Re: National Security Backdoor in telnetd - all versions.
From: Nico Kadel-Garcia (nkadel_at_verizon.net)
Date: Sun, 31 Aug 2003 00:58:54 GMT
Au Naturel Productions wrote:
> On Fri, 29 Aug 2003 00:39:36 +0000, Nico Kadel-Garcia wrote:
>>Ahh, yes. The old "I know secrets you don't. Trust us, little boy, we
>>know what's good for you".
>>Translated: "Bend over the altar for Uncle Sam, little boy. It's a
>>*sacrament* for your country!"
> You mean: Bend over alter boy this is the church. Guess you have no clue
> as of what you are talking about again.
It's called a "metaphor". In this case, it's pretty precise, because in
this case the people in power (priest or government) is telling people
it's their holy duty to open wide for the intrusions, intrusions being
done for the gratification of the people in power and blatantly not for
the benefit of the recipient of the invasive procedure.
Hint. I've dealt with lots of child abusers professionally....
>>Yes. They protect the military from various exposures, ranging from the
>>and is used to cover a lot of sins.
> Actually not as much as you may think, but then again - some people should
> not be given that information.
You're right, according to the sinners, the sin should not be ever
publicly exposed lest it *embarass* the sinner and somehow "Threaten
American's Confidence in Their Government(tm)".
That's a really, really *bad* reason.
>>behavior other than typical teenage bragging.
> This is the age of US Government "Preemptive" action. They have never
> caught anyone who is a cracker, unless someone turned those people in. As
> is the case with the latest Blaster varient.
>>Hundreds of arrests nationwide, millions of dollars of private computer
>>against the Secret Service for their violations of civil rights.
> Why aren't you angry about those people, and their homes, that have been
> destroyed by the SS over guns? Blame Ashcroft for his tactics.
I am angry for it. It wasn't normally the Secret Service and it's a
different (and admittedly worse) issue.
>>And I've personally administered literally thousands of remote
>>individual machines up to the antipodes of the Earth,. (I avoided the
>>switches: I hate those languages, but did my share.)
> And that is impressive in this day and age?
Just brings across the point that I'm familiar with the interference of
the crypto-regulations with securing key infrastructure from both
vandalism and actual potential terrorist attack. The insistence on
controlling encryption and preventing its spread by clearly
unconstitutional regulations is actively interfering with the safety and
security of Americans nationwide, since it actively and passively
prevents the widespread use of far superior authentication and
encryption techniques to protect critical resources.
Civilian resources such as tankers, air-traffic systems, even power
plants have absolutely horrid security resulting from these stupidities.
>>Assuring that they interoperate correctly is extremely difficult. It can
>>actually imperils their services.
> If you say so.
If you don't believe me on this, go back to the SunOS whackiness for the
"crypt" function and scroll forward for the last 12 years or so with
other UNIX releases, the Netscape/Internet Explorer 80-bit/128-bit
encryption wars, RedHat's fun with incorporating GPG and OpenSSH into
their releases to key-sign their software packages and allow protected
remote access to X servers as part of the OS instead of everyone having
to download it from Finland, etc.
>>Youngster. You may, one day, become educated the hard way....
> Youngster? Are we getting into "name calling" now? You are losing your
> stance with me know. I have been "educated" by first hand experience,
> hence my stance on some restrictions on export of techology. And I bet you
> don't believe there is still "spying" going on in the world.
Of course there is, both governmental and corporate. A lot of it is
illegal, of course, but it's certainly occasionally a useful hobby.
>>If you are innocent, why won't you let the officer search your house and
>>your pants and put bugs on your phone? Better yet, why don't you post
>>with your own email written directly?
>>Because such easy access can be and will be abused.
> 1) If an officer asks nicely, I will ask what he is looking for, then let
> him in.
> 2) If the officer want to give me a thrill - no problem there.
> 3) Does the officer have a reason to wiretap?
> 4) I DON'T LIKE SPAM - there are spammers who rake the NNTP for email
> addresses. Did you know that?
That's nice. I don't like police searching me, my house, or my
communications for things they don't have a warrant for, especially
electronically since it leaves less evidence of the search and is thus
subject to new forms of abuse. Did you know that?
>>No. They should have to get a subpoena for it, which was never even
> Let's see: Using the telephone is not a right, but a privledge. If it was
> a right, noone would be charged for it's use. Stop being so pissed off.
Free speech is a right. It's not the telephone they're interfering with.
It's the *speech*, the communications on the telephone which are being
>>And since both dual keys were to to be held in undetermined government
>>hands, with no mandatory standards for their release, it would still be
>>far too easy for one key to live in one bureaucrat's office files, the
>>other key to exist in his brother Fred's office files, and them to
>>exchange keys at will with any federal agency they felt inclined to
> The way I understood it - there would have to be a clear and present
> danger for them to release the key. But hey most people are not too
> worried about SECURITY to begin with. They can not even keep their own
> secrets from prying ears (i.e. busines trash browsing).
I read the description. There was *no* delineated standard for when the
keys would be released, it was clearly left quite vague and
undetermined. Like most college's sexual harassment policies, all sorts
of nice phrases were included with utterly no clear guidelines requiring
or preventing them from releasing the keys under any circumstances.
>>This is *completely* unacceptable under the most basic of security *and*
>>civil rights precepts.
> Depends on who it was to hold the keys, I can tell you the NSA is one
> place that would be more then trusted.
Not by anyone with an IQ over 45. They wrote the algorithms secretly
with no public review, the hardware is hardened and prevents
verification of an absence of additional keys or algorithms added after
the review by the sequestered and NDA signing "experts" who have since
lost most of their credibility for signing off on this, missing the
patent violations and the too-short LEAF key problem, and the NSA has
traditionally been able to draw the invisible cloak of "national
security" over far, far, far too many of its actions.
> Tisk Tisk - in cases like that, you would not be given any information as
> to what was used or how things were "taped". Up until 9/11/2001, most
> people including the current administration were to "untouchable" for a
> terrorist attack on the US soil. Oh how quick things change. And if you
> paid attention you would have heard about such a situation in the past.
This is because they didn't *read*, and never realized how fragile
things are. Heck, they haven't even caught on yet that the increase in
car traffic as people avoid airlines has killed far more people than
If I'd been planning an attack or a drug smuggling or whatever, I'd have
used Boston too. I've actually walked through their security with a
costume dagger 3 times, *AFTER* 9/11. Every other city noticed it,
Boston missed it 3 out of 4 times.
Fortunately, they've finally replaced the company doing those safety
>>And for real terrorists, any schmuck can use PGPphone or the other
>>traffic and get suspicious about *that*.
> If you say so.
PGPphone ran on a MacII. Various voice-over-IP systems are also working
>>Even without digital encryption, one-time pads for verbal transmissions
>>arbitrary messages that cannot be beaten by man-in-the-middle.
> If you say so. Of course I doubt you have an NDA with the government - so
> I doubt you would even have a clue at to some techology..
"Shush, sonny, pay no attention to the man behind the curtain."
Listen up, folks. A "one-time-pad" is a system where extremely simple
but extremely random encryption keys are generated as a long list, two
copies made, and one sent to the remote recipient of future messages.
Every character (or every word, depending on the system) is encrypted,
each with the next key on the list.
There is *ABSOLUTELY NO WAY* to reassemble the original message without
the one-time-pad. The best you can do is make some guesses about the
length of the message and what *that* means, from the amount of data sent.
The only character or message that cannot be encrypted this way is a
meta-message: "Repeat", or resend the message because I had an error
recreating it. Some other interesting things happen if you need to
resync where you are on the one-time-pad lists, but it's still pretty
damn easy to secure that as well, just not as absolute.
>>So what are they this week? That *should* be a matter of public record....
> Why? It should be easy to figure out. The higher the damage could be done
> to the country, the higher the classification.
But wait: it's *SECRET*. Just like the Secret Service knowledge of when
Billy Clienton kicked out his guards and smoked cigars with interns, who
gets to decide its secret and unknowable to the rest of us is, you
guessed, impossible to review or examine because of "National
Security(tm". Or like J. Edgar Hoover's files on civil activists: "Those
uppity niggras are a risk to our nation, boys!"
> BTW: It seems that you are trying to have it both ways: Wanting Security
> but not allowing those who are not "appointed by politians" or
> "politians" controlling things.
The security I want is to keep governments, any governments, including
*my* government, out of my private business. The control of encryption
provides extremely potent tools to those with the electronic and fiscal
resources to tap anything they wish, to never reveal they have done so,
and therefore to misuse the knowledge.
> FYI: You arguements are getting repeative and boring. Please come up with
> something of more interest then what you are using. Plus never think I am
> as young as you think, on any level.
Why not? You still trust Uncle Sugar to always be your friend and always
do what's right.
It don't work that way: Uncle Sugar is often a pretty reliable and
stand-up guy, especially compared to his peers, but you've still gotta
keep an eye on him around the punch bowl.