Re: The CIA mentions us

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mar 10, 2017, at 9:02 PM, Stephen Farrell <stephen.farrell@xxxxxxxxx> wrote:
I don't think your optimistic conclusion here follows, for two
reasons. Firstly, we've seen that the adversary here is not
driven by economic concerns and will attack not just a weakest
link, but all possible targets they can afford given their very
very large budgets. [...]

And while I do think that the actions that many people in the
Internet community and in the IETF have taken have probably
made pervasive monitoring harder and/or more costly, I do not
think that's really that relevant to this particular leak. In
this case, I think the much more interesting thing is that
this is yet another demonstration that attack code that is
intended to be used for attacks (as opposed to demonstration)
is in the end hugely counter-productive. (And immoral too IMO,
but I'd not claim that we all need to agree with that last;-)

True   OTOH, there's a good editorial in the NY Times recently that speaks to the points you've raised: https://www.nytimes.com/2017/03/09/opinion/the-truth-about-the-wikileaks-cia-cache.html

I think the main thing is that yes, of course, a state actor with unlimited resources can hack every hackable device indiscriminately.   But widespread encryption means that they have to do that.   And doing that is _much_ harder than intercepting passively, and more importantly, it's more detectable.   I am surprised that you find my response optimistic.   I feel pretty cynical about the situation.   I just believe that we have done some things that have improved matters, and that's worth mentioning.

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]