"To Protect and Infect" - the edges of privacy-invading technology
Hannes Frederic Sowa
hannes at stressinduktion.org
Mon Dec 30 22:01:43 PST 2013
On Tue, Dec 31, 2013 at 06:14:56AM +0100, Hannes Frederic Sowa wrote:
> On Mon, Dec 30, 2013 at 08:56:57PM -0500, griffin at cryptolab.net wrote:
> > This talk is divided into two parts. Morgan Marquis-Boire and Claudio
> > Guarnieri talking about the militarization of the internet in part one,
> > including both targeted and dragnet surveillance in deep-packet
> > inspection. (See also Citizen Labs' work on BlueCoat). In part two,
> > Jake Appelbaum talks about some of the most hardcore and cutting-edge
> > NSA surveillance tactics and equipment. (See also yesterday's Der
> > Spiegel articles).
> >
> > Part 1: http://www.youtube.com/watch?v=XZYo9TPyNko
> >
> > Part 2: https://www.youtube.com/watch?v=b0w36GAyZIA
>
> Actually, somehow, I have a feeling of relief to see that major hardware
> vendors don't seem to specifically work hand in hand with the NSA to
> implement backdoors. I don't see that having a JTAG connector publicaly
> accessible on a RAID controller as a hint for that. The other disclosures
> also point to my conclusion that the NSA is mostly working on their
> own. Of course, not all of Snowden's documents are released yet and
> hence my feeling could be deceiving.
Also:
>From the talk I got the impression, that attacks on iPhones always seem
to work. The slide from der Spiegel shows that this infection only works
via close access method and a remote infection path would be available in the
future (the slide is from 2008, but we don't know if this actually exists
now):
http://www.spiegel.de/static/happ/netzwelt/2014/na/v1/pub/img/Handy/S3222_DROPOUTJEEP.jpg
I guess the slide got accidentally chopped off in the talk or am I missing
something?
The UPD+RC6 story does not make sense to me, too (how could they know
about the encryption algorithm if they didn't dissect the actual bytes). I
also don't believe that current state of TLS would help much preventing
those redirection attacks.
Greetings,
Hannes
More information about the cypherpunks
mailing list