lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <46F00819.6060608@infiltrated.net>
Date: Tue, 18 Sep 2007 13:17:13 -0400
From: "J. Oquendo" <sil@...iltrated.net>
To: jf <jf@...glingpointers.net>
Cc: j_tripp_283@...oo.com, full-disclosure <full-disclosure@...ts.grok.org.uk>,
	Valdis.Kletnieks@...edu
Subject: Re: Pro US government hackerganda

jf wrote:
> Well either you're full of it, they're full of it, or you just plainly
> misunderstood. In every place I've ever seen TS data getting transmitted,
> they're not using any cipher you've ever heard of, both ends of the
> connection use something like a kg-175 (now known as a taclane, you're lie
> would've been better if you had found out about these in your time spent
> using google), which uses NSA encryption and because of the crypto-module,
> is classified.

Oh right every single department in the government and agency has one
along with with kiv-19's because after all everyone connects back to
DREN. Right I forgot its all over TRADOC manuals. How stupid can I be to
not know this
(http://web.archive.org/web/*/http://venona.antioffline.com) my bad.

> Now what's possible (assuming this isnt the figment of your imagination),
> is that they were transmitting data rated at secret, which IIRC can use
> AES 128, depending on the implementation.
>
> So like I said, you're either making it up, misunderstood them, or they
> were having fun with you.

No they were deathly serious about using EV-DO to transmit Top Secret
documents over the wire and wanted to know it was sniffable period.

> So what, you think because you found some documents on google that this is
> how the data is getting lost and this all somehow makes you authoritive?
> Here is the simple truth, as is the usual with many of you
> ex-feed-the-goats/etc kids, you just don't know wtf you're talking about.

Documents on Google? One in the government shouldn't be worried about
documents on Google they should be worried about idiots behind some of
those government machines which leave information not intended for the
public on them. [1]

I recall back in the mid to late 90's mirrors of dozens maybe hundreds
of military, NASA sites left and right getting pwnd daily, hourly. Why
these machines were up and on the Internet is anyone's guess from the
public side. As to why someone would compromise them, the answer should
be obvious to anyone with half a clue.

It's alright to vent your frustration but I'm not the idiot putting up
machines on the Internet when they shouldn't be there. I'm not the one
who's allowing idiots to post classified information over non secure
channels when they should know better. Facts are facts. Don't shoot the
messenger:

// begin
[1] Numerous US military documents, some of which have critical
strategic importance, have been found on publicly accessible ftp
servers. ... Some of the most sensitive information found by AP included
details of security vulnerabilities at a contingency operating base,
security features at Tallil Air Base and plans of a military fuelling
facility. Some files were apparently password protected, but in one case
the password was given in another document on the same server.

When asked for his views, Bruce Schneier called the leaks "a sloppy user
mistake" - an understatement of monumental proportions ...
http://www.heise-security.co.uk/news/92653
// end

"Some files were apparently password protected, but in one case the
password was given in another document on the same server." What's that
you were saying about stupidity?

-- 
====================================================
J. Oquendo
"Excusatio non petita, accusatio manifesta"

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xF684C42E
sil . infiltrated @ net http://www.infiltrated.net


Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (5157 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ