[FoRK] [liberationtech] DecryptoCat

Eugen Leitl eugen at leitl.org
Tue Jul 9 07:32:01 PDT 2013

----- Forwarded message from Jacob Appelbaum <jacob at appelbaum.net> -----

Date: Tue, 09 Jul 2013 13:45:35 +0000
From: Jacob Appelbaum <jacob at appelbaum.net>
To: liberationtech at lists.stanford.edu
Subject: Re: [liberationtech] DecryptoCat
Reply-To: liberationtech <liberationtech at lists.stanford.edu>

Maxim Kammerer:
> On Tue, Jul 9, 2013 at 11:39 AM, Michael Rogers
> <michael at briarproject.org> wrote:
>> Google and Mozilla wouldn't have to run
>> competitions to find holes in their own browsers. There wouldn't be a
>> multi-million-dollar 0day black market.
> You are talking about huge projects with complex design, where the
> architecture itself is a source of security issues. Not to mention
> that WebKit and Mozilla weren't engineered for security to begin with.
>> It wouldn't be possible for
>> the NSA (according to Snowden) to "simply own" the computer of any
>> person of interest.
> Offtopic, but I didn't see any indication in that last paragraph of
> Jacob's interview that Snowden talks about exploiting computers. In
> general, Snowden for some reason is usually terribly vague for someone
> who apparently exhibits excellent command of English language (from my
> non-native speaker's POV).

I think he very clearly stated it:

Interviewer: What happens after the NSA targets a user?

Snowden: They're just owned. An analyst will get a daily (or scheduled
based on exfiltration summary) report on what changed on the system,
PCAPS 9 of leftover data that wasn't understood by the automated
dissectors, and so forth. It's up to the analyst to do whatever they
want at that point -- the target's machine doesn't belong to them
anymore, it belongs to the US government.

If it isn't clear - he is saying that once a user is targeted for
surveillance - their computer systems (and networks) are compromised by
the NSA in a variety of ways. This includes memory corruption bugs,

>> Writing secure software is much, much harder than simply writing
>> comments, writing tests and coding defensively.
> This is a thread about Cryptocat. Cryptocat is a web frontend for a
> couple of protocols. Yes, it is that easy.

The protocol that has the most trouble is the homebrewed multi-party
crypto. Though some of the underlying bits obviously impact the rest of it.

All the best,
Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech

----- End forwarded message -----
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5

More information about the FoRK mailing list