TexasCHLforum.com

treadlightly wrote:

ninjabread wrote:The snow this year is better at Innsbrook.

But not at San Moritz.

BWAAAAAHAHAHAHAHAHAHAAAAAAAAAA!!!!!

treadlightly wrote:The CIA can't break a one time pad. You just have to communicate the pad separately from the ciphertext. Not convenient.

Funny thing...... My son and I were recently talking about setting up some book pads, just for the purpose of communications security in the event we were no longer digitally secure. Not that we ARE secure now; it's just that we're not particularly "anyone of interest". I take it for granted that if I wanted to have a secure conversation with someone in person, we'd have to leave any digital devices inside, and have it outside in the back yard. I also take it for granted that if I need to have secure communications with someone at a distance, it would have to involve dead drops and book pads.

And the thing is, I'm tired. I HATE the idea that I can be spied on at will by my own gov't, but I also figure I'm a nobody, and absent any criminal activity on my part, nobody's going to focus on my communications. But what I more than hate, and actually do worry about some, is my digital security being penetrated by someone outside of my own gov't. I take some steps to avoid that possibility, but I'm not any kind of network security professional, so my efforts are most likely regarded as paltry from a cyber-bad-guy's point of view. They primarily consist of (A) making sure my operating systems and applications are regularly updated whenever the patches become available, not opening emailed attachments from ANYbody unless I was expecting that one from that person, and not clicking on emailed links or embedded links without watching my status bar or popup prompts to see if the background URL gibes with what the link says it is supposed to be.

ScottDLS wrote:

The Annoyed Man wrote:
...
Of course, the net effect of their entirely rogue policy is that everyone's affected devices are LESS secure to ALL such penetration, not just the CIA's devices, and not just the nation's enemies' devices. The CIA does not employ the only talented hackers out there. And if the CIA can find these vulnerabilities, so can the Chinese, and ISIS, and anyone else who applies themselves to the task. Adding to the problem, it's not just the digital devices belonging to private citizens that are exposed to exploitation. Gov't employees in positions of responsibility ALSO use these devices. Just ask Hillary Clinton.
...

The one part of the above where I'm not sure...

I think the zero day hacks and other backdoors are probably not in the devices that NSA develops (and shares with the rest of DoD and IC), they are in the commercially available devices, that the rest of us mere mortals use. The Wikileaks revelations are unlikely to show vulnerabilities in DoD and Intelligence hardware, because the specs for such, and availability of such is extremely limited. I've "heard" that the only people with the known technical ability to intercept US encrypted communications are the NSA itself and even that they don't give their best hardware to the rest of the Intelligence Community.

You may well be right in that part, but it still doesn't mean that highly placed gov't employees who have access to very sensitive information aren't at risk. HRC and her minions used iPhones, and they refused to use the SCIF when using those iPhones to handle sensitive information. If CIA didn't hoard iOS Zero Day hacks, maybe those phones would be more secure.......assuming they actually kept up with updates, etc.

In all probability - at least for now - no American intelligence agency is likely interested in me, so I'm probably not at risk of a hack from that vector. But that doesn't mean that as long as CIA (and/or other US intelligence agencies) hoard zero day hacks, my iOS device isn't vulnerable to non-state-sponsored hacking.......despite the fact that Apple releases patches as soon as they discover vulnerabilities, and despite the fact that I update my devices as soon as the patches become available.

The big problem for me is that the CIA was directed by Obama to NOT "hoard" Zero Day vulnerabilities when it finds them, and to pass them on directly to the manufacturers of the affected commercial products so that they can mitigate the vulnerability before it is taken advantage of by bad people. The Wikileaks dump appears to show that, in fact, the CIA has disobeyed a direct presidential order, and has in fact hoarded these Zero Day vulnerabilities without notifying the affected manufacturers, so that the CIA can exploit them at will.

Of course, the net effect of their entirely rogue policy is that everyone's affected devices are LESS secure to ALL such penetration, not just the CIA's devices, and not just the nation's enemies' devices. The CIA does not employ the only talented hackers out there. And if the CIA can find these vulnerabilities, so can the Chinese, and ISIS, and anyone else who applies themselves to the task. Adding to the problem, it's not just the digital devices belonging to private citizens that are exposed to exploitation. Gov't employees in positions of responsibility ALSO use these devices. Just ask Hillary Clinton.

Hackers are part of the digital landscape, just like the Flu virus is part of the biological landscape. You can't make people stop being immoral, but you can stay one step ahead of them by using the information you have about them to act in a positive and responsible manner to mitigate the effects of their immorality. The moral equivalent of what the CIA is doing would be their discovery of a deadly disease for which there isn't YET a known cure, and then refusing to notify the medical/pharmaceutical community so that they can begin to develop a vaccine against it......AFTER having been explicitly ordered by the sitting president to NOT hoard such information, and to instead immediately release it to the stakeholders who will be called on to develop the vaccine. You can't develop a vaccine against a disease you don't know exists.