Digital Data Security… It Can’t Be Done.

My writing has been sparse over the past few months.  For those that enjoy reading my ramblings, I apologize for not rambling more often.  I’ve been mentally occupied over recent weeks and months.

As far as data security goes, I know I fall short of Krebs, Schneier, and so many others.  However, I believe I have an inside track on them as my perspective on data and security is born from a biblical worldview.  Solid believers forging new ground seems to be a rare thing.

I’m going to take a short, but necessary, rabbit trail, then get to the point of this post.  My worldview begins with a loving God that built mankind for the purpose of worship and relationship.  Since God has an attribute of love, there must must be the ability for God to extend His love, even through eternity’s past.  Unlike Islam, the God of the Bible was and is able to love something… God the Son. Allah didn’t have a Son to bless with love, so apparently, he just loves himself (selfishness, and this attribute can be seen all throughout the Koran).  I’m just making distinctions here, the distinction of love is critical, and I’ll get back to it later.

Relationship is the centerpiece of this worldview.  A relationship with mankind is broken by sin.  God gives the ability to renew that relationship through the blood of His Son.  Then He even gives us the Holy Spirit so that Christ never leaves us.

What makes up a relationship?  Interaction, right?  Communication.  Trust.  Love.  Commitment.  Obedience.  Etc, etc.  God invented relationship.  Relationship is such a cool invention, that man tried to recreate it.

Man created digital data.  Man wanted a recording medium and started with stone tablets.  That medium started in analog, like a vinyl record.  But due to spacial limitations, man was driven to record more and more on less and less.  The first recording device could just hold a few seconds.  Then vinyl albums could hold a few songs, then 10 songs, and now iPods, phones, and computers, can hold thousands of songs.  Though we could hold so much, it wasn’t enough, so man invented music streaming where one could select from millions on songs.

Music is such a cool thing and a positive example of how man overcame a challenge, let’s now look at phones.  The early phones called into a switchboard.  The switchboard operator would connect a call.  This process was cumbersome, so eventually man created automatic switching when dialing a number.  This was awesome, but you still had to have a physical line.  Radio communications eventually made it possible so that almost everyone has a phone in their pocket.

And mail?  It used to be carried by horses, then by cars.  You had to wait for a letter.  So, man made it more efficient by using electrical impulses representing ones and zeros to take a letter from point A to point B at near the speed of light.  Man also augmented that ability by putting it in a smartphone in your pocket.

Ok, let’s get to the point.  The point is that man’s inventions have moved into a pivotal part of the relationship stream.  There are two problems now.  One has to do with security.  The other has to do with relationship.

1 – Security:  How can broken man create security?  He can’t.  He can theorize how it should be done, but corrupt man is incapable of pulling it off.  Time + Secure System = Broken System.  You can apply this to the systems you trust on a daily basis.  Man continually filters his vision with a lens of deceit, thinking that he can fix the problem when he can’t.

2 – Relationship:  The purpose of these inventions is to augment relationship.  The augmentation of relationship using a digital medium only cheapens the relationship over time.  Conversations become shallower.  Selfishness abounds (just look at the selfie phenomena).  Worse than just the relationship breakdown is the perceived dependence on the device (whether phone, computer, or whatever).

This doesn’t mean I can’t use technology.  It does mean that I cannot trust it.  It also means that I must keep the device in perspective with God design man for interaction.  Digital interaction can only take a relationship so far.  Seeing a smile from my wife in a facetime chat does not equal seeing it in person.  Digital data falls short of providing any meaningful relationship.  Data is only a cheap interface.  When I use a phone, I need to remain focused on who I am connected with on the other end, the device is just a gateway for communications.

One might argue that the Bible must also be a cheap interface from God to man.  This is simply not true.  First, the Bible is Divinely inspired, making it a collection of books that spans time.  Second, the Bible is one piece of God’s relationship.  We also have the Holy Spirit to guide and direct.  There is a relationship that is within instead of just reading a book.  There is conviction when we read the errors of our ways.  There is encouragement when we discover God’s promises.  All these things point us back to God.

Back to the issue at hand.  Seeing the nature of man and his desire to become dependent on his own invention is very discouraging.  Sinful man sits at the center.  Sinful man acts like the switchboard operator.  Even in automatic switching, someone can still look at the logs.  Man cannot be trusted.

We all know there are bleak times coming.  Christians will continually be on the radar.  Data is making it easier and easier to compromise people.  So, my question is this.  Will you be able to let go of the data?  Could you let go of your cell phone?  How about email?  Could you rely on the relationships you have with those that you can see face to face?

I have a love-hate relationship with my phone… and technology in general I guess.  I think the first step for me is to again step away from using a smartphone (or leave it at work) and go back to dumb phone and practice leaving it behind.  There are many that have prepared all sorts of things, like preparing and storing food, working on defense skills, and practicing a bug-out drill.  But, who of us has really practiced walking away from data?

9 Tips for Dead Dropping Off the Grid

After stumbling across the dead drop video I posted the other day, I got thinking more about dead drops.  It seems like they drops would be a great way to communicate discretely and off the grid.  Geocaching is form of dead drop.  But, like the USB dead drops I mentioned previously, geocaching also uses online databases to inform data-seekers exactly where to look and this is neither discrete or off the grid.

Here are some tips for creating an effective dead drop that can truly be secret.  You can do this for free and with items you already have available.

1 – Choose drop locations that are somewhat public.  Such places would be similar to those chosen by geocahers.  Public trails, parks, and locations near public travel ways can serve well.  Multiple locations may be used along the same route in order to provide options and create a randomness.

2 – Data containers should be chosen wisely.  A container could be something as small as an old 35mm film container, or maybe as large as a nalgene bottle, an ammo box, or anything else that is fitting for the expected quantity of objects the drop may need to hold.  Containers should be waterproof.

3 – Multiple containers could be used to make retrieving the drop speedy.  One may want to quickly swap an object with a similar (or exact) object.  For example, one might travel to a drop and swap an empty or pre-loaded ‘altoids’ tin with another one, thereby both receiving the drop and leaving a drop at the same time.

4 – Those using the drop site shouldn’t loiter around the site.  Do your work quickly, discretely, and keep on moving.  It should go without saying, but one shouldn’t attempt to work a drop site while others are watching the action, else one should be efficient in swapping the data unnoticed (which may sound much easier than it is).  Never choose a drop that is near any surveillance or traffic cameras.

5 – Careful consideration of the kind of information placed in a drop will help prevent a drop’s compromise of the identity of those that may use the site.  Don’t use a real name, but maybe use a drop handle.  Don’t communicate real locations.  Instead, use alias names for locations.

6 – Signals can be used to indicate whether a drop is loaded or not.  Carrying something as simple as a piece of chalk and marking a particular object at a particular location can remove undesired exposure around a drop site.  Such markable objects could simply be trees, a telephone pole, a mailbox, or anything else that someone could walk by and mark without being noticed.  A signal could also be a spoken word or phrase.  Careful selection of words may make it possible to signal someone in normal everyday conversation.

7 – Contents of the drop could be a data storage device (like a USB drive), simple notes, messages, or even larger communications could be concealed in a larger drop (like a book, stack of newsletters, etc).

8 – The time of drop access should be a concern as well.  The early light and late light of the day can be a great choice as one could go running, walking, or biking with nobody noticing.

9 – ONLY USE A DROP WITH SOMEONE YOU TRUST!  It would be easy for someone to be ‘set up’ if trying to maintain communication with the wrong people.  The group that uses a drop should be a small group.  The more people that access the drop, the higher the likelihood of being compromised.  Some drops could be used with questionable people, but that same drop shouldn’t be used those you trust.

My intentions are not to provide people with information for the purpose of illegal activity.  However, when persecution rises, I intend to be faithful to the Lord God Almighty above any of man’s laws.

7 Ways That YOU Are Providing Data to a SURVEILLANCE STATE

Have you ever thought that you yourself maybe you are supplying data for a surveillance state? I bet in some ways you have considered this, but I also bet that you have overlooked the massive scale that this is happening.

1 – Twitter: Every “tweet” is cataloged by the Library of Congress. That’s right, every mention of every person, dessert you ate, picture you shared, and all your useless trivia ends up at the mercy of the government.

2 – Facebook: This is probably the single widest sweep of information available. Though it isn’t necessary cataloged by the Library of Congress, like Twitter, all the information is provided by the user base. Think about photos alone. Photos are tagged by locations, people are included in the background of pictures. Associations with people and activities are easily deduced. The comment trail and likes connect groups of people together. Now shift to just pictures of food, exposing a person’s diet. Then add specific activities at specific locations. Facebook is a treasure trove of information to pedophiles, snoopers, and the government.

3 – Linked In: This is exactly the same as Facebook with a business twist. Now, all your business connections can be exposed along with every skillset you possess. In fact, it behooves you to make more connections based on skillsets, so you desire to keep it all up to date and at the fingertips of anyone that wants to search.

4 – PayPal and online banking: When you sell goods and services, your trends end up being noticed by bank security, and you end up creating a profile of how you spend money and make money.

5 – eBay & Craigslist: Similar to banking, you create profiles for selling goods and services. Though Craigslist may be a little harder to track, eBay reveals your username and you can easily see the types of items that a person is tied to. Does this matter? It could. Especially if in a persecution age one gets tied to the God and guns. Or if suspicions rise about what goods a person has, prepper materials or other items like these could raise a red flag when times are tough.

6 – Email Systems: Yahoo and Hotmail are among the absolute worst offenders when it comes to email security. Being free doesn’t equal being secure (in fact, far from it). I can’t remember how many times I’ve helped people with their Yahoo and Hotmail accounts when their accounts were compromised. Most likely these perpetrators were not interested in the emails themselves, but the fact that these accounts are so easily compromised makes them a huge target and the potential of a huge data breach.

7 – YouTube: There are two types of visitors at YouTube, either you are a creator of content or a consumer. You may subscribe to various videos or you may be the one putting them there. Either way, you are exposing yourself and what you like.

This is only a scratch of the surface. Add to this list Google+, Pinterest, Tumblr, Instagram, Reddit, Flickr, Vine, and more.

What’s worse than just being tied to these services is that everyone else seems to be tied to them as well. People have their faces buried in their phones. Augmenting the social disconnect is the fact that social media and reliance on data is layered throughout our lives. It not only layers into work and home, the substrata ties the disconnect even into the church. I’ve been to some churches that use social media to connect the body of believers through announcements, social activities, volunteer coordination, and small group studies. Though technology can be such a powerful tool, it can also be extremely dangerous.

Persecution isn’t coming. Persecution is here. It is here in many forms and it is going to get worse. Though some persecution can be seen as superficial, some are truly being sued and silenced.

So, let me ask you. Will you be ready to let all the data go and communicate with people face to face? What if things get uncomfortable in the church pews, will you find ways to communicate with your brothers and sisters in Christ? How? Using your cell phone? Using Facebook?

I’ve got the feeling that when times get tough most ‘believers’ won’t have a clue how to communicate. Only those that are solid in their faith with surpass this superficial stage. Then as those believers experience Christ on a new level and with a renewed faith, perhaps the true body of the Living Christ will really be realized and faith will be a profession of more than just lips. It could be profession that is shed by the blood of those unwilling to depart from the love of Almighty God.

Tor Users Days May Be Numbered

I draw my blinds at night because I don’t want people snooping on me or my family.  Some people might draw their blinds at night because they are involved in suspicious or illegal activity.  One would be crazy to theorize that all people with their blinds drawn are involved in illegal activity.

The government seems to have latched on to the idea that if someone is taking precautions to protect their identity by using Tor, then that someone should be under suspicion.  This is such a crazy and outlandish notion.  Certainly there are crooks out there that are involved in illegal activity using Tor, just like there are crooks out there with cell phones and just like there are crooks that drive cars.

Internet security is a huge issue for many of us.  Just because you have a particular tool installed on your computer should not give any government the authority to snoop.  Tor is just the beginning.  The FBI won’t stop at Tor.  They will keep pushing until they have full access to every system and every network until everyone’s privacy is breached for the sake of “national security.”

Here are some of my thoughts should Tor installations give way for the FBI to snoop on your computer:

  1. Uninstall any of the Tor bundles from your cell phones or computer.  You never want to use Tor on a cellphone where various methods (cellular IP, triangulation, GPS positioning) may be used to identify the user (not that you are doing anything illegal anyways, but that you want privacy).
  2. Only use Tails OS for private communications and never use it from your home internet connection.  Only boot Tails OS from your laptop while you have access to a publicly available wifi connection, the shut it down and reboot to you normal operating system.  Tails OS wipes even the RAM before shutting down to make sure there is no trace on passwords, or other sensitive information, left on your computer.
  3. You have to keep in mind that the US government probably already has a multitude of network Tor nodes available at their disposal and the use of Tor in any fashion could compromise your privacy.
  4. Those concerned with digital privacy may want to consider simplifying their digital footprint.  I’m on the fence with this.  I have personally started closing accounts that I think increase my exposure for identity theft and/or phishing, etc.  I’m starting to feel more strongly that I may even need to ditch my smartphone in order to reduce exposure.  This is a hard challenge, especially for someone with IT as his bread and butter.

Source: http://www.thelastamericanvagabond.com/constitutional-rights/fbi-labled-tor-browser-users-criminals/

 

“Breakaway”

Can any company really protect you and your data?  In theory, it is possible.  It is possible that some company with tight encryption standards that is constantly testing and improving daily could somehow find a way to pull it off.  That company would have to have employees that have limited access to the stringent infrastructure controls, hardware, and software that would be required to pull it off.  At one time, I thought this was all possible.  But now, I think it is all just a theory.  It’s based on a theory that man could somehow overcome his sinful nature enough to create such a system.  But, it is theory nonetheless.

The reality is that even the companies that we thought were onboard with strict security standards have failed us.  One such example is Blackberry.  When truth be told that Blackberry has been using a master key on their devices, their “gold standard” looked more like fool’s gold.  Chen’s lackluster response can be found here: http://blogs.blackberry.com/2016/04/lawful-access-corporate-citizenship-and-doing-whats-right/

Blackberry repeatedly told us our messages were secure.  They told us that their proprietary methods were tight.  It was all a front.

Apple took a stand against the FBI in recent months and I applauded them.  Then, some yahoo accepts $500k (or thereabouts) and hacked it.  As it goes, the FBI didn’t get any significant information from the iPhone in question and won’t release to Apple how the OS was broken.

Really, it doesn’t matter what proverbial eggs you put in what proverbial basket.  All the proverbial baskets have holes in them.  Credit card systems have been hacked at Target and countless other major chains.  Email systems are constantly broken.  Information is middle-manned, intercepted, spoofed, phished, spear-phished, and clone-phished.  The reality is that if you haven’t felt the attacks personally, you probably aren’t paying any attention, or someone just hasn’t dialed up your number yet.

Attacks are increasing at an exponential rate.  It used to be that one would think about every account they created, and each of their accounts meant something.  Like, you used to walk into a bank, open an account, and that account meant something.  Nowadays, accounts mean almost nothing.  People create accounts that end up having no purpose other than to fill a momentary need to access information.  When I think about my own accounts, I could easily come up with a list of systems I access on pathetically rare occasion.  But really, each of these systems reveals another attack surface whereby some intruder could steal bits of information about me.

The problem with breaking away is that closing an account on each system is a nuisance.  I could probably walk into the bank and close my bank account much easier, even though closing such an account would have a much larger impact on my day to day life than these measly accounts that I have all over the web.

One big step I took last week was closing my PayPal account.  I know that doing this has an affect on you all, as you purchase the occasional TailsOS USB or secure email account from me and now those things need to be transacted with a money order or through some other means.  But, for me (and without going into details), dropping PayPal was a necessity.  On top of the issues I was having with my PayPal account, I’m disgusted with a public company that finds it necessary to latch onto LGBT issues.

Though closing PayPal wasn’t easy, I’m glad it’s done.  I had to jump through all sorts of hoops before I could get my account to close (like making sure there weren’t any pre-authorized payments and subscriptions associated with PayPal). PayPal is just one of many companies that are in a vast attack surface that makes up my online identity.  Shutting them down one by one will be a challenge, but it is a challenge I need to embrace if I want to stop being the low hanging fruit.

I fear that at some point it will require me to close this website.  Hopefully I can push that off or find another venue to release my content through.  But long before that, I think I’m going to move all my communications back to a more simple cell phone.  Smartphones are an incredibly large attack surface as they usually entail many peripheral accounts to make them useful.  I will try to close out these peripheral accounts first and reduce my need and desire for a smart phone, then make the switch back into the “dark ages.”  I’ve done this once before and I’m sure I can do it again.

3 Improvements coming to the Soft66RL?

The Soft66RTL looks like it has some great improvements coming.  The updates (version 3) includes three significant improvements.

  1. 4 band filter – This is the single biggest improvement.  This will undoubtedly give much better performance.
  2. Thermal pad – one of our gripes was the heat of the previous version, I suspect this will also improve performance by helping stabilize temperature.
  3. Better switch – It appears that the new power switch and band filter switch is all-in-one.  The switch now extends out of the device making it much easier to use (previously the switch was flush with the plastic, making it hard to turn the upconverter on and off).

See all the details here: http://zao.jp/radio/soft66rtl/

 

 

Dust Off that Rusty Code

In recent years I haven’t really done that much with my General Class ham radio ticket.  I’ve been on the fence about working on some small CW transceivers (like the Pixie I/II, Rockmite, etc), but honestly, I’m pretty rusty.

A quick search produced LCWO.net.  I wish this site was around back when I was studying for my Technician and General Exams in 2006.  I used various tools to study CW.  One of the tools I used was real MP3 recordings of CW.  This is great, but doesn’t give you any feedback.  LCWO gives you lots of feedback on accuracy, allows you to set your speed, etc. (oh, and the site is FREE!)

If you use LCWO, I would recommend going to “change CW settings” and set your character rate to something like 30, but keep your word rate low.  This will give quicker characters but a longer pause between them and the character speed will have a more realistic sound.  It is easier to learn faster sound and slow it down than it is to learn slow sound and try to speed it up (in my opinion).

CW can allow you get get a cheap transceiver that can really reach out there when SSB signals won’t reach your target.  Whether or not you have your ham ticket, knowing CW is a great tool to have in your toolbox.  Simply having a receiver and knowing CW will allow you to do some information gathering.

 

LG Volt 2 for just $66 + FREE $25 Service Credit!

LG Volt2