Full Disclosure mailing list archives
RE: JAP back doored
From: "Drew Copley" <dcopley () eeye com>
Date: Thu, 21 Aug 2003 12:49:39 -0700
-----Original Message----- From: Florian Weimer [mailto:fw () deneb enyo de] Sent: Thursday, August 21, 2003 12:23 PM To: Drew Copley Cc: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] JAP back doored "Drew Copley" <dcopley () eeye com> writes:Why is the state of Germany trojanizing applications whichmay be runby anyone on the planet?Why is the U.S. government interfering with the publication of security advisories if the corresponding software is being run throughout the world?
I haven't had any problem issuing security advisories. What is this in reference to? Pointing the finger elsewhere does not excuse the fact that the German State has trojanized a popular application which was open to the world to download. And, indeed, the world did download. Here are some things I do not care if Germany does: - I don't care if they listen to their own wires - I don't care if they hack into their own criminals systems - I do not care if they use zero day to do this - I do not even care if they hack into criminals systems in other countries if they have some jurisdiction in this and are working with other authorities. For instance, if they were hacking into terrorist networks which spanned across the world and were sharing this information, I would not care. A German cop has no jurisdiction over me. He has no jurisdiction over anyone outside of Germany. This is the same for every country.
The German government funds the AN.ON project, but allowed for a great deal of independence. Naturally, this independence does not extend to the law, thanks to separation of powers. Now a judge has forced the operators to implement a surveillance interface, which is possible because of a design weakness. But that's just the beginning of the legal process. The project has announced that it plans to fight, but within the legal system.
This does not absolve them, nothing you can say absolves them. I realize you have some patriotism here and are speaking from this... But, I also know you do not want the US government to backdoor US applications from US companies without telling you. I know this to be true.
How is it they believe they have a right to trojanizesomeone outsideof Germany?Nobody forces you to use the German service if you don't trust the operators or (thanks to recent events) German law enforcement.
That is an empty argument not worth going into.
This is blatantly illegal in just about every country outside of Germany. Literally.No, it isn't. Most countries with communication infrastructure have laws that regulate law enforcement access. This is not a "stupid local law" issue.
This also is an empty argument. Basically, you are saying if it is discovered the NSA has a backdoor in Windows, that this is okay and no one has a right to complain, even if they are outside of the US. I doubt this would be your case in this situation. I am sure many could say, "Well, this situation is different". No, it is not. Let's be honest here.
Your country is eavesdropping foreign communication as well.
My country has not installed a trojan on my system, to my own knowledge, all rumors and speculation aside. They have not hacked into my system. As to what wires they listen to, if they listen to their own, that is their business. We have encyption software. If they listen to other people's wires, that is outside of their domain, then yes, this should be illegal. But, is it proven? Does it remove the fact that there are a host of privacy and anonymity tools which we can use? But, Germany has decided that people don't have a right to use these tools. They have not tried to do even the honorable thing and break these things - which is illegal - but they have secretly trojanized the code. You want me to applaud this? Maybe your nation has just given my own nation some new ideas. Did you help stop this trend?
Or, do they believe they are superior to other countries,and they mayinvade at will?Please check the facts. Germany doesn't an operate eavesdropping base in the U.S., but the U.S. do in Germany.
I won't even go into that. I do not know what they do there, but their rights have been worked out with the German government. If you have an issue with that, you need to take that up with their government. If my government allowed German police to trojanize an application I ran and my government covered this up... I would be furious at my government first, and at Germany second. But, none of this is dealing with the matter at hand. These arguments are all a distraction. I have not intended to offend your patriotic sensibilities. My apologies in this regard. My statements stand for whatever country might do such a thing, my own included. ... With some reflection, I realize this was done out of incompetence rather than out of understanding. I know this. I know it was ignorance, not maliciousness, which inspired this. That, is, I guess it is. It is true, someone that does wrong knowingly is much more guilty then someone that does wrong in ignorance. But, it is also true that they are both still guilty. I hope that you may bring yourself to condemn this action of your government. I hope that you may see it is not something to excuse. For by excusing this, surely, you excuse the same from countries you do not hold allegiance to. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- JAP back doored error (Aug 21)
- Re: JAP back doored Thor Larholm (Aug 21)
- RE: JAP back doored Drew Copley (Aug 21)
- Re: JAP back doored Florian Weimer (Aug 21)
- RE: JAP back doored Drew Copley (Aug 21)
- RE: JAP back doored gml (Aug 21)
- RE: JAP back doored Drew Copley (Aug 22)
- Re: JAP back doored Florian Weimer (Aug 22)
- RE: JAP back doored Drew Copley (Aug 22)
- Re: JAP back doored Florian Weimer (Aug 22)
- Re: JAP back doored felix . roennebeck (Aug 25)
- Re: JAP back doored morning_wood (Aug 25)
- Re: JAP back doored felix . roennebeck (Aug 25)
- Re: JAP back doored morning_wood (Aug 25)
- RE: JAP back doored Jeroen Massar (Aug 25)
- Re: JAP back doored Florian Weimer (Aug 21)