Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Insecurity in Finnish parlament (computers)
From: "Markus Jansson" <markus.jansson () hushmail com>
Date: Mon, 27 Dec 2004 04:23:17 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, 26 Dec 2004 18:59:28 -0800 James Tucker
<jftucker () gmail com> wrote:
I don't have the time or inclination to teach you myself.
Please go and learn some more about dealing with radio
frequency attacks on modern networks.

Please learn the basic fact: If you want something to remain secure
that goes airwaves, you have to encrypt it. Everything else is just
kinda "security by obscurity" (you presume opponents dont have
equipment needed to receive them).


Just because the communications stream has not been
encrypted (or an encryption has been cracked) does
not mean that it is readable by an attacker.

If they can read it, anyone else with similiar hardware can do it
too. Its really pretty much that simple.


Practical attacking of GSM over the
air is also very difficult for similar
(although not so extreme) reasons.

ROTFLOL! Please take time to google since you are terrible wrong
once again.
http://www.chiare.com/products/spy/GSM900-1800e.htm
http://www.endoacustica.com/gsm_interceptor.htm
http://www.geocities.com/CapeCanaveral/Hangar/8539/GSMMONI.HTM


TETRA also operates in a similar manner and is hard
to attack over the air for the same reason.

ROTFLOL!
We use TETRA in here Finland and there are equipment available here
to listen to it too. Same goes with GSM. You cannot rely on airwave
security to think that "nobody else has devices like we use" to be
secure. Thats why they implemented crypto to GSM and TETRA in the
first place!!!


The two most common SSH clients save the server keys after first
connection; you seem to not know this or not understand/appreciate
it.

Argumentum ad nauseam & argumentum ad hominem.
Please tell me what exactly you do NOT understand in my last
posting when I sayed that in my pages in that place I say:"Unless
you can receive the publickey or the fingerprint of the publickey
used in some secure manner"?


Advertising weak systems is simply making other peoples
lives worse.

Advertising weak software also makes peoples lives worse since they
have to patch and update them. Advertising weak systems does the
same thing: The people behind them have to spend time and effort to
secure them...as they should have done in the first place.


Do you expect people to jump when you point them to a site which
contains the opening line: "I am 26-year guy, currently living in
Turku, Finland. I have been involved  with software, computers and
Internet for many years, although I don't do programming nor work
in the IT-industry."
I am not at all surprised that the government chose to ignore your
message to them.

Argumentum ad hominem.
You clearly dont have any reasonable arguments to make, since you
are only attacking against ME in person instead of attacking my
arguments.

Markus Jansson
Turku
http://www.markusjansson.net
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4

wkYEARECAAYFAkHP/60ACgkQp4wnv3Na2tr7uACgmuylROMIjwebcUbAbiNZKBsRsvQA
oICTCDvjJX2xVTBNKdYVlPrzonHm
=q5YC
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]