| 1 |
On Mon, Sep 09, 2013 at 10:36:09AM +0100, thegeezer wrote: |
| 2 |
> There's a lot FUD out there and equally there is some truth. the NSA "we can |
| 3 |
> decrypt everything" statement was really very vague, and can easily be done if |
| 4 |
> you have a lot of taps (ala PRISM) and start doing mitm attacks to reduce the |
| 5 |
> level of security to something that is crackable. |
| 6 |
> for 'compatibility' very many low powered encryption schemes are supported and |
| 7 |
> it is these that are the issue. |
| 8 |
|
| 9 |
I think you're right because it'll be much easier to read the data at one |
| 10 |
endpoint than to decrypt everything. If big corporations like Google or Cisco |
| 11 |
can be forced to cooperate (and they can - that much is fact), it'd be the |
| 12 |
likelier way to get your data. |
| 13 |
On the other hand e.g. Bruce Schneier warns of ECC because the NSA promoted it |
| 14 |
intensively. So there may be some secret that helps to decrypt it in the hands |
| 15 |
of the NSA (possible something about the NIST curve definitions that reduce the |
| 16 |
effective keylength). |
| 17 |
> if you are using ipsec tunnels with aes encryption you can happily ignore |
| 18 |
> these. |
| 19 |
This would be true if you have an secure endpoint. And I think that nowadays |
| 20 |
nothing is secure... |
| 21 |
> if you are using mpls networks you can almost guarantee your isp and therefore |
| 22 |
> your network is compromised. |
| 23 |
> the question really is what do you define as security ? |
| 24 |
> if someone was to hit you on the head with a hammer, how long til you willingly |
| 25 |
> gave out your passwords ? [1] |
| 26 |
> I agree with the lack of faith in certificate CA's and i feel that the reason |
| 27 |
> that warnings over ssl are so severe is to spoon feed folks into the owned |
| 28 |
> networks. I far more trust the way mozilla do their web of trust [2] but |
| 29 |
> equally am aware that trolls live in the crowds. |
| 30 |
> while ssh authorized_keys are more secure than passwords, i can't (and am |
| 31 |
> hoping someone can point me to) find how to track failed logins as folks |
| 32 |
> bruteforce their way in. yes it's orders of magnitude more difficult but then |
| 33 |
> internet speed is now orders of magnitude faster, and OTP are looking more |
| 34 |
> sensible every day [3] to me. |
| 35 |
> i used to use windows live messenger and right near the end found that if you |
| 36 |
> send someone a web link to a file filled with /dev/random called passwords.zip |
| 37 |
> you would have some unknown ip connect and download it too. |
| 38 |
> who then is doing that and i trust skype and it's peer2peer nonsense even less. |
| 39 |
> who even knows you can TLS encrypt SIP ? |
| 40 |
> there are many ways of encrypting email but this is not supported from one site |
| 41 |
> to another, even TLS support is often lacking, and GPG the contents means that |
| 42 |
> some folks you send email to cannot read it -- there is always a trade off |
| 43 |
> between usability and security. |
| 44 |
> i read in slashdot that there is a question mark over SELinux because it came |
| 45 |
> from the NSA [4] but this is nonsense, as it is a means of securing processes |
| 46 |
> not network connections. i find it difficult to believe that a backdoor in a |
| 47 |
> locked cupboard in your house can somehow give access through the front door. |
| 48 |
This point you get wrong. SELinux implement the LSM API (in fact the LSM API |
| 49 |
was tailored to SELinux needs). It has hooks in nearly everything |
| 50 |
(file/directory access, process access and also sockets). One of the biggest |
| 51 |
concerns at the time of creation of the LSM API was rootkits hooking that |
| 52 |
functions. It's definitively a thread. I'm not saying that SELinux contains |
| 53 |
a backdoor (I for myself would have hidden it in the LSM part, not in SELinux |
| 54 |
because that would enable me to use it even if other LSMs are used). If you |
| 55 |
google for "underhanded C contest" you'll see that it's possible to hide |
| 56 |
malicious behaviour in plain sight. And if the kernel is compromised all other |
| 57 |
defenses mean nothing. (As I said, I don't want to spread fearbut that is |
| 58 |
something to consider imho). |
| 59 |
> how far does trust need to be lost [5] before you start fabricating your own |
| 60 |
> chips ? the complexity involved in chip fabs is immense and if bugs can slip |
| 61 |
> through, what else can [6] |
| 62 |
> ultimately a multi layer security approach is required, and security itself |
| 63 |
> needs to be defined. |
| 64 |
You need an anchor from which you can establish trust. If there is a hardware |
| 65 |
backdoor you'll not be able to fix that problem with software. There is an |
| 66 |
excellent paper from Ken Thompson called "Reflections on trusting trust" that |
| 67 |
theorizes about the possibility of a trojanized compiler that injects malicous |
| 68 |
code and therefore makes code audits pointless. Security sadly is hard.. |
| 69 |
> i like privacy so i have net curtains, i don't have a 3 foot thick titanium |
| 70 |
> door with strengthened hinges. |
| 71 |
> if someone looks in my windows, i can see them. either through the window or on |
| 72 |
> cctv. |
| 73 |
> security itself has to be defined so that risk can be managed. |
| 74 |
> so many people buy the biggest lock they can find and forget the hinges. or |
| 75 |
> leave the windows open. |
| 76 |
> even then it doesn't help in terms of power failure or leaking water or gas |
| 77 |
> mains exploding next door (i.e. the definition of security in the sense of |
| 78 |
> safety) |
| 79 |
> to some security means RAID, to others security means offsite backup |
| 80 |
> i like techniques such as port knocking [7] for reducing the size of the scan |
| 81 |
> target |
| 82 |
> if you have a cheap virtual server on each continent and put asterisk on each |
| 83 |
> one; linked by aes ipsec tunnels with a local sip provider in each one then you |
| 84 |
> could probably hide your phone calls quite easily from snoops. until they saw |
| 85 |
> your bank statement and wondered what all these VPS providers and SIP accounts |
| 86 |
> were for, and then the authorities if they were tracking you would go after |
| 87 |
> those. why would you do such a thing? perhaps because you cannot trust the |
| 88 |
> monopoly provider of a country to screen its equipment [8] |
| 89 |
> even things like cookie tracking for advertising purposes - on the lighter side |
| 90 |
> what if your kids see the ads for the stuff you are buying them for christmas ? |
| 91 |
> surprise ruined? where does it stop - its one thing for google to announce |
| 92 |
> governments want your search history, and another for advertising companies to |
| 93 |
> sell your profile and tracking, essentially ad companies are doing the |
| 94 |
> governments snooping job for them. |
| 95 |
> ultimately it's down to risk mitigation. do you care if someone is snooping on |
| 96 |
> your grocery list? no? using cookie tracking ? yeah profiling is bad - |
| 97 |
> wouldn't want to end up on a terrorist watchlist because of my amusement with |
| 98 |
> the zombie apocalypse listmania [9] |
| 99 |
> encryption is important because you don't know what other folks in the internet |
| 100 |
> cafe are doing [10] |
| 101 |
> but where do you draw the line ? |
| 102 |
> if you go into a shop do you worry that you are on cctv ? |
| 103 |
> <SNIP> |
| 104 |
|
| 105 |
Hi, |
| 106 |
you'll find my answers inline due to the length of this mail... |
| 107 |
|
| 108 |
I think in the long term the only way to get security is to control the |
| 109 |
agencys. Unless that happens there is not much chance to get reasonable |
| 110 |
security... |
| 111 |
|
| 112 |
WKR |
| 113 |
Hinnerk |
Archives