Yes, it's not at all clear from these stories just what was
going on or how high tech the attack would have to be. What does
diverting to a prepaid mobile mean? Here's a possibility:
they social engineered or otherwise compromised the target account
to assigned it a new telephone number and
Steven M. Bellovin [EMAIL PROTECTED] wrote:
I hate to play clipping service, but this story is too important not to
mention. Many top Greek officials, including the Prime Minister, and
the U.S. embassy had their mobile phones tapped. What makes this
interesting is how it was done:
I've often commented about how awful Chase's send our customers
emails telling them to click on links policy is, but tonight I got
one from them exhorting me to sign up for an identity theft protection
plan.
The irony is delicious.
Perry
In the FBI's public statement about Hannsen, they relate how he used a 3.5
floppy in 40 track mode to store data, but if it was read in the
ordinay way it
would appear blank. IIRC, high-density floppies are 80 tracks per inch, and
double density were 40 tpi. So, how do you suppose this trick
On 2/3/06, Jaap-Henk Hoepman [EMAIL PROTECTED] wrote:
could this be
done using phone conference facilities?
Good guess!
http://www.schneier.com/blog/archives/2006/02/phone_tapping_i.html
``The code tapped into the conference call system. It conference
called phone calls to 14 prepaid mobile
Assume that one is the sole user of a LAN and that the 10-20 machines
on this network have a need for unpredictable numbers.
Assume further that it is not cost-effective to furnish each with a
HWRNG, even one as inexpensive as a sound card (for example, they may
not have a spare slot on the
Perry E. Metzger wrote:
All phone switches, thanks to the US government's CALEA rules, are
equipped with software that makes espionage easy. Whether that
software was abused in this instance, I do not know, but I will point
out that any switch sold in the US -- which is to say most switches
Travis H. [EMAIL PROTECTED] writes:
That leaves me with the following design:
That random numbers be sent en clair from the system that can generate
them to the system that needs them, where they are decrypted using a
random key (generated locally by /dev/random) and fed into the system
that
Matt Blaze wrote:
Yes, it's not at all clear from these stories just what was
going on or how high tech the attack would have to be. What does
diverting to a prepaid mobile mean?
There is more information in Bruce Scheier's blog entry and his links to blog
and news articles. It hit slashdot
On Sat, 4 Feb 2006, Travis H. wrote:
Suppose that /dev/random is too slow (SHA-1 was never meant to
generate a lot of output) because one of these machines wishes to
generate a large file for use as a one-time pad*. That leaves
distributing bits.
* /dev/random's output is limited by
Travis H. wrote:
In the FBI's public statement about Hannsen, they relate how he used a 3.5
floppy in 40 track mode to store data, but if it was read in the ordinay
way it would appear blank. IIRC, high-density floppies are 80 tracks per
inch, and double density were 40 tpi. So, how do you
11 matches
Mail list logo