Common spy tradecraft to exploit most popular and trusted comsec, bemoan going dark, wheedle more funding, accuse blood on hands of traitors, announce soothing adjustments to correct over-reach, reward those who find bugs and disclose errors by zealous insiders, issue presidential executive orders, hold hearings, sick IGs onto the unfortunate, rejiggle court and congressional oversight, appoint replacement leaders, quietly fund researchers and NGOs to air dirty laundry, solicit views of outside experts, launch campaigns to falsely confess the truth of accusations and promise to clean up the filth of national security predation, contamination, waste and profit, bring on board as consultants or specially skilled to aid the inept insiders who are overworked, underpaid, under-appreciated, excuse those who leave the inside to reap fabulous rewards on the outside, enhance the devilish torment of FOIA compliance. hire ever smarter and sleazier press representatives from among those most vocal in opposition but ready for making a deal either directly or through speaking, teaching an director-ship gigs funded by benefactors of official contract and tax benefit largesse. Comsec and crypto cult endures these ups and downs, mostly dirty, craven, deceptive, unscrupulous, duplicitous, sanctimonious, secretive, paranoid, greedy, privileged -- come on, dear public, just see they are evil on your behalf and neither they or the public would have it any other way. Security fig leafs -- bibles, cathedrals, forts, laws of war, free markets, democracies, encryption -- are obligatory to pretend the devil is not our deity. HTTPS is as believable and lucrative as indulgences of the Middle Ages, or sickle and hammer, cross, crescent, fit bit, smart cities. At 09:57 AM 10/2/2015, you wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 10/02/2015 06:52 AM, rysiek wrote:
Dnia czwartek, 1 października 2015 07:23:28 John Young pisze:
HTTPS has become a fetish, maybe always was. It serves as an end point fig leaf,
And yet it rises the cost of spying. It's not enough to be passive listener, one has to become active and MITMing. Possible? Yes. More costly? Definitely.
The cost also depends on the scope of targeted communications: Leaked NSA docs indicate that persistent full take collection and retention against /visitors/ to specified websites is initiated automatically. MITM against the servers in question, for surveillance AND content modification in transit against some specified end users, is well within the budgets and tech capabilities of the FVEYE States.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBAgAGBQJWDo1kAAoJEDZ0Gg87KR0LwvYP/2bgHmu6pJeSdglr0klKEUQy WEzakyIC4Yxtp/yXLxtMr4Nsi7US21puVOx/cTYJGjDHHIKasHOpm2HxQxL27BrL CZdQ0vItwZFT0cjtpJR7Ag3lZNNrfhbj79TJJwARe88DEDeJaGWE6SMPZsTihyY2 tBoBwgkTcVLu+5qerb0GLZFtytfT8O/mNe7kDXBmwC0r+QUBCruzmUwdn0FVEV5p faUqeeZXDq1hR44WXGVPHVwe8F+JL5pFOLPm1Q5nlUP9J+pHl7VGi4s7w92bIO2H 4/WNT7oW3c6dJGHlB34+VDIkAZVsK217UM9cfW6qsfTyZDvURJ6SHn6TfEniPvaP SqoloxBZrSPGSD5PbIElciW7MQ+np0gEzWC7bAd6hMu38bxIhiukzexnjBA+ct6d N8/mvmc/mm9sOMLnlc+CCsKmqlKa7vcegqk5jA43iF59Fpqiv7HQo+a9DJD34bmy mxCI3K9HaEZttyzjcS5ZK4VAn/WN/KdBOmjsFkqSFpSzmH6dFOmj8TVb0abmfCk9 e/C5u4HStHUq/qIcJR4CI3g+R+3fOnd93SMWouVdewiQVm4d1irOAi+DyR8zaK9L E59MX7qrpr+9gVTJn0Qu4k4l80P4vnzetQs3f/eCcTE6BlsNtaNofFJ6+wqHhU6/ zK73nsYTCRO6AluWZNLk =VnV5 -----END PGP SIGNATURE-----