[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: "I Write Mass Surveillance Software"



Eugen Leitl wrote:
On Thu, Sep 17, 2009 at 03:58:50PM -0400, Michael Holstein wrote:

(basically, all the OP on Rededit was saying, was he's the guy that writes the microengine code) .. the processors themselves aren't

Not quite -- he explicitly claimed they used custom hardware. Perhaps
using network processor macro cells, but custom design was definitely
involved.
capable of realtime brute-force decryption ... but they are the sort of

There's no such thing, apart from really obsolete cryptosystems. And
even there you can't just fish for content as it was cleartext.

thing that can look for signatures/keywords/etc in a stream and act upon it at wire-speed.

That is old news.
As for breaking encryption, this would be a task better suited for a large farm of purpose-programmed FPGAs, since I'm not aware of any commercially-produced ASIC that does this (although the NSA does list jobs for "semiconductor fabrication", so I'm sure they're in that game).

I can see large boxes for e.g. offline DES (perhaps even 3DES) cracks, but everything else is probably not cost effective (of course, NSA has demonstrably been decades ahead of open research in some instances, so don't blame me if they waterboard you just because you took this at face value).
IIRC the Russians had purpose-built their own ASICs to break DES when it was en-vouge .. I'm sure our side of the pond actively does the same.

Sneakier mice, better mousetraps.
Lather, rinse, repeat.
while().

What I really dread is having to sanitize my entire systems, which
effectively means wiping and bootstrapping my entire infrastructure from known good state, establish physical security, secret management including crypto hardware, system hardening, privilege separation, intrusion detection and documentation, periodic review, and the like.

This is seriously annoying, and I resent having to go full tinhat
monty. In case anyone has pointers or has already done such a thing
I very much welcome any documentation. We should publish everthing
in the open to make it easily replicable by anybody anywhere, so just to make the annoyance mutual.


[Grobbage - French - for "a plot of cleared land" the only web use of the word is here:

http://cnc.virtuelle.ca/riviere-la-paix/riviere_la_paix/leurs_memoires/roy.html

reference to term's description here:

http://cnc.virtuelle.ca/riviere-la-paix/riviere_la_paix/lexique/grobbage.html ]

Its equivalent to the English term "grubbed out".

Perhaps his name is the English surname "Grubb".

This "Grobbage's" activity is stated to be UK (Britain) only.

If (s)he's a fake then look for an attention seeker....

Search (webcrawler.com) - Grubb UK - gives Ben Grubb (.co.uk) 3rd in list.

Search (yahoo.co.uk - UK only hits) - Ben Grubb - Wow.. Hey.. he's an attention seeker all right!

... so rite or w#so wrong?


(RE-)Build your (new) machine off line - then take a snap shot. Get it working on line then take another snapshot. If you fear you've been trojaned in future then destroy - install snapshot and you're back in business.

Always use official off-line updates.

I don't bother with this - I've got wifi connected spyhardware already on my PC motherboard (think about it - its just a kernal tweak), so there's no point in protecting from trojans or keyloggers.