Well, at least we persuaded Lenovo that installing an unscoped root certificate with one trivially recoverable private key on every consumer machine shipped was a bad idea. Superfish, at last report, is still insisting that it was all perfectly safe.
What do you think, was this an encouraged vulnerability or just plain stupid? -- rec -- On Fri, Feb 20, 2015 at 7:43 AM, Marcus G. Daniels <[email protected]> wrote: > Amazing what is possible when the usual rules don’t apply, and time and > money is focused on a problem, e.g. #10 below. > > > > > https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf > > > > As this is a multi-national Russian firm that deconstructed this, it > alludes that all sorts of groups could now probably construct something > better, given this motivation and existence proof.. > > > > Marcus > > > > *From:* Friam [mailto:[email protected]] *On Behalf Of *Roger > Critchlow > *Sent:* Thursday, February 19, 2015 2:15 PM > *To:* The Friday Morning Applied Complexity Coffee Group > *Subject:* [FRIAM] fresh Snowden > > > > To facilitate listening to cell phone conversations, the NSA and GCHQ > hacked the world wide supplier of SIM cards and stole the encryption keys > used to secure cell phone communications between handsets and the vendor's > backbone. > > > > https://firstlook.org/theintercept/2015/02/19/great-sim-heist/ > > > > That way they didn't need to make any awkward requests for authority to > eavesdrop or leave any other trace of their activities, they just record > the communications to/from the handset of interest off the air and use the > vendor's secret keys to decrypt the contents at their leisure. > > > > They also decided to hack into the administrative computers at the cell > phone carriers so they could erase any suspicious charges from the > customer's bill. > > > > -- rec -- > > ============================================================ > FRIAM Applied Complexity Group listserv > Meets Fridays 9a-11:30 at cafe at St. John's College > to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com >
============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
