Profile cover photo
Profile photo
Juan Gonzalez
58 followers
58 followers
About
Juan's posts

Post has attachment

Post has attachment

Post has shared content
The packet capture shown in these new NSA slides shows internal database replication traffic for the anti-hacking system I worked on for over two years. Specifically, it shows a database recording a user login as part of this system:

http://googleblog.blogspot.ch/2013/02/an-update-on-our-war-against-account.html

Recently +Brandon Downey, a colleague of mine on the Google security team, said (after the usual disclaimers about being personal opinions and not speaking for the firm which I repeat here) - "fuck these guys":

https://plus.google.com/108799184931623330498/posts/SfYy8xbDWGG

I now join him in issuing a giant Fuck You to the people who made these slides. I am not American, I am a Brit, but it's no different - GCHQ turns out to be even worse than the NSA.

We designed this system to keep criminals out. There's no ambiguity here. The warrant system with skeptical judges, paths for appeal, and rules of evidence was built from centuries of hard won experience. When it works, it represents as good a balance as we've got between the need to restrain the state and the need to keep crime in check. Bypassing that system is illegal for a good reason.

Unfortunately we live in a world where all too often, laws are for the little people. Nobody at GCHQ or the NSA will ever stand before a judge and answer for this industrial-scale subversion of the judicial process. In the absence of working law enforcement,  we therefore do what internet engineers have always done - build more secure software. The traffic shown in the slides below is now all encrypted and the work the NSA/GCHQ staff did on understanding it, ruined.

Thank you Edward Snowden. For me personally, this is the most interesting revelation all summer.

Post has attachment

Post has attachment
Photo

Post has shared content
Pot, kettle, black

"The influential head of Google, Eric Schmidt, has called for civilian drone technology to be regulated, warning about privacy and security concerns."

http://www.bbc.co.uk/news/technology-22134898

Post has attachment

took a peak at the gnu coding standards.  I see what +Linus Torvalds was talking about when he said not to read it.

if(something)
  {
    printf("check out this awesome code formatting\n");
    hurtsmyeyes();
  }
else
  {
    while(1)
      {
        printf("get me outta here!!\n");
      }
  }

Post has shared content
Something some people are forgetting about the Samsung and EFI problem.

If Linux can accidentally brick your system due to major screw up by the device vendor then a virus writer or a foreign power targetting business or military users can do it deliberately, not to an annoying re-install but to a factory return and we all know how quickly those get handled even when it's the odd system not a mass attack.

Not only that, but in this case they now have a worked example of how to implement such an attack.
Wait while more posts are being loaded