[Evo]

apparently, he's the ex-hacker that http://www.nytimes.com/2010/06/08/world/08leaks.html" video decryption, but wikileaks at least doesn't reveal who is on that team.

That was divulged, did you miss that? The part about Assange being a paranoid delusional and not taking off a snowsuit and peering out of curtains?

and there is nothing in the cnet link that indicates assange knew the identity of manning, only that manning knew the identity of assange.

Yeah, the US government isn't stupid enough to say all they know.

 

[Proton Soup]

IRC is NOT a secure means by which any hacker would communicate unless they were using a number of bouncers and proxies to shield themselves. Even then, better to use a SSL with a third party (read hacked box) computer. Adrian was just doing what he thought was right, which is exactly what it means to be grey in the first place. It's one thing to peek, it's another to betray your country and disseminate.

I would add however, that tracing someone on IRC is not exactly impossible unless they're extremely careful. You can follow packets and do the drudge work to follow proxies, which you or I would never do, but the government and other hackers sure as hell would. IRC was only a big deal when it worked to disseminate material from USEnet... now it's just people SAYING they're dogs... and then trying to cybersex yah. YECH.

i'm not trying to imply that it can't be traced. simply that people tend not to use their full names. i would also find it remarkable if wikileaks had the resources to do more than verify his IP.

i don't find this news release to be anything remarkable. it doesn't contradict anything assange has said, it merely shows that manning was in contact with assange.

 

[Proton Soup]

That was divulged, did you miss that? The part about Assange being a paranoid delusional and not taking off a snowsuit and peering out of curtains?

Yeah, the US government isn't stupid enough to say all they know.

so you agree it's an unsubstantiated claim.

 

[Evo]

so you agree it's an unsubstantiated claim.

What's an unsubstantiated claim? The journalist that stayed with him in Iceland is pretty clear on Assange's mental condition.

 

[NeoDevin]

Yeah, the US government isn't stupid enough to say all they know.

Instead they just put everything they know on an under-secured network where any of thousands of people can download the whole thing without raising any flags.

 

[Evo]

Instead they just put everything they know on an under-secured network where any of thousands of people can download the whole thing without raising any flags.

Except no one knows what they currently have.

 

[Proton Soup]

What's an unsubstantiated claim? The journalist that stayed with him in Iceland is pretty clear on Assange's mental condition.

i was thinking about the claim of a contradiction in assange's statement

"I had never heard of the name Bradley Manning before it was published in the press," Assange told ABC News today. "WikiLeaks' technology [was] designed from the very beginning to make sure that we never know the identities or names of people submitting us material."

as for paranoia, it's not being paranoid if they really are out to get you.

 

[nismaratwork]

i'm not trying to imply that it can't be traced. simply that people tend not to use their full names. i would also find it remarkable if wikileaks had the resources to do more than verify his IP.

i don't find this news release to be anything remarkable. it doesn't contradict anything assange has said, it merely shows that manning was in contact with assange.

Proton, you have more resources than are needed to verify an IP address, even if you don't know how right now. You could, if you wanted to waste your time, learn VERY quickly. You're no dummy, and presumably neither are the people who work for Wikileaks... if they have access to packetstorm dotnet and other security sites, they could do more.

That said, I understand your clarification, and yes in any context I would be shocked if people didn't use disposable names (handles).

 

[Proton Soup]

Proton, you have more resources than are needed to verify an IP address, even if you don't know how right now. You could, if you wanted to waste your time, learn VERY quickly. You're no dummy, and presumably neither are the people who work for Wikileaks... if they have access to packetstorm dotnet and other security sites, they could do more.

yeah, truth is, my level of interest in doing any sort of programming for this is very limited. my level of nosiness is more or less limited to http://www.geobytes.com/iplocator.htm".

if there'd been internet when i was a teen, maybe. but as it were, my hacking activities were pretty much limited to making passkeys for school combo locks.

anyhoo, i tried looking at wikileaks to see what sort of tech they were claiming to use for submissions, but they seem to have taken it all down until they do a rework.