[Cryptography] stego mechanism used in real life (presumably), then outed

Ray Dillinger bear at sonic.net
Thu Jun 8 16:28:26 EDT 2017



On 06/08/2017 12:10 AM, iang wrote:
> On 07/06/2017 12:21, Jerry Leichter wrote:

>> We've crossed a threshold when entitled members of society feel the
>> need to work to subvert their own society's enforcement mechanisms. 

> I agree with the observation of the shift, but I take issue with the
> notion of "society's own enforcement mechanisms".  As far as I can see,
> it isn't society that is putting in wholesale enforcement mechanisms,
> it's a small subset that are working outside the bounds of society.

I doubt that even half of the IMSI catchers in use are actually being
used by any organization even remotely considered to be one of society's
enforcement mechanisms.

Especially here in Silly Valley.  Seriously, people read CERT reports
around here like race forms, sports programs, and scorecards.
International and corporate championships are mostly separate, but
there's an annual playoff.  Police is just the local minor league team
in the international division.

Everybody who's assuming that IMSI catcher == some brand of society's
enforcement mechanisms isn't paying attention to the history of security
holes.

Name a well-known, long-standing, easy-to-exploit vulnerability that
absolutely anybody can use with no real fear of being caught, and ask
yourself who uses it.  Is law enforcement even in the top ten?

This is the real issue when companies like Apple push back against
creating vulnerabilities.  Court ordered or not, a new vulnerability is
just a new event on the program, and a new championship that will
thereafter be held, in both divisions and in the playoffs, every year.
Not everybody can afford to field a team for every event, and nobody
gets the option to drop out of the league.  The only option is a forfeit.

					Bear

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170608/688e8e12/attachment.sig>


More information about the cryptography mailing list