| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 13 Nov 2007 10:59:53 +0100
From: Florian Echtler <echtler@...tum.de>
To: johan beisser <jb@...stic.org>
Cc: "Matt D. Harris" <mdh@...itox.net>,
Paul Sebastian Ziegler <psz@...erved.de>, bugtraq@...urityfocus.com
Subject: Re: Standing Up Against German Laws - Project HayNeedle
> If I read the law correctly, it requires retention of "what IP
> connected to another IP" and "which phone number called where." It
> doesn't bother retaining the URL called (my German is rusty, so I may
> be a little off in my interpretation). Connecting to a random IP on a
> random open port (80 and 443, for example) would be a good start to
> accomplish the goal creating chatter. The issue is that the search
> terms to find those ports could lead to connecting to a site that
> increases your profile against general background chatter, even as it
> is raised with random connection traffic.
As a native German speaker, allow me to clarify: with respect to IP
communication, the law mandates saving the following information for 6
months:
- which customer was assigned which IP for what timespan
- sender mail address, receiver mail address and sender IP for each mail
- in case of VOIP: caller and callee phone number and IP address
So it wouldn't make much sense to create connection noise on a TCP or
HTTP basis, as this stuff isn't logged. I think one should rather
concentrate on generating email noise in this regard.
Yours, Florian
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
Powered by blists - more mailing lists