It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
British internet users' personal information on major 'cloud' storage services can be spied upon
page: 13
share:
does anyone want encrypted storage now?
if you are in a business and you compete with the us you might want to read this,
www.independent.co.uk... -upon-routinely-by-us-authorities-8471819.html
i trust that the us wouldnt use this info to gain a competitive advantage over offshore businesses,
but do you?
xploder
if you are in a business and you compete with the us you might want to read this,
Cloud computing has exploded in recent years as a flexible, cheap way for individuals, companies and government bodies to remotely store documents and data. According to some estimates, 35 per cent of UK firms use some sort of cloud system – with Google Drive, Apple iCloud and Amazon Cloud Drive the major players.
But it has now emerged that all documents uploaded onto cloud systems based in the US or falling under Washington’s jurisdiction can be accessed and analysed without a warrant by American security agencies.
www.independent.co.uk... -upon-routinely-by-us-authorities-8471819.html
Caspar Bowden, who served as Chief Privacy Adviser to Microsoft Europe for nine years until 2011, told The Independent: “What this legislation means is that the US has been able to mine any foreign data in US Clouds since 2008, and nobody noticed.”
Significantly, bodies such as the National Security Agency, the FBI and the CIA can gain access to any information that potentially concerns US foreign policy for purely political reasons – with no need for any suspicion that national security is at stake – meaning that religious groups, campaigning organisations and journalists could be targeted.
i trust that the us wouldnt use this info to gain a competitive advantage over offshore businesses,
but do you?
xploder
Nice find Xploder
I cant help but feel that only the Gullible would keep sensitive data on the web.
Any peice of machinery thats connected is open to the world, the cloud is even worse.
Would those alphabets be using their access...hmmm...naaa of couse not
I cant help but feel that only the Gullible would keep sensitive data on the web.
Any peice of machinery thats connected is open to the world, the cloud is even worse.
Would those alphabets be using their access...hmmm...naaa of couse not
I use dropbox because I have 12gb for free on there and I don't really use that much like 2-5gb at any given time..
I made a truecrypt volume that was 5gb and it makes an empty file basically that is 5gb in size.. I uploaded that to dropbox. When Iwant to access I open the file container and upload/download whatever and it updates the file like its on my computer.
NO ONE can see or access anything I have stored on my dropbox cloud storage.
I made a truecrypt volume that was 5gb and it makes an empty file basically that is 5gb in size.. I uploaded that to dropbox. When Iwant to access I open the file container and upload/download whatever and it updates the file like its on my computer.
NO ONE can see or access anything I have stored on my dropbox cloud storage.
reply to post by dc4lifeskater
Dropbox can.
Regardless of your security feature they can crack any content hosted on their cloud. Cloud computing was just the next step in monitoring and controlling the content you have access to.
The NSA and cyber command are literally in tears of joy at the ever increasing cloud business model.
~Tenth
Dropbox can.
Regardless of your security feature they can crack any content hosted on their cloud. Cloud computing was just the next step in monitoring and controlling the content you have access to.
The NSA and cyber command are literally in tears of joy at the ever increasing cloud business model.
~Tenth
reply to post by tothetenthpower
Do your research NO ONE can crack or hack truecrypt if you use it correctly.
Do your research NO ONE can crack or hack truecrypt if you use it correctly.
reply to post by dc4lifeskater
Is it better than the NSA's 256 and 512 bit encryption?
If it isn't, than those nerds at Cyber Command could crack that without breaking a sweat, before their first 8 AM coffee.
I see the utility though, thanks for letting me know the product existed and yes it's probably VERY effective.
Let's be honest though. If they really wanted to get at your info, short of destroying the physical drive, there's not much that will stop them.
~Tenth
Is it better than the NSA's 256 and 512 bit encryption?
If it isn't, than those nerds at Cyber Command could crack that without breaking a sweat, before their first 8 AM coffee.
I see the utility though, thanks for letting me know the product existed and yes it's probably VERY effective.
Let's be honest though. If they really wanted to get at your info, short of destroying the physical drive, there's not much that will stop them.
~Tenth
I have never and will never use the cloud.
If I have anything I consider important to me which I need storing I just buy an external hard drive and only plug it in when I need it.
If anyone wants that information they can ask me for it and I'll send it to them. Using PGP.
If I have anything I consider important to me which I need storing I just buy an external hard drive and only plug it in when I need it.
If anyone wants that information they can ask me for it and I'll send it to them. Using PGP.
reply to post by dc4lifeskater
two points,
any data stored in the cloud on us servers is available to the authorities,
any data transmitted "through" america is subject to the same availability to the authorities.
they way it was supposed to work is that nations would not spy on their own networks,
but friendly nations could moniter each others networks.
this suggests that commercial or political info is "open access" for data mining.
only end to end encryption (not through the us)
and encrypted storage (not inside the us) is safe from data mining
if incorrectly used this could give a commercial benefit to us companies or political parties
true crypt is only as good as the password "key" and the encryption "key" and the security used to store these details.
ie
if your computer is "locally" compromised or a a court "orders" you to decrypt stored content you have to supply keys or decrypted content.
location of servers and "route" to servers is very important
xploder
two points,
any data stored in the cloud on us servers is available to the authorities,
any data transmitted "through" america is subject to the same availability to the authorities.
they way it was supposed to work is that nations would not spy on their own networks,
but friendly nations could moniter each others networks.
this suggests that commercial or political info is "open access" for data mining.
only end to end encryption (not through the us)
and encrypted storage (not inside the us) is safe from data mining
if incorrectly used this could give a commercial benefit to us companies or political parties
true crypt is only as good as the password "key" and the encryption "key" and the security used to store these details.
ie
if your computer is "locally" compromised or a a court "orders" you to decrypt stored content you have to supply keys or decrypted content.
location of servers and "route" to servers is very important
xploder
reply to post by tothetenthpower
The FBI spent more then a year trying to crack a truecrypt drive. There have been MANY attempts to crack one. I use triple encryption, as well as a hidden OS encryption that looks like you have a regular windoes install but my actual windows it hidden. There are MANY cases online you can look at where they could not prosecute people because they cannot force you to give up your password as well as they cannot crack it. The brazil GOV asked the fbi for help cracking into a banksters drives and they couldn't do it.
The ONLY way you can get into it is if you can bruteforce your way into it which its pretty much impossible to do if you use a correct password and if you triple encrypt you would be dead before they got in so it really wouldn't matter by then. It is open source there is no back doors and it has been independently verified. I have EVERYTHING truecrypted that I own, if someone steals my laptop or any of my drives they basically will end up with a bunch of paperweights.
I promise you if they want to get in no matter how bad unless you give them the password or they get it somehow, they will never get into it.
The FBI spent more then a year trying to crack a truecrypt drive. There have been MANY attempts to crack one. I use triple encryption, as well as a hidden OS encryption that looks like you have a regular windoes install but my actual windows it hidden. There are MANY cases online you can look at where they could not prosecute people because they cannot force you to give up your password as well as they cannot crack it. The brazil GOV asked the fbi for help cracking into a banksters drives and they couldn't do it.
The ONLY way you can get into it is if you can bruteforce your way into it which its pretty much impossible to do if you use a correct password and if you triple encrypt you would be dead before they got in so it really wouldn't matter by then. It is open source there is no back doors and it has been independently verified. I have EVERYTHING truecrypted that I own, if someone steals my laptop or any of my drives they basically will end up with a bunch of paperweights.
I promise you if they want to get in no matter how bad unless you give them the password or they get it somehow, they will never get into it.
Originally posted by dc4lifeskater
reply to post by tothetenthpower
The FBI spent more then a year trying to crack a truecrypt drive. There have been MANY attempts to crack one. I use triple encryption, as well as a hidden OS encryption that looks like you have a regular windoes install but my actual windows it hidden. There are MANY cases online you can look at where they could not prosecute people because they cannot force you to give up your password as well as they cannot crack it. The brazil GOV asked the fbi for help cracking into a banksters drives and they couldn't do it.
The ONLY way you can get into it is if you can bruteforce your way into it which its pretty much impossible to do if you use a correct password and if you triple encrypt you would be dead before they got in so it really wouldn't matter by then. It is open source there is no back doors and it has been independently verified. I have EVERYTHING truecrypted that I own, if someone steals my laptop or any of my drives they basically will end up with a bunch of paperweights.
I promise you if they want to get in no matter how bad unless you give them the password or they get it somehow, they will never get into it.
I saw something a while back about an AMD tech guy who used 2 high powered graphics cards wired in a special SLI configuration. Its power for Brute forcing was astonishing. I'm going to try to find it coz I cant remember the figures, but I remember thinking that it would have cracked all existing encrytions (at that time) within minutes.
I'll see if i can find it, back soon.
Law enforcement organizations, government agencies and private investigators will now be able to break strong encryption much faster – as much as 45 times for TrueCrypt disks and 10 times faster for strong RAR 3 archives, with speeds of more than 2,500 passwords per second using just a single FERMI card by NVIDIA
Source
edit on 30-1-2013 by VoidHawk because: (no reason given)
reply to post by dc4lifeskater
The FBI is not the NSA or cybercommand.
Again, is the encryption 256, 512 bit grade? Or something lower?
I understand encryption technology, it's capabilities and it's limitations VERY well. The only uncrackable encryption at the moment is the NSA's 512 bit; which is what the Julian Assan / Wikileaks "insurance" file is encrypted in.
Also, there are products it seems available, or available shortly, that decrypt what you are using.
www.informationweek.com...
code.google.com...
truecryptblooz.blogspot.ca...
So maybe when it was released it was this awesome thing, but it seems like it isn't all what it's 'cracked' up to be..
~Tenth
The FBI is not the NSA or cybercommand.
Again, is the encryption 256, 512 bit grade? Or something lower?
I understand encryption technology, it's capabilities and it's limitations VERY well. The only uncrackable encryption at the moment is the NSA's 512 bit; which is what the Julian Assan / Wikileaks "insurance" file is encrypted in.
Also, there are products it seems available, or available shortly, that decrypt what you are using.
www.informationweek.com...
code.google.com...
truecryptblooz.blogspot.ca...
So maybe when it was released it was this awesome thing, but it seems like it isn't all what it's 'cracked' up to be..
~Tenth
For those who missed my edit above.
Source
Law enforcement organizations, government agencies and private investigators will now be able to break strong encryption much faster – as much as 45 times for TrueCrypt disks and 10 times faster for strong RAR 3 archives, with speeds of more than 2,500 passwords per second using just a single FERMI card by NVIDIA
Source
reply to post by VoidHawk
wired had an article about 7 of those video cards paralleled together for even faster results,
the idea that a quantum computer is required to "crack" heavy encrypted passwords looks to be a mistake
encryption of ALL forms that are available to the public have already been broken,
or weakness seeded into them, ie non random number generation for nounces ect.
what ever is state of the art this year will be easy to crack in future years given the increase in computational power and the tech available to the state.
i have no problem with authorities reading my internet traffic or stored content,
but if its commercially valuable their is an incentive to harvest for profit.
this does away with the notion of interlecual property and the right to conceal valuable ideas and designs.
thing is to not take precautions is leaving yourself open to property theft,
who knows if the governments of the world would target inventors?
but the very least you should do is
the authorities can always decrypt stuff, but why make it so easy to be taken advantage of?
xploder
wired had an article about 7 of those video cards paralleled together for even faster results,
the idea that a quantum computer is required to "crack" heavy encrypted passwords looks to be a mistake
encryption of ALL forms that are available to the public have already been broken,
or weakness seeded into them, ie non random number generation for nounces ect.
what ever is state of the art this year will be easy to crack in future years given the increase in computational power and the tech available to the state.
i have no problem with authorities reading my internet traffic or stored content,
but if its commercially valuable their is an incentive to harvest for profit.
this does away with the notion of interlecual property and the right to conceal valuable ideas and designs.
thing is to not take precautions is leaving yourself open to property theft,
who knows if the governments of the world would target inventors?
but the very least you should do is
the authorities can always decrypt stuff, but why make it so easy to be taken advantage of?
xploder
reply to post by tothetenthpower
I use sha 512 hash with AES+Twofish+Serpent for encryption:
Three ciphers in a cascade operating in XTS mod, Each block is first encrypted with Serpent (256-bit key), then with Twofish (256-bit key) and finally with AES (256-bit key) each cipher has its own keys. All keys are mutually independent.
^ that is what the encrytion options I use say. My passwords are completely random and VERY long consisting of numbers/letters/uppercase/lowercase. When I encrypt things I encrypt the hard drive completely using the above with one password and anything I put inside it I put into encrypted file container. So I encrypt the entire drive then I make a file container the size of the drive with a seperate password.
If you can get into my system you can keep everything I have and I will give you $1000 but you never would so I am not worried..
They have tried cracking with much more powerful computers then what you are talking about above and if a super computer can't crack it then IDK why you people think that its so easy.
Also I read your 3 links the 1st 2, the guy was trying to crack his own drive and knew somewhat what the password was and which symbols/letters to include in the dictionary he has a huge change at getting in compared to some random trying to hack in.
The second is just a tool used to run dictionary on truecypt it gives you no special advantages to crack truecrypt in any way its just another dictionary tool you could run it FOREVER and still never get in..
the 3rd link has been known for a while its how you can get into anything that is encrypted, the problem with it though if you read the article it even says if you rely on bruteforce and you use a good passphrase you will likely never get in. BUT if the computer is turned on and the truecrypt drive is mounted then can find out the key because it will be in memory or also if people save in their truecrypt key..
I NEVER save my key I type it in anytime I need to access anything. I have a program that dumps my memory also every 15 minutes to keep my ram freed up.
As well as if I am not on my computer I shut it down so they could not access my keys or my truecrypt because the computer would never be on for them to do that.
On top of it not being on, they would have 1 bios password they would need to know (easily hacked just replace bios chip but still) I have a startup pasword, I have passwords on both had drives the from what I understand you are not able to hack hard drive passwords but I am sure you can since its dell... so if they can get past all of that, they would need to know my truecrypt startup password that would get them into my fake windows install, then they would need to know my password for my real windows.. and even if they got through all of that and got onto windows they wouldn't find much interestign things on there since I keep very little installed only standard programs, they would have to get through 2 truecrypt containers with 2 different passwords to actually look at any of my files.
Its not gonna happen.
I use sha 512 hash with AES+Twofish+Serpent for encryption:
Three ciphers in a cascade operating in XTS mod, Each block is first encrypted with Serpent (256-bit key), then with Twofish (256-bit key) and finally with AES (256-bit key) each cipher has its own keys. All keys are mutually independent.
^ that is what the encrytion options I use say. My passwords are completely random and VERY long consisting of numbers/letters/uppercase/lowercase. When I encrypt things I encrypt the hard drive completely using the above with one password and anything I put inside it I put into encrypted file container. So I encrypt the entire drive then I make a file container the size of the drive with a seperate password.
If you can get into my system you can keep everything I have and I will give you $1000 but you never would so I am not worried..
They have tried cracking with much more powerful computers then what you are talking about above and if a super computer can't crack it then IDK why you people think that its so easy.
Also I read your 3 links the 1st 2, the guy was trying to crack his own drive and knew somewhat what the password was and which symbols/letters to include in the dictionary he has a huge change at getting in compared to some random trying to hack in.
The second is just a tool used to run dictionary on truecypt it gives you no special advantages to crack truecrypt in any way its just another dictionary tool you could run it FOREVER and still never get in..
the 3rd link has been known for a while its how you can get into anything that is encrypted, the problem with it though if you read the article it even says if you rely on bruteforce and you use a good passphrase you will likely never get in. BUT if the computer is turned on and the truecrypt drive is mounted then can find out the key because it will be in memory or also if people save in their truecrypt key..
I NEVER save my key I type it in anytime I need to access anything. I have a program that dumps my memory also every 15 minutes to keep my ram freed up.
As well as if I am not on my computer I shut it down so they could not access my keys or my truecrypt because the computer would never be on for them to do that.
On top of it not being on, they would have 1 bios password they would need to know (easily hacked just replace bios chip but still) I have a startup pasword, I have passwords on both had drives the from what I understand you are not able to hack hard drive passwords but I am sure you can since its dell... so if they can get past all of that, they would need to know my truecrypt startup password that would get them into my fake windows install, then they would need to know my password for my real windows.. and even if they got through all of that and got onto windows they wouldn't find much interestign things on there since I keep very little installed only standard programs, they would have to get through 2 truecrypt containers with 2 different passwords to actually look at any of my files.
Its not gonna happen.
edit on 30-1-2013 by dc4lifeskater because: (no reason given)
I got Live drive in a bundle with Kindle. I am planning to store my music on it, do you think this would be alright to do so?
I lost a laptop last year and although all my music is on CDs, it was heart breaking not to have access to my music in MP3 form.
So is cloud storage alright for music storage?
I have an off-web PC for my documents, as I am not a computer expert. It will never be connected and I am hoping that will be safe. (Not that I have anything to hide. I only know one secret and that there is a black hole our Sun goes around. Now it isn't a secret, so they can now leave me alone.)
I really don't want to tell you this (because you will just say I made it up, my hubby has seen them and can't explain how they get there!) but I have photos of tiny fingerprints on the screen of my laptop. Sometimes in a triangle postion 4-5cms apart.
They have appeared several times and I think they were put there to scare me. I'm not scared but I am intrigued. Why come to my laptop when they can read anything they like off the web?
So I thought what if all the encryption in the world doesn't work, if they have bio-robots who can 'read' your computer like a book??
I lost a laptop last year and although all my music is on CDs, it was heart breaking not to have access to my music in MP3 form.
So is cloud storage alright for music storage?
I have an off-web PC for my documents, as I am not a computer expert. It will never be connected and I am hoping that will be safe. (Not that I have anything to hide. I only know one secret and that there is a black hole our Sun goes around. Now it isn't a secret, so they can now leave me alone.)
I really don't want to tell you this (because you will just say I made it up, my hubby has seen them and can't explain how they get there!) but I have photos of tiny fingerprints on the screen of my laptop. Sometimes in a triangle postion 4-5cms apart.
They have appeared several times and I think they were put there to scare me. I'm not scared but I am intrigued. Why come to my laptop when they can read anything they like off the web?
So I thought what if all the encryption in the world doesn't work, if they have bio-robots who can 'read' your computer like a book??
So far, I am digging dotcom's new mega services. I got a few accounts on there, using for backup backup copies(in case externals croaks on me). On top
of the encryption used by mega itself, I store everything I upload in a truecrypt container. 50 gigs for free user is pretty damn good, when uploading
it usually stays around 250 kb/s, most other services I tried seem to throttle to around 100 kb/s. I got 500 GB worth of free space used up so far
edit on Thu, 31 Jan 2013 06:28:08 -0600 by TKDRL because: (no reason given)
I have always firmly believed that the "data protection act" is a complete joke. This was further driven home when I found that UK Government
Departments / agencies were outsourcing work to US (or other) companies and transmitting masses of data across the world. I don't EVER remember
being asked for MY permission for them to do so. Oh, I know, we have the comical "Safe Harbour" agreements etc, which themselves are another joke
and no guarantee of safe and secure data use.
Now, moving with the times, along comes "The Cloud", the next must have, must use technology for individuals, governments and corporations alike. I actually find it quite disturbing that any large corporation would seriously consider sending sensitive data to anywhere but their own secured servers and datacentres. I work for a tech company whose board are embracing the cloud and what it has to offer... but I personally wouldn't touch it with a barge pole. I keep my own data backed up and backed up again, on my own property, so at least I can more or less guarantee nobody else has access to it.
I think it just comes down to an ingrained mistrust of governments and their agencies. Going on past performance, criminality and downright lying to us all, they are the last people I would trust on the planet.
I'll just have to remain behind the times and "soooo last decade - a luddite - a dinosaur" in my use of technology, but at least I can keep my personal data safe(ish).
Now, moving with the times, along comes "The Cloud", the next must have, must use technology for individuals, governments and corporations alike. I actually find it quite disturbing that any large corporation would seriously consider sending sensitive data to anywhere but their own secured servers and datacentres. I work for a tech company whose board are embracing the cloud and what it has to offer... but I personally wouldn't touch it with a barge pole. I keep my own data backed up and backed up again, on my own property, so at least I can more or less guarantee nobody else has access to it.
I think it just comes down to an ingrained mistrust of governments and their agencies. Going on past performance, criminality and downright lying to us all, they are the last people I would trust on the planet.
I'll just have to remain behind the times and "soooo last decade - a luddite - a dinosaur" in my use of technology, but at least I can keep my personal data safe(ish).
new topics
-
Thousands Of Young Ukrainian Men Trying To Flee The Country To Avoid Conscription And The War
Other Current Events: 2 hours ago -
12 jurors selected in Trump criminal trial
US Political Madness: 5 hours ago -
Iran launches Retalliation Strike 4.18.24
World War Three: 5 hours ago -
Israeli Missile Strikes in Iran, Explosions in Syria + Iraq
World War Three: 6 hours ago -
George Knapp AMA on DI
Area 51 and other Facilities: 11 hours ago
top topics
-
George Knapp AMA on DI
Area 51 and other Facilities: 11 hours ago, 25 flags -
Israeli Missile Strikes in Iran, Explosions in Syria + Iraq
World War Three: 6 hours ago, 14 flags -
Louisiana Lawmakers Seek to Limit Public Access to Government Records
Political Issues: 14 hours ago, 7 flags -
So I saw about 30 UFOs in formation last night.
Aliens and UFOs: 17 hours ago, 6 flags -
Iran launches Retalliation Strike 4.18.24
World War Three: 5 hours ago, 6 flags -
Not Aliens but a Nazi Occult Inspired and then Science Rendered Design.
Aliens and UFOs: 12 hours ago, 5 flags -
12 jurors selected in Trump criminal trial
US Political Madness: 5 hours ago, 4 flags -
The Tories may be wiped out after the Election - Serves them Right
Regional Politics: 15 hours ago, 3 flags -
Thousands Of Young Ukrainian Men Trying To Flee The Country To Avoid Conscription And The War
Other Current Events: 2 hours ago, 3 flags
active topics
-
Thousands Of Young Ukrainian Men Trying To Flee The Country To Avoid Conscription And The War
Other Current Events • 2 • : DerBeobachter2 -
The Tories may be wiped out after the Election - Serves them Right
Regional Politics • 23 • : andy06shake -
Mandela Effect - It Happened to Me!
The Gray Area • 109 • : ArMaP -
Mood Music Part VI
Music • 3058 • : Hellmutt -
Fossils in Greece Suggest Human Ancestors Evolved in Europe, Not Africa
Origins and Creationism • 60 • : whereislogic -
Scarface does Tiny Desk Concert
Music • 7 • : sitrose -
The Acronym Game .. Pt.3
General Chit Chat • 7727 • : F2d5thCavv2 -
Russia Ukraine Update Thread - part 3
World War Three • 5697 • : F2d5thCavv2 -
Do we live in a simulation similar to The Matrix 1999?
ATS Skunk Works • 22 • : SchrodingersRat -
Iran launches Retalliation Strike 4.18.24
World War Three • 15 • : semperfortis
3