Hackers invade DOJ web site
Alan Olsen
alano at teleport.com
Wed Aug 21 00:48:26 PDT 1996
At 06:31 PM 8/20/96 -0500, Frank Stuart wrote:
>Since we don't know how the intruders broke in, we can only speculate. I
>can think of several scenarios where cryptographic techniques could help.
>I can also think of several where they wouldn't. When you've only got 20
>seconds to explain to a non-technical audience, I don't think it's dishonest
>to say that it might have prevented it.
>
>Off the top of my head, here are a couple examples:
>
> 1. It's possible that a DOJ employee logged in from a remote site while
> the intruders were snooping somewhere along the way. If the link had
> been encrypted, that would have made things much more difficult or
> impossible for the attackers.
>
> 2. Perhpas the intruders used IP spoofing and .rhosts to break in. If
> machines had to be cryptographically authenticated, a rsh from the
> wrong machine wouldn't work.
One of the best comments I have seen (from another list) was:
"These are the people who want us to escrow our encryption keys with them
and yet they can't protect their own web site."
I think this can be used as a very valid example as to why they are
untrustworthy to be in charge of keeping anything private and/or protected,
let alone private encryption keys.
---
| "Remember: You can't have BSDM without BSD. - alan at ctrl-alt-del.com "|
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: |
| mankind free in one-key-steganography-privacy!" | Ignore the man |
|`finger -l alano at teleport.com` for PGP 2.6.2 key | behind the keyboard.|
| http://www.teleport.com/~alano/ | alano at teleport.com |
More information about the cypherpunks-legacy
mailing list