[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: "I Write Mass Surveillance Software"

     On Wed, 16 Sep 2009 17:26:31 -0400 Gregory Maxwell <gmaxwell@xxxxxxxxx>
>On Wed, Sep 16, 2009 at 5:01 PM, Rich Jones <rich@xxxxxxxxxxx> wrote:
>> http://www.reddit.com/r/IAmA/comments/9kwph/i_am_a_guy_who_writes_covert_=
>> Thoughts?
>> also, I realized that two of the posts I've made this this list have now
>> been reddit-related. Sorry about that. But I'd really like to know what y=
>> all make of this. He doesn't give very many specifics, unfortunately. Wha=
>> do you think his 'sidestepping' is?
>The hostility on reddit is odd and unfortunate.
>The obvious sidestepping is MITM-ing connections for users then shove
>manipulated binaries at them which disable encryption, leak key
>material, or intercept keystrokes  ... or simply perform degradation
>attacks, either forcing protocols to less secure modes, or simply
>blocking or massively slowing secure connections to make the user
>switch to something insecure.
>These have the enormous downside of being detectable active attacks.
>Not something you could afford to apply frequently against general
>public unless you were willing to tip off your primary target that you
>were watching.  Then again=E2=80=94 with ISPs like comcast injecting RST
>packets, would a degradation attack be distinguishable?

     I wondered why my system sent so many RSTs that it sometimes self-limited
them.  I dealt with the problem by setting net.inet.tcp.blackhole=2 to stop
sending RSTs for ports that had no listener.  I later discovered that Comcast
runs port scanners against its own customers' IP addresses, so most likely
Comcast itself was responsible for the output RST overloads my system had
been getting.  I did not know, however, that Comcast was also sending bogus
RSTs, which I think would simply be dropped by most TCP/IP stacks.
>Less obvious sidestepping would include things like simply monitoring
>the remote side with the expectation that they won't be as prudent
>with security as your primary target.
>Black-helicopter mode sidestepping would be having pre-arranged back
>doors in popular operating systems or client software.

                                  Scott Bennett, Comm. ASMELG, CFIAG
* Internet:       bennett at cs.niu.edu                              *
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *