| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: adam at hif.hu (Szilveszter Adam) Subject: Wiretap or Magic Lantern? Hello all, As for the "Magic Lantern" stuff, yes AFAIR it was like your typical malware, was delivered eg via email and did pretty much the same stuff that today's keystroke-logging remote-controllable malware does. Nothing truly exciting, not even at the time, but for the fact that it was the Feds that were using it. (People simply *love* consipracy theories and things that have to do with any kind of secret services. These orgs profit from this fact tremendously. Just look at their booths at job fairs: they are bustling with hangers-on and wannabees.) As for the article cited, whenever I read something like that I always think to myself: "It is quite reasonable to believe, that these so-called correspondents were already under surevillance for some reason or other, and therefore their emails were already monitored." It is the only feasible way for this to happen. All the rest of the tales of a super-duper system that monitors all the world's Internet, satellite, radio and phone traffic and screens it in real-time is just a smoke-screen for the ppl who love spy movies. And of course it furthers the interests of the U.S., since this way no one (not even the so-called allies) can be quite sure what they now or are capable of discovering. Note that this is *not* to say that the technical ingredients of such a system are not already available to governments in many countries. They are. Phone calls, mobile calls, satellite traffic or Internet traffic: they can be and are monitored both by police and by the secret services. On more places than you would think. Just think about the scandals about the spying on UN delegates in New York, or the bugging of the EU Commission's offices in Brussels (both by the US). But this does not happen in an all-encompassing blanket manner. And certainly not with some automatic keyword search or what have you run against all that data. BTW as for some of the myths that accompany these covert ops in cyberspace: you would be really surprised to learn how sophisticated criminals have already been caught simply by sending them HTML email that contained an invisible web bug, the kind that is in your spam every day. It is mostly still the human factor, that gives one away, there is mostly no need to go head-on against really strong crypto or stego. Approach it from the human side and you are there much faster. BTW as for the "NSA-proof"-nes of PGP: It is not uncrackable. Nothing is, given the right amount of time and resources on your hands. The only question is, does it need to be? And is it worth it? If you can get at the info in say 10,000 years from now than clearly this is not an option. And there is no need to go there either, when all you need is some attractive woman and many men will readily tell more than you had ever hoped for. :-P P.S. The article reminds me of the stories of drug busts on border-crossing stations when they say: "The passengers were behaving themselves in a suspicous manner so we subjected them to a thorough search. And guess what, we found the dope." Sure. It really wasn't someone giving the border guards a phone call just at the right time. ;-) Regards: Sz.
Powered by blists - more mailing lists