On Tue, Dec 31, 2013 at 06:14:56AM +0100, Hannes Frederic Sowa wrote:
On Mon, Dec 30, 2013 at 08:56:57PM -0500, griffin@cryptolab.net wrote:
This talk is divided into two parts. Morgan Marquis-Boire and Claudio Guarnieri talking about the militarization of the internet in part one, including both targeted and dragnet surveillance in deep-packet inspection. (See also Citizen Labs' work on BlueCoat). In part two, Jake Appelbaum talks about some of the most hardcore and cutting-edge NSA surveillance tactics and equipment. (See also yesterday's Der Spiegel articles).
Actually, somehow, I have a feeling of relief to see that major hardware vendors don't seem to specifically work hand in hand with the NSA to implement backdoors. I don't see that having a JTAG connector publicaly accessible on a RAID controller as a hint for that. The other disclosures also point to my conclusion that the NSA is mostly working on their own. Of course, not all of Snowden's documents are released yet and hence my feeling could be deceiving.
Also:
From the talk I got the impression, that attacks on iPhones always seem to work. The slide from der Spiegel shows that this infection only works via close access method and a remote infection path would be available in the future (the slide is from 2008, but we don't know if this actually exists now): http://www.spiegel.de/static/happ/netzwelt/2014/na/v1/pub/img/Handy/S3222_DR...
I guess the slide got accidentally chopped off in the talk or am I missing something? The UPD+RC6 story does not make sense to me, too (how could they know about the encryption algorithm if they didn't dissect the actual bytes). I also don't believe that current state of TLS would help much preventing those redirection attacks. Greetings, Hannes