Re: [cryptography] 2010 TAO QUANTUMINSERT trial against 300 (hard) targets

15 Mar 2014


      On Thu, Mar 13, 2014 at 11:13 AM, Jason Iannone  wrote:
...
And remain undetected?  That's a nontrivial task and one that I would
suspect generates interesting CPU or other resource utilization anomalies.
It's a pretty high risk activity.  The best we can hope for is someone
discovering the exploit and publicly dissecting it.
See, the standard defense for all this is to lock down the cert fingerprints of
your real destination to prevent cert games. Then add in DNSSEC [1] and even
IPSEC [1] to make sure things all match up. That does make things much harder.
Problem still lies where your adversary has stolen or co-op'd the PK
of your dest
cert, and rigged the routing path to route-map your applicable src/dest/port IP
tuples to residing off their private port in the local (to you or your
dest) DC. Right???
...
From which they proceed to bugger you through their transparent proxy
to the real
dest. It's not a bulk tool as that might tip off some non-moled-out-cert-group
network groupie at the dest site that a lot of users come from some IP. And it's
definitely for 'high value only' given the work/risk. But still...
PKI-WOT bidirectional
security between you and your dest of global bgp advert/nexthop routing
infrastructure anyone? Everyone seems to trust the network to route... and
even then [1].
[1] Similarly stolen/co-op'd as need be.
...
pg
This is relatively easy for home routers, since the self-signed certs they're
configured with are frequently CA certs.  In other words they ship from the
factory in a MITM-ready state.
On Thu, Mar 13, 2014 at 8:50 AM, Greg Rose  wrote:
...
You get the routers to create valid-looking certificates for the
endpoints, to mount man-in-the-middle attacks.
On Mar 13, 2014, at 6:28 , Jason Iannone  wrote:
...
The First Look article is light on details so I don't know how one gets
from "infect[ing] large-scale network routers" to "perform[ing]
“exploitation attacks” against data that is sent through a Virtual Private
Network."  I'd like to better understand that.
On Thu, Mar 13, 2014 at 7:22 AM, Jeffrey Walton 
wrote:
On Thu, Mar 13, 2014 at 9:17 AM, Jason Iannone 
wrote:
...
Are there details regarding Hammerstein?  Are they actually breaking
routers?
Cisco makes regular appearances on Bugtraq an Full Disclosure. Pound
for pound, there's probably more exploits for Cisco gear than Linux
and Windows combined.
Jeff
...
On Thu, Mar 13, 2014 at 2:40 AM, Jeffrey Walton 
wrote:
...
On Thu, Mar 13, 2014 at 1:57 AM, coderman  wrote:
...
https://s3.amazonaws.com/s3.documentcloud.org/documents/1076891/there-is-mor...
"TAO implants were deployed via QUANTUMINSERT to targets that were
un-exploitable by _any_ other means."
And Schneier's Guardian article on the Quantum and FoxAcid systems:
http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-an....

grarpamp

tags

participants (1)