Well said Sam! On Tue, Jun 25, 2013 at 4:59 PM, Sam Kreimeyer wrote: > What about using public APs from a distance (cantennas are easy enough to > put together), a live OS and a spoofed MAC address? As long as you leave > your smartphone/tracking device at home and compartmentalize your activity > (ie, don't visit sites or use logins you use in your day to day online > interactions), I would think that it would be extremely difficult to link > traffic with a person. > > More involved exploitation and monitoring (such as malicious files) would > probably mean that there is an actual agent or agents interested in your > activity. Unless you're into some serious naughtiness or a Muslim (and even > those people aren't monitored very effectively [the Tsarnaev bros. come to > mind]), I wouldn't anticipate the NSA purposing those limited resources to > users. I think with open source software and a little bit of cryptography, > you can subvert most of the dragnet data mining tactics in place. > > And as a government employee myself, I can say that we are far from the > hardest working demographic. I wouldn't be surprised if the vast majority > of individuals flagged by whatever magic 8-ball algos are in place in NSA > datacenters go without investigation. > > > On Tue, Jun 25, 2013 at 1:09 PM, Matt Graham wrote: > >> From: Lisa Kachold >> > It's trivial to send you a PDF or Javascript Browser Exploitation BEef >> > hook and walk through your systems >> >> How do NoScript and using evince/kpdf instead of Acrobrat Reader affect >> those >> trivial exploits? >> >> > agents that can be delivered via email (Kaseya or LivePerson) and J2EE >> > exploits that can be launched easily = opening you wide. >> >> Of course, if you're using a mail client that executes things found in >> attachments, you'll get pwn3d quickly. Are there any mail clients that do >> those things in this day and age? I thought they'd even partially fixed >> Outhouse in that respect. J2EE? Who has all the components of J2EE >> installed >> (besides Java developers)? In the last 5 years, I've seen exactly 2 Java >> applets in the wild. Client-side Java is *uncommon* in the modern WWW >> AFAICT; >> the things people used to use Java for have been taken over by Flash/JS. >> >> > Surveillance technology continues from all your expenditures, all your >> > travel (license plate readers), and your phone behaviors, and can >> include >> > remote viewing (without camera technology you would recognize). >> >> I can see how it'd be easy to track credit card transactions (bank >> records) >> and car movements (via traffic cameras). Could you explain "remote >> viewing >> without camera technology" more clearly? >> >> -- >> Matt G / Dances With Crows >> The Crow202 Blog: http://crow202.org/wordpress/ >> There is no Darkness in Eternity/But only Light too dim for us to see >> >> --------------------------------------------------- >> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >> To subscribe, unsubscribe, or to change your mail settings: >> http://lists.phxlinux.org/mailman/listinfo/plug-discuss >> > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss > -- (503) 754-4452 Android (623) 239-3392 Skype (623) 688-3392 Google Voice ** it-clowns.com Chief Clown