lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed Nov 30 21:03:59 2005
From: frank at knobbe.us (Frank Knobbe)
Subject: Clever crooks can foil wiretaps, security
	flaw in tap technology

On Wed, 2005-11-30 at 15:03 -0500, Valdis.Kletnieks@...edu wrote:
>    There is some indirect evidence that criminals might already know  
>    about the vulnerabilities in the systems, Mr. Blaze said, because of  
>    "unexplained gaps" in some wiretap records presented in trials.
> 
> Those old enough to remember Watergate will remember a very significant
> 18-minute gap.

I think he is referring to gaps in the records, like taped calls
Tuesday, taped calls Wednesday, strangely no call on tape on Thursday,
taped calls on Friday, etc.

If the tap recorder can be shut off with a signal, you would not
encounter "dead space" on the tape for a duration of time. Instead you
would have a premature end of that session. 

Now, it would be really troubling if another signal could be sent to
reactivate the recorder (which I find likely to be possible). That way
you could let yourself get tapes, but silently exclude a section for a
minute where you discuss devious matters. The tape would appear to be
complete (if it is autonomously recorded. If someone listens in a logs
the time/duration with a stop watch, the jig would be up).

So, if you can manipulate the tape so that it *appears* to be in order,
but lets you pause the recording at will, you have plausible denyability
(or whatever the correct term is). *That* is way more scary than an
known premature end.

Cheers,
Frank


-- 
It is said that the Internet is a public utility. As such, it is best
compared to a sewer. A big, fat pipe with a bunch of crap sloshing
against your ports.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051130/0a9234ca/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ