Le lundi 28 janvier 2019 à 13:08 -0800, goldsm...@riseup.net a écrit :
> To Alexandre Belgrand   
> I'm intrigued how you know can catagorically state "CAs and GNU/Linux
> distributions are #1 targets for national
> intelligence agencies". This is classified information and therefore
> only available to a "Spook". Otherwise, it's entered the public
> domain
> via say a whistle blower like Ed Snowden. If that's how you came upon
> it, please state the source and location. 

I am not a whistle blower, but I believe that all CAs and GNU/Linux
distributions are primary targets for Intelligence agencies. This is
not secret, this is why I am writing it, sitting behind my real IP. 

You will find this information on Internet. Look for the recent
problems with China for example.

Stealing root certificates allow Intelligence agencies to set-up mirage
Internet : i.e. decrypt SSL/crypted content and present modified
content to the user and make man-in-the-middle attack.

Think about Debian private keys. The keys are stored on a server in a
datacenter, not even on smartcards. What can stop a remote attacker
with a remote console (either directly or using Intel ME) from stealing
the keys and then breaking password using a keylogger in Intel ME.
Answer : nothing can stop a local government from doing so.

Think about SSL X509 certificates. To deliver encrypted content, the
private key has to be on the server. You only need serial console
access to steal the private key. 

The only solution is to compile the same bytecode and verifying hashes
online, but Debian is lagging behind important patches, because they
don't understand what already happened.

You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to