lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 19 Sep 2007 00:33:02 +0000 (UTC)
From: jf <jf@...glingpointers.net>
To: "J. Oquendo" <sil@...iltrated.net>
Cc: j_tripp_283@...oo.com, full-disclosure <full-disclosure@...ts.grok.org.uk>,
	Valdis.Kletnieks@...edu
Subject: Re: Pro US government hackerganda

> Nice to know. I hope my government can either install ispell or send
> some of you guys to Clueful University.

Well maybe you can write up a perl script for me to fix that, maybe statd
some ac.jp boxes, thats what you're good at right? It's humorous to see
the script kids of yesterday go legit today.

> Here is one for you from the horses mouth. 100% true so help me any
> deity. So I get a group of individuals visit my company about two weeks
> ago. Golf shirts slacks, etc., really clean cut. Nice little blue and
> white plates can be seen from the conference room with a big old G on
> it. They start asking about pentesting EV-DO... They ramble on and
> mention "we're using 128 bit..."
>
> "Wait a minute" I told the gentleman. "You know you shouldn't be using
> 128 bit for encryption of TS documents in according with NIST." (And I
> know this because I got a personal schooling from Bruce Schneier on
> this. (http://www.cnss.gov/Assets/pdf/cnssp_15_fs.pdf for clarity on
> this)) Their response: "We know but we have M16's on each side of the
> stream" and they chuckled.
>
> My thoughts at that time... What a bunch of idiots. So what. M16's mean
> nothing if you can't track someone sniffing you - you idiot... In
> essence its stupid - and I sincerely and obnoxiously mean this - STUPID
> IDIOTS in the government who allow these so called pseudoIntrusions
> (add that to your buzzwords too).

Well either you're full of it, they're full of it, or you just plainly
misunderstood. In every place I've ever seen TS data getting transmitted,
they're not using any cipher you've ever heard of, both ends of the
connection use something like a kg-175 (now known as a taclane, you're lie
would've been better if you had found out about these in your time spent
using google), which uses NSA encryption and because of the crypto-module,
is classified.

Now what's possible (assuming this isnt the figment of your imagination),
is that they were transmitting data rated at secret, which IIRC can use
AES 128, depending on the implementation.

So like I said, you're either making it up, misunderstood them, or they
were having fun with you.

> See an intrusion hasn't occurred here period, error and human stupidity
> has though and now the US government is calling the kettle black. In
> case you have either forgotten or never heard of the abuses of ECHELON
> not to even bother pointing out the mess we have in this country with
> our warrantless M&M color coded uberDuber terrorAlert crapaganda systems.
>
> So politics aside, its stupidity black and white, not an intrusion that
> is leading to the compromise of data. If the data is on unsecured
> webservers that are on the Internet, don't blame the ingenuity of
> someone for finding something that should have been on SIPR instead of
> being online (NIPR) to the public in the first place.
>
> The gov should re-iterate the differences between SIPR, NIPR, RIPR and
> other systems to clueless idiots on computers, servers, crackberries or
> whatever other mediums they choose to use.

So what, you think because you found some documents on google that this is
how the data is getting lost and this all somehow makes you authoritive?
Here is the simple truth, as is the usual with many of you
ex-feed-the-goats/etc kids, you just don't know wtf you're talking about.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ