lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu Dec 29 06:01:08 2005
From: chromazine at sbcglobal.net (Steve Kudlak)
Subject: Spy Agency Mined Vast Data Trove and other tales



It is kind of think it is a "UFO story" to say that PGP and the likes 
don't work and have been quietlty changed to make them easy to break. 
The inventors being compromised is pretty much an MIB story. It is open 
code so you can read it and see if it is possible to break and how 
easily given current open knowledge. Now if the mathematicians in the 
NSA know things about factoring we don't well oh well.  What is depended 
on is that most people don't encrypt and most things are sent in the 
open. This includes most transactions that can be used to build a sort 
of profile. If I were to start spending other than cash quietly and 
using banks in any way at least my bankers would know some improvement 
had taken place and they at least have agreed to release a lot of 
information to competent authorities. Also this stuff is sent pretty 
much encrypted. SO there is a lot of information out there to gather and 
much of the idea about datamining is to get things out of easily 
available unencrypted  sources. The same with phone calls. Very few 
people have STU phones or equivelent.  it is amazing how stuff just gets 
known because people can't or most often won't be careful. The big 
problem with datamining is getting pattern out of data and telling what 
that pattern means. This is a problem in a lot of fields, there is a 
storm sitting out in the Pacific over a relatively sensor rich area and 
I have all sorts of information about its behavior, about SST (sea 
surface temperature) etc. but it is hard trying to figure out how that 
will impact where I live.

Those of us who have worked on big projects inside of large entities and 
the like know that the people there are often like you and me, despite 
what the X-Files and true believers say. But that scary stuff does make 
it more romantic. You are right that however that putting pressure on 
politicos will get them to change, and people in security agencies are 
human too and not inhuman monsters and many care a lot about the nature 
of their work and as onme might notice when someone goes too far little 
leaks sprout.


Have Fun,
Sends Steve

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ