[Cryptography] [RNG] /dev/random initialisation

Jerry Leichter leichter at lrw.com
Tue Nov 5 10:22:22 EST 2013 

On Nov 4, 2013, at 10:40 PM, James A. Donald <jamesd at echeque.com> wrote:
> > > I sent a dummy skype text that referenced a secret url on my own
> > > website, created for this test and never used before or since.
> > >
> > > Shortly thereafter, got a hit on that url.
> > That's not the NSA - it's Microsoft.  This pattern has been reported
> > befor; it's the result of Microsoft searching for "evil" URL's
> > (those that have drive-by malware, mainly, though I suppose they
> > look for other stuff, too).  See
> > http://www.tomsguide.com/us/Malware-Spam-Skype-Reading-Messages-URLs
> > ,news-17036.html for one discussion.
> 
> Which tells us:
> 
> 	"This automated process undoubtedly helps protect Skype users
> 	 from clicking on links to phishing sites or those packed with
> 	 malware"
> 
> Since the hit came a long time after the message, it would not have
> been useful in protecting the recipient from clicking on links to
> phishing sites.
So you think it's all about *you*?  If a mechanism doesn't protect *you*, *right now*, it's not a security mechanism?  Some security mechanisms aim to protect the population at large, not any particular individual at a particular point in time.

The point of checking URL's to see if they are "bad" is to protect those who look at them *after* they are found to be bad.  Properly checking URL's takes significant time.  You wouldn't want the check inserted in real-time into the Skype message stream.

I have never seen a URL in a Skype message removed or in any way marked as invalid; but then I'm not a heavy Skype user.  But really, a bad URL in a Skype message is not in and of itself a problem - it's only a problem when someone goes to that site in a browser.  I don't use IE and don't know where it gets a list of "dangerous" URL's from - but I would be surprised if it doesn't.  (Chrome, Firefox, and Safari all use a list that Google maintains.)

Not everything is the NSA.  It's clear they want to operate in the dark, not being noticed.  It seems highly unlikely they would start hitting random web sites a short time after they got mentioned in a Skype message.  If they were doing this themselves, I'd expect them to be patient, making it very difficult to correlate on random hit on the site with any particular action.

On the other hand, this is a fine source of URL's to feed into a malware detector.

Could the NSA piggy-back on Microsoft's data capture?  Sure.  But they have so many ways to get hold of URL's, I'm not sure why they they would bother.

                                                        -- Jerry

More information about the cryptography mailing list