lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 10 Jun 2012 11:29:42 -0400
From: valdis.kletnieks@...edu
To: Georgi Guninski <guninski@...inski.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Obama Order Sped Up Wave of Cyberattacks
	Against Iran

On Sun, 10 Jun 2012 08:58:31 +0300, Georgi Guninski said:
> What about legal windows backdoors (NSA key)?

It was never confirmed whether the infamous NSAKEY was an actual backdoor, or
just a hilariously poorly named variable.  In any case, even if it was a
backdoor, it's certainly not the same "legal" status as CALEA, where Federal
law said "ISPs Will Provide A Law Enforcement Tap". A lot of universities
which had just finished positioning themselves as ISPs in order to qualify for
the 17 USC 512 copyright "safe harbor" provisions, ended up doing a 180 degree
turn and said "Not An ISP - Private Network" so they wouldn't have to meet the
CALEA requirements. (An amazing number of .edu's ended up a "private net' for
CALEA purposes, but kept things in place for the safe harbor stuff as well.
Fortunately, nobody's ever pushed the issue).

If NSAKEY was a backdoor, it was at best a quasi-legal one, and I'm positive
that everybody at both Microsoft and the NSA would prefer that their roles in
the story never came to light.


Content of type "application/pgp-signature" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists