2012-08-14

UK going completely crazy on cryptography law.

Posted in Computers, IT-Security, Personal, PlanetDebian, Random links at 16:46 UTC (+0000) by sven

It seems that the UK government recently passed a law that makes it illegal to be unable to decrypt what the law enforcement entities think is encrypted:

From http://falkvinge.net/2012/07/12/in-the-uk-you-will-go-to-jail-not-just-for-encryption-but-for-astronomical-noise-too/:

But it’s worse than that. Much worse. You’re not going to be sent to jail for refusal to give up encryption keys. You’re going to be sent to jail for an inability to unlock something that the police think is encrypted. Yes, this is where the hairs rise on our arms: if you have a recorded file with radio noise from the local telescope that you use for generation of random numbers, and the police asks you to produce the decryption key to show them the three documents inside the encrypted container that your radio noise looks like, you will be sent to jail for up to five years for your inability to produce the imagined documents.

This is just insane.

Edit: The law was created several years ago, but the blog post somehow made me think it was more recent.

2011-04-06

Strange iptables error with kernels >= 2.6.32 – solved

Posted in Computers, IT-Security, PlanetDebian at 12:43 UTC (+0000) by sven

Alright. If you ever come into the same situation I was in and need a newer kernel (2.6.32 or up, perhaps also 2.6.31) on some system with old iptables package (versions below 1.4.0 I think, 1.3.5 in my case: CentOS5/RHEL5), you might get this helpful error message when using the iprange module in your iptables rules:

iptables: Unknown error 18446744073709551615

Or even more helpful, if you use iptables-restore to load your rules, you will get an error in the line containing the COMMIT statement (iptables-restore: line X failed).

The reason for this is that the netfilter guys have removed an interface to the iprange module in kernel version 2.6.31 or 2.6.32 (see my bug report at #711 of the netfilter bugzilla).

Just posting this so it might hopefully help others if they get into the same situation.

2007-12-27

Köhler unterzeichnet Gesetz zur Vorratsdatenspeicherung

Posted in IT-Security, Personal at 16:24 UTC (+0000) by sven


Stoppt die Vorratsdatenspeicherung - www.vorratsdatenspeicherung.de

Leider hat unser geschätzter Bundespräsident Köhler das Gesetz zur Vorratsdatenspeicherung unterzeichnet. Daher rufe ich hiermit jeden dazu auf, Widerstand gegen dieses Gesetz zu leisten. Wie man das (legal) machen kann, steht unter anderem auf o.g. Webseite.

2007-02-20

Dual boot and full encryption – Part 2

Posted in Computers, IT-Security, PlanetDebian at 11:24 UTC (+0000) by sven

In my previous post about “Dual boot and full encryption“, I talked about the difficulties of combining full disk encryption for Windows with the option to dual-boot into Linux. Thanks to Jari Eskelinen (who probably is the anonymous user who posted the link to his page in a comment to my original entry), there now is a solution for this problem, at least for DriveCrypt Plus Pack from SecurStar GmbH.

I will try this solution soon and it’s likely that I will blog about the results.

2007-01-03

Microsoft Windows Vista – They did it all wrong

Posted in Computers, IT-Security, Personal, PlanetDebian at 19:49 UTC (+0000) by sven

Note: This post grew larger than originally intended. It drifted away from Vista to general rants about Microsoft and the content industry towards the end of the post, so just skip the rest if this is not of interest to you.
The latest thing I heard about Vista is that Microsoft bribes bloggers with Vista notebooks. As the article points out, this is plain wrong. Apart from crossing the line by not only giving away their own product to reviewers for free, but by actually providing an additional benefit (in the form of the notebook), they also did it wrong because – as the article on tech.blorge.com linked above points out – they don’t understand the way blogging “works”. Too many will be more or less angry because they didn’t get a free notebook (if anything at all).

In my opinion though, this is by far the least important mistake they made with Vista. All their content protection stuff is far worse. It basically does what current copy protection mechanisms already do, but to a much larger extend: Bother the legitimate users while users of pirated copies are uneffected. I don’t think they can avoid pirated copies for a minute. A friend already has a nice HD video player (HDDVD IIRC) and a nice HDCP capable TFT-display, both bought in december. Problem is that the HDCP protected connection resets every few minutes, causing a dropout in both video and sound for a few seconds each time. Seems HDCP compatible player and HDCP compatible display doesn’t necessarily mean that the two work together. Fortunately, in this case, there is some “secret” code you can enter on the players remote to disable HDCP completely. Of course, technically, this is not legal use, but if he didn’t use that hack, he wouldn’t be able to watch his legitimately bought video with his legitimate player and display. Given this problem, I can only shudder when thinking what will happen on Windows Vista with all those encrypted and signed communication channels (drive->memory->videocard->display, just to name the most obvious ones). And there is also the degradation of totally unrelated audio and video stuff while some “premium content” is played. Assume that I play some premium audio stuff. According to the hardware and driver specs for Vista, the availability of any premium content means that any non-encrypted channels need to be turned off or artificially degraded (like downsampling video from 1080p to VGA and upsampling it again since the display might be limited to only display 1080p). This is oh-so-stupid.
And there is also their EULA, as reviewed by Ed Foster. I won’t go into details here, but let’s just say that the EULA is the final nail in Vista’s coffin for me. I’ve been a Windows user since Windows for Workgroups came out (though I’ve used Linux on my machines since 1993 – and almost exclusively since 1998), but I won’t buy Vista, not even when it would be included with a new PC.

By the way: This also most likely means that I won’t buy any HD video stuff at all, since the Vista content protection stuff was mostly dictated by the big Hollywood studios.

Seems like I will be saving quite some money over the next years. (Which I actually need to do anyway.)

Other interesting links regarding Vista:

I said they did it all wrong because they forgot that they are selling Windows not to the content industry but to the consumers. Sure, the consumers want to see what Microsoft calls premium content, but I’m also sure that they don’t want all that content protection nonsense Microsoft built into Vista for the sake of the content providers. They lost the balance between avoiding pirated copies (which I think the content protection stuff will have no big effect on) and bothering users of legitimate copies.

Heck, I already use “pirate” copies of most of the (Windows-based) games I play because I don’t want to be bothered by their original-CD-checks, even though I own at least one legal copy of all the games I play. Would I need to download pirate copies of the HD movies I want to watch because I don’t want to be bothered by whatever side-effects VCP will have, even if I own legal copies of the same movies?

Dear Microsoft, dear Content-Industry (TimeWarner, Disney, whoever), please re-think who you want to sell your content to. I already avoid DVDs which carry additional copy protection (apart from CSS), and if they were available at all, I would prefer to buy DVDs without even CSS. The same is true for CDs (except that they obviously don’t have CSS). Consequently, I’m likely to avoid buying HD videos which impose unpleasant restrictions on me, including those that disable the S/PDIF output of my player (no matter wether PC or standalone) since I paid a lot of money for decent HIFI equipment two years ago and I sure as hell won’t want to by new equipment within the next few years. Luckily, I didn’t yet buy any HD video gear, though my notebook, when equipped with a HDDVD or Blueray drive should be capable of playing HD video – if MS and the content industry wouldn’t impose stupid restrictions.

2006-11-19

Why is VoIP/SIP so hard?

Posted in IT-Security, PlanetDebian at 08:47 UTC (+0000) by sven

Eric has asked: Why is video conferencing so hard?

Actually, I would extend that: Why is SIP so hard?

It’s far from being easy to find suitable SIP clients which support chat, voice calls and preferably also video calls. Preferably, I would obviously like to find versions of the same client for different operating systems, but I would actually accept any sufficiently stable clients. Currently, my research is focussed on a Windows client, but I will soon also need one for Linux. As of now, the client closest to what I would like seems to be CounterPath’s eyebeam/X-Lite, which supports chat, voice and video, including proper presence support, but it has several problems, the most annoying ones being a nice “little” memory leak (going from 50MB total size to 350MB total size within a few days without much SIP activity) and the fact that it sometimes uses up 100% CPU while putting itself to high priority, which makes it almost impossible to recover from this without a hardware reset.

I’m glad WengoPhone went GPL[*] for their 2.0 version. From what I saw, WengoPhone is quite promissing and the fact that it is now opensource makes it much more likely that it evolves quickly into a stable, portable and usable platform for SIP telephony.

Anyway, if someone knows good SIP clients, which support at least voice and IM/chat and run on Windows or Linux (preferably both), I would surely be interested.

[*] In case anyone wonders like I did: the source for the WengoPhone 2.0 pre-releases/release candidates is available only via a subversion checkout as described in their wiki.

2006-11-13

Dual boot and full encryption

Posted in Computers, IT-Security, PlanetDebian at 18:32 UTC (+0000) by sven

I’m trying to set up a laptop which needs as much security and privacy as I can get. It turns out the main problem is that I want and need dual-boot: Windows XP Professional and Linux (Debian Etch). Now, Encrypting of all partitions used (except /boot of the Debian installation) is a must. Without dual-boot, this won’t be any problem, but not with the wish to dual-boot.

The Linux side isn’t a real problem, I simply use a dm-crypt’ed partition as the only “physical” volume in an LVM volume group, which contains three logical volumes: Swap, / and /home. This means I only need to enter my LUKS/dm-crypt password once during boot.

Shared partitions (shared between Windows and Linux) are also encrypted with dm-crypt/LUKS and decrypted by FreeOTFE (which is a really nice little OpenSource tool BTW), formatted as FAT32.

The Windows side on its own won’t be too much of a problem either, since BestCrypt, PGP Whole Disk Encryption as well as DriveCrypt PlusPack (this probably isn’t a complete list) allow encryption of the Windows boot partition, but at least the latter two need their pre-boot authentication part (which is needed to be able to decrypt the Windows boot partition) to be installed into the MBR.

Now, I wasn’t yet able to get Linux installed to the disk without breaking the Windows decryption. If anyone knows a program which allows encryption of the Windows boot partition and dual-booting into Linux, I would welcome a hint. Preferably, this solution should use grub as the primary boot manager.