serious threat models

Anne & Lynn Wheeler lynn at garlic.com
Sat Feb 4 13:42:06 EST 2006


Perry E. Metzger wrote:
 > All phone switches, thanks to the US government's CALEA rules, are
> equipped with software that makes espionage easy. Whether that
> software was abused in this instance, I do not know, but I will point
> out that any switch sold in the US -- which is to say most switches
> that exist -- has software available (but not necessarily installed)
> to tap people's phones in a manner not entirely unlike what happened
> to the high government officials in Greece.
> 
> Yet again, I point out John Gilmore's warning that once you make law
> enforcement "convenient" by creating privacy invading technologies,
> you have very little control over who ultimately comes to use those
> technologies. It will not only be the good guys who get access to
> them, and even the guys who have legitimate access will not always be
> good guys.

the off-site terminal program for accessing systems online, reading
email, etc, while on the road ... early 80s ... a vulnerability analysis
was done and one of the biggest identified threats was hotel PBXs
(frequently the room was unlocked and anybody could walk in). as a
result there was work done on custom encrypting (2400) modem. basically
did session key exchange on connection, so that all transmission was
encrypted.

i was amazed in the 90s with the growing use of laptops and online
access (traveling road warriors)  and the number of people that seemed
oblivious to the security issues. insecure practices that was forboten
from at least 1980 (although i had online access at home for ten years
prior to the encrypting modems, starting march 1970).

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list