zlacker

[return to "Inside the NSA's War on Internet Security"]
1. dmix+Y5[view] [source] 2014-12-28 22:16:53
>>Fabian+(OP)
This would be a good time to wait and let security professionals analyze the documents and take what you read in this article lightly, as I've found a number of sensationalist examples.

For example, they claim Canada is monitoring hockey sites:

> Canada's Communications Security Establishment (CSEC) even monitors sites devoted to the country's national pastime: "We have noticed a large increase in chat activity on the hockeytalk sites. This is likely due to the beginning of playoff season," it says in one presentation.

But if you look at the actual slide https://i.imgur.com/2GO8H6L.png, it is clearly a fake sample report of what a real one might look like. It even uses the name 'Canukistan' as the country name.

There are 44 slide decks, one of the biggest leaks so far. It will take time to make sense of the noise. And any misinformation from reporting by non-technical journalists doesn't help the cause.

◧◩
2. nsansa+g8[view] [source] 2014-12-28 23:11:39
>>dmix+Y5
> reporting by non-technical journalists doesn't help the cause

non-technical journalists

Ever heard of a certain Jacob Appelbaum?

◧◩◪
3. sneak+hh[view] [source] 2014-12-29 03:04:43
>>nsansa+g8
If Jake Appelbaum had any technical credibility, he would have claimed something other than a break in SSH for his talk. :(
◧◩◪◨
4. tete+Kj[view] [source] 2014-12-29 04:28:01
>>sneak+hh
You might want to look at page 19 and 35:

http://www.spiegel.de/media/media-35515.pdf

Did he actually say break?

◧◩◪◨⬒
5. xorcis+ds[view] [source] 2014-12-29 09:23:47
>>tete+Kj
No, he did not say break in his talk. He said something along the lines of "at one point, the NSA mentions SSH together with SSL and IPsec as technologies which there are methods against" which could mean just about anything. They could break into the host and steal the host keys for example, without having to do costly cryptanalysis.

But the moment he breathed SSH, pretty much all of IRC and the whole Saal 1 could not think of anything else. Everyone and their brother wanted to know what to use instead of SSH now that it's broken. It was a bit of panic in the air.

My suggestion is to go to the leaked slide and make your own conclusions. There are among the most credible people we have behind openssh and the crypto primitives are used in a very straightforward way.

[go to top]