Re: črypto is finished... and it's about time × (also: 'Balrog' malnet, firsthand view)

Sean Lynch seanl at literati.org
Tue Jun 16 08:26:01 PDT 2015


Lots of words, very few details. Fonts getting a "bit pixellated"? Are you
kidding me? Packages "piggybacking on other packages"? This is all very
imprecise language for someone who is attempting to convince us that
something very grave is going on. And as usual, not a single hex dump of a
single packet. Not of any of the packets supposedly spewing out of their
supposedly disabled Ethernet port, not out of their supposedly disabled
wifi card, not of one of these supposedly piggybacked packages.

I can imagine why the writing of someone who was up against something like
this might sound like the ravings of a lunatic. That's why I read the whole
thing. But as I read, I kept wondering where the "there" was. But this
feels far more like the sudden significance everything takes on when you
take a hit of acid or are about to have a temporal lobe seizure than a
genuine realization.


 I'm not saying these capabilities don't exist; I'm sure they do. I'm not
even saying the author is lying or stupid. But most of us who are attracted
to security research are a bit "on the edge" to begin with, and it seems
like Snowden's revelations and the like have created all-powerful bogeymen
in some of our minds and pushed us over the edge. We have people making
claims like the NSA can break any encryption, that computers are
communicating by sound (yes, BadBIOS is another of these), and that they've
been "painted" by a network with all sorts of vague capabilities.

I've been reading these stories with an open mind. Maybe some people in
this field just talk that way. Maybe they're vague because they want to
keep their research proprietary. But if that were the case, why not say so?
Why not say what work you have yet to do and give an approximate date for a
full announcement?

Even assuming some of these claims are true, not asking for more evidence
robs us of the ability to defend ourselves. Running off to build f2f
networks is fun and all, but it's not going to do a lick of good if we have
no idea what we're up against beyond some vague descriptions, especially
when you consider that the capabilities of our adversaries go well beyond
the technological. There is such a thing as technological security that's
"too good", when you've spent all your time defending against technological
attacks only to succomb to, as others on this thread have pointed out, a
rubber hose.

I love that this group is open minded. I love that anyone can make a claim
and it will get seriously considered by many without requiring special
credentials. But I also feel like a lot of people here are very easily
ratholed by extraordinary claims that lack not just extraordinary evidence,
but any evidence whatsoever other than someone we may or may not know well
saying it's so.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3010 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20150616/e16c0f64/attachment-0002.txt>


More information about the cypherpunks mailing list