Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] DecryptoCat

Jacob Appelbaum jacob at appelbaum.net
Tue Jul 9 06:45:35 PDT 2013


Maxim Kammerer:
> On Tue, Jul 9, 2013 at 11:39 AM, Michael Rogers
> <michael at briarproject.org> wrote:
>> Google and Mozilla wouldn't have to run
>> competitions to find holes in their own browsers. There wouldn't be a
>> multi-million-dollar 0day black market.
> 
> You are talking about huge projects with complex design, where the
> architecture itself is a source of security issues. Not to mention
> that WebKit and Mozilla weren't engineered for security to begin with.
> 
>> It wouldn't be possible for
>> the NSA (according to Snowden) to "simply own" the computer of any
>> person of interest.
> 
> Offtopic, but I didn't see any indication in that last paragraph of
> Jacob's interview that Snowden talks about exploiting computers. In
> general, Snowden for some reason is usually terribly vague for someone
> who apparently exhibits excellent command of English language (from my
> non-native speaker's POV).

I think he very clearly stated it:

Interviewer: What happens after the NSA targets a user?

Snowden: They're just owned. An analyst will get a daily (or scheduled
based on exfiltration summary) report on what changed on the system,
PCAPS 9 of leftover data that wasn't understood by the automated
dissectors, and so forth. It's up to the analyst to do whatever they
want at that point -- the target's machine doesn't belong to them
anymore, it belongs to the US government.

If it isn't clear - he is saying that once a user is targeted for
surveillance - their computer systems (and networks) are compromised by
the NSA in a variety of ways. This includes memory corruption bugs,
obviously.

> 
>> Writing secure software is much, much harder than simply writing
>> comments, writing tests and coding defensively.
> 
> This is a thread about Cryptocat. Cryptocat is a web frontend for a
> couple of protocols. Yes, it is that easy.

The protocol that has the most trouble is the homebrewed multi-party
crypto. Though some of the underlying bits obviously impact the rest of it.

All the best,
Jacob



More information about the liberationtech mailing list