lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 12 Aug 2013 09:07:19 -0400
From: Pedro Luis Karrasquillo <peter_toyota@...mail.com>
To: "michal@...ac.org" <michal@...ac.org>, "tborland1@...il.com"
 <tborland1@...il.com>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: CALEA & Re: XKeyscore

That was really funny and tongue-in-cheek, michal!
I really enjoyed your response, put a grin in my face in this grimy Monday...
you encourage me to turn off the digest delivery and receive the responses as they happen instead... great list to receive real time if you are into S&M and getting trolled hard by very smart people!
 
On slide 7 they show a red dot over Venezuela. You think Chavez let the spooks tap into the fiber there too? Where does the fiber tap connect to? Oh wait, there is a red dot over Moscow too...
 
tborland nailed it with the links he sent... you do not need tons of copper, glass mirrors, nor Mulder & Scully on the case to do this. No need to ship immediate data to Utah or any other central location either. Data could be indexed locally and only the relevant keywords posted to C&C. Ever heard of distributed computing? Nobody dumps CDR data to tape to hand it over to mediation any more. Oh, wait... the DACS is still connected to that Okidata Dot matrix printer and the ink tape needs to be changed... bye. 
 
Keep your ideas coming people! 
 
Next thing we need to discuss is, Slide 18 "Show me all VPN startups, give me the data so I can decrypt and discover users" What can they decrypt? Surely this does not mean that the infamous "all encryption algorithms have a backdoor" urban legend is true? I think this XK presentation is mostly marketing and PR bullshit to sell to DoD know-nothings than what its worth.
 

 --Forwarded Message Attachment--
From: tborland1@...il.com
CC: full-disclosure@...ts.grok.org.uk
To: michal@...ac.org
Date: Sun, 11 Aug 2013 19:39:57 -0500
Subject: Re: [Full-disclosure] XKeyscore sees 'nearly EVERYTHING you do

http://www.faqs.org/rfcs/rfc3924.html
http://www.blackhat.com/presentations/bh-dc-10/Cross_Tom/BlackHat-DC-2010-Cross-Attacking-LawfulI-Intercept-wp.pdf
http://www.cisco.com/en/US/tech/tk583/tk799/tsd_technology_support_protocol_home.html
 
 

On Sun, Aug 11, 2013 at 2:47 PM, Michal Purzynski <michal@...ac.org> wrote:

 
 		 	   		  
Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ