Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] NYT report on Obama admin's wiretap plans

Jacob Appelbaum jacob at appelbaum.net
Mon Sep 27 14:36:58 PDT 2010


On 09/27/2010 02:34 PM, Gregory Maxwell wrote:
> On Mon, Sep 27, 2010 at 5:31 PM, Thomas Smyth <thomas.smyth at gatech.edu> wrote:
>>> Skype cannot easily patch their network. They do not own every computer
>>> in the network - they even have hardware devices that cannot be (easily
>>> or ever) upgraded such as telephone units, firmware for motherboards, etc.
>>>
>>
>> Hmm, you mean the motherboards on client computers?  For example, person X
>> has a motherboard with an exploitable on-board network card that lets an
>> attacker, say, snoop packets before they're encrypted or something?  (Just
>> thinking aloud here.)  So then the security of Skype relies on not just
>> Skype client software, but all these other bits as well?
>>
>> That makes sense but again then we're back to this reducing to cracking any
>> point-to-point encrypted communication.  So the argument becomes that no
>> digital communication is truly secure, no?  But then Skype is not a special
>> case...
> 
> There are systems with a complete mini-Linux distribution in bios
> including Skype. For example, "Asus Express Gate" on Asus
> motherboards.
> 

That's a perfect example. If Skype changed their client or protocol,
they'd break that motherboard. In some cases, it would simply fragment
their network into smaller subsets - some vulnerable and some not. How's
a user to know, how does the protocol downgrade, etc?

All the best,
Jake



More information about the liberationtech mailing list