lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 6 Sep 2013 01:34:44 -0700
From: coderman <>
To: full-disclosure <>
Subject: Internet has vuln.

The NSA has undermined a fundamental social contract. We engineers
built the internet – and now we have to fix it...

By subverting the internet at every level to make it a vast,
multi-layered and robust surveillance platform, the NSA has undermined
a fundamental social contract. The companies that build and manage our
internet infrastructure, the companies that create and sell us our
hardware and software, or the companies that host our data: we can no
longer trust them to be ethical internet stewards.

This is not the internet the world needs, or the internet its creators
envisioned. We need to take it back.

And by we, I mean the engineering community...

One, we should expose. If you do not have a security clearance, and if
you have not received a National Security Letter, you are not bound by
a federal confidentially requirements or a gag order. If you have been
contacted by the NSA to subvert a product or protocol, you need to
come forward with your story... If you work with classified data and
are truly brave, expose what you know. We need whistleblowers....

Two, we can design. We need to figure out how to re-engineer the
internet to prevent this kind of wholesale spying. We need new
techniques to prevent communications intermediaries from leaking
private information.

We can make surveillance expensive again. In particular, we need open
protocols, open implementations, open systems...

Generations from now, when people look back on these early decades of
the internet, I hope they will not be disappointed in us. We can
ensure that they don't only if each of us makes this a priority, and
engages in the debate. We have a moral duty to do this, and we have no
time to lose.

Dismantling the surveillance state won't be easy. Has any country that
engaged in mass surveillance of its own citizens voluntarily given up
that capability? Has any mass surveillance country avoided becoming
totalitarian? Whatever happens, we're going to be breaking new ground.
 - Bruce Schneier

note from the editor: i'll believe we have made progress toward robust
crypto once every personal computing device has a robust hardware
entropy source.
 (backdoor generators like RDRAND don't count, of course ;)

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Powered by blists - more mailing lists