| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu) Subject: Insecurity in Finnish parlament (computers) On Sun, 26 Dec 2004 14:34:24 GMT, James Tucker said: > There are so many 'bits' that you simply could not filter all of them > using standard electronics. The first bad assumption - that you even *need* to filter all the bits. It would be the *very* poor intelligence agency that didn't apply some basic traffic analysis to get rid of the 99.998% of the traffic that's probably not of interest - just toss out all the downloads from known pr0n shops and music/video downloads that are known to be steganography-free, and right *there* you've gotten rid of 95% of the traffic. ;) Also, remember that we're talking *statistical* methods, they don't even need to catch *every* packet. For instance, you can reconstruct a large part of your original mail just looking at my reply. Similarly, if we were to snag one side of 4 phone conversations of 15 of your friends 2 days before your birthday, we could probably have a really good idea of when and where the party was, even if we only caught 10% of the total talking.... > 1) not fast enough, 2) the warehouses > supposedly running echelon are not big enough to house the processing, "supposedly". If I were you, I'd look a few miles down the road for buildings that look like 60 Hudson or One Wilshire. If you can't figure out why I name those 2 as examples, or examples of what, you're not qualified to comment on this one.... :) > 3) the buildings do not draw enough power and show no evidence of a > generator inside, And you verified the "draw power" measurement how, exactly? We recently pulled a feed from a power substation a mile down the road into our building. It's rated for 2 megawatts. It's also underground so once the grass grows back, you'll never know without special equipment. What *is* visible is the cooling towers and the UPS diesel - a 1.2 megawatt generator looks like a large diesel locomotive for obvious reasons.... Bonus points if you can figure out what we used it for.. ;) > 4) i have not repeated the calculation myself, but > it has been stated, by the EU report no less, that to analyse all of > the data you would require more atoms than are present in the area And you blindly accepted that number without doing even a back-of-envelope calculation? Hint - if the traffic were all encrypted with strong crypto, the number might be right. But very little is actually encrypted... > be restricted to use in communications monitoring. oh, and 5) tapping > the data, the number of data circuits leaving these countries is > sufficiently high that there simply could not be enough bandwidth You don't need a circuit to the analysis building. You only need 3 feet of cable from the router to the analysis box. Go read up on the architecture of the FBI "Carnivore" system - that involved a sniffer box that was sitting in a rack at the ISP... > entering the analysis buildings. This leaves 6) A decentralised virus > which can infect many architectures and hide quite happily operating > outside of normal conditions in order to not be visible. The > requirements for such a thing (e.g. its ability to run on > preprogrammed DSP's) and the required size and intelligence is simply > not possible. Which is, of course, why Symantec and company are getting rich selling us software to keep exactly that sort of thing out of our computers and cell phones... Naah, nobody could write a program to do that, so there's no reason to have programs that defend against programs that do that... ;) > not possible. This is not to say that communications don't get > monitored, it is just to say that the report of 'everything you say is > being watched' is quite simply false. Maybe it is all being watched, and maybe it isn't. A bit of thought shows that acting as if it is all watched is the only sane way to behave - if you know only 10% is watched, but can't tell *which* 10%, there's only one thing to do.... -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20041227/0fffaa36/attachment.bin
Powered by blists - more mailing lists