[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 08/09/13 12:36, Martijn Grooten wrote: > On Sun, 8 Sep 2013, Tom wrote: >> No irony involved at all - they were internal documents not for >> public viewing therefore they are likely not to be the propaganda >> they want to feed us. This gives them much higher confidence. > > Firstly, a lot of them were presentation slides, that looked like > internal propaganda. As in any organisations, there must be a lot of > internal politics going on at the NSA, with different groups of people > promoting different projects. So when someone presents the work of > their group as "we can read almost everything" this may in fact mean > "we can read a lot, but frankly anyone using sensible security can > avoid their traffic being read" (in a particular context). > > Secondly, if I was high up at the NSA, I would have some fake > presentations lying around in a tricky-but-not-too-tricky way to > access by the Snowdens of this world. I might even have someone > present them. > > I'm not saying things aren't bad - they are. But by just reading the > NSA's internal presentations, you could easily be convinced that the > NSA has basically broken the maths behind today's crypto. I think we > had already concluded that they haven't. > > Martijn. > > We have concluded that, although it may be cold comfort - but, we're in good company. From Bruce's article on NSA capabilities just a couple of days ago, he finishes with: "Trust the math. Encryption is your friend. Use it well, and do your best to ensure that nothing can compromise it. That's how you can remain secure even in the face of the NSA." And of course, unlike me, he *is* a cryptographer. So, not being interested in blowing people up or abducting little kids, having a healthy dose of paranoia and a big fat chunk of entirely open source (and therefore hopefully thoroughly audited) strong crypto between me and the internet, I'm reasonably sure that my computers are safe. Reasonably. But I'm not liking my phone very much, that's for sure. Even though it's a jailbroken iPhone, which I barely use in the first place, that thing I certainly do *not* trust at all. Tons of proprietary software, completely unknown firmware/baseband code, runs on thoroughly compromisable GSM, leaks my present location (well, technically, it's current location) by ranging to towers constantly and I know full well that thanks to Gamma* and their FinFisher malware that any law enforcement wonk can turn on the camera and mic remotely, listen to my girlfriend berating me for being too lazy to cook dinner for her again, etc. There are literally no options for phones though - every single one of them is effectively a sleeper cell agent in your pocket whether it's an Android, Blackberry or a 15 year old Nokia dumb phone. I've never liked phones much at all anyway, always preferring email/internet connectivity and for a nerd, I'm pretty much the last person I know who eventually, reluctantly got on the smartphone wagon. But I can't just chuck the thing away - nobody can. There's always that 1 in a million chance that one day we'll *really* need it for an emergency like dialling 999. So, as by far the least trustworthy device I own, it's banned from my network completely. Think about it - I've secured everything else in sight, but my eminently massively compromised iPhone is on the inside of my network otherwise, with access to everything potentially. I can't even lock it to my "black" network, which is a WPA2 separated VLAN instance that allows nothing but trusted clients to connect to the VPN and then on to my real, internal private network. Obviously, if I give my iPhone the VPN credentials the spooks can slurp it off and dial straight in themselves. So it's banned. Thanks spooks! I merely disliked my phone before, now I have to treat the thing with extreme active suspicion. Why must you bastards ruin every single little thing? We now seem to have reached the point where even if tomorrow they suddenly arrested every single living terrorist and pedo in the entire world we'd still have to question whether it has all been worth it (and the answer would still, in my opinion, be "no" - queue standard Franklin quote). Regards * Gamma is a UK company as well, something for us all to be proud of *rolls eyes* - http://en.wikipedia.org/wiki/FinFisher -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq