zlacker

[return to "Inside the NSA's War on Internet Security"]
1. dmix+Y5[view] [source] 2014-12-28 22:16:53
>>Fabian+(OP)
This would be a good time to wait and let security professionals analyze the documents and take what you read in this article lightly, as I've found a number of sensationalist examples.

For example, they claim Canada is monitoring hockey sites:

> Canada's Communications Security Establishment (CSEC) even monitors sites devoted to the country's national pastime: "We have noticed a large increase in chat activity on the hockeytalk sites. This is likely due to the beginning of playoff season," it says in one presentation.

But if you look at the actual slide https://i.imgur.com/2GO8H6L.png, it is clearly a fake sample report of what a real one might look like. It even uses the name 'Canukistan' as the country name.

There are 44 slide decks, one of the biggest leaks so far. It will take time to make sense of the noise. And any misinformation from reporting by non-technical journalists doesn't help the cause.

◧◩
2. glitch+6g[view] [source] 2014-12-29 02:31:30
>>dmix+Y5
If I didn't know that the government is manipulating social media all the time, I totally would not think you're a shill trying to discredit these news reports by claiming that Jake Appelbaum is a non-technical journalist.

* Revealed: US spy operation that manipulates social media (http://www.theguardian.com/technology/2011/mar/17/us-spy-ope...)

* How Covert Agents Infiltrate The Internet To Manipulate, Deceive, And Destroy Reputations (https://firstlook.org/theintercept/2014/02/24/jtrig-manipula...)

◧◩◪
3. teduna+lo[view] [source] 2014-12-29 07:11:52
>>glitch+6g
So what you're saying is that Canada really is monitoring hockey fans in Canukistan?
◧◩◪◨
4. nsansa+5p[view] [source] 2014-12-29 07:42:00
>>teduna+lo
What he's saying is: We are being pushed into a total surveillance state without a democratic vote, which means it is not normal to say "don't worry, go back to sleep" unless you're being paid to say that.

(But I guess you knew that already.)

◧◩◪◨⬒
5. teduna+Bs[view] [source] 2014-12-29 09:35:40
>>nsansa+5p
I don't think dmix was quite saying "go back to sleep." My concern is that "The NSA also has a program with which it claims it can sometimes decrypt the Secure Shell protocol (SSH)." (something I'm very much interested in) is in the very next paragraph. And still part of the "Hockey sites monitored" section (why??).

Do I take the ssh claim seriously? Do I just pretend the hockey monitoring paragraph isn't there?

Perhaps I should read the source for myself. http://www.spiegel.de/media/media-35515.pdf

Alas, there's very little in the way of detail. There's exactly one slide (19) dedicated to ssh, which says it can "potentially recover usernames and passwords." That would adequately describe a simple mitm attack where somebody either accepts an unknown server key or uses a client that doesn't even check (e.g. Prompt for iOS). Slides 35 and 36 mention ssh and decryption, but it sounds like they're talking about further processing after decryption. How is that decryption being done?

◧◩◪◨⬒⬓
6. acqq+Rt[view] [source] 2014-12-29 10:01:16
>>teduna+Bs
We have one real "case study":

https://firstlook.org/theintercept/2014/12/13/belgacom-hack-...

Active attacks allow access to the keys, and once the attackers have the keys, unless the PFS is properly used, the old captured streams are readable. But often it's even easier to read the documents on the attacked machine directly.

Still, all this was known before the material we comment now. Which doesn't mean we should let PFS remain unused or wrongly used as it is now and that we shouldn't try to protect us from the active attacks.

If we worry about the decryption of our SSH traffic, do we properly use PFS? What do we do to prevent or detect active attacks?

[go to top]