Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] "To Protect and Infect" - the edges of privacy-invading technology

Hannes Frederic Sowa hannes at stressinduktion.org
Mon Dec 30 22:01:43 PST 2013


On Tue, Dec 31, 2013 at 06:14:56AM +0100, Hannes Frederic Sowa wrote:
> On Mon, Dec 30, 2013 at 08:56:57PM -0500, griffin at cryptolab.net wrote:
> >   This talk is divided into two parts.  Morgan Marquis-Boire and Claudio 
> > Guarnieri talking about the militarization of the internet in part one, 
> > including both targeted and dragnet surveillance in deep-packet 
> > inspection.  (See also Citizen Labs' work on BlueCoat).  In part two, 
> > Jake Appelbaum talks about some of the most hardcore and cutting-edge 
> > NSA surveillance tactics and equipment.  (See also yesterday's Der 
> > Spiegel articles).
> > 
> > Part 1: http://www.youtube.com/watch?v=XZYo9TPyNko
> > 
> > Part 2: https://www.youtube.com/watch?v=b0w36GAyZIA
> 
> Actually, somehow, I have a feeling of relief to see that major hardware
> vendors don't seem to specifically work hand in hand with the NSA to
> implement backdoors. I don't see that having a JTAG connector publicaly
> accessible on a RAID controller as a hint for that. The other disclosures
> also point to my conclusion that the NSA is mostly working on their
> own. Of course, not all of Snowden's documents are released yet and
> hence my feeling could be deceiving.

Also:

>From the talk I got the impression, that attacks on iPhones always seem
to work. The slide from der Spiegel shows that this infection only works
via close access method and a remote infection path would be available in the
future (the slide is from 2008, but we don't know if this actually exists
now):
http://www.spiegel.de/static/happ/netzwelt/2014/na/v1/pub/img/Handy/S3222_DROPOUTJEEP.jpg

I guess the slide got accidentally chopped off in the talk or am I missing
something?

The UPD+RC6 story does not make sense to me, too (how could they know
about the encryption algorithm if they didn't dissect the actual bytes). I
also don't believe that current state of TLS would help much preventing
those redirection attacks.

Greetings,

  Hannes




More information about the liberationtech mailing list