[cryptography] 2010 TAO QUANTUMINSERT trial against 300 (hard) targets

Greg Rose ggr at seer-grog.net
Thu Mar 13 10:50:34 EDT 2014


You get the routers to create valid-looking certificates for the endpoints, to mount man-in-the-middle attacks.

On Mar 13, 2014, at 6:28 , Jason Iannone <jason.iannone at gmail.com> wrote:

> The First Look article is light on details so I don't know how one gets from "infect[ing] large-scale network routers" to "perform[ing] “exploitation attacks” against data that is sent through a Virtual Private Network."  I'd like to better understand that.
> 
> 
> On Thu, Mar 13, 2014 at 7:22 AM, Jeffrey Walton <noloader at gmail.com> wrote:
> On Thu, Mar 13, 2014 at 9:17 AM, Jason Iannone <jason.iannone at gmail.com> wrote:
> > Are there details regarding Hammerstein?  Are they actually breaking
> > routers?
> Cisco makes regular appearances on Bugtraq an Full Disclosure. Pound
> for pound, there's probably more exploits for Cisco gear than Linux
> and Windows combined.
> 
> Jeff
> 
> > On Thu, Mar 13, 2014 at 2:40 AM, Jeffrey Walton <noloader at gmail.com> wrote:
> >>
> >> On Thu, Mar 13, 2014 at 1:57 AM, coderman <coderman at gmail.com> wrote:
> >> >
> >> > https://s3.amazonaws.com/s3.documentcloud.org/documents/1076891/there-is-more-than-one-way-to-quantum.pdf
> >> >
> >> > "TAO implants were deployed via QUANTUMINSERT to targets that were
> >> > un-exploitable by _any_ other means."
> >> >
> >> And Schneier's Guardian article on the Quantum and FoxAcid systems:
> >>
> >> http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity.
> 
> 
> 
> -- 
> PGP Public Key: 2048R/AC65B29D
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography


Greg.

Phone: +1 619 890 8236 
secure voice / text: Seecrypt +28131139047 (referral code 54smjs if you want to try it).
PGP: 09D3E64D 350A 797D 5E21 8D47 E353 7566 ACFB D945 (id says ggr at usenix.org, but don’t use that email)



More information about the cryptography mailing list