[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
"To Protect and Infect" - the edges of privacy-invading technology
On Mon, Dec 30, 2013 at 9:14 PM, Hannes Frederic Sowa
<[email protected]> wrote:
> ...
> Actually, somehow, I have a feeling of relief to see that major hardware
> vendors don't seem to specifically work hand in hand with the NSA to
> implement backdoors.
you're assuming this dump is exhaustive. this is a very specifically
themed/focused release of top end tactics and exploits (essentially
weaponized platforms for targeted attacks). Jake says as much about
what they're dropping, which while impressive, has still gone through
the "best interest of public safety scrutinizing and censorship"
rigmarole.
the indiscriminate, wholesale compromises are just getting started...
these disclosures will have more impact: financially to the impacted
vendors, effectively to IC as known vulnerable hardware and software
is replaced, and to the public at large now exposed to even more
essentially incomprehensible disclosures of vulnerability and
compromise.
> I don't see that having a JTAG connector publicaly
> accessible on a RAID controller as a hint for that. The other disclosures
> also point to my conclusion that the NSA is mostly working on their
> own. Of course, not all of Snowden's documents are released yet and
> hence my feeling could be deceiving.
this is just an example of how, when the NSA pursues "all means and
methods in parallel, without restraint" seemingly innocuous oversights
are intentionally leveraged and discouraged from remediation for use
in tailored access (black bag / targeted) attacks.
> I thought it could be worse.
it is worse.
best regards,
p.s. cryptome has lots of great docs on this and other 30C3 awesomeness:
http://cryptome.org/ , http://cryptome.org/2013/12/nsa-catalog.zip