Re: XKeyscore: NSA tool collects 'nearly everything a user does, on the internet

Faraz

1 Aug 2013 1 Aug '13

11:27 a.m.

What's are peoples take on slide 17? "Show me all VPN startups in country X, and give me data so I can decrypt and discover user" http://www.theguardian.com/world/interactive/2013/jul/31/nsa-xkeyscore-progr...

Show replies by date

SiNA Rabbani

1 Aug 1 Aug

1:43 p.m.

New subject: XKeyscore: NSA tool collects 'nearly everything a user does, on the internet

For example, In Iran which is funny how its mentioned in slide 16, weak encryption is common. Most VPN providers sell PPTP with MSCHAP (thanks to the built in windows client) which I think is as weak as the password set. Three VPN logins are being emailed from providers to users in plain text. It can't be too difficult for NSA or anyone analyzing the traffic to decrypt the VPN content. --SiNA On Aug 1, 2013 4:38 AM, "Faraz" wrote:

...

What's are peoples take on slide 17?

"Show me all VPN startups in country X, and give me data so I can decrypt and discover user"

http://www.theguardian.com/world/interactive/2013/jul/31/nsa-xkeyscore-progr...

Faraz

2 Aug 2 Aug

8:29 a.m.

New subject: XKeyscore: NSA tool collects 'nearly everything a user does, on the internet

Right, I made the assumption that most VPNs are using forward secrecy... which is obviously not the case. On 01/08/13 23:43, SiNA Rabbani wrote:

...

For example, In Iran which is funny how its mentioned in slide 16, weak encryption is common. Most VPN providers sell PPTP with MSCHAP (thanks to the built in windows client) which I think is as weak as the password set.

Three VPN logins are being emailed from providers to users in plain text. It can't be too difficult for NSA or anyone analyzing the traffic to decrypt the VPN content.

--SiNA

On Aug 1, 2013 4:38 AM, "Faraz" mailto:faraz_mah@lavabit.com> wrote:

What's are peoples take on slide 17?

"Show me all VPN startups in country X, and give me data so I can decrypt and discover user" http://www.theguardian.com/world/interactive/2013/jul/31/nsa-xkeyscore-progr...

Before digital, there was mechanical. View and purchase fascinating mechanical antique pocket watches and vintage wrist watches. Visit Bogoff Antiques today. http://www.bogoff.com

Lee Azzarello

7:18 p.m.

New subject: XKeyscore: NSA tool collects 'nearly everything a user does, on the internet

Do you think Amazon and Rackspace count as "VPN Startups"? -lee On Thu, Aug 1, 2013 at 7:27 AM, Faraz wrote:

...

What's are peoples take on slide 17?

"Show me all VPN startups in country X, and give me data so I can decrypt and discover user" http://www.theguardian.com/world/interactive/2013/jul/31/nsa-xkeyscore-progr...

SiNA Rabbani

8:28 p.m.

New subject: XKeyscore: NSA tool collects 'nearly everything a user does, on the internet

I'd say they are referring to some kind of protocol, network or application fingerprint. For example, all connections to standard VPN ports. On Aug 2, 2013 12:28 PM, "Lee Azzarello" wrote:

...

Do you think Amazon and Rackspace count as "VPN Startups"?

-lee

On Thu, Aug 1, 2013 at 7:27 AM, Faraz wrote:

...
What's are peoples take on slide 17?

"Show me all VPN startups in country X, and give me data so I can decrypt and discover user"

http://www.theguardian.com/world/interactive/2013/jul/31/nsa-xkeyscore-progr...

...

Lee Azzarello

8:47 p.m.

New subject: XKeyscore: NSA tool collects 'nearly everything a user does, on the internet

Ha! That makes much more sense. On Fri, Aug 2, 2013 at 4:28 PM, SiNA Rabbani wrote:

...

I'd say they are referring to some kind of protocol, network or application fingerprint.

For example, all connections to standard VPN ports.

On Aug 2, 2013 12:28 PM, "Lee Azzarello" wrote:

...
Do you think Amazon and Rackspace count as "VPN Startups"?

-lee

On Thu, Aug 1, 2013 at 7:27 AM, Faraz wrote:

...
What's are peoples take on slide 17?

"Show me all VPN startups in country X, and give me data so I can decrypt and discover user"

http://www.theguardian.com/world/interactive/2013/jul/31/nsa-xkeyscore-progr...

Matej Kovacic

9:23 p.m.

New subject: XKeyscore: NSA tool collects 'nearly everything a user does, on the internet

Hi,

...

...
For example, all connections to standard VPN ports. OpenVPN for instance wraps its packets into some kind of container (that's why you can run OpenVPN and web server on the same port - this is called port sharing).

So it is possible to detect OpenVPN traffic with packet analysis. Some network appliances can already do that. BTW, I think there should be the next step in development of privacy enhaching technologies. First step was development of encryption techniques for the masses (credits to cyphepunks movement in 1990's). Second step was development of anonimisation (Tor). Third step should be development of techniques for hiding encrypted traffic. Obfuproxy, which is a part of Tor package, does that, but we need general purpose standalone tools. Regards, Matej

4066

Age (days ago)

4067

Last active (days ago)

List overview

Download

6 comments

4 participants

participants (4)

Faraz
Lee Azzarello
Matej Kovacic
SiNA Rabbani