Only through inactive action does one become a victim; by exercising proactive action against evil one walks in their own power creating resistance to that which chooses to destroy humanity and the preciousness of life. Fight America; don't become a victim to the evil that is destroying our world! _Donald F. Truax (Tough times don't last, tough people do)
Thursday, Sept 11, 2014 - [[[[[[[[[[[ Reality Check More Americans Rethinking 9/11 ]]]]]]]]]]
Thursday, Sept 11, 2014 - [[[[[[[[[[[ Reality Check More Americans Rethinking 9/11 ]]]]]]]]]]
Cost of War to the United States
Is the NSA Conducting Electronic Warfare On Americans?
Harvard Journal of Law & Public Policy - National Security Archive FOIA Audit
Seymour Hersh on Obama, NSA and the 'pathetic' American media - IBM & "Death's Calculator"
What is the Hegelian Dialectic? - The Guardian's NSA Files - Church Committee Reports
The Hegelian Dialectic - U.S. Pavlovian Conditioning - NUREMBERG TRAILS PROJECT
Hegel for Beginners, by Llyod Spencer and Andrzej Krauze - Project MUSE - Operation Gladio
The Edward Bernays "Propaganda" Essays - SLHS Series
Free E-Book Download: Edward Bernays, "Propaganda"
Deconstructing Edward Bernays' 'Propaganda' (Part 1) - (Part 4) - (Part 7) - (Part 10)
Deconstructing Edward Bernays' 'Propaganda' (Part 2) - (Part 5) - (Part 8)
Deconstructing Edward Bernays' 'Propaganda' (Part 3) - (Part 6) - (Part 9)
Monday, November 7, 2011
Yet More Spy Vultures Take Flight From The Tor Nest
Note* Anon exposes some disturbing issues concerning rouge developers working under the Tor umbrella. Can some of the security issues surrounding SSL be traced back to Tor development and developers.
An interesting bug report was filed on the Mozilla bug tracker in September. [1] It is titled ``Addons can silently disable certificate validation and alter errors that are presented to the user'' and names the Convergence Firefox plugin what it really is -- a spy tool.
But first, recall my expose of the EFF's Firefox plugin -- the Decentralized SSL Observatory. [2] This plugin was a joint effort by the EFF and the Tor Project, with Mike Perry as a developer. Another of the developers is Peter Eckersley who maintains the plugin's source code repository on Tor's servers. [3] The purpose of this plugin was to intercept all SSL certificates seen by the user's browser and secretly send them all back to EFF servers for `observation'. It was shown how all this was to be pushed to users' machines without their knowledge nor consent. I'll take this opportunity to remind the EFF -- as a legal entity in the United States -- of the possible implications of not reigning in their wannabe spy friends' behaviour.
This brings us to the Convergence Firefox plugin. [4] The author, `Moxie Marlinspike' (real name unknown) openly bragged in 2009 of intercepting Tor exit node traffic. [5] In fact, passive spying was not enough for `Moxie', he actively tampered with exit node traffic, specifically the SSL layer, removing any encryption which got in the way of his spying. This way, he was able to collect passwords and credit card numbers alike. Supposedly all this was to raise awareness of the insecurity of HTTPS. However, not only did Tor users remain oblivious to his actions -- the Tor Project kept mute -- so that they could perhaps modify their behaviour accordingly (like, say, not using Tor), but `Moxie' then went on to lecture cadets at West Point about his spying skills. [6] An anarchist security researcher wanting to raise awareness? Or a wannabe spy wanting a piece of the spy establishment's pie?
Back to that Mozilla bug. `Moxie' has been itching to push his plugin on ignorant users -- which, he openly brags, intercepts users' SSL certificates and distributes them to his network of servers (just like the EFF/Tor Project's Distributed SSL Observatory plugin). Seeing this, a Mozilla developer opened the bug to discuss how to protect users from these malicious plugins. The reply from `Moxie', apart from flames on Twitter, was:
``Addons can execute arbitrary code, and the potential for malicious addons is somewhat infinite.'' [7]
Apart from being absurd (in the logical sense), this sentence is incorrect. Something is either finite or infinite, there is no ``somewhat infinite.'' Machines are finite, and their possibilities are also finite. His reponse to developers trying to protect users by fixing a bug he exploits to spy on them is ``There's so many other bugs, and I will never give up trying to spy on people, so just give up now.''
Note that Google LOL not only makes Moxie's spying on Chrome users impossible by design (Google's policy is only NSA gets to spy on you, no one else), but Google Chrome developers have outright rejected the possibility. LOL (Does someone smell bullshit here)[8] Not because Google is concerned about user privacy, but because Google wants to own all the notaries first...
Finally, note that Jacob Appelbaum has been one of the few vocal supporters of Moxie's work. Appelbaum has also been outed as a spy of Tor users' traffic. Note also that Anonymous recently outed Mike Perry as a Tor exit spy -- and worse, as probably the target of their recent takedown of child pornography. Anonymous' expose is well worth the read. [9]
The moral of this story is that birds of a feather flock together -- `Moxie' is a one trick poney and is looking to replicate his success in spying on Tor users by bringing the spying straight to the browsers of a wider audience (maybe West Point will fly him out again and put him up in a nice hotel). This person has no integrity, they don't even use their real name.
SSL, like Tor, were designed from the bottom up as spy tools. Only once another government gets a clue and begins exploiting them (cf. Comodo/DigiNotar) do the wannabe spies take exception. Keep this pattern in mind, it is important.
"And Ye Shall Know The Truth And The Truth Shall Set You Free"
WAKE UP AMERICA....ITs OUR COUNTRY!!!
Love "Light" and Energy
_Don
References:
Bug 686095 - Addons can silently disable certificate validation and alter errors that are presented to the user
Planned not-so-secret Backdoor in Tor/EFF Software Exposed
In this memo, a planned not-so-secret backdoor in Tor/EFF software is exposed. ``HTTPS Everywhere'' is a Firefox extension developed by the EFF. [1] Basically, this extension forces your browser to use HTTP with SSL (HTTPS), when browsing common websites such as Twitter, Facebook, and Wikipedia. HTTPS Everywhere intercepts the (unencrypted) HTTP requests your browser sends when browsing various websites, and replaces these on the fly with (encrypted) HTTPS requests, whenever possible. This is great, since HTTPS is supposedly more secure than HTTP (cf. Firesheep). Note, however, that this browser extension now has access to: all your browsing habits -- visited sites, precise timestamps, etc.; all content -- whether it's encrypted on the wire or not; and specifics of the SSL connection -- SSL certificates contain a bundle of metadata. The importance and relevance of this fact will become clear briefly.
Projects / pde/https-everywhere.git / summary
An agile, distributed,and secure strategy for replacing Certificate Authorities
[Tor-talk] Tor spying
Video - Beginning at 55 minutes into the video.
Moxie 2011-09-10 08:54:27 PDT:
Agreed, I think this bug is a step backwards. Addons can execute arbitrary code, and the potential for malicious addons is somewhat infinite. Even if malicious addons were not able to intercept SSL traffic, they could simply intercept keystrokes and transmit those home instead. It'd be a lot easier.
Why not Convergence? (07 Sep 2011)
False stories were planted against the IT community LOL [I wonder WHO did this?] LOL
At-last, we cracked the lock and found the true identity of the builder and architect of Freedom Hosting. What we found was truly shocking, it was the deeds to a California, USA 'shell' company for 12 Tor Exit Nodes named Formless Networking LLC.
TOPs Blogger Role
-
Yumash and Oreshnik: Mea Maxima Culpa41 minutes ago
-
-
Jesus's Family Secrets59 minutes ago
-
-
-
-
-
-
-
Jean-Yves Ollivier3 hours ago
-
What We Learned in 20243 hours ago
-
-
-
-
House of Horrors II: Trump & Musk Edition5 hours ago
-
-
-
Matthew Alford19 hours ago
-
-
Is OpenAI’s o3 Model AGI?23 hours ago
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Never forget and never give up.3 months ago
-
-
-
-
-
Bob Graham, 9/11, the FBI and me8 months ago
-
Hello world!10 months ago
-
-
LearningMusic1 year ago
-
-
-
-
-
-
My Farewell Announcement3 years ago
-
-
Hello world!3 years ago
-
-
-
Podcast: From Divorce to Besties4 years ago
-
FederalJack Update4 years ago
-
-
-
-
-
-
-
-
-
-
-
-
Hello world!7 years ago
-
The Blue State Model8 years ago
-
-
China ramps up charges against Zhou9 years ago
-
-
-
-
Reply to Jonathan Cook10 years ago
-
-
-
Amazing Pictures from around the world.11 years ago
-
-
Race for Iran Is Going to Tehran11 years ago
-
-
UK Parliament12 years ago
-
News13 years ago
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
No comments:
Post a Comment