#CMU paid by #FBI to hack #TOR

Allegations are surfacing that the Federal Bureau of Investigation paid Carnegie Mellon University, here in Pittsburgh, $1 million to hack into the Tor network.

Many of us have used the Tor project, which is designed to mask users identities by encapsulating and encrypting network packets between different nodes (like layers of an onion) on the Internet.  The layers obscure and anonymize the source and destination of Internet traffic. For those concerned about privacy, especially in parts of the world were oppressive governments exist, the Tor project provides an essential way for people to avoid the real risk and danger of government surveillance.

This particular attack was publicized in 2014 and since that time, the Tor project took steps to slow down or stop this type of attack in the future. The most troubling piece is that there is no indication that the FBI had a warrant or that CMU any institutional oversight (by the university’s institutional review board). It seems unlikely that the FBI could have gotten a search warrant; the traffic captured during the estimated five months the project active was not targeted to any specific source or destination, but was a large general data-gathering operation.  The data was later sifted through by the FBI to find people whom they could accuse of crimes.

While there may certainly be some Tor users that utilize the anonymizing capabilities of the network for crime, many use the Tor network to protect themselves from serious harm.  This attack ran for approximately five months; during that time, it had the potential to de-anonymize many thousands of Tor users.

Academic research versus outsourcing police work: In our ever increasing technological world, we need to be mindful of privacy, security and upholding the fundamentals that our system of laws is based upon, for example the fourth amendment of the U.S. Constitution.

===

https://blog.torproject.org/blog/did-fbi-pay-university-attack-tor-users

http://arstechnica.com/tech-policy/2015/11/tor-director-fbi-paid-carnegie-mellon-1m-to-break-tor-hand-over-ips/

http://blog.cryptographyengineering.com/2015/11/why-tor-attack-matters.html


#Windows10 Tracking Concerns

Many of us have heard of expressed concern about the monitoring features built in the windows 10. Some of us have heard that Microsoft intends to port these “updates” back into Windows 7 and Windows 8. 

For those of us that are concerned about privacy, there’s some good news from the people that brought us Spybot Search and Destroy – The trusted anti-spyware tool used by so many in the industry.

Their new standalone tool, Spybot Anti-Beacon, has been released. It is designed to block and stop the tracking present in windows 10 and is also been modified to block similar functionality that exists or will exist in Windows 7 and Windows 8.

It seems to use some low-level registry settings/group policy settings (which are usually only leveraged an in active directory/domain environment) which can control a much deeper enforcement of the settings we care about, such as: telemetry, consumer experience improvement program, application impact telemetry, Wi-Fi sense/hotspot sharing, application advertising, and the peer-to-peer Windows update.

With the reputation Spybot has maintained over the years with regard to anti-spyware/anti-malware, this new utility looks to uphold the same high level standards and is also a free download from https://www.safer-networking.org/

 


#Windows10 upgrade night

Generally speaking, the windows 10 upgrade process goes fairly well. But this evening, when upgrading from Windows 7 to Windows 10, I saw a very interesting dialog appear. 

For a while, the title bar of the dialog was blank. Then, the mysterious window revealed itself: Microsoft Visual C++ runtime library. No other message; no icon or button to click. 

I sat back for a moment, tried to relax (just as the on-screen instructions advise you to) and eventually clicked the little X. 

See no further progress, I held down the power button for five seconds to shut down the machine. Next, I took a sip of tea, powered the laptop back on, and the upgrade completed successfully.

See, just sit back m, relax and trust the Windows 10 upgrade process!  Some tea can definitely help ease the stress!

  
 


Cisco CUCM TSP on Windows 8 and Server 2012

In preparing our e911/e999 software, some testing revealed an issue installing the Cisco TSP on Windows 8 and Windows Server 2012.  The TSP comes with CUCM 8.x and runs fine on Windows 7 and Windows Server 2008.  During the installation of the TSP, the following error is thrown before installation completes: “Could not load the dll file EncryptPassword.dll”

This renders the TSP useless and unable to communicate with the CUCM servers.  The remedy the situation and get the TSP installed, run the installer again, selecting the “reinstall” option.  When installation completes, proceed to the Control Panel, Phone and Modem Options.  Select the “Advanced” tab and click “Add” to add the Cisco TSP that was just installed.  Next, with the Cisco TSP selected, click “Configure” and re-supply all the connection information.  Due to the initial error, none of the configuration information was saved during the first go-round of the TSP installation.

After the configuration information has been supplied, reboot your computer for the changes to take effect.

Watch the short video for a quick walk-thru of this procedure.  I hope this helps others who encounter the same situation.

Cheers,

-Beau