Redacted NSA Cold War History Released

Via Bruce Schneier, a redacted version of the NSA’s American Cryptology during the Cold War, (1945-1989) has been released thank to a request from the George Washington Universities National Security Archive project.

It includes a rather interesting section (book 1, pages 18 and 19) on how, in 1947, the UK foreign intelligence agency, SIS, decrypted some KGB messages from Canberra that turned out to include classified UK intelligence military estimates. This caused the US to break off crypto intelligence sharing with Australia putting the British in an awkward situation; as Clement Attlee put it:

The intermingling of American and British knowledge in all these fields is so great that to be certain of of denying American classified information to the Australians, we should have to deny them the greater part of our own reports. We should thus be placed in a disagreeable dilemma of having to choose between cutting of relations with the United States in defence questions or cutting off relations with Australia.

It took 5 years, the establishment of ASIO and a change in government from Chifley to Menzies before the US would reestablish full resumption of cryptologic exchanges with Australia and the author of the history concludes that this has a very bad effect on early American intelligence efforts against China.

The cause of the original leak to the KGB ? Two “leftists” in the Australian diplomatic service…

Ubuntu Intrepid Packages for Digikam 0.10 (KDE4) (Updated)

Finally I’ve stumbled across packages of the KDE4 version of Digikam (0.10) which is currently in beta.

deb intrepid main

They’re part of the Digikam Experimental Personal Package Archive (PPA) and so track the latest development releases (0.10.0-rc1 as I write this) and work for me on Ubuntu Intrepid with KDE 4.2 (at the moment) – remember to install Marble!


Many thanks to Maarten Fonville who previously provided packages that this story originally pointed to, and who commented with the above alternative archive.

Rogue CA – MD5 collisions for phun and profit

Now this is, umm, interesting..

We have identified a vulnerability in the Internet Public Key Infrastructure (PKI) used to issue digital certificates for secure websites. As a proof of concept we executed a practical attack scenario and successfully created a rogue Certification Authority (CA) certificate trusted by all common web browsers. This certificate allows us to impersonate any website on the Internet, including banking and e-commerce sites secured using the HTTPS protocol.

Trust no one..


Australian Android Phone

Kogan, an Australian company who usually specialise in LCD’s, are making a mobile handset (the Agora) for Google Android (which uses the Linux kernel) with 3G, quad band GSM, GPS, wifi, Bluetooth, etc… It’s due to start shipping at the end of January and I’ve just pre-ordered mine to hopefully provide a more functional open source phone and let me hack more with my OpenMoko phone without having to worry about not having a working phone.

Kogan Agora Pro mobile phone