Re: How T-Mobil's network was compromised

[Chris Kuethe <chris.kuethe () gmail com>]

On Thu, 17 Feb 2005 21:25:57 +0100 (CET), Paul Wouters
<paul () xelerance com> wrote:
> But where do you end your paranioa? Do you trust RNG's on die? You cannot
> really ever 'fully' trust crypto hardware that does not have an open spec.

You end it wherever you do. Some people end it when they get out of
bed, assuming the sky will never fall, and they get on with their day.
Some people never do, and get tinfoil hat jokes made about them on
slashdot. Some of us are in the middle - we don't trust protocols
where we can see the plaintext, we get suspicious when we see a new
key or certificate fingerprint, etc.

A large part of trust measurement is action, not math. Actions
speaking louder than words. Anyone using remote desktop to peek in on
a windows machine trusts it. Whether or not you have good cause to
believe in its security, use of remote desktop implies that, at least
right now, for this instance, you believe it won't let you down too
badly.

I apparently fully trust the banks with my money: if I didn't trust
them, I'd jump through all the hoops needed to not get paid via direct
deposit, and keep loads of cash under my bed. Semantics aside, I have
fully trusted the bank. I have fully trusted their closed crypto. I
have fully trusted their policies and procedures. Like it or not, that
is what I have done, no matter how much I might whine on a mailing
list about the fact that they still use DES for things.

> Whatever happened to the people chasing down the time delays in Pentium-I
> CPU's when executing onducmented (backdoor?) instructions to get to ring 0?
> Didn't one of them die? :)

News to me. Links please?
consider this the obligatory reference to "reflections on trusting trust"...

> If T-mobile wants to have your PGP messages, and they give you the PGP
> application, they can easilly use a T-mobile "Additional Decryption Key" (ADK)
> to ensure they can read all your messages. If you would be using a real pgp
> implementation on the other end, it would ask you if you want to encrypt to
> the ADK as well. If you'd hit another t-mobile PGP handset, this could then
> ofcourse happen without any notice.

Yeah, I thought about the additional key, and if I were trojanning PGP
I would not use that method, on the off chance a semi-clueful user (or
at least a luser with a checklist written by a clueful user) might
check for additional keys. By trojanning the PGP app on the handset,
the operator gets both the sent and received cleartext.

> Blackbox cryptography is just always wrong.

But it still gets used to often. We avoid it where convenient, not "at
all costs". (banks, satellite tv, dvd players, proprietary security
tools, etc.)

CK

-- 
GDB has a 'break' feature; why doesn't it have 'fix' too?
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave