What the hell can be done with this trinity?
USPS interdiction of routers, computers, packages and mail has little over sight. USPS attempted to censor report of failure to follow safeguards. https://politico.com/story/2014/06/snail-mail-snopping-safeguards-not-follow...
From: " Александр " <afalex169@gmail.com>
From the "Spiegel" article
If all else fails, the NSA and its allies resort to brute force:
1. They hack their target's computers/ 2. They hack Internet routers to get to the secret encryption/ 3. T hey intercept computers on the way to their targets, open them and insert spy gear before they even reach their destination.
Ok. Nothing new. But what the hell can be done with this trinity?
Badbiosvictim <badbiosvictim@ruggedinbox.com> writes:
USPS interdiction of routers, computers, packages and mail has little over sight. USPS attempted to censor report of failure to follow safeguards.
There's actually a security standard that's supposed to deal with this sort of thing, FIPS 140 (people who have seen my previous posts about what a waste of... well, everything FIPS 140 is should see what's coming here :-). If you recall the Snowden-provided NSA photos of their people intercepting Cisco gear in transit and adding supplementary functionality to it: * The physical seals are applied after it reaches its destination. You order a special "FIPS kit" consisting of (allegedly) tamper-evident stickers that you apply to the gear after the NSA has tampered with it. * Since your $40,000 router doesn't come with the stickers that you need for FIPS 140 compliance, you have to order them specially. No-one bothers (the description I got was "in the n years I've been involved with this, I can count the number of customers who've done it on the fingers of one hand"). * No-one who works with the gear has any idea what a tampered sticker would look like, but in any case they're never checked once applied. Still, at least there's a government standard for it. Peter.
Could you email me your past posts on FIPS 140 and the NSA rule? I would like to include them in a future post on /r/badBIOS on reddit.com. Thanks. On December 30, 2014 6:59:37 PM EST, Peter Gutmann <pgut001@cs.auckland.ac.nz> wrote:
Badbiosvictim <badbiosvictim@ruggedinbox.com> writes:
USPS interdiction of routers, computers, packages and mail has little over sight. USPS attempted to censor report of failure to follow safeguards.
There's actually a security standard that's supposed to deal with this sort of thing, FIPS 140 (people who have seen my previous posts about what a waste of... well, everything FIPS 140 is should see what's coming here :-). If you recall the Snowden-provided NSA photos of their people intercepting Cisco gear in transit and adding supplementary functionality to it:
* The physical seals are applied after it reaches its destination. You order a special "FIPS kit" consisting of (allegedly) tamper-evident stickers that you apply to the gear after the NSA has tampered with it.
* Since your $40,000 router doesn't come with the stickers that you need for FIPS 140 compliance, you have to order them specially. No-one bothers (the description I got was "in the n years I've been involved with this, I can count the number of customers who've done it on the fingers of one hand").
* No-one who works with the gear has any idea what a tampered sticker would look like, but in any case they're never checked once applied.
Still, at least there's a government standard for it.
Peter.
Could you email me your past posts on FIPS 140 and the NSA rule? I would like to include them in a future post on /r/badBIOS on reddit.com. Thanks.
Uhh, I don't keep records of them, or at least there are mail logs but that's an awful lot of stuff to cover. In addition others have commented on it as well not just me, the best way to find it would be to search the cryptography list archives for "FIPS 140". Peter.
On 1/6/15, Peter Gutmann <pgut001@cs.auckland.ac.nz> wrote:
Could you email me your past posts on FIPS 140 ...
Uhh, I don't keep records of them, or at least there are mail logs but...
i was awaiting Peter's response to this. unfortunately (fortunately?) it did not turn out as exhaustive authoritative reference :P best regards from 2015, most crypto ever end-to-end across the planet!
participants (3)
-
Badbiosvictim -
coderman -
Peter Gutmann