On 2019-01-28 21:51, Alexandre Belgrand wrote: > Le lundi 28 janvier 2019 à 13:08 -0800, goldsm...@riseup.net a écrit : >> To Alexandre Belgrand >> >> I'm intrigued how you know can catagorically state "CAs and GNU/Linux >> distributions are #1 targets for national >> intelligence agencies". This is classified information and therefore >> only available to a "Spook". Otherwise, it's entered the public >> domain >> via say a whistle blower like Ed Snowden. If that's how you came upon >> it, please state the source and location. > > I am not a whistle blower, but I believe that all CAs and GNU/Linux > distributions are primary targets for Intelligence agencies. This is > not secret, this is why I am writing it, sitting behind my real IP. > > You will find this information on Internet. Look for the recent > problems with China for example. > > Stealing root certificates allow Intelligence agencies to set-up mirage > Internet : i.e. decrypt SSL/crypted content and present modified > content to the user and make man-in-the-middle attack. > > Think about Debian private keys. The keys are stored on a server in a > datacenter, not even on smartcards. What can stop a remote attacker > with a remote console (either directly or using Intel ME) from stealing > the keys and then breaking password using a keylogger in Intel ME. > Answer : nothing can stop a local government from doing so. > > Think about SSL X509 certificates. To deliver encrypted content, the > private key has to be on the server. You only need serial console > access to steal the private key. > > The only solution is to compile the same bytecode and verifying hashes > online, but Debian is lagging behind important patches, because they > don't understand what already happened.
To Alexandre So you found this stuff on the internet and were gullible enough to swallow it, hook line and sinker, without first verifying its authenticity. I suppose your allegations against the Debian Team's security keys are based on equally unstable foundations. The making of serious random and unsolicited allegations with the intention of scaremongering, could be described as TROLLING. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to email@example.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0efc60370976fc6e0e12530b8a9c89e1%40riseup.net. For more options, visit https://groups.google.com/d/optout.