Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - kmfkewm

Pages: 1 ... 63 64 [65] 66 67 ... 249
961
A thing is a unit of thought (hence it's called thinking), how do we get a thing out of the continuous world - we name it. Thinking without language is not possible by definition. Is there other ways of conscious being and understanding the world - of course.

So you don't think you can solve a navigational problem (how to get from point A to point B) without using words or language?

962
Silk Road discussion / Re: A threat to SR?
« on: June 16, 2013, 08:38 am »
+10. In fact the developers are doing a huge service to DPR and others who run similar illicit hidden sites by pointing out potential vulnerabilities before they are exploited by malevolent folks.

Yep. It's better that an honest researcher proves these attacks work and makes them publicly known (in fact, the Tor devs knew about this months before it was made public) than a malicious person discovers an attack and keeps it to himself.

Hell the Tor devs probably knew about this from the moment they implemented hidden services. It is obvious to anybody who knows how hidden services work.

963
Security / Re: What does an ISP "see" when you use Tor?
« on: June 16, 2013, 08:31 am »
heres a link to the TOR project page about obfsproxy.. it says on it that all you do is add the bridges by going to vidalia settings-network settings- and adding your bridges.
will that successfully manage it?

Yes that is how you start using bridges.

Quote
They also have a Tor browser bundle with obfsproxy built in on that link that they say works in all censored countries, So i assume that it must work as a reliable VPN?

Obfsproxy tries to obfuscate the fingerprint of the Tor protocol. Pretty much there are two ways that your ISP can tell that you are using Tor. One way is by keeping a list of all known Tor nodes and monitoring for any connections to those IP addresses. Bridges help solve this problem because it is relatively harder to enumerate all Tor bridges than it is to enumerate all public Tor relays. Government level attackers have managed to enumerate a large percentage of Tor bridges, but even China has not been able to enumerate 100% of all bridge IP addresses 100% of the time. Also you can use private bridges for the best membership concealment. But the ISP can also detect you are using Tor by looking for traffic that has a fingerprint matching Tor traffic. For example, Tor packets are all 512 bytes and so by looking for streams of 512 byte packets the ISP can detect Tor traffic even if it isn't being routed to a Tor relay known to the ISP. Obfsproxy tries to obfuscate your traffic, which means that it tries to make it so somebody observing your traffic can not fingerprint it as Tor traffic. Using a bridge with obfsproxy is your best bet for hiding that you are using Tor from your ISP, in addition to not connecting to any public Tor relays your traffic will also be modified so that it doesn't look like Tor traffic. Using a semi-private bridge with obfsproxy is probably better membership concealment than using a VPN, using a private bridge with obfsproxy is pretty much state of the art membership concealment.

Quote
**edit**
i have been reading up on tails via the torproject website    Links here   https://tails.boum.org/doc/first_steps/startup_options/bridge_mode/index.en.html   -  where it talks about bridges and basicaly says always start tails in bridge mode if your in a censored country blah blah, Should we not do this anyway?

It totally depends on if you want to try to hide the fact that you are using Tor or not. It really is a rather complicated decision to make. If you are a vendor shipping packages out of butt fuck nowhere, and LE can enumerate Tor users in butt fuck nowhere, then you could be in very big trouble. In such a case it makes sense to try your best to hide that you are using Tor. On the other hand if you ship packages out of a major city, and LE can break the membership concealment properties of Tor, they might be able to tell that out of the 1,000 people using Tor in your city only you are trying to hide that you are using Tor, and then you could be worse off than you were in the first place. For the most part I would definitely lean towards using membership concealing techniques though, but it isn't so cut and dry actually.


Quote
here    https://tails.boum.org/doc/about/warning/index.en.html    -  Specifically the paragraph    "Your Internet Service Provider (ISP) or your local network administrator can see that you're connecting to a Tor relay, and not a normal web server for example. Using Tor bridges in certain conditions can help you hide the fact that you are using Tor."

Yes using a bridge is pretty much the bare minimum you must do to be able to hide that you are using Tor. It is not 100% guaranteed to hide that you are using Tor, but it is pretty much 100% guaranteed that you will not hide that you are using Tor unless you use a bridge (or VPN I suppose, but then you are revealing that you use a VPN, whereas bridges try to hide that you are using any anonymizer at all).

Quote
So does using the torbundle with built in obfsproxy basically mask that you are using tor to your ISP?

Using a bridge with obfsproxy is meant to hide that you are using Tor from your ISP. If it can actually do it is debatable, but it is definitely your best bet for attempting to do it. Using a private bridge is best for membership concealment, but even if you use a private bridge it is possible that your ISP could fingerprint your traffic even with obfsproxy. Tor Project is currently in an obfuscation/fingerprinting arms race with the Chinese government, and neither of them has been staying ahead of the other for long. On the other hand your traffic is not likely to be analyzed quite as thoroughly as the average Chinese citizens traffic is, and you might have an easier time hiding that you are using Tor from your ISP than a Chinese person will have of hiding that they are using Tor from the government censors.


Quote
will you need to update tails's bridges periodically even in "bridge mode"

I am not sure what bridge mode is, but generally you do need to update your bridges periodically. Bridges tend to come and go very quickly, sometimes they change IP address every 24 hours. This is really good in a sense as it requires the censors / people trying to identify Tor connections to continuously enumerate bridges, but it is bad in that it requires you to frequently change your entry nodes which is quite bad for anonymity. Bridges also don't have the same restrictions on them as normal entry guards do, and it is a bit easier for an attacker to add bad bridges than it is for an attacker to add bad entry guards. If you can manage to use persistent bridge entry guards it shouldn't be a big deal, but lots of bridges change their IP address every 24 hours.

Quote
And it frequently says that bridges arent completely safe even obfuscated bridges, So how do you make this properly safe?

The best you could hope to do is run a private Obfsproxy bridge. However even doing that doesn't guarantee you membership concealment. Obfsproxy bridges are current state of the art in implemented membership concealment systems (although keep in mind that your bridges ISP can still tell that you are using Tor. Ideally bridges would use bridges of their own, to try to hide this). Unfortunately in this case, state of the art means that when the attackers get ahead they will not maintain their lead for long, it doesn't mean that the attackers will not frequently get slightly ahead.

964
Security / Re: Help: Steps to completely removing traces from PC
« on: June 16, 2013, 08:04 am »
Securely erasing data off a SSD may be impossible, depending on the specific model. ATA secure erase works to securely wipe data from some SSDs, but others have not implemented it properly and it fails to work. There was a paper released a while ago where the researchers analyzed ATA secure erase on about a dozen different solid state drives, it worked on a percentage of them and failed on the rest.

965
I think one of the biggest problems people have with asymmetric encryption is the idea that one key is used for encrypt and another is used for decrypt. Simply saying that the public key is like an open padlock, and the private key is a key that unlocks the padlock, makes it much easier for noobs to wrap their heads around GPG. People don't have as easy of a time understanding that you lock with one key and unlock with another key.

966
Great read, thanks for the article.

I thought it was going to be about newer algos like ECC, but yeah it's true the NSA can't break most standard crypto if the keys are strong enough.

It's interesting that Glenn Greenwald had trouble learning PGP. He's a journalist who receives all kinds of sensitive info from sources, and apparently he hadn't even heard of it until a few months ago. What chance is there the the rest of the public will start using it?

ECC is just as vulnerable to quantum computers as RSA is. I figured it would be about multivariate quadratic polynomial based encryption, or something like the McEliece Cryptosystem.

967
Tor protects from signals intelligence GPG protects from communications intelligence.

968
Cocaine is directly cardiotoxic. It literally kills your heart.

969
Quote
Hmmm sign language shouldn't be constituted as equal to vocal language because it uses visual symbols to communicate, imo this is not the same.

I actually made a mistake earlier when I said deaf people thinking in sign language would not be thinking in verbal language. Written text, oral communications, Asian symbols and sign language will all be classified as 'verbal'. I think the primary characteristic is that a set of grammatical rules and abstracted labels are used together to describe complex systems. On the other hand thinking in visual models that don't follow a specific set of rules or use a specific set of labels, and which don't abstract as much, would be considered non-verbal thinking, not because it is visual but because it isn't constructed from a set of abstracted component parts and organized by a set of rules. If I write 'The dog jumps over the fence" it is verbal, the same if I write it in Chinese symbols. It is still verbal if I say it orally, or if I sign it with my hands or imagine it being signed. But if I visualize a dog jumping over a fence then I think that is no longer verbal thinking but rather is visuospatial thinking. I am not an expert regarding such things but the types of thinking we are discussing are defined in psychology. So to answer your original question, yes is is entirely possible to think without language, most humans think in both pictures and in language. Some humans are almost only able to think in either pictures or words (usually they are on the Autism spectrum). I originally took your question to mean 'understanding without actualizing a thought' or something like that anyway. 'Knowing without expressing' perhaps.


Classical Autistic Thinking Style (think in pictures, limited ability to think in words, need to translate words to pictures): http://autisticsite.com/autistic-children-thinking-in-pictures-instead-of-words

Quote
Communication skills for autistic children differ from the norm, including their thinking process. The majority of children with autism find words to be “too busy”, so they usually find it much easier to remember information with pictures. Through remembering specific pictures, autistic children can learn to understand other people and express themselves to a certain extent.

Autistic children generally learn verbal language by converting any text into much more easily understandable pictures. While most people have a tendency to do tasks in order, individuals with autism have a radically different visual style of thinking. Therefore, the actual shapes of the pictures and the color of the pictures plays a crucial role in the way they’ll think and feel. Pictures help autistic children discover a vocabulary that’s much easier to express.

According to several studies, people with autism usually think visually because the section of the brain which deals with visual tasks is far more active. In addition, the language and spatial centers in the cortical regions of the brain are not as synchronized as those without the disorder.

Visual thinking allows children with autism to compensate for spoken and written words. Because their brains function differently, they can better comprehend things by building visuals and memorizing them. An autistic child takes concepts, which are sensory instead of being word based, and compartmentalizes them into small details to construct a complete picture.

In time, autistic children can learn abstract words and ideas through visual concepts, like pictures and objects. For instance, if a certain stuffed animal makes a child excited, it would become their chosen visual symbol for the word exciting. Really bright colors in pictures can intensively stimulate the brain activity in the thinking processes of most autistic children.

Autistic children usually find it much easier to express themselves within a highly structured environment. Because people with autism think visually, it’s important that they are taught using visuals, such as pictures, objects, line drawings, or symbols. Through spatial memory to pictures or objects, people with autism are able to associate the appropriate words and develop communication skills that allow them to function in society.

For children with autism, a string of words or verbal instructions are learned through visual demonstration. For instance, the word “up” is easier to express in a picture of balloons in soft colors being lifted upward. Concrete visual methods, like flashcards and blocks in soft colors, are easier to retain among autistic children and help in teaching numbers and other concepts. Long verbal phrases need to be avoided or written down because autistic children have difficulty remembering a lot of steps or word sequences.

Research that compared the brain regions of people with autism to those without found that most people with autism excel in art and drawing. As such, autistic children do well with a color coded system that allows them to think through a remembrance of pictures. For example, an autistic child learns about what to do at an intersection by thinking of its concept. These thoughts are tiny color coded pictures of various types of intersections. When the situation arises, the mind gathers this information and presents it visually so the autistic child remembers what to do at an intersection.

Autistic children generally think in detailed pictures instead of words because it’s much easier for them to categorize and remember the information. By associating a noun to the color and shape of pictures or objects, the autistic child creates a spatial way of thinking that makes it easier for them to comprehend and communicate.

Bonita Darula is widely renown for her insights into the prevention of autism. Her celebrated materials have helped thousands of people from around the World find a new sense of hope. If you’d like to discover the secret truth about autism in its early stages, take a few moments to visit this site – and find out more today!

I cannot find a web article (only .pdf files) discussing types of Autism where thinking is predominantly in words with visuospatial information needing to be translated, but it is manifested in many with Aspergers syndrome. Additionally, it is a hallmark of NLD, which many mental health professionals consider to be a form of Aspergers. Such people would, for example, have an ability to understand the word 'happy' and link it to the emotional state, but an inability to link a picture of a smiling face to the emotional state. This is in contrast to classically autistic people, who would have an ability to link a picture of a smiling face to the emotion of happiness, but have an inability to link the word 'happy' to the emotion. Therefor a classically autistic person may think 'music makes me happy' by imagining a stereo and then a smiling face, whereas someone with an inability to think in pictures would think 'music makes me happy' (either in written text, sign language, oral words, Asian symbols, etc).

Inability to think visuospatially is especially detrimental to navigational tasks. Most people navigate spatially by remembering the layout of the land, landmarks and their orientation in space. People who have an inability to think spatially must use vastly inferior navigational techniques. For example, somebody with the ability to think visuospatially may go to a friends house a ways down the street from their own, and when it is time for them to go home they can visually recall how to return to their home. For somebody who is only capable of thinking in words this is a much more challenging task. The person who can only think in words needs to resort to inefficient techniques, such as counting the number of houses between their own home and the home of their friend. The more complex the navigational task is the more disadvantaged the person who can only think in words is. The visuospatial thinker can visually recall how to get to places ("Well, this looks familiar and I can use these visual landmarks to determine where I currently am in space, and from that I can determine the relationship between myself and my destination") but the verbal thinker must encode the entire route verbally ("first I walk down the street towards the big tree, then I keep going until I find main street, then I turn left on main street and walk ten houses down").

When the ability to verbally encode is controlled for, people with severe hippocampial damage are incapable of finding a fixed location even in a small area, even if they have already been shown where it is, and even when there are multiple landmarks to help them orient themselves. They always move around randomly trying to find the location. This is called landmark orientation. Some people also have deficits in geometric orientation. When placed in a rectangular room and shown a corner, they are then spun around and disoriented. When asked to find the corner originally pointed to, they always randomly guess. Somebody with an ability to think visuospatially would visualize the corner that was pointed to and be able to make note that the wall to the left/right was either long or short (thus having a 1/2 probability of being correct, rather than 1/4). This sort of geometric orientation is automatic and natural for most people, using a verbal strategy to solve this problem requires forethought and an effort to consciously encode the information verbally.

And as far as 'understanding without actualizing a thought' or 'Knowing without expressing', I can think of a good example. If I hear an explosion, I have an understanding that something exploded prior to thinking in my mind 'something exploded!' or visualizing something exploding. So I have the original thought prior to expressing it either verbally or visually, but then my brain automatically pipes the thought into either a verbalization (I think predominately in words) or a visualization (I sometimes think visually, but it is much rarer for me). I cannot really manipulate the understanding without verbalization or visualization, but I can still come to the understanding that there was an explosion prior to actualizing the understanding in a manipulable form in my mind. Indeed I must have the understanding prior to piping it into either verbalization or visualization.

970
Security / Re: What does an ISP "see" when you use Tor?
« on: June 15, 2013, 09:17 am »
From what I read on the Tor Project website, as far as I understood it, your ISP can tell someone in the area is using Tor, not necessarily you. Please correct me if I misunderstood that.

Your ISP can trivially determine that you in specific are using Tor, unless you use a bridge (preferably with Obfsproxy). Your ISP can see that you are connecting to known Tor entry nodes. They can also fingerprint your traffic as being consistent with Tor traffic, which is very unique looking. Bridges help prevent the first issue and obfsproxy helps prevent the second issue.

Quote
Tor Project recommends getting people that live nearby to use Tor too because it will make it harder for the ISP to know for sure that it was you.

In any case the ISP can know for sure that it is you using Tor. Tor suggests getting people nearby to use Tor to protect from a very specific sort of membership revealing attack. For example, if the DEA knows that somebody in Bobsville is sending drug shipments, then they can try to get a list of all users in Bobsville who are using Tor. If there is only one person there using Tor then they are pretty screwed, if there are a thousand people there using Tor then it is still really expensive to put them all under surveillance trying to find the one who is sending the drug shipments.

Quote
I've also read that having cleanet traffic running while you use Tor helps mask the fact that you're using Tor. Can anyone verify?

I can verify that it makes no difference at all

Quote
One thing to keep in mind is using Tor is not illegal. I've actually been using Tor long before I found SR. I stumbled onto it when I was looking for something to mask my IP to fool a system I was working on several years ago. I've been using it ever since whenever I want to look up "sensitive" information. So I dont think it matters a whole lot even if your ISP knows you're using it. (Again, correct me if I'm wrong, please :) )

It depends. Certainly for vendors it is best if nobody can tell they are using Tor, to help prevent the attack I mentioned previously. For people in places like China they need to hide that they use Tor so that they can use Tor in the first place, since China tries to block Tor. People in some countries might even be killed if they are detected trying to circumvent the government censorship. There are a lot of situations where it is useful to hide that you are using Tor, and in general I suggest considering how important it is to you. But in some cases it doesn't really matter a whole lot. Tor naturally makes membership enumeration more difficult than it is against I2P, for example.

971
i heard from a smart source that once quantum computing is developed to a point of major utility,(20 years) in theory no amount of encryption could stand a chance because a quantum processor would be solving the encryption from every angle, simultaneously, at lightspeed. he said it would crack a 2048 bit pgp key in under 10 seconds. I was reflecting later on this, but I want to ask whether quantum processors, on the other hand, will be using the same computing power to generate infinitely more layered encryption keys and hashes. My guess is that itll end up being a massive, massive drain on energy :/

Quantum computers can break many types of asymmetric cryptography, such as RSA which is used by GPG. The time required to break encryption will be equal to the time required to encrypt something, so they will be able to break a ciphertext as quickly as they can encrypt it. Of course they need to have a certain number of stabilized qubits in order to carry out this sort of attack, and it could be a while before they manage to create such powerful quantum computers. Increasing key strength does increase the amount of stabilized qubits required to crack the key, but many people imagine that attackers will exponentially increase the number of qubits they can stabilize. RSA and ECC based cryptography looks like it has a shelf life, although it is not certain that things will go this way, they could run into some unforeseen problems with constructing such large quantum computers.

There are quantum encryption systems but the way they work is entirely different from traditional cryptosystems. Quantum encryption systems are based on the laws of quantum physics, the two primary techniques exploit quantum uncertainty and quantum entanglement. The quantum uncertainty based cryptosystems allow Alice and Bob to exchange data such that if Eve intercepts any of it they will be immediately notified of the interception. This allows them to transfer keying material between each other, and to transmit new key bits if they detect any of them are intercepted. This means that Eve will never successfully intercept an encryption key without alerting the communicating parties. It seems that this is the approach the US military has taken. The quantum entanglement based systems allow Alice and Bob to exchange data such that it is impossible for Eve to intercept it. This is done by entangling photons, which means that a change in one photon causes an immediate change in the photon it is entangled with, across space and with no identifiable connection. This means that Alice can entangle a pair of photons and then send one of them to Bob, and then Alice and Bob can share keying material with each other by modifying their photons and observing the correlated change in the other photon. Since there is no link between the entangled photons, it is impossible for Eve to intercept the transmitted keys. It appears that this is the approach the Chinese military has taken.

More interestingly, or at least more applicable to us, there are also classical asymmetric cryptosystems that are not vulnerable to any known quantum attacks. A popular class of such algorithms is called 'multivariate quadratic polynomial cryptography'. Cryptosystems based on multivariate quadratic polynomials will likely be required sometime in the future, assuming that attackers manage to stabilize enough qubits to carry out the quantum attacks on prime factorization (RSA) and elliptic curve logarithm (ECC) based cryptosystems.

Additionally, symmetric algorithms such as AES are resistant to all known quantum attacks. The best quantum attack against symmetric algorithms is only capable of dividing their bit strength in half, giving AES-256 a key space of 2^128. This is indeed a big reduction in key space, but enough is preserved to maintain the cryptographic integrity of the algorithm.


972
Security / Re: Liberte Vs Tails Vs Ubuntu?
« on: June 14, 2013, 03:51 pm »
Another solution is to create your own debian based live cd (or virtual machine) with strong firewall rules, I feel like there are more chances for a distro like tails to be 'backdoored' than debian (bigger user base, more 'tested'...).

Anyway I wonder what's better: live cd (direct access to hardware) or visualization (can protect you from the software getting too much information 'bout your hardware)...

Well what devs do you think are going to be more security conscious? Also which user base is going to be actively monitoring for backdoors more? The everyday Debian users or the guys rocking the tin-foil hats?

Why not both? I use a LiveUSB through virtualbox. Best of both worlds.

Tails is sponsored by Tor Project and Liberte has a step by step tutorial on how to make it yourself.

973
Security / Re: Liberte Vs Tails Vs Ubuntu?
« on: June 14, 2013, 03:46 pm »
I think Qubes is the best OS for desktop users, hardened Gentoo looks nice for servers. I would use Qubes over Tails or Liberte any day, but it does meet a different set of goals kind of. Tails when I last looked at it was focused on being a mobile, portable, non-persistent OS for use on a laptop at a coffee shop or similar. It had the primary goal of leaving no forensically recoverable traces behind when you were done using it, and indeed to leave no traces behind at all. Now it has persistence and it is more of a light weight portable security oriented OS from what I can gather. Liberte was pretty similar last I checked, although based on hardened Gentoo, including a unique messaging system and with persistence from the get go. Ubuntu is just a regular Linux distro, based on Debian, blah blah blah. Qubes is a persistent OS (ie: not live) and it wasn't really designed with portability in mind (ie: not meant to be booted from a CD or flash memory stick). Qubes does put a large emphasis on security though, primarily security via isolation. It does this by letting you set security domains, and then by isolating all of your launched applications in a per-security-domain Xen virtual machine. It even isolates your network card and USB hubs, and supports isolation of any hardware that supports it, provided that your CPU has IOMMU or VT-d flags anyway. It has built in systems for best practices, like the ability to quickly open files in completely isolated disposable virtual machines, the ability to quickly set up isolated Tor routing for very strong protection from leaking your IP address or having it stolen by hackers, a state of the art PDF sanitizing system, an isolated GPG system for protecting private keys and plaintexts, etc.

Qubes does have some disadvantages though. The primary issue I have with it is that because it uses Xen virtualization as its back end it doesn't provide ASLR for any of its virtual machines. That means that it is potentially easier to hack an application running on Qubes than it is to hack an application running on something like hardened Gentoo. On the other hand it is a lot harder for an attacker to spread from one application to another. So on hardened Gentoo ASLR might make it harder for a hacker to pwn you via a vulnerability in Firefox, but if they do pwn you then you are totally screwed unless you have layered additional security via isolation mechanisms on top of the default configuration. With Qubes it might be a bit easier for an attacker to pwn you via a vulnerability in Firefox, but they wont be able to get to your external IP address because you will be using Qubes preconfigured isolated Tor, and they wont be able to steal your private GPG key or spy on your plaintexts because you will be using Qubes pre-configured isolated GPG. On hardened Gentoo it might be harder for an attacker to pwn you with an exploit in a pdf file, but on Qubes even if they pwn you with such an exploit it wont matter because you will have opened the pdf in a disposable vm, or you will have used Qubes pdf sanitizing technique to neutralize the exploit prior to viewing the content of the pdf. Oh yeah not to mention that unless you are using isolation techniques yourself, if any windowed application is pwnt with hardened Gentoo the attacker can likely keylog everything you type, but Qubes would only let them keylog everything in the security domain that they compromised.

Right now the biggest detriment to Qubes security is the lack of Xen support for stuff like ASLR. hopefully over time Xen will support security features like ASLR, and then Qubes will be even more secure. I definitely think Qubes looks like the best choice for a desktop (as in desktop environment, not desktop machine) user though. Honestly I have never particularly been a fan of either Tails or Liberte, they are neat but I don't think they really are particularly exceptional. Qubes is definitely exceptional and it is on the cutting edge of the security via isolation school of thought, and extremely innovative.

974
For example when I visualize Tor I change between easier to visualize 2d models and sometimes 3d models. Basically a bunch of squares with lines connecting them, but sometimes semi-transparent 3d cubes one in front of the other, from an angle, with telescoping tunnels connecting them and passing through them, to visualize the layer encrypted circuit going through the nodes. Then I imagine a stream of rectangular packets going through the tunnels and that represents the clients data. I can think of a water marking attack just by imaging the packets being modified to have a unique spacing pattern between them, and I then see that this spacing pattern continues with the entire flow of the traffic after it is inserted.

When I think of Freenet I imagine a bunch of cubes in a grid shape, with one on top of the other, and a bunch of tunnels connecting to them. Then I picture data flowing through the nodes as before, but now it goes through a lot of nodes instead of through three, and the tunnels are not layered.


975
Actually I think visually when I am thinking about anonymity networks. It really helps to visualize all of the nodes interacting with each other. Usually I will imagine a visual representation of what is happening in addition to a verbal line of thought, but I can easily think of Tor in a purely visual sense.

Pages: 1 ... 63 64 [65] 66 67 ... 249