Re: National Security Backdoor in telnetd - all versions.

From: Au Naturel Productions (w_e_b_m_a_s_t_e_r_at_IDONTLIKESPAMa_n_p-i_n_c.net)
Date: 08/28/03 

Date: Thu, 28 Aug 2003 14:24:59 -0400

On Thu, 28 Aug 2003 13:17:21 +0000, Nico Kadel-Garcia wrote:

> Follow the lawsuits.

Yes usually brought by those who are fishing to find out what is really
happening, but end up having no clue to begin with. They also end up being
out of their league with what some projects actually are.
 
> Sure, they should. They need to have a half-life. The Swedish model is
<snip>
> declared so if asked for. And even then, there has to be an expiration date.

The US Military's documents are placed under classified structure by a
different rules. Believe me, there are good reasons for doing this.
 
> I'm living in Boston. We've *seen* what happens when federal "security"
<snip>
> crackers, and the warrants are all sealed!

Sometimes that is a good thing to protect the judge, but then again - you
can't make everyone happy 100% of the time. There are reasons for sealing
court documents: where they may disclose methods. You are not really
thinking this through logically.

> You ever tried to administer a switch on the other coast that is part of
<snip>
> the ass, and many sites do it through extremely poor obscurity protection.

Yes I have. What I can't say, but very much over (let's say) 10,000 miles
away. I used to work in the Communications Field.

> Not me: secure tunneled access, baby!

> Horse ***. The vendors themselves have been screaming about the export
<snip>
>vel *allowed* by US export regulations.

They don't want to include proper updates because they don't what two
types of products. A sorry excuse in my book..

> If you've ever tried to reprogram the BIOS of a high-end switch to add
<snip>
>a stable piece of hardware.

Sorry, I never did BIOS programing. Was busy dealing with other types of
programming.

> That's nice. Try reading the Cuckoo's Egg, which is far closer to mine.

Actually I have, and I don't see why you are complaining - except maybe
you are on the non-Law Enforcement side of things. It was part of reading
for when I started in the computer security field.

> They *can't*. Didn't you read the Telecommunications Privacy Act? If
<snip>
> operatinig it.

See below.
 
> Even with parts of that legislation dropped since then, after court
<snip>
> man-in-the-middle access for law enforcement.

Well if you are not doing anything illegal, what is the problem? Law
Enforcement still can't just wiretap someone for the hell of it. They must
provide proof of the need to.

> Start with Google searches on "Clipper Chip", "Skipjack", and "patent
> violation". Here's a good start:

I did, but of course if the government releases encryption to the public,
don't you think they would want a public key of it? Just in case they had
a wire tap order to go after those that would take away your liberties. As
I stated before, if the NSA has the key - I have no problem with it. Maybe
you are a bit worried becuase you have no knowledge of what they do, but
then again there is a good reason you don't. The less you know the better.

> And yes, the chip was originally designed for voice transmission use.

And, you want a means for people like Terrorists to have a freely open
means to communicate without worry of discovery? Have you thought of Stego
also is another means of secure transmission?

> No, considering that it's been modified at least twice since Sept. 11 by
> the Department of Reich^H^H^H Homeland Security. I can't keep up with
> Ashcroft playing dodgeball with constitutional rights....

I don't trust Ashcroft myself. Doesn't mean I don't know how the
classifications are set.