Amiga.org
Amiga computer related discussion => Amiga Software Issues and Discussion => Topic started by: orange on August 27, 2014, 06:44:56 AM
-
sorry, perhaps a bit offtopic..
there is this excellent 'whitelist' project: http://www.nsrl.nist.gov/
seems it hasn't been mentioned here before. Its aim is to catalog hashes (md5 and sha, iirc) of all (executable) files! Yes, there are some Amiga files in the database. That should help a lot in tracking down viruses and such. There is also that site with Kickstart (and Workbench) hashes.
Anyway, I think, if nsrl site accepts submissions, people with lot of original software should help.
-
You're joking, right? You want people to help the NSA in their mission to erode our freedoms?
-
You're joking, right? You want people to help the NSA in their mission to erode our freedoms?
I wouldn't be so paranoid. This is Amigas, after all. Doubt anyone uses them for anything interesting to NSA. Besides, anyone can check the hashes themselves and report errors.
In any case, its a good idea. Maybe someone 'independent' could start making such database for Amiga, or simply expand the one with Workbench and Kickstart.
-
Amiga is one of the few computers that can be used to repel mind control waves (http://zapatopi.net/mindguard/#amiga) - DON'T LET THE NSA SPY ON YOUR AMIGA!!:rant:
-
Amiga is one of the few computers that can be used to repel mind control waves (http://zapatopi.net/mindguard/#amiga) - DON'T LET THE NSA SPY ON YOUR AMIGA!!:rant:
gotta love the tinfoiled penguin.
perhaps someone should start making one with boing logo, for the worried Amigists.
-
You're joking, right? You want people to help the NSA in their mission to erode our freedoms?
NSA? How are they involved in this project and how will they erode our freedoms using checksums?
-
NSA? How are they involved in this project and how will they erode our freedoms using checksums?
my guess is he thinks we might one day be forced to use 'whitelist' only software. something like that TPM thing. but that horse left the stable long ago. people want freedom.
or, perhaps, that a 'government approved' virus would be listed.
-
I shouldn't really need to explain this, it is written there on the site in black and white:
NSA? How are they involved in this project
"The RDS can be used by law enforcement, government, and industry organizations to review files on a computer by matching file profiles in the RDS."
and how will they erode our freedoms using checksums?
"This will help alleviate much of the effort involved in determining which files are important"
Clearly it is intended for mass remote surveillance, they're not even bothering to hide the fact. Once upon a time (pre-Snowden) that viewpoint might have been considered paranoid...but not anymore...
-
I highly doubt that human freedom is jeopardized by the NSA knowing the md5 of PageStream 2.2.
-
I highly doubt that human freedom is jeopardized by the NSA
...
The whole planet is jeopardised by the mere existance of such an organisation...
;)
-
I shouldn't really need to explain this, it is written there on the site in black and white:
"The RDS can be used by law enforcement, government, and industry organizations to review files on a computer by matching file profiles in the RDS."
Sorry, I'm still not sure how NSA is involved in this project. Much like any open information, yes, it can be used by industry organizations, law enforcement and government.
The information the list contains is not personal, it's not secret, and collecting it is a trivial job. The potential use of it to infringe upon personal rights is similar to that of a shoe -- a pretty useful tool for all sorts of things, but sure, you could figure out a way to hurt someone with it.
"This will help alleviate much of the effort involved in determining which files are important"
Clearly it is intended for mass remote surveillance, they're not even bothering to hide the fact. Once upon a time (pre-Snowden) that viewpoint might have been considered paranoid...but not anymore...
You're making quite a leap there. This information is about as useful in mass surveillance as super soakers are in fighting wildfires. The NSA likely use more sophisticated file signatures than a bunch of rigid checksums in a list that is updated less than once a month. More importantly, they probably focus more on what is being communicated over networks than what legitimate software is installed on a person's computer. The part that you quoted but cut off before it contradicted your conclusion puts the likely use of this in law enforcement quite well: "This will help alleviate much of the effort involved in determining which files are important as evidence on computers or file systems that have been seized as part of criminal investigations." A seized computer is often scanned for documents, and identifying the software installed can greatly narrow the search for those without the budget for more sophisticated means.
The way software update cycles are nowadays, the worst I can see in this list is a waste of money and effort.
-
my guess is he thinks we might one day be forced to use 'whitelist' only software. something like that TPM thing. but that horse left the stable long ago. people want freedom.
This is extremely unlikely. There exists loads of software and hardware that would make this impossible to enforce.
or, perhaps, that a 'government approved' virus would be listed.
The people who work with identifying viruses know better than to base their assessments on information provided by a government agency. The government agency that could produce such a virus would know better than to design it in such a way that its hash would be consistent. Having viruses modify themselves while executing to avoid naive content based identification has been an established technique for a long time.