lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <43B023F5.3040004@jct.ac.il>
Date: Mon Dec 26 17:06:40 2005
From: tewner at jct.ac.il (Michael Tewner)
Subject: Spy Agency Mined Vast Data Trove

All of Israel's inter-provider traffic goes through a central switching 
center. This PoP also contains much of Israel's backbones and external 
links.

getting to the point:
It's pretty obvious that the government here taps the 'net. It should be 
no surprise that the US listens in on traffic; they've been doing it for 
years - ECHELON (as mentioned below). I have a few ideas of my own that 
might even make it simpler for them. The moral of the story is to use 
encryption wherever necessary. Telnet, non-anon ftp, and rsh don't get 
used anymore. Hell, why not try sniffing for CVS passwords? Public WiFi 
access? Only through an encrypted tunnel.

With the "free enterprise of data," if the data is out there, anyone has 
the complete right to access it.



Bipin Gautam wrote:
> hello list;
> 
> story: http://www.securityfocus.com/brief/85
> ----[snip]-----
> At issue are the broad, sweeping powers the NSA now have to eavesdrop
> on Americans without their knowledge. Commentary from Ars technical
> speculates on the technology behind the massive eavesdropping. Bruce
> Schneier has a long commentary on historical abuses as well as the
> NSA's use of Echelon, a massive initiative that monitors voice, fax,
> and data communications and is used for data mining of perhaps 3
> billion communications per day.
> ----[/snip]-----
> 
> My concern is... (I'm from Nepal) not all ISP in my region go through
> the Nepal's Internet exchange point. so even the local traffic might
> have routed through USA if our ISP'z backbone providr is in USA. I
> don't have very good idea about ledal stuff but my basic assumption is
> BUYING SERVICE FROM A DIFFERENT COUNTRY DOESN'T MEAN WE ARE
> NECESSARILY SUBJECTED TO THEIR LOCAL RULES. (though depends on country
> foreign policy)
> 
> Have our network traffic been spyed/sniffed too without our knowledge?
> Don't we have right of protection in the law to check such thing if
> any???
> 
> just willing to hear your views on what are the rules to check/tackle
> such issues in other foreign countries???
> 
> regards,
> -bipint
> 
> 
> story: http://www.securityfocus.com/brief/85
> ----[snip]-----
> At issue are the broad, sweeping powers the NSA now have to eavesdrop
> on Americans without their knowledge. Commentary from Ars technical
> speculates on the technology behind the massive eavesdropping. Bruce
> Schneier has a long commentary on historical abuses as well as the
> NSA's use of Echelon, a massive initiative that monitors voice, fax,
> and data communications and is used for data mining of perhaps 3
> billion communications per day.
> ----[/snip]-----
> 
> My concern is... (I'm from Nepal) not all ISP in my region go through
> the Nepal's Internet exchange point. so even the local traffic might
> have routed through USA if our ISP'z backbone providr is in USA. I
> don't have very good idea about ledal stuff but my basic assumption is
> BUYING SERVICE FROM A DIFFERENT COUNTRY DOESN'T MEAN WE ARE
> NECESSARILY SUBJECTED TO THEIR LOCAL RULES. (though depends on country
> foreign policy)
> 
> Have our network traffic been spyed/sniffed too without our knowledge?
> Don't we have right of protection in the law to check such thing if
> any???
> 
> just willing to hear your views on what are the rules to check/tackle
> such issues in other foreign countries???
> 
> regards,
> -bipin
> --
> 
> Bipin Gautam
> 
> Zeroth law of security: The possibility of poking a system from lower
> privilege is zero unless & until there is possibility of direct,
> indirect or consequential communication between the two...
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ