[Cryptography] Liberty Safe reveals that it has backdoor access to it's physical safes and provides access to law enforcement.

[sybershock.com]

On Fri, 8 Sep 2023 15:23:46 -0700
Ray Dillinger <bear at sonic.net> wrote:

> More commonly, in fact, I've seen new attack surfaces heavily
> advertised as "secure" and emphasized in a way that deliberately
> draws attention away from blatant, bizarre defects in existing attack
> surfaces,

An example is two-factor authentication exposing a mobile phone to the
chain of attack surface to use Gmail, Twitter, Github, etc. They
advertise it as for your security. Yet it forces you to expose another,
previously unlinked device to attack. One single source target becomes
the gateway to all linked attack targets. If your online account gets
hacked then the attacker may learn your phone number. And if the phone
gets owned then every two-factor service and token on it for all such
services is then owned.

Multiple attack zones are then amalgamated and linked to a single
source zone or device. This enables shifting all attack zones to one
source or, 'single source target attack' or 'amalgamated targets
attack.' Nation-state actors no doubt salivate over an infrastructure
that guarantees the organs of state a single source attack for all
disparate communications targets of each user.

A password in my brain is generally safer than an app or SMS stream that
can be compromised. Although a passphrase may in some cases not be
computationally more secure than a token mechanism or two-factor sytem,
the simple passphrase is often _structurally_ more secure because that
passphrase only links to and exposes one service target.

If the state organs get your phone they then would have access to all
linked accounts because of required two-factor authentication schemes
being amalgamated into a single authentication source. If SMS
verification was required the organs don't even need the phone. They
can tap the SMS gateway and spoof the account owner to intercept
malicious reset or login requests. This is an upstream single source
intercept.

I'm tempted to rant about passkeys here for similar and more nuanced
reasons that delve into political machinations. But I'll resist for
now.

I would advise to not store the family jewels in a safe unless the safe
itself is nearly impossible to locate. Ask some Appalachian hillbillies
about the historical versatility of a shine jar wrapped in rags and two
feet of dirt. Search warrants don't work in a hidden cave three miles
from the nearest road. Or if you have a sense of humor, ask how angels
hide golden plates and Dead Sea scrolls. I have yet to hear of the FBI
serving a search warrant on any angels.

-- 
SugarBug  | https://sybershock.com | NNTP | Usenet | Forum
Fediverse | https://syfershock.com/users/syfershock
NightBulb | https://nightbulb.net  | Flip the night switch.