David Davis
I don’t know. Do you? But it sounds like a fun idea. I’ve had experience of it recently.
My Palantir now no longer responds to Sauron‘s commands for it to be redirected to porn sites, the Ukraine, and other places like it where antispywaremaster, privacyconductor and stuff like that come from. Etc. Or perhaps I have become “stronger”, against evil. I do not know.
These people, whom we have liberated, ought to tell their young men who have nothing to do in the night and therefore no girls to f**k, (what else is there to do in the night?) to learn capitalist manners, which is that you DO NOT release (or, worse, even, write) viruses and malware programmes and send them onto the internet.
The Internet is your friend. not your enemy. Stupid people. Think where you would be, if Putin had a red-hot-pliers and was dragging at your fingernails, like he knows how to do? He’s the Prime Minister right now, but how long before he’s in the Police again? Silly boys, think!
Machine now happily fixed but I still don’t like Firefox. IE-Explorer 7 runs fine now with PCTools spyware doctor in the backgound, and not really any slower as far as I can tell. Perhaps Mozilla should have called it Shadowfax?
I do not know.
Dave:
Explorer is inherently unsatisfactory.
I can recommend Opera, a compact, very fast and uncomplicated free browser, with built-in mail facilities. It will import and export settings, bookmarks etc., and is very reliable. It’s available for Windoze and for Linux. Try it!
PS: Your AOL mailbox bounced a file I sent you, saying “Mailbox full.”
Best,
Tony
Tony,
IF explorer is inherently “unsatisfactory”, then why does most of the world put up with it? Why is THE WORLD not beating a SHINING PATH to the DOOR of (whatever it is)?
Look, Tony, this is the Interet – everything is possible and free, now! No? DD
Isn’t that what you are saying really?
Dave:
There are twenty severe security weakness in te current version of Explorer. Nobody buys it (or downloads it for free as an alternative).
Opera has none — zero — zilch. This, according to impartial assessments by computer security wizards. You can get little programmes which display the number of security lesions for Explorer, Firefox (3) and Opera.
The reason why Microsoft dominates the operating system market is because they routinely ruined their competitors (except for Apple, to whom they gave hundreds of millions of dollars (1) to be the high-priced “alternative” to MS (US Antitrust law insists on there being _some_ competion; and (2) to support Apple in lawsuits against Microsoft’s competitors. This is how they put Digital Research out of the GUI Desktop business. (Gary Kildall was shortly afterwards found beaten to death outside a nightclub…) GEM, DR’s Desktop, could only be given away with Ataris.
Microsoft were given their dominating position by US intelligence, who supplied Microsoft with (often illicit) market intelligence so as to rig a near-vertical playing field. In return, Microsoft built “backdoors” and Information Warfare stuff into Windoze, enabling the US to spy on half the world. Then people started to realize that they could spy on MS users too…
There’s a saying in the computer biz: $1 for the hardware; $2 for the software; $10 for the learning curve. Microsoft “give” you Explorer bundled with Windoze, which cannot work without it. The first thing the luckless customer has to do to get online is to set up and run Explorer. Understandably, most people don’t want another learning curve, and many don’t understand why they should change.
It’s that simple. Learning to use software is time-consuming. Very few users are competent to identify problems with Explorer or Windoze.
Over several years from 1995 I hassled Microsoft, NSA and the relevant organizations to address this problem. So did many other people. But when Microsoft are peddling spyware to the world, they have powerful protectors. It’s only recently that NSA’s COMSEC Division has taken up the task of making Windoze stuff more secure.
You insist on seeing Microsoft as a heroic big business. It isn’t. It’s a Government-assisted predator. And it’s wasted hundreds of hours of your time.
Hi, Dave,
I thought you’d appreciate this, after your recent computer experiences.
http://www.tomdispatch.com/post/174940/william_astore_militarizing_your_cyberspace
William Astore used to work at Cheyenne Mountain.
Best,
Tony
Dave:
This an NSA Red Team Briefing record. Things have moved on meanwhile.
The first part describes what a fully-secure system specification looks like, and the second part describes the sort of attack weaponry available to TPTB to attack your system.
Microsoft cooperates with the US Government by building “backdoors” into your computer’s Windoze operating system to permit the State and its flunkeys to access it.
Let me just say this:
[1] Write your messages on a scratchpad, then copy them into the WordPress form. You don’r ‘lose’ work.
[2] Consider whether it’s your WordPress system is at fault — others (including me, six times now), have had the same problem.
[3] Go get a free copy of Ubuntu Linux and get someone you know to install it for you. It comes with Firefox (superior browser) and Thunderbird (superior mailing package). AVG do a free antispyware and antivirus package — free download.
Your Microsoft investment is a sunk cost. Invest in a free open-source future. Microsoft refer to the money they get from you as “the tarriff”, the Mafia term for extortion. Then they sell you out. In return, CIA and NSA give them billions of dollars worth of intelligence on all their foreign competitors.
Regards,
Tony
4 April 2002. Thanks to Anonymous from Cryptome.
Date: Thu, 4 Apr 2002 17:15:35 -0500
This is the minutes from the meeting where Frank Jones initially scammed the government and got them to invest hard money into the development of DIRT. It is a gold mine of government spooks who can be contacted and interviewed about what other illegal projects they are working on.
http://www.coact.com/spock/spmin.sep98.html
The bottom line is that the US government paid a convicted felon to create a tool that they could misuse to plant illegal evidence, and even allowed Jones to build a series of backdoors in the products so that even HE could access the suspects computer
Nothing like letting the inmates run the prison… or letting felons run the investigation.
small Spock logo
Spock Program
Security Proof of Concept Keystone
Web/Internet general release permission for these minutes was granted on October 1, 1997
Conference Report
Minutes of SPOCK Meeting
Date: 1 September 1998
Personnel in Conversation: See attachment.
Old Business
_____________________________________________________________________
This meeting was held to discuss the status of several SPOCK Proof of Concepts, and listen to presentations on the Cybershield Security Product and a Discovery tool affectionately called ‘DIRT”.
The meeting was opened 10.02. by Terry Losonsky, NSA/V2. Attendees were introduced and the minutes of the August meeting were reviewed and approved with no changes.
New Business
_____________________________________________________________________
Major Mike Davis briefed the forum on the status of the Entrust Report. The draft is being circulated electronically to the participants and will shortly enter the pre-publication review phase within NSA.
The ATLAS ATM product proof of concept demonstration is entering its’ seventh week. This is because of the ironing out of some compatibility issues with ancillary equipment which must be fully understod before programming them to support the ATLAS using three different ATM protocols in a real life interconnected ATM environment. Several delays appear to have resulted from some ‘problems’ within devices other than the ATLAS. To date, the ATLAS has held up extremely well in adhering to the established ATM protocols, and performing as claimed in the security areas for which protective measures have been incorporated The testing is about 90 per cent completed. Apparently the participants are very happy with their involvement and the test results, as they continue to support the extra effort required to complete all of the scripts.
The NSA Red Team organization is interested in what commercial products can protect, detect, react, and analyze data, systems, and networks within the security arena. If you have anything you especially want to bring to their attention, call SPOCK at COACT on 301-498-0150, or e-mail at spock@coact.com. The information will be passed to them, and we will see what we can do on your behalf.
Claims have been submitted on the PN7 product, which configures routers, etc. for DEFCON exercises. This is from Unified Access Control Corp.
Netlock is requesting a proof of concept in November, and Fortress’ HeatSeeker Pro has expressed their intent to request a proof of concept, but with no set date.
SPYRUS’ media encryptor is also about ready to start the claims process.
And finally, Microsoft has been briefed on the SPOCK program and processes. They have expressed an interest in a demonstration of the Kerebros functionality in NT5.0. (No firm details yet.)
Presentations
_____________________________________________________________________
Two presentations were given. The first was on the Cybershield Product by William F. Dawson from TRW . The second was on the software regulated by Title III for capturing intelligence, named DIRT, by Frank Jones of Codex Data Systems.
First briefing
_____________________________________________________________________
The presentation was done by William F. Dawson from TRW (which bought BDM Inc.) He may be reached at 703-848-5282, FAX 703-848-5282, and e-mail: wdawson@bdm.com
Cybershield is the most secure Web Server on the market today.
One year use at NSA.
Joint Chiefs and NATO are using it.
It will be fully integrated with the DOD Public Key Infrastructure (PKI).
TRW has a joint agreement with RSA which results in a free license to the U.S. Government.
The product fulfills the need to run untrusted programs securely in ‘containment’ areas, thereby merging the server and firewall together.
There are three pieces to the product architecture:
Data General UX (with the ‘B2″ security option.)
BDM Secure Internet/Intranet Software
AViiON hardware platform
There are also many options, (to be discussed later.)
1. Features:
* Firewall capabilities
* Access Controls
* Audit reduction and Intrusion Detection
* Virus prevention
* Secure end-to-end communications (can add new features in 3 weeks as needed.)
* Extensible, secure path between clients and servers
* Unique Identification and Authentication
2. Solves Commercial problems:
* Containment of data, system, and programs
* Integrated B2 level security
* Software based encryption possible(i.e. looking at FORTEZZA soft)
3. System Overview
* Being used in the Internet Environment to bridge TS to SECRET
* remote logon
* ‘walls off’ publicly accessed data during use.
4. Architecture:
* Administrative Region
* User Region
* restricted
* Internet
* Public
* Virus prevention region
* software executables
Essentially, these regions are laid out in a ‘lattice’ arrangement (i.e. grid), with ‘write equal’ across the horizontal rows and ‘read down’ along the vertical rows.
The permissions are accomplished using hierarchical relationships, labeling, etc. This containment approach accomplishes the following : can read selected areas, but cannot reach and change it (due to the host’s B2 architecture). Some parts cannot be seen without a secure logon.
It was noted that it took $26 million and 5 years to get here!
Version 2.7 is the current offering:
‘Does it all’ including multi-lingual support, management tools, mail filtering, trusted proxies, I&A and a B2 operating system.
V2.7 options:
Anti virus toolkit (Dr. Solomons)
Security Dynamics Technologies SecureID
Racal WatchWord authentication
IRE’s FIPS 140 encryption devices
SAIC’s CMDS (computer misuse detection)
Next release, 3.0, due in 3rd quarter: will support UX4.20 (NUMA architecture
Future:
UPN
PKI
Browser based admin interface
multi-level News Groups
Additional authentication (biometrics)
Additional proxies (SSL, Lotus Notes, SAP)
X400/500 Gateway (incl. DMS)
support for more languages
port to additional platforms, i.e. NT, HP, SUN (noting assurance will not be at the same level as B2).
Other facts and testimonies:
Y2K compliant (can’t guarantee 3rd party applications)
Common Criteria EAL4 evaluation underway in UK (Jul 98)
Cybershield began in FY93 under the DockMaster II program.
Data General computer added in FY96
DockMaster IOC occurred in FY97
Japan using Cybershield now.
SPAWAR began use in Feb 98
Pentagon in May 98
NATO secure web server in Aug 98
SABI (to be determined)
Requesting a SPOCK proof of concept demonstration in Nov 98. NSA has run 5-6 penetration tests. ALL Passed. (Note: NSA representatives verified this verbally at the SPOCK meeting.)
Encryption: Cybershield is classed as a Guard. Current encryption is provided by STU III. FORTEZZA is currently being used for I&A only. FORTEZZA encryption is being investigated.
SABI and ICSA evaluations are planned.
There are currently 17 government deployments, and 35 commercial operational deployments.
Pricing:
$50K for the typical ‘Departmental’ System
$100-150K for large scale enterprise server applications
Support, and custom development are available.
In conclusion: TRW will support a SPOCK demonstration with pilot system and engineering support.
Second briefing
_____________________________________________________________________
The presentation was done by Frank Jones of Codex Data Systems
DIRT can monitor and intercept data from any PC (Windows based) in the world.
It was briefed that DIRT can bypass encryption programs, capture keystrokes, capture screens, access hard drives, is Windows 95 based,and can be transmitted to targets in a very Stealthy manner without physical access. Return ‘e-mails’ are then processed by the ‘Control Center’ software to glean information encoded in those E-mails.
DIRT has full ‘Root’ access. Because of the full keystroke capture, the loading of a file, and the act of hiding it or encrypting it is also captured up front, thereby allowing access to the information later (the same as the user.)
The DIRT user must use a legally pre-determined internet address.
The DIRT control center software can monitor multiple cases simultaneously.
The Agent cannot be detected by current signature anti-virus software.
The e-mail returns could be detected with a sniffer.
Captures:
logon accounts and passwords
all sent and received e-mail
e-mail address books
bypasses PGP and other forms of encryption
typed pass phrases
graphics files
swap files
recycle bin
personal address/contact files
financial records
Features:
remote file access
network access
system management (i.e pirate and control their system!)
keystroke capture
audio capture – if mike attached
video capture – if camera attached
The briefer acknowledges that the DIRT solution only supports WINDOWS 95, but points out 85% of the world’s platforms are Windows and that figure is rising to 95% by the year 2000. They are working however on an NT version.
Only for sale to law and authorized military. Cost: $1895 per target, $250K unlimited.
The briefer concluded that Back Orifice, a somewhat similar approach, now has 50,000 copies ‘loose’. A brief comparison between Back Orifice and DIRT took place.
Personnel in Conversation
_____________________________________________________________________
Larry B. McGinness, COACT
Michael Davis, NSA/V2
Terry Losonsky, NSA/V2
Nicholas Brigman, Red Creek
Eric Grimes, COACT
Kirk Finch, ASI
Julie Mehan, DOD
John Deasy, DOD
Paul Miller, SETA
Bob West IITRI
Dawn Faber, COACT
David Cox, USCS
Tom Jackson, USCS
Clay Holland, INS Inc.
Charlie Scruggs, Spyrus
Gary Rumsaas, DOD
Roger Guerrini, ISC Ins.
David Dustin, JHU/APL
Fred Sanborn, BAH
James Lipshultz, USPIS
Mark Shafernich, DEA
Steve Zaveri, LTC
Matt Joyce, TASC
Fred Tompkins, UniSys
Jom Litchko, IMSI
Louis Jurgens, Spyrus
Al Horning, ADH Inc.
John Ryan, RNW
John Taylor, NCI
Ralph Spinelli, Sytex
Alex Wheeler, DCFL
Jim Lightburn, IOA
Luis E. Acosta, DOD
Bill Norvell, IITRI
Dan Lincoln, ASIC Int.
Timothy Poole, USAF/DCFL
Cheri Carr, USAF/DCFL
Ed Paglee, DOD
Joseph Bergman, EURUS
Lalit Jain, UAC
Ray May, RTC
Joe Dente, Fortress Tech
Gary Doughery, UAC
Paul Walczak, USARL
James Barnes, DOD
A. Friedman, Fortress Tech
Dennis Joyce, Fortress Tech
Bill Dawson, TRW
Jeff Bowes, TASC
Ken Olthoff, NSA
Tom Jackson, USCS
Stephen Reipoures, DOD
Mark Ridenour, DOD
Needham Laugston, Army
CPT Doug Miner, LIAWA
Mike Cameron, BAH
Ed Paglee, DOD
Ray May, RTC Inc.
Perry Witinac, DISA-D6
This, from an NSA Red Team minute:
The presentation was done by Frank Jones of Codex Data Systems
DIRT can monitor and intercept data from any PC (Windows based) in the world.
It was briefed that DIRT can bypass encryption programs, capture keystrokes, capture screens, access hard drives, is Windows 95 based,and can be transmitted to targets in a very Stealthy manner without physical access. Return ‘e-mails’ are then processed by the ‘Control Center’ software to glean information encoded in those E-mails.
DIRT has full ‘Root’ access. Because of the full keystroke capture, the loading of a file, and the act of hiding it or encrypting it is also captured up front, thereby allowing access to the information later (the same as the user.)
The DIRT user must use a legally pre-determined internet address.
The DIRT control center software can monitor multiple cases simultaneously.
The Agent cannot be detected by current signature anti-virus software.
The e-mail returns could be detected with a sniffer.
Captures:
logon accounts and passwords
all sent and received e-mail
e-mail address books
bypasses PGP and other forms of encryption
typed pass phrases
graphics files
swap files
recycle bin
personal address/contact files
financial records
Features:
remote file access
network access
system management (i.e pirate and control their system!)
keystroke capture
audio capture – if mike attached
video capture – if camera attached
The briefer acknowledges that the DIRT solution only supports WINDOWS 95, but points out 85% of the world’s platforms are Windows and that figure is rising to 95% by the year 2000. They are working however on an NT version.
Only for sale to law and authorized military. Cost: $1895 per target, $250K unlimited.
The briefer concluded that Back Orifice, a somewhat similar approach, now has 50,000 copies ‘loose’. A brief comparison between Back Orifice and DIRT took place.
Personnel in Conversation
_____________________________________________________________________
Larry B. McGinness, COACT
Michael Davis, NSA/V2
Terry Losonsky, NSA/V2
Nicholas Brigman, Red Creek
Eric Grimes, COACT
Kirk Finch, ASI
Julie Mehan, DOD
John Deasy, DOD
Paul Miller, SETA
Bob West IITRI
Dawn Faber, COACT
David Cox, USCS
Tom Jackson, USCS
Clay Holland, INS Inc.
Charlie Scruggs, Spyrus
Gary Rumsaas, DOD
Roger Guerrini, ISC Ins.
David Dustin, JHU/APL
Fred Sanborn, BAH
James Lipshultz, USPIS
Mark Shafernich, DEA
Steve Zaveri, LTC
Matt Joyce, TASC
Fred Tompkins, UniSys
Jom Litchko, IMSI
Louis Jurgens, Spyrus
Al Horning, ADH Inc.
John Ryan, RNW
John Taylor, NCI
Ralph Spinelli, Sytex
Alex Wheeler, DCFL
Jim Lightburn, IOA
Luis E. Acosta, DOD
Bill Norvell, IITRI
Dan Lincoln, ASIC Int.
Timothy Poole, USAF/DCFL
Cheri Carr, USAF/DCFL
Ed Paglee, DOD
Joseph Bergman, EURUS
Lalit Jain, UAC
Ray May, RTC
Joe Dente, Fortress Tech
Gary Doughery, UAC
Paul Walczak, USARL
James Barnes, DOD
A. Friedman, Fortress Tech
Dennis Joyce, Fortress Tech
Bill Dawson, TRW
Jeff Bowes, TASC
Ken Olthoff, NSA
Tom Jackson, USCS
Stephen Reipoures, DOD
Mark Ridenour, DOD
Needham Laugston, Army
CPT Doug Miner, LIAWA
Mike Cameron, BAH
Ed Paglee, DOD
Ray May, RTC Inc.
Perry Witinac, DISA-D6
[…] commands for it to be redirected to porn sites, the Ukraine, and other places like it where antishttp://libertarianalliance.wordpress.com/2008/06/06/did-sauron-run-a-browser-hijcker-prog-to-trick-d…Mozilla unleashes Firefox 3 RC2 InfomaticsMozilla has made available the second release candidate of […]