Re: [cryptography] To Protect and Infect Slides

Sun, 05 Jan 2014 09:32:21 -0800 

On 31/12/13 23:13 PM, Jacob Appelbaum wrote:


I'm also happy to answer questions in discussion form about the content
of the talk and so on. I believe we've now released quite a lot of
useful information that is deeply in the public interest.



Hi Jacob,


thanks for the good work, I wish I could join in on the project. 
Questions are endless, and I find it hard to make them precise enough to 
get sensible analysis.



I had other questions, but in the end, there is only one that makes a 
difference:





Preamble.  To a large extent in the thoughful security world, we knew 
that these capabilities existed, albeit not to this astonishing level of 
detail.  None of the toys listed in the catalogue were shall we say a 
total surprise, to me at least.



What is a game changer is the relationship between the NSA and the other 
USA civilian agencies.  The breach of the civil/military line is the one 
thing that has sent the fear level rocketing sky high, as there is a 
widespread suspicion that the civil agencies cannot be trusted to keep 
their fingers out of the pie.  AKA systemic corruption.  If allied to 
national sigint capabilities, we're in a world of pain.



Question:  Is there anything that can put some meat&metrics on how 
developed and advanced this relationship is, how far the poison has 
spread?  How afraid should people in America be?




iang




1.  Is there anything in the documentation that speaks to what they are 
failing to break into at the moment?  We see a lot about what they can 
do, but not a lot about what they can't do (TOR?).



What's not vulnerable or expensive or disturbing, and where can we draw 
the line?



2.  The bios-level implanting is particularly worrisome.  This is going 
to change the threat map quite seriously.  Is there anything we can say 
about the frequency or likelihood that bios implanting is happening? 
E.g., types of targets, sizes, locations, suppliers etc.



As a hypothetical, say I'm SWIFT and I buy Dell servers.  Am I at risk? 
 is the sort of analysis I'm trying get to...






_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography























					Reply via email to