Re: [liberationtech] In his own words: Confessions of a cyber warrior
On Wed, Jul 10, 2013 at 08:00:03PM -0400, Tom Ritter wrote: On 10 July 2013 09:43, Jacob Appelbaum ja...@appelbaum.net wrote: Andreas Bader: Tens of thousands zero-days; that sounds like totally shit. That guy seems to be a script kiddie poser, nothing more. Are there any real hackers that can issue a competent statement to that? I couldn't disagree more. This sounds consistent with the current arms race and also relates directly to the 0day markets that have been active for many many years. Remember though: buying 0day bugs or exploits for 0day is just one part of a much larger picture. I cautiously disagree with Andreas also, but from a different angle. I don't have any insider knowledge obviously. But if the tens of thousands figure included 'soft targets': - OEM Software like printer drivers, graphics drivers, or the preinstalled crud you get when you buy something from Best Buy Much more importantly, commercial software deployed in vertical markets. The secure notes application that a psychiatrist uses to track their clients. Document management for military and energy system engineering designs. Database systems. NFS and SAN management tools. Chemical plant management systems (Stuxnet!). FedEx's outsourced logistics products. There are probably 10,000 interesting *applications*. (There are certainly 2,000 interesting apps.) If the cyber war fighters don't have at least one 0day per app, they're not doing their job (as it's been tasked to them by their chain of command... I disagree with that tasking and the justifications behind it, but look at the situation from the colonels on down.) -andy -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] In his own words: Confessions of a cyber warrior
Eugen Leitl: Grimes: How many exploits does your unit have access to? Cyber warrior: Literally tens of thousands -- it's more than that. We have tens of thousands of ready-to-use bugs in single applications, single operating systems. Grimes: Is most of it zero-days? Cyber warrior: It's all zero-days. Literally, if you can name the software or the controller, we have ways to exploit it. There is no software that isn't easily crackable. In the last few years, every publicly known and patched bug makes almost no impact on us. They aren't scratching the surface. Tens of thousands zero-days; that sounds like totally shit. That guy seems to be a script kiddie poser, nothing more. Are there any real hackers that can issue a competent statement to that? Andreas -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] In his own words: Confessions of a cyber warrior
On Wed, Jul 10, 2013 at 11:03:50AM +, Andreas Bader wrote: Tens of thousands zero-days; that sounds like totally shit. That guy seems to be a script kiddie poser, nothing more. Are there any real hackers that can issue a competent statement to that? See http://blog.fefe.de/ -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] In his own words: Confessions of a cyber warrior
Andreas Bader: Eugen Leitl: Grimes: How many exploits does your unit have access to? Cyber warrior: Literally tens of thousands -- it's more than that. We have tens of thousands of ready-to-use bugs in single applications, single operating systems. Grimes: Is most of it zero-days? Cyber warrior: It's all zero-days. Literally, if you can name the software or the controller, we have ways to exploit it. There is no software that isn't easily crackable. In the last few years, every publicly known and patched bug makes almost no impact on us. They aren't scratching the surface. Tens of thousands zero-days; that sounds like totally shit. That guy seems to be a script kiddie poser, nothing more. Are there any real hackers that can issue a competent statement to that? I couldn't disagree more. This sounds consistent with the current arms race and also relates directly to the 0day markets that have been active for many many years. Remember though: buying 0day bugs or exploits for 0day is just one part of a much larger picture. All the best, Jacob -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] In his own words: Confessions of a cyber warrior
This may be true, but what is undeniable is that this guy is a bit braggart... I mean, yes, they may have tons of 0days, but in which software? In my aunt's software perhaps... But if government is paying 100k for an iOS 0day [cite needed] what are you telling me... ? I suppose it's a partial truth. gpg --keyserver pgp.mit.edu --search-keys EEE5A447http://pgp.mit.edu:11371/pks/lookup?search=0xEEE5A447op=vindex Date: Wed, 10 Jul 2013 13:43:01 + From: ja...@appelbaum.net To: liberationtech@lists.stanford.edu Subject: Re: [liberationtech] In his own words: Confessions of a cyber warrior Andreas Bader: Eugen Leitl: Grimes: How many exploits does your unit have access to? Cyber warrior: Literally tens of thousands -- it's more than that. We have tens of thousands of ready-to-use bugs in single applications, single operating systems. Grimes: Is most of it zero-days? Cyber warrior: It's all zero-days. Literally, if you can name the software or the controller, we have ways to exploit it. There is no software that isn't easily crackable. In the last few years, every publicly known and patched bug makes almost no impact on us. They aren't scratching the surface. Tens of thousands zero-days; that sounds like totally shit. That guy seems to be a script kiddie poser, nothing more. Are there any real hackers that can issue a competent statement to that? I couldn't disagree more. This sounds consistent with the current arms race and also relates directly to the 0day markets that have been active for many many years. Remember though: buying 0day bugs or exploits for 0day is just one part of a much larger picture. All the best, Jacob -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] In his own words: Confessions of a cyber warrior
On 07/10/2013 04:45 AM, Eugen Leitl wrote: http://www.infoworld.com/print/66 In his own words: Confessions of a cyber warrior By Roger A. Grimes Created 2013-07-09 03:00AM Much of the world is just learning that every major industrialized nation has a state-sponsored cyber army [1] -- though many of the groups, including team USA, have been around for decades. This is an interesting article but it just doesn't quite ring totally true. The guy just seems a bit to script kiddie to be legit. He reminds me a lot of that Iranian hacker who hacked Comodo a while back. Too much bravado to be believable IMHO. Me -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] In his own words: Confessions of a cyber warrior
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 07/10/2013 08:08 AM, Eugen Leitl wrote: See http://blog.fefe.de/ *** Agreed, that seems to be a PsyOp to scare hackers away from the US State secrets, or hire young kids. Very badly done though. If that super elite guy is so meticulous about keeping his anonymity, and never got caught bypassing security systems, he certainly does not care about remaining anonymous to his employer: how many cyber warriors are there - among 5000, - stationed in Northern Virginia, - a foreigner from a country where Radio Shack operates, - a drop out at 15, - a musician in a hardcore rap/EDM band, - who went to Florida in the last month. C'm'on. If that is not sanctioned by his hierarchy, the smart guy just put himself in trouble (or maybe he wanted to be able to retire earlier). All that is certain about this piece is that Cyber Command hires people looking for money, without ethics, and who prefer toying with great technology rather than caring about the world in which they're supposed to live. Who's the advertising company? == hk -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iQIcBAEBCgAGBQJR3YL8AAoJEEgGw2P8GJg9dqsP/iPZ6GPb+N5LKd6i0gudQNnF d97Suuxn54S2ngG9PcRSnb3FVJ60khBSHyVUPWXLlKgCBp35TjafqA/SLhQlWCdx AYHYlRe0suVETDX2+Jjtj3iwrDf0wkXCkfCXizpaRGg/+zX/LGMexnU/djBRlDNk bcwsJu1LOps4LZhzFWm3ZiYb0dNQNyKDjSPdu3EOsEFIZZ+oW5DRY0U+LCpONrA+ BbtOWtmUUN1Z2GF6LJq0g0EAaKRmaDpuapSZmPxfvrwL25886xqCpeWXHk/iG7qa 5+kGdC28eIAx5vxpl9DYe6uL929MdEfImI/Pls6ZLAaYaLJT7tUe53QzQHnutoX7 qP2a+5cCyWQFUo3VI9BV6zr1443Yg1OVqt3Aa8Ua6QaR4f4Yr226W+Dj+XAqcMJ0 sLxRJljs4u1U0pFOKRTP5lUMzYM9saqtabRUwRKlSVIUIFlsTZ8Lgjugd+Tz713j dD2XfKu1RDUi+qzv8xhoJvH4lMxrq4rWObcnOn7Yvpyb8DE707cRbJLz/WyOBzQ9 Byz1vRl2tpw6SkkB18Khw7ZDg8NRssiapzczvH/QojcWSPwEY/uOsKvW0uOLxzBa r2C6OjdQvbpJFFEyRB2ZuWTRaizhMidv+at5vpRHUDVhAOKXgQrqrsouPR1NXryU 5sF2iZ8XtG629vGGnJzw =0kmY -END PGP SIGNATURE- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] In his own words: Confessions of a cyber warrior
Jacob Appelbaum: Andreas Bader: Eugen Leitl: Grimes: How many exploits does your unit have access to? Cyber warrior: Literally tens of thousands -- it's more than that. We have tens of thousands of ready-to-use bugs in single applications, single operating systems. Grimes: Is most of it zero-days? Cyber warrior: It's all zero-days. Literally, if you can name the software or the controller, we have ways to exploit it. There is no software that isn't easily crackable. In the last few years, every publicly known and patched bug makes almost no impact on us. They aren't scratching the surface. Tens of thousands zero-days; that sounds like totally shit. That guy seems to be a script kiddie poser, nothing more. Are there any real hackers that can issue a competent statement to that? I couldn't disagree more. This sounds consistent with the current arms race and also relates directly to the 0day markets that have been active for many many years. Remember though: buying 0day bugs or exploits for 0day is just one part of a much larger picture. I have to agree here with you. The 0day market is booming and we have a very unclear picture as of now on the magnitude of that market. However, there is something weird in this guy statement. With my experience, finding exploitable 0days for known software is not that trivial, it takes time and effort. Now, creating a working exploit (preferably remotely of course) is also very difficult! He goes on stating: I would hack the software and create buffer overflow exploits. I was pretty good at this. There wasn't a piece of software I couldn't break. It's not hard. To be honest, for my self being a person that does security contest for years now (Defcon, iCTF, csaw, etc...) and in security communities, someone speaking like that is a bit of a red flag in terms of deep knowledge of software/OS exploitation (especially OS exploits). 0day development is not an easy business (like he is picturing it). From friends in the reverse engineering field (AV corp.), a *lot* of people are doing that full time in Russia for malware development and word! it takes time, experience and knowledgeable people. In a nutshell, in my opinion, this interview looks more like a guy that wants to flash rather then the real truth. There is SURELY true stuff in there but I doubt seriously the part about the extent of 0day and bugs development. This is just too fishy to be serious... anyway that should not mean we should not take this seriously! Cheers! David All the best, Jacob -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] In his own words: Confessions of a cyber warrior
On Wed, Jul 10, 2013 at 4:43 PM, Jacob Appelbaum ja...@appelbaum.net wrote: I couldn't disagree more. This sounds consistent with the current arms race and also relates directly to the 0day markets that have been active for many many years. Remember though: buying 0day bugs or exploits for 0day is just one part of a much larger picture. The interview is either a hoax or an exaggerated “hunting story”, for two primary reasons: number of employees, and number of exploits. Militiaries have a huge problem recruiting cyber ops specialists at present, and most of the recruited are not even remotely good. At the moment, the whole of USA has just 4 colleges certified by NSA to teach offensive security (CAE-CO) [1]. USCYBERCOM has “close to 750 employees” [2]. For the level of skill described, all of US military might have, I don't know, 50 senior specialists? Why would this guy work via a staffing company, in a team of 5000, in an unmarked building? What's there to protect by obscuring their work? They need to reside inside some TEMPEST-resistant installation at a military base, especially if they work with classified equipment, etc. The number of 0-days and rate of their production don't make sense either. Unless 0-days are purchased exclusively in order to deny them to the enemy (which doesn't seem to be the case), the exploits wouldn't cost hundreds of thousands of USD each. [1] http://www.nsa.gov/academia/nat_cae_cyber_ops/index.shtml [2] http://abcnews.go.com/Technology/pentagon-cyber-command-unit-recommended-elevated-combatant-status/story?id=16262052 -- Maxim Kammerer Liberté Linux: http://dee.su/liberte -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] In his own words: Confessions of a cyber warrior
1. The NSA center of excellence program is not really that important. If you look carefully, they are mainly 2 year community colleges located near Army bases that give basic sysadmin training. This is good and necessary, but don't get fooled into thinking that they are training the highly skilled cyber operations people. They are training low level IT support mainly. 2. There is a growing outsourcing of intel and cyber work. You could look at some of the Washington Post articles on the large number of companies and facilities doing classified work. Northern Virginia has more tech workers now than silicon valley. There are lots of SCIFS available for cyber work. 3. 0-days are not bought to deny them to the enemy. They are bought for integration into things like stuxnet. There are a large number of contracting companies with a highly skilled workforce in this domain. There are also other branches of the government with expertise... On 07/10/2013 06:46 PM, Maxim Kammerer wrote: On Wed, Jul 10, 2013 at 4:43 PM, Jacob Appelbaum ja...@appelbaum.net wrote: I couldn't disagree more. This sounds consistent with the current arms race and also relates directly to the 0day markets that have been active for many many years. Remember though: buying 0day bugs or exploits for 0day is just one part of a much larger picture. The interview is either a hoax or an exaggerated “hunting story”, for two primary reasons: number of employees, and number of exploits. Militiaries have a huge problem recruiting cyber ops specialists at present, and most of the recruited are not even remotely good. At the moment, the whole of USA has just 4 colleges certified by NSA to teach offensive security (CAE-CO) [1]. USCYBERCOM has “close to 750 employees” [2]. For the level of skill described, all of US military might have, I don't know, 50 senior specialists? Why would this guy work via a staffing company, in a team of 5000, in an unmarked building? What's there to protect by obscuring their work? They need to reside inside some TEMPEST-resistant installation at a military base, especially if they work with classified equipment, etc. The number of 0-days and rate of their production don't make sense either. Unless 0-days are purchased exclusively in order to deny them to the enemy (which doesn't seem to be the case), the exploits wouldn't cost hundreds of thousands of USD each. [1] http://www.nsa.gov/academia/nat_cae_cyber_ops/index.shtml [2] http://abcnews.go.com/Technology/pentagon-cyber-command-unit-recommended-elevated-combatant-status/story?id=16262052 -- Maxim Kammerer Liberté Linux: http://dee.su/liberte -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] In his own words: Confessions of a cyber warrior
On 10 July 2013 09:43, Jacob Appelbaum ja...@appelbaum.net wrote: Andreas Bader: Tens of thousands zero-days; that sounds like totally shit. That guy seems to be a script kiddie poser, nothing more. Are there any real hackers that can issue a competent statement to that? I couldn't disagree more. This sounds consistent with the current arms race and also relates directly to the 0day markets that have been active for many many years. Remember though: buying 0day bugs or exploits for 0day is just one part of a much larger picture. I cautiously disagree with Andreas also, but from a different angle. I don't have any insider knowledge obviously. But if the tens of thousands figure included 'soft targets': - OEM Software like printer drivers, graphics drivers, or the preinstalled crud you get when you buy something from Best Buy - Open Office - Realplayer, VLC, and other media players - Lotus Notes - SCADA - eDonkey or whatever the non-bittorrent P2P stuff is today - random non-default installs of servers (who uses X11 on the open internet these days?) ...Then I could see a tens of thousands figure. But if someone said they had more than, say, 250 completely distinct, weaponized exploits for a fully up to date target like Apache, Chrome, Windows 7/8, Apple iOS, IE9 - I would be more skeptical. Only because I think if they were that easy to come by, the price list we know of[0] would be lower. 250 * $100,000 = $25Mil. And while I wouldn't put it past a government to jump at that offer - my gut, which could be wrong, says those types of exploits are rarer. For example: Think 1 poorly-exploited IE 0day is scary? Our feed has 4 reliable ones on Win7. Defenders should be scared of attacks that don't make news.[1]. Four is a lot. But it's not 100, and it's not 10,000. -tom [0] http://www.forbes.com/sites/andygreenberg/2012/03/23/shopping-for-zero-days-an-price-list-for-hackers-secret-software-exploits/ [1] https://twitter.com/ExodusIntel/status/286731662316937217 -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] In his own words: Confessions of a cyber warrior
On Wed, Jul 10, 2013 at 6:46 PM, Maxim Kammerer m...@dee.su wrote: On Wed, Jul 10, 2013 at 4:43 PM, Jacob Appelbaum ja...@appelbaum.net wrote: I couldn't disagree more. This sounds consistent with the current arms race and also relates directly to the 0day markets that have been active for many many years. Remember though: buying 0day bugs or exploits for 0day is just one part of a much larger picture. The interview is either a hoax or an exaggerated “hunting story”, for two primary reasons: number of employees, and number of exploits. Militiaries have a huge problem recruiting cyber ops specialists at present, and most of the recruited are not even remotely good. At the moment, the whole of USA has just 4 colleges certified by NSA to teach offensive security (CAE-CO) [1]. USCYBERCOM has “close to 750 employees” [2]. For the level of skill described, all of US military might have, I don't know, 50 senior specialists? Why would this guy work via a staffing company, in a team of 5000, in an unmarked building? My brother works for CCA. He works for the Office of the Secretary of Defence. He has worked for something having to do with MI since the 60s, and in 1979, a friend at MITRE at the MIT Strategic Games Society who vetted people for what clearances they have told me, Tell me your brother's name/rank and where he's stationed, and I'll tell you his clearances. So, the next weekend, my friend comes back looking a little creeped out, takes me in a corner and says, I've never had this happen before, but when I checked your bro? It said, 'Please establish a need to know; this transaction has been logged.' The last business card I saw for him was when he'd mustered out and was consulting at Quantico, and his card said, in English on one side, and Korean on the other, Master Wargamer. OK, I have to confess, I had title lust. We have interesting holiday dinners not talking about our work. He works at some facility uphill from Provo CO. Maybe it's Prism? I wouldn't know. We don't talk. None of my information is from him. I wouldn't do that to him. I am very careful. However, I do know that if he is like most CCA, Booz Allen, and other such folks with clearances like his he works in very large facilities. They are unremarkable. They are full of secretaries and file clerks and accountants and all the usual sorts of people that you would expect in any big IT company. They all, I imagine, work for big beltway-style consultants, not the military. His daughter does. His wife does. They have top secret clearances, too. They are not arch geeks. I did not see in that story that it said that all 5000 of the people were cyberwarriors. FOUR MILLION PEOPLE in the USA hold top secret clearances. http://www.washingtonpost.com/blogs/worldviews/wp/2013/06/12/top-secret-clearance-holders-so-numerous-they-include-packerscraters/ This is why. You work in one of these unmarked beltway buildings, you have to have a top secret clearance to get by the two levels of gate security to get up the drive to the parking area. They are fully staffed office buildings. As the story reports, they have mailroom staff with top secret clearances to move crates. Cyberwarrior types (even peaceful ones) don't tend to want to do their own paperwork. I think I have reason to know this...:) I wonder if it's wise to pick this story apart in such great detail when the very noir-storytelling flavored piece had so little detail described by the journalist himself? Did the journalist have anything he stated? Was he able to verify anything? No. He could not fact check. He was doing a character study, don't you think, not an investigative piece. Perhaps it was meant to portray a picture of the personality of the cyberwarrior type we are hiring, and an image of how tweaky that life is. Which I believe it succeeded in very well. But as a journalist you can't exactly say, Look how egotistically tweaky this dude is! without jeopardizing further stories, amiright? So perhaps the journalist is giving you as the reader a little credit for reading between the lines, intelligently (that being the root of the word: inter for between, and legens for reading), to figure out what exactly you can draw as credible or not, but the point may be -- omg, this is what we're grabbing for our cream of the crop? Don't shoot the messenger. It's an interesting message if you don't dissect it too finely. yrs, -- Shava Nerad shav...@gmail.com -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] In his own words: Confessions of a cyber warrior
On Thu, Jul 11, 2013 at 2:28 AM, Richard Brooks r...@acm.org wrote: 1. The NSA center of excellence program is not really that important. If you look carefully, they are mainly 2 year community colleges located near Army bases that give basic sysadmin training. This is good and necessary, but don't get fooled into thinking that they are training the highly skilled cyber operations people. They are training low level IT support mainly. I have no illusions wrt. quality of higher education in USA, but these colleges definitely do not aim for “basic sysadmin training”. You can read more about their approach here: [1]. Maybe you are thinking about NSA Information Assurance programs [2], with many participating colleges. [1] http://dx.doi.org/10.1109/MSP.2012.117 [2] http://www.nsa.gov/ia/academic_outreach/nat_cae/institutions.shtml 2. There is a growing outsourcing of intel and cyber work. You could look at some of the Washington Post articles on the large number of companies and facilities doing classified work. Northern Virginia has more tech workers now than silicon valley. There are lots of SCIFS available for cyber work. If I understand correctly, expansion of outsourcing in NSA started post-9/11. The guy in the interview is supposed to have been doing this for much longer. But it's a possibility, sure, although I still find a team of 5000 expert exploit writers hardly a believable figure. 3. 0-days are not bought to deny them to the enemy. They are bought for integration into things like stuxnet. Which had four 0-days. With the outstanding importance assigned to the project, I would expect them to lose count of 0-days stuffed inside if they really had “tens of thousands” of those. -- Maxim Kammerer Liberté Linux: http://dee.su/liberte -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] In his own words: Confessions of a cyber warrior
On Thu, Jul 11, 2013 at 3:22 AM, Shava Nerad shav...@gmail.com wrote: So perhaps the journalist is giving you as the reader a little credit for reading between the lines, intelligently (that being the root of the word: inter for between, and legens for reading), to figure out what exactly you can draw as credible or not, but the point may be -- omg, this is what we're grabbing for our cream of the crop? The problem is that when you try to read between the lines, the whole story looks like it was sucked out of author's index finger, after reading the Wikipedia article on NSA and viewing a few YouTube videos about hacker communities. He would learn about backdoors in encryption equipment by ordering their manuals? Where from, exactly, would he order such classified material? How would he search for backdoors if all radios since 70's are modularized, and manuals for sensitive equipment certainly wouldn't contain schematics for the modules inside? Does the writer have any idea how rare it is for someone to be really good at both hardware and software hacking? Or how unlikely it is for a high-school dropout to be able to break even the simplest frequency hopping encryption? Etc. -- Maxim Kammerer Liberté Linux: http://dee.su/liberte -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] In his own words: Confessions of a cyber warrior
On Wed, Jul 10, 2013 at 5:00 PM, Tom Ritter t...@ritter.vg wrote: ... if the tens of thousands figure included 'soft targets': [lots of soft targets...] ...Then I could see a tens of thousands figure. But if someone said they had more than, say, 250 completely distinct, weaponized exploits for a fully up to date target like Apache, Chrome, Windows 7/8, Apple iOS, IE9 - I would be more skeptical. also consider that exploitable vulnerabilities in all of the above (mainly soft, but also other target systems) identified by the large scale, customized fuzzing systems discussed in the interview are just the first stage in a useful, fully weaponized exploit. this piece may describe the collective set of vulnerabilities over time in the best interpretation possible; the implications are still clear: any commercial system you are using is likely exploitable now in multiple ways, and potentially in the future thousands of ways. as an observer, it is most interesting to me to see the evolution of focus of these exploits, and how they are utilized. the rare public glimpses into these efforts are interesting and instructive. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] In his own words: Confessions of a cyber warrior
On Wed, Jul 10, 2013 at 5:58 PM, Maxim Kammerer m...@dee.su wrote: ... He would learn about backdoors in encryption equipment by ordering their manuals? Where from, exactly, would he order such classified material? i'm not defending this individual specifically, but this is not at all unreasonable. consider P25 systems frequently used with null keys [0] - you may not be breaking the encryption, but knowledge of how communications may be encrypted by default is just as effective. ... Does the writer have any idea how rare it is for someone to be really good at both hardware and software hacking? this is not unusual to me. it is like saying do you know how rare it is for someone to be really good at both lock picking and software exploitation? ... not rare. (or perhaps our definitions vary - talented hackers are rare relative to human population ;) Or how unlikely it is for a high-school dropout to be able to break even the simplest frequency hopping encryption? we could craft a list. it would not be short. again: not defending this particular individual but the assertions above are not legitimate. best regards, 0. http://www.crypto.com/papers/p25sec.pdf -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech