Re: XKeyscore: NSA tool collects 'nearly everything a user does, on the internet
What's are peoples take on slide 17? "Show me all VPN startups in country X, and give me data so I can decrypt and discover user" http://www.theguardian.com/world/interactive/2013/jul/31/nsa-xkeyscore-progr...
For example, In Iran which is funny how its mentioned in slide 16, weak encryption is common. Most VPN providers sell PPTP with MSCHAP (thanks to the built in windows client) which I think is as weak as the password set. Three VPN logins are being emailed from providers to users in plain text. It can't be too difficult for NSA or anyone analyzing the traffic to decrypt the VPN content. --SiNA On Aug 1, 2013 4:38 AM, "Faraz" <faraz_mah@lavabit.com> wrote:
What's are peoples take on slide 17?
"Show me all VPN startups in country X, and give me data so I can decrypt and discover user"
http://www.theguardian.com/world/interactive/2013/jul/31/nsa-xkeyscore-progr...
Right, I made the assumption that most VPNs are using forward secrecy... which is obviously not the case. On 01/08/13 23:43, SiNA Rabbani wrote:
For example, In Iran which is funny how its mentioned in slide 16, weak encryption is common. Most VPN providers sell PPTP with MSCHAP (thanks to the built in windows client) which I think is as weak as the password set.
Three VPN logins are being emailed from providers to users in plain text. It can't be too difficult for NSA or anyone analyzing the traffic to decrypt the VPN content.
--SiNA
On Aug 1, 2013 4:38 AM, "Faraz" <faraz_mah@lavabit.com <mailto:faraz_mah@lavabit.com>> wrote:
What's are peoples take on slide 17?
"Show me all VPN startups in country X, and give me data so I can decrypt and discover user" http://www.theguardian.com/world/interactive/2013/jul/31/nsa-xkeyscore-progr...
Before digital, there was mechanical. View and purchase fascinating mechanical antique pocket watches and vintage wrist watches. Visit Bogoff Antiques today. http://www.bogoff.com
Do you think Amazon and Rackspace count as "VPN Startups"? -lee On Thu, Aug 1, 2013 at 7:27 AM, Faraz <faraz_mah@lavabit.com> wrote:
What's are peoples take on slide 17?
"Show me all VPN startups in country X, and give me data so I can decrypt and discover user" http://www.theguardian.com/world/interactive/2013/jul/31/nsa-xkeyscore-progr...
I'd say they are referring to some kind of protocol, network or application fingerprint. For example, all connections to standard VPN ports. On Aug 2, 2013 12:28 PM, "Lee Azzarello" <lee@guardianproject.info> wrote:
Do you think Amazon and Rackspace count as "VPN Startups"?
-lee
On Thu, Aug 1, 2013 at 7:27 AM, Faraz <faraz_mah@lavabit.com> wrote:
What's are peoples take on slide 17?
"Show me all VPN startups in country X, and give me data so I can decrypt and discover user"
http://www.theguardian.com/world/interactive/2013/jul/31/nsa-xkeyscore-progr...
Ha! That makes much more sense. On Fri, Aug 2, 2013 at 4:28 PM, SiNA Rabbani <sina@redteam.io> wrote:
I'd say they are referring to some kind of protocol, network or application fingerprint.
For example, all connections to standard VPN ports.
On Aug 2, 2013 12:28 PM, "Lee Azzarello" <lee@guardianproject.info> wrote:
Do you think Amazon and Rackspace count as "VPN Startups"?
-lee
On Thu, Aug 1, 2013 at 7:27 AM, Faraz <faraz_mah@lavabit.com> wrote:
What's are peoples take on slide 17?
"Show me all VPN startups in country X, and give me data so I can decrypt and discover user"
http://www.theguardian.com/world/interactive/2013/jul/31/nsa-xkeyscore-progr...
Hi,
For example, all connections to standard VPN ports. OpenVPN for instance wraps its packets into some kind of container (that's why you can run OpenVPN and web server on the same port - this is called port sharing).
So it is possible to detect OpenVPN traffic with packet analysis. Some network appliances can already do that. BTW, I think there should be the next step in development of privacy enhaching technologies. First step was development of encryption techniques for the masses (credits to cyphepunks movement in 1990's). Second step was development of anonimisation (Tor). Third step should be development of techniques for hiding encrypted traffic. Obfuproxy, which is a part of Tor package, does that, but we need general purpose standalone tools. Regards, Matej
participants (4)
-
Faraz -
Lee Azzarello -
Matej Kovacic -
SiNA Rabbani