January 06, 2007
Now, *that's* how to do security...
Some good articles on how to do security. Firstly, the Security Bloke at Skype talks.
And secondly, someone in the USG reveals willingness to "know thy enemy," something generally out of favour in bureaucratic circles, and so immoral in some that it's probably illegal.
I've written before about the necessity to understand the conundrum of the hacker as essential to our security.
That is .. without actually endorsing the actions of our enemy, knowing him is your only way forward to victory. That's also the message at the end of this article, which while full of contradictions like "throw out your prejudices" and "trust your gut" it did have some good thoughts.
Posted by iang at January 6, 2007 12:30 PM
And which bit does he talk about ebay's backdoors to allow US gov wiretaps? :)
Yeah, that bit's on the second page:
Interviewer asks: So the answer to the question--if even you can't listen on somebody's Skype calls--is...?
Skype Security guy Sauer responds: What we say to that is that we provide a safe communications experience. I'm not going to tell you that we can or can't listen in to that.
Seems pretty clear to me.
> And secondly, ...
Interesting reference to Steg. I don't follow their thinking regarding decryption - I would have thought that once you had identified and extracted the message from the concealing noise the process of decrypting the result would have been the same as that applied to any other encrypted message. Why are they implying that decryption technology for steg is some new development which nobody else has developed???
I still like the idea of the librarian that puts the sign up about having no requests for information, until of course they do have a request and no longer put the sign up. ebay/skype is going to be the FBIs poster child for wire tap friendliness, i guess that's the trade-off with not using open standards.
The other problem with Skype being a US entity compelled to do wire taps is the US govt's history of using it's intelligent services in an anti-competitive fashion against the businesses of other countries, not just for law enforcement purposes.
So anyone in business using skype for it's crypto "benefits" should seriously think about why they wanted crypto in the first place for.