lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <BLU175-W35DB21921FFE10C4B2A66AFE5A0@phx.gbl>
Date: Sat, 10 Aug 2013 22:16:15 -0400
From: Pedro Luis Karrasquillo <peter_toyota@...mail.com>
To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: XKeyscore sees 'nearly EVERYTHING you do

TAPs are no longer physical devices a spy installs on a wire somewhere. 
NSA picks this up remotely via a very secret SNMP command. I explained this in detail here:  http://dustupblog.com/2013/06/11/privacy-in-america-is-a-myth-lets-thank-ourselves/

I been in networking since 1996... these agencies started installing servers in ISPs at least since ’98. I saw my first one in ’99. Just a PC in a locked down rack, and was instructed to connect cable A to our management network, cable B to the cellular phone switch, and cable C to a T1 for the FBI. As a young lad, I was VERY curious as to what this little machine did. Nobody was able to tell me what it was for, but it was some sort of FCC mandate. After sometime I found about CALEA and the lawful intercept stuff I explain above. All cisco ISP routing and switching  gear has the MIBs as well as ALL other networking manufacturers cleared for doing business in the US. Wonder why Huawei was so maligned and bad mouthed a while back? The Chinese figured out the backdoor and decided to do the same with embedding a second backdoor… except that their implementation of the MIB was nonfunctional on purpose… This SNMP MIB will show if you do a MIB list on these devices, but actually triggering the command to TAP needs a secret key that I have not been able to find anywhere…

So there is no possible way to detect that you are being tapped, and virtually no impact in gear performance at all. Certain companies that deal with LEA’s and DoD provide the software that has the key to enable the TAP to happen.

Not to say that all the other optical fiber taps, etc do not happen as well. Just that this domestic spying has been going on before 9/11. Now fear determines our rights as a human. I wish there was some way we could fight this back without letting the real bad guys win. And people in their lazyness prefer to leave nanny to take care of their duty to be vigilant so they can keep watching DWTS and The Bachellorette. Sometimes I wonder if these lazy mass of tea cups really deserve to have some of us who are willing to fight for whats right, or should we just crawl deeper into our caves and let them be slaves to the plutocracy.

 		 	   		  
Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ