Showing posts with label Computers. Show all posts
Showing posts with label Computers. Show all posts

November 14, 2019

Federal Rules Against Indiscriminate Searches of Smartphones, Laptops at US Borders




Image result for searching laptops and smartphones at us ports of entry
Add caption
  (UPI) -- A federal judge in Boston has ruled that the indiscriminate search and seizure of smartphones and laptops of travelers at U.S. borders violates their Fourth Amendment rights.
U.S. District Judge Denise J. Casper made the ruling Tuesday in a case brought by the American Civil Liberties Union and the Electronic Frontier Foundation in September 2017 on behalf of 11 travelers whose electronic devices were searched by border officials at U.S. ports of entry. 
In the ruling, Casper said Immigration and Customs Enforcement and Customs and Border Control agents must be able to point to "specific and articulable facts for reasonable suspicion" that the devices contain contraband to perform searches.
Casper, however, ruled that searches based on reasonable suspicion could be performed without a warrant due to the governmental interests present at the border.
RELATED Google says it gathered Americans' health records to 'improve care'
ACLU cheered the ruling as a major victory for privacy rights, stating that it not only protects international travelers but also U.S. citizens.
"By putting an end to the government's ability to conduct suspicion-less fishing expeditions, the court reaffirms that the border is not a lawless place and that we don't lose our privacy rights when we travel," said Esha Bhandari, an attorney with the ACLU's Speech, Privacy and Technology Project.
The ruling comes as the CBP has increasingly searched the electronic devices of travelers at U.S. borders. According to CBP data, 30,200 electronic devices were searched in fiscal year 2017, up from 19,051 the year prior and 8,503 in 2015. CBP Deputy Executive Assistant Commissioner John Wagner has argued that electronic device searches are "essential" to enforcing U.S. law at its borders.
RELATED Former Twitter employees charged with spying for Saudi Arabia
Among the plaintiffs who sued is Zainab Merchant, a student at Harvard University, who had her phone searched despite informing the agent that it contained private communications between herself and her lawyer. Another, Sidd Bikkannavar, an engineer at NASA, said border agents confiscated his phone and examined his emails, texts, and other private information.
All of the plaintiffs were U.S. citizens except for one who was a permanent resident.
"This is a great day for travelers who now can cross the international border without fear that the government will, in the absence of any suspicion, ransack the extraordinarily sensitive information we all carry in our electronic devices," EFF Senior Staff Attorney Sophia Cope said in a statement.

June 15, 2018

Young Gay Teens Digital Sex Live








Last summer in Wisconsin, a mother came home to find her 15-year-old son running up the stairs from their basement. He yelled that a man had broken into the house and raped him. A police officer apprehended Eugene Gross, who was 51 years old and H.I.V. positive, in a nearby backyard.
Authorities later learned that the teenager had met Mr. Gross on the gay hookup app Grindr and that they had met for sex before. Last month, Mr. Gross was sentenced to 15 years. The victim’s father broke down in court, saying, “The man sitting here, he destroyed my life, my kid’s life, my family life.”

It’s common for gay, bisexual or questioning minors to go online to meet other gay people. It’s normal for these kids to want to explore intimacy. But most online social networks for gay men are geared toward adults and focused on sex. They have failed to protect minors, who simply have to subtract a few years from their birth date to create a profile.

Data from the Centers for Disease Control and Prevention and a new study in The Journal of Adolescent Health together suggest that roughly one in four gay and bisexual boys ages 14 to 17 in the United States are on gay hookup apps designed for adults (Grindr, Scruff, Jack’d, Adam4Adam). Sixty-nine percent of them have had sex with someone they met through these apps. Only 25 percent use condoms consistently. Gay kids, especially closeted ones, don’t necessarily have the opportunities for intimacy that straight kids do: classroom Valentines and first prom dates. So they go online. Though they may be looking for friends or boyfriends, they mostly find sex.

On Grindr, it’s common to receive unsolicited naked pictures. A minor can make a profile within minutes and instantly start chatting with adult men who live nearby.
Teenagers are still developing their abilities to delay gratification and control their impulses. With just 12 percent of millennials reporting that their sex education classes covered same-sex relationships, it’s not surprising that many end up having unprotected sex.

Should apps like Grindr be held accountable when minors use them? Dr. Elizabeth Englander, a psychologist, an expert on the digital lives of minors thinks yes: “It’s an ethical line and a no-brainer.” 

Grindr’s terms of service state that users must be 18 or older and the app requires everyone to enter a birth date to join. But it could certainly do more to try to verify ages. Some gambling sites, for instance, make users upload a credit card or ID to prove their age. But this brings up confidentiality risks for gay men who don’t want to be out.

Grindr could also use algorithms to detect conversations between minors and adults. This would require employees to manually verify which conversations were inappropriate, but given that Grindr’s annual revenue may be as high as $77 million, the company could probably afford it.
When asked to comment, Grindr’s chief technology officer and president, Scott Chen, said that Grindr is “in the process of testing further safeguards for our account creation procedures to help ensure authentic and proper account activity, including verification through social media platforms.” He said the company takes the issue very seriously, is working on improving its screening tools and encourages users to continue reporting any “illegal or improper activity.”
This is heartening, but it isn’t enough. Age verification through social media is hardly foolproof since minors can lie about their age on Facebook, too.

In 2015, a man who had been arrested for having sex with a 13-year-old boy sued Grindr, claiming that its weak enforcement of age restrictions was to blame for the sexual encounter. The lawsuit was dismissed because Grindr is protected by Section 230 of the Communications Decency Act, which means it isn’t responsible for what users say on its app (including minors lying about their age).
And Grindr is hardly the only problem — there are many similar venues. When I searched online for “gay chat,” as a lonely, closeted child might the first hit was #1 Chat Avenue. Two minutes after I opened a gay chat room, a user wrote: “Any boys 13 or 14 with cameras? I’m 35.” After some deep searching, I found that you can report activity like this to moderators, but they aren’t always online. I reported it to the site’s administrator via email, but I never heard back.

In the end, it is largely up to parents to protect their children. Unfortunately, this topic combines two of many parents’ greatest fears: sex and technology. 

Parents can block apps like Grindr. But kids almost always outsmart us, and it’s probably better to educate them in addition to using parental controls.

Dr. Englander tells parents not to try to be experts on the technology. “Parents can instead be the experts on the importance of deeper in-person relationships,” she says. Explain to children that while what they find online may be exciting or interesting, they never know who’s on the other side.
Children need to hear that naked photos and videos are permanent (even when sent on Snapchat). They should know that sex between a minor and an adult is illegal. They need to be told that it’s dangerous to meet up with a person from the internet and that if they do so, they need to tell their parents and meet the person in a public place. They need to know the risk of infections from unprotected sex.

Parents also need to stay calm, so that the kids feel comfortable coming back to them if they ever end up in a bad situation, like if a scary stranger won’t stop messaging.
As a society, we have failed to create enough spaces for gay youth to thrive, pushing them online and underground. While we try to find ways to hold digital sites accountable, we need to talk to our kids about how to be safe online.

 By Jack Turban (@jack_turban) is a resident physician in psychiatry at Massachusetts General Hospital and McLean Hospital.
 The New York Times Opinion section on Facebook and Twitter (@NYTopinion),  
A version of this article appears in print on June 14, 2018, on Page A27  of The New York Times






June 28, 2017

Cyber Attack Hits Ukraine Then Spreads Around The World



A screenshot of what appeared to be the ransomware affecting systems worldwide on Tuesday. The Ukrainian government posted the shot to its official Facebook page.
 
 Computer systems from Ukraine to the United States were struck on Tuesday in an international cyber attack that was similar to a recent assault that crippled tens of thousands of machines worldwide.

In Kiev, the capital of Ukraine, A.T.M.s stopped working. About 80 miles away, workers were forced to manually monitor radiation at the old Chernobyl nuclear plant when their computers failed. And tech managers at companies around the world — from Maersk, the Danish shipping conglomerate, to Merck, the drug giant in the United States — were scrambling to respond. Even an Australian factory for the chocolate giant Cadbury was affected.

It was unclear who was behind this cyber attack, and the extent of its impact was still hard to gauge Tuesday. It started as an attack on Ukrainian government and business computer systems — an assault that appeared to have been intended to hit the day before a holiday marking the adoption in 1996 of Ukraine’s first Constitution after its break from the Soviet Union. The attack spread from there, causing collateral damage around the world.

The outbreak was the latest and perhaps the most sophisticated in a series of attacks making use of dozens of hacking tools that were stolen from the National Security Agency and leaked online in April by a group called the Shadow Brokers. 


Like the WannaCry attacks in May, the latest global hacking took control of computers and demanded digital ransom from their owners to regain access. The new attack used the same National Security Agency hacking tool, Eternal Blue, that was used in the WannaCry episode, as well as two other methods to promote its spread, according to researchers at the computer security company Symantec.

The National Security Agency has not acknowledged its tools were used in WannaCry or other attacks. But computer security specialists are demanding that the agency helps the rest of the world defend against the weapons it created.

“The N.S.A. needs to take a leadership role in working closely with security and operating systems platform vendors such as Apple and Microsoft to address the plague that they’ve unleashed,” said Golan Ben-Oni, the global chief information officer at IDT, a Newark-based conglomerate hit by a separate attack in April that used the agency’s hacking tools. Mr. Ben-Oni warned federal officials that more serious attacks were probably on the horizon.

The vulnerability in Windows software used by Eternal Blue was patched by Microsoft in March, but as the WannaCry attacks demonstrated, hundreds of thousands of groups around the world failed to properly install the fix.

“Just because you roll out a patch doesn’t mean it’ll be put in place quickly,” said Carl Herberger, vice president for security at Radware. “The more bureaucratic an organization is, the higher chance it won’t have updated its software.”

Because the ransomware used at least two other ways to spread on Tuesday — including stealing victims’ credentials — even those who used the Microsoft patch could be vulnerable and potential targets for later attacks, according to researchers at F-Secure, a Finnish cybersecurity firm, and others. 
Here’s what we know and don’t know about the attack »
The Ukrainian government said several of its ministries, local banks, and metro systems had been affected. A number of other European companies, including Rosneft, the Russian energy giant; Saint-Gobain, the French construction materials company; and WPP, the British advertising agency, also said they had been targeted.

Ukrainian officials pointed a finger at Russia on Tuesday, although Russian companies were also affected. Home Credit Bank, one of Russia’s top 50 lenders, was paralyzed, with all of its offices closed, according to the RBC news website. The attack also affected Evraz, a steel manufacturing and mining company that employs about 80,000 people, the RBC website reported.

In the United States, the multinational law firm DLA Piper also reported being hit. Hospitals in Pennsylvania were being forced to cancel operations after the attack hit computers at Heritage Valley Health Systems, a Pennsylvania health care provider, and its hospitals in Beaver and Sewickley, Penn., and satellite locations across the state.

The ransomware also hurt Australian branches of international companies. DLA Piper’s Australian offices warned clients that they were dealing with a “serious global cyber incident” and had disabled email as a precautionary measure. Local news reports said that in Hobart, Tasmania, on Tuesday evening, computers in a Cadbury chocolate factory, owned by Mondelez International, had displayed ransomware messages that demanded $300 in bitcoins.

Qantas Airways’ booking system failed for a time on Tuesday, but the company said the breakdown was due to an unrelated hardware issue.

The Australian government has urged companies to install security updates and isolate any infected computers from their networks.

“This ransomware attack is a wake-up call to all Australian businesses to regularly back up their data and install the latest security patches,” said Dan Tehan, the cyber security minister. “We are aware of the situation and monitoring it closely.”

A National Security Agency spokesman referred questions about the attack on the Department of Homeland Security. “The Department of Homeland Security is monitoring reports of cyber attacks affecting multiple global entities and is coordinating with our international and domestic cyber partners,” Scott McConnell, a department spokesman, said in a statement. 
Computer specialists said the ransomware was very similar to a virus that emerged last year called Petya. Petya means “Little Peter,” in Russian, leading some to speculate the name referred to Sergei Prokofiev’s 1936 symphony “Peter and the Wolf,” about a boy who captures a wolf.

Reports that the computer virus was a variant of Petya suggest the attackers will be hard to trace. Petya was for sale on the so-called dark web, where its creators made the ransomware available as “ransomware as a service” — a play on Silicon Valley terminology for delivering software over the internet, according to the security firm Avast Threat Labs.

That means anyone could launch the ransomware with the click of a button, encrypt someone’s systems and demand a ransom to unlock it. If the victim pays, the authors of the Petya ransomware, who call themselves Janus Cybercrime Solutions, get a cut of the payment.

That distribution method means that pinning down the people responsible for Tuesday’s attack could be difficult. 

A screenshot of what appeared to be the ransomware affecting systems worldwide on Tuesday. The Ukrainian government posted the shot to its official Facebook page.
The attack is “an improved and more lethal version of WannaCry,” said Matthieu Suiche, a security researcher who helped contain the spread of the WannaCry ransomware when he created a kill switch that stopped the attacks.

In just the last seven days, Mr. Suiche noted, WannaCry had tried to hit an additional 80,000 organizations but was prevented from executing attack code because of the kill switch. Petya does not have a kill switch.

Petya also encrypts and locks entire hard drives, whereas the earlier ransomware attacks locked only individual files, said Chris Hinkley, a researcher at the security firm Armor.

The hackers behind Petya demanded $300 worth of the cyber currency Bitcoin to unlock victims’ machines. By Tuesday afternoon, online records showed that 30 victims had paid the ransom, although it was not clear whether they had regained access to their files. Other victims may be out of luck, after Posteo, the German email service provider, shut down the hackers’ email account.

In Ukraine, people turned up at post offices, A.T.M.s and airports to find blank computer screens or signs about closures. At Kiev’s central post office, a few bewildered customers milled about, holding parcels and letters, looking at a sign that said, “Closed for technical reasons.”

The hackers compromised Ukrainian accounting software mandated to be used in various industries in the country, including government agencies and banks, according to researchers at Cisco Talos, the security division of the computer networking company. That allowed them to unleash their ransomware when the software, which is also used in other countries, was updated.

The ransomware spread for five days across Ukraine, and around the world, before activating Tuesday evening.

“If I had to guess, I would think this was done to send a political message,” said Craig Williams, the senior technical researcher at Talos.

One Kiev resident, Tetiana Vasylieva, was forced to borrow money from a relative after failing to withdraw money at four automated teller machines. At one A.T.M. in Kiev belonging to the Ukrainian branch of the Austrian bank Raiffeisen, a message on the screen said the machine was not functioning.

Ukraine’s Infrastructure Ministry, the postal service, the national railway company, and one of the country’s largest communications companies, Ukrtelecom, had been affected, Volodymyr Omelyan, the country’s infrastructure minister, said in a Facebook post.

Officials for the metro system in Kiev said card payments could not be accepted. The national power grid company Kievenergo had to switch off all of its computers, but the situation was under control, according to the Interfax-Ukraine news agency. Metro Group, a German company that runs wholesale food stores, said its operations in Ukraine had been affected. 

At the Chernobyl plant, the computers affected by the attack collected data on radiation levels and were not connected to industrial systems at the site, where, although all reactors have been decommissioned, huge volumes of radioactive waste remain. Operators said radiation monitoring was being done manually.

Cybersecurity researchers questioned whether collecting ransom was the true objective of the attack.

“It’s entirely possible that this attack could have been a smoke screen,” said Justin Harvey, the managing director of global incident response at Accenture Security. “If you are an evildoer and you wanted to cause mayhem, why wouldn’t you try to first mask it as something else?” 

An earlier version of this article referred incorrectly to the occupation of Justin Harvey. He is the managing director of global incident response at Accenture Security, not the chief security officer for the Fidelis Cybersecurity company.


Reporting was contributed by Liz Alderman, Andrew E. Kramer, Iuliia Mendel, Ivan Nechepurenko and Isabella Kwai.

A version of this article appears in print on June 28, 2017, on Page A1 of the New York edition 



August 30, 2016

FBI Alert on Cyber Attack! States Worry About Attacks on Voting Systems










The FBI’s decision to issue a nationwide alert about the possible hacking of state election offices after breaches in Illinois and Arizona is raising concerns that a nationwide attack could be afoot, with the potential for creating havoc on Election Day.
It’s possible that the motivation behind the two state hacks was less about the political system and more about cash. Voter registration data sets include valuable information — such as names, birth dates, phone numbers and physical and email addresses — that criminal hackers can bundle and flip on the black-market “dark web” for thousands of dollars.
Story Continued Below

But some cyber experts said the FBI’s alert, first revealed by Yahoo News on Monday, could be a sign that investigators are worried that foreign actors are attempting a wide-scale digital onslaught.
A former lead agent in the FBI’s Cyber Division said the hackers’ use of a particular attack tool and the level of the FBI’s alert “more than likely means nation-state attackers.” The alert was coded “Amber,” designating messages with sensitive information that “should not be widely distributed and should not be made public,” the ex-official said.

One person who works with state election officials called the FBI’s memo “completely unprecedented.”
“There’s never been an alert like that before that we know of,” said the person, who requested anonymity to discuss sensitive intergovernmental conversations.
Multiple former officials and security researchers said the cyberattacks on Arizona’s and Illinois’ voter databases could be part of a suspected Russian attempt to meddle in the U.S. election, a campaign that has already included successful intrusions at major Democratic Party organizations and the selective leaking of documents embarrassing to Democrats. Hillary Clinton’s campaign has alleged that the digital attacks on her party are an effort by Russian President Vladimir Putin’s regime to sway the election to GOP nominee Donald Trump. Moscow has denied any involvement.
Hacking state election offices could offer new tools for affecting the outcome of the vote.
Having access to voter rolls, for example, could allow hackers to digitally alter or delete registration information, potentially denying people a chance to vote on Election Day. Or news of the attack could simply fuel further distrust in the U.S. election system, which Trump has repeatedly alleged is “rigged.”

“I think he’s just unleashed the hounds,” said Tom Kellermann, head of Strategic Cyber Ventures, referring to Putin. Kellermann said the intrusions fit the “modus operandi and the ultimate goal” of a long-standing Russian digital intelligence campaign targeting foreign government officials in Europe, the U.S. and elsewhere that Kellermann has been tracking for years, which researchers believe has turned its sights on the American electoral process.

The FBI’s investigations of the Arizona and Illinois attacks have been public knowledge since July, when both states took their voter registration databases offline following detection of the intrusions. But the bureau’s Cyber Division broadened its sweep in an Aug. 18 “flash” alert that warned top election officials in every state about potential foreign intrusions of their election systems. The alert advised officials to look for a series of specific hallmarks of cyberattacks.

In Illinois, officials told Yahoo News that hackers pilfered personal data on up to 200,000 voters. The Arizona digital intruders did not make off with any information, said the news service.
Some cyber experts are skeptical that the attacks on the elections offices had any political motive, noting that hackers often rifle through government databases looking for personal information they can sell.

“It’s got the hallmark signs of any criminal actors, whether it be Russia or Eastern Europe,” said Milan Patel, a former chief technology officer of the FBI’s Cyber Division who is now at the security firm K2 Intelligence. However, he added, “the question of getting into these databases and what it means is certainly not outside the purview of state-sponsored activity.”

Still, little public digital forensic evidence has come to light so far that would link the Illinois and Arizona hackers to a Russian-backed group that researchers say broke into the Democratic National Committee and the Democratic Congressional Campaign Committee.
“No robust evidence as of yet,” respected cybersecurity consultant Matt Tait said on Twitter.
The FBI’s alert asked state officials to check whether their networks had seen any activity coming from eight specific Internet Protocol addresses, at least one of which was tied to a Russian cyber gang, according to Yahoo News.

The FBI sent the alert to the Election Assistance Commission, the federal agency that offers help to states in improving the management of their elections. The commission then sent it to state officials, spokesman Bryan Whitener told POLITICO.
The FBI declined to comment on the alert but said in a statement that it “routinely advises private industry of various cyberthreat indicators observed during the course of our investigations.”
Leo Taddeo, a former head of the cyber division in the FBI’s New York office, said such a widespread alert “indicates that this could be a systematic attack, rather than an isolated targeting of a particular database.”
Sending out the memo is the only way for officials to do a complete review of all state election systems and determine whether a “dedicated attack” is taking place on multiple networks, Taddeo added. Elections have always been run at the state and local level, and few if any federal laws govern how local officials manage and secure voter data.

At most, several federal agencies provide voluntary guidelines for local officials. In some states, voter registration information is a public record, meaning data security rules governing the handling of personal information — such as names and home addresses — don’t apply.
The FBI’s alert reflects growing government awareness of the cyberthreat to election systems.
The Department of Homeland Security had held no conversations with states about election cybersecurity until a conference call that Secretary Jeh Johnson held with state officials on Aug. 15, a person involved in state election work said.

That call came together after Johnson publicly floated the idea of classifying elections as “critical infrastructure,” a designation that grants special security assistance to vital facilities such as banks and the power grid. “We hastily reached out to DHS to try to organize a call that would at least give state officials some information on what was going on with DHS,” the person said.

On the call, DHS officials urged states to coordinate with their local FBI offices if they weren’t already doing so. The department also agreed to provide resources to states, including vulnerability-detection software. But the DHS has not provided those resources yet, and some states, such as Georgia, have balked at the offers of assistance, fearful of federal meddling.
DHS plans to announce an election cybersecurity awareness campaign soon, the person said.
A DHS spokesman declined to comment on the FBI alert.

In the meantime, digital voter registration systems appear to be functioning — mostly. Of 42 state databases that POLITICO accessed on Monday, 41 were available, although the entire website of California’s secretary of state was down.
"It is down right now," said Sam Maood, spokesman for the California secretary of state. "There’s no evidence that it’s due to hacking or any kind of data breach."
All but one of the other states either required more extensive measures to check registration or had no evident online system. The one exception, North Dakota, is the only state that doesn’t require voters to register, according to its secretary of state.

But devastating consequences could ensue if these databases fell into the hands of motivated digital attackers, election security specialists said.
“An attacker could potentially remove registered voters from the registration list in areas that are expected to vote against the attacker’s preferred candidate, creating challenges and delays when the voters show up and the polls to vote,” said Jason Straight, chief privacy officer for UnitedLex, which advises corporations on cybersecurity practices.
By ERIC GELLER

Straight called such manipulation a “much greater threat” than the possibility of hackers tampering with electronic voting machines, which election watchdog groups and researchers say are insecure and often lack proper auditing mechanisms.
Tilting elections through voting machines hacks “would require extensive use of on-the-ground operatives with social engineering and technical skills to pull off,” Straight said.
In recent years, voter rolls have become an increasingly attractive target for both cyber gangs, as well as government-backed digital spies, appearing for sale on underground web forums, or simply being found sitting unprotected online.

Hundreds of millions of voters in the U.S., the Philippines, Turkey, Kazakhstan and Mexico have been affected.
The big windfall came last October, when hackers — “probably based in Russia” — started selling a set of Americans' voter data “containing personal information on approximately 190 million persons,” said Christopher Porter, manager of FireEye iSIGHT Intelligence, a leading cybersecurity firm that examined the leak. The information exposed included full names, genders, dates of birth, physical addresses, email address and phone numbers.
The presence of the Russian cyber gang-linked IP address in the FBI alert is a possible indication that these digital thieves were at it again in Illinois and Arizona, said several researchers and a former FBI official.

While such thefts could be the work of ordinary criminals, these same experts explained that Russian cyber gangs often act at the behest of the Kremlin, either directly or indirectly. In exchange, these groups receive immunity from prosecution and “maintain their untouchable status,” said Kellermann, of Cybersecurity Strategic Ventures.
If this is indeed the case with the recent intrusions of state voter registration databases, Kellermann believes the suspected campaign to undermine the U.S. election process is “reaching a tipping point.”
“It’s high time that the U.S. government took off its own gloves,” he said.

 @politico on Twitter | Politico on Facebook

April 14, 2014

15 Life Saving Tips for On line Dating





Like it or not this is the age we live in. Everything is impersonal. You don’t even have a banker or a grocer anymore. For the task of finding someone is become the same, impersonal and it can be complicated. If you are not a church going person, you are private and not into bars and constant get togethers like you were on AA or visit to your probation class and to top it off you like to shop quickly because you only buy for one; My friend that means you are going to spend the rest of your life alone or you will learn online dating. It can work but you will need help to come out alive with two balls in their sac or the ovaries where they belong if you are a he or.she.  This is advice on getting the task of not finding the wrong guy which is more important than finding the right guy in my opinion. These tips are from my experience and from reading what current experts in dating are saying
Adam Gonzalez, Publisher, Editor




1.  If he has no photo up.  How Serious is he to meet someone?  Most everyone has a picture of themselves.

2.  Look at his profile carefully. If all they speak about is hooking up and sex, they might not be for you. Chances are is a “wang bang thank you man.”

3. If his profile is messy and misspelled then it was not written for you but for someone like them that they don’t give a damn.

3.Texting at the very beginning but ASAP “Phone” You will get an instant hit if they are not for you. If they don’t want tot all on the phone for so called security reasons, then what are they doing in online dating? It probably means they are closeted and do you want that. Even if you have not come out yourself, a secretive guy will make live a triple life. Yours, his and the closet.

4. If the initial contact is purely sexual is ok if you a re into that. Wether you want to reserve your cherry which probably is been popped more than once to play that game is fine as long as both are willing to play the same game and are tuned to the same station. Be plain and straight forward about that without sounding forceful either way.  This might be an opportunity for someone to try to win you over with romance. Don’t expect too much but keep expectations in check.

5. If he doesn’t want to meet for the first time in public but insists in private, watch out. It is ok to meet at his or your place for the first time, but the pressure will be higher and there might be an expectation of sex. But if you are comfortable of for it. 

6. This is one of the most important ones “ No chemistry” Like a dead pnis there is no CPR for that.

7. If it seems he never read your profile just saw your photo. Be attentive how he ask you questions that are on your profile. He might be verifying information you have and judging to see if you have the same answers. You will know if hasn’t read it.

8. If  he is reluctant to talk about themselves on the phone.Even if they ware shy they should know themselves and only he can testify in his favor here.

9. If they are separated  is ok as long as there is no connection. If not eventually he might miss his old flame and leave you burt out and tossed away.

10;  The profile should match what is being said in words

11.  Some people lie about their age. The important thing is to judge the person when you see him. A few years don’t matter and eventually if there was a little playing with numbers there should be a reason. For instance he wrote 30 but is 25 but explains that explains that he looks 30 and he does. Brought his age up or down to match his looks not to be a wise ass and be something he is not and doesn’t look like he is. This should be the only white lie that should be tolerated. Everything else should be the truth. The relationship should be based in  truth because honesty is going to be the cornerstone that at times might be called to hold the whole package together.

12.If they don’t write anything on their profile, then they are as empty as the profile. You are being led into a a dark house without lights. 

13.On a site people pay sometimes you find more serious people, but that is not guarantee by me.

14. You need to know the date of the main photo in the profile! Also all the other ones but the one that says how he loos like should not be older that 24 months. That is pushing it and if he has a pic 2 yrs old as his profile but then he has one within the year is ok. 5, 10 20 is silly and very wrong, but people sometimes put their baby pics in there like if that was supposed to say something particular about them. All babies are cute and most people have better skiing when younger unless they had a case of acne.

15.A good sense of humor is cool but making fun of you or anything of your is a big no-no. It’s a matter of the respect he has for you and wether he is a jerk off.

16. Your inner voice and intuition is going to help you. Let it also guide you. If you are getting a bad feeling there is a reason for it and is not a reason on your side.

Adam Gonzalez, Publisher
adamfoxie blog International


ps: If this helps you in anyways, please come back and buy something from one of the commercials in adamfoxie’s site. We are squeeze by the times in which you pay(we) for news, names, etc.

September 6, 2013

Protect Your Self from the Government’s ( Not Ours) NSA


A patron works on his laptop during the Tech Crunch Disrupt conference in San Francisco, California, September 11.
'Trust the math. Encryption is your friend. That's how you can remain secure even in the face of the NSA.' Photograph: Beck Diefenbach/Reuters
Now that we have enough details about how the NSA eavesdrops on theinternet, including today's disclosures of the NSA's deliberate weakening of cryptographic systems, we can finally start to figure out how to protect ourselves.
For the past two weeks, I have been working with the Guardian on NSAstories, and have read hundreds of top-secret NSA documents provided by whistleblower Edward Snowden. I wasn't part of today's story – it was in process well before I showed up – but everything I read confirms what the Guardian is reporting.
At this point, I feel I can provide some advice for keeping secure against such an adversary.
The primary way the NSA eavesdrops on internet communications is in the network. That's where their capabilities best scale. They have invested in enormous programs to automatically collect and analyze network traffic. Anything that requires them to attack individual endpoint computers is significantly more costly and risky for them, and they will do those things carefully and sparingly.
Leveraging its secret agreements with telecommunications companies – all the US and UK ones, and many other "partners" around the world – the NSA gets access to the communications trunks that move internet traffic. In cases where it doesn't have that sort of friendly access, it does its best to surreptitiously monitor communications channels: tapping undersea cables, intercepting satellite communications, and so on.
That's an enormous amount of data, and the NSA has equivalentlyenormous capabilities to quickly sift through it all, looking for interesting traffic. "Interesting" can be defined in many ways: by the source, the destination, the content, the individuals involved, and so on. This data is funneled into the vast NSA system for future analysis.
The NSA collects much more metadata about internet traffic: who is talking to whom, when, how much, and by what mode of communication.Metadata is a lot easier to store and analyze than content. It can be extremely personal to the individual, and is enormously valuable intelligence.
The Systems Intelligence Directorate is in charge of data collection, and the resources it devotes to this is staggering. I read status report after status report about these programs, discussing capabilities, operational details, planned upgrades, and so on. Each individual problem – recovering electronic signals from fiber, keeping up with the terabyte streams as they go by, filtering out the interesting stuff – has its own group dedicated to solving it. Its reach is global.
The NSA also attacks network devices directly: routers, switches, firewalls, etc. Most of these devices have surveillance capabilitiesalready built in; the trick is to surreptitiously turn them on. This is an especially fruitful avenue of attack; routers are updated less frequently, tend not to have security software installed on them, and are generally ignored as a vulnerability.
The NSA also devotes considerable resources to attacking endpoint computers. This kind of thing is done by its TAO – Tailored Access Operations – group. TAO has a menu of exploits it can serve up against your computer – whether you're running Windows, Mac OS, Linux, iOS, or something else – and a variety of tricks to get them on to your computer. Your anti-virus software won't detect them, and you'd have trouble finding them even if you knew where to look. These are hacker tools designed by hackers with an essentially unlimited budget. What I took away from reading the Snowden documents was that if the NSA wants in to your computer, it's in. Period.
The NSA deals with any encrypted data it encounters more by subverting the underlying cryptography than by leveraging any secret mathematical breakthroughs. First, there's a lot of bad cryptography out there. If it finds an internet connection protected by MS-CHAP, for example, that's easy to break and recover the key. It exploits poorly chosen user passwords, using the same dictionary attacks hackers use in the unclassified world.
As was revealed today, the NSA also works with security product vendors to ensure that commercial encryption products are broken in secret ways that only it knows about. We know this has happened historically: CryptoAG and Lotus Notes are the most public examples, and there is evidence of a back door in Windows. A few people have told me some recent stories about their experiences, and I plan to write about them soon. Basically, the NSA asks companies to subtly change their products in undetectable ways: making the random number generator less random, leaking the key somehow, adding a common exponent to a public-key exchange protocol, and so on. If the back door is discovered, it's explained away as a mistake. And as we now know, the NSA has enjoyed enormous success from this program.
TAO also hacks into computers to recover long-term keys. So if you're running a VPN that uses a complex shared secret to protect your data and the NSA decides it cares, it might try to steal that secret. This kind of thing is only done against high-value targets.
How do you communicate securely against such an adversary? Snowden said it in an online Q&A soon after he made his first document public: "Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on."
I believe this is true, despite today's revelations and tantalizing hints of "groundbreaking cryptanalytic capabilities" made by James Clapper, the director of national intelligence in another top-secret document. Those capabilities involve deliberately weakening the cryptography.
Snowden's follow-on sentence is equally important: "Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it."
Endpoint means the software you're using, the computer you're using it on, and the local network you're using it in. If the NSA can modify the encryption algorithm or drop a Trojan on your computer, all the cryptography in the world doesn't matter at all. If you want to remain secure against the NSA, you need to do your best to ensure that the encryption can operate unimpeded.
With all this in mind, I have five pieces of advice:
1) Hide in the network. Implement hidden services. Use Tor to anonymize yourself. Yes, the NSA targets Tor users, but it's work for them. The less obvious you are, the safer you are.
2) Encrypt your communications. Use TLS. Use IPsec. Again, while it's true that the NSA targets encrypted connections – and it may have explicit exploits against these protocols – you're much better protected than if you communicate in the clear.
3) Assume that while your computer can be compromised, it would take work and risk on the part of the NSA – so it probably isn't. If you have something really important, use an air gap. Since I started working with the Snowden documents, I bought a new computer that hasnever been connected to the internet. If I want to transfer a file, I encrypt the file on the secure computer and walk it over to my internet computer, using a USB stick. To decrypt something, I reverse the process. This might not be bulletproof, but it's pretty good.
4) Be suspicious of commercial encryption software, especially from large vendors. My guess is that most encryption products from large US companies have NSA-friendly back doors, and many foreign ones probably do as well. It's prudent to assume that foreign products also have foreign-installed backdoors. Closed-source software is easier for the NSA to backdoor than open-source software. Systems relying on master secrets are vulnerable to the NSA, through either legal or more clandestine means.
5) Try to use public-domain encryption that has to be compatible with other implementations. For example, it's harder for the NSA to backdoor TLS than BitLocker, because any vendor's TLS has to be compatible with every other vendor's TLS, while BitLocker only has to be compatible with itself, giving the NSA a lot more freedom to make changes. And because BitLocker is proprietary, it's far less likely those changes will be discovered. Prefer symmetric cryptography over public-key cryptography. Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can.
Since I started working with Snowden's documents, I have been usingGPGSilent CircleTailsOTRTrueCryptBleachBit, and a few other things I'm not going to write about. There's an undocumented encryption feature in my Password Safe program from the command line); I've been using that as well.
I understand that most of this is impossible for the typical internet user. Even I don't use all these tools for most everything I am working on. And I'm still primarily on Windows, unfortunately. Linux would be safer.
The NSA has turned the fabric of the internet into a vast surveillance platform, but they are not magical. They're limited by the same economic realities as the rest of us, and our best defense is to make surveillance of us as expensive as possible.
Trust the math. Encryption is your friend. Use it well, and do your best to ensure that nothing can compromise it. That's how you can remain secure even in the face of the NSA
The Guardian

Featured Posts

GLAAD is Asking 1 of 5 Prime Time Characters to be LGBT by 2025

  ( Source: LifeSiteNews ) — The pro-LGBT actioGlad Asks For 1 of 5n group GLAAD released its annual report on the ...