lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 06 Nov 2009 13:25:43 -0600
From: Paul Schmehl <pschmehl_lists@...rr.com>
To: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: How Prosecutors Wiretap Wall Street

--On Friday, November 06, 2009 10:46:39 -0600 Valdis.Kletnieks@...edu wrote:

> On Thu, 05 Nov 2009 21:47:41 CST, Paul Schmehl said:
>> > Getting back on topic, it is well-known, and proven, that the NSA has
>> > surveillence facilities inside  several U.S. telecom carriers.  You need
>> > only look inside one of AT&T's PoPs in San Francisco for proof.
>> >
>>
>> You know this to be true because you've looked for yourself, right?  You
>> didn't just take the world of a complete stranger quoted by a compliant
>> press at face value, did you?
>
> Hey Paul: Thanks for this enlightening point.  I've just realized that
> Mt Everest doesn't exist either, and we've all been taking the word of
> complete strangers quoted by a compliant National Geographic. All those
> pics are 'shopped, you can tell by the pixels.
>
> C'Mon Paul, quit being a total intentionally blind asshole.  You presumably
> know how things like BGP and packet forwarding work, and there's nice maps
> of most of the sub-ocean fiberoptic cables. Using a minute's *thought* would
> show that if the NSA wanted to do *any* surveillance in a reasonably
> efficient manner, they *would* have to create surveillance facilities at
> the major peering points and exchanges.
>
> You know how traceroute works.  The locations of all the trans-oceanic
> fiber cables are *very* well documented (they have to be, it sucks if you
> lose your cable because a trawler didn't know it was there).  From that,
> it's pretty easy to figure out where you want to put your intercept
> facilities.
>
> So you're stuck with one of two choices:
>
> 1) Believe that the NSA in fact didn't do any hoovering of transmissions even
> though they've come out and said they did.
>
> 2) Admit that they would indeed need a room right near the ATT PoP in SF
> right where the whistleblower said it was.
>
>> And of course Congress knew nothing about it, even though they had been
>> briefed about it dozens of times and never raised a single objection.
> ...
>> The fact that you believe that only those who violate their oath of office
>> are honest and only those who never violate their oath of office are
>> dishonest blinds you to the possibility that the truth lies somewhere in
>> between.
>
> You appear to be similarly blinded to the possibility that perhaps, just
> perhaps, the people in Congress had been... *gasp* lied to and the program
> misrepresented.  Because those fine upstanding guys at the intelligence
> and defense agencies would *never* do a thing like that, just like they
> were all telling the truth back in 1969 and everything that Daniel Ellsberg
> said was a lie.
>
> Oh, and they didn't actually illegally wiretap Ellserg during his trial, so
> there's no reason the judge should have dismissed all the charges.
>
> Which is a more sensible approach - to question and worry about the
> governments actual intentions *this* time (even though they may be innocent
> *this* time) because they've done similar major-scale shit multiple times in
> your lifetime, or to blindly accept what they say this time, even though
> they've pulled similar shit multiple times in your memory?
>
> "Fool me once, shame on you.  Fool me twice, shame on me".

The root claim is that the NSA was/is conducting illegal, warrantless 
surveillance on American citizens.  That claim has never been substantiated, 
and that is precisely my point.  If you know anything about internet routing 
(and I know you do), then you understand that to capture the traffic of 
terrorists you would have to be at a peering location where traffic is 
aggregated.

As I stated in an earlier response, it's akin to the bogus concern that many 
people express about system admins.  Gee, they can see everything I've got. 
Which is true, but beside the point.  The real question is, do they want to and 
are there safeguards against abuse.  I'm pretty certain the NSA has their hands 
full just trying to keep up with and track real threats.  I seriously doubt 
they give a shit about a phone conversation you have with your girlfriend where 
you discuss your sex life.

Now, if you are talking to jihadist radicals, then you shouldn't be surprised 
if the NSA takes an interest.  But snooping on ordinary Americans' every day 
conversations?  Please!  Do you seriously think they have the time, much less 
the interest?

-- 
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
*******************************************
"It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead." Thomas Jefferson

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ