Re: [cryptography] 2010 TAO QUANTUMINSERT trial against 300 (hard) targets
On Thu, Mar 13, 2014 at 11:13 AM, Jason Iannone jason.iann...@gmail.com wrote: And remain undetected? That's a nontrivial task and one that I would suspect generates interesting CPU or other resource utilization anomalies. It's a pretty high risk activity. The best we can hope for is someone discovering the exploit and publicly dissecting it. See, the standard defense for all this is to lock down the cert fingerprints of your real destination to prevent cert games. Then add in DNSSEC [1] and even IPSEC [1] to make sure things all match up. That does make things much harder. Problem still lies where your adversary has stolen or co-op'd the PK of your dest cert, and rigged the routing path to route-map your applicable src/dest/port IP tuples to residing off their private port in the local (to you or your dest) DC. Right??? From which they proceed to bugger you through their transparent proxy to the real dest. It's not a bulk tool as that might tip off some non-moled-out-cert-group network groupie at the dest site that a lot of users come from some IP. And it's definitely for 'high value only' given the work/risk. But still... PKI-WOT bidirectional security between you and your dest of global bgp advert/nexthop routing infrastructure anyone? Everyone seems to trust the network to route... and even then [1]. [1] Similarly stolen/co-op'd as need be. pg This is relatively easy for home routers, since the self-signed certs they're configured with are frequently CA certs. In other words they ship from the factory in a MITM-ready state. On Thu, Mar 13, 2014 at 8:50 AM, Greg Rose g...@seer-grog.net wrote: You get the routers to create valid-looking certificates for the endpoints, to mount man-in-the-middle attacks. On Mar 13, 2014, at 6:28 , Jason Iannone jason.iann...@gmail.com wrote: The First Look article is light on details so I don't know how one gets from infect[ing] large-scale network routers to perform[ing] “exploitation attacks” against data that is sent through a Virtual Private Network. I'd like to better understand that. On Thu, Mar 13, 2014 at 7:22 AM, Jeffrey Walton noloa...@gmail.com wrote: On Thu, Mar 13, 2014 at 9:17 AM, Jason Iannone jason.iann...@gmail.com wrote: Are there details regarding Hammerstein? Are they actually breaking routers? Cisco makes regular appearances on Bugtraq an Full Disclosure. Pound for pound, there's probably more exploits for Cisco gear than Linux and Windows combined. Jeff On Thu, Mar 13, 2014 at 2:40 AM, Jeffrey Walton noloa...@gmail.com wrote: On Thu, Mar 13, 2014 at 1:57 AM, coderman coder...@gmail.com wrote: https://s3.amazonaws.com/s3.documentcloud.org/documents/1076891/there-is-more-than-one-way-to-quantum.pdf TAO implants were deployed via QUANTUMINSERT to targets that were un-exploitable by _any_ other means. And Schneier's Guardian article on the Quantum and FoxAcid systems: http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] 2010 TAO QUANTUMINSERT trial against 300 (hard) targets
On Thu, Mar 13, 2014 at 1:57 AM, coderman coder...@gmail.com wrote: https://s3.amazonaws.com/s3.documentcloud.org/documents/1076891/there-is-more-than-one-way-to-quantum.pdf TAO implants were deployed via QUANTUMINSERT to targets that were un-exploitable by _any_ other means. And Schneier's Guardian article on the Quantum and FoxAcid systems: http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] 2010 TAO QUANTUMINSERT trial against 300 (hard) targets
On Thu, Mar 13, 2014 at 9:17 AM, Jason Iannone jason.iann...@gmail.com wrote: Are there details regarding Hammerstein? Are they actually breaking routers? Cisco makes regular appearances on Bugtraq an Full Disclosure. Pound for pound, there's probably more exploits for Cisco gear than Linux and Windows combined. Jeff On Thu, Mar 13, 2014 at 2:40 AM, Jeffrey Walton noloa...@gmail.com wrote: On Thu, Mar 13, 2014 at 1:57 AM, coderman coder...@gmail.com wrote: https://s3.amazonaws.com/s3.documentcloud.org/documents/1076891/there-is-more-than-one-way-to-quantum.pdf TAO implants were deployed via QUANTUMINSERT to targets that were un-exploitable by _any_ other means. And Schneier's Guardian article on the Quantum and FoxAcid systems: http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] 2010 TAO QUANTUMINSERT trial against 300 (hard) targets
The First Look article is light on details so I don't know how one gets from infect[ing] large-scale network routers to perform[ing] exploitation attacks against data that is sent through a Virtual Private Network. I'd like to better understand that. On Thu, Mar 13, 2014 at 7:22 AM, Jeffrey Walton noloa...@gmail.com wrote: On Thu, Mar 13, 2014 at 9:17 AM, Jason Iannone jason.iann...@gmail.com wrote: Are there details regarding Hammerstein? Are they actually breaking routers? Cisco makes regular appearances on Bugtraq an Full Disclosure. Pound for pound, there's probably more exploits for Cisco gear than Linux and Windows combined. Jeff On Thu, Mar 13, 2014 at 2:40 AM, Jeffrey Walton noloa...@gmail.com wrote: On Thu, Mar 13, 2014 at 1:57 AM, coderman coder...@gmail.com wrote: https://s3.amazonaws.com/s3.documentcloud.org/documents/1076891/there-is-more-than-one-way-to-quantum.pdf TAO implants were deployed via QUANTUMINSERT to targets that were un-exploitable by _any_ other means. And Schneier's Guardian article on the Quantum and FoxAcid systems: http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity . -- PGP Public Key: 2048R/AC65B29D ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] 2010 TAO QUANTUMINSERT trial against 300 (hard) targets
You get the routers to create valid-looking certificates for the endpoints, to mount man-in-the-middle attacks. On Mar 13, 2014, at 6:28 , Jason Iannone jason.iann...@gmail.com wrote: The First Look article is light on details so I don't know how one gets from infect[ing] large-scale network routers to perform[ing] “exploitation attacks” against data that is sent through a Virtual Private Network. I'd like to better understand that. On Thu, Mar 13, 2014 at 7:22 AM, Jeffrey Walton noloa...@gmail.com wrote: On Thu, Mar 13, 2014 at 9:17 AM, Jason Iannone jason.iann...@gmail.com wrote: Are there details regarding Hammerstein? Are they actually breaking routers? Cisco makes regular appearances on Bugtraq an Full Disclosure. Pound for pound, there's probably more exploits for Cisco gear than Linux and Windows combined. Jeff On Thu, Mar 13, 2014 at 2:40 AM, Jeffrey Walton noloa...@gmail.com wrote: On Thu, Mar 13, 2014 at 1:57 AM, coderman coder...@gmail.com wrote: https://s3.amazonaws.com/s3.documentcloud.org/documents/1076891/there-is-more-than-one-way-to-quantum.pdf TAO implants were deployed via QUANTUMINSERT to targets that were un-exploitable by _any_ other means. And Schneier's Guardian article on the Quantum and FoxAcid systems: http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity. -- PGP Public Key: 2048R/AC65B29D ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography Greg. Phone: +1 619 890 8236 secure voice / text: Seecrypt +28131139047 (referral code 54smjs if you want to try it). PGP: 09D3E64D 350A 797D 5E21 8D47 E353 7566 ACFB D945 (id says g...@usenix.org, but don’t use that email) ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] 2010 TAO QUANTUMINSERT trial against 300 (hard) targets
And remain undetected? That's a nontrivial task and one that I would suspect generates interesting CPU or other resource utilization anomalies. It's a pretty high risk activity. The best we can hope for is someone discovering the exploit and publicly dissecting it. On Thu, Mar 13, 2014 at 8:50 AM, Greg Rose g...@seer-grog.net wrote: You get the routers to create valid-looking certificates for the endpoints, to mount man-in-the-middle attacks. On Mar 13, 2014, at 6:28 , Jason Iannone jason.iann...@gmail.com wrote: The First Look article is light on details so I don't know how one gets from infect[ing] large-scale network routers to perform[ing] exploitation attacks against data that is sent through a Virtual Private Network. I'd like to better understand that. On Thu, Mar 13, 2014 at 7:22 AM, Jeffrey Walton noloa...@gmail.com wrote: On Thu, Mar 13, 2014 at 9:17 AM, Jason Iannone jason.iann...@gmail.com wrote: Are there details regarding Hammerstein? Are they actually breaking routers? Cisco makes regular appearances on Bugtraq an Full Disclosure. Pound for pound, there's probably more exploits for Cisco gear than Linux and Windows combined. Jeff On Thu, Mar 13, 2014 at 2:40 AM, Jeffrey Walton noloa...@gmail.com wrote: On Thu, Mar 13, 2014 at 1:57 AM, coderman coder...@gmail.com wrote: https://s3.amazonaws.com/s3.documentcloud.org/documents/1076891/there-is-more-than-one-way-to-quantum.pdf TAO implants were deployed via QUANTUMINSERT to targets that were un-exploitable by _any_ other means. And Schneier's Guardian article on the Quantum and FoxAcid systems: http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity . -- PGP Public Key: 2048R/AC65B29D ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography Greg. Phone: +1 619 890 8236 secure voice / text: Seecrypt +28131139047 (referral code 54smjs if you want to try it). PGP: 09D3E64D 350A 797D 5E21 8D47 E353 7566 ACFB D945 (id says g...@usenix.org, but don't use that email) -- PGP Public Key: 2048R/AC65B29D ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] 2010 TAO QUANTUMINSERT trial against 300 (hard) targets
Greg Rose g...@seer-grog.net writes: You get the routers to create valid-looking certificates for the endpoints, to mount man-in-the-middle attacks. This is relatively easy for home routers, since the self-signed certs they're configured with are frequently CA certs. In other words they ship from the factory in a MITM-ready state. Peter. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
[cryptography] 2010 TAO QUANTUMINSERT trial against 300 (hard) targets
https://s3.amazonaws.com/s3.documentcloud.org/documents/1076891/there-is-more-than-one-way-to-quantum.pdf TAO implants were deployed via QUANTUMINSERT to targets that were un-exploitable by _any_ other means. if you were on this short list of 300 - you were doing something right! --- Snowden Gatekeepers (TM): what were these 300 like? what can we learn? ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography