[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Hackers invade DOJ web site
At 06:31 PM 8/20/96 -0500, Frank Stuart wrote:
>Since we don't know how the intruders broke in, we can only speculate. I
>can think of several scenarios where cryptographic techniques could help.
>I can also think of several where they wouldn't. When you've only got 20
>seconds to explain to a non-technical audience, I don't think it's dishonest
>to say that it might have prevented it.
>
>Off the top of my head, here are a couple examples:
>
> 1. It's possible that a DOJ employee logged in from a remote site while
> the intruders were snooping somewhere along the way. If the link had
> been encrypted, that would have made things much more difficult or
> impossible for the attackers.
>
> 2. Perhpas the intruders used IP spoofing and .rhosts to break in. If
> machines had to be cryptographically authenticated, a rsh from the
> wrong machine wouldn't work.
One of the best comments I have seen (from another list) was:
"These are the people who want us to escrow our encryption keys with them
and yet they can't protect their own web site."
I think this can be used as a very valid example as to why they are
untrustworthy to be in charge of keeping anything private and/or protected,
let alone private encryption keys.
---
| "Remember: You can't have BSDM without BSD. - [email protected] "|
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: |
| mankind free in one-key-steganography-privacy!" | Ignore the man |
|`finger -l [email protected]` for PGP 2.6.2 key | behind the keyboard.|
| http://www.teleport.com/~alano/ | [email protected] |