Maxim Kammerer: > On Tue, Jul 9, 2013 at 11:39 AM, Michael Rogers > <mich...@briarproject.org> wrote: >> Google and Mozilla wouldn't have to run >> competitions to find holes in their own browsers. There wouldn't be a >> multi-million-dollar 0day black market. > > You are talking about huge projects with complex design, where the > architecture itself is a source of security issues. Not to mention > that WebKit and Mozilla weren't engineered for security to begin with. > >> It wouldn't be possible for >> the NSA (according to Snowden) to "simply own" the computer of any >> person of interest. > > Offtopic, but I didn't see any indication in that last paragraph of > Jacob's interview that Snowden talks about exploiting computers. In > general, Snowden for some reason is usually terribly vague for someone > who apparently exhibits excellent command of English language (from my > non-native speaker's POV).
I think he very clearly stated it: Interviewer: What happens after the NSA targets a user? Snowden: They're just owned. An analyst will get a daily (or scheduled based on exfiltration summary) report on what changed on the system, PCAPS 9 of leftover data that wasn't understood by the automated dissectors, and so forth. It's up to the analyst to do whatever they want at that point -- the target's machine doesn't belong to them anymore, it belongs to the US government. If it isn't clear - he is saying that once a user is targeted for surveillance - their computer systems (and networks) are compromised by the NSA in a variety of ways. This includes memory corruption bugs, obviously. > >> Writing secure software is much, much harder than simply writing >> comments, writing tests and coding defensively. > > This is a thread about Cryptocat. Cryptocat is a web frontend for a > couple of protocols. Yes, it is that easy. The protocol that has the most trouble is the homebrewed multi-party crypto. Though some of the underlying bits obviously impact the rest of it. All the best, Jacob -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
