Dailydave mailing list archives
Re: How T-Mobil's network was compromised
From: Chris Kuethe <chris.kuethe () gmail com>
Date: Thu, 17 Feb 2005 14:11:14 -0700
On Thu, 17 Feb 2005 14:12:33 -0600, Richard Porter <rwporter () gmail com> wrote:
That is a great point (And made me really think about it) but do you think it would be a back door into the PGP implementation?
Yes. You're not going to be sending huge SMS or email messages - it wouldn't be hard to send an "archival" copy of source and dest emails and pgp key ids and the plaintext to some log server. I mean, you'll have to display the message sometime, unless you choose to somehow get the ciphertext off and process it on a safer machine (maybe using something like gnokii?)
Or do you think logical separation between communication encryption and data at rest encryption can be achieved?
We already have that capability, we just don't use it. There's the not-particularly-great A5 stream cipher sometimes used on GSM, or the enhanced voice privacy on CDMA which is never used. If you want to transport other encrypted bytes over it fine. The problem is not the link layer: it's radio, it's got weak or no encryption, just don't trust it. The problem is at the application layer: you have a message, in a well-defined format, supposedly correctly encrypted. One problem: the application to encrypt and decrypt this sort of message has been provided to you by a party with a legal requirement to assist law enforcement with communications interception. Sure, the bytes are secure in their transport format, but the instant you punch in your key, the app could be phoning home. And it might be doing do without turning on the phone-in-use indicator. Or maybe it'll hide as a subliminal channel while you're actually talking on the phone. Yes, it's paranoia, but I bet a lot of us have at least a little paranoia in our job descriptions. CK -- GDB has a 'break' feature; why doesn't it have 'fix' too? _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: How T-Mobil's network was compromised, (continued)
- Re: How T-Mobil's network was compromised Richard Porter (Feb 17)
- Re: How T-Mobil's network was compromised Paul Wouters (Feb 17)
- Re: How T-Mobil's network was compromised Chris Kuethe (Feb 17)
- Re: How T-Mobil's network was compromised Paul Wouters (Feb 18)
- Re: How T-Mobil's network was compromised - Honeypots & Case Studies gf gf (Feb 19)
- Re: Re: How T-Mobil's network was compromised - Honeypots & Case Studies Peter Busser (Feb 23)
- Re: How T-Mobil's network was compromised Richard Porter (Feb 17)
- Re: How T-Mobil's network was compromised Anthony Zboralski (Feb 19)
- Re: How T-Mobil's network was compromised halvar (Feb 19)
- Re: How T-Mobil's network was compromised Anthony Zboralski (Feb 19)
- Message not available
- Re: How T-Mobil's network was compromised Anthony Zboralski (Feb 19)
- Re: How T-Mobil's network was compromised Chris Kuethe (Feb 17)