Tuesday, April 22, 2014

Narcocorridos: To the Glory of the Mexican Drug Cartels



 To a growing number Mexicans and Americans, narco traffickers have become iconic outlaws, a new  pathway out of poverty, and one step closer to the "American Dream".

Narcocorridos are popular on both sides of the border, with popular music videos, sold-out concerts and CDs sold at Wal-Mart. "We're bloodthirsty, crazy, and we like to kill," they sing. Modern day Robin Hoods? Hardly, but that's how many teens and young adults see them.
I urge people to reconsider this idea that the cartels and the government are two distinct entities. On the contrary, it’s impossible for an organized crime organization — especially one that’s transnational — to function without employees inside the state at all levels." -- John Gibler, author of To Die in Mexico: Dispatches from Inside the Drug War

From the documentary Narco Cultura
For Mexicans and Latinos in the Americas, there is no music more popular today than narcocorridos. These bloodthirsty and explicit odes to the exploits of narco traffickers and drug lords of Mexico openly glorify violence, narcotics and money. Like gangsta rap in the nineties, “Narco” is a movement threatening to burst into the mainstream.

Featuring powerful footage from the front lines of the drug wars and performances from some of the hottest Narcocorrido artists (including El Komander and Buknas de Culiacan) NARCO CULTURA takes viewers behind the scenes of the most explosive and violent music subculture in America.
It's hard to imagine the way it must feel to live in absolute fear in an increasingly poor and violent neighborhood, yet, at the same time, be able to see, literally, right over the fence--supposedly the safest city in America, El Paso, Texas--what appears to be a safe haven. 



Read more...

Saturday, April 19, 2014

The Bizarre and Strange Circumstances Surrounding the Death of JFK Jr.

Mostly taken from the documentary Dark Legacy II The Murder of JFK Jr.

The report of the National Transportation Safety Board came out on August 8, 2000 (on January 8, 2001, the NTSB removed their original posting, and greatly edited the contents of the report. The unedited original NTSB report, downloaded from the NSTB website in August of 2000, can be read at link), 13 months after the plane crash of JFK Jr.  It contradicts many of the lies pushed in the media.

Timeline:

On John’s fatal last Friday, he told his staff not to worry about their jobs, because, “As long as I’m alive, this magazine will continue to publish.” This would be a really cruel thing for a guy to say who was planning to kill himself in a few hours.

At 8:30, 45 minutes after arriving, John, his sister-in-law, and his wife took off from Caldwell Airport in NJ, and headed northeast toward Martha’s Vineyard ascending to a cruising altitude of 5,500 feet. An NTSB radar analysis shows the final moments of the flight in great detail.

At 9:33, the plane, still headed northeast, began descending from its cruising altitude of 5,500 feet.

At 9:38 the plane while still descending began a slight turn to the right so that it was headed due east, lining itself up with the southern coast of Martha’s Vineyard.

At 9:38 and and 20 seconds the plane completed the turn and stopped its descent, leveling off at 2200 feet. But it’s against FAA regulations for a plane to fly below 2,500 feet without first contacting the tower. So in a manner that’s typical of John’s carefulness and following procedures, he brought the plant back up to 2,500 feet.

At 9:38 and 50 seconds, with wings level, the plane was on final approach, with 14 miles to go to the airport. At 200 mph, the plane would land in about 5 minutes.

At 9:39 John contacted the tower.

At 9:40 and 15 seconds, one minute and 15 seconds later, the plane suddenly dove out of the sky, falling 2,500 feet in 45 seconds, crashing into the water at 200 mph.

At 10:00 Adam Budd (link is cached page because link was removed from Boston.com) reported the missing plane to the FAA.

An employee of Martha's Vineyard Airport alerted federal aviation officials that John F. Kennedy Jr.'s plane was unaccounted for nearly four hours before a phone call from a Kennedy family friend early Saturday morning triggered a massive air and sea search.

The first phone call - which cited Kennedy by name - prompted no action by the Federal Aviation Administration. It was made at 10:05 p.m. Friday, only 25 minutes after Kennedy's plane was lost on radar and presumably crashed into the ocean.

''Actually, Kennedy Jr.'s on board. He's, uh, they wanna know, uh, where he is,'' Adam Budd told an unidentified FAA employee at the Bridgeport Automated Flight Service Station.

Until the plane is found, there is no way to say if an earlier search would have made a difference in the survival chances of Kennedy, his wife, Carolyn Bessette Kennedy, or her sister, Lauren Bessette.

However, a transcript of Budd's call, obtained by the Globe, adds fuel to questions about whether the FAA responded as promptly as it should have, and as quickly as its own regulations specify, to concerns about Kennedy's missing plane.

FAA officials said they responded appropriately to the call.

''We've researched the matter and found the FAA was not told that the aircraft was overdue, or that there was any indication there was a problem or a cause for concern that would raise warning flags,'' said Eliot Brenner, a senior FAA spokesman.

Kennedy was flying to Martha's Vineyard to drop off Lauren Bessette, after which he planned to fly to Hyannis to attend the wedding of his cousin Rory Kennedy. A well-dressed couple with a child who had come to the airport to meet Lauren Bessette grew concerned when the plane did not arrive as expected by 10 p.m.

They sought help from Budd, 21, a Bridgewater State College student from Sharon, Mass. In a telephone interview last night, Budd said he is also a licensed pilot who has worked for the past month as a ramp attendant at the airstrip.

Budd said he first called the airport tower, but was told Kennedy's plane was not expected - Kennedy had filed no flight plan - and that it had made no radio contact.

Budd then called the FAA outpost in Bridgeport, Conn., a repository for flight plans that also provides pilots with weather information and notices about flight restrictions.

During his conversation with the unidentified FAA employee, Budd asked if the FAA could track an airplane. Budd said he was with airport operations at Martha's Vineyard, then mentioned Kennedy's name and provided two possible aircraft numbers for Kennedy's plane.

The employee questioned Budd repeatedly about who he was and where he was calling from. After Budd gave his name, the FAA employee asked if he was, in fact, with airport operations. He ultimately told Budd, ''We don't give this information out to people over the phone.''

At that point Budd gave up, saying, ''I'll just have 'em wait,'' and then, ''All right, it's no big deal.''

In the interview, Budd said the transcript tells only part of the story.

''You have to hear his tone of voice, because the guy was kind of rude to me, making me feel uncomfortable,'' he said. ''I've called before and they were happy to help me out. The guy might have been having a bad day or something. I don't know.''

Brenner, the FAA spokesman, said the problem with the tone was Budd's. ''There was no tone of concern in the voice or anything out of the ordinary,'' Brenner said. ''There needed to be some expression that this airplane is overdue.''

In the end, no action was taken until a 2:15 a.m. Saturday phone call from Carol Ratowell, a Kennedy family friend. Her call to the Coast Guard set in motion a multiagency search that began with calls to regional airports and officially became a search and rescue mission at 3:28 a.m.

Globe correspondent Jennifer Babson contributed to this report.
No search and rescue

Breaking news broadcasts at the time of the incident reported that there was final communication between the FAA and JFK Jr’s plane at the precise moment of 9:39 PM according to Petty Officer Todd Burgun from the Coast Guard base in Boston. This is absolutely consistent with the radar information from the NTSB that was used to reconstruct the last moments of the plane before it crashed therefore his report is credible, otherwise he could not have identified the exact minute that the plane was holding at 2,500 feet, waiting to get clearance from the tower before descending. He had to have gotten that information from FAA flight personnel in the tower at Martha’s Vineyard Airport.

This contact by JFK Jr. to the airport is very important for numerous reasons. Whenever you contact air traffic control, your particular radar blip is then entered into the FAA’s air traffic computer system. If anywhere on your flight path your plane should happen to descend below 100 feet, the computer will automatically set off an alarm at the FAA Traffic Control Facility. Therefore, as a result of Kennedy’s 9:39 contact with the tower, the computer should’ve set off a low altitude alarm in the FAA’s traffic control offices when the plane descended below 100 feet.

The FAA should’ve begun the search at 9:40 when this low altitude alarm went off. They knew before the plane hit the water. FAA regulations require that a search commence anytime a plane contacts the tower on its final approach and then fails to land within 5 minutes. As a result of JFK Jr’s contact with the tower,, the FAA also should’ve begun a search at 9:44 when JFK Jr’s plane failed to land.

How long did it take the FAA to begin a focused search... searching the approaches to the Martha Vineyard’s airport?

15 ½ HOURS!

The cover up:

The information containing JFK Jr’s contact with the FAA was disappeared. At 12:30 Burgun was removed/silenced from any further reports of any kinds. In fact, all government agencies went silent and reporters were referred to the Pentagon spokesman, Col. Steven Roark.

The report from Todd Burgun wasn’t the only on-the-scene reporting that disappeared from the news by the Pentagon. According to the Pentagon the families of both JFK Jr and Carolyn Bessette waited 4 hours to report them missing. Total lie! Friends of Lauren Bessette, Carolyn’s sister, were waiting at the airport and when the plane didn’t land at around 10:00, quickly reported it to the FAA officials, who did nothing.

One hour later, at 11 PM Senator Edward Kennedy contacted the FAA to let them know the plane was missing. The FAA officials did nothing.

Since the FAA refused to act, at 2:15 AM a family friend, Carol Radziwill, contacted the Coast Guard. The Coast Guard contacted the FAA. The FAA then contacted the Air Force who told the Coast Guard that they were in charge and sent the Coast Guard on a wild goose chase, to search an area 100 miles away from anywhere the plane may have gone down.

Linda Killian from People Magazine questioned Lt. Col. Steve Roark, the director of the U.S. Air Force's National Search and Rescue School at the time and former director of the Air Force Rescue Coordination Center, on TV about the time discrepancy regarding official notification of the missing plane. Raw uninterrupted static cut her off before she could even finish the question. This question never got answered and never got asked again and never got any mention in any media outlet.

At 6:30 AM Ted Kennedy woke up John Podesta, Clinton’s Chief of Staff. At 7:00 AM, Podesta woke up Clinton. At 7:15, Clinton told Podesta to call the Air Force and warn them if they didn’t have a search underway in 15 minutes, they shouldn’t bother to come to work Monday morning because they would all be fired, if they weren’t in jail.

So the Air Force scattered two planes and two helicopters across 20,000 square miles of ocean. The Air Force kept them searching this vast expanse for the next five and a half hours.

click image to enlarge
Of course, there were honest employees at the FAA who did their job, one of which is to perform what is called an “N-Tap” radar analysis. An “N-Tap” goes back to take-off, starting with the plane identifying itself to the tower, giving its “N number” its registration number, in this case, N529JK. The plane’s radar blip is identified at take-off. And this particular blip is then followed along its flight path until it disappears, indicating the crash site. The New York Times said this report was available at 5 AM.

When Col. Roark was asked why he his search was scattered all over the Atlantic, when the “N-Tap” report was available 8 hours earlier, pinpointing the location of crash, he said he would continue on the same track, stating that “we have nothing that absolutely pinpoints to one area as opposed to another, so we can’t rule out the entire flight.” When asked again about the radar position of the crash site, Roark lied and said it was just a “possible” position.


Moreover, all civil aircraft are required to carry an emergency beacon, an ELT (Emergency Locator Transmitter), which are crash activated. The ELT sends out a signal that is received by a network of satellites that can instantly locate the crash within a matter of a few feet. 

In other words, the FAA knew where JFK Jr's plane went down before it hit the water.  But, it wasn't until 1:00 the next afternoon when Lauren Bessette's suitcase washed up on shore that the Coast Guard was able to focus on something remotely near the crash site.



click to enlarge
JFK Jr was a careful and conscientious pilot, who did file a flight plan and who always flew his relatively new plane with a flight instructor as he was working on his instrument rating, not to mention his injured ankle.   He was not the careless, irresponsible daredevil that the media portrayed.  JFK Jr had a 17 year record--more than 300 hours--of careful, meticulous adherence to safety procedures.

Missing Pieces:

Where did the backup battery--necessary to preserve the last few words of the pilot on the radio and in the cockpit--to the cockpit voice recorder go?

Who was JFK Jr talking to minutes before he took off?  What as he talking about?  But it's missing despite the fact that it's supposed to be in the NTSB report.


Where is the aquamarine duffel that JFK Jr kept his flight log, which records who was on the plane?

What about the flight instructor who was reported--by family friend, Carol Radziwill--to be on the plane taken from the earliest statements after the crash? JFK Jr never flew his new plane without a flight instructor.  Later on, "the family" reported the flight instructor was not on the plane and that JFK Jr didn't even have a license to pilot the plane that crashed, when he most certainly did.

So who is this person identifying themselves as "the family" and spreading lies?  
Arnold Schwarzenegger, perhaps?



And where did the missing airplane seat go? Portions of five of the six seats were recovered. Could it be the reason for the delayed search?  They had to recover the body of the flight instructor who wasn't on the plane according to unreliable or coerced sources?





Read more...

Tuesday, April 15, 2014

Titanic: The Real Story.

Today, 100-years ago, the "unsinkable" "Titanic", accompanied by an ostentatious display of fanfare, departed from the English port city, Southampton, on its ill-fated "maiden voyage". Why so many words enclosed by quotation marks? Read on - and watch - and you shall see.

Last month, I blogged about the social amnesia of the collective that followed the SS Eastland disaster, where  close to 1,000 people (wiping out 22 entire families) died within a span of 6-minutes, when the packed-to-the-gills, top-heavy streamlined ship tipped over in the Chicago River, merely 3-years after the sinking of the "Titanic". Well, it appears the deep-seated corruption that contributed to the Eastland horror show that dreadful morning, played an even bigger role on April 15, 1912 when 1,507 people lost their lives. Only, we certainly didn't forget this tragedy. Every single American over 6-years old can tell you exactly what happened that sorrowful day in history. Or, can they?

The following film is based on extensive research and includes evidence of both British and American inquiries, the eyewitness reports of survivors, newspapers of the day, photographs, film and radio broadcasts. The views and opinions are based on evidence and legitimate inference.

What you are about to see is a reconstruction of events behind the disaster and the reasons for it.



Read more...

Sunday, April 06, 2014

The Science Deliberately Excluded and/or Misrepresented From IPCC Report on Climate Change

The United Nations environmental program, established in 1972 and the Intergovernmental Panel on  Climate Change (IPCC), established in 1988, created one of the greatest deceptions--of which there are many--in modern history.  All of the mainstream media outlets, including NPR (or maybe especially NPR) are on board.

What's the deception?  The U.N. asserts that anthropogenic carbon dioxide influences atmospheric CO2 levels which in turn raises global temperatures, however, evidence from ice cores clearly shows the opposite: that increased CO2 levels follow increased temperatures by a few centuries, approximately 400 years. In other words, CO2 levels respond to changes in temperature, and not the way the IPCC summary --for policy makers and press--on  climate change claims.





Links

The Great Man Made Global Warming Swindle May Finally Come to an End.

Will Anthropogenic Global Warming Change to Anthropogenic Chilling?


Climate Change Reconsidered II Biological Impacts

The Deliberate Corruption of Climate Science

Read more...

Saturday, April 05, 2014

IRS Rules Bitcoin Property Not Currency.

The IRS ruled that virtual currency, such as Bitcoin (BTC),  is not considered currency, but property for U.S. federal tax purposes. In other words, it does not have legal tender status in any jurisdiction

“The Internal Revenue Service (IRS) is aware that “virtual currency” may be used to pay for goods or services, or held for investment. Virtual currency is a digital representation of value that functions as a medium of exchange, a unit of account, and/or a store of value. In some environments,it operates like “real” currency-- i.e., the coin and paper money of the United States or of any other country that is designated as legal tender, circulates, and is customarily used and accepted as a medium of exchange in the country of issuance -- but it does not have legal tender status in any jurisdiction.

Virtual currency that has an equivalent value in real currency, or that acts as a substitute for real currency, is referred to as “convertible” virtual currency. Bitcoin is one example of a convertible virtual currency. Bitcoin can be digitally traded between users and can be purchased for, or exchanged into, U.S. dollars, Euros, and other real or virtual currencies. For a more comprehensive description of convertible virtual currencies to date, see Financial Crimes Enforcement Network (FinCEN) Guidance on the Application of FinCEN’s Regulations to Persons Administering, Exchanging, or Using Virtual Currencies (FIN-2013-G001, March 18, 2013)
General tax principles that apply to property transactions apply to transactions using virtual currency. Among other things, this means that:
  • Wages paid to employees using virtual currency are taxable to the employee, must be reported by an employer on a Form W-2, and are subject to federal income tax withholding and payroll taxes.
  • Payments using virtual currency made to independent contractors and other service providers are taxable and self-employment tax rules generally apply. Normally, payers must issue Form 1099.
  • The character of gain or loss from the sale or exchange of virtual currency depends on whether the virtual currency is a capital asset in the hands of the taxpayer.
  • A payment made using virtual currency is subject to information reporting to the same extent as any other payment made in property.
Really? Does the IRS really expect everyone who buys a cup of coffee with digital "currency," like BTC, to track capital gains? What a bureaucratic nightmare! However, I'm sure the IRS has no problem creating more administrative bureaus to deal with tracking virtual "currency" transactions. Not to mention, the burden on virtual "currency" users. But as Oscar Wilde said, "The bureaucracy is expanding to meet the needs of the expanding bureaucracy."

Links:

What the IRS Bitcoin Tax Guidelines Mean For You

Are the IRS Capital Asset Rules Realistic for Small Transactions?

Fiat Link - watch the world's currencies flow into BTC in real time.

Read more...

Tuesday, March 25, 2014

Innocent Woman Scheduled For Execution in Mississippi

On Thursday, Mississippi is scheduled to execute the first woman, Michelle Byrom, 57, in the state since 1944, even though her son, Edward Byrom Jr., repeatedly confessed to the killing that she is slated to die for — evidence the jury did not hear because her defense attorneys--their first capital murder trial-- never admitted the confession letters into evidence. Ms. Byrom was a lifelong victim of  abuse, both as a child and in the marriage that ended in her husband’s death. Not to mention, at the time of her husband's death, Ms. Byrom was in the hospital for double pneumonia while on mind-altering drugs.

As I sat on my bed, tears of rage flowing, remembering my childhood my anger kept building and building, and I went to my car, got the 9mm, and walked to his room, peeked in, and he was asleep. I walked about 2 steps in the door, and screamed, and shut my eyes, when I heard him move, I started firing.” -- Edward Byrom Jr
Despite corroborating evidence supporting the son's confessions such as the gunpowder found on his hands, Byrom Jr. pinned the murder plot on his mother after prosecutors convinced him to take a plea deal in exchange for a reduced sentence.
When they got me here, I gave them a bullshit story after another, trying to save my own ass, but when David Smith started questioning me, and told me what happened, I was so scared, confused, and high, I just started spitting the first thought out, which turned into this big conspiracy thing, for money, which was all BS, that's why I had so many different stories,"--Edward Byrom Jr.
So authorities allege that Byrom Jr., his mother and his friend, Joey Gillis, colluded to kill Byrom Sr, in order for Michelle Byrom to collect on her husband’s life insurance policy. However, both Byrom Jr. and friend, Joey Gillis--accused of pulling the trigger despite the gun powder residue on Byrom Jr.'s hand-- walk free today.

The only certainty here is that Michelle Byrom did not have competent attorneys nor did she get a fair trial, the case in so many people who have been executed or who await their execution.
I have attempted to conjure up in my imagination a more egregious case of ineffective assistance of counsel during the sentencing phase of a capital case. I cannot."--Judge Jess Dickinson

Read more...

Friday, March 14, 2014

The Gaping Holes in HTTPS and SSL Security!

Scott Ogrin, a blogger, who is a software engineer as well as an electrical and computer engineer with a BSEE and MSEE, breaks it down for you in the following article:

In this day and age of well-known NSA spying, everyone keeps saying that the only way to be safe is to use SSL/TLS, commonly known as "browsing with https://".

The sad reality is that HTTPS does virtually nothing to protect you from the prying eyes of alphabet soup agencies - or anybody else with enough knowledge about how these supposedly "secure" connections actually work.

It's true that connecting to web sites with SSL will certainly prevent "script kiddies" and other more winky opponents from eavesdropping on your surfing or otherwise interfering in your affairs. But as for the Real Bad Guys, forget it...

We shall begin by taking a brief dive down the rabbit hole of SSL, hopefully in a way that will make sense to even the least technically inclined among us.

This issue is, after all, so extremely important that I think everyone needs to understand what is really going on, and how web security actually works, without needing a PhD in cryptography, computer science, or engineering!

Our story begins with a little e-mail I received the other day. The basic message can be found here:
Microsoft Security Advisory (2880823)

Of course, the idea that Microsoft of all companies is warning me about security is kind of laughable, so I didn't pay much attention. Nevertheless, there was this little voice in the back of my mind that kept pestering me, so I decided to dig in and see what all the hoopla was about... or indeed if any hoopla was even warranted.
Microsoft is announcing a policy change to the Microsoft Root Certificate Program. The new policy will no longer allow root certificate authorities to issue X.509 certificates using the SHA-1 hashing algorithm for the purposes of SSL and code signing after January 1, 2016. Using the SHA-1 hashing algorithm in digital certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.

Microsoft recommends that certificate authorities no longer sign newly generated certificates using the SHA-1 hashing algorithm and begin migrating to SHA-2. Microsoft also recommends that customers replace their SHA-1 certificates with SHA-2 certificates at the earliest opportunity. Please see the Suggested Actions section of this advisory for more information.
Okay, so that's probably like trying to read a foreign language to most people. Even I didn't understand exactly how these hashing algorithms were used with SSL. So, I started digging. What I found nearly floored me:

MD5 considered harmful today: Creating a rogue CA certificate

Now, if you thought the M$ advisory was confusing, take a peek at the above link.

WOW! That's wild.

In summary, way back in 2008, some smart people figured out a way to make themselves a Fake SSL Certificate Authority, and they accomplished this feat by using a weakness in the MD5 hashing algorithm.  [...]
First, let's define some terms - hopefully in Plain English:

SSL Web Site Certificate

This is a digital certificate, with a digital signature, that verifies that a website is who they say they are. When you connect to a web site using SSL (HTTPS), your browser says, "Papers, please!" The remote site then sends the SSL Web Site Certificate to your browser. Your browser then verifies the authenticity of this "passport". Once verified, encrypted communications ensue. The point of the SSL Web Site Certificate is that under no circumstances should anyone else be able to create a valid, signed certificate for a web site that they do not own and operate. In order to obtain an SSL Web Site Cert, you must verify by varied means that you are the owner and operator of the web site involved. So, using HTTPS is not only for encryption of communications, but also a way to verify that the site you are communicating with is the Real Thing, and not an imposter. And of course you must pay for the certificate!

Certificate Authority (CA) Root Certificate

This is also a digital certificate, with a digital signature... But in this case, this certificate can be used to create and digitally sign normal SSL Web Site Certificates. This is the kind of certificate that a CA (Certificate Authority) has. These certificates also get passed to browser makers, and are then included in your web browser. This is so that when your browser receives an SSL Web Site cert, it can use the CA Root Certificate to verify that the Web Site Cert is in fact valid.

Certificate Authority (CA)

A CA is the kind of web site from which you would buy a valid, secure SSL Web Site Certificate to use for HTTPS on your site. For example: Verisign.com, RapidSSL.com, Geotrust.com, etc. are Certificate Authorities. They have CA Root Certificates for generating and signing valid SSL Web Site Certificates.

It's helpful to understand that with all these certificates, there is a "chain of command". SSL Web Site Certificates are validated and authenticated using CA Root Certificates. CA Root Certificates are validated with yet higher-authority certificates, all the way up the pyramid to The One Great Root Certificate, which is like the God of Certificates. Thus, each lower-ranking certificate is verified up the chain of command. This all happens behind the scenes, and you have no idea it's occurring.
Piece of cake, right?

Now, where do these hash algorithms like MD5, SHA-1, and SHA-2 come into play?

All certificates contain information, like:
  • Web site domain (www.mysite.com)
  • Site location (country, state, etc.)
  • Site owner info (company name)
  • Period of validity
This information is verified before a certificate is issued. Once verified, a hash of the data is generated. This hash acts as the digital signature for the certificate. The only thing you really need to understand about hash algorithms is that what is supposed to happen is this:
  1. Data of any length (30 characters, 3000 characters, 40MB, whatever) is passed into the hash algorithm
  2. The hash algorithm chops up the data and mathematically processes it, thereby spitting out a signature – or digital fingerprint – of the data
  3. The hash of no two chunks of data should ever be the same – just as the fingerprints of no two people should ever be the same
  4. The hash output is always the same size, regardless of the size of the input data (just like a fingerprint – no matter the size of the person)
Right. There is such a thing as a “hash collision”. This is when you have 2 hashes that are identical, but they were generated from different data. That’s like if you and your neighbor suddenly had the same thumbprint. OOPS!

Now, think about that for a minute... If the police were using these hashes, or thumbprints, to verify your identity, they might mistake you for your neighbor, or your neighbor for you, if you "had the same thumbprint". If they did no other checking, and just relied on that thumbprint, they might very well "authenticate" your identities completely incorrectly. BIG OOPS!

This is exactly what happened with the MD5 SSL attack outlined at the above link.

These smarty-pants people were able to carefully buy a valid SSL Web Site Certificate from RapidSSL in 2008. Before they did that, they created their own CA Root Certificate in such a way that the hash (fingerprint) of their valid, just-purchased Web Site Cert was identical to the hash of the FAKE CA Root Certificate that they created out of thin air.

Since RapidSSL had just said, "Dudes, this Web Site Certificate fingerprint is valid!", and since this was the same fingerprint on the fake CA Root Cert, the forged CA Root Certificate becomes valid.

Now, recall that a CA Root Certificate - as long as it has a valid hash/fingerpint that will validate up the "chain of authority" - can be used to generate a valid SSL Web Site Certificate for any web site in the world... And neither you, nor RapidSSL, nor your browser will ever know that anything is amiss.

Why is this a problem? For starters, consider a man-in-the-middle attack.


 You want to go to https://www.gmail.com. But some "hackers" have used another type of hack to insert their server between you and Gmail. Normally, this would not be possible, because you're using HTTPS! You're SAFE!

WRONG!

As far as anyone knows, you are connected to gmail.com over HTTPS. But in reality, what's happening is this:
  1. You try to connect to https://www.gmail.com
  2. The attacker diverts your request (perhaps using DNS cache poisoning or some other such attack) to a fake server
  3. Since Attacker's Server contains a falsely generated, perfectly valid SSL Web Site Certificate using the tricks outlined above, your browser doesn't know any better. Everything appears to be legit.
  4. You begin doing e-mail, but all your data is actually going encrypted to Attacker's Server, being decrypted and recorded/modified, and then Attacker's Server then passes the data on to the real https://www.gmail.com (using Gmail's actual, valid SSL cert).
  5. You have absolutely no clue that your "secure" communications are not secure in the least!
In other words, SSL / HTTPS means that the connection between your browser and the destination server at the URL you're visiting is supposed to be encrypted. But due to the fact the certain types of SSL certificates (which help handle the encryption) can be forged, an attacker could set up their fake server that pretends to the be the real destination server, and thus insert themselves in the middle of the connection. When that is done, the attacker has control over the connection and the data, and can thus decrypt your data, manipulate it, and/or pass it on to the real intended destination server.

Now, isn't that a daisy?

"But wait!" you say. "Isn't it therefore good for Microsoft to recommend changing the hash function to SHA-256 if SHA-1 has the same potential problem as MD5 did back in 2008?"

An excellent question! Unfortunately, yes and no. Even if you, as a web site owner, change your SSL Web Site Certificate from one that is signed using SHA-1 to a new cert that is signed using SHA-2, you are still unsafe.

Why?

Because all it takes is for ONE Certificate Authority to use a "weak" hash algorithm, and someone who is up to no good can generate a forged CA Root Certificate. Once they have that, they can generate as many SSL Web Site Certs as they want - using any hashing algorithm they please - including a fake-yet-valid cert that they can use to impersonate your "secure" site!

In other words, the weakness in the hashing algorithm is just the tip of the iceberg. Due to the hierarchical "chain of authority" in the whole certificate system, if anyone manages to create a false CA Root Cert, they are more or less god in terms of creating false SSL Web Site Certs.

Thus, in order for Microsoft's words to have an effect, there must not be ANY Certificate Authority (Web Site Cert issuer) in the whole world that still uses SHA-1. In order for the "security" to actually be more secure, everyone must upgrade right now. But this isn't going to happen.

Now, if that isn't bad enough, think about all the NSA spying. Think about how many people said, "Naw, man, I just surf using HTTPS, and I'm totally safe!"

You think so?

I don't. You know why? Well, you should, by now... But there's more!

Guess who invented the SHA-1 hash algorithm in 1995?

The NSA.

Guess who invented SHA-2 in 2001?

The NSA.

So, why should all the Certificate Authorities switch from the NSA's SHA-1 to the NSA's SHA-2? Why, because the NSA created it the way they did for a reason!

SHA-1 already has been theoretically breached, and there are a few indications that SHA-2 isn't quite as super-duper-safe as everyone thinks.

Imagine you are the NSA. You want to spy on everyone, everyone's grandmother, the grandmothers' cats, and the mice that are currently being digested inside the cats. SSL is kind of a problem... It can use pretty annoying encryption. Well, hell! No problem. Just compromise the "certificate authority chain" by forging one little CA Root Certificate, and blammo! You can eavesdrop and man-in-the-middle anybody you darn well please, SSL or not!

Web sites over SSL? No problem.

E-mail over SSL? No problem.

I have said it before, and I'll say it again: There never was security or privacy on the internet, there is no security or privacy on the internet now, and most likely there never will be. Not unless some very big changes are made...

And do you know why all this (and much, much more) is possible?

Because just like you, I had no knowledge of the gaping holes in SSL. Awareness of this and many other issues - technological, political, psychological, social, etc. - is absolutely essential.

Otherwise, frankly, we're screwed.
Links:

Fake SSL certificates deployed across the internet


The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software

Read more...

Monday, March 10, 2014

Institutional Psychopathology?

The Comprehensive Annual Financial Report, the CAFR, reports the the scope and size of government investment wealth, which is, despite what you're told, immense.

In America, there are over 230,000 individual government corporations (230,000 investing in corporations) and each of these must file a CAFR. This source document, the CAFR, is a requirement of law for every government corporation. This investment wealth is NOT reported to the people. In other words, it is not reported on the Budget report which is the dumbed-down version of the CAFR--the same report with a lot less information. The government utilizes creative accounting: How do we turn an asset into a liability? It's a presentation through creative accounting to show there is no money when in fact, billions of dollars exist in that local government.

So what exactly is the CAFR, aside from the fact it's a giant investment scheme to extract the wealth of the nation?

It's a set of U.S. government financial statements comprising the financial report of a state, municipal or other government entity that compiles the accounting requirements promulgated by what is called the Governmental Accounting Standards Board (GASB), which is a private nongovernmental association. They provide the standards for the content that’s in that report called the CAFR. Every CAFR is audited by an external accounting firm of certified public accountants (CPA).

You see, by law, corporations must earn profits for their shareholders of which government is the main shareholder. It’s a HUGE conflict of interest, because, by law, governments must act on behalf of corporate profit, NOT, we the people.

For example, according to the Military CAFR, they have over a trillion dollars in the military pension funds. That’s larger than the amount of cash circulating (M1) in the U.S., yet, what is government doing? They're slashing the military benefits of American military families, including pensions .

CAFR School with Clint Richardson:

CAFR School One

CAFR School Two

CAFR School Three

Read more...

Sunday, February 23, 2014

Silent Coup: The Rise of the Anti-Government Flash Mobs

Anymore, it's always the same: peaceful "democratic" protests, in country after country, against supposedly undemocratic and unresponsive governments that are--wait for it--democratically elected by the people, which eventually turn violent. But are these events really orchestrated silent coups--or attempted coups-- disguised as domestic current events? Ted Snider of Anti-War.com seems to think so.

There is no doubt that the American government has been providing arms, money and logistical support to Al Qaeda in Syria, Libya, Mali, Bosnia, etc.– and related Muslim terrorists in Chechnya, Iran, and many other countries. That's right. We're funding extremest elements within the broader population of targeted nations in order to destabilize targeted nations, ultimately leading, not to a democratic leader in power, but, instead,  radicals  in power who most definitely do not support a democratic government In other words, the genuine protestors, of which there are many, are merely pawns in a chess game played by much more powerful interests and geopolitical forces.

But as the American media continues to mischaracterize the ongoing protests and downplay "the radical ultra-nationalist character of some protesters" not to mention the western leaders (U.S. and EU) continued support of these anti-government protesters--thus, rationalizing what they're doing--we the taxpayers remain blinded to the silent coups that are taking place right under our noses.

A New Cold War? Ukraine Violence Escalates, Leaked Tape Suggests U.S. Was Plotting Coup

I mean that. I mean that Moscow—look at it through Moscow’s eyes. Since the Clinton administration in the 1990s, the U.S.-led West has been on a steady march toward post-Soviet Russia, began with the expansion of NATO in the 1990s under Clinton. Bush then further expanded NATO all the way to Russia’s borders. Then came the funding of what are euphemistically called NGOs, but they are political action groups, funded by the West, operating inside Russia. Then came the decision to build missile defense installations along Russia’s borders, allegedly against Iran, a country which has neither nuclear weapons nor any missiles to deliver them with. Then comes American military outpost in the former Soviet republic of Georgia, which led to the war of 2008, and now the West is at the gates of Ukraine. So, that’s the picture as Moscow sees it. And it’s rational. It’s reasonable. It’s hard to deny.

But as for the immediate crisis, let’s ask ourselves this: Who precipitated this crisis? The American media says it was Putin and the very bad, though democratically elected, president of Ukraine, Yanukovych. But it was the European Union, backed by Washington, that said in November to the democratically elected president of a profoundly divided country, Ukraine, "You must choose between Europe and Russia." That was an ultimatum to Yanukovych. Remember—wasn’t reported here—at that moment, what did the much-despised Putin say? He said, "Why? Why does Ukraine have to choose? We are prepared to help Ukraine avoid economic collapse, along with you, the West. Let’s make it a tripartite package to Ukraine." And it was rejected in Washington and in Brussels. That precipitated the protests in the streets.

And since then, the dynamic that any of us who have ever witnessed these kinds of struggles in the streets unfolded, as extremists have taken control of the movement from the so-called moderate Ukrainian leaders. I mean, the moderate Ukrainian leaders, with whom the Western foreign ministers are traveling to Kiev to talk, they’ve lost control of the situation. By the way, people ask—excuse me—is it a revolution? Is it a revolution? A much abused word, but one sign of a revolution is the first victims of revolution are the moderates. And then it becomes a struggle between the extreme forces on either side. And that’s what we’re witnessing. -- Stephen Cohen, professor emeritus of Russian studies and politics at New York University and Princeton University.



A 1967 interview with Miles Copeland Jr., a famed CIA Agent who helped the Agency stage a coup in Syria in 1949, which could easily apply today



Links:

The UN Says the Ukrainian People Must Decide their Fate, NATO Wants Something Else

Read more...

Sunday, February 16, 2014

Trillion Dollar Fraud Investigation and High Profile Financial Services Executives Dropping Like Flies.

In addition to the OPEC covering Wall Street Journal reporter,  David Bird, who went missing on January 10, 2014,  within two weeks,  at least seven high profile financial executives have died under mysterious circumstances. 

On January 26, 2014, Tim Dickenson, a U.K.-based communications director at Swiss Re AG, died  The circumstances surrounding his death are undisclosed.

That same day, William Broeksmit, a former senior manager at Deutsche Bank--under investigation for potentially rigging the Foreign Exchange markets-- with close ties to co-Chief Executive Anshu Jain, was found hanging in his home, from an apparent suicide.

The next day, January 27, 2014, 51-year old Karl Slym, handpicked by Ratan Tata to revive the fortunes of Tata Motors in India, died in Bangkok on Sunday in a freak accident at the hotel where he was staying. Police said he may have committed suicide. 

The next day, January 28, 2014, Gabriel Magee, a 39-year-old senior manager at JP Morgan’s European headquarters, jumped 500ft from the top of the bank’s headquarters in central London on January 27, landing on an adjacent 9 story roof.

The next day, January 29, 2014, Mike Dueker, the chief economist at Russell Investments, fell down a 50 foot embankment in what police described as a suicide. 

“Mike Dueker, the chief economist at Russell Investments, was found dead at the side of a highway that leads to the Tacoma Narrows Bridge in Washington state, according to the Pierce County Sheriff’s Department. He was 50.

He may have jumped over a 4-foot (1.2-meter) fence before falling down a 40- to 50-foot embankment, Pierce County Detective Ed Troyer said yesterday. He said the death appeared to be a suicide.
Then, on February 3, 2014,  37-year old, JP Morgan Global Equities Trading Executive, Ryan Henry Crane, was found dead.  Crane, who oversaw the trade platforms had close working ties to the aforementioned deceased Gabriel Magee of JP Morgan's London office.  The cause of death will be determined when a toxicology report is completed in about six weeks.

Soon after, on February 7, 2014, Richard Talley, 57, founder of American Title Services in Centennial, Colorado, was found dead after apparently shooting himself  seven or eight times in the head and chest with a nail gun.  Suicide?  Really? That ranks up there with strangling oneself as Veritas Capital Founder Robert B. McKeon --who later purchased DynCorp, the private military contractor with a history of child trafficking--apparently accomplished.

So what's going on, here? Were these men killed because they knew too much? Did they flip during prosecution investigation? Thus, assassinated to prevent insider testimony concerning the colossal multi-trillion dollar fraud in the global financial casino ? Or did they all just decide to kill themselves after reading the writing on the wall?

Read more...
Petitions by Change.org|Start a Petition »

  © Blogger templates The Professional Template by Ourblogtemplates.com 2008

Back to TOP