valdis.kletni...@vt.edu wrote:
> You still haven't explained how "the memories of those who are at the table"
> help, when the NSA plant has very good reasons to say they're not an NSA
> plant, and you haven't explained how you can show they *are* a plant.
That is a problem between NSA, which rec
On Wed, 06 Nov 2013 08:50:06 +0900, Masataka Ohta said:
> valdis.kletni...@vt.edu wrote:
>
> >>> How do you intend to *find* the agents
> >>> who were hired at a government agency's under-the-table request that
> >>> never had a written record that the company had access to?
> >>
> >> By memories o
valdis.kletni...@vt.edu wrote:
>>> How do you intend to *find* the agents
>>> who were hired at a government agency's under-the-table request that
>>> never had a written record that the company had access to?
>>
>> By memories of those who are at the table.
>
> So one of the two people at the ta
Judging from this NSA ad, keep an eye out minority disabled females..
[image: Inline image 1]
On Sun, Nov 3, 2013 at 8:04 PM, wrote:
> On Mon, 04 Nov 2013 09:14:40 +0900, Masataka Ohta said:
> > valdis.kletni...@vt.edu wrote:
> >
> > > How do you intend to *find* the agents
> > > who were hire
On Mon, 04 Nov 2013 09:14:40 +0900, Masataka Ohta said:
> valdis.kletni...@vt.edu wrote:
>
> > How do you intend to *find* the agents
> > who were hired at a government agency's under-the-table request that
> > never had a written record that the company had access to?
>
> By memories of those who
valdis.kletni...@vt.edu wrote:
> How do you intend to *find* the agents
> who were hired at a government agency's under-the-table request that
> never had a written record that the company had access to?
By memories of those who are at the table.
M
On Sat, 02 Nov 2013 11:30:57 +0900, Masataka Ohta said:
> George Herbert wrote:
>
> > Anyone familiar with secure organizations will realize this as the
> > internal witch hunt problem.
>
> No hunting necessary to fire those agents who are hired at the
> request of NSA/CIA.
Do you *really* think t
On Fri, Nov 1, 2013 at 10:40 PM, joel jaeggli wrote:
> On Nov 1, 2013, at 7:06 PM, Harry Hoffman
> wrote:
> > That's with a recommendation of using RC4.
> it’s also with 1024 bit keys in the key exchange.
>
Better leverage quantum encryption tech to exchange those symmetric keys
securely; I w
On 11/01/2013 07:18 PM, Mike Lyon wrote:
So even if Goog or Yahoo encrypt their data between DCs, what stops
the NSA from decrypting that data? Or would it be done simply to make
their lives a bit more of a PiTA to get the data they want?
My bet is that when the said the were "partially" capa
On Fri, Nov 1, 2013 at 7:18 PM, Mike Lyon wrote:
> So even if Goog or Yahoo encrypt their data between DCs, what stops
> the NSA from decrypting that data? Or would it be done simply to make
> their lives a bit more of a PiTA to get the data they want?
>
> -Mike
>
I'm just gonna toss this URL o
> Head on over to the Wikipedia page for SSL/TLS and then decide if you
> want rc4 to be your preference when trying to defend against a
> adversary with the resources of a nation-state.
i got hit with the clue bat on this one.
we have kinda settled on allowing rc4 for smtp as the least preferred
-Original Message-
From: Mike Lyon [mailto:mike.l...@gmail.com]
Sent: Fri, November 01, 2013 9:19 pm
To: Harry Hoffman
Cc: Niels Bakker; nanog@nanog.org
Subject: Re: latest Snowden docs show NSA intercepts all Google and Yahoo
DC-to-DC traffic
So even if Goog or Yahoo encrypt their data between
On Nov 1, 2013, at 7:06 PM, Harry Hoffman wrote:
> That's with a recommendation of using RC4.
it’s also with 1024 bit keys in the key exchange.
> Head on over to the Wikipedia page for SSL/TLS and then decide if you want
> rc4 to be your preference when trying to defend against a adversary wi
> Sent: Friday, November 1, 2013 7:32 PM
> Subject: Re: latest Snowden docs show NSA intercepts all Google and Yahoo
> DC-to-DC traffic
>
> So, I'm not sure if I'm being too simple-minded in my response. Please
> let me know if I am.
> The purpose of encrypting data is so
On Nov 1, 2013, at 7:18 PM, Mike Lyon wrote:
> So even if Goog or Yahoo encrypt their data between DCs, what stops
> the NSA from decrypting that data? Or would it be done simply to make
> their lives a bit more of a PiTA to get the data they want?
Markhov chain text generators are cheap. Rath
So the latter, PITA, reason then...
-Mike
> On Nov 1, 2013, at 19:32, Harry Hoffman wrote:
>
> So, I'm not sure if I'm being too simple-minded in my response. Please let me
> know if I am.
> The purpose of encrypting data is so others can't read your secrets.
> If you use a simple substitutio
So, I'm not sure if I'm being too simple-minded in my response. Please let me
know if I am.
The purpose of encrypting data is so others can't read your secrets.
If you use a simple substitution cipher it's pretty easy to derive the set of
substitution rules used.
Stronger encryption algorithms em
George Herbert wrote:
> Anyone familiar with secure organizations will realize this as the
> internal witch hunt problem.
No hunting necessary to fire those agents who are hired at the
request of NSA/CIA.
It is also reasonable to fire those who are hired by the agents,
recursively.
So even if Goog or Yahoo encrypt their data between DCs, what stops
the NSA from decrypting that data? Or would it be done simply to make
their lives a bit more of a PiTA to get the data they want?
-Mike
> On Nov 1, 2013, at 19:08, Harry Hoffman wrote:
>
> That's with a recommendation of using
That's with a recommendation of using RC4.
Head on over to the Wikipedia page for SSL/TLS and then decide if you want rc4
to be your preference when trying to defend against a adversary with the
resources of a nation-state.
Cheers,
Harry
Niels Bakker wrote:
>* mi...@stillhq.com (Michael Still
> And zero documented proof. I'll just go ahead and put my tinfoil hat on
> for the remainder of this thread.
http://www.antipope.org/charlie/blog-static/2013/10/spook-century.html
--
According to Snowden, there are government agents at key
positions for managing security.
-
And zero documented proof. I'll just go ahead and put my tinfoil hat on
for the remainder of this thread.
On Fri, Nov 1, 2013 at 6:37 PM, Randy Bush wr
On Fri, Nov 1, 2013 at 4:37 PM, Randy Bush wrote:
> > Anyone familiar with secure organizations
>
> there are such things?
>
> we should be more cautious with absolutes, usually :)
>
Nothing is absolute, but there are certainly "white" organizations which
have no attempt to be secure, and much
> Anyone familiar with secure organizations
there are such things?
we should be more cautious with absolutes, usually :)
On Fri, Nov 1, 2013 at 4:01 PM, Masataka Ohta <
mo...@necom830.hpcl.titech.ac.jp> wrote:
> Anthony Junk wrote:
>
> > It seems as if both Yahoo and Google assumed that since they were
> > private circuits that they didn't have to encrypt.
>
> According to Snowden, there are government agents at key
Anthony Junk wrote:
> It seems as if both Yahoo and Google assumed that since they were
> private circuits that they didn't have to encrypt.
According to Snowden, there are government agents at key
positions for managing security.
When they declare the private circuits are secure, no one
else in
On Fri, Nov 1, 2013 at 3:26 PM, Niels Bakker wrote:
> * mi...@stillhq.com (Michael Still) [Fri 01 Nov 2013, 05:27 CET]:
>
> Its about the CPU cost of the crypto. I was once told the number of CPUs
>> required to do SSL on web search (which I have now forgotten) and it was a
>> bigger number than
* mi...@stillhq.com (Michael Still) [Fri 01 Nov 2013, 05:27 CET]:
Its about the CPU cost of the crypto. I was once told the number of
CPUs required to do SSL on web search (which I have now forgotten)
and it was a bigger number than you'd expect -- certainly hundreds.
False: https://www.imperi
On 11/1/13, 1:08 PM, "Gary Buhrmaster" wrote:
>On Fri, Nov 1, 2013 at 4:43 AM, Anthony Junk
>wrote:
>...
>> It seems as if both Yahoo and Google assumed that since they were
>>private
>> circuits that they didn't have to encrypt.
>
>I actually cannot see them assuming that. Google
>and Yahoo e
On Sat, November 2, 2013 6:44 am, David Miller wrote:
> On 11/01/2013 01:08 PM, Gary Buhrmaster wrote:
>> On Fri, Nov 1, 2013 at 4:43 AM, Anthony Junk
>> wrote:
>> ...
>>> It seems as if both Yahoo and Google assumed that since they were
>>> private
>>> circuits that they didn't have to encrypt.
>
> On 11/01/2013 01:08 PM, Gary Buhrmaster wrote:
[...]
>
> Given what we now know about the breadth of the NSA operations, and the
> likelihood that this is still only the tip of the iceberg - would anyone
> still point to NSA guidance on avoiding monitoring with any sort of
> confidence?
>
> The
I still have some one time pads if you are good writing fast ...
-J
On Fri, Nov 1, 2013 at 11:26 AM, Randy Bush wrote:
> > For encryption of traffic between datacenters;There should be very
> > little session setup and teardown (very few public key operations);
> > almost all the crypto l
On 11/01/2013 01:08 PM, Gary Buhrmaster wrote:
> On Fri, Nov 1, 2013 at 4:43 AM, Anthony Junk wrote:
> ...
>> It seems as if both Yahoo and Google assumed that since they were private
>> circuits that they didn't have to encrypt.
>
> I actually cannot see them assuming that. Google
> and Yahoo e
On Fri, Nov 1, 2013 at 4:43 AM, Anthony Junk wrote:
...
> It seems as if both Yahoo and Google assumed that since they were private
> circuits that they didn't have to encrypt.
I actually cannot see them assuming that. Google
and Yahoo engineers are smart, and taping fibres
has been well known f
> For encryption of traffic between datacenters;There should be very
> little session setup and teardown (very few public key operations);
> almost all the crypto load would be symmetric cryptography.
trivial at 9600 baud between google datacenters
>> http://ieeexplore.ieee.org/xpl/articleDetails.jsp?reload=true&arnumber=1494884
> They must be hiding their content, for fear that flaws be pointed
> out.
it's the ieee. what they're hiding is a last century business model.
randy
Hey expanoit,
There was a small part that jumped out at me when I read the article
earlier:
"In recent years, both of them are said to have bought
or leased thousands of miles of fiber-optic cables for their own exclusive
use. They had reason to think, insiders said, that their private, internal
r 31, 2013 8:27 PM
To: Jimmy Hess
Cc: NANOG
Subject: Re: latest Snowden docs show NSA intercepts all Google and Yahoo
DC-to-DC traffic
On Thu, Oct 31, 2013 at 5:53 PM, Jimmy Hess wrote:
> On Thu, Oct 31, 2013 at 7:24 PM, Matthew Petach
wrote:
>
>> On Thu, Oct 31, 2013 at 7:02 AM, Ray
On Thu, Oct 31, 2013 at 11:26 PM, Michael Still wrote:
> [snip]
>
> Its about the CPU cost of the crypto. I was once told the number of
> CPUs required to do SSL on web search (which I have now forgotten) and
> it was a bigger number than you'd expect -- certainly hundreds.
>
So, crypto costs m
On Fri, Nov 1, 2013 at 1:48 PM, explanoit wrote:
> As a top-posting IT generalist pleb, can someone explain why Google/Yahoo
> did not already encrypt their data between DCs?
> Why is my data encrypted over the internet from my computer to theirs, but
> they don't encrypt the data when it goes out
As a top-posting IT generalist pleb, can someone explain why
Google/Yahoo did not already encrypt their data between DCs?
Why is my data encrypted over the internet from my computer to theirs,
but they don't encrypt the data when it goes outside their building and
all the fancy access controls t
On Thu, Oct 31, 2013 at 5:53 PM, Jimmy Hess wrote:
> On Thu, Oct 31, 2013 at 7:24 PM, Matthew Petach wrote:
>
>> On Thu, Oct 31, 2013 at 7:02 AM, Ray Soucy wrote:
>> > Was the unplanned L3 DF maintenance that took place on Tuesday a frantic
>> > removal of taps? :-)
>>
> No need for intrusive te
On Thu, Oct 31, 2013 at 7:24 PM, Matthew Petach wrote:
> On Thu, Oct 31, 2013 at 7:02 AM, Ray Soucy wrote:
> > Was the unplanned L3 DF maintenance that took place on Tuesday a frantic
> > removal of taps? :-)
>
No need for intrusive techniques such as direct taps:
>
> http://ieeexplore.ieee.org/x
On Thu, Oct 31, 2013 at 7:02 AM, Ray Soucy wrote:
> Was the unplanned L3 DF maintenance that took place on Tuesday a frantic
> removal of taps? :-)
>
No need for intrusive techniques such as direct taps:
http://ieeexplore.ieee.org/xpl/articleDetails.jsp?reload=true&arnumber=1494884
"Of all the
Was the unplanned L3 DF maintenance that took place on Tuesday a frantic
removal of taps? :-)
On Wed, Oct 30, 2013 at 3:30 PM, Scott Weeks wrote:
> On Wed, Oct 30, 2013 at 1:46 PM, Jacque O'Lantern <
> jacque.olant...@yandex.com> wrote:
>
> >
> http://www.washingtonpost.com/world/national-secur
On Wed, Oct 30, 2013 at 1:46 PM, Jacque O'Lantern <
jacque.olant...@yandex.com> wrote:
> http://www.washingtonpost.com/world/national-security/nsa-infiltrates-links-to-yahoo-google-data-centers-worldwide-snowden-documents-say/2013/10/30/e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html
--- brandon
Google is speeding up its initiative to encrypt all DC to DC traffic, as
this was suspected a short time ago.
http://www.informationweek.com/security/government/nsa-fallout-google-speeds-data-encryptio/240161070
On Wed, Oct 30, 2013 at 1:46 PM, Jacque O'Lantern <
jacque.olant...@yandex.com> wrot
http://www.washingtonpost.com/world/national-security/nsa-infiltrates-links-to-yahoo-google-data-centers-worldwide-snowden-documents-say/2013/10/30/e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html
48 matches
Mail list logo
