[Itpolicy-np] Fwd: [NepSecure] How secure is our conversation
Bipin Gautam
bipin.gautam at gmail.com
Tue Sep 7 01:32:29 GMT 2010
We are NepSecure (Nepali computer security and hacking community )
http://groups.google.com/group/nepsecure
Following local discussion may be of some interest to you. Rants, raves and
a lot of meaningful discussion... because, we dont promote "stay clueless,
stay safe policies". ;)
thanks,
-bipin
Forwarded conversation
Subject: Re: [NepSecure] How secure is our conversation
------------------------
From: Surmandal <surman... at gmail.com>
Date: Sun, 5 Sep 2010 20:11:58 +0545
Subject: How secure is our conversation
Just found interesting blog. its worth reading. I strongly agree the
blogger's view.
http://ushaft.wordpress.com/2010/09/05/some-ignored-issues-related-to...
--
More options Sep 5, 8:53 pm
From: Bipin Gautam <bipin.gau... at gmail.com>
Date: Sun, 5 Sep 2010 21:38:58 +0545
Subject: Re: [NepSecure] How secure is our conversation
", it was reported (not by the media, but by the tech-circle itself)
that the biggest ISP (government-owned) stores the chat-logs of its
users in plaintext."
Dude, does that mean IM? MSN/YAHOO/GMAIL?
Wholesale surveillance? IS ILLIGAL
thanks,
-bipin
More options Sep 5, 8:59 pm
From: Bibek Paudel <eternalyo... at gmail.com>
Date: Sun, 5 Sep 2010 17:59:36 +0200
Local: Sun, Sep 5 2010 8:59 pm
Subject: Re: [NepSecure] How secure is our conversation
On Sun, Sep 5, 2010 at 5:53 PM, Bipin Gautam <bipin.gau... at gmail.com> wrote:
> Quote news:
> ", it was reported (not by the media, but by the tech-circle itself)
> that the biggest ISP (government-owned) stores the chat-logs of its
> users in plaintext."
> Dude, does that mean IM? MSN/YAHOO/GMAIL?
I guess logs of conversation (done over ssl) on IM/MSN/YAHOO/GMAIL
can't be logged by our local ISP unless we use third party tools
without securing the channel. maybe chat logs were wrong choice of
words by the poster. it should have been user-logs (of conversations,
phone calls, sms texts etc). IMO.
Thanks,
bibek
> Wholesale surveillance? IS ILLIGAL
> thanks,
> -bipin
More options Sep 5, 9:11 pm
From: Bipin Gautam <bipin.gau... at gmail.com>
Date: Sun, 5 Sep 2010 21:56:50 +0545
Local: Sun, Sep 5 2010 9:11 pm
Subject: Re: [NepSecure] How secure is our conversation
Bibek,
NTC "internal server" are wide open and accessible from open internet!
As far as i know Our IM conversation encoded when its delivered to the
server, NOT ENCRYPTED over SSL.
That doesnt require much of computation, i have seen people here sniff
conversation of a WHOLE TOLE in real time, and softwares to nicely
categorize everything that is logged in interactive details.
>From my sources i can confirm Maoist party is "digital naive",
info-sec breach second time in a row.
Related article:
Digital Assassination – The Ultimate Revenge!
...
With communication and social media, there are new attack vectors, and
cyber-bulling can be taken to a new level, something I call “Digital
Assassination”. Digital Assassination, which is not anything new
per-say, takes old methods and some new methods to manipulate,
embarrass, cause jail time, discredit associations, politicians,
corporations, or (in some people’s minds) have the ultimate result by
invoking someone to commit suicide.
Read more :
http://www.blyon.com/blog/index.php/2009/07/30/digital-assassination-the-ultimate-revenge/
From: *Surmandal* <surmandal at gmail.com>
Date: Sun, Sep 5, 2010 at 10:14 PM
To: nepsecure at googlegroups.com
Here is some question,
1) Legal part: As we discussed with Baburam aaryal (cyber advocate) at
Barcamp 2010, every ISP is legally bounded to keep their user's Log for
certain time of period, maybe 2,3,6 months. Does that include SMS, chat,
email ??? dose that includes Phone tapping ??? and how deep they have to
sniff the traffic. what about personal freedom ??
2)Technical Part : What if someone send all data through Secure tunnel like
ssl. ISP still have to logged these traffic. Can they ask for us to provide
the KEY PAIR to decrypt the data in that condition.
3)Resource:- In Nepal can all ISP store/capture/encrypt all data ???
I have these question in my mind. I'm seeing some contradiction here.
On Sun, Sep 5, 2010 at 9:44 PM, Bibek Paudel <eternalyouth at gmail.com> wrote:
> On Sun, Sep 5, 2010 at 5:53 PM, Bipin Gautam <bipin.gautam at gmail.com>
> wrote:
> > Quote news:
> >
> > ", it was reported (not by the media, but by the tech-circle itself)
> > that the biggest ISP (government-owned) stores the chat-logs of its
> > users in plaintext."
> >
> > Dude, does that mean IM? MSN/YAHOO/GMAIL?
> >
>
> I guess logs of conversation (done over ssl) on IM/MSN/YAHOO/GMAIL
> can't be logged by our local ISP unless we use third party tools
> without securing the channel. maybe chat logs were wrong choice of
> words by the poster. it should have been user-logs (of conversations,
> phone calls, sms texts etc). IMO.
>
> Thanks,
> bibek
>
> > Wholesale surveillance? IS ILLIGAL
> >
> > thanks,
> > -bipin
> >
> > --
> > You received this message because you are subscribed to the Google Groups
> "NepSecure (Nepali computer security and hacking community )" group.
> > To post to this group, send email to nepsecure at googlegroups.com.
> > To unsubscribe from this group, send email to
> nepsecure+unsubscribe at googlegroups.com<nepsecure%2Bunsubscribe at googlegroups.com>
> .
> > For more options, visit this group at
> http://groups.google.com/group/nepsecure?hl=en.
> >
> >
>
> --
> You received this message because you are subscribed to the Google Groups
> "NepSecure (Nepali computer security and hacking community )" group.
> To post to this group, send email to nepsecure at googlegroups.com.
> To unsubscribe from this group, send email to
> nepsecure+unsubscribe at googlegroups.com<nepsecure%2Bunsubscribe at googlegroups.com>
> .
> For more options, visit this group at
> http://groups.google.com/group/nepsecure?hl=en.
>
>
--
HACKER vs CRACKER
--
You received this message because you are subscribed to the Google Groups
"NepSecure (Nepali computer security and hacking community )" group.
To post to this group, send email to nepsecure at googlegroups.com.
To unsubscribe from this group, send email to
nepsecure+unsubscribe at googlegroups.com<nepsecure%2Bunsubscribe at googlegroups.com>
.
For more options, visit this group at
http://groups.google.com/group/nepsecure?hl=en.
----------
From: *Bibek Paudel* <eternalyouth at gmail.com>
Date: Mon, Sep 6, 2010 at 12:13 AM
To: nepsecure at googlegroups.com
Hi,
I would like to offer some of my inputs:
Data retention is sometimes required for several purposes. User data
(ie cookies, etc, and records of their activities) are retained for an
average period ranging from 6 months to 1 year, and in some case 2
years too. I dont know the legal provision for this in Nepal, but such
legal provisions require even the universities/colleges you apply to,
to clear their user database after the said period of time. Are there
any monitoring mechanism in Nepal to ensure that this happens?
Second, all such data (user data that is stored and other data) should
be stored in a safe, protected and legally warranted way. This means
that even the police should not be able to gain arbitrary access to
such data without getting a warrant from the court. The security and
protection measures should prevent unauthorized access (by crackers
and other malicious network intruders) too. I dont know what
protocols, provisions, and monitoring mechanisms are in place for this
in Nepal, and if any law requires the protection of data.
Digital liberty advocates also want warrant-less wiretapping to be
illegal. This means that anybody's conversation (physical, phone, or
internet) can be intercepted by the police only after obtaining a
court warrant. People's information sources like hard disks, computers
also should be subject to this protection.
This depends on the law of the country. I support constitutional
guarantee of the right to encrypted communication. But for that, the
country's government and regulation mechanism and legal system should
also be developed to adapt to such changes. Many countries (mostly
undemocratic) dont allow encrypted communication (ie illegal), while
some do. In countries where right to privacy is guaranteed, right to
encrypted communication is more common.
In some countries, failure to decrypt your data when asked by a court
is enough to prove you guilty, even if the data contained no proof of
any unlawful activity [0]. There has been a heated debate in the US
about legal status of encryption and its use. EFF has been advocating
for the complete protection of privacy, and some courts have given
verdicts that uphold this demand, while others have not [1].
Similar is the status of national ID cards (electronic). But I believe
that, we can lobby for complete freedom and democratic system in our
country. We have seen several unprecedented changes in our country in
recent years, and I dont think asking for such things would be asking
for too much. Gay rights, which remain in question in many liberal
countries, was openly accepted by a country like ours, which is
considered very religious and traditional. Similarly, we can also make
example cases in the protection of digital liberties of the citizens.
Thanks,
Bibek
[0] http://www.legislation.gov.uk/ukpga/2000/23/contents
[1] http://hardware.slashdot.org/article.pl?sid=09/02/26/2157256
--
----------
From: *Bipin Gautam* <bipin.gautam at gmail.com>
Date: Mon, Sep 6, 2010 at 12:31 AM
To: nepsecure at googlegroups.com
Quick ans:
1. A system used for "monitoring" should maintain detailed audit log
of every activity in a "tamper-proof" way. Warrant-less/Wholesale
wiretap is ALWAYS illegal!
General practice, logs should be maintained for 6-9 month. Log can
include source, destination, message size, time stamp (ie all
basically header info) MINUS the CONTENTS of a COMMUNICATION including
COOKIES!!!
2. Legally, you are protected from "self incrimination". Police cant
do (illegal) search of your digital contents without providing
sufficient evidence for the reason of suspicion.
Journalists / Blogger? have the rights to protect their sources.
3. ISP's should maintain Confidentiality, Integrity and Accountability
of stored logs. Encryption assures the stored/captured data is
"secure" in offline/rest state. ISP's cant surrender logs without a
court order ( justifying sufficient necessity of the request )
----------
From: *Bibek Paudel* <eternalyouth at gmail.com>
Date: Mon, Sep 6, 2010 at 12:49 AM
To: nepsecure at googlegroups.com
I forgot to give example of verdicts which which say that people cant
be forced to decrypt their data. Here it is:
http://news.slashdot.org/story/08/08/19/2028235/Judge-Rules-Man-Cannot-Be-Forced-To-Decrypt-HD
--
----------
From: *Bibek Paudel* <eternalyouth at gmail.com>
Date: Mon, Sep 6, 2010 at 12:51 AM
To: nepsecure at googlegroups.com
Also see : http://yro.slashdot.org/article.pl?sid=07/12/15/1459243
Btw, do check this out when you have time. I and Shankar Pokharel,
with suggestions from other people a
Bibek
----------
From: *Bibek Paudel* <eternalyouth at gmail.com>
Date: Mon, Sep 6, 2010 at 12:52 AM
To: nepsecure at googlegroups.com
Btw, do check this out when you have time. Shankar Pokharel and I,
with suggestions from others, and after independent studies, prepared
a document last year:
http://groups.google.com/group/foss-nepal/msg/bc8c0b056fcd78aa?&q=suggestions%20to%20constitution
Thanks,
Bibek
----------
From: *Sulabh Bista* <sul4bh at gmail.com>
Date: Mon, Sep 6, 2010 at 12:36 AM
To: nepsecure at googlegroups.com
About the technical part:
How many people will seriously be concerned when the SSL Certification error
nags up ? SSL Connections can be read by ISPs if they provide their client
with a fake SSL certificates for HTTPS connections. Any browser will nag up
a certificate miss-match notice but most will simple click on continue or
update certificate thing and start their browsing. And the ISP can then read
all the traffic, even those encapsulated by SSL. (for a working example of
this, try a MITM using ettercap. ettercap has got a built-in fake SSL
certificate feature)
Regards,
Sulabh Bista
--
----------
From: *Bipin Gautam* <bipin.gautam at gmail.com>
Date: Mon, Sep 6, 2010 at 1:09 AM
To: nepsecure at googlegroups.com
Sulabh: Impossible. that is plane hacking! ISP's would NEVER do that.
----------
From: *Navin* <navinyolmo at gmail.com>
Date: Mon, Sep 6, 2010 at 1:12 AM
To: "NepSecure (Nepali computer security and hacking community )" <
nepsecure at googlegroups.com>
If the author is right, then I've an answer.
Give those tech-morons this as a gift too,:
http://www.spyzone.com/ccp0-prodshow/hiddenmicrophonedetector.html
hopefully, they wouldn't trash it
(^ ^ ,)
On Sep 5, 7:26 am, Surmandal <surman... at gmail.com> wrote:
> Just found interesting blog. its worth reading. I strongly agree the
> blogger's view.
>
> http://ushaft.wordpress.com/2010/09/05/some-ignored-issues-related-to...
----------
From: *Bipin Gautam* <bipin.gautam at gmail.com>
Date: Mon, Sep 6, 2010 at 1:20 AM
To: nepsecure at googlegroups.com
Maybe, $1,500 GSM Interceptor?
http://upcoming.current.com/search?q=Defcon+Researcher+Creates+%241%2C500+GSM+Interceptor
Google secure SMS/voice/GSM protected with RSA and AES, end to end.
http://code.google.com/p/secure-sms/
-bipin
----------
From: *Bipin Gautam* <bipin.gautam at gmail.com>
Date: Mon, Sep 6, 2010 at 1:27 AM
To: nepsecure at googlegroups.com
Navin,
If the microphone is sophisticated enough to use "Frequency-hopping
spread spectrum" for transmission; it is very difficult to detect such
transmission without decent Signal Intelligence.
http://en.wikipedia.org/wiki/Frequency-hopping_spread_spectrum
Was it a VOIP conversation and his computer was hacked :P?
Embed a miniature transmitter inside a power socket and you have a
transmitter for lifetime.
http://leoricksimon.blogspot.com/2006/04/telephone-fm-transmitter.html
----------
From: *Navin* <navinyolmo at gmail.com>
Date: Mon, Sep 6, 2010 at 2:30 AM
To: "NepSecure (Nepali computer security and hacking community )" <
nepsecure at googlegroups.com>
They might not have enough interferences over there.
After all, it's antique, our ministers are antique.
Every time I come to Nepal, it feels like I'm roaming
in 50 years back in the past. I presume even a simple
wi-fi/bug detector would do the work. FHSS, I think If
I'm not wrong is 'also' used by those RF boats or planes. I
had been to one competition where there was this RF
planes air flight show and out of query, I asked one
participant how come they don't interfere each other
and the guy showed device w/FHSS technology operating
randomly at different frequencies. Almost interference proof.
Unbelievably range is upto over 1000 meter. I don't know why
would someone use transmitters(which constantly blink red-light
emitting
diode amidst or may be not) like that to our antique
minister's rooms.
I think that conversation tapped was not done on any
sophisticated technology like you guys are assuming. I'm pretty much
sure it was done on simple voice recorder. Nobody used any RF signals
or tapped the phone line at all. If you carefully listen that
conversations
kind of seemed on speaker mode. As so-called mahara's voice was being
recorded,
I could hear some could-be backstabbers suggesting him some thing
during the conversation. That means someone insider but dependable
could have been deployed by Indian/Chinese regime to constantly
monitor
all the activities. One of those regime used it against the other one
just
for political benefits.
Bipin Gautam, did you read recently how Indian Govt is shutting down
all VOIP(skype etc) related businesses if they don't meet the
standard
demanded by them? VOIP is untraceable for those tapper. So, you
suggesting
VOIP conversation /computer hacked etc, I think is a shot in the dark
assumption.
Any criticisms are welcomed.
__ __
/\ \/\ \ __
\ \ `\\ \ __ __ __ /\_\ ___
\ \ , ` \ /'__`\ /\ \/\ \\/\ \ /' _ `
\
\ \ \`\ \/\ \L\.\_\ \ \_/ |\ \ \/\ \/\ \
\ \_\ \_\ \__/.\_\\ \___/ \ \_\ \_\ \_\
\/_/\/_/\/__/\/_/ \/__/ \/_/\/_/\/_/
----------
From: *Bibek Paudel* <eternalyouth at gmail.com>
Date: Mon, Sep 6, 2010 at 3:19 AM
To: nepsecure at googlegroups.com
Well, at least I didnt make any public announcement of any such
assumption. My concerns are/were different.
Bibek
----------
From: *Bipin Gautam* <bipin.gautam at gmail.com>
Date: Mon, Sep 6, 2010 at 7:04 AM
To: nepsecure at googlegroups.com
Navin, Let me be "very clear" first, i never shoot in the dark!
Wiretapping Skype calls: virus eavesdrops on VoIP
http://www.usatoday.com/tech/news/computersecurity/2009-09-02-skype-virus_N.htm
http://www.google.com/searchq=Wiretapping+Skype+calls%3A+virus+eavesdrops+on+VoIP
...
Second, i "clearly" understand all such technical capabilities, to
blueprint details!
Its just you who dont understand what a "determined attacker" has in
its arsenal. Hell, people with so much of wits dont do high-school
projects.
Sun Tzu, teaches us "Subtle and insubstantial, the expert leaves no
trace; divinely mysterious, he is inaudible. Thus he is master of his
enemy's fate."
Third, for the sake of discussion, I WAS JUST SHARING A BIGGER
PICTURE. I WAS OFFERING YOU ALL SCENARIOS, POSSIBILITIES.
thanks,
-bipin
----------
From: *Pravin Dahal* <khattam at khattam.info>
Date: Mon, Sep 6, 2010 at 7:16 AM
To: "NepSecure (Nepali computer security and hacking community )" <
nepsecure at googlegroups.com>
Google Talk has encryption enabled but it only works if defaults are
not changed in the official client; does not work for web chat by
default. Using third party tools may also not work (see implementation
in third party tool itself)... Empathy, the gnome chat client, uses
jabber for Gtalk which by default has SSL/TLS. Pidgin also has it
enabled by default.
Skype also uses encryption for auth, chat, and encryption for voice
and video too. Encryption cannot be turned off (which is good... well
if you are not the one who wants to sniff, that is)
Y! IM and MSN use it for authentication (means at least passwords are
safe), but not the logs (means that all chat text can be
intercepted)... Y! web messenger uses ssl though.
Refs:
http://news.cnet.com/8301-13578_3-9962106-38.html
http://www.chip.in/forums/viewtopic.php?f=16&t=43676
http://forum.skype.com/index.php?showtopic=18543
On Sep 5, 8:59 pm, Bibek Paudel <eternalyo... at gmail.com> wrote:
> > For more options, visit this group athttp://
groups.google.com/group/nepsecure?hl=en.
----------
From: *Bipin Gautam* <bipin.gautam at gmail.com>
Date: Mon, Sep 6, 2010 at 7:21 AM
To: nepsecure at googlegroups.com
Pravin, welcome to the group!
Thanks for sharing that info. :)
-bipin
----------
From: *Navin* <navinyolmo at gmail.com>
Date: Mon, Sep 6, 2010 at 8:59 AM
To: "NepSecure (Nepali computer security and hacking community )" <
nepsecure at googlegroups.com>
Bipin Gautam,
I don't mean to set on any arguments here. But the fact is you
came on me first. Just digging some random sites on the web and
pasting links on here do not back whatever you said is always
true while being oblivious of surrounding ever changing dynamic
technologies and imposing views proves how adamant and arrogant you
are.
What you've been reading/doing few weeks ago in your school
projects could be stale by the morning you wake up tomorrow.
And, what's up with those old links. I don't care what those
tech-unaware journalists wrote on blatantly.
A little dug up on your personal detail has given me enough
reason to believe that you were one of those script-kiddies
who believed he knew everything and resisting those views
posted by you further made you leave every possibles arrogant
remarks and traces on the net what we know today by SERPs.
An oxymoron ..eh.??.with what you pasted there a saying
from some noble person/culture(I dunno) named Sun Tzu.
My friend, genius of geniuses would never admit and publicly
announces s/he's the jack of all trades or say knows everything.
Knowledge is constantly updating. I don't bother with what you
know or what you don't know. But definitely, you know nothing
just the fraction of what you think you know about if you really
think wisely. I'm not writing in desperation buddy, think it, realize
it and contemplate it. (you can't see me grin.. can you.. ;)
And, for god sake, when you paste links as reference, put some
past 2 weeks or at least a month old SERPs. And, if you copy
exact phrases from other sources, reference them too.
Now, coming to the point, Indian Government couldn't get through
those encrypted VOIP to (wire)tap conversations. It's obvious they
couldn't hack into, and so they are demanding data from VOIP
service providers like Skype and Google etc. They are taking it
as the matter of national security. And, if you think you are
brilliant than those cyber security personnel(some of em
used to be infamous hackers) appointed by Indian Govt, it's time
to earn big bucks , go and show them a way. Tell them, " hey
here is way, I brought you a solution, I can show you how to
trace VOIP and stuff"
Read this fresh link on this(less than 72 hours old by the time
I'm writing this):
http://bit.ly/b1B0d9
And for that last statement, keep your CAPS OFF dude. That's
offensive and You don't have to offer me any scenarios or
possibilities. Once again, I'd like to re-iterate, you are the
one who came on me first, not me. So, stop talking about offering
me or things like that. (CAPS OFF plz)
ciao
__ __
/\ \/\ \ __
\ \ `\\ \ __ __ __ /\_\ ___
\ \ , ` \ /'__`\ /\ \/\ \\/\ \ /' _ `\
\ \ \`\ \/\ \L\.\_\ \ \_/ |\ \ \/\ \/\ \
\ \_\ \_\ \__/.\_\\ \___/ \ \_\ \_\ \_\
\/_/\/_/\/__/\/_/ \/__/ \/_/\/_/\/_/
----------
From: *Pravin Dahal* <khattam at khattam.info>
Date: Mon, Sep 6, 2010 at 9:48 AM
To: "NepSecure (Nepali computer security and hacking community )" <
nepsecure at googlegroups.com>
Navin Ji,
You said: "So, you suggesting VOIP conversation /computer hacked etc,
I'm aware of Indian Governments stance about Skype. But that is
because it is not possible for the government to intercept voice calls
from the ISPs. However, Bipin Ji is suggesting a possibility of a
hacked computer. If someone's computer contains a malicious program
designed to record audio whenever a Skype call is made and record it
and/or send it to somewhere else, that possibility cannot be ignored
since the sound is recorded before encryption (outgoing audio) and
after decryption (incoming audio). I've just tested it and both sides
of the conversation can be heard. the other side is not as clear when
I was using headphone though. Obviously, Indian government can't
infect all of their users or force them to install a recorder, hence
the issue.
However, the Mahara audio could have been recorded either with the
help of a telephone bug if they were using land line at this side (the
Chinese man says he is using a mobile phone but it is not clear if
this side is a land line or mobile).. Another possibility is that they
could have deliberately recorded the conversations (possible in both
land line and mobile) themselves so that other insiders could listen
to it later and was leaked by someone. But I'm more inclined to your
theory of hands free conversation and an audio recorder.
Also, I'm not a big fan of personal insults in public. Thank you for
understanding. :D
Regards
Pravin
----------
From: *Navin* <navinyolmo at gmail.com>
Date: Mon, Sep 6, 2010 at 10:16 AM
To: "NepSecure (Nepali computer security and hacking community )" <
nepsecure at googlegroups.com>
Pravin Ji,
I second that.
__ __
/\ \/\ \ __
\ \ `\\ \ __ __ __ /\_\ ___
\ \ , ` \ /'__`\ /\ \/\ \\/\ \ /' _ `\
\ \ \`\ \/\ \L\.\_\ \ \_/ |\ \ \/\ \/\ \
\ \_\ \_\ \__/.\_\\ \___/ \ \_\ \_\ \_\
\/_/\/_/\/__/\/_/ \/__/ \/_/\/_/\/_/
----------
From: *Bipin Gautam* <bipin.gautam at gmail.com>
Date: Mon, Sep 6, 2010 at 11:48 AM
To: nepsecure at googlegroups.com
You just did@!
AND Yes, what do you expect moderators to do? U didnt pay attention to
the details. Its always healthy in a group culture to argue down an
"unproductive conversation".
I will get back to you in sometimes.....
How can you come up to a person randomly and say "show me what you
got"! What do you do for living? What are your expertise? I wished you
have listened more and followed closely to NepSecure archive in
googlegroup first.
If you dont do "Information Security" as a day job, or as a "serious"
hobby i might put your future posts "under moderation". One guy shows
up without any "background contribution" and and says "listen i am
right", is well......... a joke!
----------
From: *Bipin Gautam* <bipin.gautam at gmail.com>
Date: Mon, Sep 6, 2010 at 5:17 PM
To: nepsecure at googlegroups.com
Okie, lets start with the original URL
http://ushaft.wordpress.com/2010/09/05/some-ignored-issues-related-to-maharagate/
Also, check my full postings from Dec, 2008
http://ns.lahai.com/pipermail/itpolicy-np/2008-December/000464.html
"It really chills me and make me wounder about the possibilities of an
intelligence operation by foreign government when Nepalese ministers
accepts gifts like laptops from china and vehicles from india. Do they
think they least need to do a security clearance of their new found
goodies before possessing it. This could be the vehicle they use when
the talk their national strategy and its the same gifted laptop they
use to write notes of national interests. These are devices that can
be easily bugged with stealth (even from remotely) and has the
potential to leak key intelligence to other party/government.
"
Whats interesting about it is, it looks like it is written by a well
informed person. The heading, "maharagate" reminds me of
Watergate_scandal
http://en.wikipedia.org/wiki/Watergate_scandal
"Effects of the scandal ultimately led to the resignation of the
President of the United States Richard Nixon on August 9, 1974"
---(Back to you)---
Hidden Microphone detector?Give those tech-morons Windows XP.
The telephone bug i suggested you can be hooked way off your home,
directly plugged to the copper wire anywhere to its way to some
electric pole before it reaches the cabinet box!
Okie, real thing : give them, " 500-MHz Wideband Spectrum Analyzer"
http://www.baesystems.com/ProductsServices/bae_prod_500mhz_spec_analyzaer.html
Dude, next time you pay us a visit, just visit the right persons. :)
BUT Insurgents Hack Into U.S. Spy Drone Videos for 26$ using SkyGrabber!
http://www.friendskorner.com/forum/f137/video-insurgents-hack-into-u-s-spy-drone-videos-155561/
See, its not about you have to be India or the USA to be invincible!
There is always lack of "skilled resource". Whoever designed Drone
then didnt consider it as a threat modal.
During that time i had an engineer from "Aviation Sector" confirm
Frequency hopping spread spectrum with encryption was the only
defense. But adding "security" would raise the design cost by multiple
folds.
If you use transmitter, they can still find your location via trangulation.
Assumptions are always good. It gives you a clear prospective about
"possibilities"
It depends on which VOIP protocol you are using. Skype is closed
source but it uses encryption. Many VoIP technology do not do that.
HELL, i have seen ISP wide VOIP conversation sniffed in real time,
here in Nepal.
Ref: http://swik.net/sniffer+sip
DUDE, LEARN TO GOOGLE FIRST! Your comment doesnt bother me. :)
http://search.securityfocus.com/swsearch?query=bipin+gautam&sbm=bid&submit=Search!&metaname=alldoc&sort=swishlastmodified<http://search.securityfocus.com/swsearch?query=bipin+gautam&sbm=bid&submit=Search%21&metaname=alldoc&sort=swishlastmodified>
[1]Defense Intelligence Agency Fixes Risky Web Site Code:
http://www.informationweek.com/news/security/government/showArticle.jhtml?
articleID=211800622<http://www.informationweek.com/news/security/government/showArticle.jhtml?%0AarticleID=211800622>
http://seclists.org/fulldisclosure/2010/Jan/324
Linkedin shared complete "personally identifiable data" to third party
websites
I dont like keeping a formal record of my "Security Advisory". Last
time it was 20-22. I never keep a counting.
Dont you know "The Art of War"!!!
It is a Chinese military treatise that was written by Sun Tzu in
around 500 century BC, during the Spring and Autumn period. Composed
of 13 chapters, each of which is devoted to one aspect of warfare, it
is said to be the definitive work on military strategies and tactics
of its time, and still one of the basic texts...
http://www.chinapage.com/sunzi-e.html
Recommended: http://suntzusaid.com/ (with simple explaination)
I. Laying Plans
II. Waging War
III. Attack by Stratagem
IV. Tactical Dispositions
V. Energy
VI. Weak Points and Strong
VII. Maneuvering
VIII. Variation in Tactics
IX. The Army on the March
X. Terrain
XI. The Nine Situations
XII. The Attack by Fire
XIII. The Use of Spies
...
I am 110% sure, You never bothered to read through NepSecure archive.
As they say "bhujna lai shreekhanda, na bhujna lai khurpa ko beeed"
Well, India is a large country. Why invest corers in capabilities when
they can do it by simply asking about it by pretty much dictatorship?
Targeted attack is different story.
Thanks for your suggestion. I am enlightened!
with best regards,
-bipin
----------
From: *Bibek Paudel* <eternalyouth at gmail.com>
Date: Mon, Sep 6, 2010 at 6:24 PM
To: nepsecure at googlegroups.com
I hadnt seen your post (lahai.com) before. Its interesting to see your
and the blogger's (ushaft.wordpress.com) view converge on this topic.
In fact, AFAIK, after the Watergate scandal, many other scandals began
to be called one -gate or the other, even the Monica Lewinsky scandal
was called Monicagate :). For a complete list:
http://en.wikipedia.org/wiki/List_of_scandals_with_%22-gate%22_suffix
Thanks,
Bibek
----------
From: *Bipin Gautam* <bipin.gautam at gmail.com>
Date: Mon, Sep 6, 2010 at 10:01 PM
To: nepsecure at googlegroups.com
haha! Soo many "-gate" Bibek!
thanks for sharing,
-bipin
----------
From: *Navin* <navinyolmo at gmail.com>
Date: Tue, Sep 7, 2010 at 2:14 AM
To: nepsecure at googlegroups.com
Bipin Gautam,
Thanks for your time and effort. I appreciate for all the material included.
Really, you are deliberate. Thanks for all the infos.
btw, I didn't mean to insult you when I wrote 'shot in the dark' phrase.
It's a very common phrase we use among here and nobody minds that.
May be I should be careful using those phrases, cos, If I were you, I
would've not
felt right either esp from out of the blue guy like me. .
Anyway, never mind, n keep hacking for good sake.
ciao
__ __
/\ \/\ \ __
\ \ `\\ \ __ __ __ /\_\ ___
\ \ , ` \ /'__`\ /\ \/\ \\/\ \ /' _ `\
\ \ \`\ \/\ \L\.\_\ \ \_/ |\ \ \/\ \/\ \
\ \_\ \_\ \__/.\_\\ \___/ \ \_\ \_\ \_\
\/_/\/_/\/__/\/_/ \/__/ \/_/\/_/\/_/
> --
>
--
Navin
----------
From: *Bipin Gautam* <bipin.gautam at gmail.com>
Date: Tue, Sep 7, 2010 at 6:52 AM
To: nepsecure at googlegroups.com
Cheers dude! ;)
see you around...
-bipin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/attachments/20100907/ea1380ba/attachment-0001.html
More information about the Itpolicy-np
mailing list