[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Hackers invade DOJ web site



At 06:31 PM 8/20/96 -0500, Frank Stuart wrote:
>Since we don't know how the intruders broke in, we can only speculate.  I
>can think of several scenarios where cryptographic techniques could help.
>I can also think of several where they wouldn't.  When you've only got 20
>seconds to explain to a non-technical audience, I don't think it's dishonest
>to say that it might have prevented it.
>
>Off the top of my head, here are a couple examples:
>
>   1. It's possible that a DOJ employee logged in from a remote site while
>      the intruders were snooping somewhere along the way.  If the link had
>      been encrypted, that would have made things much more difficult or
>      impossible for the attackers.
>
>   2. Perhpas the intruders used IP spoofing and .rhosts to break in.  If
>      machines had to be cryptographically authenticated, a rsh from the
>      wrong machine wouldn't work.

One of the best comments I have seen (from another list) was:

"These are the people who want us to escrow our encryption keys with them
and yet they can't protect their own web site."

I think this can be used as a very valid example as to why they are
untrustworthy to be in charge of keeping anything private and/or protected,
let alone private encryption keys.

---
|  "Remember: You can't have BSDM without BSD. - [email protected]  "|
|"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
| mankind free in one-key-steganography-privacy!"  | Ignore the man      |
|`finger -l [email protected]` for PGP 2.6.2 key  | behind the keyboard.|
|         http://www.teleport.com/~alano/          | [email protected]  |