From: jftucker at gmail.com (James Tucker)
Subject: Insecurity in Finnish parlament (computers)

Very well I give up. Try to purchase one of those units (that is a
picture of a butchered Toshiba Satellite Pro). No one can actually
sell you one. They appeared first on Chinese sites about 6 years ago
and no company would actually supply the units.

The Police and security agencies do not use passive units, they use
active units and are able to do so with jurisdiction given to them by
law. The phone providers co-operate because they have to. the units in
use are not made by some dodgy company without any money or backing.
They are made by communications providers who actually have the
capability to design and build micro controllers and dsps which are
fast enough for the job. The switching circuits which control the
modulation schemes are too fast for the equipment described in the
specification of those units. The claim the system has a monitoring
radius of +/- 500m; and yet the antenna in use will pick up all
devices within the local cell. They claim that you need to be within a
couple of hundred metres of your target due to the low power of the
handsets; well how does the signal reach the tower if it's so weak.

I could laugh back at you if I wan't getting so upset. No point in
continuing really. Like I have said before, try the technologies you
judge before you judge them. Don't trust unbranded sites claiming to
sell units that don't really exist. Go speak to an electronic engineer
with some experience of RF networks.

Please notice that there has never been a price applied to these
units. Furthermore the claim is the ability to monitor 124 cells
simultaneously. They must have a different definition of a cell to the
rest of us.

The designers/sellers of the unit seem to have another clear
misunderstanding of RF, that you would need to be close to any unit at
all. RF gain is synchronous. If you increase the size of an antenna at
one end of a loop you will get better reception at both ends. As we
are talking passive monitoring here you would be able (if this was
real) to increase the distance from the phone by simply adding a
bigger antenna. You will not get interference problems THAT IS WHAT
MODULATION IS ABOUT.

I don't understand why you aren't listening...

I still stand by my point on SSH that you are bashing a technology
just because its users are stupid. The ONLY way to prevent man in the
middle attacks is to have some pre-shared authentication system or a
separate communications loop. Period. This is not a failing of SSH
thus by suggesting it is, you are misguiding your readers. Such a
thing is called sensationalism in my book. I am an experienced tech
and I cannot read that paragraph without thinking you are suggesting
that SSH is insecure. People with less knowledge or experience will
only suffer worse. Why can't you just explain in general terms the
principles of man in the middle attacks and THEN maybe if you want use
SSH as AN EXAMPLE.

For someone who freely admits not having strong knowledge in the
subject area you are very resistant to actually taking some advice and
learning something new. I am at a loss of how to explain to you what
is going on short of giving you about 5% of an electronic engineering
degree. Forget it.

Keep writing, keep claiming, you will get your comeuppance, even if
the people you are talking about in this case are bad admins. As I
tried to explain in my previous e-mail I don't wish to talk to you if
you aren't willing to listen, especially when I am taking time out of
my holiday.

End of Discussion.

P.S. If you cant drop and must send a message, don't bother with the
list. I am sure there are many who will become frustrated with this as
it is becoming more of an argument than a security discussion. This
will be my last post to the list on this topic unless some useful
information is brought to the front.

Powered by blists - more mailing lists