NSA / Tory / NHS disaster

Okay so we have an exploit captured or created by the NSA that is added to some ransom ware probably in less then 10 minutes and its now wreaking havoc across the globe and most worryingly the NHS.

Basically this shows a number of things

1) exploits should always be reported back to the OS manufacturers not be used by government organizations otherwise they have the potential to hit other government organizations. Adding to this the reasoning is exploits can be harvest by anyone who knows what they are doing, and these can be reused and weaponized.

2) The Tory government should fund the NHS properly security should not be done piecemeal and have someone like me or Lauri Love with oversight to check out their security. People like us think outside of the box.

3) The case against Lauri Love SHOULD BE DROPPED IMMEDIATELY !!!! We should not be torturing him with this threat of extradition to an unknown future in an American jail.

4) This is a continual battle that will probably never end. There is just today an email based virus that can take over a machine via local machine Outlook without even having to have the email opened.

5) The government are guilty not ensuring the security of its organizations like the NHS should be a top down solution from a centralized team and not done piece meal; this is for many reasons.

Advertisement

TOR was initially funded, developed, and unleashed on the world by DARPA; just sayin

The initial funding, development, and implementation for the TOR project was provide by United States Naval Research Laboratory and DARPA. So you can blame them for letting the dark web out onto the internet with all the clandestine behaviour that that resulted in.

It has taken the CIA and FBI years to get to the point where they can detect traffic and end points; and they were complaining, along with the governments of this world about the use of TOR and the little known I2P.

Securing unknown machines by BIOS content

UEFI is broken, by a leak from MicroPoodle, sorry Microsoft, sorry that’s a heart bleed. Anyway by examining a machine BIOS and knowing the size of the machine BIOS storage device (usually some form of EEPROM) device we can check the SHA512 sum and we can check content. With no other permanent storage devices or open communication devices (which if exist on board then employment of a Faraday cage can close this communication vector) then we can establish by exhaustion of both the individual BIOS’es contents and the configuration space of all existing BIOS’es and BIOS updates; this space will probably never be able to be completed so only true positive can be established.

So called Independent newspaper reporting on the ‘Turing Bill’

The so called Independent and other media bodies cannot even report legal issues correctly. The latest filibustered bill to pardon homosexuals is not actually connected directly with the Turing Bill of 2013. The filibustered bill is actual connected with the Sexual Offences Act. These are separate although connected in the basic nature of the incorrectness of the law regarding such matters.

News papers should be there to inform the public and they should do it correctly making the right distinctions and being correct in regard to matters of legislation and law.

The Turing Bill “pardoned” Turing for not being looked after after he shortened the war or even help win the war, being chemically castrated and left in a hell of a horrific state by the authorities and those around him.

Turing Bill filibustered by Tory minister amid row over how to pardon people convicted under scrapped anti-gay laws

Local ‘localhost’ DNS, Secure DNS, and Secure Distributed DNS server’s

It would be very simple to implement secure and resilient localized and distributed DNS.

The basic minimal mechanics for doing this requires just a caching and persistent DNS rad through server on localhost pointed to by your operating systems DNS settings.

There is already a set of cryptic but existing protocol extensions DNSSEC to the IETF DNS RFC’s, and also DNS over TLS. These would provide secure lookup of DNS records.

A further distributed peer to peer layer would ensure another level of integrity and resilience under network stress and DDoS attack conditions.

 

Re. Lauri Love and his possible extradition

A man who is either smart enough to outwit NASA, the US Federal Reserve, the US Army and the Missile Defence Agency, or demonstrate the inability of these organization to manage there internet security and/or modem connection presence on the global communications networks that are also privy to access from the Russia Intelligence agencies and to attacks from all manner of sources from Chinese and now North Korean sources or demonstrate this at such an early time should not have been treated like this from the start. The US authorities did not “learn their lessons” and should have treated this whole matter in a totally different manner. Late punitive legal action over ineffectual and bad legislation is in any ones interests other than the furthering of attorneys carers as is demonstrated by the Aaron Schwarz case that triggered this whole set of desperate behaviours in by all sides the first place.

Over 50 British MPs write to President Obama to drop extradition charges against alleged hacker Lauri Love

Microsoft’s security failures

BIOS – Basic Input/Output System Integrity Check

First the BIOS (Basic Input/Output System) machine firmware is not checked by the the Windows operating system for unauthorised modifications. This is simple to do and just involves what is called a SHA512 hash checksum.

The basic Control Panel\System and Security\System page that states “View basic information about your computer” as it title has nothing about the BIOS at all. No date, version, or whether it is secure or not.

There should also be a simple way to update BIOS’es provided by the operating system which should come down to at the minimum a single update button press and maybe a payment.

Further levels of security for the BIOS are also possible…

Operating System Integrity Check

By using no more than booting off of a DVD or Pen Drive the integrity of an operating system can be checked. This would be done by a closed loop zero knowledge system over the internet.

By booting externally and having a secured checksummed BIOS the system can be assured to a high level to be secure and integral.

Citation Graph or Network

By mapping citations of scientific papers into a graph database it is possible to be able to generate a graph or network which as well as revealing the connections between papers will give the reverse dependency mapping giving the historic evolution of a field.

Also by looking at who wrote papers and their connections in papers it can establish the inherent schools of thought and research.

Looking at what papers do not cite other papers and particular terms it is possible to find whole new regions of areas for discovery or possible discovery and folly.

Hopefully a whole new tool set or tools will become available.

 

Aaron’s Challenge

Can we bound Gödel’s arguments of the inconsistency and incompleteness of mathematics and axiomatic systems with a stochastic argument, theory or system ?

The bounds set on this are the halting problem and the foundation of the of the stochastic system in physics. So do we have a circular problem domain or is there a way of jumping out of this system and rebounding mathematics and physics ?

Was Gödel’s argument the ultimate bounding theory in mathematics ?

Prove or disprove ?

http://www.nature.com/news/paradox-at-the-heart-of-mathematics-makes-physics-problem-unanswerable-1.18983

Argument established 1988/1989