lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 10 Jun 2012 17:06:37 -0400
From: Laurelai <laurelai@...echan.org>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Obama Order Sped Up Wave of Cyberattacks
 Against Iran

On 6/10/12 11:29 AM, valdis.kletnieks@...edu wrote:
> On Sun, 10 Jun 2012 08:58:31 +0300, Georgi Guninski said:
>> What about legal windows backdoors (NSA key)?
> It was never confirmed whether the infamous NSAKEY was an actual backdoor, or
> just a hilariously poorly named variable.  In any case, even if it was a
> backdoor, it's certainly not the same "legal" status as CALEA, where Federal
> law said "ISPs Will Provide A Law Enforcement Tap". A lot of universities
> which had just finished positioning themselves as ISPs in order to qualify for
> the 17 USC 512 copyright "safe harbor" provisions, ended up doing a 180 degree
> turn and said "Not An ISP - Private Network" so they wouldn't have to meet the
> CALEA requirements. (An amazing number of .edu's ended up a "private net' for
> CALEA purposes, but kept things in place for the safe harbor stuff as well.
> Fortunately, nobody's ever pushed the issue).
>
> If NSAKEY was a backdoor, it was at best a quasi-legal one, and I'm positive
> that everybody at both Microsoft and the NSA would prefer that their roles in
> the story never came to light.
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
I am a bit surprised by the direction of this conversation and I have
been waiting for someone to say the obvious in regards to protecting
yourself from .gov malware, it really is quite simple if you think about
it. Stuxnet, duqu, flame, ect.. all only run on windows platforms. If
the people you are protecting are concerned about that kind of malware
(and they should be) it would be a great time to tell them about
GNU/Linux, BSD, ect..

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ