[liberationtech] DecryptoCat
Jacob Appelbaum
jacob at appelbaum.net
Tue Jul 9 06:45:35 PDT 2013
Maxim Kammerer:
> On Tue, Jul 9, 2013 at 11:39 AM, Michael Rogers
> <michael at briarproject.org> wrote:
>> Google and Mozilla wouldn't have to run
>> competitions to find holes in their own browsers. There wouldn't be a
>> multi-million-dollar 0day black market.
>
> You are talking about huge projects with complex design, where the
> architecture itself is a source of security issues. Not to mention
> that WebKit and Mozilla weren't engineered for security to begin with.
>
>> It wouldn't be possible for
>> the NSA (according to Snowden) to "simply own" the computer of any
>> person of interest.
>
> Offtopic, but I didn't see any indication in that last paragraph of
> Jacob's interview that Snowden talks about exploiting computers. In
> general, Snowden for some reason is usually terribly vague for someone
> who apparently exhibits excellent command of English language (from my
> non-native speaker's POV).
I think he very clearly stated it:
Interviewer: What happens after the NSA targets a user?
Snowden: They're just owned. An analyst will get a daily (or scheduled
based on exfiltration summary) report on what changed on the system,
PCAPS 9 of leftover data that wasn't understood by the automated
dissectors, and so forth. It's up to the analyst to do whatever they
want at that point -- the target's machine doesn't belong to them
anymore, it belongs to the US government.
If it isn't clear - he is saying that once a user is targeted for
surveillance - their computer systems (and networks) are compromised by
the NSA in a variety of ways. This includes memory corruption bugs,
obviously.
>
>> Writing secure software is much, much harder than simply writing
>> comments, writing tests and coding defensively.
>
> This is a thread about Cryptocat. Cryptocat is a web frontend for a
> couple of protocols. Yes, it is that easy.
The protocol that has the most trouble is the homebrewed multi-party
crypto. Though some of the underlying bits obviously impact the rest of it.
All the best,
Jacob
More information about the liberationtech
mailing list