Re: Insecurity in Finnish parlament (computers)

["Markus Jansson" <markus.jansson () hushmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, 26 Dec 2004 18:59:28 -0800 James Tucker
<jftucker () gmail com> wrote:
> I don't have the time or inclination to teach you myself.
> Please go and learn some more about dealing with radio
> frequency attacks on modern networks.

Please learn the basic fact: If you want something to remain secure
that goes airwaves, you have to encrypt it. Everything else is just
kinda "security by obscurity" (you presume opponents dont have
equipment needed to receive them).


> Just because the communications stream has not been
> encrypted (or an encryption has been cracked) does
> not mean that it is readable by an attacker.

If they can read it, anyone else with similiar hardware can do it
too. Its really pretty much that simple.


> Practical attacking of GSM over the
> air is also very difficult for similar
> (although not so extreme) reasons.

ROTFLOL! Please take time to google since you are terrible wrong
once again.
http://www.chiare.com/products/spy/GSM900-1800e.htm
http://www.endoacustica.com/gsm_interceptor.htm
http://www.geocities.com/CapeCanaveral/Hangar/8539/GSMMONI.HTM


> TETRA also operates in a similar manner and is hard
> to attack over the air for the same reason.

ROTFLOL!
We use TETRA in here Finland and there are equipment available here
to listen to it too. Same goes with GSM. You cannot rely on airwave
security to think that "nobody else has devices like we use" to be
secure. Thats why they implemented crypto to GSM and TETRA in the
first place!!!


> The two most common SSH clients save the server keys after first
> connection; you seem to not know this or not understand/appreciate
> it.

Argumentum ad nauseam & argumentum ad hominem.
Please tell me what exactly you do NOT understand in my last
posting when I sayed that in my pages in that place I say:"Unless
you can receive the publickey or the fingerprint of the publickey
used in some secure manner"?


> Advertising weak systems is simply making other peoples
> lives worse.

Advertising weak software also makes peoples lives worse since they
have to patch and update them. Advertising weak systems does the
same thing: The people behind them have to spend time and effort to
secure them...as they should have done in the first place.


> Do you expect people to jump when you point them to a site which
> contains the opening line: "I am 26-year guy, currently living in
> Turku, Finland. I have been involved  with software, computers and
> Internet for many years, although I don't do programming nor work
> in the IT-industry."
> I am not at all surprised that the government chose to ignore your
> message to them.

Argumentum ad hominem.
You clearly dont have any reasonable arguments to make, since you
are only attacking against ME in person instead of attacking my
arguments.

Markus Jansson
Turku
http://www.markusjansson.net
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4

wkYEARECAAYFAkHP/60ACgkQp4wnv3Na2tr7uACgmuylROMIjwebcUbAbiNZKBsRsvQA
oICTCDvjJX2xVTBNKdYVlPrzonHm
=q5YC
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html