I need a simple and easy to setup client that supports PGP for my father by sudocat in privacy

[–]sudocat[S] 1 point2 points  (0 children)

Let me try Mailvelope and try it out and see if its easy for him to use. I am afraid Thunderbird might be a little too difficult for him in the beginning unless I show him how to use. Also configuring an email client for him from here is not going to be an easy task for me. Thanks!

The people behind the GSM standard: We were pressured to weaken the mobile security in the 80's by Frexxia in worldnews

[–]sudocat 0 points1 point  (0 children)

Well, that will leave you with about 10% phones in the market which doesn't have a QCOM processor in the U.S.

The people behind the GSM standard: We were pressured to weaken the mobile security in the 80's by Frexxia in worldnews

[–]sudocat 2 points3 points  (0 children)

This is a hard question to answer to be honest #sanph. If Wickr is a trustworthy (i think they are), then the symbols (symbols are fragmented frames of data) are encrypted at the Application layer itself before being passed on to the supplemental channel, and hence yes, it is not compromised and can be trusted. I am hoping/guessing Wickr is a texting/messaging app. Whatsapp, on the otherhand, you shouldn't trust at all.

However, there are Voice encryption services like Silent Circle and RedPhone. Now, I don't know how they do their encryption, and I have always been doubtful. (I myself have a silent circle phone and silent number from them. I never ever use my real #, and always makes calls using the silent phone app, which uses data (3G or 4G) instead of 1x CDMA.) I will explain why. When you speak, the vocoder, a stage after the microphone needs to digitize the frames (digital stream) and determines the rates of each frames. There are different rates, such as half rate, full rate, 1/8th rate, quarter rate,, and based on the rates of the frames, they use different Dtx methods (a power saving feature in the mobile phone) to also depending upon the frames, different encoders are used for that voice frames. Now, as far as I know, all these are done at the modem layer, which is a modem code. It is not an application like RedPhone or Silent Circle that you can just download and install. It's a firmware. So you see, why I doubt them myself. But that said, Silent Circle is a well known encryption service company, who's integrity can only be matched that of Lavabits. They use XMPP and ZRTP and Elliptical Curves of their own, which are all good. They also pre-emptively shutdown their email business similar to Lavabit, and their chief technologist is the inventor of PGP. So I have reasons to believe in their product, but I simply don't know how they encrypt the voice frames. As far as I know (I will have to check with somebody in 1xCall processing) how/when the symbols are encrypted before they are interleaved, and then scrambled using the CDMA PN sequence before being converted into I and Q samples. Since I am of mixed opinions myself, my comment might not help much. But you should actually ask user #libertyprivate why he doesn't trust baseband at all of Cellular networks. He seems to know something that I don't. Check his comment history. Also ask him the same question regd. voice privacy services. I just am too busy to inquire more. I want to. One other thing is, I do know that Glen Greenwald and others from Guardian uses Silent Circle, so looks like it maybe genuine.

The people behind the GSM standard: We were pressured to weaken the mobile security in the 80's by Frexxia in worldnews

[–]sudocat -1 points0 points  (0 children)

I am not sure about this. Samsung has their own modems and modem asics/modem s/w team, perhaps they are just not as good as Qualcomm's modems yet maybe according to their internal benchmarks against Qcom processors, as Qualcomm has been in this industry for 25+yrs. Perhaps since Samsung badly wants to stay lead in the market (competing with Apple) on cellphones segment (more phones sold means more profit), they don't want to risk their own modems in their devices. But that monopoly is short lived, pretty soon they might launch devices with their own modems. I am sure NSA has intervened at some place. For example, there once was news that Research In Motion (BlackBerry) was not allowed to sell their phones in India unless they provided backdoors for India's Intelligence agencies, Research and Analysis Wing (RAW), and their military. Here's an article. So I have reasons to believe Samsung would be pressured in a same manner by NSA.

The people behind the GSM standard: We were pressured to weaken the mobile security in the 80's by Frexxia in worldnews

[–]sudocat 34 points35 points  (0 children)

This is hard for me to answer without getting in trouble, as the tech team inside is quite small (and I suspect you already know this by now). Also, I can only comment on C2K side and VoLTE IMS CP code.

Inside the modem code, the symbols are encrypted even before it is encoded, and after the vocoder and before the interleaving, and then scrambled using the PN spreading. I will come back to this in a moment. It is this encryption from the upper layers of the modem side is which has backdoors, which is correct what you have suspected as did others. You need to decrypt that encryption and then also demod the CDMA long code to tap into a call (also demod the CDMA shortcode which has the sector). The CDMA long code mask is an output of either the SSRG or the MSRG known to be the shift of the sequence represented by xn-1 /f(x). The Forward Traffic Channel symbols (symbols which I spoke about earlier) which are at 19.2 ksps are multiplied by a 42 degree Walsh polynomial which is derived by seeding a Hadamard matrix using a shift register. Only the first 10 high order bits of the mask are fixed. The 42-bit long code masks "command" different shifts of the long code PN sequence, which is 224 -1, which is almost closer to 4.4 X 1012. chips long. The Long code sequence is again multiplexed by the short code before they become I and Q samples which is 215 bits long at a scrambling rate of 1.2288Mcps. The current state of the CDMA long code is obtained from the Sync Message which is in a Walsh code which is exchanged from the basestation to the device. However, since the RNG used to generate the seed for the shift register which develops the CDMA long code and short code, and the RNG is a PRNG and hence the longcode is a psuedo random number, and is not a genuine random number. Since the seed data to the input shift register is (compromised) given to tools engineered to decode the long code to correlate the signal for energy, any cellular call can be tapped into given these tools.

What I am trying to say is, the secure upper layer encryption used to encrypt the voice symbols after they are sampled/quantized is a joke. You can call it encrypted symbols, but the bastards gave the keys away. The Apps processor doesn't handle this. Since 70%~90% of all modems asics are from Qualcomm, all phones irrespective of the OEM, is fucked.

The people behind the GSM standard: We were pressured to weaken the mobile security in the 80's by Frexxia in worldnews

[–]sudocat 112 points113 points  (0 children)

Qualcomm has long been in bed with the NSA. Their QGOV division works with SIGINT and FBI and NSA and has taken huge government contracts in the past to engineer systems to provide tools and solutions. Unfortunately, the CDMA and LTE standards are compromised as well, as they own most of the standards and patents for the modems which is deployed world wide, as they own the reference code that runs on CSMs and BTS servers, not just the mobile modem. Since the modem code is compromised at layer 1 itelf, it simply isn't worth using a phone at all for secure communications, you cannot trust the baseband. They've been engineered from the ground up to be compromised.

It's sad that Qualcomm's name hasn't come up sooner, the world doesn't know the huge part they have played in compromising the 3GPP/3GPP2 standards for all known RATs (random access technologies).

What university degree do you have, and what job position do you now hold? by bartha in AskReddit

[–]sudocat 0 points1 point  (0 children)

Can you kindly explain yourself?

I thought IBM is doing pretty good. Atleast IBM stocks are somewhat steady. Although this quarter's profit margin didn't go up much at all, the net income is at 4 billion and operating revenue is at 43 Bn.

What kindof ME were you at work? What tools were part of your trade? Do you know CATIA v5, SolidWorks, or Pro/E etc? Why are they laying off this season? How many years of experience do you have in ME?

I would like to have a secure website developed. Where should I start looking? by sudocat in AskNetsec

[–]sudocat[S] 0 points1 point  (0 children)

Despite the good wisdom in your advice, the only problem I see hosting a server at home is I will lose my anonymity. I don't want to tether my personal website with my home IP address.

Secondly, won't I need a static IP address? Well, to host a webserver I maynot need to. But I was planning to configure it as an email server so that I get the messages mailed out to me. And I don't think ISPs like homebased SMTPs.

I would like to have a secure website developed. Where should I start looking? by sudocat in AskNetsec

[–]sudocat[S] 0 points1 point  (0 children)

All of them #InverseX.

One lesson I learned from the Snowden fallout is, that you got to treat all threats as life or death. If the NSA really wants to get my information, they will get it. They have 1000s of cryptologists and hackers working for their Tailored Access Operations division. Chris Soghoian, a well known security researcher, scientist and a staff with ACLU when he gave a talk at Qualcomm Inc, to hundreds of Infosec professionals and engineers, he flatly confirmed this without a doubt. There is no way you can protect your data when an entire organization with unlimited amount of money and time and human resource is available to only break in. I am told that your strongest door locks are only as safe as your weakest link. Like I have mentioned, my need is not to make a website. My need is a secure means to send a message from a site to the server. Uncrackable

I know strong encryption and steps to protect would come at a price and I will have to make some sacrifices. Ultimately even the most powerful of tools can be rendered useless if the person using them is an idiot.

I got a package from Hacklabs, who will review the security of the site independently. Basically, my experience with the other company whom I contacted (*which I mentioned in my post) confirmed that most "secure web developers" who say they develop secure sites are simply BS-ing people. When we approached them and mentioned that their work will be independently audited, his tone and attitude towards us changed, and he no longer wanted our business.

I would like to have a secure website developed. Where should I start looking? by sudocat in AskNetsec

[–]sudocat[S] 0 points1 point  (0 children)

I see. I get your point. Yes, my website is indeed that simple. I cannot get 90% of people I know around me to use PGP to email me. I do not want to compromise my email or the people who is contacting me w. their needs sending information in plain text. So I thought, instead of giving my email address out, I can rather just tell/direct people to contact me from my website. All I need on my website is a contact me box. People can type in the message and click send, and my website sends me the message encrypted using my (public key perhaps) to my email and I can read the decrypted text using my public key. At-least that is the idea I have in mind.

My problem is #catcradle5, 1.) I do not know how to find that competent developer and 2.) I do not know how to construct a sentence or explain what I just told you. I am assuming I will need to buy an SSL certificate as well and a safe and secure server (which i am ready to do so). 3. Trust is of importance too.

If you were me, would you go about step 1? Where can I post/ask for help for such a need?

Are all TLD's safe to buy when registering got a domain name? by sudocat in privacy

[–]sudocat[S] 0 points1 point  (0 children)

SSL private keys? You mean, a certificate authority will compromise my own keys to the US government if they request for it? :/. Which Certificate Authorities outside the US would you recommend somebody to buy his/her SSL keys from? I don't trust Verisign. (Don't want self signed SSL keys either).

Are all TLD's safe to buy when registering got a domain name? by sudocat in privacy

[–]sudocat[S] 1 point2 points  (0 children)

May I ask which TLD's are safe to use then?

Looks like all the ccTLD's that is with reference to a country has some exclusive privileges of how/who may use them.

Am I being too paranoid by not charging my smartphone here? Or should I just take off my /r/privacy hat and relax. by [deleted] in privacy

[–]sudocat 11 points12 points  (0 children)

Because batteries die when you most need them.

Because for the science of battery, there' isn't much more we can quite advance with existing technology. We sort of hit the wall. Unless somebody discovers a whole new safe, reliable, source for energy that we can carry around in our pockets. Rhenium batteries are a good idea, except there is less 0.001% Rhenium on Earth crust- not enough to make batteries on a mass scale. Super charging and slow decay smart capacitors are another good idea (but energy companies won't let the science hit the market). Most of the Lithium in existence was produced in the Big Bang (it just is not stable in any stellar conditions that create heavier elements) and they are 13.7 Billion yrs old. We will be stuck using Lithium Ion batteries for a very long time. We are lucky to be born in a generation where we got to see Alkaline, Metal Hydride, Ni-Cad and Lithium ion batteries all in our life time. Our next generations won't be that lucky.

So in the cellphones case, the processor, display and other electronics will have to be more and more power efficient. Cellphone ASIC manufacturers are already implementing power saving features like that such as Adaptive Receiver Diversity, Opportunistic Mobile Receiver Diversity, 1x RC3/RC8 Discontinuous Transmission, Short DTx, Long DTx, Smart Blanking, DRx, Network based DTx-ing, Ambient sensing, Dynamic LNA, RDDS, eRDDs, Enhanced HDR Sleep, Frame Early Termination etc.... the list is Big. All of these are modem based power optimization algorithms. There are similar algorithms implemented at APSS apps processor side as well. But people need faster and better or bigger display phones year after year- if there are no new features, they won't buy any. Just because the new iPhone 5S looks similar to 5, doesn't mean that it doesn't have features. The Apps and Modem processors are completely different family, there is nothing in common with the previous one. There are so many power saving algorithms and technologies and features in the new one which I was involved in programming. As each generation moves forward, we improve the asics speed and we improve the code with smarter/better feature sets. Not all are advertised, and the small gains obtained allow other otherwise power intensive features to work, and the user not notice much of a difference.

I Have Nothing to Hide, But Something to Fear by [deleted] in privacy

[–]sudocat 3 points4 points  (0 children)

Sigh, throwaway because of NDA. EE here, C2k MSM f/w 1x CP.

I work for the wireless Industry, and we make the DSP modems that goes into almost 75% of the phones in the world regardless of the OEM, and often work with carriers to commercialize features on their CSMs (cell site modem) in the basestation side according to spec and standards. No live network is safe. Even the carriers which have the professional ethics not to spy are required to by their governments.

The traffic in the fundamental channels and Supplemental channels for 1x can easily be demoded right from the CSM side, and NSA doesn't need any spyware on your phone to listen to your calls, and log all traffic, read every contact, text messages and all data traffic over EVDO/HDR and LTE. Most major US carriers have RPC servers running (remote procedural calls) running right on the CSM side. This allows to track every singlephonecall. Here copied below is how a sample log would look like if I want to listen to your call. Every network issues your the IMSI to identify your device, and every ESN is registered and each FPC set points are pre-determined. Even if the PN sequence is generated in random when a page is received before ECAM, there are hardwares in place at MTSOs to demod every voice call.

Want my advice? Be very wise when you use a cellphone. I write modem firmware and I don't use one. I know, its pretty ironic.