Re: How T-Mobil's network was compromised

[Paul Wouters <paul () xelerance com>]

On Thu, 17 Feb 2005, Chris Kuethe wrote:

> them, I'd jump through all the hoops needed to not get paid via direct
> deposit, and keep loads of cash under my bed. Semantics aside, I have
> fully trusted the bank. I have fully trusted their closed crypto. I

No, you have not trusted their closed crypto. The only thing you trust is
that it is in their interest to give you back your money, if someone else
steals it from your bankaccount. And indeed, I do trust my bank for that
same thing too. It's pure capitailsm at work, not trust relationships. I
hate my bank, and I wouldnt trust them if my life depended on it.

> have fully trusted their policies and procedures. Like it or not, that
> is what I have done, no matter how much I might whine on a mailing
> list about the fact that they still use DES for things.
>
> > Whatever happened to the people chasing down the time delays in Pentium-I
> > CPU's when executing onducmented (backdoor?) instructions to get to ring 0?
> > Didn't one of them die? :)
>
> News to me. Links please?
> consider this the obligatory reference to "reflections on trusting trust"...

I will have to go dig through pgp-ed email of two years or so ago :)
A quick google didn't give me the site. I'll do it over the weekend.

> > Blackbox cryptography is just always wrong.
>
> But it still gets used to often. We avoid it where convenient, not "at
> all costs". (banks, satellite tv, dvd players, proprietary security
> tools, etc.)

I find it said that my government is relying fully upon another governments
closed cryptography including maintenance contract for our digital tapping
room, where maintenance involves copying a stack of MO disks every month.

Paul

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave