NSA wiretap, Friday night - Security

This is a discussion on NSA wiretap, Friday night - Security ; This is about NSA wiretap. We know that the US administration is very savvy that news released on Friday night is not read by many. Especially at the start of a long Holiday weekend (Labor Day in US). So when ...

+ Reply to Thread
Page 1 of 2 1 2 LastLast
Results 1 to 20 of 25

Thread: NSA wiretap, Friday night

  1. NSA wiretap, Friday night

    This is about NSA wiretap. We know that the US administration is very
    savvy that news released on Friday night is not read by many. Especially
    at the start of a long Holiday weekend (Labor Day in US). So when you see
    that news on that day, you know it is something the US Administration does
    not want people to see.

    I want you all to see this security related news. Please pass it on to
    others on Tuesday. Thank you. (This is from the Detroit News web site,
    in USA. It is AP, very mainstream news outlet. But with all the "wars",
    the story will probably disappear among the other carnage before Tuesday.)

    Excerpt:

    "Every time the NSA engages in warrantless wiretapping, they are violating
    the law and the United States Constitution," ACLU attorney Melissa Goodman
    said.

    The controversial program allows the NSA to monitor communications into
    and out of the United States when links to al-Qaida are suspected.
    Breaking with historic norms, President Bush allowed the NSA to conduct
    the surveillance without first getting court approval.



    Even in this article, what is _not_ said, what is glossed over, is that
    there is no oversight. The program has been judged illegal and
    unconstitutional and yet continues.

    Even in this article, what is _not_ said, what is glossed over, is that
    all (_*all*_) communications within the US, or that pass through US hubs
    *might* be monitored, tapped, recorded, or *modified*. That includes all
    commercial, personal or political communications.

    If y'all had a choice to guess which the US Administration, with its "born
    again Christian" ethic would rather monitor, child abusers or those who
    might take away from their absolute political power, what would you guess
    (?). It's not a puzzle to me. Please read.

    http://www.detnews.com/apps/pbcs.dll...609020366/1022

  2. Re: NSA wiretap, Friday night

    responder wrote:
    >
    > Even in this article, what is _not_ said, what is glossed over, is that
    > there is no oversight. The program has been judged illegal and
    > unconstitutional and yet continues.
    >
    > Even in this article, what is _not_ said, what is glossed over, is that
    > all (_*all*_) communications within the US, or that pass through US hubs
    > *might* be monitored, tapped, recorded, or *modified*. That includes all
    > commercial, personal or political communications.

    That is the really big problem, "no oversight". The government says
    there can't be oversight because that would compromise security. If that
    is not a catch 21 explanation I don't know what is. The Bush
    administration is saying "trust me", and why shouldn't we have they ever
    done anything to make us thing they are not the most trustworthy
    people in all the world?

    They say that the spying is only on information going in and out of the
    country, but how is anyone to know if there is no oversight. That is why
    this kind of activity should and previously did need a warrant. Their
    approach is like the classic joke "I could tell you but then I would
    have to kill you". Well they are killing us.

    --
    ----------------
    Barton L. Phillips
    Applied Technology Resources, Inc.
    Tel: (818)652-9850
    Web: http://www.applitec.com

  3. Re: NSA wiretap, Friday night

    Barton L. Phillips wrote:

    > responder wrote:
    >>
    >> Even in this article, what is _not_ said, what is glossed over, is that
    >> there is no oversight. The program has been judged illegal and
    >> unconstitutional and yet continues.
    >>
    >> Even in this article, what is _not_ said, what is glossed over, is that
    >> all (_*all*_) communications within the US, or that pass through US hubs
    >> *might* be monitored, tapped, recorded, or *modified*. That includes all
    >> commercial, personal or political communications.

    > That is the really big problem, "no oversight". The government says
    > there can't be oversight because that would compromise security. If that
    > is not a catch 21 explanation I don't know what is. The Bush
    > administration is saying "trust me", and why shouldn't we have they ever
    > done anything to make us thing they are not the most trustworthy
    > people in all the world?
    >
    > They say that the spying is only on information going in and out of the
    > country, but how is anyone to know if there is no oversight. That is why
    > this kind of activity should and previously did need a warrant. Their
    > approach is like the classic joke "I could tell you but then I would
    > have to kill you". Well they are killing us.
    >



    ....and your *REALLY* think anti Net Neutrality is really about helping
    business get better bandwidth???

    http://www.savetheinternet.com/

    Imhotep

  4. Re: NSA wiretap, Friday night

    imhotep wrote:
    > Barton L. Phillips wrote:
    >
    >> responder wrote:
    >>> Even in this article, what is _not_ said, what is glossed over, is that
    >>> there is no oversight. The program has been judged illegal and
    >>> unconstitutional and yet continues.
    >>>
    >>> Even in this article, what is _not_ said, what is glossed over, is that
    >>> all (_*all*_) communications within the US, or that pass through US hubs
    >>> *might* be monitored, tapped, recorded, or *modified*. That includes all
    >>> commercial, personal or political communications.

    >> That is the really big problem, "no oversight". The government says
    >> there can't be oversight because that would compromise security. If that
    >> is not a catch 21 explanation I don't know what is. The Bush
    >> administration is saying "trust me", and why shouldn't we have they ever
    >> done anything to make us thing they are not the most trustworthy
    >> people in all the world?
    >>
    >> They say that the spying is only on information going in and out of the
    >> country, but how is anyone to know if there is no oversight. That is why
    >> this kind of activity should and previously did need a warrant. Their
    >> approach is like the classic joke "I could tell you but then I would
    >> have to kill you". Well they are killing us.
    >>

    >
    >
    > ...and your *REALLY* think anti Net Neutrality is really about helping
    > business get better bandwidth???
    >
    > http://www.savetheinternet.com/
    >
    > Imhotep

    Interesting web site, but what does it have to do with this thread? What
    am I missing? There was another thread about "Net Neutrality" was this
    supposed to go with that thread?

    --
    ----------------
    Barton L. Phillips
    Applied Technology Resources, Inc.
    Tel: (818)652-9850
    Web: http://www.applitec.com

  5. Re: NSA wiretap, Friday night

    Barton L. Phillips wrote:

    > imhotep wrote:
    >> Barton L. Phillips wrote:
    >>
    >>> responder wrote:
    >>>> Even in this article, what is _not_ said, what is glossed over, is that
    >>>> there is no oversight. The program has been judged illegal and
    >>>> unconstitutional and yet continues.
    >>>>
    >>>> Even in this article, what is _not_ said, what is glossed over, is that
    >>>> all (_*all*_) communications within the US, or that pass through US
    >>>> hubs
    >>>> *might* be monitored, tapped, recorded, or *modified*. That includes
    >>>> all commercial, personal or political communications.
    >>> That is the really big problem, "no oversight". The government says
    >>> there can't be oversight because that would compromise security. If that
    >>> is not a catch 21 explanation I don't know what is. The Bush
    >>> administration is saying "trust me", and why shouldn't we have they ever
    >>> done anything to make us thing they are not the most trustworthy
    >>> people in all the world?
    >>>
    >>> They say that the spying is only on information going in and out of the
    >>> country, but how is anyone to know if there is no oversight. That is why
    >>> this kind of activity should and previously did need a warrant. Their
    >>> approach is like the classic joke "I could tell you but then I would
    >>> have to kill you". Well they are killing us.
    >>>

    >>
    >>
    >> ...and your *REALLY* think anti Net Neutrality is really about helping
    >> business get better bandwidth???
    >>
    >> http://www.savetheinternet.com/
    >>
    >> Imhotep

    > Interesting web site, but what does it have to do with this thread? What
    > am I missing? There was another thread about "Net Neutrality" was this
    > supposed to go with that thread?
    >


    They are related as there is a covert attempt here in the US to monitor and
    thus control the Internet. In some ways it is also linked to the illegal
    (in my opinion anyway) wiretapping that is also going on. Also, it was
    revealed that AT&T had been examining email for the US Gov about 6 months
    ago. Also without a warrent. Then look at the fight Google had when the US
    Gov wanted the searches from 1 Million people. And it was revealed that
    Yahoo had been doing it for sometime. I ask you, why would you ask for 1
    million random people?

    If you look at the big picture here in the US there is a broad and far
    reaching attempt to remove the anonymity of people on the Internet...as
    well as monitor them...

    Imhotep

    it is far more board than one first thinks.





  6. Re: NSA wiretap, Friday night

    imhotep wrote:

    > Barton L. Phillips wrote:
    >
    >> imhotep wrote:
    >>> Barton L. Phillips wrote:
    >>>
    >>>> responder wrote:
    >>>>> Even in this article, what is _not_ said, what is glossed over, is
    >>>>> that there is no oversight. The program has been judged illegal and
    >>>>> unconstitutional and yet continues.
    >>>>>
    >>>>> Even in this article, what is _not_ said, what is glossed over, is
    >>>>> that all (_*all*_) communications within the US, or that pass
    >>>>> through US hubs
    >>>>> *might* be monitored, tapped, recorded, or *modified*. That
    >>>>> includes all commercial, personal or political communications.
    >>>> That is the really big problem, "no oversight". The government says
    >>>> there can't be oversight because that would compromise security. If
    >>>> that is not a catch 21 explanation I don't know what is. The Bush
    >>>> administration is saying "trust me", and why shouldn't we have they
    >>>> ever
    >>>> done anything to make us thing they are not the most trustworthy
    >>>> people in all the world?
    >>>>
    >>>> They say that the spying is only on information going in and out of
    >>>> the country, but how is anyone to know if there is no oversight. That
    >>>> is why this kind of activity should and previously did need a
    >>>> warrant. Their approach is like the classic joke "I could tell you
    >>>> but then I would have to kill you". Well they are killing us.
    >>>>
    >>>>
    >>>>
    >>> ...and your *REALLY* think anti Net Neutrality is really about helping
    >>> business get better bandwidth???
    >>>
    >>> http://www.savetheinternet.com/
    >>>
    >>> Imhotep

    >> Interesting web site, but what does it have to do with this thread?
    >> What am I missing? There was another thread about "Net Neutrality" was
    >> this supposed to go with that thread?
    >>
    >>

    > They are related as there is a covert attempt here in the US to monitor
    > and thus control the Internet. In some ways it is also linked to the
    > illegal (in my opinion anyway) wiretapping that is also going on. Also,
    > it was revealed that AT&T had been examining email for the US Gov about
    > 6 months ago. Also without a warrent. Then look at the fight Google had
    > when the US Gov wanted the searches from 1 Million people. And it was
    > revealed that Yahoo had been doing it for sometime. I ask you, why would
    > you ask for 1 million random people?
    >
    > If you look at the big picture here in the US there is a broad and far
    > reaching attempt to remove the anonymity of people on the Internet...as
    > well as monitor them...
    >
    > Imhotep
    >
    > it is far more board than one first thinks.



    As OP in this thread, I think you have gone off topic.

    I agree with your net-neutral ideas. Many (who I know) do not. Your
    off-topic comments in this thread do not advance any meaningful discussion
    of the subject at hand. They actually detract from the focus of the
    discussion.

    Not to be unkind or mean in any way. But: If you cannot talk to the
    subject at hand, then don't write at all.

    ....Hope to hear from you in a different thread soon.

  7. Re: NSA wiretap, Friday night

    responder wrote:
    > As OP in this thread, I think you have gone off topic.
    >
    > I agree with your net-neutral ideas. Many (who I know) do not. Your
    > off-topic comments in this thread do not advance any meaningful discussion
    > of the subject at hand. They actually detract from the focus of the
    > discussion.


    As an OR (original reader) of this thread, I actually see a
    connection between US "domestic" spying and net neutrality.
    Specificly, if a spy wishes to gather information on the US
    portion of the internet, then it would be best for the spy if
    most of the traffic traversed the fewest number of network nodes
    as possible. To the extent that a non-neutral net net reduces
    the work of the spy, by funneling traffic through a handful of
    super-ISPs, then that subthread is relevant. But, now that the
    point has been made, let's do get back to the NSA wiretap issue
    so that the NSA has something personal to read about. ;-)

    --
    PLEASE post a SUMMARY of the answer(s) to your question(s)!
    Show Windows & Gates to the exit door.
    Unless otherwise noted, the statements herein reflect my personal
    opinions and not those of any organization with which I may be affiliated.

  8. Re: NSA wiretap, Friday night

    responder wrote:

    > imhotep wrote:
    >
    >> Barton L. Phillips wrote:
    >>
    >>> imhotep wrote:
    >>>> Barton L. Phillips wrote:
    >>>>
    >>>>> responder wrote:
    >>>>>> Even in this article, what is _not_ said, what is glossed over, is
    >>>>>> that there is no oversight. The program has been judged illegal and
    >>>>>> unconstitutional and yet continues.
    >>>>>>
    >>>>>> Even in this article, what is _not_ said, what is glossed over, is
    >>>>>> that all (_*all*_) communications within the US, or that pass
    >>>>>> through US hubs
    >>>>>> *might* be monitored, tapped, recorded, or *modified*. That
    >>>>>> includes all commercial, personal or political communications.
    >>>>> That is the really big problem, "no oversight". The government says
    >>>>> there can't be oversight because that would compromise security. If
    >>>>> that is not a catch 21 explanation I don't know what is. The Bush
    >>>>> administration is saying "trust me", and why shouldn't we have they
    >>>>> ever
    >>>>> done anything to make us thing they are not the most trustworthy
    >>>>> people in all the world?
    >>>>>
    >>>>> They say that the spying is only on information going in and out of
    >>>>> the country, but how is anyone to know if there is no oversight. That
    >>>>> is why this kind of activity should and previously did need a
    >>>>> warrant. Their approach is like the classic joke "I could tell you
    >>>>> but then I would have to kill you". Well they are killing us.
    >>>>>
    >>>>>
    >>>>>
    >>>> ...and your *REALLY* think anti Net Neutrality is really about helping
    >>>> business get better bandwidth???
    >>>>
    >>>> http://www.savetheinternet.com/
    >>>>
    >>>> Imhotep
    >>> Interesting web site, but what does it have to do with this thread?
    >>> What am I missing? There was another thread about "Net Neutrality" was
    >>> this supposed to go with that thread?
    >>>
    >>>

    >> They are related as there is a covert attempt here in the US to monitor
    >> and thus control the Internet. In some ways it is also linked to the
    >> illegal (in my opinion anyway) wiretapping that is also going on. Also,
    >> it was revealed that AT&T had been examining email for the US Gov about
    >> 6 months ago. Also without a warrent. Then look at the fight Google had
    >> when the US Gov wanted the searches from 1 Million people. And it was
    >> revealed that Yahoo had been doing it for sometime. I ask you, why would
    >> you ask for 1 million random people?
    >>
    >> If you look at the big picture here in the US there is a broad and far
    >> reaching attempt to remove the anonymity of people on the Internet...as
    >> well as monitor them...
    >>
    >> Imhotep
    >>
    >> it is far more board than one first thinks.

    >
    >
    > As OP in this thread, I think you have gone off topic.
    >
    > I agree with your net-neutral ideas. Many (who I know) do not. Your
    > off-topic comments in this thread do not advance any meaningful discussion
    > of the subject at hand. They actually detract from the focus of the
    > discussion.
    >
    > Not to be unkind or mean in any way. But: If you cannot talk to the
    > subject at hand, then don't write at all.
    >
    > ...Hope to hear from you in a different thread soon.



    Again, I did not mean to derail your discussion. However, I do see a
    connection (Illegal Wiretaps and Anti Net Neutrality). My point was to
    *add* to your discussion not *subtract* from it...If you think I was
    subtracting from it, then I apologize. It was not my intent...

    Imhotep

  9. Re: NSA wiretap, Friday night

    imhotep wrote:
    > Barton L. Phillips wrote:
    >
    >> imhotep wrote:
    >>> Barton L. Phillips wrote:
    >>>
    >>>> responder wrote:
    >>>>> Even in this article, what is _not_ said, what is glossed over, is that
    >>>>> there is no oversight. The program has been judged illegal and
    >>>>> unconstitutional and yet continues.
    >>>>>
    >>>>> Even in this article, what is _not_ said, what is glossed over, is that
    >>>>> all (_*all*_) communications within the US, or that pass through US
    >>>>> hubs
    >>>>> *might* be monitored, tapped, recorded, or *modified*. That includes
    >>>>> all commercial, personal or political communications.
    >>>> That is the really big problem, "no oversight". The government says
    >>>> there can't be oversight because that would compromise security. If that
    >>>> is not a catch 21 explanation I don't know what is. The Bush
    >>>> administration is saying "trust me", and why shouldn't we have they ever
    >>>> done anything to make us thing they are not the most trustworthy
    >>>> people in all the world?
    >>>>
    >>>> They say that the spying is only on information going in and out of the
    >>>> country, but how is anyone to know if there is no oversight. That is why
    >>>> this kind of activity should and previously did need a warrant. Their
    >>>> approach is like the classic joke "I could tell you but then I would
    >>>> have to kill you". Well they are killing us.
    >>>>
    >>>
    >>> ...and your *REALLY* think anti Net Neutrality is really about helping
    >>> business get better bandwidth???
    >>>
    >>> http://www.savetheinternet.com/
    >>>
    >>> Imhotep

    >> Interesting web site, but what does it have to do with this thread? What
    >> am I missing? There was another thread about "Net Neutrality" was this
    >> supposed to go with that thread?
    >>

    >
    > They are related as there is a covert attempt here in the US to monitor and
    > thus control the Internet. In some ways it is also linked to the illegal
    > (in my opinion anyway) wiretapping that is also going on. Also, it was
    > revealed that AT&T had been examining email for the US Gov about 6 months
    > ago. Also without a warrent. Then look at the fight Google had when the US
    > Gov wanted the searches from 1 Million people. And it was revealed that
    > Yahoo had been doing it for sometime. I ask you, why would you ask for 1
    > million random people?
    >
    > If you look at the big picture here in the US there is a broad and far
    > reaching attempt to remove the anonymity of people on the Internet...as
    > well as monitor them...
    >
    > Imhotep
    >
    > it is far more board than one first thinks.
    >
    >
    >
    >

    Yes, with the additional relevant information above I see the
    connection, however, the previous post left me a little confused.

    I agree that the US administration is out of control, and changing my
    country in ways that make me sick and afraid. I am glad that I am not
    the only one disturbed.

    --
    ----------------
    Barton L. Phillips
    Applied Technology Resources, Inc.
    Tel: (818)652-9850
    Web: http://www.applitec.com

  10. Re: NSA wiretap, Friday night

    imhotep wrote:

    > responder wrote:
    >
    >> imhotep wrote:
    >>
    >>> Barton L. Phillips wrote:
    >>>
    >>>> imhotep wrote:
    >>>>> Barton L. Phillips wrote:
    >>>>>
    >>>>>> responder wrote:
    >>>>>>> Even in this article, what is _not_ said, what is glossed over, is
    >>>>>>> that there is no oversight. The program has been judged illegal
    >>>>>>> and unconstitutional and yet continues.
    >>>>>>>
    >>>>>>> Even in this article, what is _not_ said, what is glossed over, is
    >>>>>>> that all (_*all*_) communications within the US, or that pass
    >>>>>>> through US hubs
    >>>>>>> *might* be monitored, tapped, recorded, or *modified*. That
    >>>>>>> includes all commercial, personal or political communications.
    >>>>>> That is the really big problem, "no oversight". The government says
    >>>>>> there can't be oversight because that would compromise security. If
    >>>>>> that is not a catch 21 explanation I don't know what is. The Bush
    >>>>>> administration is saying "trust me", and why shouldn't we have they
    >>>>>> ever
    >>>>>> done anything to make us thing they are not the most trustworthy
    >>>>>> people in all the world?
    >>>>>>
    >>>>>> They say that the spying is only on information going in and out of
    >>>>>> the country, but how is anyone to know if there is no oversight.
    >>>>>> That is why this kind of activity should and previously did need a
    >>>>>> warrant. Their approach is like the classic joke "I could tell you
    >>>>>> but then I would have to kill you". Well they are killing us.
    >>>>>>
    >>>>>>
    >>>>>>
    >>>>> ...and your *REALLY* think anti Net Neutrality is really about
    >>>>> helping business get better bandwidth???
    >>>>>
    >>>>> http://www.savetheinternet.com/
    >>>>>
    >>>>> Imhotep
    >>>> Interesting web site, but what does it have to do with this thread?
    >>>> What am I missing? There was another thread about "Net Neutrality" was
    >>>> this supposed to go with that thread?
    >>>>
    >>>>
    >>> They are related as there is a covert attempt here in the US to monitor
    >>> and thus control the Internet. In some ways it is also linked to the
    >>> illegal (in my opinion anyway) wiretapping that is also going on. Also,
    >>> it was revealed that AT&T had been examining email for the US Gov about
    >>> 6 months ago. Also without a warrent. Then look at the fight Google had
    >>> when the US Gov wanted the searches from 1 Million people. And it was
    >>> revealed that Yahoo had been doing it for sometime. I ask you, why
    >>> would you ask for 1 million random people?
    >>>
    >>> If you look at the big picture here in the US there is a broad and far
    >>> reaching attempt to remove the anonymity of people on the Internet...as
    >>> well as monitor them...
    >>>
    >>> Imhotep
    >>>
    >>> it is far more board than one first thinks.

    >>
    >>
    >> As OP in this thread, I think you have gone off topic.
    >>
    >> I agree with your net-neutral ideas. Many (who I know) do not. Your
    >> off-topic comments in this thread do not advance any meaningful
    >> discussion of the subject at hand. They actually detract from the focus
    >> of the discussion.
    >>
    >> Not to be unkind or mean in any way. But: If you cannot talk to the
    >> subject at hand, then don't write at all.
    >>
    >> ...Hope to hear from you in a different thread soon.

    >
    >
    > Again, I did not mean to derail your discussion. However, I do see a
    > connection (Illegal Wiretaps and Anti Net Neutrality). My point was to
    > *add* to your discussion not *subtract* from it...If you think I was
    > subtracting from it, then I apologize. It was not my intent...
    >
    > Imhotep


    I guess we are in sync after all. And especially with the benefit of
    comments from the other gentlemen, I am starting to see the larger
    connections. Thank you (all) for taking the time to explain this so
    kindly.

    The unsupervised (warrantless) access to private communications has
    immense negative repercussions, and little or no positive benefits that
    have been shown or can be expected. And there are certainly simpler and
    more obvious steps that could enhance collective security, without
    trashing our entire system of constitutionally guaranteed rights. (Though
    some might disagree, providing civil legal mechanisms to counter the
    growth of botnets, without expecting ISP's to be enforcers, would help a
    lot, IMO.) There are many possible examples that could be put forward if
    any in the extant power structure were in a position to act and wanted to
    listen. If the US had had any kind of energy policy other than to make
    the oil companies richer and richer, we would now also be in a far less
    vulnerable position. In a large sense, these are all connected because
    they are the result of the intentional mismanagement of our government by
    this administration.

    At least three courts have recently found against this administration's
    policies. (There was a ruling against so-called "Military Tribunals" for
    "enemy combatants". There was a ruling in San Francisco, based in part on
    the President's own public statements against invocation of "State
    Secrets" in the EFF lawsuit v. NSA and AT&T. There was a ruling in
    Detroit that flatly declared the program illegal and unconstitutional.)
    Yet the program continues under a stay until appeals are exhausted. And
    the administration has chosen the slowest and most lengthly route of
    appeal, obviously because they do not want expedited judicial review.
    That last point is exactly the center of objection to the entire (what we
    know) NSA wiretap issue.

    To wit: The administration had legal tools and mechanisms available to do
    all these things legally and constitutionally, but chose to not do them in
    a legal, constitutionally correct way. If they felt they needed
    additional legal leeway, they were free to request additional statutory
    authorization from their own, Republican controlled Congress, but chose to
    not do that. Now that they have been judged to be acting in violation of
    law and of the Constitution, they have chosen the slowest, longest route
    to eventual consideration by the US Supreme Court. That is because they
    do not want judicial or any other review so long as they can maintain the
    status quo.

    The FISA supervision, which is secret and apparently very permissive, was
    written into law to address wiretap abuses by a previous US Presidential
    administration. Those abuses included wiretapping for political purposes
    and for monitoring "enemies" such as nonviolent political dissenters.
    That was the purpose of the FISA statute and secret court that this
    administration chose to ignore, and that this President then chose to
    publicly lie about.

    If you do a few traceroutes from or to almost anywhere in the US, your
    results will vary, of course. But chances are you will see many nodes
    that belong to AT&T, and are clearly named as such. Any one of those can
    split a signal and send it to NSA. That is exactly what is alleged in the
    EFF suit in SF v. AT&T and NSA that Judge Walker ruled can proceed,
    ruling against the administration's argument of State Secrets. Judge
    Walker will be hearing consolidated cases from across the US.

    This is difficult to follow, and I might not have this right, but Judge
    Taylor in Detroit made the ruling and ordered a halt to the NSA wiretap
    program. The order was stayed pending appeal. And the article linked
    reports that the administration has again made the State Secrets argument
    that appears to me to be the same one initially rejected both by her and
    by Judge Walker in SF. Perhaps it is not identical (?). Also another
    "overly broad" argument. The papers were filed Friday before a holiday
    weekend. That is the time this administration releases news that they do
    not want seen.

    There are oral arguments scheduled on the appeal on Thursday, September 7,
    and I am not sure if that is in front of Judge Taylor or another. That is
    in the ACLU suit, and their site may have more information (aclu.org), or
    search Google News.

    There is no reasonable expectation of information security possible in
    this picture. There is no reasonable basis on which to base any trust in
    the integrity of this administration or this President. There is every
    reason to suspect that the NSA wiretap program was intended and conceived
    from the start as an extra-legal (illegal) operation and remains so today
    with the full knowledge and support of the President. There is every
    reason to expect that this President and this administration will stop at
    nothing to maintain and expand their power. The interests of the citizens
    and of the country are of no concern to these people.

    Thanks again for writing.

  11. Re: NSA wiretap, Friday night

    New news of legal action in this issue:

    Rights group asks judge to stop wiretap program

    By Christine Kearney Tue Sep 5, 8:11 PM ET

    NEW YORK (Reuters)

    http://news.yahoo.com/s/nm/20060906/...vesdropping_dc

    http://www.ccr-ny.org/v2/home.asp

    (this is not yet on the ccr-ny site)

    The original link in this thread was,

    > http://www.detnews.com/apps/pbcs.dll...609020366/1022


  12. Cyberterrorism [was: Re: NSA wiretap, Friday night]

    responder wrote lots of good observations about
    unconstitional and illegal NSA wiretaping which is one form of
    computer insecurity.

    One thing that the US administration has been very lax in is
    improving cyber security. With so much relying on a working
    Internet, we need to keep it working. What can we do, as
    people who presumably care about this stuff enough to read this
    newsgroup? I don't think we have the luxury of waiting for
    someone else to do it for us. Maybe they don't even want to do
    it for us? If the Internet were more hardened against cyber
    terrorists, maybe the same hardening would lessen their ability
    to do their own spying?

    So, what can WE do?

    --
    PLEASE post a SUMMARY of the answer(s) to your question(s)!
    Show Windows & Gates to the exit door.
    Unless otherwise noted, the statements herein reflect my personal
    opinions and not those of any organization with which I may be affiliated.

  13. Re: NSA wiretap, Friday night

    So, what can we do to keep our information out of the hands of anyone,
    including the gov't, that we don't trust with that knowledge? Now that
    we know that they're going to spy on us, or at least someone is going to
    spy on us.

    --
    PLEASE post a SUMMARY of the answer(s) to your question(s)!
    Show Windows & Gates to the exit door.
    Unless otherwise noted, the statements herein reflect my personal
    opinions and not those of any organization with which I may be affiliated.

  14. Re: Cyberterrorism [was: Re: NSA wiretap, Friday night]

    Kevin the Drummer wrote:

    > responder wrote lots of good observations about
    > unconstitional and illegal NSA wiretaping which is one form of computer
    > insecurity.
    >
    > One thing that the US administration has been very lax in is improving
    > cyber security. With so much relying on a working Internet, we need to
    > keep it working. What can we do, as people who presumably care about
    > this stuff enough to read this newsgroup? I don't think we have the
    > luxury of waiting for someone else to do it for us. Maybe they don't
    > even want to do it for us? If the Internet were more hardened against
    > cyber terrorists, maybe the same hardening would lessen their ability to
    > do their own spying?
    >
    > So, what can WE do?


    I'm glad you asked. Thanks for your kindness and support. I approve of
    the subject change, although not all software handles that well (mine is
    OK with it.) I will try to answer both your questions as well as I can,
    but only wish I could do better. Whether any particular illicit activity
    is most correctly called criminal or terrorist, the results inevitably
    lead to increased costs for everyone and for everything, and possibly
    damages other than financial.

    1. ("Preaching to the choir" here...) Keep your own systems in order,
    updated and secure so you don't become part of the problem.

    2. Use a (firewall) log aggregation service like dshield or mynetwatchman.
    It takes most of the work out of monitoring your own logs, costs nothing
    and helps systemetize reporting of the most seriously offensive sources.
    The aggregators, particularly at SANS watch the reports and often detect
    new threats very quickly, and publish warnings and collect details from
    and for all readers. F-secure also keeps a similarly informative blog.
    These three all seem trustworthy and diligent about keeping private
    information private.

    Those two suggestions are easy to make because they don't involve
    advocating anyone take any real new independent action, and so are fairly
    safe. The following are more difficult to say well, and there is always a
    danger that someone will misconstrue and do something unintended or
    counterproductive. So please be circumspect.

    3. Advocate (gently) for computer and network security, to people you know
    personally, especially if they are doing unsafe things. Children and
    young people are often among the most computer literate people. But they
    also need to learn from somewhere. If you can give a simple suggestion or
    two to a receptive child, along with a simple explanation of what and why
    it helps, you can sometimes get remarkably good results for very small
    effort. Parents also often need and appreciate a small, kind suggestion
    or two. If people are not receptive, don't pursue it.

    4. This is potentially more controversial and more subject to going wrong.
    I'll try to say it as simply as I can.

    I think that there needs to be a generally accepted and acceptable
    standard that if a connected computer is compromised, it should be
    disconnected. We do not have that today. I see the primary reason for
    that failure as resulting directly from a system where the ISP is the
    enforcer. A conflict of interest arises because the most diligent
    application of that standard will at best antagonize many customers, and
    might result in loss of customer (and revenue) base.

    In order for such a system to be uniformly applied in a fundamentally
    non-punitive and non-disruptive way, the enforcer role must be essentially
    separated from from the discretion of the ISP. Good planning and careful
    attention to detail is indispensable. But it needs to be a statutory
    standard to be able to work.

    I expect that technical issues would be minimal, initial set up costs
    relatively low, and initial and ongoing costs to be reimbursed to the
    government authority through non-punitive fees or fines by those requiring
    help or attention. I do not foresee any significant disruption to any
    currently operating business or other type of organization, except of
    course for the user who is temporarily disconnected. Even that
    disconnection time could be minimized or eliminated when the machine is
    clean. Everyone who is currently working in related efforts could
    continue as before, except they would cooperate with a coordinating
    authority.

    Detection of compromised machines could be done the same way and by the
    same people who now do so: namely log aggregation services. Additional or
    alternate strategies could also be used, but would not seem to be
    necessary.

    A "Standard Operating Procedure" would be developed to specify what
    actions would happen and when they would happen. This procedure would be
    drafted with the input of all users and providers. This SOP would then be
    enforced by the statute. And the statute could authorize a procedure for
    modification of the SOP.

    The essential elements are:
    (1) the ISP is notified (as now) of a compromised machine and then
    notifies the customer _and_ the coordinating authority. The customer's
    identity would need to be included for the plan to be effective, but that
    information need not be retained indefinitely or necessarily reported to
    others. (There could be a "mandatory disconnection" of one day to be
    assured that the customer did indeed get the message, which could also be
    waived at the customer's request for reason and with some restrictions.)

    (2) The ISP hosts a (paid) proxy server on their premises that is built
    and maintained as specified in the SOP. When the customer is reconnected
    (for reason or need or when repaired) his connection is proxied through
    this server for a (specified) few days. This allows the ISP time to know
    that the machine is clean, certify this to the CA and resume a normal
    connection.

    The proxy server would be built to some standard to minimize or mitigate
    the transmission of malware vectors by the (previously?) compromised
    machine(s). And it would allow (limited?) connection for the need or
    convenience of the customer.

    For example, if a customer's machine gets a (0-day?) virus and starts
    sending a stream of traffic while trying to spread, it is detected and
    reported, that customer is immediately disconnected by the ISP while
    concurrently notifying the CA and the customer. (The ISP *calls" the
    customer or the customer calls the ISP.) The (irate) customer says "Why
    isn't my connection up?" The ISP can say "We had to; it's the new law.
    ...." Customer complains "I need to connect to get the new antivirus
    sigs." ISP replies, "No problem." I have reset your connection so it
    will go through the Coordinating Authority's Proxy Server, which will
    protect other users of the network from infection until you can get your
    machine fixed up.. You can get your sigs. And if they (really we, since we
    run it under contract) don't see any more indication of the virus activity
    by Friday we'll set your connection back to normal. If you have any
    problems using the proxy server, give us a call. We're sorry for any
    inconvenience. But we are required to do this under the new law, to try
    to limit botnets and prevent cyber-terrorism. Is there anything else I can
    help you with this afternoon? ..."

    It would probably need to be planned and vetted and deployed in a small
    jurisdiction initially. To be really effective, it would want to be
    deployed at least nationally. But a test run to shake out all the details
    could probably be set up in almost any state or county.


    What do you think? Is this doable? Is it advisable? Are there other
    suggestions that are better?

    Thanks for asking, thanks for writing, thanks for reading.

  15. Re: Cyberterrorism [was: Re: NSA wiretap, Friday night]

    responder wrote:
    > Kevin the Drummer wrote:
    > [snip]
    > > So, what can WE do [to improve cyber security]?

    >
    > Whether any particular illicit activity is most correctly
    > called criminal or terrorist


    I suppose that there is overlap in the protection schemes between
    those two classes of attackers.

    > 1. Keep your own systems in order, updated and secure so you
    > don't become part of the problem.


    Of course! Gotta worry about the other folks tho. You cover
    that below some.

    > 2. Use a (firewall) log aggregation service


    Yup.

    > 3. Advocate (gently) for computer and network security, to
    > people you know personally, especially if they are doing unsafe
    > things.


    I already do.

    > 4. ... I think that there needs to be a generally accepted
    > and acceptable standard that if a connected computer is
    > compromised, it should be disconnected.


    That would need to be somehow seen as a benefit to the end user.
    Before the explosion in spam having someone else filter one's
    email would have been wholly unacceptable. Now it's seen as an
    absolute need. Having one's computer disconnected needs to be
    seen as a need and managed well enough so as to provide a good
    way back to a connected usable system.

    > In order for such a system to be uniformly applied in a
    > fundamentally non-punitive and non-disruptive way, the enforcer
    > role must be essentially separated from from the discretion of
    > the ISP.


    I *think* I agree with that. I wonder if it's really needed tho.
    Wouldn't someone move from one ISP to another if it was really
    bad at their original ISP?

    I wonder if someone could subscribe to an as of yet non-existent
    service that would inspect their traffic for troubles and do the
    shutdown?

    I wonder if there is some way, sort of like your proxy idea, to
    have a brown-out of the connection?

    > I expect that technical issues would be minimal, initial set
    > up costs relatively low, and initial and ongoing costs to be
    > reimbursed to the government authority


    Does it really require government intervention? Can't it be
    a fee service paid to a 3rd party, or even the original ISP?
    Considering your original NSA thread, do you really want the
    gov't involved at all?

    > Detection of compromised machines could be done the same way
    > and by the same people who now do so: namely log aggregation
    > services. Additional or alternate strategies could also be
    > used, but would not seem to be necessary.


    Should their be any detection of client machine components to see
    if they are have vulnerabilities? For example, if someone is
    running a really bad version of IE or Exchange, should the user
    be alerted by email that their service will be restricted (brown
    out or disconnect) after some number of minutes or days?

    > A "Standard Operating Procedure" would be developed to specify
    > what actions would happen and when they would happen. This
    > procedure would be drafted with the input of all users and
    > providers. This SOP would then be enforced by the statute.
    > And the statute could authorize a procedure for modification of
    > the SOP.


    I can see that it could escalate to the above extent. But,
    the black-hats are very adaptive and fast. I'm not sure that
    a statute could keep up. Just imagine how fast Symantec could
    respond if their were a statute governing what they provide.

    > The essential elements are: (1) the ISP is notified (as now)
    > of a compromised machine and then notifies the customer _and_
    > the coordinating authority. The customer's identity would
    > need to be included for the plan to be effective, but that
    > information need not be retained indefinitely or necessarily
    > reported to others. (There could be a "mandatory disconnection"
    > of one day to be assured that the customer did indeed get the
    > message, which could also be waived at the customer's request
    > for reason and with some restrictions.)
    >
    > (2) The ISP hosts a (paid) proxy server on their premises that
    > is built and maintained as specified in the SOP. When the
    > customer is reconnected (for reason or need or when repaired)
    > his connection is proxied through this server for a (specified)
    > few days. This allows the ISP time to know that the machine is
    > clean, certify this to the CA and resume a normal connection.
    >
    > The proxy server would be built to some standard to minimize
    > or mitigate the transmission of malware vectors by the
    > (previously?) compromised machine(s). And it would allow
    > (limited?) connection for the need or convenience of the
    > customer.


    [snip]

    > What do you think? Is this doable? Is it advisable? Are
    > there other suggestions that are better?


    I think that's a starting place. Maybe something like this would
    make a good research project at a university. Universities
    would also make a good proving ground, and the ISP (the school)
    is small enough to be adaptive to such a system while it's in
    development.

    Thoughts from other folks?

    --
    PLEASE post a SUMMARY of the answer(s) to your question(s)!
    Show Windows & Gates to the exit door.
    Unless otherwise noted, the statements herein reflect my personal
    opinions and not those of any organization with which I may be affiliated.

  16. Re: NSA wiretap, Friday night


    "Kevin the Drummer" wrote in message
    news:slrnefto6c.t1m.nobody@lwe125529.cse.tek.com.. .
    > So, what can we do to keep our information out of the hands of anyone,
    > including the gov't, that we don't trust with that knowledge? Now that
    > we know that they're going to spy on us, or at least someone is going to
    > spy on us.
    >
    > --
    > PLEASE post a SUMMARY of the answer(s) to your question(s)!
    > Show Windows & Gates to the exit door.
    > Unless otherwise noted, the statements herein reflect my personal
    > opinions and not those of any organization with which I may be affiliated.



    Move to a backwards country that has a lack of technology.

    Realize that in the US, this generations introduction to The Database most
    likely started with establishing your SSN. From there its all downhill.
    Since I am not of this generation, I dont have firsthand info on how one
    initially gets added to The System, but I can imagine thats a good start.

    I bought cigarettes for a pal of mine once at a 7/11. The cashier asked
    for my drivers license, I presumed to check my age.
    Ok, cool. I hand it over.
    TO LOOK AT.
    He swipes it through the card reader, and now, someplace, I am surely
    labelled as a smoker. Further consolidation of databases occurs as info
    is brokered from one firm to another... and you should be able to draw
    your own conclusion with this.

    Whatever, feel free to email me your credit card info or SSN info, or any
    other private information if you happen to trust me more than any
    government -- my point being, why trust -any- entity with your personal
    information, or any entities ability to snoop on you.

    I rather give more attention to the crafty inspired 'net criminals, dumpster
    diving tweakers in my alley, or anyone who can strangle a penny from a
    million 'live' positives that a sale of a database can provide. Thats a lot
    more immediate to me.

    Regardless of who or what is spying on you, as some will obsess upon ad
    nauseum here, I will finally bring this thread to some semblance of
    on-topicness:

    If using technology, encrypt.
    If your technology does not support it, dont use it.



    jcj




  17. Re: Cyberterrorism [was: Re: NSA wiretap, Friday night]

    Kevin the Drummer wrote:

    > responder wrote:
    >> Kevin the Drummer wrote:
    >> [snip]
    >> > So, what can WE do [to improve cyber security]?

    >>
    >> Whether any particular illicit activity is most correctly called
    >> criminal or terrorist

    >
    > I suppose that there is overlap in the protection schemes between those
    > two classes of attackers.


    A botnet set up by a criminal can be sold to a terrorist. The original
    intent was to limit the growth of botnets. If people see that this is
    important to do for any reason, they will be more inclined to accept the
    uniform rule to disconnect compromised machines.

    >> 1. Keep your own systems in order, updated and secure so you don't
    >> become part of the problem.

    >
    > Of course! Gotta worry about the other folks tho. You cover that below
    > some.
    >
    >> 2. Use a (firewall) log aggregation service

    >
    > Yup.
    >
    >> 3. Advocate (gently) for computer and network security, to people you
    >> know personally, especially if they are doing unsafe things.

    >
    > I already do.
    >
    >> 4. ... I think that there needs to be a generally accepted and
    >> acceptable standard that if a connected computer is compromised, it
    >> should be disconnected.

    >
    > That would need to be somehow seen as a benefit to the end user. Before
    > the explosion in spam having someone else filter one's email would have
    > been wholly unacceptable. Now it's seen as an absolute need. Having
    > one's computer disconnected needs to be seen as a need and managed well
    > enough so as to provide a good way back to a connected usable system.


    Yes. There is work to be done in educating and motivating people in the
    need for this. It does need to be widely accepted and supported. It is
    the most non-disruptive and non-punitive plan I could outline. It can be
    improved, and your comments are constructive.

    For myself, I can see a real benefit just in preventing criminal or
    terrorist activity. And while the plan should be non-disruptive to the
    legitimate users, it should absolutely be as disruptive as possible to the
    bot-meisters.

    This benefit doesn't have a price tag; it cannot be easily quantified. We
    don't yet have a clear example like the oft repeated example of "9/11".
    And we really shouldn't wait for one or hope for one.

    Perhaps this could be tied in to some other coupled benefit such as help
    with peoples' compromised machines, as you suggested below. Maybe someone
    else could comment on this

    >> In order for such a system to be uniformly applied in a fundamentally
    >> non-punitive and non-disruptive way, the enforcer role must be
    >> essentially separated from from the discretion of the ISP.

    >
    > I *think* I agree with that. I wonder if it's really needed tho.
    > Wouldn't someone move from one ISP to another if it was really bad at
    > their original ISP?


    I think that may actually be one of the best arguments in favor of the
    need for a statutory requirement. Specifically *if* the requirement and
    the implementation is is uniform and identical at all ISP's, there would
    be little or no motivation to switch providers. It shouldn't be bad at
    any ISP, and the procedures and the proxy servers at any ISP should be
    functionally identical. That's the plan anyway. This exact question
    would surely be a central concern to any ISP and would need to be
    carefully addressed. One original thought was that a coordinating
    authority would have names of users who were recently referred, and could
    check all names requesting new service from other ISP's in the area. If
    the user is switching providers to avoid cleaning the machine, the new
    provider would be required to do exactly the same thing as the original
    provider was required to do. This is not draconian. It is simply the
    enforcement mechanism needed to provide uniform application of the rule,
    and to protect ISP's from exactly this kind of exposure. The need for
    uniformity is why I think that it needs to be statutory. I would think it
    would be welcomed by ISP's because they would not be the "bad guy" in
    disconnecting a compromised user, but only obeying the terms of a statute
    and community standard. Perhaps that's an error.

    > I wonder if someone could subscribe to an as of yet non-existent service
    > that would inspect their traffic for troubles and do the shutdown?


    I'm not sure I see a clear benefit in that. As I see it, the shutdown is
    mostly symbolic, with a purpose to be sure that the user got the message
    that his box is compromised and needs to be cleaned. If the user says he
    needs the connection open, the ISP can open it through the proxy server.
    That box would be set to filter mal traffic from the user to protect other
    users. It might not pass all the traffic the user wants (or thinks he
    wants), and it might be marginally slower. Aside from that, it would be a
    fully functional connection.

    I considered a suggestion to eliminate the actual disconnection in favor
    of simply switching the connection to the proxy, sending an automated
    e-mail and placing a banner and hyper-link at the top of all web pages. I
    don't think that would be as effective as requiring the customer to
    specifically ask for the proxy connection. There could be other issues
    with an automatic switch-over. I think the manual method is better.

    At one time I thought about non-intrusively filtering all traffic for UDP
    spam, because it's almost impossible to control that any other way. But
    it would really require software running on multiple machines at all
    access points. I couldn't rigorously support that.

    > I wonder if there is some way, sort of like your proxy idea, to have a
    > brown-out of the connection?


    This would be a little bit browned out, but not much hopefully. I think
    it is important for the user to acknowledge the problem and agree to the
    need for remediation. The server could host some simple helps for self
    remediation and where to get outside help. Most ISP's already have such
    pages posted.

    >> I expect that technical issues would be minimal, initial set up costs
    >> relatively low, and initial and ongoing costs to be reimbursed to the
    >> government authority

    >
    > Does it really require government intervention? Can't it be a fee
    > service paid to a 3rd party, or even the original ISP? Considering your
    > original NSA thread, do you really want the gov't involved at all?


    For the reasons stated, I think it does. Congress has traditionally
    stayed away from regulating the internet, and I am glad for that. This is
    a bit different because it is really a defensive measure to protect all
    network users from attacks. I don't see a practicable way to do this
    without statutory requirement. The proceeds of fees would only go towards
    the most minimal of administrative costs with the bulk being returned to
    the ISP for their hosting and other costs. In effect they would be
    getting paid for doing what they are now doing for free.

    WRT the warrantless wiretap, that is an abuse of power because it clearly
    seems, and has been judged to be illegal and unconstitutional in very
    significant ways. It appears to be a direct affront to the rule of law
    and to every citizen. I don't necessarily feel comfortable with FISA, for
    example, but prefer that laws be uniformly and fairly enforced, or else
    challenged properly, - rather than ignored. We need to have our "leaders"
    show proper respect for laws that are on the books as well as to the
    Constitution.

    While any authority *might* be abused, I really wonder who might think
    they would benefit from abuse of of a "mandatory disconnect" statute,
    while simultaneously being in a position to do so.

    It is proper for government to provide for common security needs,
    particularly when private sector cannot effectively do so. All parts of
    the work that can be done by the private sector, should be. And that is
    the plan as I see it.

    >> Detection of compromised machines could be done the same way and by the
    >> same people who now do so: namely log aggregation services. Additional
    >> or alternate strategies could also be used, but would not seem to be
    >> necessary.

    >
    > Should their be any detection of client machine components to see if
    > they are have vulnerabilities? For example, if someone is running a
    > really bad version of IE or Exchange, should the user be alerted by
    > email that their service will be restricted (brown out or disconnect)
    > after some number of minutes or days?


    No, I would not think so. The criterion should be that if a connected
    machine is compromised, it should be disconnected. Nothing more is needed
    or justified.

    >> A "Standard Operating Procedure" would be developed to specify what
    >> actions would happen and when they would happen. This procedure would
    >> be drafted with the input of all users and providers. This SOP would
    >> then be enforced by the statute. And the statute could authorize a
    >> procedure for modification of the SOP.

    >
    > I can see that it could escalate to the above extent. But, the
    > black-hats are very adaptive and fast. I'm not sure that a statute
    > could keep up. Just imagine how fast Symantec could respond if their
    > were a statute governing what they provide.


    Well, nothing says the ISP can't respond fast to any new threat, or in any
    ways that they would normally deem appropriate. The SOP would only deal
    with the procedures needed to implement the disconnection and
    reconnection, and the specification of the proxy server. So as technology
    changes over months and years, the SOP would be flexible enough to change
    in that time frame. A coordination authority could have a paid or
    voluntary board of advisors or such who might or might not meet face to
    face from time to time or when they thought necessary. They could include
    representatives from ISP's so it would be responsive to everyone's needs
    (except of course the bot-meisters.)

    >> The essential elements are: (1) the ISP is notified (as now) of a
    >> compromised machine and then notifies the customer _and_ the
    >> coordinating authority. The customer's identity would need to be
    >> included for the plan to be effective, but that information need not be
    >> retained indefinitely or necessarily reported to others. (There could
    >> be a "mandatory disconnection" of one day to be assured that the
    >> customer did indeed get the message, which could also be waived at the
    >> customer's request for reason and with some restrictions.)
    >>
    >> (2) The ISP hosts a (paid) proxy server on their premises that is built
    >> and maintained as specified in the SOP. When the customer is
    >> reconnected (for reason or need or when repaired) his connection is
    >> proxied through this server for a (specified) few days. This allows
    >> the ISP time to know that the machine is clean, certify this to the CA
    >> and resume a normal connection.
    >>
    >> The proxy server would be built to some standard to minimize or
    >> mitigate the transmission of malware vectors by the (previously?)
    >> compromised machine(s). And it would allow (limited?) connection for
    >> the need or convenience of the customer.

    >
    > [snip]
    >
    >> What do you think? Is this doable? Is it advisable? Are there other
    >> suggestions that are better?

    >
    > I think that's a starting place. Maybe something like this would make a
    > good research project at a university. Universities would also make a
    > good proving ground, and the ISP (the school) is small enough to be
    > adaptive to such a system while it's in development.


    I think a University would be an excellent test-bed. And it would be
    valuable to have academic input.

    > Thoughts from other folks?



  18. Re: NSA wiretap, Friday night

    Jay C. James wrote:

    [Note: quotes out of original order but hopefully not out of context.]

    > If using technology, encrypt.
    > If your technology does not support it, dont use it.


    Good advice. I think I said it before, but better said. And good
    copycat, though. And good strategy: Copy someone else's good advice and
    claim it as your own, to support some meaningless claptrap that you write
    in between. And the beauty is that you don't even need to explain it
    yourself, or describe it in any useful context to the reader. It is
    stolen (even if valid), so if anyone questions it you can blame the
    previous writer. It is a clever Usenet ploy, even if it is an ignorant
    coward's strategy. Hey, it works !! Good Job, jcj ! (Not really)

    > "Kevin the Drummer" wrote in message
    > news:slrnefto6c.t1m.nobody@lwe125529.cse.tek.com.. .
    >> So, what can we do to keep our information out of the hands of anyone,
    >> including the gov't, that we don't trust with that knowledge? Now that
    >> we know that they're going to spy on us, or at least someone is going
    >> to spy on us.
    >>
    >> --
    >> PLEASE post a SUMMARY of the answer(s) to your question(s)! Show
    >> Windows & Gates to the exit door. Unless otherwise noted, the
    >> statements herein reflect my personal opinions and not those of any
    >> organization with which I may be affiliated.


    WoW ! This is a clever move -- : Include the previous poster's sig in
    your quoted message. We don't see that very often here. How could that
    happen ? Let me look. Oh, I see, here

    X-Newsreader: Microsoft Outlook Express 6.00.2900.2180

    Oh my ! I hope y'all don't think that I'm that dreaded "anal" thing for
    checking that. It's just that most "modern" newsreaders automatically
    clip that sig from the quoted text. And if not, then the writer will. But
    that's all OK with me, - I mean, - we're all just humans who might be
    wrong about something, - and reasonable people can agree to disagree, and
    to err is human, - and it's no big deal or anything like that. And now,
    don't get me wrong, there's nothing wrong with posting to a Linux NG by
    using an abominable microsloth newsreader. It's just "like" highly
    unusual, sloppy, ignorant, microsloth-ish.

    Nothing like that. No problem. No offense intended.

    > Move to a backwards country that has a lack of technology.


    _That_ is NOT good advice. I really think that (even?) you probably knew
    that when you wrote it. It certainly is not going to work for 300,000,000
    Americans. Please be respectful of our intelligence. If you meant and
    intended to say "no way", then say "no way". There is no need for sarcasm
    or rudeness or insincere, unhelpful advice. I personally don't think
    there is no way. I fully intended (and still do intend) to re-post
    helpful suggestions as my time allows. Unfortunately it takes more time
    to be helpful and constructive that it does to be sarcastic and
    destructive. Are we in a race? I will finish my messages in the time
    they require.

    > Realize that in the US, this generations introduction to The Database
    > most likely started with establishing your SSN. From there its all
    > downhill. Since I am not of this generation, I dont have firsthand info
    > on how one initially gets added to The System, but I can imagine thats a
    > good start.


    Excuse please, but which generation are you "not of". Your superior
    speech is just so hard to follow. (Oops, I think that might have been
    sarcasm, so sorry.) Please write in intelligible language. Thank you.
    In and all, that all would probably be admirably "on-topic", if we could
    yet decipher what your intended topic actually was. I'm still cogitatin'
    on that, - give me some time.

    [ - snip some unintelligible stuff - ]

    > -- my point being, why trust -any- entity with your personal
    > information, or any entities ability to snoop on you.


    Good Point, jcj ! Another admirable slam-dunk of indefatigable logic,
    even if your language skills are entirely inadequate, even if it does not
    take issue with anything that has been proposed here, even if it is a
    total non-sequitur. And can you give us all any hints about how we could
    avoid doing this (the original question) in view of the revelations about
    the illegal, unconstitutional NSA-ATT wiretap case? Please and thank you
    in advance.

    > I rather give more attention to the crafty inspired 'net criminals,
    > dumpster diving tweakers in my alley, or anyone who can strangle a penny
    > from a million 'live' positives that a sale of a database can provide.
    > Thats a lot more immediate to me.


    huh?

    > Regardless of who or what is spying on you, as some will obsess upon ad
    > nauseum here, I will finally bring this thread to some semblance of
    > on-topicness:


    Ahh, a _Republican_ ! Now we are seeing some daylight.

    (responder excuses himself momentarily while he dishevels his hair)

    The "little spys" don't really trouble me very much. I can stop them.
    The "big spys", with unlimited electric power supplies and many and
    multiple supercomputers and paid for with my (unlimited?) federal money
    and shielded by secret Executive Orders, with secret "Warrants", or
    without, and with Executive Orders to violate and completely disregard all
    laws, Constitutional caveats, and/or International Treaties, -- they are
    the ones of concern. They are the honest, honorable, hard-working people
    who have been made into the devil spawn of this Presidential
    Administration that concern me.

    I beg to guess that if my nation and country and way of life is threatened
    by such, that I should be afforded the small residual privilege of not
    being accused of "obsess"-ing, or at least not needlessly or unfairly
    "obsess"-ing. If you, jcj, think it is "ad-nauseum", I think it is
    10e1000 times ad-nauseum. Come a bit closer and I might puke on you.

    And:

    So:

    You are finally bringing this thread "to some semblance of on-topicness",
    because of why, exactly?

    You did not add a single new element of information or advice that was not
    plagiarized from previous messages in this very thread, among those you
    accused of being off-topic.

    You did not add a single element of relevant security information.

    You don't use Linux, or reference anything related to Linux.

    Ahh, I see it all now: You used a COMPUTER !! :0) :^)

    comp.os.linux.security

    Yes, you got it right. You have a COMPUTER !! So good for you. Very
    good for you. So happy for you. Enjoy your COMPUTER. Please do write
    again anytime your brain happens to come back to life.

    > If using technology, encrypt.
    > If your technology does not support it, dont use it.


    As responded at top.

  19. Re: Cyberterrorism [was: Re: NSA wiretap, Friday night]

    responder wrote:
    > > I *think* I agree with that. I wonder if it's really needed
    > > tho. Wouldn't someone move from one ISP to another if it was
    > > really bad at their original ISP?

    >
    > I think that may actually be one of the best arguments in favor
    > of the need for a statutory requirement. Specifically *if* the
    > requirement and the implementation is is uniform and identical
    > at all ISP's, there would be little or no motivation to switch
    > providers.... If the user is switching providers to avoid
    > cleaning the machine, the new provider would be required to do
    > exactly the same thing as the original provider was required to
    > do.


    I hadn't considered the possibility that the "bad" ISPs would be
    in higher demand than "good" ones.

    > WRT the warrantless wiretap, that is an abuse of power because
    > it clearly seems, and has been judged to be illegal and
    > unconstitutional in very significant ways. It appears to be
    > a direct affront to the rule of law and to every citizen. I
    > don't necessarily feel comfortable with FISA, for example, but
    > prefer that laws be uniformly and fairly enforced, or else
    > challenged properly, - rather than ignored. We need to have
    > our "leaders" show proper respect for laws that are on the
    > books as well as to the Constitution.



    Who cares about the Constitution? After all, "it's just a God
    damn piece of paper." Google if you must for the originator of
    that quote.


    > While any authority *might* be abused, I really wonder who
    > might think they would benefit from abuse of of a "mandatory
    > disconnect" statute, while simultaneously being in a position
    > to do so.


    If there were an organization that wanted their OS or routers,
    whatever, to prevail over others, then they might inject software
    to abuse their competition in this regard.

    Maybe it's not abuse, but incompetence or ignorance or SOP for
    the ISP or OS? For instance, my firewall log software (PSAD)
    routinely emails me that a machine where I work constantly
    port scans my VPN connected host at my house. I contacted my
    company's network support about that and was told by a very
    skilled (based on my years of experience with him) person that
    they hadn't installed anything odd on that WinXP machine.

    > It is proper for government to provide for common security
    > needs, particularly when private sector cannot effectively do
    > so.


    Or will not, or doesn't see any motivation to do so.

    > > Should their be any detection of client machine components
    > > to see if they are have vulnerabilities? For example, if
    > > someone is running a really bad version of IE or Exchange,
    > > should the user be alerted by email that their service will
    > > be restricted (brown out or disconnect) after some number of
    > > minutes or days?

    >
    > No, I would not think so. The criterion should be that if a
    > connected machine is compromised, it should be disconnected.
    > Nothing more is needed or justified.


    I think at least an email is needed. Otherwise the ISP is just
    letting the time bomb tick.

    So, have you written to any members of Congress in your area?
    Have you contacted any universities? Maybe you should? How
    about an RFC?

    Cheers...

    --
    PLEASE post a SUMMARY of the answer(s) to your question(s)!
    Show Windows & Gates to the exit door.
    Unless otherwise noted, the statements herein reflect my personal
    opinions and not those of any organization with which I may be affiliated.

  20. Re: Cyberterrorism [was: Re: NSA wiretap, Friday night]

    responder wrote:
    > Kevin the Drummer wrote:
    >
    >> responder wrote lots of good observations about
    >> unconstitional and illegal NSA wiretaping which is one form of computer
    >> insecurity.
    >>
    >> One thing that the US administration has been very lax in is improving
    >> cyber security. With so much relying on a working Internet, we need to
    >> keep it working. What can we do, as people who presumably care about
    >> this stuff enough to read this newsgroup? I don't think we have the
    >> luxury of waiting for someone else to do it for us. Maybe they don't
    >> even want to do it for us? If the Internet were more hardened against
    >> cyber terrorists, maybe the same hardening would lessen their ability to
    >> do their own spying?
    >>
    >> So, what can WE do?

    >
    > I'm glad you asked.

    I personally like your idea. I have advocated something like that for
    quite a while. I actually think that the ISP should be happy that bogus
    traffic that is hurting everyone is removed from the net (but then again
    I may be way too naive).

    The biggest problem with your suggestion is the "new law" part of it. I
    don't think lawmakers can 1) grasp the issue and 2) create a law sans
    all the obvious political baggage. At the end the law would probably be
    counter productive and cause more problems than it fixes (but then again
    I have very little respect for our current croup of lawmakers).

    It seems to me that at the ISP level it should be pretty easy to
    identify and enforce "good behavior". The economic implications are
    enormous and should help to make ISP's more interested. I for one would
    be willing to pay a small fee for the extra service, after all I have to
    buy anti-virus, anti-spyware software now which ends up costing about
    $100 per year. The current spyware/virus protection software is just
    working at the wrong place and is therefore not very effective.

    I am sure there will be those that think your idea is way way to
    invasive but then the problem is very invasive too.


    --
    ----------------
    Barton L. Phillips
    Applied Technology Resources, Inc.
    Tel: (818)652-9850
    Web: http://www.applitec.com

+ Reply to Thread
Page 1 of 2 1 2 LastLast